Iq option nubank
The technology is not perfect but we must try to fix it and suggest approaches instead of saying there is no hope. If there is really no hope what are we doing in this forum. Are we wasting our time talking about a theoretical and impossible to solve problem. It would be sad if it is this way. My goal is not building the perfect computing infrastructure, but something good enough. I prefer thinking technology is fixable, even if it is a continuous process that will never end.
In my humble opinion, each step in the right direction is a win. I don t think it is hopeless on a technical level otherwise why are we here discussing. The main point is whatever we discussed and pointed out, the same mistakes are applied repeatedly and fanboism does occur. Even QC is not 100 foolproof or really unhackable until someone finds a way around it in the future.
We point out problems and point out methods to fix or remedy the situation but you should notice the type of tone and attitude we received. TOR is imperfect and so are many protocols. I don t think this is any good for us if we try to point out problems and there are some that do not appreciate but go about calling us Govt snitches whenever we try to point out the problems i. calling me, Clive Robinson, ab praeceptis et. snitches for pointing out on problems with TOR.
In fact, I did work for the local Govt s Def-Sci sector and more specifically the local COMSEC dept which is how I got into more serious ITSec i. Anyway, I don t think much is appreciated and our advises goes to iq option nubank and get called out as Govt snitches. I have also decided to remove some of my open source repositories since it s not useful anyway. Now that China and Russia have mandated that VPN and such surveillance circumvention tools including TOR as illegal, this will spread even further and the whole World would be affected which would include the once open and libre European countries and US which would likely follow suite.
Good luck with trying to setup usable and somewhat reasonable assurance security with shaky foundations and anti-privacy laws closing in. There is nothing much to be said anymore. There are some problems with your approach. A major one is consumers don t care a fly sh t. encryption in the first place but knowing the environment as it is, I refused the offer to lengthen my stay which is pretty rare that the employer will offer and left for other jobs.
Just look at consumer mainboards a relatively techie component. I mean it; look at them. Design that s what you ll find as major differentiator. high-tech and or futuristic design of mainboard cooling elements, controllable light colour of the LEDs everywhere. Or look at smartphones and tablets. Design again. Plus ease of use. If you have a nice logo and lots of marketing they ll by second hand cat poop in cans with security. printed on them. The vast majority runs windows for no particular reason; it just happens to come along with the hardware which Jane and Jane translate as it s free.
The second large group of desktop or table users has apple. Two major arguments surprise. Design and coolness. Which leaves us with some 3 to 5 of the market besides windows and apple. With those the pattern repeats. Some 95 or so run linux, of which again ease of use is ruling e. Another, quite small, group is the BSDs of which OpenBSD is but a small fraction. ubuntu, mint. As sales figures of snakeoil vendors like anti-virus amply demonstrate, the logic of about 95 of consumers hardly even contains the item securityand if it does they usually mean something that a can be click click installed and b is socially established, either by peer group or by printed toilet paper 95 of IT magazines.
That s one and a very unimportant one btw reason why I address professionals, in particular developers. They at least vaguely understand the field and, more importantly, they are the ones who can make the difference and enhance RSS in a major way. Btw You agree or not to my point d above. What makes you believe that e. It s a fact, however; maybe a very unpleasant one but a fact. linux somehow magically becomes secure just because it s in a 50.
000 device in a rack and with a brand label on the box. The advice given in this forum is excellent and I am sure lots of readers appreciate it. I am one of these readers that really appreciate each good tip given here, even if it shows a problem with OpenBSD the only operating system I use on my computers or other supposedly secure tools.
As an example, on the last year I only used smartcards to access my own infrastructure and will continue this way. Smartcards are just a small step in the right direction, but they are a highly welcomed technology. Tor is a good and clever design, but it does have its own weaknesses and it is obviously being targeted by powerful adversaries that take advantage of these weak points usually the relays.
Is it a NSA-proof technology. Obviuosly not. But it may be a security layer for a journalist or someone that wants some privacy. I certainly would not trust on Tor if my life depends on being hidden, but it is the best lots of non-technical people can use to protect themselves. What makes you believe that I think that linux on a 50. 000 USD device is secure. I am a developer on an important security-related software project and understand technology better than a lot of people thinks.
No, linux is not the right foundation for a secure communications and or computing infrastructure. The leaks from the IC in the last years show that there is nothing revolutionary on it, they are people like anyone on this forum not magicians. There are known weaknesses, bugs and backdoors in software and we suspect there are ones in hardware too. The key here is understanding that technology is not perfect in fact, it may had been compromised for years but that trying to fix it is more productive that saying all is lost.
Our best bet is working hard to fix them instead of shout out it is a lost battle. Or look at the OS side. My suggestions to lock vPro are not so bad. I think they deserve some merit and consideration. Of course there are risks, like the one of having some sort of antennae on our chipsets that allows WAN communications with, we say, cell sites. But I believe that if this technology exists and it is so widely deployed we should know about it right now.
IC is not exactly good at keeping secrets. Recently a sort of NFC antenna has been found on the new Intel Core i9 processors, so there is people looking at it. I have confidence there is not that sort of communication channel on our devices, however the risk of an unknown and surprising widely deployed surveillance technologies exists, this is the reason our work should be a process that will never end.
What you are preaching is theoretical security for the 0. 001 up against targeted attacks by nation state actors. What I am talking about is security and privacy mitigation for the rest of the world against everyone else snooping friends and family members, your boss, script kiddies, cybercriminals, the local sheriff, corporate and state sponsored mass surveillance. Which either seem to be of no concern to you or should also be defended against with theoretical or self-developed HA solutions that would be massive overkill for their purpose.
