We've seen the Micheal Froman approach of highlighting dollar ammounts instead of percentages work well before. This is how John Key sells TPPA to New Zealand - then he steamrolls ahead. It seems that the numbers appear bigger that way.
And at least here in New Zealand it's not a new approach. Key's been spinning the numbers for pretty much his entire reign and kiwis just lap it up.
Re: "Why would you think we care what you want now?"
I was there supporting an activist group in these hearings, and it's not so much they don't have spines but they're in on this.
They pretty much asked us "we won't be open minded about this [TPPA], so will you?", and think that they've "done a brilliant job negotiating for us", despite the widespread opposition that seems to indicate to them we need to be "educated".
As far as I'm concerned this means they deserve to be beaten over the head about (a treatment they actually said they objected to) and leaves me pleased I didn't give National any more power by voting against them.
Maybe there is a lack of resources in the FLOSS community, but leave that NPM case out of this. That's rather a problem with NPM failing to realize that letting developers remove their code from the site can ruin unrelated projects, and a general overuse of modules in Node.js.
But on the other hand maybe the lack of resources can be addressed by simply writing better code. For example it's much easier to vet Wayland and a graphics library than it is to understand X, and reportedly OpenSSL does face some of these issues.
The other thing security-wise with free/open source software is that you can review the code yourself, or hire someone to do it for you, in order to better know it's secure. With proprietary software the best we can do is try to pick up suspicious networking, and beyond that give the vendor undeserved trust.
Sure for a large project like an OS or it's kernel personal review is impractical* and we must put some trust in peer-review, but it's certainly practical for most applications.
Why would Google do such a thing? I'm sure some of the tracking revenue comes back to them.
Also given habits on the Google Play Store, I'm not sure these apps are exactly breaking anything. Instead they, like many others, could simply be asking for a range of irrelevent permissions.
All the NSA really need do is be venture capitalists
Sure they could sabotage projects (which may be a great plan B), but all they really need to do is join the Silicon Valley venture capitalists in funding companies who convince the rest of us to hand our data straight into the NSA's laps for the company to benefit from "advertising" fees.
This is basically what any of these Silicon Valley companies do (including Apple with iCloud), and because of the profit they get from their "advertising" encourages them to lol us with ineffective "security" to "protect our privacy" that hardly addresses the point.
And it's not as if the FOSS community have been all that effective in fighting the faulty client-server architecture that's been so favorable to the NSA. So maybe they do have spies there.
Re: Re: Re: Disabling Digital Restrictions Management support
Certainly people should change their defaults to something more private, but they shouldn't have to. People just don't do it, and it should be the developer's responsibility to configure nice, convenient, and secure defaults.
This is important because the loss of privacy isn't an individual's concern but a societal one, and additionally those who value privacy should be able to hide amongst those who don't care.
Some comments based on my personal understanding from what I've read about this.
First my understanding is that this Recommendation does not actually dictate any DRM, it provides a hole in the specifications labeled "DRM magic happens here". As such browsers could update that hole, keeping ahead of attacks, without breaking compliance. The DRM is actually browser specific.
Also, if as suggested, the intent is to secure WebRTC communications by extending the browser: 1) This is not how it's used (by Netflix) and advertised (by Apple as "HTML5 Premium Video") 2) Hey, while you're writing native code to extend the browser to add encrypted communications, why not create a cross platform GTK application around it? If you do that, you really don't need this standard, and besides HTML5 is mostly a bunch of bloat to me.
To be clear, given the way the W3C are structured, the browser vendors (who buy in) write the specs and Berners-Lee acts as king and sign off on these specs when he considers them stable. That means that Hollywood doesn't need to send lobbyists to the W3C, they've already corrupted at least Apple (who like to call this "Premium HTML5 Video") and Google. Besides this "standard" hardly qualifies as one, as it basically is a new <embed> tag where every browser provides their own incompatible DRM (I imagine it's done this way because security by obscurity really is the only way to do DRM).
So yeah, I vote for an open wiki to replace the W3C.
While I do think the arguments about the practicality of backdoors is important, the one thing I really agree with this guest on is that it's important to discuss whether governments should have access to what's on our phones and who we discuss with.
To me the answer is a clear NO. There's no evidence that law enforcement needs the backdoors*, because what's in our phones/laptops were traditionally in our brains (or shredded papers). And when all our communications were face-to-face there were no means to collect metadata on all of that communications.
Instead law enforcement should rely on, as they always have: published documents (on the web) and questioning the individuals and businesses involved.
And last comment here, I'm not just concerned about other countries developing these technologies if the US doesn't. I'm concerned about terrorists implementing their own (imperfect) stuff in-house, that's the software that needs to be attacked.
* I'm happy to take that back if efforts to create a more perfectly secure device does infact hinder law enforcement.
In response to an early comment, if the FBI looses this case they've at least convinced the public that Apple devices are safe and they (the FBI) can't get into them.
Meanwhile Apple heavily encourages their consumers to use iCloud, which the FBI can, and regularly do, get into (which ofcourse they can't in this case because they've messed things up by changing the password).
So it's a win for the FBI either way. My best advice is to support Apple but don't get fooled.
