Re: [Trisquel-users] Is there a perfect method to guard our communication?
かなり自然ですけど。 >貴方と僕、喋らないとダメです OK. I believe you. Hey! Is there a perfect multilingual blonde who has blue eyes, under 167cm, some first-class skills, and live in Japan and don't care about the man has a lot of persistent peepers?
Re: [Trisquel-users] Free software foundations problems
so there is a function within chromium like noscript? Interesting... and by dials back I mean it reports back to google. If you know something I don't though, feel free. I haven't used chromium too much... to be honest. Though if I used anything, it would be iridium the chromium based browser... its completely free software. ps, look at libreplanet's reasons why chromium is not to be trusted. Before you respond okay?
[Trisquel-users] Re : Is there a perfect method to guard our communication?
Nobody said "give up". Indeed. You understand the word "subliminal", don't you? And Abdullah actually answered: "I might have come across a bit discouraging in my attempt to 'be on the safe side'": https://trisquel.info/forum/there-perfect-method-guard-our-communication?page=2#comment-128200 heyjoe is the person who showed something practical in investigating and improving security of web browsers. What did you do about it? I actually wrote two scripts to help you (whereas your repository had nothing). Remember? Here they are: https://trisquel.info/forum/web-browser?page=5#comment-127495 You criticized him from the very beginning (...) Would you rather prefer the info about browsers not to have been shared, so everyone can live an illusory life in the fancy words of ideologies and motivational talkers? My first reply starts with "heyjoe raises interesting privacy concerns" and I have repeated that several times: https://trisquel.info/forum/web-browser#comment-126105 posted various inflammatory, confusing and time wasting off-topic remarks I disagree and let anybody who cares (probably nobody) judge. And you started the confusion, pretending that freedom 0 has to do with privacy. The next two sentences on that same first post are: "It is unfortunate he pretends they are freedom issues. They are not". at the end you started licensing your forum posts. Not the posts by themselves but the code in them. Because I want it to be free software, as I explained there: https://trisquel.info/forum/web-browser?page=5#comment-127495 Do you really think what you did helps anyone to improve the security of their communication? Summed up, I wrote that For "99.% of the people (...) GPG on a free software operating system (such as Trisquel) is apparently sufficient or more than sufficient": https://trisquel.info/forum/there-perfect-method-guard-our-communication?page=1#comment-128158 In contrast, the only "advice" from you is "create your own network, completely isolated from the Internet": https://trisquel.info/forum/there-perfect-method-guard-our-communication#comment-127969 heyjoe also opened a thread to discuss ideas about a new network model. What did you do? - You posted in it just to explain that because it doesn't fit in what you know, it is inefficient, anti-ecological and what not, when the whole idea was to discuss a possible new approach, share other ideas etc. Can't the discussion mention that your solution is inefficient and anti-ecological? It is actually an euphemism to state it in those terms. I explained why, doing the math: https://trisquel.info/forum/thoughts-about-new-type-network#comment-126583 Just look at your only post in that thread and how "motivating" it is. It replied "No, it is not" to you writing that "any attempt to provide FSF-freedom at software level is really putting flowers on the black box and saying 'as long as there are these flowers on the blackbox, it is safe'": https://trisquel.info/forum/freedom-security-technology-what-can-we-do#comment-127801 So, yes, my post is motivating. In reply to yours, which is demotivating (and again confusing freedom with feature, security in that case). As Abdullah explained - creating a false sense of security and safety is much more dangerous than facing actual insecurity. I agree with that.
Re: [Trisquel-users] Can't boot Trisquel 8 from USB
What's new in the February ISO? Downloading it as we speak. I may have to burn to USB drive with the archive mounter or something; sounds like the standard 'dd' approach doesn't work?
[Trisquel-users] Re : Is there a perfect method to guard our communication?
I agree that it should be repeated over and over that perfect security does not exist. Yet, for 99.% of the users, the available technologies (such as GPG) will efficiently secure their online communications. One does not secure a line in an absolute way but given a threat model: https://en.wikipedia.org/wiki/Threat_model
[Trisquel-users] Re : Is there a perfect method to guard our communication?