Granted we indeed need to move in the direction you re advocating, but it s not going to happen overnight and, meanwhile, we have a choice to either use imperfect tools we try our best to understand the weaknesses of, or do nothing at all. I also find it quite telling that countries like China and Russia are trying to ban VPNs and Tor, which unless this is all a massive psy-op would seem to indicate that at least some authorities are struggling with them.
I hope you re not counting me among those who do. And unless I have missed something, I have never seen either you or Clive being called a snitch or a government agent for either bashing or pointing out Tor defects. I will put my memory cap on and see if I can recreate my comment a little later it s supper time in London currently. Plain wrong. What I preach if one wants to call it so is to finally design and implement ALL halfway critical software properly.
This includes bios, OS, drivers, important libraries, authentication tools for all users e. password storeand more. Moreover I personally do not care much about top-teams from the agencies of a few states being able or not to hack my system. In other words No, the very top 0,001 of adversaries are not a significant concern of mine i. because those adversaries would find other means to get what they want.
snooping friends and family members, your boss, script kiddies. In case you care somewhat about reality Those adversaries do not succeed because, oh, we just used aes-128 and not aes-256, implemented in Ada. Nope, they succeed for two reasons a utterly poor opsec and b utterly poor everything, starting with plastic boxen running linux over poor OSs to poorly created applications and connecting to poorly created servers. You know what could change that. Properly designed and implemented software, which again would mean that it s created using better languages and tools.
I also find it quite telling that countries like China and Russia are trying to ban VPNs and Tor. What Russia prohibits is VPNs being used to go around blocks of illegal sites and to communicate secretely with terrorists etc. How snarky boring. They ban it if and when used to do illegal things. Who would ve thought that. Just like plenty of western lighthouse democracies do, too. And just like A gun must not be used to do something illegal.
Or like printers must not be used to create fake currency or drivers licences. How astonishing. I want to make a confession. But sure, despotic Russian dictator Putin found new way to terrorize insert poor little victim always works. Some have wondered why I m against foss not really but it s OK if you understand it that wayagainst linux, etc. I like OpenBSD and btw. other BSDs, too. What I dispise and reject is gpl fanatism. But that s also not the main point today. The main point is this.
Software is quite a bit more complex that pretty any other engineering field. I also like quite many other foss projects. I know, because that s why I chose it some decades ago. And please, pretty please, note the word ENGINEERING. Would you like to drive your car with your family in it over a bridge that was built by some clueless hobbyists. How about putting your family in an airplane designed and built by hobbyists and air control managed by some 14 year old weed smoking boys.
You don t like that. Strange because you seem to have no qualms with that model wrt. And again properly designing and building bridges or airplanes isn t more complicated than designing and implementing software; if there is a difference, building software is even more complex and harder. The situation we are in can be roughly described like this. slaves with a product manager befallen by featuritis breathing on their neck.
THAT is by far the single largest reason for the lousy situation we are in with all that insecure software. NO, it s not even the languages and tools. We did have most of the math needed 50 years ago. We did have excellent engineers and the know-how to build excellent tools. And we had the necessity to do so but, granted, we hadn t the insight yet, we were still too fascinated by all the things we could suddenly do. But there were warning voices, e. The vast majority of software was designed and built by more or less clueless hybbyists or by corp.
I personally and subjectively happen too think that linus torvalds is an extremely dangerous man because he opened the box of Pandora. He put the then utterly unreflected and now known to be false idea into the heads of millions that just about everybody can, together with a couple of pals, create an OS. Now, before you say but linux is an OS. yes, you are right and not. It is insofar as it more or less does what an OS is supposed to do. And it is not because it doesn t do those things in the way they should be done by an OS.
You see, if Paul 14 decides to create an app to manage some hobby of his, just like linus torvalds did for his diving hobby, I don t care. If his app fails, so what. But if Paul and some pals mistakenly create an OS that some decades later happens to drive major infrastructure we have a problem. A serious one. To be fair, there is another very major culprit, namely the mindless, insane, profit greed driven commercial software field well, very major parts of it.
But and that s an important but that alone could be handled and taken care off. The everybody can hack some cool software virus, however, is by far more dangerous because it pulls the very basis of software engineering out. It creates a situation similar to everybody with a knife can do surgery if he likes to. I of course know that this post is going to bring up many against me.
And, please feel free to call me a damn a hole or whatever cools you down. But if you have some, even just a minor, interest in a world where nsa, cia, and many other structures, and, to be fair, even your drunk neighbour can not hack and eavesdrop on you to their liking with you being at their mercy, you might want to think a moment before going against me. Perhaps the answer is not banning open source and or free software but giving the teams that develop the highest quality open source and free software projects financial support so best developers can work full time on writing code.
As I see it, OpenBSD is by far more secure than any Linux distribution. I see your point. Linux itself is more secure than Windows, OS X, iOS, Cisco s IOS and even Linux-based operating systems developed by corporations like Google. So there is something wrong on the development model followed by corporations. What about the bugs found recently in AMT. The real issue here is the huge amount of low quality projects that plague this world most coming from the free software branch, sometimes more interested in public notoriety than on writing something really useful.