Hmmm, we all have "swiss bank accounts" in our pockets now. By that line we used to have those swiss accounts in our heads, but law enforcement (as this article rightly points out) has always been able to cope with that.
This is nothing new with this.
Besides it is ridiculous for him to call himself a "realist" when he denies reality is "absolutist".
On the post: It's Official: US International Trade Commission Predicts Negligible Economic Benefits From TPP
Yup, dollars speak louder than percentages
And at least here in New Zealand it's not a new approach. Key's been spinning the numbers for pretty much his entire reign and kiwis just lap it up.
On the post: New Zealand Government Trying To Streamroller TPP Through Ratification Without Proper Scrutiny Or Public Input
Re: "Why would you think we care what you want now?"
They pretty much asked us "we won't be open minded about this [TPPA], so will you?", and think that they've "done a brilliant job negotiating for us", despite the widespread opposition that seems to indicate to them we need to be "educated".
As far as I'm concerned this means they deserve to be beaten over the head about (a treatment they actually said they objected to) and leaves me pleased I didn't give National any more power by voting against them.
On the post: DHS Claims Open Source Software Is Like Giving The Mafia A Copy Of FBI Code; Hastily Walks Back Statement
Re: Re:
But on the other hand maybe the lack of resources can be addressed by simply writing better code. For example it's much easier to vet Wayland and a graphics library than it is to understand X, and reportedly OpenSSL does face some of these issues.
On the post: DHS Claims Open Source Software Is Like Giving The Mafia A Copy Of FBI Code; Hastily Walks Back Statement
Then there's simply stronger assurance
Sure for a large project like an OS or it's kernel personal review is impractical* and we must put some trust in peer-review, but it's certainly practical for most applications.
* Not that I don't enjoy trying.
On the post: Silverpush Stops Using Sneaky, Inaudible TV Audio Tracking Beacons After FTC Warning
Re:
Also given habits on the Google Play Store, I'm not sure these apps are exactly breaking anything. Instead they, like many others, could simply be asking for a range of irrelevent permissions.
On the post: Maybe The NSA Has Already Broken Every Security System, Not By Hacking Computers, But By Hacking The Entire Industry
All the NSA really need do is be venture capitalists
This is basically what any of these Silicon Valley companies do (including Apple with iCloud), and because of the profit they get from their "advertising" encourages them to lol us with ineffective "security" to "protect our privacy" that hardly addresses the point.
And it's not as if the FOSS community have been all that effective in fighting the faulty client-server architecture that's been so favorable to the NSA. So maybe they do have spies there.
On the post: Why Won't W3C Carve Security Research Out Of Its DRM-In-HTML 5 Proposal?
Re: Re: Re: Disabling Digital Restrictions Management support
People just don't do it, and it should be the developer's responsibility to configure nice, convenient, and secure defaults.
This is important because the loss of privacy isn't an individual's concern but a societal one, and additionally those who value privacy should be able to hide amongst those who don't care.
On the post: Why Won't W3C Carve Security Research Out Of Its DRM-In-HTML 5 Proposal?
Re
First my understanding is that this Recommendation does not actually dictate any DRM, it provides a hole in the specifications labeled "DRM magic happens here". As such browsers could update that hole, keeping ahead of attacks, without breaking compliance. The DRM is actually browser specific.
Also, if as suggested, the intent is to secure WebRTC communications by extending the browser:
1) This is not how it's used (by Netflix) and advertised (by Apple as "HTML5 Premium Video")
2) Hey, while you're writing native code to extend the browser to add encrypted communications, why not create a cross platform GTK application around it? If you do that, you really don't need this standard, and besides HTML5 is mostly a bunch of bloat to me.
On the post: Why Won't W3C Carve Security Research Out Of Its DRM-In-HTML 5 Proposal?
So yeah, I vote for an open wiki to replace the W3C.
On the post: Techdirt Podcast Episode 67: The Great Encryption Debate: Should There Be Back Doors?
To me the answer is a clear NO. There's no evidence that law enforcement needs the backdoors*, because what's in our phones/laptops were traditionally in our brains (or shredded papers). And when all our communications were face-to-face there were no means to collect metadata on all of that communications.
Instead law enforcement should rely on, as they always have: published documents (on the web) and questioning the individuals and businesses involved.
And last comment here, I'm not just concerned about other countries developing these technologies if the US doesn't. I'm concerned about terrorists implementing their own (imperfect) stuff in-house, that's the software that needs to be attacked.
* I'm happy to take that back if efforts to create a more perfectly secure device does infact hinder law enforcement.
On the post: DOJ Officials Hint WhatsApp Likely Next In Line For The Apple Treatment
They win both ways
Meanwhile Apple heavily encourages their consumers to use iCloud, which the FBI can, and regularly do, get into (which ofcourse they can't in this case because they've messed things up by changing the password).
So it's a win for the FBI either way. My best advice is to support Apple but don't get fooled.
On the post: President Obama Is Wrong On Encryption; Claims The Realist View Is 'Absolutist'
RE:
On the post: President Obama Is Wrong On Encryption; Claims The Realist View Is 'Absolutist'
This is nothing new with this.
Besides it is ridiculous for him to call himself a "realist" when he denies reality is "absolutist".
Next >>