I don't think it is fair to say that Abdullah's posts here have had a demotivating influence. It is indeed unfair. And ungrounded (as I wrote: I have no evidence). In the same way that it is unfair and ungrounded to suggest that Edward Snowden is "a deliberately created figure". It was what I wanted to imply with those (apparently unclear: sorry) sentences.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> But then it is a delicate balance between lulling into false sense > of security and discouraging into abandoning security. I > acknowledge that new users might not be able to differentiate the > subtleties and can get over- or under-optimistic (both being > equally bad) rather easily. I think the solution is actually the one you proposed a few messages ago. Identify what threats there are and which ones can and cannot be addressed, how to address the ones that can and what is missing to address the ones that can't. Stress the importance of doing what is possible while acknolwedging current limitations. > OTOH, old users need to discuss things somehow, while not > inadvertantly causing a false impression (+ or -) on new users > about security and privacy. I think this is partially related to having many discussions that while relevant to many Trisquel users do not belong in a forum/mailing list for tech support. I think that these discussion are very worthwhile, but need to heppen in a separate forum on the same site. The closest we have is the troll lounge, but that has negative connotations and also contains a lot of threads that are jokes. > I believe in "beating it up", as I believe it *is* the natural > evolution path of FOSS. Exactly, there is no silver bullet. > Well, it may work well in dedicated circles, but in a general forum > where there are people from every walks of life, perhaps some > healthy dose of euphemism would be a more suitable approach. The > thing is, I'm not that type, and if I try that way, it will simply > not stick on me (because it is not me), rather it will stick out > like a sore finger. I don't think there's anything wrong with the way you've been communicating. Some recent threads have become very difficult to follow and it has been difficult to keep track of who said what, but everything I recall reading from you has been thoughtful and interesting.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
修正ありがとうございます。 落ち込まないでください... そんなに頑張るのは見事だと思います。 ドイツ人として日本語はめっちゃむずかしい、然も自然な日本語は一番むずかしいです。 時々無理だとおもいます... 絶対消してできません。 日本語喋ると、のろまな像みたいな感じ^^"。 でも諦めるわけではないね。読んだり、喋たり、勉強したり、こうして必ず上手になりますね...貴方と僕. 喋らないとダメです. 間違えたら全然大丈夫です。メンバーは大抵優しい人ですから。 じゃ、一緒に頑張りましょう。よろしくおねがいします。
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> What about the subliminal message "our computers and networks are owned, securing our communications is moot, give up"? Nobody said "give up". You should really stop putting words into other people's mouths. I have asked you to stop it so many times, yet you keep doing it. > If I was a conspiracy theorist (I am not), I would suggest heyjoe and you infiltrated the Trisquel community to demotivate those who want to secure their communications. heyjoe is the person who showed something practical in investigating and improving security of web browsers. What did you do about it? You criticized him from the very beginning, posted various inflammatory, confusing and time wasting off-topic remarks and at the end you started licensing your forum posts. Do you really think what you did helps anyone to improve the security of their communication? Or you are just throwing mud at others, so that your perfect knowledge can shine? Would you rather prefer the info about browsers not to have been shared, so everyone can live an illusory life in the fancy words of ideologies and motivational talkers? heyjoe also opened a thread to discuss ideas about a new network model. What did you do? - You posted in it just to explain that because it doesn't fit in what you know, it is inefficient, anti-ecological and what not, when the whole idea was to discuss a possible new approach, share other ideas etc. You simply dump everything which doesn't conform to what you stick to. Yet you say that others are demotivators. Great, hats off. Maybe we should all sit together in a church and sing motivational Gnulellujahs which would be the ultimate security of communication? heyjoe is also the person who invited everyone into an in depth discussion about what we could actually do to optimize security of current systems and to create new truly secure systems, considering (and _not_ neglecting) the actual issues which currently exist. How many people joined and showed real interest? Just look at your only post in that thread and how "motivating" it is. As Abdullah explained - creating a false sense of security and safety is much more dangerous than facing actual insecurity.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
Perhaps an interesting article: https://aeon.co/essays/your-brain-does-not-process-information-and-it-is-not-a-computer
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> What about the subliminal message "our computers and networks are owned,... *Potentially* - so that we would have a healthy dose of awareness and would develop preventive measures. > ...securing our communications is moot, give up"? I hope I haven't given *that* impression. > If I was a conspiracy theorist (I am not), I would suggest heyjoe and you infiltrated the Trisquel community to demotivate those who want to secure their communications. Hmmm yes, you may have a subtle point there. I get your message. I might have come across a bit discouraging in my attempt to "be on the safe side". But then it is a delicate balance between lulling into false sense of security and discouraging into abandoning security. I acknowledge that new users might not be able to differentiate the subtleties and can get over- or under-optimistic (both being equally bad) rather easily. OTOH, old users need to discuss things somehow, while not inadvertantly causing a false impression (+ or -) on new users about security and privacy. What would you suggest? Perfect compromise may not be easy, but opinions matter. As for me, I have always thought along the lines of "Bazaar Dynamics" in FOSS. I believe that exposing bugs, discussing weaknesses, "beating it up" serves as part of hardening and excelling process. E.g. while closed source vendors try "security by obscurity", FOSS goes the exact opposite way of "security by pornography" i.e. overly and close-up exposure of bugs and issues. And at the and of the day, FOSS strategy wins over that of CSS! So I believe in "beating it up", as I believe it *is* the natural evolution path of FOSS. Well, it may work well in dedicated circles, but in a general forum where there are people from every walks of life, perhaps some healthy dose of euphemism would be a more suitable approach. The thing is, I'm not that type, and if I try that way, it will simply not stick on me (because it is not me), rather it will stick out like a sore finger. What would you suggest?
