Rumour by a conspiracy theorist? We know for a fact that there is a vast conspiracy at work here, because it was just blown open by Snowden. No "theorist" about it, call them conspiracy pragmatists instead.

Given what we know about SSL, the NSA and the FISA process, I'd say compromise of SSL keys is practically Occam's Razor by this point. The interesting rumours to me are the ones that imply they were somehow NOT able to get that data. Bear in mind, all it takes is one mole, or someone served with a "superwarrant+supergag" so they can't tell their management, and the keys are gone.

Perfect forward secrecy helps a lot here because stealing the keys doesn't let you decrypt the traffic, just do MITMs, and active MITM is a lot more detectable than standard SSL key compromise. But hardly anyone uses it (only Google).

But why should someone who creates something not be able to control how it's used? That seems pretty basic. It wouldn't exist at all if not for them.

See, the problem I have with copyright reformers is that copyright is a quite well thought out piece of law (relative to most, anyway). It gives people who create things an optional tool that they don't have to use. It allows everything from Hollywood movies to open source software. If someone felt their work was best given away for free, they could certainly do that, or they could use a creative commons style license and many people do.

Now the situation we have is that a whole generation of people doesn't have any respect for other peoples work. They feel they deserve free movies, music and software because "zomg industry!!!" (reality check - the content industries are quite small relative to others, like the tech or energy industries). They feel that people who create things should have fewer options than today, less freedom to decide how their work is used, because gosh isn't it annoying and inconvenient when you want something and can't afford it?

Much though I dislike the way the US government puts political pressure on other countries, Finland does not, last time I checked, have an equivalent to Hollywood. Probably its people would benefit if the government just shrugged and said, well, we don't create much relative to other people so why bother enforcing their copyrights? Might as well take what we can for free! Party time!!

The problem is if everyone does that, you kill the goose that laid the golden egg. The idea that nobody who creates movies or writes software cares about money is naive and childish. People do create less when they are unable to earn an income doing so.

By "encrypted" they almost certainly mean, "credit card data is encrypted with a key that may or may not have been compromised as well" and "passwords were hashed". Password hashing doesn't achieve very much these days unless your password is unusually strong.

I don't believe Dalvik does any kind of escape analysis. It might be something they could put into dexopt and do ahead of time (at install time not runtime).

FYI stack allocation (the optimisation you refer to) is implemented in the JVM for some time already. It is capable of eliminating large numbers of allocations entirely on hot paths. Of course, there is a lot of memory overhead to all of this - the JVM has to do an escape analysis and it has to keep around bookkeeping data to let it unoptimize things.

For some reason they call this optimisation scalar replacement. I'm not sure why. In theory this can help close the gap a lot, because a big part of the reason GC is seen as slow is just because the languages that use it put so much pressure on the heap due to their library and language designs encouraging tons of tiny objects. If you can put them onto the stack then things can get much faster. I use some pretty large and complicated Java apps these days (like IntelliJ) and they seem to perform well, so perhaps things like this have turned the tide somewhat.

Programmers intent on using all of the resources available, and performing intensive tasks, should think about means other than garbage collection.

This debate is as old as the hills. I'll just point out that it's not so much that GC is terrible, so much as it's indelibly associated with managed languages that either are Java or use very Java-inspired designs (like C#) in which objects and heap allocation is treated as being nearly free.

To prove my point, I cite Unreal Engine, a serious piece of code with very tight performance constraints. It's capable of hitting high, smooth frame rates, and it uses a garbage collected heap for the core game state (lots of objects with lots of pointers between them). (reference).

None of these things are free, exactly, but if you understand their costs you can still benefit. I think one of the reasons GC has a bad name is that so much code is written in languages like Java or JavaScript by people who, for instance, don't know the difference between a heap and a stack, or were simply never taught how GC works, so they tend to see allocations as free and use as many of them as they want. Older languages like C++ are used by older, more experienced developers who naturally consider the costs of things as they go, and have a bias towards more complex error-prone code that is tighter.

The whole fiasco is enabled by the fact that the NSA does have (secret) court orders from a (secret) court, and the regular courts won't hear cases because of state secrecy. I don't see any reason to believe DDG would have any more luck than Google or Yahoo did.

Well that's convincing - not!

