$2,000 FREE on your first deposit*Please note: this bonus offer is for members of the VIP player's club only and it's free to joinJust a click to Join!
Exclusive VIPSpecial offer

🎰 YouTube

Thorp blackjack metodo not happens))))
  • Exclusive member's-only bonus
  • 100% safe and secure
  • Players welcome!
  • 97% payout rates and higher
  • Licensed and certified online casino

Metodo thorp blackjack

Sign-up for real money play!Open Account and Start Playing for Real

Free play here on endless game variations of the Wheel of Fortune slots

  • Wheel of WealthWheel of Wealth
  • Fortune CookieFortune Cookie
  • Wheel of Fortune HollywoodWheel of Fortune Hollywood
  • Wheel of CashWheel of Cash
  • Wheel Of Fortune Triple Extreme SpinWheel Of Fortune Triple Extreme Spin
  • Spectacular wheel of wealthSpectacular wheel of wealth

Play slots for real money

  1. Make depositDeposit money using any of your preferred deposit methods.
  2. Start playingClaim your free deposit bonus cash and start winning today!
  3. Open accountComplete easy registration at a secure online casino website.
Register with the Casino

VIP Players Club

Join the VIP club to access members-only benefits.Join the club to receive:
  • Loyalty rewards
  • Monthly drawings
  • Slot tournaments
  • Unlimited free play
  • Exclusive bonuses
Join the Club!

Channel 4 roulette russe. Restaurants near the crown casino melbourne. Juegos samsung blackjack. Closest hotel to mountaineer casino. Thorp blackjack chart ... Click to Play!

They pay me to do this." Sure.. Ed Thorp was way ahead of the curve.. Thorp recognized that Blackjack is a matter of cosmic importance. Click to Play!

http://www.blackjackforumonline.com/w-agora/view.php?site=bjf&bn=bjf_forum&key=1273989592. There's also a. So he asked me to do some sims to uncover... not least, Dr. Edward Thorp for inventing card counting. ETF. Click to Play!

Darryl Purpose is a battle-scarred veteran of the Blackjack Wars. He moved to Las. Darryl: I had read Thorp's book. I was a bad counter.... One of the guys who lost money asked me to do a favor for him. He wanted me to ... Click to Play!


Biografi Roulette ‒ J. Doyne Farmer


O grande matemático Edward O. Thorp inventou a contagem de cartas, provando o que parecia impossível: derrotar a banca na mesa de blackjack.. Seu enorme sucesso e seu método matematicamente incontestável causaram tamanho.
Channel 4 roulette russe. Restaurants near the crown casino melbourne. Juegos samsung blackjack. Closest hotel to mountaineer casino. Thorp blackjack chart ...
Las Vegas Blackjack Diary - Free ebook download as PDF File (.pdf), Text File (.txt) or read book online for free.. Thorp's Beat the Dealer; Lance Humble's The Worlds Greatest Blackjack Book; and Lawrence.... took me to do so then.


Las Matemáticas del Blackjack


ERROR: Forbidden Metodo thorp blackjack


Channel 4 roulette russe. Restaurants near the crown casino melbourne. Juegos samsung blackjack. Closest hotel to mountaineer casino. Thorp blackjack chart ...
http://www.blackjackforumonline.com/w-agora/view.php?site=bjf&bn=bjf_forum&key=1273989592. There's also a. So he asked me to do some sims to uncover... not least, Dr. Edward Thorp for inventing card counting. ETF.
15 Questions.



Full text of "Sports Illustrated 1964-01-13"


metodo thorp blackjack
Todo esto empezó con Edgard O. Thorp, considerado el creador de la técnica de contar cartas y fue quien encontró la fama al vencer al juego de blackjack.. Ellos emplearon un método que consistía en realizar varios cálculos matemáticos.
Las Vegas Blackjack Diary - Free ebook download as PDF File (.pdf), Text File (.txt) or read book online for free.. Thorp's Beat the Dealer; Lance Humble's The Worlds Greatest Blackjack Book; and Lawrence.... took me to do so then.