Re: [Trisquel-users] Can't boot Trisquel 8 from USB
Mason Hock: > What machine are you using? I had this problem with the December ISO on a > librebooted 64-bit ThinkPad X60. I had no trouble with the ISO preceding that > one. I used an ASUS X453M, an ASUS X101CH, a generic desktop (not sure about the specs), and an HP Pavillion dm1. Both ASUS laptops can use most of the distros in the FSF list (incl. Trisquel 7) with wifi and camera working. I used a TPlink usb on the Pavillion to make wifi work on Trisquel 7.
Re: [Trisquel-users] Can't boot Trisquel 8 from USB
> I used the latest one this February 2018. Drat. I was hoping the problem would be fixed with the new ISO. I'll try it this weekend and see if it persists for me as well. What machine are you using? I had this problem with the December ISO on a librebooted 64-bit ThinkPad X60. I had no trouble with the ISO preceding that one.
Re: [Trisquel-users] Free software foundations problems
> Chromium dials back to google very frequently. Not if you have configured it properly. I don't know what you mean by "dials back". The only case when it communicates to a third party host is when opening chrome://settings in which case it sends a single request to translate.google.com to check which languages are available. I have already filed a bug report about that and it is being considered. > Although if a chromium based browser had something similar to a noscript feature built in In chromium you can disable/enable JS per-site without additional extensions. > + no anti-features of any kind it would be extremely secure I am sure. What anti-features are you referring to?
Re: [Trisquel-users] Re : Is there a perfect method to guard our communication?
> If I was a > conspiracy theorist (I am not), I would suggest heyjoe and you > infiltrated the Trisquel community to demotivate those who want to > secure their communications. I don't think it is fair to say that Abdullah's posts here have had a demotivating influence. Abdullah has acknowledged the current limitations that make perfect security impossible at this time, but I haven't seen him suggest that we should not try to achieve any security. In this thread he has suggested obtaining as many levels of security as possible in each situation, assuming that I have understood him correctly.
Re: [Trisquel-users] Can't boot Trisquel 8 from USB
I used the latest one this February 2018. Mason Hock: > What is the date of the ISO? I had that problem with the one from last > December. I saw that a new one was uploaded yesterday but I haven't tried it > yet >
[Trisquel-users] Re : Can't boot Trisquel 8 from USB
I personally used Trisquel 7's graphical "USB Creator" (or whatever it is called) to create a live USB from http://jenkins.trisquel.info/makeiso/iso/20171223/trisquel_8.0_amd64.iso That said, the problem may be with the recently cooked (today!) ISO.
Re: [Trisquel-users] Can't boot Trisquel 8 from USB
What is the date of the ISO? I had that problem with the one from last December. I saw that a new one was uploaded yesterday but I haven't tried it yet
[Trisquel-users] Can't boot Trisquel 8 from USB
Hi, I would like to ask for assistance in installing Trisquel 8 as I'm unable to boot from the USB. I used the dd command to create a bootable USB as described in this link (https://trisquel.info/en/wiki/how-create-liveusb). I've also used the same command and USB in installing Trisquel 7, Parabola, Dragora, gNewSense, and Pure OS on various computers. It seems that even if I use other USBs and redownload the ISO I'm still unable to boot with Trisquel 8. Ive tried doing it on 3 laptops and a desktop but it still won't boot. I've ensured that I use Legacy/CMS on the BIOS. I hope you guys can shed a light on this one.
