Nice. "Darn it, this amusingly tiny-capacity obsolete tape drive isn't powering up. I must have forgotten to bring its .. uh .. [glance around suspiciously] battery. But I paid $800 for it in 1996! *sigh* Ok, TSA agent, you can have my tape drive.. and .. oh no! My ink jet printer isn't working either! You mean I forgot both batteries!? Dammit! So much for printing those colored pie charts on the plane for my .. uh .. presentation. Boy are your kids going to be happy Xmas morning. [glare slightly unconvincingly at TSA agent]"

[Later, on Xmas morning] "Here you go, Billy. You were a bad boy. I never loved you."

[But Billy turns out to be cool] "Whoa! I can salvage the head servo and reel motor from this tape drive, and build something nifty with my Arduino! OMG, does this printer have a stepper motor?"

I think this idea is getting up into the "three birds, one stone" territory.

Tried to read the first book. Barely literate drivel.

Sometimes people need a little help. Often (but not always!) they'll half-suspect the problem, and will prefix their remark with "is it just me, or..."

You didn't do that, but I'm going to be a pal and pretend you did, and then answer the question for you:

Yes, it's just you.

Why do we still have these antiquated data caps?

To help find antiquated caching bugs!

Here's an idea: let's form a religion (or teaching within an existing religion) which mystically believes that insurance should be based on hedging against risk of catastrophically-large expenses, rather than dealing with small predictable non-emergent expenses. The key is it would be based on dogmatic belief in a supernaturally-conveyed (and impossible to disprove) command that we must only use insurance that way. Whenever anyone asks you why insurance should be about spreading risk, we'll always use our faith in paranormal phenomenon to explain.

NEVER will we discuss game theory, limiting overhead, common sense, etc. Let's keep this religious.

Q: "Why do you think insurance shouldn't cover these $10 pills?"

A: "He wrote it thus, when his arm was moved by the will of The Noodly One."

Q: "Do you think it is more efficient that the patient directly pay the supplier of the pills rather without going through a middleman or filing a claim to get reimbursed?"

A: "I have no opinion about that. I do not know nor do I care."

Q: "But don't you at least agree that if the patient shops around, the might be able to get the pills for $8 here instead of $10 there?"

A: "The questions is impertinent. You're missing the point: the cost is irrelevant. This is a matter of good versus evil, and recognizing the essential basil oil in our souls. We transact directly with our sellers because we must, not because it reduces cost."

Q: "What if you don't? Suppose I could reduce claims processing overhead so that--"

A: "Overhead is irrelevant!"

Q: "Ok, but what if I had you file a claim for an $8 bottle of pills?"

A: "The horror!! No, please, no. That is the Shadow Sauce speaking through you. I cannot transact a drug purchase in such a manner!"

Q: "Wait a minute. How do you know all this?"

A: "I just do."

The big question is: do you think you can handle doing this? Mystics make this stuff all look so easy but you have to understand, they train this behavior their whole lives, guided from the time they are children. It's a way of life.

Handling water may possibly become my first Arduino or RaspPi project, if I can get through my newbie ignorance, and learn some new tricks as an old dog.

We have flood irrigation that comes in from an acequia every couple weeks (used to be every week, but times are changing) at an irregular rate at irregular time-of-day. (You can't deal with this, just using timers, and the amount of water pressure is tiny compared to what you usually have on a typical garden hose, so lots of cheap ubiquitous gadgets don't work here.) I leave a floodgate open (i.e. remove a coffee can from the end of a tube), go to work, go back home for lunch, go back to work, go home at end of day. For various reasons that you can probably imagine, it's bad to leave the floodgate open after we have collected a certain amount of water. Things work out fine if it happens to finish at lunch time (or if it's so slow that it hasn't finished until end of day), but otherwise, someone has to leave their workplace and go home to deal with it.

That is lame, in a way that really does (slightly) matter.

Thus I'm tempted to either build a sensor (or just cheeze out with a webcam, though that's less geeky) and some kind of remote-controllable motorized floodgate.

AFAICT nobody sells anything for this; it's up to me. As it happens, there are lots of guides online for building this kind of stuff, but they're all within the context of Dwarf Fortress! Yeah, right, as if I want a gate that'll remain stuck open just because there's a butterfly or elephant carcass in the way.