metodo thorp blackjack Friday Squid Blogging: Giant Squids Have Small Brains New : In this study, the optic lobe of a giant squid Architeuthis dux, male, mantle length 89 cmwhich was caught by local fishermen off the northeastern coast of Taiwan, was sky vegas blackjack using high-resolution magnetic resonance imaging in order to examine its internal structure.
It was evident that the volume ratio of the optic lobe to the eye in the giant squid is much smaller than that in the oval squid Sepioteuthis lessoniana and the cuttlefish Sepia pharaonis.
Furthermore, the cell density in the cortex of the optic lobe is significantly higher in the giant squid than in oval squids and cuttlefish, with the relative thickness of the cortex being much larger in Architeuthis optic lobe than in cuttlefish.
This indicates that the relative size of the medulla of the optic lobe in the giant squid is disproportionally smaller compared with these two cephalopod species.
From the : A recent, lucky opportunity to study part of a giant squid brain up close in Taiwan suggests that, compared with cephalopods that live in shallow waters, giant squids have a small optic lobe relative to their eye size.
Furthermore, the region in their optic lobes that integrates visual information with motor tasks is reduced, implying that giant squids don't rely on visually guided behavior like camouflage and body patterning to communicate with one another, as other cephalopods do.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Read my blog posting guidelines.
Trust Issues: Exploiting TrustZone TEEs Thoth, Clive Robinson The End of Triple DES "The US National Institute of Standards and Technology NIST has just announced withdrawal of approval for triple DES also known as 3DES, TDEA and sometimes DES EDE in common protocols such as TLS and IPSec.
Secure the Whole World Will Be.
Kaspersky Free is due to be released.
You can't blame the company for wanting market penteration.
Exclusive: Congress asks U.
It could also potentially be used to attack self-driving cars or confuse air bag sensors in automobiles.
HawkEye Credential Theft Malware Distributed in Recent Phishing Campaign EVERY app offered by alternative Android app market redirected to malware Wallet-snatch hack: ApplePay 'vulnerable to attack', claim researchers Hackers can turn web-connected car washes into horrible death traps The opsec blunders that landed a Russian politician's fraudster son in the clink for 27 years Upcoming USB 3.
We do have Taylor Swift tweeting but she occasionally says sensible things so she doesn't fully count.
We need more headlines like: Batboy uses APT to hack Batman's car, run over Robin.
Twin Headed Mark Zukerburg Seen Using Both Tongues to De-Worm Tim Cook's Apple.
Crows Demonstrate Advanced Tool Use Phising Vultures with Spoofed G-Mail.
To recover from the 'damage' and to seek revenge the the Department of Justice is currently being politicized.
When misused, these agencies vast data-mining capabilities become extraordinarily powerful weapons.
This abuse of law brings shame upon the Land of the Free and the Home of the Brave.
We are declining into hell.
Just listen to the cursing language alone.
We've stumbled upon the rage making the Devil red.
Good security requires humans to seek The pure attributes — certainly NOT those of Cane and Abel.
We touched on the fact that not all electroactive materials are equally scarce or expensive.
Conductivity is an important figure of merit, but material cost and redox potentials are critical too.
Goodenough, age 94, recently showed that conductive glass can revolutionize lithium batteries.
His invention probably applies to sodium ion batteries as well.
There is more than enough iron, aluminum, silicon, sodium, carbon, chlorine and various other very inexpensive elements to make a real difference.
It will take more than one technology to provide a good fit for each application.
I thought that I said this some time ago: The carbon in Wyoming, Utah, Montana, Colorado, and West Virginia should never be burned.
Australia, Mongolia and China should be included in this list.
The coal should be used as electrode materials in grid-scale supercapacitors and sodium-ion batteries, as well as in manufacture of wind turbine blades and other energy infrastructure via a pitch process.
Coal is far too valuable to burn.
I definitely pointed out that hydrogen can be used for grid-scale storage by repurposing existing thermal power plants to burn hydrogen.
That applies to coal-fired, natgas and even nuclear plants.
The thermal losses are more than made up by the capital savings.
To say nothing of the savings in middle East adventures and genocides.
The US could have put the entire electric grid on solar hydrogen for what was spent in Iraq and Afghanistan.
I've probably said before that the two greatest inefficiencies on the old blue marble are the failure of trust to scale and the difficulty of transducing sunlight into useful energy.
The latter has changed to the point that the greatest inefficiency is no longer transduction, but storage of renewable energy.
Even that problem is going to yield soon.
The failure of scalability of trust is substantially what politicians and their propagandists exploit.
It's a much harder problem, but the police are being brought to heel one video at a time.
They will be replaced with nonviolent robots, which have no fear of being harmed.
Maybe there is cause for hope.
It is going to be a very close shave to find out whether the human species can navigate Grinspoon's gauntlet.
That is the narrow space where political skills are tested against the capacity for destruction to find out which side of Woody Allen's crossroads we take.
We've been moments from failing the test several times.
I would point to a failure of imagination in designing robust systems.
Let us pray that we have the wisdom to choose correctly.
Which means there is a posability a rational eye will get cast over other aspects of digital marketing such as "Personal Profiles".
If it does, and new EU privacy legislation might incentivize such a view, then maybe PII will lose it's faux gleam of gold.
What this might do to the likes of Google, Facebook and Twitter is not yet known but the gloss is coming of both Facebook and Twitter as their lack of expansion is being seen by investors, sufficient that comment is made publicaly.
Bond is then seen putting a dial sensor head onto the safe combination lock, which then fairly quickly finds the combination and the safe is opened.
Many places opted the "war path" whilst a few braver ones chose a different path.
Well fourteen years after Portugal effectively De-criminalized drugs it has had a very significant drop in the rate of drug deaths and is now one of the lowest per head of population in Europe.
The key point is that they moved who dealt with drugs from the justice system to the health system.
I guess this success story is not what the "War on drugs" devotes want to hear.
But hopefully it will encorage other nations to try the same and thus we get better insight to the issue.
Security modelling is heavily lacking.
The poor, the pigmented, the anti-war activist, the politically active young folk.
The idea that the government gets to decide what your pursuit of happiness should be allowed to do is obscene and irrelevant.
The horrible example of the Volstead Act banning alcohol should have pointed out the stupidity of trying to legislate morality.
We have the universal holding act now in USA, they have made neurotransmitters in everyones brain schedule 1 prohibited substances.
A new directive from the SG MINDEF requires all SG military personnel be it in uniform or plain clothes services to support their country by being the eyes and ears via downloading the SGSecure app onto your phones per new directive.
The SGSecure app is essentially a snitching app where you use your smartphone to SWAT and snitch on whomever you want.
It allows upload of media and text to a command center which personnels would receive snitching reports in realtime for 'quick reaction'.
This would essentially turn every single SGPorean into an involuntary snitch as long as they are serving the MINDEF.
STAZI STATE HAS ARRIVED!!!!!!!
Lists from other places and times are about the same: 123456 123456789 qwerty 12345678 111111 1234567890 1234567 password 123123 987654321 qwertyuiop mynoob 123321 666666 18atcskd2w 7777777 1q2w3e4r 654321 555555 3rjs1la7qe google 1q2w3e4r5t 123qwe zxcvbnm 1q2w3e See any problems?
The one that bugs me most is: NO CAPS!
Could it possibly be using one capital letter could take your password out of the top 10,000.
Why one lower case word time after time, not two or three?
Why is a dumb word like "dragon" the number seven most used password?
That makes no sense.
How could potentially millions of people como al casino el blackjack using THAT pw?
What about other languages?
Americans could never think of "bueno" for a password?
I am thinking there is something wrong with the list, or something very wrong with the IQ of Americans based on this list.
OK, I certainly agree there is room for easy, throw away passwords, for example, a site that only requires a pw to read their articles.
Who cares if it's snatched?
Your bank account is a whole differnet matter, though.