[Trisquel-users] Re : Is there a perfect method to guard our communication?
Such an incident would intimidate people to self-censoring. The Snowden revelations have caused self-censorship: https://theintercept.com/2016/04/28/new-study-shows-mass-surveillance-breeds-meekness-fear-and-self-censorship/ It indirectly implies that: "All these security fuss is really much ado about nothing. Just use Linux and PGP and you are good to go - even against NSA even when they single you out. Relax people, already!" A substantial and subliminal message to all. What about the subliminal message "our computers and networks are owned, securing our communications is moot, give up"? If I was a conspiracy theorist (I am not), I would suggest heyjoe and you infiltrated the Trisquel community to demotivate those who want to secure their communications. I have as many evidences as you have against Snowden: none.
Re: [Trisquel-users] Voxware MetaSound works!
n...@address.com: > I was pleasantly surprised yesterday to find out that the file I > downloaded played back perfectly on Hyperbola GNU/Linux using MPlayer > and mpv without using non-free binary codecs. I can confirm it works on Parabola as well.
Re: [Trisquel-users] Community guidelines question
The second paragraph here was absurd, but the third, is "alternative facts" meh... Oh well...
Re: [Trisquel-users] Free software foundations problems
plenty of autismo, I can relate :P
Re: [Trisquel-users] Free software foundations problems
Chromium dials back to google very frequently. Although if a chromium based browser had something similiar to a noscript feature built in + no anti-features of any kind it would be extremely secure I am sure.
Re: [Trisquel-users] Free software foundations problems
Same here.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> Animals with dual-core sound processors? Am I missing the humor or some deep meaning in that? :) Err I was referring to their dual brain lobes. Yes, hearing center should either in this lobe or the other, so it's not true dual-core. But I'm innocent, Intel started it all with their pseudo-multi-core hacks in their processors. > So you don't have cable TV and you have deliberately limited your internet quota. There are dish antennas. Why should I limit myself? Even if I get cable TV, I won't subscribe to pay-to-view channels and programs. So there is next to no difference between dish and cable as far as I'm concerned. As for quota, I am simply keeping away from active content as much as possible (but still work with them when I have to). I find it worthwhile both security-wise, and information quality / density wise. It really enhances my productivity (or efficiency of internet usage).
Re: [Trisquel-users] Is there a perfect method to guard our communication?
思ったよりみなさんやりますね。変な気ィ使わなくて済むぜ!フゥー楽ぅー!!
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> It *was* their dual-core signal processors that is developed Animals with dual-core sound processors? Am I missing the humor or some deep meaning in that? :) So you don't have cable TV and you have deliberately limited your internet quota. That reminds me of the monks who always look at the ground because there could be a woman out there which they must not see (even though they may be walking in deep woods). :P This is worse than panopticon.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
Perhaps. But I don't assume easily :P
Re: [Trisquel-users] Is there a perfect method to guard our communication?
I guess you guess my guesses about it. :)
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> If that was true animals with high sensitivity to sound would have glass windows inside their ears :) It *was* their dual-core signal processors that is developed, while their -ahem- "microphones" are still bound by laws of physics. In contrast, a glass panel of several meters in size should be at least as good in picking up sound as an organic membrane (if not better), so it largely revolves around whose signal processing is better. No animal's lowly dual-core sound processor could dream of competing with an octa-core RISC-V chip possibly tamed by Trisquel, could it? (So this is related to Trisquel, after all) > Speaking of multimedia: do you have cable TV? Your TV provider can know which channel you are watching and when :P Most of my neighbors and friends use either cable TV or IP-TV (I don't) and they don't give a heck about their privacy, as long as their bedroom windows are curtained. :)
Re: [Trisquel-users] Antwort: Abrowser not playing sound because it now requires Pulseaudio
I finally got around to submitting a bug report for this. Do you use Trisquel 7 or 8? I use T8, and I'd like to know whether it affects T7 as well.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
No. Using the word as a marketing tool implies that.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
I don't know if anyone has ever considered the possibility of E.S. being a deliberately created figure (for various purposes). To me it seems quite possible. NSA surely knows his location and can expunge him at any time. But they don't.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
The video is a short presentation by Trammel Hudson who talks about securing the boot process through replacement of proprietary BIOS/UEFI with https://www.linuxboot.org/ > Well, a glass window is the best membrane one can think of. There is no better. If that was true animals with high sensitivity to sound would have glass windows inside their ears :)
Re: [Trisquel-users] Is there a perfect method to guard our communication?