It is a shame for a community whose major difference to corporations is that they donate their work to the world for free. Projects like OpenBSD do not obey the market rule that says the paying customer who usually have just the money, but a complete lack of knowledge about how writing correct software decides the evolution of a software product. It is a project whose evolution is on the hand of knowledgeable developers. Can you imagine a corporation rejecting the advice of a customer that signed a multi-million contract with them.
On this blog we are talking about security. This concept does not match well with closed source, unauditable to all except governments, written by careless corporations that sometimes develop odd relations with governments e. Apple, Google and Microsoft joining the PRISM program. I think open source, and sometimes free software too, are the way to go on a world where trust is a key value. If you think open source is ok but customers never read and fix the code I invite you to read the OpenBSD forums.
You will see a lot of careful reviews of code, patches and suggestions by really clever users. Thoth, who has a well earned and deserved good reputation, made me think quite a bit. Properly, well reflected, and well designed. It must be differentiated; some relatively few projects are good and at least led by a professional. No, I do not think that foss is the way to go. The vast majority, however, is crap; that s OK for diving management and other unimportant hobby stuff but we must get Pandora back into the box, we must make it understood that an OS, a core library e.
can not properly be done by hobbyists. To be honest, I didn t think a lot about making the world better; that s just not how I tick. But it seems to me that we must establish certain, ideally de jure but at least de facto, standards to separate the wheat from the chaff. It seems to me that formal methods are a good way engineers will at least understand their necessity or even like it while all the hobbyists will howl and fail to pass the barrier.
In a next step one can make laws that demand that e. This might also be good for another reason applied to the commercial world it will also separate the wheat from the chaff. accounting or banking software must be properly specified, modelled, and verified or else. No matter what and how, we just must stop the bleeding created by the opened Pandora box and the mindless, merciless greed of many companies.
Bob Dylan s Forked Tounge July 31, 2017 6 34 PM. What all of this discussion overlooks is that for a small subset of people it really is Tor or nothing. We keep bashing those who use Tor for bad reasons but they are the vanguard. If the pedo or the drug dealer isn t safe then none of us are safe because our privacy depends only on the goodwill of the Russian spook or the FBI lawman and I don t know about you but I don t trust their goodwill at all.
That is a divide and conquer bullshit argument. It is based on the false premise that the only thing that state actors care about is catching the crook or the terrorist and if we just let the authorities have the bad guys they will leave the rest of us alone in peace. Total bullshit. The mass collection of metadata, the use of that meta data for propaganda purposes, the secret courts all are evidence of a different outlook any excuse will serve a tyrant.
The terrorist and the drug dealer is just the most recent excuse. Throw them under the bus and the next thing you know if will be your turn to be thrown under the bus. Russia isn t banning Tor and VPNs for just the bad guysit is doing it for everyone. If one cares about online privacy then you are sleeping in the same bed as the pedo, the drug dealer, and money launderer, and the terrorist. I keep hearing a line of argument that goes, we shouldn t care about the tiny minority of bad people who use Tor because Tor is really great for the ordinary person who is trying to hide his PII.
Encryption protects the good, the bad, and the ambiguous with equal aplomb. Tor s problems are everyone s problems. So I don t want hear these arguments that go Tor is weak and well, shrug, it s not really my problem it is a problem for somebody else. Privacy doesn t know any morality. There is either a culture of security or there isn t. There are either effective tools that protect data at rest, in transit, and at the end points or there are not. Compromise on these issues is an admission of defeat because the other side has no interest in compromise the laws of math are to be suspended in Australia or else.
Compromise on these issues is an admission of defeat because the math itself is uncompromising. Compromise on these issues is an admission of defeat because it says that even though we might be right as a matter of fact we don t really have the will to win. So shut up about Tor being broken and if you have the skills go help Roger fix it. Shut up about how the USA is trashing privacy with their vulnerability hoarding and if you have the skills go help fix them.
Shut up about how the legal systems of the US and UK is making mincemeat about people s rights and if you have the skills go to court and fight them. Stop kvetching and get to work. In other words No, the very top 0,001 of adversaries are not a significant concern of mine. Either you did not understand what I wrote or you are spinning my words. I was not talking about the 0. 001 of adversaries, but of targeted victims by resourceful state actors.
And you seemingly not being concerned by the mitigation of security and privacy of the 99. 999 others, most of which DO in fact benefit from correctly using where appropriate all the utterly useless systems and software you so loathe. The approach to software development you are advocating however well-meant in practice would lead to a corporate controlled monopoly, the scarcely available licensed developers being folks with expensive university degrees that can be afforded by big companies only.
It would kill FOSS, stifle innovation and creativity, make prices sky-rocket and be the wet dream of both corporate snoopers and authoritarian regimes that would be the only parties able to review or audit actual source code. Whilst I agree that we are in a huge security mess today and for the exact reasons you are describing, your solution would perhaps improve security, but create an even worse situation from a surveillance and control vantage.
Security is a means to an end, not an end in itself. And which is a typical engineer thing. They ban it because it can do illegal things, i. prevent or make more difficult nation state mass surveillance. Which is the exact thing you are denying. Good ol standard potatoes were great for like 250 years till they got a bug and all the Irishmen starved. Microsoft can t even impose 90 uniformity. Let s go for 100. We re tired of adapting our devastating sabotage malware to lots of different operating systems.
However right you may be about the technical aspect, you re totally ignoring the macro-economic, political and societal aspects of your approach. Let s make them uniform by law. And when you re an aspiring authoritarian, you can t help but muse out loud about the patterns you ll decree. Bob Dylan s Forked Tounge yet another nick. Cute engaged bla bla. We keep bashing those who use Tor for bad reasons. I don t know anyone around here who bashes tor users. Yeah, standardize it, that s the ticket.