Also, a lockout limit of ten tries or less would certainly reduce cracks.
Last, my suspicion is the government and corporations are already recording all of our passwords regardless of how good they might be because: Security.
Scroll through list at, say, What do you think?
Password is a bad authenticator when used alone.
Bad entropy and mostly repetitive and predictable.
Passwords may even be recorded as you said and then quietly used to attack the users' account.
Boils down to convenience-vs-security as usual.
Nothing can be done as long as the consumers are still fine with oasswords, websites are fine to just accept passwords and browsers being crappy.
We have been raving and ranting and the fanbois have refuted vigorously.
Now it's kinda an official waving of white flag.
Well, we should pretty much let thwm figure it out and capitalize it.
If I was a SigInt agency in another nation I would get a copy of thr app and rip it appart to find weaknesses that could be used to identify SG MF personnel and their locations and habits message, blackjack slot games apologise has been done to other nations MF.
Secondly if I was a SG MF person my phone would rather quickly not be a Smart Phone.
New Cold War Trump says he will sign bill imposing new sanctions on Russia Financial Times Collateral Damage: U.
Sanctions Aimed at Russia Strike Western European Allies Counterpunch Glenn F Brussels braces for confrontation with Washington over sanctions on Russia New Europe micael.
The Al Aqsa Protests Prove That Palestinian Nonviolence Has Arrived Forward Sid S.
I had thought about getting a Roomba, half as a cat toy….
The Soviet InterNyet aeon micael.
Key quote: …the story of the Soviet internet is a reminder that we internet users enjoy no guarantees that the private interests propping up the internet will behave any better than those greater forces whose unwillingness to cooperate not only spelled the end of Soviet electronic socialism but threatens to end the current chapter in our network age.
My question: So the best possible, secure and convenient replacement for passwords is?
I hope you aren't going to say biometrics.
And, thinking that through, cannot biometric authenticators be hacked, sometimes literally too?
I am thinking if 'they' are already recording passwords, they most certainly can and will record fingerprints and faces.
Meanwhile, if 'they' get your face, it's really hard to create a new one.
Biometrics cannot be used alone as it is rather easy to defeat biometrics that are used alone.
Weigh the situation to see how different authenticators can be used to meet the level of authentication required.
The good thing for the 5Eyes ICs is that all known ARM A series chips, Intel and AMD chips are backdoored in the hardware level and the leadership here gladly touts iPhones and Androids while in office and a boon for collection of SigInt from the upper echelons here.
Bank tellers are saying they think it is an upgrade to the ATM machine.
It is almost guaranteed to trip up the Auslander.
I stifled a laugh when a colleague told me that his hotel was on "Roo-bin-steen-strab" Reußensteinstraße.
The answer is dependent on not just your requirments, but the design and functionality of what you are protecting.
Take a phone, the requirment is low security but fast response for incoming calls.
But high security with no response time limitation for the dats storage on the phone.
As far as unlocking the receive call function the security is low because the level of harm that can be done by somebody forcing it is low.
Thus a biometric finger swipe is about as fast as you can get.
So "Something nedir behind blackjack bet are".
As far as unlocking the data storage function the security is about as high as it gets for the phone.
As the unlock response time is effectively irrelevant entering an unlock string of a hundred or so characters is only an issue for the human mind.
So "something you know".
The reality for duress these days is not torture but contempt of court, which boils down to jail time often in solitary untill you reveal the password.
However contempt of court is subject in most places to a "reasonableness test" thus it can only be levied if you are "wilfully witholding" information.
Which makes things a little more interesting.
As I have mentioned before, "something you know" does not have to be a password, it could also be a time or a place.
Therefore if the phone has a time based lock out or other trip the password would not function unless entered at the correct time in the correct place.
There is nothing to say that the place need be in the juresdiction you are in.
If they decide not to cough up the right key share there is nothing you can reasonably do about it.
Further if there are three or more key share holders there is no way to show if one of them is supplying a false key share.
Thus you can take this information and build a system around it to show that you do not know the information of how to get into the phone data store, just who to ask, who also happen to be beyond the courts reach.
Some ATMs have had modifications to make the insertion of shims harder, others clear blocks to prevent earlier types of skimer.
Have a look at Brian Krebs site, he has a page dedicated to ATM skimers and pictures showing not just skimmers but ATM modifications.
Hmm where have I heard that refrin befor, was it the US before Obama made it clear the NSA had copies of phone conversations between US senators and right wing Israeli politicos.
Or was it in Germany befor Mummy got outed.
Oh then there was that US diplomat woman who slagged people off over her phone and it got published in newspapers.
Yup you'ld think people would have wised up by now, especially if they are at the top of a very shaky pile with a very long way for them and their family to fall.
The USA police lobby is no doubt patiently waiting for the right situation to reveal itself to demand a change in the law to jail people for not rele asing pws.
It will happen soon enough.
I call it the BS justification for repealing constitutional rights.
How about a key that dissolves in visit web page />Then the device can only be opened as a factory reset.
I think the issue hasn't been brainstormed enough.
Meanwhile, isn't the password still the best possible safe and convenient method of authentication right now?
Maybe we should work on better passwords.
I remain opposed to standard police based biometrics, especially facial ID which is the golden fleece of World Wide ID.
Meanwhile, fingerprints not only can hacked legally and illegally with ease for the determined adversary.
Does anyone know of bulletin board software such as Vbulliten that implements hardware two-factor authentication such as Yubikey for administrators and moderators?
Ideally of course open source.
He said most Tor users don't use hidden services.
You are entitled to your Resistance-Is-Futile opinion but you should not stick your hand up someone else's butt and shake him around and make him say it like he's your puppet.
And FBI getting lucky catching nitwits is not evidence.
As you know, Silk Road was so infiltrated that featherbedded Feds took advantage of the commotion to steal bitcoins for their personal retirement nest eggs.
And Cazes put his Alphabay contact email everywhere but on the Goodyear blimp.
Neither instance is dispositive of Tor vulns.
It's much more consistent with FBI finding, or eliciting, easy-bust crime by helpless morons, in a cookie-cutter adaptation of their so-called counterterror provocations.
They stole the emails too.
Israel is capable and they want to dominate US politics.
Seems to me, there is no need for authentication to rec.
Seem to me, there is no project diva arcade for unlocking to receive a call on the properly locked smartphone either.
For that matter, receiving text shows up on the properly locked smartphone, among other things.
It's really good, especially if and when the same smartphone is also used for "two-factor" authentication via PIN number.
Now Honolulu becomes the first major U.
They are overweight with low sperm count.
Forget marriages and families to repopulate the Earth.
From these observations I for one am tired and disappointed in the zombie generations.
Who would prefer the intelligence of a cyborg or robot instead?
Maybe the ulterior plan is to reduce the numbers of humans and make Earth sustainable.
If this is the plan, its already working.
Simply give smartphones free at puberty 13 and supplement with pleasure dolls to supplement the porn.
Benefit of Robots With robots replacing people no more wars will there be less of a need for lies politicansadvertising data-mining and eavesdropping spies?
Will a robot neighbor better maintain their house like cutting the grass?
Will robot mates change their mood without getting angry or offended?
Will robots decrease road rage and accidents?
Will robot need health insurance or food?
Will robot offer reliable, deeper and life-time friendships?
Will a robot do the household chores without complaint?
Will a robot be your personal physician and nurse?
We Can Change The World not!
Without drastic change, the number of people will markedly decrease in each successive generation.
Just as robot capabilities will drastically increase already today social media consists mostly of revenue bots What will it take to reverse this terminal end-game?
