i assume you've read the recent article by nafeez ahmed from vice, etc, about how google's search algorithms were funded via the NSF/CIA/NSA for 2 years before google ever existed and that sergey reported to someone working for the CIA's ORD for that period.
to effect a classic double flashback, fight club style, here's a dose of bread and circus from juvenal from CE 100:
"'It is scarcely possible that the eyes of contemporaries should discover in the public felicity the latent causes of decay and corruption. This long peace, and the uniform government of the Romans, introduced a slow and secret poison into the vitals of the empire. The minds of men were gradually reduced to the same level, the fire of genius was extinguished, and even the military spirit evaporated.' Now that no one buys our votes, the public has long since cast off its cares; the people that once bestowed commands, consulships, legions and all else, now meddles no more and longs eagerly for just two things----Bread and Games!"
they live is one of the best john carpenter films, and that includes the epic 10-minute on-concrete wrestling match before keith david will don the glasses.
being extremely entertained to see a blog entry about they live aside, making privacy simple is super hard. similarly, making people care about privacy is super hard. killing the aliens is even harder.
ubiquitous surveillance has a pretty obvious response in the long run: ubiquitous encryption.
I've not seen the movie (yet) but reading the description on the blog was enlightening for me.
I don't fit into Western Society at all - I couldn't care less for consumerism, sports, mass media, smartphones, etc. etc. and I've always thought it's because I can see the truth behind stuff, where other people just see the glitter on the surface covering up the ugly truth.
Now I know I've just been wearing a pair of these sunglasses my whole life.
Most of us think that we now live in totally atheist, post-ideological times, and cynically view the big 20th century movements like communism and fascism as totally failed and outdated. But it's exactly when we think we exist outside ideology that we are actually in it. It's inherent in the way that we construct our reality and stage our desires. And this is also reflected in cinema. In a consumerist capitalist society, you think you are free by being able to enjoy life and buy things like a Starbucks frappuccino, when actually, you are following an obscene and deep command to ”ENJOY.”
You sure are a special snowflake. Thank you for sharing your insights with the rest of the world. Do you have a newsletter? I would like to subscribe to it! Your fresh, humble insights are a beacon to us all, who have to contend with the dumb sheeple on a daily basis.
The thing about western society is that its actually still mostly free. I dont care for most of those things either (exept the smartphone) but I can easly build my own bubble.
You are not forced to spend much time in mass culture, there is no great conspiricy, people are just diffrent then you but you have the freedom to find your own frinds and community that you can hang out with.
There are hunders and tousends of subcommunity outthere that most people have not even heard of. I am constantly suprised about all the hobbies that exist even in a short distance from my house. There is a huge groupe of people who are totally into doing competition "who has the best looking rabbit". This is from perspective totally alien but I happen to stumble on a tournament once where literally tousends of people and even more rabbits and I could just not belive how many people that were there.
So stop lamenting the fact that you live in a consumer society and start investing your money into the stuff you actually like, and invest your time into people and hobbies that you actually like instead of seeing conspirices behind everything.
Also it want kill you to know the 5 top pop songs and watch a football game with your familly once in a while.
space-alien technology speculation aside, i've been aware of openssh's less-than-reassuring default selection order for Ciphers, HostKeyAlgorithms, KexAlgorithms and MACs for a few years. for most modern computers and cpus, using these stronger algos amounts to, at most, a 10% speed loss when scp'ing and a 10% increase in cpu usage. even machines with weaker cpus will barely show any signs of fatigue with these stronger algos. despite this, at least 2 of the openssh devs have rebuked my suggestion to change the default algorithm selection order.
it's not exactly clear (to me) why anyone who runs a project that so many ppl depend on for security would stick to such old and crufty algos. since openssh and openbsd are intertwined, it does make me wonder if this is being done so that openssh can run on the latest vax, etc (omg! but it will take a week for it to generate the right sized keys!).
EDIT: openssh in 2nd paragraph changed from openbsd, a typo.
I feel like most of this is just because OpenSSH has been under development for 15 years rather than any conspiracy. Cryptography moves forward, new algorithms get added, but yet defaults don't get changed.
I have no idea what you're referring to. The OP took issue with the default algorithm(s) selection order over the course of two paragraphs. I noted they were recently changed in the latest OpenSSH release to exclude weak ciphers.
Using -C with scp will result is drastic speedups most of the time anyway, it's possible any slowdown due to a nicer cipher suite can be counteracted with that.
That's orthogonal and compression won't help much if you're copying things that are already well compressed like archives, videos, photos... And compression only helps if you're I/O bound.
If using a stronger cypher is enough to slow you down chances are that you're CPU bound anyway and adding compression on top is actually going to make your transfer slower.