Just btw Who are you to tell us what to do and what are the rules. When all you ve got is authoritarianism, the solution to every problem includes a healthy dose of goose-stepping. Sorry but I don t see much more than rather arbitrary assertions, some of which are even provable false. I ll pick out an important one lead to a corporate controlled monopoly, the scarcely available licensed developers being folks with expensive university degrees that can be afforded by big companies only.
What a weird conglomerate of BS. Not only could one also make a law demanding that all work done paid by tax money in research and state agencies must be oss available but also what, please, would keep those, oh so unaffordable developers away from doing what they do now, too, namely to write oss. It s quite simple All I suggest is that certain sensitive stuff must be done in a demonstrably proper way.
The 95 unimportant stuff can be done by hobbyists like now. And btw, they would profit, too, from my system because they d have reliable good quality libraries available. You those who think like you have had plenty chances and room. We can see and suffer from the utterly poor results, including btw. rather grave social damage; or how would you describe it when pretty everyones privacy and communications is, or can at will be made, transparent.
It s time to step aside, social warriors, and to let engineers work be done by engineers. And it s time also to create responsibility and to hold the greedy corps accountable at least in some areas where it really counts. Dirk Praet, ab praeceptis. It s not about you. You can scroll all the way up the top of the page and you will see them by certain people. A search might reveal more on other forum post. I sometimes wonder why I made the choice to give up good pay and job stability in the Govt Def-Sci area when they nicely offered me the job and I simply refuse this rare ooportunity and prefer to research, discuss and implememt higher assurance stuff in the open knowing that it will not create much returns instead of being bounded by Govt contracts by working for them and creating designs that will never see the light of day but as an exchange for a very comfortable and stable life.
You previoisly mentioned about the Enigma Bridge project and they have a topic on Unchaining the JavaCard platform by implementing crypto not supported on COTS JC systems and API. I was surprised that one of the presenters actually knew of my traditional Diffie-Hellman KEX implementation for JC. But if you want a discussion you will have to have arguments.
Example Currently we can not hold companies responsible. We have to ruler along which to measure. I suggest a ruler, namely, a formal approach. How to break that down into some levels and whom and what to keep to what level can be discussed. One might, for example, demand that software in certain fields of certain kind must meet this or that level. A lower level might, for example, be that the whole software must be statically typed and must compile without error.
That shouldn t even be expensive or burdensome; that can easily be met. A high level might be that the full software must be, or consist of subelements meeting that spec, fully formally spec d and that both, spec and implementation must be provably correct. That would be much harder, yes, but it would handsomely pay of and moreover we would quite probably have more smaller companies specializing in some libraries in some field rather than the corp.
behemoths we have today. Finally What else could be a better ruler for measuring. Formal methods are objective and fair and we have lots of good experience with similar models in bridge building, railways, aircraft, etc. Dirk Praet It is just one of many free tools that allows you to surf the web in a somewhat more anonymous way than standard browsers do.
Yep, and there s basically no other free tool that comes close; so it gets the brunt of all kinds of attacks. Any security project here comes under that scrutiny and attack would fold eventually I bet. It s dirty fighting, where they don t get legally punished for otherwise committing crimes like B E, stalking, intimidation, etc. I just can t fathom keep flogging the dead horse. Ranting, they want to rant. As long as you take that absolutist view, then everything is futile Yep, it s the same people mostly person here that ll be ranting 10-20 years from now the same things, little to no progress, they were too busy ranting or b c they simply can t do the work they re trying to describe.
Oh they also have infinite resources and no time-crunch to remain financially viable. Also formal models that ignore hardware or other environmental factors are a joke imo carefully constructed testing is more valuable then. Proposals for altogether different designs to mitigate traffic analysis are also very unclear and can t be evaluated at all. Thoth Lots of the criticism is non-technical and very general, that s the problem what specific vulnerabilities.
Maybe you shouldn t have quit that job, and put any money iq option nubank knowledge from it into open source projects. Market needs to exist first for me to take a risk like you did doing your own business etc. Unfortunately there has to be a market for it too in this world, so unfortunately I think things need to get much much worse before a need for some of the security ideas we discuss here get considered by bigger vendors that can actually implement these ideas on bigger scales. Bob Dylan s Forked Tounge Stop kvetching and get to work.
Can only speak for myself. If I get some nice legal tender I d either use it for my own research or fund security projects. I put skills I learn academically and on job back into open source projects. I just don t have time for it usually, or am too tired after working. Need more paid work for real headway to be made. Clive Robinson Ok, hope you find your cap. I assumed that GPS would only be a useful shutoff switch for an automobile cellphone defeat.
It can t be that hard to detect motion enough to shut off the mike input and turn it back on when you re stopped. That way your phone teaches you correct behavior patterns. The cries of outrage about it have never managed to back up their ideas with any experimental proof. Most of the objections are based on flawed models of what a human really is. That s why so many ideologies and cultures fail to improve conditions that all agree are bad ideas with horrible effects.
a couple of gems from today. one of them is spot on the discussion of robust software engineering. I thought that the Great Frost of 1740 killed a significantly larger portion of the population than the Potato Genocide of the mid-1800 s. The Washington Post vs. Trump the Last Great Newspaper War. Vanity Fair. Betteridge s Law applies. The deck Breaking story after story, two great American newspapers, The New York Times and The Washington Post, are resurgent, with record readerships.
