Yes, that too. But his empire was built long before Linux. Once you're playing dirty, you might as well continue.
The 1980's and 1990's are littered with corpses of companies that competed with Microsoft. If you had something good, Microsoft either bought it from you on unfavorable terms, outright stole it, or built their own inferior product while destroying your business.
One tactic: 'partner' with a company. The agreement includes that if your company goes bankrupt, then your IP reverts to Microsoft. You agree, because it seems you're getting a good deal. However, before the ink is dry, Microsoft is already trying to put you out of business.
Here's another favorite: After saying "the internet is a fad" -- Bill Gates; suddenly Microsoft wakes up and smells the Internet. It needs a browser now! There is a company, Spyglass, with a browser made for Windows. Microsoft buys them for $100,000 up front, plus a royalty percent of sales. Guess how many copies of IE were ever sold?
Remember kiddies: Open Source is a cancer! -- Steve Ballmer. Open Source is Un-American and legislators need to be educated to the danger! -- Jim Alchin, the #4 guy at MS at the time, and later head of Longhorn and Vista.
If you use HTTPS (eg, TLS) how can anyone do an MiTM attack?
The MiTM doesn't have the private key for the certificate. So it is unable to negotiate a private session key with the end user browser.
I understand how the MiTM can pretend to be the browser and establish a connection to Amazon.com. But I would surely like to know how the MiTM can impersonate Amazon.com without Amazon's private key.
In short, while MiTMs are theoretically possible. And somewhat possible on a corporate network, it can be detected, and it is not likely to be impossible on your home ISP on your home computer. (Unless you install a trusty CD ROM into your computer provided by your ISP.)
One way that I do know, is to subvert the trust of the user agent (eg, your web browser). That can be done in a corporate environment by inserting a new trusted CA certificate into your local trust store. Now the MiTM can instantly issue it's own Amazon.com certificate, and it will have the private key since it issued the certificate. And your browser will trust it.
That's a corporate environment. Even then, browsers can discover that the certificate the MiTM is presenting is NOT the certificate it should be. Google, for example, knows who signed its certificates, and its browser knows who signs Google's certificates, and that signer is not the CA that was added to the local trust store.
You can also run browser plug in apps that watch for changes in the certificates of secure sites you visit.
In an ISP environment, I really can't see how an ISP can do this. My ISP definitely cannot change the trust store on my browser nor on my OS. So my ISP definitely should not be able to execute an MiTM attack.
Now there is one avenue left. Subvert the entire CA infrastructure. There are a lot of CA certificates in the trust store these days. You could get a Google.com certificate issued by Honest Achmed's Certificate Authority of Tehran Iran. And your browser might trust it. But do you really think a Google.com certificate presented that was signed by Honest Achmed's is real? Do you really think this is where Google purchases certificates from?
Because Mr. Trump's buttons are so easy to push, he will get us into a war with both Russia AND China. He's non discriminatory when it comes to what people say about him on FaceTwit.
We've come a long way since the Clipper Chip fiasco
Government tried to mandate "government approved" crypto in the 1990's. (Clinton)
The absurdity of it became apparent.
They even classified crypto as a munition. They did everything to suppress exporting of good crypto. Because "going dark", or whatever they called it back then.
So what if you took an excellent crypto textbook (quite thick) across the border? The government didn't seem to be quite ready to stop people from taking academic textbooks available in any bookstore or library across open borders.
Also, the rest of the world got the message. Actually two messages: 1. Do NOT trust US government mandated crypto 2. Any real research on crypto would move outside the US
Another thing was learned by all. It's not intuitive. The only good crypto is OPEN crypto. The algorithm must be completely open. Only the keys are secret. If someone is selling you a proprietary or closed crypto, it is snake oil.
Now here we are today well over two decades later, with a lot of lessons learned. And they think they can do this again.
They can pass any laws they want. But they just don't get it.
When strong cryptography is outlawed only outlaws will have strong cryptography.
Terrorists won't be detered from strong cryptography. I'm sure they'll be quaking in their boots that it's illegal in some countries.
The only people without privacy will be law abiding people.
The back doors of government weak insecure crypto WILL be broken. It's only a question of when. Then an enemy will have access to a lot of secrets.
I don't think so. It's easy to stop looking like a greedy miser once you have more money than you could ever dream of spending. And Melinda may have brought this perceived change about.
But remember. Gates threw temper tantrums if he didn't get his way. Just like a lot of rich and powerful people. And this was even before Twitter.
Back in the mid 1990's, there was some prime time tv magazine show. It came and went. I don't remember the name. But the host was Connie Chung. She was interviewing Bill Gates. In his office. She asked a reasonable journalistic question critical of Microsoft's monopoly and Bill Gates just lost it. Major temper tantrum. He threw her and the entire crew out of his office on the spot -- all recorded -- and broadcast on national tv.
