By "encrypted" they almost certainly mean, "credit card data is encrypted with a key that may or may not have been compromised as well" and "passwords were hashed". Password hashing doesn't achieve very much these days unless your password is unusually strong.

I don't believe Dalvik does any kind of escape analysis. It might be something they could put into dexopt and do ahead of time (at install time not runtime).

FYI stack allocation (the optimisation you refer to) is implemented in the JVM for some time already. It is capable of eliminating large numbers of allocations entirely on hot paths. Of course, there is a lot of memory overhead to all of this - the JVM has to do an escape analysis and it has to keep around bookkeeping data to let it unoptimize things.

For some reason they call this optimisation scalar replacement. I'm not sure why. In theory this can help close the gap a lot, because a big part of the reason GC is seen as slow is just because the languages that use it put so much pressure on the heap due to their library and language designs encouraging tons of tiny objects. If you can put them onto the stack then things can get much faster. I use some pretty large and complicated Java apps these days (like IntelliJ) and they seem to perform well, so perhaps things like this have turned the tide somewhat.

Programmers intent on using all of the resources available, and performing intensive tasks, should think about means other than garbage collection.

This debate is as old as the hills. I'll just point out that it's not so much that GC is terrible, so much as it's indelibly associated with managed languages that either are Java or use very Java-inspired designs (like C#) in which objects and heap allocation is treated as being nearly free.

To prove my point, I cite Unreal Engine, a serious piece of code with very tight performance constraints. It's capable of hitting high, smooth frame rates, and it uses a garbage collected heap for the core game state (lots of objects with lots of pointers between them). (reference).

None of these things are free, exactly, but if you understand their costs you can still benefit. I think one of the reasons GC has a bad name is that so much code is written in languages like Java or JavaScript by people who, for instance, don't know the difference between a heap and a stack, or were simply never taught how GC works, so they tend to see allocations as free and use as many of them as they want. Older languages like C++ are used by older, more experienced developers who naturally consider the costs of things as they go, and have a bias towards more complex error-prone code that is tighter.

The whole fiasco is enabled by the fact that the NSA does have (secret) court orders from a (secret) court, and the regular courts won't hear cases because of state secrecy. I don't see any reason to believe DDG would have any more luck than Google or Yahoo did.

Well that's convincing - not!

Has this dude been living in a cave for the past month? We've just had a non-stop series of revelations about how governments (not just in the USA) routinely ignore their own laws or secretly redefine them into meaninglessness, in order to engage in dragnet surveillance. And his answer is "such a request would be unconstitutional". Yes, it would. It was unconstitutional for all the other search engines too. So what? That obviously doesn't matter.

DDG is just a scam in so many ways. The entire site is basically a proxy for Bing. If Bing were to cut them off they'd have no search engine anymore. If Bing were to say "you pass through data on people or we cut you off", they'd either have to give up on their privacy guarantees or shut down completely. It's a completely self defeating business model, if they get popular they won't be able to sustain the reasons for it anymore.

The fact that he thinks there's a difference between Amazon and Verizon with regards to NSA cooperation is especially amusing.

You know that Kenya and Nigeria are not the same, right?

I spent a couple of years working on 419 style scams. The origin was always, without fail, coastal west African nations. I don't recall even once seeing Kenya crop up. Don't paint all of sub-saharan Africa with the same brush.

Age of consent in Spain is 13 though they plan to raise it. Seems like a 14 year old is an odd choice to emulate for that reason.

That said, an AI capable of simulating a 14 year old girl? Hard to imagine they could even simulate a 5 year old successfully. This doesn't seem like a good use of a universities resources.

Any application intended to resist modern government surveillance is going to be extremely difficult to write, because it has to be resistant to bogus secret "court orders". The only way I know to do that is to have many independent developers engage in multi-party signatures of reproducible builds based on audited and reviewed open source code. If they're just going to run a company that develops it in a proprietary manner how will they achieve that?

I am more interested in Pond. It's being written by an actual cryptographer and he already has real, working code (though it's nowhere near releasable). It's up front about its security model and which threats can break it. It's built on top of Tor and even supports using the TPM chip so that when you press delete, the data is really really gone beyond the ability of any forensics tools to recover. It's even designed to resist traffic analysis. Anyone can run a server.