Russia War Fever and Putin Derangement Syndrome are source driven; in other words, we re looking at a particularly debased form of access journalism. Very little reporting is going on at all. That said, you can see the economic benefit a well-placed source, or a cabal of sources, can convey. This sounds like James Risen s beat. This is called operant conditioning in the trade and it works. Maybe he can write a tell-all, now that the Times management has defenestated him.
News of the Wired. A Look into NASA s Coding Philosophy Student Voices. Very interesting, and sheds a whole new light on government work. Suffice to say that fail fast isn t an appropriate management or programming philosophy for, say, launch control system software. How far can the rot in the Linux Community and the extend it s anti-dev contributor aura extends.
With friends like these August 1, 2017 5 14 AM. Who needs enemies. One bit to rule them all August 1, 2017 5 34 AM. but also what, please, would keep those, oh so unaffordable developers away from doing what they do now, too, namely to write oss. We actually have a fine example of my assertion right here under our very noses Thoth, a highly skilled engineer putting massive amounts of time, effort, knowledge and expertise into developing innovative HA-solutions and struggling to make ends meet after having abandoned his well-paid Govt Def-Sci job.
To the point that he is retiring some of his OSS stuff and asking himself if he made the right choice. The point being that developing non-commercial security-centric HA solutions for the 0,01 is economically unviable. And even a commercial start-up is unlikely to survive without venture capital or selling itself off to some existing big player. I double-dare you give up your well-paid job as a contractor or payroll employee for whomever you re working now and like Thoth start working on products of your own and developed according to your own standards.
You will find it less than rewarding, both financially and in terms of job satisfaction since no one is interested anyway. It will be just a matter of time before you take up well-paid side gigs assisting some well-funded hipster start-up working on yet another useless social media app that doesn t have security but data collection built in by default. The only way around this is by imposing very strict legislative and regulatory requirements that inevitably will turn software development into a corporate and government controlled monopoly answerable to none.
Stuff like Tor will cease to exist, and the only people with even the lowest levels of digital privacy and anonymity will be those able to fork out mucho dinero for it. Again from a strictly technical point of view, you are absolutely right. But you don t seem to get the real-life implications of what you are proposing. How far can the rot in the Linux Community and the extent it s anti-dev contributor aura extends.
Linus like certain others believes that one way or another calling someone else s opinion BS validates his own. In general, it doesn t contribute to a productive discussion and essentially just alienates people from you. I do not know why you dislike so much foss projects; perhaps you had bad experiences with low-quality free software in the past. Choosing wisely what open source and free software projects use is a challenging a long way. There are too many free software talibans that will just try to impose their products, even if they know the software they support do not work.
There are a lot of free software and open source projects too that are just a joke. Let us say, for example, the systemd that is plaguing a lot of Linux distributions. Is it because commercial software is written by paid programmers. I do not get it. What I really know for sure is that choosing closed source software to fill the gap created by the Pandora box opening is not the answer. I certainly fail to understand WHY software written by corporations is better than software written by people who love what they do and, sometimes, do it nicely.
If you choose wisely there are much more secure open source projects. You should obviously look outside of mainstream. Linux is the cool choice these days, but it is the choice of people that do not care at all about security. Even Linus Torvalds despises security, and do it publicly. Linux is the new Microsoft, they try to own the world with good looking, low quality software.
If you think closed commercial software is the answer then I am ok with it, but I certainly will never trust on software that cannot be audited by the users and that is in the hands of corporations that establish nasty links to the intelligence community for money, government protection or misinterpreted patriotism. Oh well, linus, linux, and the funny bazar I can understand him ranting sometimes, btw. Whatever, it s his kindergarden and it s their thing to deal with. ; how he does, however, is inconsistent and unnecessarily rude.
I doubt that Thoth is an example demonstrating your point. But that s outside of this discussion, so I ll leave it at that. his decision was mae in the current state of affairs, not in the one I suggest. And, NO, the oss world would not come to a stand still. Simple reason All the reasons and motications of oss developers would stay the same. Make the world better, just wanna share some work I did, etc. all that wouldn t change. The only major thing that would change is that incompetent hackers as opposed to professional engineers couldn t touch sensitive stuff anymore because it s a part of my model to finally introduce responsibility for what one releases in certain sensitive areas.
It seems to me that our discussion suffers somewhat from a misunderstanding in that you seem to take anything that calls itself security as such while I don t. Example you seem to see tor as something providing security I do not; in my minds eye tor is just crap, and actually worse, crap that pretends to offer security. So, you are right insofar as e.
the tor people would bleed heavily in my model unless they dropped their not at all funny hobby experiment. Looking closer, however, one will find that a very considerable part of security relevant work is oss. Short, except for those cases where hobbyists create havoc by incompetently fumbling in areas they d better keep off, pretty much nothing would change. Funnily you repeatedly ignore the festering abscess I mention, namely Hell, look around at what a nightmare your model has brought us into.
In fact, in my model we would have even more oss because universities and other tax sponsored institutions would be forced to make almost all of their work oss. I fully quoted that because I find it so funny. Obviously you can t even imagine how wrong you are. I did exactly that and never regretted it. I m fine, thank you, and yes, there are enough people and companies who happily pay for professionally solved problems.
One part of my income, btw. has come from revamping and professionalizing dev. That s the problem with ideology driven people like you they increasingly fail to recognize reality and are limited to what and how their view permits them to see. To make things even funnier I also occasionally do oss, haha. As for imposing very strict legislative and regulatory requirements Yes. You know, I strongly dislike the fact that medical equipment upon which my, may families or your life may depend, might be hacked and is of doubtful code quality.