That was very informative to me about Gates to watch him instantly change from a calm, cool, collected, in-charge guy to a raving lunatic in seconds.
It's worse than closed source proprietary software.
It was that Gates is a monopolist. PC-DOS is IBM's OS for their PC. But Microsoft has the rights to sell MS-DOS on other brands. That was a smart move.
But then Microsoft dictates to all other PC OEMs that if you want to sell MS-DOS on your PCs, you must pay for a copy of MS-DOS for every PC you sell -- whether that PC has MS-DOS on it or not. Thus, all competing OSes are instantly disadvantaged. Companies that made better OSes, and there were some, can't compete with Microsoft, because every sale of their superior OS also funds Microsoft to compete against them with its inferior MS-DOS.
I hope history never forgets this. It's now so ancient most people don't remember. It was (just barely) before GUIs.
A president can ensure that his own agencies won't sue over it.
Private money and years of time must be expended to litigate against things unconstitutional. Depending on the subject matter, a successful litigation may be irrelevant by the time it is achieved through legal process.
What's not to love? Violating the constitution, as long as it's done at a high enough level is a win-win tactic.
Imagine if a US leader realized that if they do unconstitutional things, they could make sure their own government agencies don't sue them over it. It would then take private money, and years of time in court to bring a challenge. Depending on what kind of action we're talking about, the challenge might not even matter.
But what if the billionaire has tiny hands, thin skin, a cheeto face, and more importantly only a small fraction of a billion, and thus not a billionaire?
Then is it a very serious crime?
Tax returns must remain national secrets of the utmost importance to preserve the illusion.
I agree that a human stenographer should still be used in addition to an audio / video system.
A human has far better hearing than an audio system. Can distinguish the direction a sound came from, and who said it.
I believe that at some point stenographers may no longer be necessary. But we're not (quite) there yet. It is just too important to have a record of the court proceedings. A failure cannot be tolerated. A human can speak up and ask to repeat something. And sometimes does. Or which juror asked that question? Etc.
This might require some SDR capability of the cell phone.
Imagine if the phone passively monitors the signal strength (not content) of police frequencies. If it detects one of these dangerous signals getting too close to you, the phone goes into a lockdown mode that takes more than a fingerprint to unlock.
Suppose your new phone unlocking system used a drop of blood instead of a fingerprint.
Now would a fingerprint still have no more testimonial value than a blood draw?
The court should not compare the fingerprint to a blood draw but should compare it to a master key to your entire life history. Now does the fingerprint have testimonial value?
I love how at 3:20 into the talk he mentions that the NSA is only spying on "foreigners". He talks to the audience, "I'm a foreigner", "you're a foreigner". In fact, 96 % of the population of the planet is a "foreigner".
Ides for storing private information on cloud servers
Here's an idea for storing private information on cloudy servers.
What if each "page" of information were stored on two servers. (By page, I mean an arbitrary sized block of bytes, like 4K bytes or something.)
Suppose a 4K page were stored as two 4K pages on two different servers. Each server located in a different country. In order to reconstruct that 4K page, you must get the two pages from the two servers and XOR them together.
Now Big Brother wants that 4K page of data. They could compel by force of law the production of the 4K page stored in this country. But they could not compel the production of the other 4K page that must be combined with it to get plain readable information.
An alternate implementation is to store an encrypted 4K page in the country, but store the key for it out of country. Or better, store multiple parts of the key, using the above technique, which must be XORed together to form the actual decryption key. That way even the plain decryption key isn't stored in any single country.
Redundant copies of the decryption key could be stored in two parts in various combinations of pairs of countries. For example the decryption key for a page could be produced by getting two parts from:
country A and B country C and D country C and B country A and D etc
On the post: The Gates Foundation Emerges As A Leader In The Fight For Full Open Access And Open Data
Re: Re: Re:
The 1980's and 1990's are littered with corpses of companies that competed with Microsoft. If you had something good, Microsoft either bought it from you on unfavorable terms, outright stole it, or built their own inferior product while destroying your business.
One tactic: 'partner' with a company. The agreement includes that if your company goes bankrupt, then your IP reverts to Microsoft. You agree, because it seems you're getting a good deal. However, before the ink is dry, Microsoft is already trying to put you out of business.
Here's another favorite: After saying "the internet is a fad" -- Bill Gates; suddenly Microsoft wakes up and smells the Internet. It needs a browser now! There is a company, Spyglass, with a browser made for Windows. Microsoft buys them for $100,000 up front, plus a royalty percent of sales. Guess how many copies of IE were ever sold?
Remember kiddies: Open Source is a cancer! -- Steve Ballmer. Open Source is Un-American and legislators need to be educated to the danger! -- Jim Alchin, the #4 guy at MS at the time, and later head of Longhorn and Vista.