The main differences are that, obviously, Pond is not developed by a company, and it is focussed on asynchronous email style messaging rather than instant messaging. It's also got a very strong threat model that means it compromises on usability - for instance, there are no addresses in Pond, instead you are expected to hand out small files (perhaps on NFC tags?) to people who you want to be able to receive messages from (this is an anti-spam measure).

Despite all that it's a very interesting piece of research.

He was a sysadmin at the NSA and worked also for the CIA. You think the NSA didn't throw some parties when Stuxnet reported back that it worked? You don't think it was the watercool talk of the month when it leaked out? Your faith in the ability of organisations to internally compartmentalise things is interesting.

Uh, yes, the troops do send themselves overseas. Does America have the draft? I don't think so. If they go abroad and fight just because they have a shitty life at home and the military is a pay-rise, that's even more disgusting than if they are doing it for some warped ideological purpose.

The link with Republicanism is probably to do with age. If you look at the poll results, young people are far more outraged than old people, who seem to systematically skew authoritarian. Perhaps growing up in the environment of the cold war means they have a much stronger sympathy for spying and feel that no matter what the USA does, it must always be on the side of right rather than wrong. Young people with no memory of the cold war have no particular bias towards national secrecy.

I cannot speak for programs I have not worked in, but NSA wiretaps have played a role in EVERY modern day foreign crisis in the past 20 years. Mali, Iran, Iraq, Yemen, pirates in the Indian Ocean, and a lot more I'm forgetting because I've been out all night.

Are you for real or just an extremely skilled troll? It's hard to believe anyone could seriously write something so stupid.

Of course you've played a role in those "foreign crises", because you work for the US government which is the source of the crises in those countries. Those countries would obviously not be in any kind of crisis condition if they were not being constantly assaulted economically and physically by pliant tools like yourself.

I'll admit I was kinda uneasy about what we did when I first started here a few years ago, but I can even count the number of lives I have saved on my fingers in my first hand alone, so I think the ends justify the means.

The NSA is a part of the US military. The US military has directly killed far more people in those places than you can ever save.

On the off chance you're a real person, I'm going to make a suggestion. Tomorrow is Monday. Talk this over with your SO if you have one tonight, then go into work on Monday and hand in your resignation. Tell your boss you realised that you're a part of a machine that systematically causes crises in the middle east and you don't want to be a part of it any more, not even to try and save lives that were wrecked by your colleagues.

Then go find a job in the private sector using your skills to achieve positive outcomes at home, instead of negative outcomes abroad.

The average veteran in the USA is a war criminal. How is he supposed to demonstrate this fact other than by giving examples? Was Iraq invading the USA? Was Afghanistan? The people who fly the drones, are they fighting people who are attacking the USA?

The answer to all these things is clearly no. When people volunteer to take part in the US military, they volunteer to travel to some foreign country the other end of the Earth and bomb, snipe and shoot their way through the local populace to achieve extremely vague and open ended "goals" which are self evidently bullshit (bringing freedom or whatever). They volunteer knowing full well what they're going to do, how pointless it all is, and they sign up anyway.

How Americans go out of their way to engage in hero worship of vets is one of the most troubling and pathetic parts of US culture. You don't see it to anywhere near the same extent in other parts of the world. Maybe people if directly challenged would say "yes I support the troops" because any other answer is picking a fight, but the anti-Iraq-war rallies were the largest anti war protests in recorded history. That shows you what people really think of the military. I'll know there's a chance for the US when a politician gets up and says, "no, I don't support the troops". Not holding my breath.

The crazy is in thinking she can regulate better security onto any random industry. It doesn't work like that. Security is too complicated to magically fix by insisting on blind usage of a particular tool.

If you look at the article, a huge number of the breaches are to do with credit card leaks. Well, duh, credit cards are a pull model not a push model. Bitcoin is more sensible, but the California DFI is busy harassing Bitcoin companies. So if she really cares about upgraded security, maybe she should get the DFI off the back of people building more secure, cryptographic financial systems that compete with the incumbents? That's much less fun than coming up with new laws though.