FBI still arguing for “responsible encryption”

Why is this still a thing? There is no such thing as encryption only law enforcers can bypass. The math and computer science on this is pretty well settled, not to mention the terrifying unintended consequences that would be unleashed should the FBI should get its wish. Thankfully, EFF is still on top of this, as Kurt Opsahl does the usual solid analysis taking this to task and taking it apart.
Read More …

2016-01-03 The Command Line Podcast

This is an episode of The Command Line Podcast.

This time, I chat about some recent news stories that caught my attention, including:

You can subscribe to a feed of articles I am reading for more. You can follow my random podcast items on HuffDuffer too.

You can directly download the MP3 or Ogg Vorbis audio files. You can grab additional formats and audio source files from the Internet Archive.

Creative Commons License

This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.

2015-12-19 The Command Line Podcast

old-newspaper-350376_1280This is an episode of The Command Line Podcast.

I will be attending SCALE in the latter half of next month if anyone else planning to be there wants to meet up.

I am also thinking about attending this year’s LibrePlanet, in March. Please consider donating to their scholarship fund to help attendees who might not otherwise be able to go to join the event and learn more about Free Software and the community that uses and supports it.

This time, I chat about some recent news stories that caught my attention, including:

You can subscribe to a feed of articles I am reading for more. You can follow my random podcast items on HuffDuffer too.

You can directly download the MP3 or Ogg Vorbis audio files. You can grab additional formats and audio source files from the Internet Archive.

Creative Commons License

This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.

2015-12-13 The Command Line Podcast

This is an episode of The Command Line Podcast.

I will be attending SCALE in the latter half of next month if anyone else planning to be there wants to meet up.

This time, I chat about some recent news stories that caught my attention, including:

You can subscribe to a feed of articles I am reading for more. You can follow my random podcast items on HuffDuffer too.

You can directly download the MP3 or Ogg Vorbis audio files. You can grab additional formats and audio source files from the Internet Archive.

Creative Commons License

This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.

Help Support a Critical, Free Software Privacy and Security Tool (Updated)

I noticed an update from the GNU Privacy Guard project (gnupg or gpg) come across my feeds the other day. If you have received an email from me that has a digital signature if you know what that is or a bunch of gobblety-gook characters at the bottom if you don’t, the tool that makes those signatures possible is gnupg.

More people seem aware of what encryption is and why it is important. We have had a string of increasingly distressing leaks, the ones from Edward Snowden just the latest, about how many governments in presumed open societies are participating in some very questionable trawling of their citizens’ personal communications. For those still not sure why encryption is important, it is the one technology answer everyone can agree upon that allows individual citizens any sense of secrecy and privacy in their online communications, regardless of who may want to snoop on it and how well resourced those eavesdroppers may be.

gnupg is especially important as it is is both free of charge and freely licensed. That second point is critical, it means that gnupg is open to scrutiny from any expert to help ensure it is free of back doors or other problems that might compromise its effectiveness. For users of alternate operating systems like BSD and GNU/Linux, it is often the only choice for certain applications of encryption. Thankfully, it happens to be a usable and useful one that interoperates with the commercial, proprietary choices available to users of more mainstream operating systems.

That post from the gnupg folks? They are in clear need of help in terms of funding.

Work on GnuPG is mostly financed from donations. To continue maintaining GnuPG so to keep it strong and secure against the ever increasing mass surveillance we need your support. Until the end of November we received a total of 6584 € (~5500 net) donations for this year. Along with the 18000 € net from the Goteo campaign this paid for less than 50% of the costs for one developer.

For a critical project of this size two experienced developers are required for proper operation. This requires gross revenues of 120000 Euro per year. Unfortunately there is currently only one underpaid full time developer who is barely able to keep up with the work; see this blog entry for some backgound. Please help to secure the future of GnuPG and consider to donate to this project now.

Support for half of one developer for a project that could easily engage a handful, full time, year round. Do please consider making a donation and if you are unfamiliar with gnupg, spend some time on the project site. It really is a great tool.

Updated 2014-01-06: At the request of the primary author of gnupg, I changed the title and a reference to GNU/Linux in recognition of gnupg’s formal status as part of the umbrella GNU project.

Scheme for Encrypting Personal Data in the Cloud

Cory at Boing Boing links to an open source project for encrypting your data in the cloud in a way that a service cannot access it. The user’s password is used as the decryption key which would work better than you’d imagine. Most legitimate services don’t actually store your password, rather they store a digest with which they can confirm your correct password with a high degree of confidence without having to know the password. This is web application security 101 since it not only helps protect in the event of a data leak but also helps reduce the operators liability.

The system seems to be based on OpenPGP so builds on known, proven technology. In digging through the project sources quickly, it actually uses Bouncy Castle, a set of libraries with which I have some experience and can say they are pretty good.

When the user is logged out, the explicit removal of their password re-encrypts the data. There is also apparently some consideration given to shared secrets, conceding that much data you put online is for the express purpose of sharing.

If you are curious, the code is available on github and is made available under a generous MIT license.

TCLP 2010-01-10 News

This is news cast 202, an episode of The Command Line Podcast.

In the intro a shout out to SLUG and a huge thank you to Holger for his ongoing donation.

Also, if you are a listener, reader or acquaintance of Tee Morris’ and want to know how you can help in his time of need, you can donate to a fund for his daughter, participate in an auction schedule for next month, or buy one of his many excellent books.

This week’s security alerts are Adobe finally working on a software updater and 768-bit RSA modulus factored.

In this week’s news Jaron Lanier’s Web 2.0 rant, whether cheap tech undermines legal protections including broader ramifications for online privacy, testing the first build of Mozilla’s multi-process project which I first mentioned over six months ago, and the government is skeptical of an earlier suggestion that more wireless spectrum will increase broadband competition.

Following up this week Tenenbaum P2P case defending seeking to overturn damages as unconstitutional and FCC seeks extension for broadband plan.

[display_podcast]

Grab the detailed show notes with time offsets and additional links either as PDF or OPML. You can also grab the flac encoded audio from the Internet Archive.

Creative Commons License

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

Quick Security Alerts for Week Ending 1/10/2010