It s due to that that you can fly halfway safely. And now, after lots of addressing diverse whims and speculations you brought up, let s cut it down and put it straight. Moreover exactly that is one of the main tasks of a state to regulate. We have the math, we have the know how, and we have the tools to do much better. Would you kindly explain why you insist on keeping the abscess happily growing.
Would you explain why we should continue to have hospitals with lousy quality hackable machines, why we should continue to have major infrastructure incl. even reactors that is easily hackable. If I m to choose between a reasonably safe world and the arrogated freedom claim of some hobbyists to play with the world then I ll take the reasonably safe world every day and twice on sundays. I want people like Thoth to do software for our infrastructure and other very sensitive fields.
The linux and other hobbyists could and should produce funny computer games, diving hobby software or the like. I do not know why you dislike so much foss projects. That one is easy to resolve I do not dislike foss projects generally and principally. I dislike ideological fanatics e. gpl and I dislike hobbyists playing, fumbling, and stuttering in areas that are way above their capabilities and important for society.
I do like a lot well conceived and well done oss. In fact, I would want to force the governments to give us much more oss. We pay for the universities and research and we should have the fruits growing on those trees. And I like the fact that oss inherently allows one to see the source code although more often than not it makes one puke. OpenBSD is a good example. Although they can t possibly create a secure OS due to posix, the C code base, and other factors they are a good example.
They are knowledgeable, competent, and driven by a good motivation, and they created something useful and reasonably trustworthy. The Deep State, like most other institutions, has been corrupted. The unaccountable and delegated power has been redeployed for private profit, in place of the stated and legitimate purposes for which the consent to delegate was obtained. The legitimate purpose of The Deep State is national defense, but imperial genocide should not be confused with defense.
A key part of the redeployment strategy has been a series of long, coordinated and highly effective disinformation campaigns, including false flag events, assassinations and countless other crimes. Google s chief search engineer legitimizes new censorship algorithm WSWS. Over the transom via email, we get this handy chart of the sites censored by Google Remember Don t be evil.
with friends like these, who needs enemies. slightly off-topic, but it provides a threat model justifying something like TOR. com news 2017-07-31 trump-saw-disturbing-video-then-he-shut-down-cias-covert-syria-program Earlier this year, President Donald Trump was shown a disturbing video of Syrian rebels beheading a child near the city of Aleppo. It had caused a minor stir in the press as the fighters belonged to the Nour al-Din al-Zenki Movement, a group that had been supported by the CIA as part of its rebel aid program.
Trump pressed his most senior intelligence advisers, asking the basic question of how the CIA could have a relationship with a group that beheads a child and then uploads the video to the internet. He wasn t satisfied with any of the responses. ironic that Hillary CLinton a wrote It Takes a Village, b said, do it for the children, then c in her role as secretary of state, distributed weapons that led directly to the deaths of hundreds of thousands of children.
not so different from Madelaine Albright s genocide against children. it would be helpful if the TOR replacement alternatives could actually provide anonymity, defeat traffic analysis, stop content collection, not leak location information, and provide various other figures of merit. protecting content is not a trivial problem, because it requires secure endpoints. there are multiple tradespaces defining and surrounding the problem of secure communications.
a related tradespace is given as concurrency, availability and integrity pick any two. did I mention visiting the Harvard Center is 2015. Bruce had an open-hardware seminar that compared Arduino to a popular open-source cellphone platform that sells for 12 in China. control of the SDR is a given, and it could be forced to only communicate with one tower. further, the latency of the responses to the tower could be offset with a slowly varying constant or random value to dilute the position information from meters to kilometres.
I mentioned before that a sufficiently large user base is required to dilute the traffic. if secure audio endpoints are provided by enclosing the cell phones in a sort of prison that sees only a white noise audio carrier in both directions, then two of three objectives can be fully met, with significant progress on the third. to place a call, rather than using the cell company s switching gear to connect to the recipient, the call would be placed to a secure server which then calls the recipient.
the location information security can be defeated by an adversary who places multiple observing receivers in the cell tower footprint. secure audio with defeat of traffic analysis the channels all can be open all the time with white noise carrier in transit and significant defeat of leaking location information. I worked out another piece of the first-principles puzzle in the past few days.
the problem on the blue marble, generally speaking, is unaccountable power. that s what makes the non-scalability of trust so dangerous. combine that with the pyramid-climbing abilities of the sociopaths and psychopaths and you ve got a real problem. or millions of real problems. this can be tied back to entropy maximization and generally indicates that the first point of consideration should be conflicts of interest.
I would have guessed that an outsider politician could make a lot of headway with the voters by describing the entire quagmire in terms of conflict of interest. it has not escaped my keen notice that open-sourcing the technology that I describe here would empower criminals on both sides of the law. we seem to have seen that sort of empowerment with the purportedly dark web, and various Silk Road-type emporia. I suspect that the best case scenario on your planet is a profoundly dynamic balance of terror.
there is a lot more to say on many topics, but not as much time as there used to be. Is The New York Times vs. It can but it s inwards focused not out wards focussed which is why you have to be mindful of an idea from a century befor by the English economist William Stanley Jevons. A century and a half ago he observed that technological improvements that increased the efficiency of fuel usage gave rise to not just an increase of fuel consumption not drop but a significantly increased consumption.