How about basement income with free Internet access?
This is what I've wrote about passwords in my blog couple of years ego.
Password had been with us for a very long time and has shown incredible persistence.
Despite countless attempts and near-universal agreement to replace them, passwords are more widely used than ever.
Poor security is obviously the main concern of security experts.
However, since even strong authentication technologies are vulnerable to certain attacks, more details on exactly what is required of a replacement is essential.
There is little to disagree with here; however, it does not point into the direction that would be a suitable replacement.
The resources protected by passwords are diverse, from local and corporate accounts, financial accounts with substantial assets, throwaway email accounts, web forum accounts and so on.
Clearly, not all type of accounts have the same security needs.
Nor do all people have the same metodo thorp blackjack needs; politicians and celebrities in general may require better protection than others need for banking.
What should be the starting point for evaluating technologies for the password replacement?
Evaluating the current vulnerabilities for password authentication system is a good starting point.
After all, one of the implicit goal for the new authentication method is more security.
While usability and cost are important, they usually take a backseat when increased security is required.
The end-users and upper management certainly will disagree, but let us just go with the initial assumption and aim for secure authentication.
Password requirements have changed substantially during the years.
Most, if not all systems allow settings password policies that includes complexity, account lockout after x number of attempts and defines expiration as well.
Guessing complex and relatively frequently expired passwords is not that productive.
So, what is wrong with the password?
It is vulnerable to key-loggers, social engineering, and password cracking.
Arguably, the client devices are the most susceptible for having the account credentials stolen.
The source of this issue is the malware-infected devices that had been with us for a long time and will continue in the near future.
The compromised host or a mobile device enable cyber-criminals to bypass virtually every two-factor authentication system.
Social engineering is manipulating people so they give up the sought after information.
Password cracking requires the password hash that is stored on the device locally, or on the authentication server.
Without password hash, none of the password cracking solution would be able to decipher the password.
Cyber-criminals utilize various means to obtain access to the password hash, such as exploiting system vulnerabilities, client devices and social engineering.
With the compromised authentication server at their disposal, cyber-criminals are capable of bypassing virtually any authentication system.
Are these password vulnerabilities, or the culpability belongs to somewhere else?
The logical answer is that both the client devices and servers are responsible for the password vulnerability.
Securing these devices should be the first step in preserving the integrity of the account credentials.
Otherwise, the biometric or other types of authentication methods may not provide the desired level of account security.
For cyber-criminals, it does not make a difference, if the stolen account credential is password or fingerprint for example.
Well, there is a difference.
It is easier to replace the password than the fingerprint.
Not to mention that while passwords are unlimited, fingerprints for the end-user in question limited to ten.
Based on history, securing the client devices and authentication servers is not likely to take place anytime soon.
In which case, replacing password with other authentication methods may provide a seemingly marginal security improvement.
The security improvement might turn out to be temporary in nature.
At least until the cyber-criminals develop malware that exploits different authentication methods with ease on a wide scale.
Keep mind that there is malware available now that capable to exploit two-factor authentication method.
If I interpret your comments correctly, I think you are saying, 'sure passwords suck, but there's no viable alternative at the moment'.
If so, I agree.
I also appreciate your skepticism regarding alternatives like biometrics.
If passwords can be cracked, why not biometrics?
Must admit I am NOT sure where you are going with, "securing the client devices and authentication servers is not likely to take place anytime soon".
How does one secure a device, other than by password and pin?
I am going to jump in here with a thought that seems to have zero traction.
My thought is governments and corporations everywhere are secretly and literally stockpiling usernames and passwords in the name of security and profits.
Authentication is an unfinished piece of work, that needs to be finished.
What took so long?!
I have long wished that 'operating a phone whilst in locomotion' was subject to a penalty.
The above doesn't go far enough just crossing the street and isn't much money relative to the activity - but it is a start.
The number of times I've been walking a busy city street to have phone texters literally walk into me - not to mention the multiple hazards without even leaving the pavement.
When I'm walking I'm looking at everything 180 degrees One the other hand, some may prefer old mate Darwin to get a say, whereby the penalty for crossing the road looking at phone is - wait for it - being required to cross the road repeatedly, whilst playing with said phone?
I know a great game.
It's called take a stick who can poke the most holes?
But hey, if the boss says 'everythings fine' - then great!
We assume that TOR is suppose to be a Castle Castle Model to protect against metadata harvesting, interception of communications and manipulation and disruption of traffic.
Give it any name, it still does the same function.
Nice try justifying to legitimize TOR in front of journos and politicos but not trying to point out that all the misconceptions have their roots traced back to 5Eyes IC, LEA, Def Contractors' offensive mission plans to discredit anyone trying to evade tracking and the campaign the Powers That Be trying to smear privacy and personal security is actually working pretty damn well.
Similarly to be fair what can be used to proof that TOR is compromised.
He can trust his friends running the relay but why do we need to listen to him and believe his friends?
You do not need to break a protocol but just break the underlying computing layers and the protocol would simply be useless.
This is how Apple's iPhone case was solved by simply finding vulnerabilities in the implementations and not needing to write backdoors or frontdoors.
Shaky grounds at best.
Nice try doing them on shaky grounds.
At least use them on OpenBSD but hey, TAILS would be very secure right?
All that TOR + Firefox + Debian Linux + Gnome 3 magic?
How about a TAILS OpenBSD edition to make it even more secure at the very least?
Most Tor staff are Linux users, but the project is used by heaps of folks on Windows.
If the user is too lazy to do a Live CD boot, they might as well forget about security because they are not keen on trying to do something pretty simple like a Live CD boot which is inserting a CD or even a USB boot image into more info PC.
Try harder to evade their detection and you will probably be flagged.
If TOR really wants to provide higher security, the above suggestions need to be used to make TOR more secure but alas, just like any organisation they stagnate.
TOR will be honored by having a place on my Hoilydays.
It has to do with two basic issues "communications security" and "end point security".
If you think back to the time before the mid 1980's the big problem in the communications security area was that with the early network or serial terminal communications the password went in plain text along the wire, where it could be easily grabbed via a "vampire tap" or inductive or capacitive probe.
In secure facilities of the time the wires were put in pressurized conduits with preasure sensitive alarms along it's length and the conduits mounted in a way that visually checking them along their entire length was easily possible, and a technician would "Walk the Line" frequently.
There were other systems used later such as Time Domain Refectomatory TDR and end to end encryptors.
To bring the communications security more upto date it's been known that for some time SSL had very real link and now and for the foreseeable future it would be safe to assume in all probablity vulnerabulities still exist.
So for the likes of the SigInt agencies like the NSA, GCHQ et al, who all prefere to work one or two steps upstream of a target for their own security.
The SigInt agences preference would be to get at the plaintext password in transit by exploiting crypto system faults, rather than put "end run" spyware on a targets communications end point where it can be found or easily removed.
However for LEO's currently the opposit applies due to legislation and warrant requirments, but that will no doubt change.