But I'll stop now.
On the post: New Attorney General Loves Him Some Encryption Backdoors, Which Should Pair Up Nicely With FBI Director's Plans For The Future
Re: Re:
The MiTM doesn't have the private key for the certificate. So it is unable to negotiate a private session key with the end user browser.
I understand how the MiTM can pretend to be the browser and establish a connection to Amazon.com. But I would surely like to know how the MiTM can impersonate Amazon.com without Amazon's private key.
In short, while MiTMs are theoretically possible. And somewhat possible on a corporate network, it can be detected, and it is not likely to be impossible on your home ISP on your home computer. (Unless you install a trusty CD ROM into your computer provided by your ISP.)
One way that I do know, is to subvert the trust of the user agent (eg, your web browser). That can be done in a corporate environment by inserting a new trusted CA certificate into your local trust store. Now the MiTM can instantly issue it's own Amazon.com certificate, and it will have the private key since it issued the certificate. And your browser will trust it.
That's a corporate environment. Even then, browsers can discover that the certificate the MiTM is presenting is NOT the certificate it should be. Google, for example, knows who signed its certificates, and its browser knows who signs Google's certificates, and that signer is not the CA that was added to the local trust store.
You can also run browser plug in apps that watch for changes in the certificates of secure sites you visit.
In an ISP environment, I really can't see how an ISP can do this. My ISP definitely cannot change the trust store on my browser nor on my OS. So my ISP definitely should not be able to execute an MiTM attack.
Now there is one avenue left. Subvert the entire CA infrastructure. There are a lot of CA certificates in the trust store these days. You could get a Google.com certificate issued by Honest Achmed's Certificate Authority of Tehran Iran. And your browser might trust it. But do you really think a Google.com certificate presented that was signed by Honest Achmed's is real? Do you really think this is where Google purchases certificates from?
On the post: New Attorney General Loves Him Some Encryption Backdoors, Which Should Pair Up Nicely With FBI Director's Plans For The Future
Re: Re: Re: Re: But the Chinese!
On the post: New Attorney General Loves Him Some Encryption Backdoors, Which Should Pair Up Nicely With FBI Director's Plans For The Future
We've come a long way since the Clipper Chip fiasco
The absurdity of it became apparent.
They even classified crypto as a munition. They did everything to suppress exporting of good crypto. Because "going dark", or whatever they called it back then.
So what if you took an excellent crypto textbook (quite thick) across the border? The government didn't seem to be quite ready to stop people from taking academic textbooks available in any bookstore or library across open borders.
Also, the rest of the world got the message. Actually two messages:
1. Do NOT trust US government mandated crypto
2. Any real research on crypto would move outside the US
Another thing was learned by all. It's not intuitive. The only good crypto is OPEN crypto. The algorithm must be completely open. Only the keys are secret. If someone is selling you a proprietary or closed crypto, it is snake oil.
Now here we are today well over two decades later, with a lot of lessons learned. And they think they can do this again.
They can pass any laws they want. But they just don't get it.
When strong cryptography is outlawed only outlaws will have strong cryptography.
Terrorists won't be detered from strong cryptography. I'm sure they'll be quaking in their boots that it's illegal in some countries.
The only people without privacy will be law abiding people.
The back doors of government weak insecure crypto WILL be broken. It's only a question of when. Then an enemy will have access to a lot of secrets.
On the post: Copyright Trolls Overplay Their Hand In Finland, Bringing A Government Microscope To Their Practices
Re: As usual
On the post: Copyright Trolls Overplay Their Hand In Finland, Bringing A Government Microscope To Their Practices
Righthaven, Prenda etc
Sweet!
On the post: The Gates Foundation Emerges As A Leader In The Fight For Full Open Access And Open Data
Re:
But remember. Gates threw temper tantrums if he didn't get his way. Just like a lot of rich and powerful people. And this was even before Twitter.
Back in the mid 1990's, there was some prime time tv magazine show. It came and went. I don't remember the name. But the host was Connie Chung. She was interviewing Bill Gates. In his office. She asked a reasonable journalistic question critical of Microsoft's monopoly and Bill Gates just lost it. Major temper tantrum. He threw her and the entire crew out of his office on the spot -- all recorded -- and broadcast on national tv.
That was very informative to me about Gates to watch him instantly change from a calm, cool, collected, in-charge guy to a raving lunatic in seconds.
On the post: The Gates Foundation Emerges As A Leader In The Fight For Full Open Access And Open Data
Re:
It was that Gates is a monopolist. PC-DOS is IBM's OS for their PC. But Microsoft has the rights to sell MS-DOS on other brands. That was a smart move.