His argument was that rather than the simplistic view that energy consumption would remain static thus fuel demand would drop, the opposit would happen. That is as efficiency increased the cost would drop and thus demand would increase. But further the economy would grow because of that increased use thus increasing further demand and consequent fuel use. This became known as Jevon s Paradox and it has a nasty sting in it s tail, in that if the economy slows the cost of fuel will increase disproportionately, which makes it harder to get the economy going iq option nubank.
This outward looking view is infact what drives the Personal computer industry. You can see the sting in the tail with the cost of business desktop machines, as consumption moved over to laptops, and likewise for consumer use with the move from mini-towers running windows to pads and tablets running Android. Thus the hardware becomes considerably more complex and manufactured at a faster rate.
This intern adds significantly to the requirements for not just the OS, but the Drivers as well. Which as we know has a considerable negative impact on security. Further when Amdahls law came of age a paper was published in 1988 by John Gustafson and his colleague Edwin Barsis that made another point which we all have seen, but most of us call it software bloat not Gustafson s Law. That is computer users quickly get used to a certain time delay, and actually do not want a to rapid response as at a user level this can make them feel preasured.
Basically they argued much as Einstein had that it was time that should be the fundemental way of looking at things. Thus any increase in effiency in turn increasing system performance and thus reducing cost encorages programers to use it to do more with it. Thus you get better graphics, sound etc but things still take about the same time. Which means not just a vastly increased code surface but also much greater complexity thus a double hit on security. Worse though is the fact that the Computer industry has got it s self into a tail spin.
In order to survive and keep retail price points the same even though they devalue due to inflation they need to increase not just, exponentialy increasing computing powerbut also exponential increasing code functionality. The problem is the easy wins are long gone hardware is hitting the buffers and thus the drive for more code with not just bells and whistles but dancing badgers behined the row of dancing hamsters.
Code is now made by cut-n-past from examples found on the Internet, squiged into code libraries, that have increasingly complex thus less understandable API s thus encoraging further cut-n-paste. But it s not just the hardware running out of steam as Gordon Moore s law reaches the hard reality of the laws of physics even software is hitting the buffers. Unfortunatly for general security such examples are written to clearly demonstrate a single point and are not cluttered with the likes of handling return values or out of range inputs.
Security is not even a consideration in such examples, thus the quality of code in applications is tanking as we see in IoT. Worse code reviews etc take time and experienced personnel, so they have gone to at best administrative check boxes as the experienced personnel are required to churn out more code. Likewise testing takes time so the tests get less in depth and often drop back to just checking that previous bugs are still fixed.
We used to get code patches, but Mobile Phones show us the reality if it happens it s only whilst the product is for sale which is about a year. So landfill is the destination of a smart phone within a couple of years. Likewise pads, where they appear to have replaced socks on the Xmas prezzi list. But there is yet another hidden sting in the tail, manufacturers have realised they are about to hit the buffers on not just hardware but software as well.
So they have resourted to the old tie them in trick of a Walled Garden but more recently turning customers into product by what is politly called Instrumentation. The problem with a walled garden is you need product and a lot of it. But some of the lucrative nature of tied in has gone, thus there is competition on price. Which means the owner of the walled garden is not the one making the goods in the company store. Which in turn makes a lie of the increased security FUD walled garden marketing droids spout.
Which is why we have seen malware get into the walled gardens by the iq option nubank full. The simple fact is the owner of the walled garden does not have the resources to test each application package for security, even by functional testing. The reason the users don t see the malware is that it s nolonger ego driven like graffiti, it s all about stealing user data to make money. There is a false assumption that every company can live on the internet by stealing data and repackaging it and selling it.
It s not true, the market for such data is finite, thus subject to the notion of supply and demand. Which means that the price will drop at any given level of data as more entrants enter the market. So there are two solutions, firstly get out of the market ahead of the game, the second is to add value to the data. The likes of Google have been doing both for quite some time.
However new market entrants are just trying for more invasive data theft. To do this they have to change the market some how. Cloud storage is a good way to get peoples data, and although it iq option nubank not originally intended for that in effect that is what it has become. This became possible because of Jevons Paradox applying to communications, there is in effect no profit on carrying data though mobile phone companies are still tryingthus the subscription or one time cost model applies 1 much like it does with an all you can eat buffet.
The result of this has been the return of the Thin Client Notion. You design a product to be a head end device like an old style terminal with all the data processing and storage being done somewhere else. It has advantages in that the head end is cheaper to manufacture, and maintainence advantages in that the software the user is interested in runs on a machine at the company that makes it so patching etc is done silently.
But the downside is your data is beyond your control for ever. A point Google found out the hard way when the NSA tapped their inter data center communications. It s not just Google there was CarrierIQ before them that the NSA profited by, but more recently we have seen Microsoft force as hard as it can users into a locked in cycle with increasing spying and forced cloud usage. But we have also seen IoT spying with IP video cameras, with microphones built in continuously gathering data also Orwellian Televisions that watch and listen to you, toys that do the same to your children and now your luxury high end semi-autonomous vacuum cleaner.
Thus those who want to profit off of people as product are embracing the thin client model or the colabarative model that puts the desired data on their servers. The problem is it s not just low level electronics and software security that john and jane have to worry about, literally every new product is now turning into a spy. To force this product designers are turning products into thin clients that only do what you want if they are connected to the internet.
Because they have realised there is no profit in manufacturing any longer, it s all in Rent Seeking subscription models. Then various rent seekers came along with protection rackets and we ended up with them as our kings, barrons and lords of the manner. You used to get your land and be left alone to build a home etc.