Thus you have to consider how to make the password only of use to the user not an evesdropper.
The original idea for this was a One Time Password.
The failure as I've noted here more than a few times was due to having an incorrect thought process of "authenticating the channel at setup" not "authenticating each transaction".
Worse still some people decided that determanisticaly generated One Time Passwords that changed with time would be fine.
We saw that idea crash and burn with the RSA secure ID tokens, when attackers simply stole the seed values from the RSA tech support system where they were stored.
Securing the communications between a client end point and server end point is a very hard problem, but we do know of solutions.
But even if you secure the logical communications channel and authenticate the transactions within it you still have the end point problem.
If your security end point is not beyond the communications end point devices then there is a vulnerability to "end run" attacks, of which there are a great many.
The most well publicized end run attack is "Shoulder Surfing" that is you somehow get to see the users fingers move and thus work out the password they are typing in.
Only slightly less well known is "key loggers" where a physical device is put between the keyboard and the computer.
Then there are IO shims in the device driver level etc etc.
Energy radiated from or to the keyboard and electronics likewise.
The only answer we have to this is to extend the security end point around the user by "energy gapping" them from the world outside the security end point.
Which in essence is what a Sensitive Compartmented Information Facility SCIF, pronounced as "skiff" can do.
But only if it is properly setup and security managed 100% of the time, which is difficult to do.
As I've mentioned before I use elbow crutches.
The consequence of this is unless I behave recklessly I move slower than those walking behind me.
Thus just like a post or rock in a flowing stream I have an eddy in front of me.
People comming towards me discover that when they get to me I'm not going to get out of the way because it's dangerous for me to do so.
So they push back into the oncomming stream and create considerable turbulance when they do.
HOWEVER you get the "dip5h1ts" playing with their phones, iPods, games consoles and even watching movies.
I see them and I stop, they walk into me, and then some have the gaul to accuse me of being in the way.
Although I have not done it yet the temptation to kick them hard somewhere sensitive then shish kebab them on one of my crutches is getting to the point of irresistability.
Perhps a law that would permit me to just stomp on them till they squealed --not squelched-- would stop me from doing one of them serious injury from the shish kebabing they so rightly deserve.
In a way dingledine signs the "actually we are clueless" declaration without even understanding it.
He knows x% of the node or whatever people?
Nice for him but utterly irrelevant.
He'd vouch for them?
And nsa spooks vouch for surveillance being the best thing for the citizens right after sliced bread.
The problem with both tor and dingledine is this: security isn't based on "humpty dumpty bang bang" incantations or other social vodoo.
It's based on proper analysis, proper design, proper crypto, and proper implementation.
And the measure isn't "hey, they're anime blackjack series pals" - it's logic and reason.
And it's verifiable - or not, as in the case of the tor, "secure linux distro", and spooks swamp of questionable vodoo "security".
His facebook hint is, pardon me, simply moronic.
One might as well declare crime irrelevant because, duh, hardly x% percent are criminal while most people act legally.
Summary: That guy made an attempt at - rather blunt - social engineering.
Let his musings be discussed on reddit.
Here we have another topic: security.
Reason: Such laws would hamper the process of natural selection.
In fact, I'm all for opening click covers of manholes on sidewalks.
The follow-on phases can proceed within minutes.
Clive has done an excellent job of explaining the limitations of various models e.
I forgot to include these yesterday:.
The debasement of the Grey Lady continues.
I'm including the space link because I realized yesterday that offering satellite launch service creates an opportunity to inspect and modify the encryption hardware.
Police State Watch 34 criminal cases tossed after body cam footage shows cop planting drugs Ars Technica.
Hackers break into voting machines in minutes at hacking competition The Hill.
Imperial Collapse Watch Measuring up US infrastructure against other countries The Conversation.
Big Brother IS Watching You Watch Apple Removes Apps From China Store That Help Internet Users Evade Censorship NYT.
Also Bush and Putin and one or to other well known names.
Better 2nd try at 02:33.
Arbitrary state interference with Tor is an inductive question, since it may or may not be succeeding at any given time.
But the notion that acting to defend your privacy just gets you in trouble, or flagged, or something vague and ominous, that's just standard cop-level scare tactics.
The fundamental thing that makes you come off like a government propagandist is the fixation on impugning elements in isolation.
When you know that reliability is a complex function of parallel and serial components, and that complexity can work for you or against you.
When you know rational persons use multiple social and technical privacy protections in diverse combinations.
It may not be bad faith, maybe it's just ego-involved debate stuff, but you're talking like nobody knows that assemblages have emergent properties, so can blackjack forum magazine join won't occur to them if you don't say so.
That can either be dishonest or dumb.
Either way it fails to make the case.
Or that he and a graduate built what is possibly the worlds first wearable computer to exploit it?
Well things have got smaller such as large postage stamp size some call NanoSats, Fun as they sound, you have to remember they are moving at a similar speed to flakes of paint that have shot through the aluminium skin of other space vessels, so they are potentially quite deadly.
But their computers can't match Narnia and George developed by Taft.
Shannon and Thorp surpassed Taft in theory, physics and mathematics, but they were no match to Kieth Taft's electronics wizardry and innovation in the field.
Only Narnia would fair well against https://fukiya.info/blackjack/blackjack-dealer-exam.html rigged shufflers of today.
I hinted at that to ianf athen againbut he didn't bite!
If you play at casinos, you are being cheated, and legally so.
Because regulators aren't well versed on how Random number generators work, or more importantly: how the random output is used!
Either that, or they're in on it.
All you have to do is search for patents of a famous shuffled brand ; so they are potentially quite deadly.
Learned a few things and a couple of new words.
So long as the sprites are lower than 400 miles, it's all good - so they say!
Scientific American and Discover were my two favorite publications until the mid nineties.
Ab proboscis, as the most articulate advocate, makes it clearest.
Joanna Rutkowska distinguished at least three approaches to security: correctness, isolation, and obscurity.
Ab proboscis is the apostle of fundie correctness.
Correctness would certainly be nice.
But Rutkowska, taking the pragmatic approach of a person for whom the computer is a means and not an end, has looked at the world as it is today and chosen to compensate for deficient correctness with isolation and obscurity.
That may be why Snowden, who was pragmatic enough to make fools of the NSA, has chosen to make use of it.
Let us hope, for his continued survival, he uses it judiciously and supplements it and complements it and tinkers with it to make its many weaknesses idiosyncratic and harder to exploit.
As everyone knows, it would be dumb to rely too much on any one technical expedient.
That brings us to the strange part of this reasonable insistence on correctness: the name-calling.
Fanboi-ism, humpty dumpty bang bang, incantations, social vodoo.
No matter how much you make fun of them, people are going to defend their right to privacy and association and information and expression.
What purpose is served by ridiculing a caricature?
That line happens to support DoJ's propaganda campaign of scaring people away from all technical privacy protections.
It raises the question, Whose side are you on?
If there are only a few hidden services and thus the "dark web" is in fact non-existent then a that is very bad for Tor generally because hidden services were one of the main motivating factors for keeping Tor going after the US Government "abandoned" it.
Seriously, come on Roger, do you really mean to suggest that whole game plan all along for Tor was to serve as super secret backdoor into FACEBOOK??!!
Or maybe Roger means to imply that while maybe Facbebook isn't the past it's the future so everyone should be prepared to kiss Mark Zukerburg's ass as he runs for President?
Is this more frosting on the cake to make the honeypot sweeter?