But then Microsoft dictates to all other PC OEMs that if you want to sell MS-DOS on your PCs, you must pay for a copy of MS-DOS for every PC you sell -- whether that PC has MS-DOS on it or not. Thus, all competing OSes are instantly disadvantaged. Companies that made better OSes, and there were some, can't compete with Microsoft, because every sale of their superior OS also funds Microsoft to compete against them with its inferior MS-DOS.
I hope history never forgets this. It's now so ancient most people don't remember. It was (just barely) before GUIs.
On the post: New Attorney General Loves Him Some Encryption Backdoors, Which Should Pair Up Nicely With FBI Director's Plans For The Future
Re:
A president can ensure that his own agencies won't sue over it.
Private money and years of time must be expended to litigate against things unconstitutional. Depending on the subject matter, a successful litigation may be irrelevant by the time it is achieved through legal process.
What's not to love? Violating the constitution, as long as it's done at a high enough level is a win-win tactic.
On the post: Germany Finally Dumps Law That Says It's A Crime To Insult Foreign Leaders
Re:
On the post: Legal Threats By Charles Harder & Shiva Ayyadurai Targeting More Speech
Re: Re: Re:
Once a lawyer is bad beyond a certain amount, the backlash can be bad for other lawyers.
On the post: Legal Threats By Charles Harder & Shiva Ayyadurai Targeting More Speech
Re: Re:
Then is it a very serious crime?
Tax returns must remain national secrets of the utmost importance to preserve the illusion.
On the post: Judge Says Lawsuit Over PACER Fees Can Continue... As A Class Action
Re: Re: Government Legal Bureaucrats
A human has far better hearing than an audio system. Can distinguish the direction a sound came from, and who said it.
I believe that at some point stenographers may no longer be necessary. But we're not (quite) there yet. It is just too important to have a record of the court proceedings. A failure cannot be tolerated. A human can speak up and ask to repeat something. And sometimes does. Or which juror asked that question? Etc.
On the post: Trump Muzzles Federal Employees; Reporters Start Asking For Leaks
Re: Re: Re: Re:
On the post: State Appeals Court Says Unlocking A Phone With A Fingerprint Doesn't Violate The Fifth Amendment
There's an app for that!
Imagine if the phone passively monitors the signal strength (not content) of police frequencies. If it detects one of these dangerous signals getting too close to you, the phone goes into a lockdown mode that takes more than a fingerprint to unlock.
On the post: State Appeals Court Says Unlocking A Phone With A Fingerprint Doesn't Violate The Fifth Amendment
Re: Time for a new locking mechanism
Now would a fingerprint still have no more testimonial value than a blood draw?
The court should not compare the fingerprint to a blood draw but should compare it to a master key to your entire life history. Now does the fingerprint have testimonial value?
On the post: State Appeals Court Says Unlocking A Phone With A Fingerprint Doesn't Violate The Fifth Amendment
Re: Re: Time for a new locking mechanism
If that action is not taken within some preset amount of time, say default 48 hours, the real system is destroyed.
On the post: Appeals Court Upholds Its Denial Of DOJ's Demand For Microsoft's Overseas Data
Re:
On the subject of only spying on non-Americans.
I'll just remind everyone of this excellent 19 minute TED talk from a few years ago when the Snowden leaks broke.
Mikko Hypponen: How the NSA betrayed the world's trust — time to act
I love how at 3:20 into the talk he mentions that the NSA is only spying on "foreigners". He talks to the audience, "I'm a foreigner", "you're a foreigner". In fact, 96 % of the population of the planet is a "foreigner".
On the post: Appeals Court Upholds Its Denial Of DOJ's Demand For Microsoft's Overseas Data
Ides for storing private information on cloud servers
What if each "page" of information were stored on two servers. (By page, I mean an arbitrary sized block of bytes, like 4K bytes or something.)
Suppose a 4K page were stored as two 4K pages on two different servers. Each server located in a different country. In order to reconstruct that 4K page, you must get the two pages from the two servers and XOR them together.
Now Big Brother wants that 4K page of data. They could compel by force of law the production of the 4K page stored in this country. But they could not compel the production of the other 4K page that must be combined with it to get plain readable information.
An alternate implementation is to store an encrypted 4K page in the country, but store the key for it out of country. Or better, store multiple parts of the key, using the above technique, which must be XORed together to form the actual decryption key. That way even the plain decryption key isn't stored in any single country.
Redundant copies of the decryption key could be stored in two parts in various combinations of pairs of countries. For example the decryption key for a page could be produced by getting two parts from:
country A and B
country C and D
country C and B
country A and D
etc
Just an idea to keep Big Brother busy.
On the post: Departing District Attorney To DOJ: Albuquerque Police Department Is A 'Continuing Criminal Enterprise'
Re:
If you are trying to find things to criticize Trump over, there are plenty.
I can understand why you might be strongly against Trump. Please don't resort to making things up.
Next >>