You clearly don't understand what GPG does, what Metadata is, what the phrase "nearly useless" means, or all three. You may as well have claimed that the 4th amendment is pretty useless because they can still see who lives there, and who enters and leaves the premises.

How do you expect a compiler to figure out that the asymmetrical public key cryptography package you wrote has a security flaw because you implemented an algorithm improperly? Do you really think compilers can understand what code is doing at the systems level?

You have a serious reading comprehension problem.

Hey, what do you know? Even though you are a variation of the 'citation required' weanie who is evidently incapable of using google you still got your citation!

"This is another example of "if we can't discredit the science, discredit the scientist for being paid to do research."

It is exactly like that! ... with the sole exception that we don't have any difficulty discrediting the science, that is :-)

I don't think anyone is arguing that the best approach is to first set it up like an idiot and then turn around and do it the right way. This is a discussion about what the right way to do it is, not what turkey's who did it wrong should do now that security has flown the coop so to speak. In truth though, from reading the article all I see is - if an attacker had a password or could somehow get access to the web interface. That isn't much different than claiming banks are insecure because if someone got into my account they could steal my money!.

Holy shit. .... you are an idiot.

Agreed. And no matter what he does his children will still have that access. He does't own every computer system in the world. His children will simply use other systems rather than their own, when they want to go outside the limitation system he implements.

This isn't anything new just because you throw the intertubes into the mix. It is the same problem parents have always had. How can I control my children at all times, given that there is no frigging way in hell I can ever have that kind of control?

The GP doesn't get that you use a VPN by, wait for it ... being on the internet!. His solution to not having it on the internet is literally don't connect it to the Internet! That's stupid. You can use a VPN! I must have missed the detail, but how are the VPN packets going to reach the system? Oh, right. Because it's connected to the internet! That's what I'll do. I won't connect to the internet, but I'll use a VPN that uses the .. oh shit.

Perhaps you are aware that there are banks on the internet? Every time some system that was never designed to be secure in the first place gets cracked someone always pipes up with this absurd claim, that the problem is that they connected it to the internet in the first place. That isn't the problem, and characterizing that way is absurd. They could have opted to do as you say, and that is certainly a very valid approach. It is, however, not - as you suggest - the only/right choice. They could have opted for option B and secured it, which any relatively competent software developer with an eye toward security could do quite easily by, for example, disabling password based login and only allowing certificate based authentication. It would have been easy to secure this system, and claiming that it was automatically in significant danger of being cracked simply because they put it on the internet is a cop out, and is frankly quite absurd in 2015.

The Internet of Things is coming, so we need people who understand security, and people who think that you can only achieve reasonable security by not implemeting it at all and then not connecting to anything are going to find themselves way out in the cold.

.... and Anonymous Cowards are idiots who believe absurd generalizations. I've got news for you. The entire software developing world is made up mostly of people who don't understand security and such at all things internet. There are Embedded Systems Developers that know about, understand, and care about security and there are many more others who don't. Now, substitute any field with the exception of software security and its vein, and the statement still holds true.

Do the world a favour and stay out of the Computer Security Business. 80% of CompSec is anticipating how people might use things in ways they were never intended to be used.

Both the "inevitability" and "good-faith" exceptions might apply in this case. But in the end the defence didn't or couldn't use parallel construction to get the laptop evidence omitted so it's irrelevant.

I know what you mean. I don't consider 7 to be a single digit, or prime either for that matter!

And when the just as the results come in Gibbs always shows up out of the blue! Right Abbs?