I love OpenBSD, seriously, and developers of it are clearly geniuses. And any chance I get I promote it. Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
From: Scott McEachernSent: Tuesday, October 8, 2013 7:17 PMTo: misc@openbsd.orgSubject: Re: Sorry OpenBSD people, been a bit busy On 10/08/13 17:38, Richard Thornton wrote: > I am not flippant enough to say that the NSA revelations do not matter, > but what are we supposed to do? The Middle Eastern terrorism threat is > real and we need to be able to stop them anyway necessary. > > All it takes is one of them to hit every Walmart in the neighborhood, > buy every pay-as-you-go phone they have, then pass them out to their > friends in every Mosque. Now you have a new terrorism threat. So, > welcome to the real world my friend, and wake up. Seriously, after everything I've said so far (I see you just replied privately to my most recent post), you're suggesting that *I* wake up to the real world? I suggest you take that message to the ignorant, complacent, apathetic masses. Please. Take a look at the prime-time TV lineup on the major US networks, and the "cable" stations like Showcase, HBO, etc. What are their plots mostly focussed on? Terrorism. Top-rated shows like NCIS, NCIS: LA, and the like: Terrorism. My point is that the media is feeding the viewers a non-stop diet of potential terrorist plots. It's ridiculously pervasive, and the fear is taking over peoples' minds. Why do you think Bruce Schneier calls the TSA's actions "security theatre"? They're reactive, not proactive. Maybe the NSA/CIA/FBI are trying to be proactive, but what's their track record? The intelligence agencies each had a piece of the 9/11 puzzle. Due to infighting and protecting their respective turf, they didn't share information, and 9/11 happened. Hindsight is 20/20, but it was revealed that if they had only cooperated, 9/11 could have been prevented. Look at the Boston bombings. The FBI received intel from the Russians, of all people, beforehand that the two brothers were up to something. How did that work out for them? The Times Square bomber was stopped by a curious NYPD cop, not an three-letter agency. How about those US soldiers that converted to Islam, raising red flags with their unusual behaviour and behavioural changes, going on shooting rampages? How did the FBI do there? Maybe they have foiled attacks, but you'd think they'd be shouting that from the rooftops saying, "Look! We're doing good! Our Billion dollar budgets are justified!" People know about PRISM now, but even if they wanted to keep the source of their intel under wraps, I'm sure they could find a way to "parallel construct" a plausible explanation without revealing too much. Like you said in a fresh post, maybe the NSA was helpful in stopping the potential attacks on Toronto and various rail lines. Who knows. Read my previous paragraph again. And for the record, both you and Ze Loff should stick to facts and rational discussion. Bigots and morons are best defeated with those, and they'll show their true colours, debasing their own opinions. There's no need for insults and ad hominem attacks. You feel that Snowden is "quite the jerk"? You're entitled to that opinion, but there are a great many people, myself included, that think he is a hero for exposing blantant lies and violations of the law and constitution. Snowden, and some other previous NSA employees, saw the insanity of this, and the future of it. They were appalled, and went public. They are heroes. Privately, you casually dismissed Wolf as "another blow hard", "the liberal version of Ann Coulter". Maybe so, but attacking her personally does not negate the validity of her points. Watch the video, and think about it with an open mind, if you can. You asked, "What are we supposed to do?" There are no easy answers here. I fully realize that there are shades of grey involved. But you aren't looking at the thin end of the wedge; we've long passed that point, and you are ceding your rights to allow it to not only continue, but to expand. Remeber what Ben Franklin said: "Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety." His point in that quote speaks directly to the nature of government. It hasn't changed since then. Government will take a mile when you give them an inch. You've probably heard the glib comments that more people in the US have died from choking on fishbones/car accidents/etc. in the last 12 years than have died from terrorism. But at what price, both financially (military spending) and in terms of rights in a growing surveillance state? Where does it end, and what is the logical conclusion? I just don't have the answers, but I can repeat the suggestions of Bruce Schneier: Trust the math. Trust the crypto. Be careful with the implementation. The NSA isn't so much working on breaking the crypto (for now), as they are attacking the end points. That's why they hacked the "Tor Bundle". That's why they control so many Tor exit nodes. Stick to known trusted OSes, like OpenBSD. Avoid proprietary software, especially software developed in the US. Avoid this "cloud" nonsense; house and be resonsible for your own data and security. Why on earth anyone or any company would trust a third party with their data is beyond me. Utter lunacy, to save a buck. And if you really /must/ use some cloud storage service, encrypt your data using a FOSS OS, again, preferably OpenBSD, before putting it out there. You don't know me, you shouldn't trust me (of course), so I suggest you do your own reading and homework. Bruce Schneier (google him) is a seriously respected cryptoanalyst in the industry, so start by reading his papers, articles and comments. Sometimes our Theo lets fly with a few interesting comments. Pay attention. He's a good man and fine leader; listen to him. I'd love to buy him some pizza and beer, and pick his brain for what he thinks is coming down the road. Unfortunately, Calgary is a three-day drive away for me, and I'm not silly enough to discuss such things via email. :) Remember, your security is *your* responsibility. It's now established that you cannot trust the government or any major US firms. Make that, "any US firms", period. Schneier has written many papers on how poorly people evaluate risk, and risk assessment. Read up on those old papers through the lens of the Snowden revelations, and make your own decisions. I don't know what the future holds. My crystal ball is broken. I have my suspicions, and I'll bet more than a few of them will be borne out by future Snowden revelations. As long as known insecure OSes like Windows, (who cooperate with the NSA), run horribly insecure software, like anything from Adobe (Flash, Reader, Acrobat, Shockwave), Oracle (Java), or Apple (iTunes, QuickTime), continue to dominate the market, we're screwed. It just takes one 0wned end point, which the NSA is very specifically attacking, and the best encryption in the world falls down due to vulnerable end points. You sent emails with the tagline "Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network." BlackBerry/RIM, a Canadian firm located just a few hours west of me, bent over and grabbed their ankles for the Indian government, so that government had a back door into the "secure" BB devices. (Hey, wasn't "proper security" a big selling/marketing point for them? Oh yes, it was.) I wonder who else they've grabbed their ankles for? And Verizon? Ah yes, it's now been documented that they cooperate with the NSA too. So, like I said to my friend with his Galaxy smartphone: Enjoy! I'm sure you're "not that interesting". Think. Read. Listen. Even to those you don't typically agree with. Listening to contrary views will help give you a balanced opinion and thought process. Look at the writing on the wall, that is, patterns. The patterns of history, wrt current patterns. Try. PS: I'm sure this is much to your consternation, but Ze was correct: Your post did validate my current sig. Which is sad, really. But you're off to a good /start/, you're using OpenBSD on at least some devices. (You are, right?) Thanks for listening, everyone. -- Scott McEachern https://www.blackstaff.ca "Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four." -- Bruce Schneier