If you can't measure it "best" and "least" have no meaning. A goal is not merely a direction of movement.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
いや文法ほぼ完璧です。たまにすごい自分の英語の能力に恥ずかしくなったりします。今もアブドゥラさんの文を読んでて、もう辞書引きっぱなしみたいな感じになって少し落ち込んでました。書いた事に後悔する時もありますし。ちょっとオレでかい面し過ぎなんじゃないの?みたいな感じです。でも皆さん良くしてくれて楽しかったです。 参加が嬉しいですと言われると本当に嬉しいです。良かったです、スレッド立ててみて。 ちっちゃなお礼として、量子重力さんの文を、自然な感じにすると、 フォーラムにようこそ。 残念ながら日本のメンバーが少ないものですから、貴方がご参加下さった事を嬉しく思います。 それほど日本語がうまくはありませんが、お手伝いさせて頂ける事がございましたら、全力でサポートさせて頂きたいと思っております。 文法を間違えておりましたら、恐縮です。 これは、極めてフォーマルではないですが、十分フォーマルで、普通のビジネスマンが使う敬語並みという感じの表現です。 なんかここら辺、日本語使える人多いですね。 ありがとうございます。心強いです。よろしくお願いします。
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> Laura Poitras is not an agent. She was on the watch list of the Department of Homeland Security before she even knew Snowden existed. And Glenn Greenwald, who is not an agent either, You raise a valid point here. That people singled out by and under scrutiny of NSA were *apparently* able to communicate securely, under the nose of NSA, by just using a hardened GNU/Linux (Tails) and PGP. For one, as I have already stated in one my posts above, I don't take examples as precedents. Second, I am not assuming anything. It could be due to luck, it could be due to the plan, it could be something else. It (the whole lot of the story) could still be some kind of theatre. I can't guarantee that it was *not* a premeditated scenario by the Big Brother. There are already a couple of reasons coming to my mind, and there may be much deeper reasons than those. E.g.; * Such an incident would intimidate people to self-censoring. * It indirectly implies that: "All these security fuss is really much ado about nothing. Just use Linux and PGP and you are good to go - even against NSA even when they single you out. Relax people, already!" A substantial and subliminal message to all. We can't assess the stakes involved, the greater plan. We can't talk for the Big Brother. So neither assertion, nor rejection (of such shenanigans) would make sense. That carries me to my starting point: That I don't make assumptions, and I don't take examples as precedents.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
このフォーラムにようこそ。 残念ながら、日本のメンバーが少ないですから貴方の 参加が嬉しいです。 私の日本語の能力が足りないですが多少なりとも手伝えたら, 一生懸命手伝いたいです。 文法間違いましたらすみません。
Re: [Trisquel-users] Is there a perfect method to guard our communication?
I call that Master/Dog system. But over 99% people live under the system. The master is someone's dog. ( I don't dislike dogs. ) So I hate classes. I think the important thing is how people use the merchant for their happiness. Why do you work for libre? You just like ilibre is the best healthy answer, I suppose. The merchant concerns people's happiness. Most people cannot even normal talking as you guys know. But their talking level was improved quite well. I think the primary reason is computer exist. They are learning how to speak by a device. They can see others's chat, they can send sns very cheap, they can learn e.g. what is informed-consent, where is a good seller, even a bad seller. So many bad companies would have bankrupted by information on the internet. People is the strongest, they are ruling the economy as economy class. If most them become to dislike a product, they bankrupt. Even public system cannot ignore that rule. People have been learning what they are doing quite fast. Sooner or later, people understand that system. Even if they tryied to control that by surveillance, it must just delays that except they erase whole internet infrastructure. Their child will be mixed up that. They should have noticed that living is too risky when they know the being of the internet. The time comes literal "sooner or larer". So I don't think they are clever. Those mean why they should sell their product sincerely. I know that is very difficult in this environment. >In such environmantal honestly is impossible. If you state "... is very difficult." , I agree. Surely, that would almost impossible. But I desire my works will be both theirs and mine benefit. I don't want to cheat them. I don't buy goods from cheats basically, and there are a few really sincere and passionate productors.( e.g. they make excellent organic vegitables. very cheap and unique method) I can search them by this iPhone. But then, it looks not a big profit though... I like them. Do you separate your taste and business?