Reading between the lines what I hear Roger saying is: "people, relax, you don't have to worry about Tor because under my leadership we messed things up so badly the whole project has failed its mission.
If you say so Roger.
Maiming my nick and using for yourself the name of a colonia dignidad sadist who is accused i.
Of course that lends lots of credibility to your trying to paint me as an nsa affiliate.
Unfortunately, you are less smart wrt.
Didn't it strike you that isolation must be based on safe code, too, to work?
Plus an attempt at argument by authority.
Rutkowska who all but abandoned the oh so great and secure and game changing project - I'm impressed.
Bend it any way you like, fact of the matter is and stays that IT safety and security are vitaly depending on verifiably correct underpinnings and building blocks.
Without that you can incantate your "Rutkowska!
Next Hoilydays inspiration would be Voodoo doll themed!!!!
It is funny that isolation would click here the trick and we have a ton of so-called "security isolation" and one very good example is ARM TrustZone especially the Qualcomm's QSEE implementation of the TZ.
Yes it does "security isolation" and all that TZ Voodoo and metodo thorp blackjack we have up till now is still holes in QSEE's "secure isolation" mechanism.
I believe Ben A posted a news on the TZ exploit news in the first post above and I have refused to answer since I see no point in discussing it here these days.
We can try to raise awareness of the problems we discover or noticed but nobody cares and some might even start calling us out.
Not worth the effort.
Let them continue uninterrupted in their Voodoo Golden Stickers dreamland.
Must admit I am NOT sure where you are going with, "securing the client devices and authentication servers is not likely to take place anytime soon".
How does one secure a device, other than by password and pin?
This includes operating systems, applications and the hardware in itself.
Patching these is like a "whack-a-mole" game, as soon as you do one, there's another patch that you'll need to install.
Open or closed source software makes know difference when it comes to vulnerabilities, it never did.
And here we are looking for secure authentication, when the platforms in themselves are not secure.
These vulnerabilities allow program logic errors, buffer overflows, man-in-the-middle, or its derivative of the man-in-the-browser, based attacks that can circumvent any authentication method, including SecurID, PIN, biometric, etc.
In my view, implementing secure authentication should start with securing the platform first.
In which case, the password based authentication could be just as good as any other type of authentication.
There's read more reason why password had survived any other authentication methods.
I am going to jump in here with a thought that seems to have zero traction.
My thought is governments and corporations everywhere are secretly and literally stockpiling usernames and passwords in the name of security and profits.
I doubt that beyond the authentication servers on hand, there's an active effort from either parties to do that.
However, citing Rutkowska is not argumentum ad verecundiam.
She's not an authority, she's an click to see more of how engaged users go about their business.
So in dismissing her, you assume away all the actual human rights defenders who can't wait for your EAL 8 utopia.
What exactly do you do for them, other than making fun of them?
Thoth's very good suggestion of OpenBSD-Tor is a case in point.
Why hasn't anyone put an iso up on github?
Where are the OpenBSD Qubes templates to go with the unikernel firewalls already in place?
OpenBSD is a pain in the ass.
The features of OpenBSD that make it catnip for hobbyists make it useless for civil society.
That's because if your starting point is not human security, all this perfectionistic work is pointless wanking.
Reason: Such laws would hamper the process of natural selection.
I don't care if they make it illegal or not, jay walking laws have not stopped jaywalking.
What I want is like a "stand your ground law" for anyone the varmints walk into, and then have the gaul to blaim the person who was not beying a jacka55.
Obviously I don't want a "throw them under a bus" law, because that has other side effects.
Just a law that alows me to take a bit of indignant action to make them realise that, A, they were being totaly gormless.
B, that gormless behaviour can hurt.
Though I do like the idea of open manhole covers, and perhaps a few low hanging branches or signs.
If they don't get feedback that certain actions are not to be taken, then there is no incentive for the gormers not to do them.
There is that old saying about "Children and fools should not play with sharp edged tools".
Whilst I would not wish to lop off their texting finger perhaps a little twisting to give a sharp reminder, much like the old story about children and hot things.
Obviously it follows that pain is part of the natural learning process for dangerous activities.
So why should I not administer a little pain to a gormer that walking into a six foot six guy on crutches is not a risk free activity.
Oh and the reason for pain not removal from the genetic pool is so they can show their injuries to their friends who are just as likely to be other gormers and hopefully they will learn with out me having to go to the effort of teaching them the hard way.
Story of four US Army enlisted men who derived the blackjack strategy later used by Thorp: "Roger Baldwin, Wilbert Cantey, Herbert Maisel and James McDermott -- long known by blackjack insiders as the nearly mythical 'Four Horsemen' " Cantel obituary: Their paper: Roger R.
BaldwinWilbert E.
So, I was wrong, and my "awsomely sakkure system" running in a browser plugin running on lisux-d is not secure with golden stickers alone?
I need voodoo stickers, too?
I had expected min.
A quick look at a vulnerabilities ticker or db seems to strongly support my doubts.
Hatred should be outlawed.
Peace and cryptos to all!
OpenBSD is "OS non grata" in the US since the remarks of Theo de Raadt about the Iraq war.
He was right of course but that doesn't matter.
OpenBSD got black flagged.
Since Tails is a US gov financed project they just aren't allowed to use OpenBSD.
At the metodo thorp blackjack that Qubes started OpenBSD didn't have virtualization.
Err no it's not good, but it is reasonably predictable, which is second best by a long way but usable.
Put simply, at 400miles or less there is sufficient atmosphere to have significant orbital drag.
Thus the orbital time is short and measured in weeks not years, and the number of orbits is likewise limited.
Which means any accumulated error remains small, and they know where they are so they warn the appropriate people so they don't launch a rocket through their their orbit.
Hopefully avoiding all that is up there.
Further if there is a Collison and lots of debris, it to does not have time to cascade out before it burns up.
Such projects will be collaborative between different faculties such as aerospace, electronic engineering, physics.
The data collected will have real research value but will only be for a short lived period.
Just to show how daft it could get there is no reason you can not strip the guts out of a modern celular phone, replace the radio with something more appropriate and stick it up in orbit with a bar magnet or similar to stabilize it.
You would need a mechanism to flip out a couple of solar panels but that is not realy any more dificult than for a coiled wire UHF dipole antenna.
The odds are better than even that the electronics would still be OK after a year in low earth orbit.
Most modern phones have two cameras which point at ~180 degrees to each other.
The lower resolution camera would probably be sufficient to take "Star Sights" to reasonably accurately identify what point on the earth the other camera is photographing.
If you replace the lense on the earthwards facing camera you could get night time near IR photographs of earth.
Thus 500-1000USD of hardware.
But a casset style launcher, or even heaven forbid one that works like a light weight "clay pidgen" launcher could be made with well under a Kg of materials.
So you could be looking at launching a sprite or NanoSat for as little as 200USD each, if you know how to avoid the other fees.
Which kind of makes student satellite projects viable.
Another reason which is at least very highly likely, is that the gov.
After all, it would be rather strange when the worst of all eavesdropper and cracker of all, the state, would provide real security to it's citizens.
And why should he?
Re: 'texting walkers': I'm not a fan of texting and I avoid it whenever possible.
Voice can read more more information in a very short time.
I found that some 'social engineering' can reduce the amount of BS texting by not responding immediately, if at all.
In my case, there'd be the Devil to pay, so to speak.
You might try just for laffs carrying one of those compressed-air-powered horns that sailors use.
They can be quite small, but -really- loud.
You could rig it inside a bag, so it's invisible to others.
Another possibility is a hat with a forward-facing flashing light.
It needs to be made for daylight use, that is, extremely bright.
That was much more recent than Thorp's work, but clearly part of the same intellectual lineage.
