To save myself time, I wrote an article on "The PGP Problem":

The PGP Problem: A Critique

Usability is a huge issue for encrypted messaging. PGP is included here. Unfortunately, so is Signal. In a usability study involving Signal[1], 21 out of 28 computer science students failed to establish and maintain a secure end to end encrypted connection. The problem was with identity verification.

Related to the Signal usability issue related to identity verification, Signal cheerfully allows a user to do messaging without any such verification at all. So that means that Signal, Twilo (the entity that does the phone # verfication) and the phone company all have the opportunity to MITM the connection and get your messages. PGP will insist that you acknowledge that you have done the verification by signing the PGP identity in question. So, for almost all the people that currently use Signal, PGP would actually be more secure.

Signal isn't the only instant messenger that allows insecure operation with unverified identities. In general, if you don't make the issue clear to the user, you are being at least a little dishonest on your end to end encryption claim.

[1] https://www.ndss-symposium.org...

>ECC is actually much more quantum-resistant than RSA...

My understanding is that RSA is slightly more resistant than curves, but that the difference doesn't really matter.

>...and RSA-3072 is much more quantum-resistant than RSA 2048...

Only in the current situation where the noise problem increases exponentially with the number of qubits. But that would mean that RSA-2048 is completely secure as well.

  >RSA 2048 is considered Adequate secure until 2030...

The assumptions that lead to the idea that RSA-2048 should be sunsetted in 2030 are invalid[1].

[1] https://articles.59.ca/doku.ph...

Something with an old algorithum in it somewhere is not automatically insecure. I have an MD5 command in my operating system. Is my operating system insecure? It would be virtually impossible for a modern day user to somehow use IDEA in a contemporary OpenPGP based system without meaning to. The old "The PGP Problem" article comes up often enough that I generated a critique that I can link to to save time:

The PGP Problem: A Critique

I love PA. I have been using it for network audio since it was called Polypro audio. Having said that, it still isn't finished and maintenance has more or less been abandoned. I recently gave up trying to use it for my media computer. I got tired of living with a 5 year old bug.

I think the problem with Pulseaudio is that it is too monolithic. There is just too much logic stuffed into one place for a good long term open source project. Once the original people lost interest it became too hard to understand for those that just wanted to fix bugs. At this point someone is going to have to devote a significant hunk of their life if the hard bugs are ever to be fixed. Pulseaudio should of stuck to what it did best: network audio...

Why does everything lead to an attack? Perhaps the Iranians feel that they are above such playground level ideas. Iran hasn't attacked anyone for hundreds of years. Maybe they are a bunch of annoying pacifists...

This is classic institutional behaviour. Something happened that could in some way cause the administration to look bad? Do something to delay outside scrutiny until public interest moves elsewhere. Immediately announce that a really really serious investigation is already underway. The result is unimportant. The actual goal is to prevent outsiders from poking around in your kingdom and causing blame.

Is there actually any question as to exactly what MIT did? What new questions remain to be answered?

The stuff about "disaster relief" is entirely bogus. They are asking people to work on an entirely military application for very little gain...

People in Israel still had to go to the shelters on a regular basis. Some of the rockets got through. The system would of been successful if everyone could of just sat and watched the war on TV.

The Palestinians don't need to actually hurt or kill anyone with their rockets. To achieve a positive political end all they need to do is create a situation where people in Israel can never be completely safe. This serves as an argument against the current policy where the Palestinians are being forced into a small area and then walled in. The rockets mean that even if the policy is taken to it's logical conclusion it will never bring total security.

Why would anyone want to know the actual location of speed signs? Normally people want to know the speed of a particular road at a particular place. We already have a fairly popular version of that that in a Wiki form:

OpenStreetMap

If you wanted to know where Air Force One was wouldn't it be easier just to turn on the news?

Knowing where an aircraft is doesn't really help you if it is at 30000 feet. Anyone trying to assassinate the president will wait until it is approaching or leaving an airport before letting off the shoulder fired missile.

RGB LED lighting is made. Colour matching is a bother but getting the right balance with the phosphor is hard as well. One problem is that RGB LED lights can not pass the Colour Rendering Index (CRI) test at all. It turns out that there is a colour used in the test that just won't work with the wavelengths used in such lamps (it is apparently just a bunch of colour blobs printed on paper). The RGB lighting people feel that the test is not useful for comparing phosphor and RGB lights.

Some supporters of RGB LEDs managed to get a group of people to prefer the RGB based lights in a test so all hope is not lost...

There isn't really any way to deny *anyone* secure tactical communications these days. Just get everyone a push to talk app for their smart phone and a bluetooth headset. You can even encrypt the messages if anyone actually cares (the police wouldn't).

What, there is some standard way to do video chat over 4G? Or will this only work with other Onstar subscribers?

Er, no. There is an actual technical issue here. If you make a passive filter with sharper skirts you end up with more loss to the desired signal. GPS (like all things that transmit from space) is quite power limited. As a result the signal is just above the noise (pretty much all downlinks). So just adding a better filter in front of the receiver will significantly degrade things.

There is stuff that you can do here but it would be expensive and possibly power hungry (some GPS receivers have to run off of batteries).

Normally this issue is resolved by placing guard bands around downlink bands where terrestrial transmitters are not allowed. By not doing this in a reasonable way, the FCC has simply messed up.