Making it slower isn't just a theoretical problem but I routinely saw that working with fast network hardware (1G, later 10G) on hosts which were either loaded with user tasks (computational lab) and have still seen it in recent years using hosts which are running AIX/Solaris/etc. where it's apparently routine for vendors to ship OpenSSH without any compiler optimizations enabled.
Depends on where the bottleneck is. A lot of the time scp is hampered by latency, moving most files that are not already compressed around will usually get some level of speed up on latent connections. Compression is also asymmetric, a fast remote host and a slow one being bottlenecked by decryption might see a speedup.
In theory, compression before encryption should make encryption faster on a multicore system. However, I'm pretty sure all ssh clients are single-thread, so that wouldn't apply.
Sure, but getting an IOMMU right on a complicated platform that didn't historically lean on IOMMUs is different than "the IOMMU is backdoored".
Why this isn't just a nit is, if you believe (say) VT-d is backdoored, a lack of IVT research projects isn't evidence of the absence of backdoors. Presumably, if the NSA is serious enough to backdoor Intel chipsets, they'll do it in a manner that a couple of independent security researchers can't black-box.
good luck detecting baseband attacks in the wild. i hope you've got a transceiver with you and a rainbow table for cracking the A5/1 etc on your cell link.
while i am generally loathe to comment on HN, i consider it truly sad to see the passing of grothendieck.
he was a truly revolutionary mathematician and his contribution to the (hard) science of mathematics cannot be overstated. people who live on principle are rare, and those willing to go without salary as part of that protest are even rarer [1].
i think it's great to see ppl being skeptical of security claims from phone manufacturers. trying to secure a normal cellphone is pretty much impossible and if you're storing sensitive information on one, you are just waiting to get fucked.
i think all this "sound and fury" is likely a ruse to entice ios and android users into a false sense of safety post snowden disclosure. being able to encrypt your drive doesn't matter if your OS and its applications are exploitable. last time i checked, there is almost zero open source firmware out there, so your application processor can encrypt stuff hitting disk and the baseband processor can be used to get dma.
time to roll out the hypothetical child molester straw man...
> being able to encrypt your drive doesn't matter if your OS and its applications are exploitable
Because, you know, security measures that aren't 100% perfect are on equal footing as no security at all. Seriously? That's a huge fallacy.
In the end, it's all about the cost. When speaking of the NSA, we are primarily concerned with mass surveillance, because lets be honest, if you're targeted directly then you don't stand a chance, since they can always infiltrate your home then watch your fingers typing your password. And if these companies are raising the cost of doing mass surveillance, with encryption doing just that, then that's a good thing. It is in their interest to do so because the bad press they are getting is hurting their bottom line - you may not see it, but post Snowden at least governments and big corporations are starting to think of software/hardware stacks provided by non-US companies and now they have the ultimate argument for the balkanization of the Internet, which can't be a good thing.
But lets also think about things closer to home. I'm not from the US, I couldn't care less about the NSA. But I do care about my personal data ending up in the wrong hands - personal emails and photos, details on my accounts, projects, written down feelings and so on.
There are always organized crime syndicates looking for generating a quick buck. There are always incompetent clerks in your government institutions that out of an oversized sense of responsibility are doing stupid things. For example my personal identification details ended up in a local newspaper by mistake, because of a non-public contract leaked out of a public institution. Now how can I trust these people to handle my data? How could I let any cop inspect my laptop or phone on the spot as part of routine checks, which from what I hear, are becoming more common?
Yeah, encryption is not a good solution in the face of insecure apps, binary blobs and a potent global adversary. Thing is, for most people that global adversary is not the immediate threat they are facing and even for that global adversary, encryption makes surveillance more expensive.
GP is actually making a factual statement not just waving his hands around. Data at rest encryption doesn't matter if one can gain execution control with supervisor level privileges (or control another processor or part of the process which does.) This is why security is hard. These aren't NSA level attacks, they're what are used for the jailbreaks that come out for every version. It's a good idea to ask questions before getting fired up if it isn't your area of expertise.
Well, I disagree with his factual statement and I tried stating the reasons why.
I have my Android encrypted and I do feel safer, because I've got my 2-factor auth generator on it and now at the very least I feel safe about losing it. So why are we talking about a false sense of security, when an encrypted phone is factually more secure than one that isn't?
It's already there, in the third paragraph of the article:
“This is a very bad idea,” said Cathy Lanier, chief of the Washington Metropolitan Police Department, in an interview. Smartphone communication is “going to be the preferred method of the pedophile and the criminal. We are going to lose a lot of investigative opportunities.”
https://medium.com/@NafeezAhmed/how-the-cia-made-google-e836...
if you haven't read this, it's a long but great read.
the best thing google ever did was create go (golang). huge props to robert griesemer, rob pike and ken thompson for getting it all going.