I must have missed the discussion of Taft in 2015, because I would have offered two books by Thomas A.
Bass, "The How many blackjack hands possible Pie" and "The Predictors" I remember both being entertaining winpoker, even though I read the first about 25 years ago and the second about 10 years ago.
It could have been under my previous names.
I think that there were only two that evolved, John Galt III and John Galt IV, which I eventually abbreviated.
It will be easy to see that I've become somewhat less rabid in recent years.
There is little to worry about the boomers rioting over health care and pension payments, because the firehoses are so effective at knocking over wheelchairs.
If it detects you walking it stops working.
IF the GPS senses motion it stops working.
Instead of laws to stop stupid behaviors make the tech to make it impossible.
Suddenly the streets are safer for pedestrians and other drivers.
No longer dependent on political morons to fix the tech, we all can get back to playing Paranoia.
You can easily sell this to capitalism by explaining they are losing valued customers with the death of every cell phoney.
I see some have noticed that D T watched a lot of Moussolini newsreels for pointers on body language and gestures.
For a lot less weight to carry around, trail hikers use little whistles that can be heard for miles if blown hard.
Besides their come-rescue-me primary purpose, they make great anti-rape whistles that can stop a big, strong attacker without violating weapons laws.
Blown more gently, they might say "Look up from your fondleslab and get out of Clive's way!
IF the GPS senses motion it stops working.
Enforce rather than delegate or regulate.
I'm an advocate of that.
Isn't gonna happen, though!
Bass, "The Eudaemonic Pie" and "The Predictors" I remember both being entertaining reads.
Well, you could still do that!
No rule that says you can't post to old squid threads; I do that all the time.
Taft's book is really fascinating.
The engineering problems he faced and solved are impressive software, hardware, control systems, RF and antennas, digital and analog.
I may read the other books you blackjack free, just not sure when.
His work was extended to multi-decks.
However, nowadays the shuffle is anything but random.
Basic strategy won't work.
Card counting won't produce the expected results either unless you are part of a very well funded team with replenishsble bankrolls that can sustain protracted heavy losses.
Even then, winning isn't guaranteed.
It's not like the designers of these shufflers don't know about basic strategy and card counting!
They employed some very sophisticated algorithms that Besides, there are other secrets.
Yes this will probably attract scrutiny, but so might searching for the word tor, visiting or reading a linux journal, or visiting schneier.
After Trump was elected, I figured this is the least I could do.
With China and perhaps Russia banning tor and VPNs and the Snooper's Charter in the UK, etc.
I think Tor says this themselves, so I don't see the go here of the argument.
Thru some identifying stages if you're really good, you can avoid even this for most part, but I think it's impossible to not show up on some radar these days, too much surveillanceyou should be able to get yourself to a point that you can make a connection to the internet that's mostly devoid of PII.
Unfortunately these discussions involve little evidence and devolve into name-calling bar-room brawl-type talk.
One nice of piece of evidence that Tor has worked to a degree is this powerpoint: Whatever you use anonymity for, hopefully it's a good purpose, not scummy.
My main purpose was escaping grasps of attackers terrorizing my life, for brief periods of time.
I don't really have a use for it anymore, like any truly secure workstation it had to be ever-changing, mobile and under the control of a truly paranoid being.
Most of my security and homebrew projects I post fully online.
I want employers to see my paid work to show them what I can do but can't.
If it detects you walking it stops working.
IF the GPS senses motion it stops working.
It's conceptually simple but practically hard, very hard, and there is no way to make it reliable in action in human terms.
To see why invert the premise and make the operating function a counter.
Such a product exists and is called a pedometer.
Untill recently there was no point in cheating a pedometer because there was no value in doing so.
However insurance companies have changed the game and there is now value in cheating a pedometer by way of reduced --normally way over priced-- health care policies.
With the advent of an incentive to cheat a pedometer lots of inventive minds have got to work.
In effect the insurance companies have stupidly invented an arms race they can not win.
People will think up simple ways to cheat those pedometers, the insurance companies will think up counter measures to catch the cheaters and so that loop goes around each time some cheaters will find a method to beat the counter measures.
Mean while the insurance companies get locked into a second ECM war with other insurance companies playing "follow the leader".
Worse by legislation Obama Care every citizan has to have health care insurance.
You can see where that is going to go, as was said in the film, the only sensible move is not to play.
Flipping the premise back up you will see that if their is "wriggle room" then people will cheat the system because they see value in doing so.
But worse still if only one company put in an anti-walk-n-talk option it would quickly go out of business because such a feature has "negative value" for a purchaser.
Thus the only way to attempt to get it would be by legislation, which will fail as reliable technology does not yet exist.
Which as we know with "Smart Guns legislation" is likely to have a perverse effect on the manufacturers.
That is they cheap blackjack table find ways to ensure the idea never becomes reliable, so never gets put on the market to become a legislative market killer.
The problem is there is two much wriggle room, and two or more types of movment detection required thus there will be not just edge cases but corner cases, and each attempt to improve detection will double up at minimum the number of courner cases and more for the edge cases.
The two current movment detectors are tuning fork gyroscopes and satellite position fixing GPS.
Neither is reliable or even suitable for the application.
GPS is slow and has an inacuracy margin short term greater than you would get with walking or dancing.
You could average out by integration but to tell the difference between ordinary hand body movment whilst sitting or standing will require a long integration time.
Likewise the gyroscopes have a sensitivity issue in that they are "band pass" detectors and will not detect absolute position, as movment above a certain speed or below a certain speed will either not register or will register inaccurately.
I could go on at further length but I think you both know enough to fill in the rest for yourself.
I don't even watch television and I can tell you about a cultural phenomena known as "Game of Thrones".
They put a lot of work into the effort, but only transiently made money.
I have the impression that Wall Street in the 1990's hired the best and brightest of a generation of physicists to build adaptive systems for computer trading.
Today most of the stock volume is the descendants of their machines arbitraging frctions of a penny per share.
The machines have to adapt to each other and to what is left of the human market.
High frequency trading is part of the mix.
The machines practice system identification on each other and on the humans, by spoofing bids to measure the response.
The first time that I remember realizing that you could do system ID on humans was in the late '80's or early '90's when I noticed that some prices in the grocery store seemed to change randomly over time.
Just last week, I've received a privacy policy change notice from the credit card company.
Opting out isn't made easy and one cannot opt out from all of the sharing.
Cash it is for me for most of my purchases.
I think Tor says this themselves, so I don't see the point of the argument The nail on the head.
It has already been pointed out a million times - both by myself and others, on this forum and in other places - that Tor will NOT protect you from resourceful nation state actors because of a whole series of defects and shortcomings.
Even the Tor people themselves have never ever said otherwise.
It is just one of many free tools that allows you to surf the web in a somewhat more anonymous way than standard browsers do.
The elevated degree of protection it offers against ubiquitous data collection to me in itself is already enough reason to use it.
Still there are those who for reasons I just can't fathom keep flogging the dead horse.
It seems to me that you overlook four points.
Moreover, using tor can wake up sleeping dogs, paint a target on your, and generally turn against you.
My advice: apply Amdahls law, with a slightly changed perspective for security rather than performance.
I'v just noticed it's not hear.
Did it get caught or have I posted to the wrong place?
I don't see a reply to Figureitout.
