Gnome shell isn't much better, but a little... as long as get nautilus as patch by ubuntu, can't live without decent type-ahead... I tried, and I'll never be able to move away...
A smart provider however will have implemented its data management software in such a way that only his client has the key to decrypt the data it just turned over to the government. That way it cannot even be forced to decrypt it without violating the rules of mathematics and complexity theory.
The problem is that sometimes the key is temporarily present on the providers machines, either sent with API requests for server-side encryption, or present on a VM running client software in provider cloud.
And as of recent stories it seems US govt believes it can't force the cloud provider to record the key when temporarily present. To me that is the equivalent for forcing the provider to spy on your behalf because the provider isn't merely providing stuff it has on file. Curious what is your take on this?
If you need to share the key with the provider....
Yes, it's not the same a client side encryption. It's hardly an alternative, but it is most certainly a valuable addition.
It won't protect you from the NSA, etc.. But it can protect you from accidental leaks of credentials, compromised accounts, rouge under paid datacenter interns, discarded harddrives ending up who know where... Or software bugs at the provider.
It's an extra layer of attack mitigation that you should use in combination with client encryption, because client side encryption is easy to get wrong, so having an extra layer is good.
Also I'm sure this helps with compliance of regulations that might not always make sense...
Public IT is definitely who should not be responsible for this kind of testing
Remember the debate after heart bleed... We were all asking ourselves how come nobody invested in security auditing for openssl.
We all took this infrastructure project for given. For the public sector to invest in some open source infrastructure projects is not a bad idea.
I'm not suggesting that the public sector review everything, but for the public sector to identify and invest in a few heavily re-used open source projects is not bad idea. It's like public sector investment in roads and other infrastructure.
there are armed police at all UK commercial airports now, have been since 9/11.
But officers in the UK are better trained and less trigger happy.
there's 3 years of development time between now and 2019, and with Microsoft's deep pockets
Microsoft is stupid... Sad but true. They are not developing consistent services. Throw whatever money you want after it, if you have no single user manage, authentication and authorization system covering all APIs you loose. If you have different arbitrary restrictions on what ASCII chars is allowed when naming resources for different services (just in azure storage service, not counting everything else), it's going to fail...
AWS is not perfect, but it is fairly consistently designed... As in IAM users and policies for all access control (with exception of S3 which has some legacy options too)...
It's pretty clear that azure services are being developed by different teams who don't talk to each other.
I also have a few with Amazon too. No trouble there either. How is Azure sketchy?
An azure storage accounts have a single secret key shared between all users... If you have two servers/apps/persons using the same storage account they MUST share the same secret key. You can issue temporary keys, but you have to build an manage an authorization system that issues such keys. The user management in azure does not extend to cover storage accounts other than all or nothing, and all users share the same secret key. This is insane! Unthinkable in any non-trivial deployment.
Holy shit, the video doesn't just claim to be supported by the organization; it contains zero hint that it's a parody, at all. It looks very authentic...
When you can't tell the difference between parody and reality, you have to ask yourself if maybe reality have gotten too crazy...
Take an astronaut to launch.