If our choice really is between abusive cops and no cops, then we're just screwed. Fortunately, there does exist (in theory, anyway) a middle ground -- cops who are ethical, professional, and don't tolerate the abuse of police powers.
"While most police officers are respectful of the public they serve, there are a small group of officers who carry things too far."
Any cop who fails to denounce (or worse, actively defends) abusive cops are betraying their public duty and allying with the "small group" even if their conduct is otherwise unassailable.
This is why I think it's deceptive to say it's just a "small group" of bad cops. It appears to be the majority -- the difference is only in degree.
"Offering services without caps disadvantages customers that do not download large amounts"
If this is actually something that ISPs are worried about, then caps are still not the answer. The fairest thing to do is to just meter usage and charge a flat rate per Kb or whatever.
However, two things make it clear this is not the issue: what the ISPs are telling their shareholders, and that the cost of bandwidth is low enough that the the price impact of heavy users is barely noticeable.
This is nothing more than a naked money grab -- which in our system is not necessarily an "evil". The objectionable thing is that Comcast, like other ISPs, keep trying to sell it as something more than that.
They're simply lying. Comcast isn't the only one -- I was in an AT&T store today, and they had a big poster advertising their "unlimited" service. In the fine print at the bottom, it mentioned that if you used more than a preset amount, your connection speed will be reduced.
Which makes the "unlimited" claim a lie. That sort of thing is the actual problem.
Yes, of course. I should have been more precise -- I was referring more specifically to (the more common) cases where such coordination is not possible, such as people who are never physically in the same space at the same time.
"what they are trying to say is that these services have become a social necessity and first amendment protections should apply."
Saying that social media generally, and Facebook in particular, has become a "social necessity" is more than a small stretch. After all, it's still true that nearly half of the US population doesn't use social media at all.
Yep. Unbreakable crypto is well known and technically easy to do without the need for computers at all.
The hard part is the key exchange. After all, if you have a secure channel to exchange keys, then why not send the message itself through that channel?.
PKE is an engineering tradeoff -- the crypto is strong but not mathematically unbreakable, but the win is that the key exchange problem is rather dramatically improved (and, if you do it right, is solved).
The easy availability of strong crypto does make security a bit easier, but it has always been true -- and will always be true -- that security is hard.
That's because security is not a matter of deploying a tool, no matter how powerful. To be secure against serious threats requires careful attention to every aspect of procedures and behavior, both electronic and not. Weakness in any aspect of the overall effort weakens all aspects.
As a common example of the truth of this, look at the excellent and common advice given regarding everyday passwords: never use a given password for more than one thing. That way if the password is exposed, only one thing is compromised.
Behavior is at least as important to security as technology is.
I guess it's technically conceivable, but exceedingly unlikely, that he assumed the SWAT team would have restraint. This is a guy who regularly swims in these waters and would be fully aware of what happens when you SWAT.
I dunno. Most of the major companies would not pull out of the US if that happened here. Microsoft, Apple, etc., would certainly remain and comply with whatever the law demands.
The ones that leave would more likely be the smaller companies who tend to be more sensitive to their customer's needs and security. Exactly the ones we can least afford to lose.
That's the wrong question. The right question is -- why is the initial response to the call to send in the SWAT team, rather than conducting at least a minimal amount of investigation first?
"As a programmer, I've heard the term "security through obscurity" as an insult for the last couple decades, but obscurity probably isn't a terrible thing if you mix it with good security."
This is correct.
"Security through obscurity" is usually used to refer to two different serious errors in security:
1) Relying on secrecy alone to keep you secure. Over time, this fails in close to 100% of all cases.
2) Relying on crypto whose algorithm is a secret. Crypt is notoriously hard to do right, and it's incredibly easy to develop crypto that appears to be strong, but isn't. Secret algorithms don't gain you any security, but they do make it much more difficult to notice flaws in your crypto.
Now, using strong crypto in a way that is hard to notice (by combining it with steganography, for instance) does, in fact, increase your level of security. But you still must treat the crypto part of the scheme as if everyone will know it's there.
On the post: Police Step Up Arrests For 'Threatening' Social Media Posts In The Wake Of The Dallas Shooting
Re:
If our choice really is between abusive cops and no cops, then we're just screwed. Fortunately, there does exist (in theory, anyway) a middle ground -- cops who are ethical, professional, and don't tolerate the abuse of police powers.
On the post: NBC's 'Most Live Olympics Ever' Will Have A One Hour Broadcast Delay For The Opening Ceremony
Re: Olympics
Ignorance is strength.
On the post: Yes, ISIS Is Using Encryption -- But Not Very Well
Re: Re: Terrorists
Cops don't get to decide who "deserves" it.
And that "most" there in your sentence doesn't bother you any?
On the post: Police Step Up Arrests For 'Threatening' Social Media Posts In The Wake Of The Dallas Shooting
Re:
Any cop who fails to denounce (or worse, actively defends) abusive cops are betraying their public duty and allying with the "small group" even if their conduct is otherwise unassailable.