[Trisquel-users] Re : Is there a perfect method to guard our communication?
I think on the contrary, an agent using encrypted communications would be less suspect arising than average people doing the same, as it is only normal and natural for an agent to use encryption. Laura Poitras is not an agent. She was on the watch list of the Department of Homeland Security before she even knew Snowden existed. And Glenn Greenwald, who is not an agent either, wrote about it at that time, what certainly put him on that same list, if he was not on it yet. See https://deadline.com/2012/04/documentary-directors-protest-homeland-security-treatment-of-helmer-laura-poitras-254291/ for instance. I have a vague feeling that all this "either get PGP or I won't communicate" thing might well be a theatrical act. Smells curiously fishy to me. That probably allowed him to reveal the NSA documents and still be alive today. That does not look theatrical to me.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> This was also what he had the journalists he talked to use. I knew about Snowden, but didn't know about his correspondents. So they too were on Tails. It makes sense now.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> But all these doesn't explain his correspondents' security weaknesses, namely PGP on Windows. Edward Snowden has *got to* know better than to fall into that. Snowden used Tails, not Windows. This was also what he had the journalists he talked to use.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> I would estimate that 99.% of the people have a lower profile than a NSA contractor with top-level permissions... Yes I agree with that. I have used "low profile" as in "not singled out" and have explicitly stated that. > For those people, GPG on a free software operating system (such as Trisquel) is apparently sufficient or more than sufficient. I think on the contrary, an agent using encrypted communications would be less suspect arising than average people doing the same, as it is only normal and natural for an agent to use encryption. But all these doesn't explain his correspondents' security weaknesses, namely PGP on Windows. Edward Snowden has *got to* know better than to fall into that. I have a vague feeling that all this "either get PGP or I won't communicate" thing might well be a theatrical act. Smells curiously fishy to me. > 1. using GPG would not raise a flag (assuming it still does), if the vast majority of GPG users only encrypt uninteresting messages; Agreed. Mass penetration stays as a major issue with PGP. 2. to the best of our knowledge, even the most powerful agencies can only afford the computing power to decrypt a tiny number of such messages (probably uninteresting ones given the previous point), if good-enough ciphers are used. Providing all the other holes and cracks are sealed. Then again, tactical attack (mass surveillance) and strategical attack (targeted surveillance) are quite different things. Once they single you out, somehow, then you are faced with a whole new dimension of security challenges. Regarding the other holes and cracks, if they can read my private key through a backdoor embedded e.g. in the CPU (no, I am not necessarily talking about meltdown and spectre) then they wouldn't have to crack it. How many holes do we have in hardware and software we use? We never know.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
It's not just Microsoft. I saw an ad about a month ago advertising this feature for Apple devices.
Re: [Trisquel-users] Free software foundations problems
At the moment i don't have much time, i'm studing for school, and for license, and i have IT courses, autismo is not the problem :D
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> Then please define clearly and unambiguously "best compromise" Simply having the least vulnerabilities relative to a given functionality. It is a goal, not an accomplishment.
[Trisquel-users] Re : Is there a perfect method to guard our communication?