Has this dude been living in a cave for the past month? We've just had a non-stop series of revelations about how governments (not just in the USA) routinely ignore their own laws or secretly redefine them into meaninglessness, in order to engage in dragnet surveillance. And his answer is "such a request would be unconstitutional". Yes, it would. It was unconstitutional for all the other search engines too. So what? That obviously doesn't matter.

DDG is just a scam in so many ways. The entire site is basically a proxy for Bing. If Bing were to cut them off they'd have no search engine anymore. If Bing were to say "you pass through data on people or we cut you off", they'd either have to give up on their privacy guarantees or shut down completely. It's a completely self defeating business model, if they get popular they won't be able to sustain the reasons for it anymore.

The fact that he thinks there's a difference between Amazon and Verizon with regards to NSA cooperation is especially amusing.

You know that Kenya and Nigeria are not the same, right?

I spent a couple of years working on 419 style scams. The origin was always, without fail, coastal west African nations. I don't recall even once seeing Kenya crop up. Don't paint all of sub-saharan Africa with the same brush.

Age of consent in Spain is 13 though they plan to raise it. Seems like a 14 year old is an odd choice to emulate for that reason.

That said, an AI capable of simulating a 14 year old girl? Hard to imagine they could even simulate a 5 year old successfully. This doesn't seem like a good use of a universities resources.

Any application intended to resist modern government surveillance is going to be extremely difficult to write, because it has to be resistant to bogus secret "court orders". The only way I know to do that is to have many independent developers engage in multi-party signatures of reproducible builds based on audited and reviewed open source code. If they're just going to run a company that develops it in a proprietary manner how will they achieve that?

I am more interested in Pond. It's being written by an actual cryptographer and he already has real, working code (though it's nowhere near releasable). It's up front about its security model and which threats can break it. It's built on top of Tor and even supports using the TPM chip so that when you press delete, the data is really really gone beyond the ability of any forensics tools to recover. It's even designed to resist traffic analysis. Anyone can run a server.

The main differences are that, obviously, Pond is not developed by a company, and it is focussed on asynchronous email style messaging rather than instant messaging. It's also got a very strong threat model that means it compromises on usability - for instance, there are no addresses in Pond, instead you are expected to hand out small files (perhaps on NFC tags?) to people who you want to be able to receive messages from (this is an anti-spam measure).

Despite all that it's a very interesting piece of research.

He was a sysadmin at the NSA and worked also for the CIA. You think the NSA didn't throw some parties when Stuxnet reported back that it worked? You don't think it was the watercool talk of the month when it leaked out? Your faith in the ability of organisations to internally compartmentalise things is interesting.

Uh, yes, the troops do send themselves overseas. Does America have the draft? I don't think so. If they go abroad and fight just because they have a shitty life at home and the military is a pay-rise, that's even more disgusting than if they are doing it for some warped ideological purpose.

The link with Republicanism is probably to do with age. If you look at the poll results, young people are far more outraged than old people, who seem to systematically skew authoritarian. Perhaps growing up in the environment of the cold war means they have a much stronger sympathy for spying and feel that no matter what the USA does, it must always be on the side of right rather than wrong. Young people with no memory of the cold war have no particular bias towards national secrecy.

I cannot speak for programs I have not worked in, but NSA wiretaps have played a role in EVERY modern day foreign crisis in the past 20 years. Mali, Iran, Iraq, Yemen, pirates in the Indian Ocean, and a lot more I'm forgetting because I've been out all night.

Are you for real or just an extremely skilled troll? It's hard to believe anyone could seriously write something so stupid.

Of course you've played a role in those "foreign crises", because you work for the US government which is the source of the crises in those countries. Those countries would obviously not be in any kind of crisis condition if they were not being constantly assaulted economically and physically by pliant tools like yourself.

I'll admit I was kinda uneasy about what we did when I first started here a few years ago, but I can even count the number of lives I have saved on my fingers in my first hand alone, so I think the ends justify the means.

The NSA is a part of the US military. The US military has directly killed far more people in those places than you can ever save.

On the off chance you're a real person, I'm going to make a suggestion. Tomorrow is Monday. Talk this over with your SO if you have one tonight, then go into work on Monday and hand in your resignation. Tell your boss you realised that you're a part of a machine that systematically causes crises in the middle east and you don't want to be a part of it any more, not even to try and save lives that were wrecked by your colleagues.

Then go find a job in the private sector using your skills to achieve positive outcomes at home, instead of negative outcomes abroad.