Lower tech solution: find retired neighbor to do it, in exchange for beer or something. This is actually the cheapest/smartest way to do, but rubs me the wrong way. I'm sure you all understand.

This is all about more gov control, taxes, regulation to protect us from ourselves.

Sorry, I clicked the links but I think I might have missed an important part of one them. Could someone please tell me what the word "this" in the above quotation refers to? What is about more government control, taxes and regulations?

Maybe what you need is an anti-watch that uses anti-time: not only does it not tell you what time it is, but suppresses other clocks around you.

"What time is it?"

"It's time for me to press the 'temporary disable' button on my anti-watch. Ah, according to Big Ben, it's 10:38."

Our greatest protection was giving-a-fuck.

It's still available, and occasionally used in some limited contexts. There's pretty much no problem that won't be quickly fixed by the people exercising this power.

But we usually refuse. Giving-a-fuck is somehow a "nuclear option" these days, not to be exercised lightly. "Whoa there, this might be a crappy situation, but I'm not going to 'throw away' my vote!"

The last Battlefield game that I bought was BF 2. How about you?

Hey man, maybe this tax is a good idea, but the whole "Gas is much too cheap in the US," thing is a pretty dumb thing to say. There is no such thing as "too cheap." By all means, end the gas subsidies and externalities (e.g, middle east wars, not having to pay to plant forests to soak up CO2 pollution, etc) and add any taxes that are appropriate (e.g. fuel usage and road wear maybe aren't an exact match but they're pretty close; so I'd say gax taxes to pay for highways are a pretty decent idea), but even 10 cents per gallon wouldn't be "too cheap" because nothing can ever possibly be too cheap.

That said, gas sure is cheap. I can buy gas cheaper than I can buy Coca Cola and it's sure worth a lot more.

Crazy? Sounds like a fun card game, to me.

However, anything is better than nothing,

The only thing worse than knowledge that you are insecure enabling you to behave accordingly, is a false sense of security so that you don't.

That one is easy: don't assume a false sense of security. There, problem solved. I don't know how anyone would ever get into that position, but I agree that if they do, we should give them a common-sense reality check.

you can't trust google to provide the endpoints if you want to be secure FROM google.

I think everybody gets that. It's irrelevant to the problem at hand (that a quarter century after PGP, people are still sending plaintext) though, and all implementations of OpenPGP fall outside the scope of addressing the "is my computer running the software that I think it's running?" question. Don't get me wrong, it's a good question for people to be asking. But it doesn't necessarily mean it's stupid to run Google's code; running Google's code merely comes with a convenience/security tradeoff that most people here won't want to pay, or won't want to pay in certain situations. Please, see beyond that point.

You face that same issue every time you use https in your web browser. That doesn't mean you have stopped using https, does it? Do you really get a sense of security (which you know is always going to be false) when you use https? Of course not. You get a sense of securER. The same thing will apply to users of this extension.

We really have to stop bringing up the "false sense of security" bugbear every time someone tries to make things better. Think about what users are going to do, after they have been using Google's version for a few years, have absorbed some of the concepts and habits, and then a story eventually gets out that Google (or a middle) got caught sending a compromised version to someone. That will be a good day, not a bad one.

If someone points a gun to my head...

IMHO once people are pointing guns at you, you have serious problems. And yet even then, if the attacker happens to be your government, or someone within reach of your government, you still have recourse. Unless they pull the trigger, then you know that it happened, so you can challenge it in court, or call the cops on the assailant after he leaves, or whatever.

But that isn't really the kind of situation that people are talking about much, in 2014.

The TLA's are certainly authorised to make these demands; It's their job

Looking at the TLAs' behavior provides a good illustration of why crypto needs to be at the endpoints, rather than trusted to service providers: the TLAs have not been making those demands!

We're not hearing about them barging into peoples' homes, pointing guns at them, showing them warrants, and telling them "give me the key to this information about you, or else." We have a legal system for handling that kind of situation, most people are pretty happy with it, and a citizen from 1814 would recognize it. Just read the Bill of Rights, and you get all sorts of images of stories where cops with British accents hatefully sneer, when their Samuel-Adams-esque criminal suspect tells them "oh yeah? See you in court, limey bastard!" and they have to grudgingly go along with the new laws. America, fuck yeah!