This is why I think it's deceptive to say it's just a "small group" of bad cops. It appears to be the majority -- the difference is only in degree.
On the post: Ton Of Tech Industry Leaders Say Trump Would Be A Complete Disaster For Innovation
Re: Re: I can't wait
On the post: Ton Of Tech Industry Leaders Say Trump Would Be A Complete Disaster For Innovation
I can't wait
On the post: Man Who Doxxed Dozens Of People, Engaged In Nineteen 'Swattings', Nets Only One Year In Prison
Re: Will none of you liberals have the courage...
On the post: Comcast Expands Usage Caps, Still Pretending This Is A Neccessary Trial Where Consumer Opinion Matters
Re:
If this is actually something that ISPs are worried about, then caps are still not the answer. The fairest thing to do is to just meter usage and charge a flat rate per Kb or whatever.
However, two things make it clear this is not the issue: what the ISPs are telling their shareholders, and that the cost of bandwidth is low enough that the the price impact of heavy users is barely noticeable.
This is nothing more than a naked money grab -- which in our system is not necessarily an "evil". The objectionable thing is that Comcast, like other ISPs, keep trying to sell it as something more than that.
They're simply lying. Comcast isn't the only one -- I was in an AT&T store today, and they had a big poster advertising their "unlimited" service. In the fine print at the bottom, it mentioned that if you used more than a preset amount, your connection speed will be reduced.
Which makes the "unlimited" claim a lie. That sort of thing is the actual problem.
On the post: Yes, ISIS Is Using Encryption -- But Not Very Well
Re: Re: Re: Re: Released into the Wild
On the post: Man Who Doxxed Dozens Of People, Engaged In Nineteen 'Swattings', Nets Only One Year In Prison
Re: Re: Re: Re: Fair sentence.
On the post: Pam Geller Sues The US Gov't Because Facebook Blocked Her Page; Says CDA 230 Violates First Amendment
Re:
Saying that social media generally, and Facebook in particular, has become a "social necessity" is more than a small stretch. After all, it's still true that nearly half of the US population doesn't use social media at all.
On the post: Yes, ISIS Is Using Encryption -- But Not Very Well
Re: Re: Released into the Wild
The hard part is the key exchange. After all, if you have a secure channel to exchange keys, then why not send the message itself through that channel?.
PKE is an engineering tradeoff -- the crypto is strong but not mathematically unbreakable, but the win is that the key exchange problem is rather dramatically improved (and, if you do it right, is solved).
On the post: Man Who Doxxed Dozens Of People, Engaged In Nineteen 'Swattings', Nets Only One Year In Prison
Re: Re: Fair sentence.
That seems like harm to me, and a few orders of magnitude more harm than defacing a website.
On the post: Yes, ISIS Is Using Encryption -- But Not Very Well
Security is hard
That's because security is not a matter of deploying a tool, no matter how powerful. To be secure against serious threats requires careful attention to every aspect of procedures and behavior, both electronic and not. Weakness in any aspect of the overall effort weakens all aspects.
As a common example of the truth of this, look at the excellent and common advice given regarding everyday passwords: never use a given password for more than one thing. That way if the password is exposed, only one thing is compromised.
Behavior is at least as important to security as technology is.
On the post: Agent's Testimony Shows FBI Not All That Interested In Ensuring The Integrity Of Its Forensic Evidence
Re:
Because the CFAA provides specific exceptions for law enforcement.
On the post: Man Who Doxxed Dozens Of People, Engaged In Nineteen 'Swattings', Nets Only One Year In Prison
Re: Re: Re: Fair sentence.
On the post: Private Internet Access Leaves Russia, Following Encryption Ban And Seized Servers
Re: Dear US Govt:
The ones that leave would more likely be the smaller companies who tend to be more sensitive to their customer's needs and security. Exactly the ones we can least afford to lose.
On the post: Man Who Doxxed Dozens Of People, Engaged In Nineteen 'Swattings', Nets Only One Year In Prison
Re: Re:
On the post: Comcast Expands Usage Caps, Still Pretending This Is A Neccessary Trial Where Consumer Opinion Matters
Phrasing
On the post: Private Internet Access Leaves Russia, Following Encryption Ban And Seized Servers
Re:
This is correct.
"Security through obscurity" is usually used to refer to two different serious errors in security:
1) Relying on secrecy alone to keep you secure. Over time, this fails in close to 100% of all cases.
2) Relying on crypto whose algorithm is a secret. Crypt is notoriously hard to do right, and it's incredibly easy to develop crypto that appears to be strong, but isn't. Secret algorithms don't gain you any security, but they do make it much more difficult to notice flaws in your crypto.
Now, using strong crypto in a way that is hard to notice (by combining it with steganography, for instance) does, in fact, increase your level of security. But you still must treat the crypto part of the scheme as if everyone will know it's there.
Next >>