Edward Snowden might have exploited the status of having a low profile (i.e. not being singled out) by then. I would estimate that 99.% of the people have a lower profile than a NSA contractor with top-level permissions! For those people, GPG on a free software operating system (such as Trisquel) is apparently sufficient or more than sufficient. Even if GPG is not necessary, given somebody's threat model, using it helps those who really need it (whistle-blowers, political dissidents, etc.): using GPG would not raise a flag (assuming it still does), if the vast majority of GPG users only encrypt uninteresting messages; to the best of our knowledge, even the most powerful agencies can only afford the computing power to decrypt a tiny number of such messages (probably uninteresting ones given the previous point), if good-enough ciphers are used.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> As you can see in the video I linked there is some research going on. Perhaps you can join that approach if you feel going down to the oscilloscope level... Unfortunately I was unable to watch the video as I don't (can't) do multimedia on internet, because of my deliberate low quota plan. The reason being; (which also happens in line with my way of dealing with security and privacy) https://trisquel.info/en/forum/vulnerable-meltdown#comment-126742 Your mentioning of oscilloscope suggests me that the video might be about targeted / side channel attacks. Well, if you are targeted, then there is really not much options to escape it. There are zillion ways of targeted attacks and it is virtually impossible to defend against all of them. To give an example, let me steal a line from the security thread in troll lounge. > 9) Targeted attacks (bugging, window listening, etc.) There is an interesting targeted attack vector that few people knows: Window listening by laser Everyone knows the working principle of a microphone: A membrane that vibrates along sound waves in the environment, and an electrical rig (resistance that varies with membrane position) to convert mechanical vibration of the membrane to electrical fluctuation. Well, a glass window is the best membrane one can think of. There is no better. But how to pick the vibrations of your lounge window and convert that to electrical signals? An invisible laser beam is directed to the center of your window from hundreds of meters away. Reflected beam vibrates in sync with your window. Vibration of this reflected beam is converted to electrical signal. (E.g. shed on a fluorescent surface sensitive to laser's wave length, then the illuminated surface taken in by camera, and then digitized by an image processing software. Many other methods are possible.) No microphone as sensitive as this (1-meter membrane!) is ever produced. They would hear the foot steps of a mosquito in your lounge. I can think of no defense against this one, except injecting synthetic mechanical "white noise" (a "hiss" sound with frequency spreading characteristics of natural human voice) onto your windows () or walling all your windows. (Moving to basement would equally do) This is just one (targeted attack) vector. So, > ...but it seems to me reverse engineering (mouse) will never beat evil engineering (cat) and its legislation at mass scale (tiger). I agree as far as *targeted* attacks go.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
For some it is simply staying Ecuador's embassy.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> The goal is to strike the best compromise Then please define clearly and unambiguously "best compromise" explaining: - why it is best (and can't be any better) - what exactly is compromised (and cannot be otherwise) Otherwise without actual measures it is really heading for the horizon which is not a goal.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
Because I just guessed that those are the basic factors, if e.g. Swiss or Cuba etc 's government tries to realize that philosophy. It looked there is the possibility just on a satellite.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> Approaching things step by step surely makes sense but only when there is a clear plan and a possible goal. In case of security in current technology it is known beforehand that absolute security is impossible and there is no real plan. The goal is to strike the best compromise, based on one's security model. So, the fact that absolute security is impossible, shouldn't automatically translate into there is no goal and no real plan. > So it is a stepping towards nothing. Towards the best (or at least, better) compromise. > This is not security but a perpetual escape from insecurity. Security is a never ending race, between the cat and the mouse :) where the predator can also simultaneously be a prey, and vice versa.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
I dare to say that E.S. seems to me not quite thoughtful of the lower ring issues. In his Twitter feed he merely says "Use Tor, use Signal" which is meaningless considering the former. This makes me question the actual competence of the guy as these are really superficial statements (even more considering what you say - windows etc). > And the fact that he managed to not get caught in spite of *that* security flop is still more interesting. Well, let's not forget that just because we consider that something is possible (a low lever back door) doesn't mean it is necessarily easy, especially in particular circumstances, e.g. accessing the machine behind a firewall, or having it online for too short time to perform an attack. Additionally as an NSA employee he surely knows how his colleagues would proceed, so he may be able to avoid certain attacks through that info, at least in a certain time span until they develop new strategies. So that may be a factor of "luck" as well. > A separate topic to discuss vulnerabilities, possible attack vectors and defenses would have been nice, and I had hoped that of the security thread in troll lounge, albeit it has diverged into something else. We still have that but perhaps it deserves a thread of its own. But what more/new could we really say about it? As you can see in the video I linked there is some research going on. Perhaps you can join that approach if you feel going down to the oscilloscope level but it seems to me reverse engineering (mouse) will never beat evil engineering (cat) and its legislation at mass scale (tiger).