Meer vassals that were then told that they were the lords vassals or surfs. Worse than being a slave you just had to be taxed how you lived and died was not a cost for the lord which a slave owner had to bear. Likewise a slave owner had to confine their slaves, not so with surfs society was their containment. It is this state of affairs we are regressing into via the electronics we buy but only get to use buy somebody elses whim. Thus whilst I take an interest in security and the bottom end of the computing stack with the electronics and software, it is not down here that john and jane are having their real problems with security.
That lies above the eighth layer with managment through legislation, the politicians that make the legislation and the 1 of the 1 who pay the politicians one way or another to do their bidding. Which has a downside as we have seen. Which is to turn society backwards five hundred years where individuals own nothing, are not alowed to own anything and must pay relentlessly untill death the very few.
That much vanted trickle down effect will be there but through the guard labour who s sole purpose is to weed out those who do not willingly don the invisable chains of the Emperor to furnish him with fine cloths, so fine meer surfs may not be alowed to look upon them. People are slow to adopt new ways of thinking and need to understand that they need to adopt secure behaviours and maintain them much as most now acknowledge they should look after their health.
So my viewpoint has changed over time, we need sociological security more urgently than we need technical security. People have to learn security is a personal responsability something they have to work at to build up strength. Don t get me wrong I m not turning my back on technical security measures they are the foundations we have to have that can not be undermined but they are but the building bricks. People in general do not see or even want to see bricks, they want to see buildings in which they can live and work safely and securely.
They don t want to learn to be builders, nor do they want to be without buildings living what they see as a more primative existance. That is they have a comfort zone and for the majority that is where we need them to apply security to their lives. From there as they gain security strength they can expand outwards and widen their comfort zone. Some will take an intetest in technical security, most however will in one way or another take interest in social security ensuring that politicians work for who vote for them, not the fractional few who buy the politicos in one way or another.
Whilst this blog did start as a very technical blog iq option nubank still covers it, our host has moved onwards to the social and economic side of security, thus the subjects covered has broadened out. But whilt the social side is important we must realise that it is the economics of production that makes it possible. Which brings us around to the question of the production of software and hardware. I ve long argued that whilst hardware is engineered, software is at best crafted.
History shows us that infact all things man maked are first created in the mind, then crafted into a tangible form which is then tested to the point where they need to be engineered via the principles of science. We test via tools, which are also made by tools, which at a fundemental level are designed from the bedrock of intangible logic up through mathmatics and meet the tangible world at measurands which get derived from fundemental physical properties. The purpose of economics is actually efficiency, and to build the mathmatical models to be able to get there.
In the process it does not address much that makes society society and does not cover much that is social and thus important to society. The art of software is in many respects a social process, one aspect of which is how to do things not just effectively but efficiently. Thus it is subject to economic processes. You and I broadly agree on the C question I put it as stradling the gap between assembler and high level languages, you see it as a meta-assembler.
In essence the difference is where we see the low water mark for high level languages. I see it at partial almost minimal abstraction, you see it with a greater level of abstraction but importantly you see safety as being essential to the required level of abstraction whilst I do not to the same extent. You could say I regard the tool by what it does, not how it does it outside of that function.
Thus I do not consider at that level the aditional functionality that protects the operator from the tool or how the tool protects the workpiece from the operator. Thus I regard guards and stops as being something added to a table saw functionality whilst you see them as integeral to the table saw operation. It is actually a difference in view point in the economics of production. That s not to say I do not consider it important it s just where I draw a functional line.
The reason for this is the direction I am coming from which is bottom up not top down. I see the function of the tool as a specific design, likewise I see the guard as a specific but seperate design likewise the limits etc. However the economic view although present in the tool design is also above the operator level at the process and managment levels.
That is I take a tool makers view not an operator view. The aim of a process is to take raw materials and add value to them to increase their utilitarian value. This means making the process efficient which is where the aims of economics impinge. A table saw that has no guards or stops used by a skilled operator will do the entire range of things possible. But the reality is it is rarely used out of a small subset. So whilst the cost of the tool is a lot less the cost of a skilled operator is much more than a semiskilled operator.
So ecanomicaly the managment choice is to buy a more expensive table saw and gain that back by using lower paid less skilled labour. However a semiskilled operator has a higher probability of getting injured. In essence your argument for type safety etc whilst totaly valid and sustainable from a security aspect, also has a valid economic argument, in that enables the use of less skilled workers to produce the same level of piece work. It also has other arguments as well in that it lightens both the cognative and progrming load on the programmer.
That is they do not need to think about or write program logic to check for range conditions etc.
Coments:31.01.2020 : 05:54 Faejas:
The engineer can study the spectrum to determine which frequencies are present in the input signal and which are missing.
04.02.2020 : 15:17 Vudojora:
When you first run PinballY, it ll show all of its windows playfield, backglass, DMD, topper, and instruction card.
29.01.2020 : 13:52 Zulukinos:
History The Multibit Bitcoin wallet was developed by United Kingdom software iq option nubank Jim Burton, along Multibit Wallet 32 Bit - free download suggestions. If you don t see the option, you may need to revisit your BIOS and either select a would iq option nubank your computer is not only running the host and Virtualbox.
31.01.2020 : 05:58 Shahn:
Nobody talks about it, but everybody does something about it. Rebecca Johnson. The safest way to double your money is to fold it iq option nubank and put it in your pocket.