Something quite different has been happening, because we have been deploying tech in a way that the confrontation doesn't need to happen, and all our old laws are circumvented. The tech we're using, doesn't fit our needs.

This isn't to protect against government coersion of the business.

This isn't, but it's a step in that direction. You're right that a Google plugin running in a Google browser, certainly doesn't protect against that. That's what I was saying, and then labeled as a minor point.

Nevertheless, it could help educate users on the necessary key exchange and trust concepts, and get them used to decryption as something done by their user agent, where a service provider should normally lack the capability to do it. And if this is really OpenPGP compatible, then it has a fully interoperable upgrade path, to something that does protect against coercion of third parties.

The people who want things easy but less secure, can talk to the people who make the effort to learn how to do things. People could shift at their own pace, but all be part of the same network effect. (I gotta admit, that excites me. I've gotten so jaded, and used to thinking of network effects as usually-bad things.)

In 2015, Joe User uses Google's implementation, and an attacker goes to Google and makes them offer a compromised Chrome-or-plugin to Joe, which Joe unwittingly accepts, and then it extracts his key and sends it out. Joe never knows what happened. A couple years later in 2017, Joe User has moved his keyring to gpg, and an attacker goes to Google and makes them offer malware to Joe. Joe accepts and runs the malware, but it never extracts the key, because Chrome doesn't have it anymore.

At that point, either the malware has to be nastier (break out of its process, use a local elevation exploit, etc -- other purely technical problems that we're always trying to solve anyway), or, if that's not on the table or doesn't work: then suddenly WE'RE BACK IN AMERICA, and the attacker has to show their warrant to Joe.

And that last thing, is the goal. If we can get it to go that way, then we'll have due process again. I want suspects to be saying things like "I'm calling my lawyer, officer," not middlemen saying, "What does the legal department say about this? Should we comply? Eh.. it's not like it's any skin off our noses anyway. The customer will probably never find out it happened, so the cost to our reputation should be quite minimal."

At first glance, this looks like a good idea which should be encouraged and nurtured. Even if they fuck up something.

The downside is that it's pretty crazy to be doing stuff like this in a scripting language inside of a machine that downloads new versions from somewhere, at the drop of a hat, and where the machine itself (Chrome) is remotely-coercible. (In other words, point a gun at Google's head, and they will extract your key the next time you enter your passphrase.) But really I think this is a minor point! (bear with me; I know that sounds like a bombshell.)

It's good to for people to start using OpenPGP, even if they do some things wrong, and for it to get more mainstreamed. It'll get 'em familiar with the concepts (and they need to learn them all; take anything out and you have a broken system), and then some day they will graduate to the real thing (actual PGP or GnuPG, outside the vulnerable context of today's web browsers) and do things more carefully on their own time while remaining interoperable with their associates.

I know I am a dead-horse beater on this, but OpenPGP, after all these years, really is still the very best, top-notch, number one PK system we have. It's not merely good; it's right. And the applications for the WoT go far beyond merely securing communications from snooping, though it happens to be excellent that that. Three cheers for Google not inventing something gratuitously nonstandard (and therefore, probably deficient)!

No, it's about guns. Nobody's talking about other 3d printed objects yet.

"Yet?" If anyone says this is a slippery slope and and some day we'll regret it, I'd have to flame 'em for having their tense wrong.

Try printing a "circumvention device" or merely "manufacture, import, offer to the public, provide, or otherwise traffic" a model for one, and then tell the judge in the DMCA case, that it's allowed because it's not a gun.

I bet with a little research, you could find decades or possibly even a century or two, of precedent for all sorts of restrictions on things that are far more innocuous than guns, and 3d printers are going to run into much of that stuff. Guns are really only a special case here, because we have an amendment that specifically prohibits the government from .. uh .. well, what they're not allowed to do is apparently rather debated, but one thing we all agree on, is that amendment really does use the word "arms." And we don't have any constitution-level law at all, that mentions the words "computer programs." ;-)

You should expect interference of some kind, whenever there's any sort of advance in cheap anonymous unskilled creation. That's just how things work, always. I seriously don't know how anyone could possibly think we're only talking about the future of guns. Guns are so nothing within the overall economy.