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> Frankly, I'm skeptical that anyone would benefit from this kind of conversation, or that anyone here could (or should) provide useful advise beyond what you qualify as "Commercial grade tactical security." Would discussing about security not benefit anyone? Well, I think otherwise. As for advises, yes you are right, and I don't believe in giving and taking advises through public forums either. But Mr. MSuzuqi seemed to be in need of one, so I made a limited exception. I would generally rather peer discussions than giving/taking advises.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> It suffices Edward Snowden, who successfully communicated with Laura Poitras and Glenn Greenwald that way. For months before meeting them in Hong Kong. Without raising a flag at the NSA or any of its partners. Yet, your "commercial grade tactical security" is only level 2/5 on your scale, which therefore does not look very reasonable. You may have a point there, but using encryption on GNU/Linux is the bare minimum needed against commercial intrusion. Less than that, and you are not even protected agaist commercial intrusion. The fact that he exchanged top secret encrypted emails with correspondents probably using *PGP on Windows* (a bad joke) doesn't make the underlying security scheme suitable, even if he was lucky enough to escape it. He might as well have used plain text email on Windows and still not detected, but this wouldn't make it suitable for top secret communications either, would it? So Edward Snowden was using hardened GNU/Linux? Then Snowden or one of his close friends should be quite a security guy and/or fluent with FOSS. Interesting that. I wonder where he got his laptop from. And he insisting on his correpondents must use PGP (on Windows!) before he can communicate with them over email is even more interesting. Given that he was conscious enough to use PGP on hardened GNU/Linux, I would have either (a) given my prospective correspondents an exhaustive recipe, or (b) not used email at all. And the fact that he managed to not get caught in spite of *that* security flop is still more interesting. It seems that it was not Edward Snowden's security savvy, but simply that NSA et.al. have botched it big time - on purpose or not. That being said, there are other aspects of security and privacy. Firstly, (1) I like standing on the safe ground and keep a good dose of safety margin. So I would rather err on the side of caution. (2) We cannot afford to take - good or bad - examples as precedents in defining our security measures. We have to account for the threat *potentials* (and add a healthy dose of margin on top of it) to define them. Second, there are certain curiousities with Edward Snowden case. (3) Edward Snowden might have exploited the status of having a low profile (i.e. not being singled out) by then. I don't know the details of his story yet, but if he was not singled out by NSA prior to his communications with the media, then his encrypted communications might not be scrutinized. Also, he might have taken his chances (as it seems so) and been just lucky. (4) Edward Snowden, Julian Assange... I take such incidents with a small dose of salt. I don't want to delve into it as it is controversial. While I am not skeptical, I don't take anything for granted either. Anyway, regardless of Snowden case, (1) and (2) is enough for me to adopt more strict measures than it is perceivably necessary. (Not that I apply myself everything I say.) A separate topic to discuss vulnerabilities, possible attack vectors and defenses would have been nice, and I had hoped that of the security thread in troll lounge, albeit it has diverged into something else.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> I think by "again" he meant "in this situation as well," not "a second time." Exactly. Using "again" and "but" words connected in a row, I thought I would have conveyed that, but my English skills apparently failed me. Sorry for the confusion.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> If you have a fuge factory, and a enough capital, and some artificial satellites, and some rights for legality, can you make a perfect method? Why do you think these are the factors needed to perfect security? If you have these - you will most likely be visited by FBI/NSA/CIA personally and be told "You should do this or... (add any terrible things you can imagine to complete the sentence)".
Re: [Trisquel-users] Is there a perfect method to guard our communication?
>That is the root of the problem. The question "Is there a perfect method to guard our communication?" has no answer because perfect means complete, finished, not a continuous never ending process. I think so. I can understand somehow now. If before, I could not understand. As this is a no possiblity question, If you have a fuge factory, and a enough capital, and some artificial satellites, and some rights for legality, can you make a perfect method?
Re: [Trisquel-users] Is there a perfect method to guard our communication?
Instead of waiting one could take action. Waiting is like never filing a bug report but simply expecting someone to find the bug and fix it. Or waiting for someone else to identify the browser leaks just to say "how nice" or "how bad". Or never learning because right now there are more "important" (usually meaning more entertaining) things to do. Approaching things step by step surely makes sense but only when there is a clear plan and a possible goal. In case of security in current technology it is known beforehand that absolute security is impossible and there is no real plan. So it is a stepping towards nothing. Defining and working against attack vectors is like blacklisting an infinite and incomplete list of hosts one by one. This is not security but a perpetual escape from insecurity. That is the root of the problem. The question "Is there a perfect method to guard our communication?" has no answer because perfect means complete, finished, not a continuous never ending process.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> That would be utterly stupid. One's face is not private data, especially in > the age of social networking with profiles full of pictures. Exactly. > BTW M$ has very strange understanding of security. Some time ago I read that > when you encrypt your disk with Win10 your encryption key is automatically > uploaded to your profile at microsoft.com "so that it is safe and secure > that you will never loose it". (or something along these lines) lol