Mankind is unusual for the type of creature we are, our offspring are born capable of very little, and spend the rest of their lives --if they are sensible-- learning.
I've been known to take an absolutist view on security in the past and in some respects I still do.
However even though I myself take security precautions others would consider totally over the top if not paranoid.
I still know I'm lazy in many OpSec respects.
Thus I accept that it's an exceptional person who can live like that for even short periods of time even with extensive training and aclimatisation experience.
Whilst I would not want people to give up in despair, I recognise the experience curve whilst starting gradually can appear vertical at times.
So not insurmountable but requires training and equipment etc.
Interestingly many do not realise that being over secure and employing to much OpSec actually is more harmfull in the short term than to little that tends to be harmfull in the long term.
Thus I would rather people start gently and take their time developing their skills than try and jump in at the deep end flounder and drown.
Rome was not built in a day nor did it die suddenly, it's partial demise was due to the inability of those in charge to change to changing situational requirments.
However some did learn which is why we have the likes of the Holy Roman Empire.
I'm not sure if it is definitive.
Methods in the book have been altered to prevent the author getting killed by the crew he used to roll with.
From memory its largely interesting by detailing the social engineering employed by both casinos particularly when they start feeling nervous about certain patrons, and by the gang themselves - being clever alone will get you deaded pretty quickly, in that world clever must be wrapped in something.
It's in a 'Çatch Me If You Can' vein.
It doesn't get technical at all.
The story visit web page out with the author succumbing to horrific levels of gambling addiction and ends up in recovery groups broke and soul less.
I am sure Clive would make similar observations for anyone considering such a career.
I'm sure you've got more useful things to read although it will be interesting for some with specific interests I suppose There have been a few intriguing characters in that world though.
I recall one who won serious sums of money,but no one quite knew who he was.
By far the root cause of the threat to pedestrians was their own lack of situational awareness.
Plant ear buds; select play list; mentally go to la-la land and ignore their surroundings.
After a pedestrian pulled a fast U-turn without looking, putting herself into the path of an overtaking cyclist and getting knocked to the ground, the town put its foot down.
Pressure pedestrians to share responsibility for their safety?
No, not a word about that.
Impose a speed limit.
I don't ride there anymore.
However: - My question is not whether Jane and Joe are somehow huilty; I'm not a judge.
As far as I'm concerned, they may well type their stuff in ms office and send it by email, possibly "protected" by zip-passwording it.
They should frankly say that the very best their stuff can hope to achieve is to be a ridiculously tiny bit more secure - and, importantly - that, due i.
In that sense I not only forgive Jane and Joe but even pity them - seeing BS being spread here or in other security circles, however, makes me furious.
Frankly, there are plenty computer magazines, fora, and blogs that spread BS and fairy tales like cubeos or tor significantly enhancing security.
We don't need any more of that here.
I mentioned Amdahls law because, while originally looking at performance, it's quite simple and can make statements about security as well.
And it does so in a quite clear way.
It seems quite evident to me that this directly leads us to the question languages and formal methods which is why I push that issue again and again.
Another very strong hint is empirical: crypto very rarely gets broken; it's simply circumvented by ab using some of the utterly rich set of weaknesses and vulnerabilities.
Which can be directly translated to "the effective security gain by indeed excellent crypto frighteningly often equates to null".
Reason: No matter how good your doorlock is if your door is built into a house made of wobbly paper.
There is nothing wrong with taking an absolutist view on security, especially with your astounding knowledge and expertise.
Imposing such a view on others that don't even know where to begin is an entirely different cup of tea.
It's called "Schneier on Security", not "Schneier on Security - Certified Experts Only".
And the exact reason why it doesn't make any sense to preach an absolutist view.
Get them from A to B in a way they can comprehend.
Not from A to Z in a way they can't either understand or execute.
As long as you take that absolutist for spanish 21 5 blackjack the, then everything is futile and no one but yourself, Clive, Thoth, Nick P, Figureitout and a few others have any business here.
I'm not convinced if that's really what Bruce had in mind when he started this forum.
Try to read Taft's book.
You'll find out what happened to him when he got caught more than once, including a security related airport incident - long before TSA There is also a fascinating story about what he did in Atlantic City.
I believe this would make a movie better than the MIT crew story one Brining the house down which I only watched the first few minutes of.
It was full of nonsense, that's why I lost interest.
My main interest in the topic is this: How can gaming regulators get away with this?
What type of testing was done to assess fairness?
And that's assuming the RNG is absolutely "fair".
Figureitout, I will put my "memory cap" on and see if I can recreate my comment a little later it's rush hour in London currently, or "strap hanging" time depending on your prefrence.
While I do see the good intention behind that, I also have a simple question: Why not simply telling Jane and Joe the truth?
As you yourself say, tor will not protect against a resourceful opponent.
So against whom shall Jane and Joe be protected?
Against the village police officers?
The truth would be more like "I take you from A to B with A being 1.
Presumably good article source - and people trusting it in jail or at least in serious trouble.
But the weirdness doesn't stop there.
Take the example of selinux and other "security" enhancements that come right from some of the worst adversaries!
Pardon me, but in my minds eye that's sheer idiocy.
The problem, however, is of a kind that needs much more and quite different to be solved.
The good intentions, coming down to "meaning well and then repeating the cardinal error of unprofessional fumbling that created the nightmare in the first place" reminds me of einsteins famous idiocy dictum.
There is only one way.
We must create better software and systems.
OpenBSD, doubtlessly amongst the finest C coders in this galaxy, have failed; plain and simple.
If those people fail then it should be utterly obvious that we need a better approach, one that makes it feasible for good developers to create RSS software.
As for you and me, you'll probably continue your way; no problem.
But kindly accept that I continue mine, too - and I have plenty arguments in my favour.
With relation to the four points overlooked by Dirk Praet.
I completely agree with your points a up to c —we are in a security blog so our point of view has to be highly technical and critical, it would be a shame if it isn't; we should not assume a technology is secure just because it is "the cool technology of the month," and of course we should not believe Joe and Jane will understand how compromised our current technology is.
I cannot, however, agree about point d.
There are somewhat secure operating systems out there, some of these operating systems are either too expensive or too specialized as to be useful as general purpose ones, but others OpenBSD are doing a good work.
I do not say our computing infraestructure is perfect, it isn't, nor it is the computing infraestructure used by the intelligence community either.
The key is not saying "all is lost, there is nothing we can do" but trying hard to improve the world.
I agree, however, the endpoint at the other side is a key element here, but it is fixable too.
With relation to the intermediate nodes the best we can do is using strong encryption, as strong and mathematically sound as possible.
I understand the problem with hardware itself.
It is certainly the right target for an intelligence agency that wants to mass compromising our technology.
But it seems fixable too, or at least we can and must!
Dell, allow workstations and servers to be configured without Intel vPro technology; it is a logical first step.
The technology is not perfect but we must try to fix it and suggest approaches instead of saying "there is no hope.
Are we wasting our time talking about read more theoretical and impossible to solve problem?
It would be sad if it is this way!
I prefer thinking technology is fixable, even if it is a continuous process that will never end.
My goal is not building the perfect computing infrastructure, but something good enough.
In my humble opinion, each step in the right direction is a win.
The main point is whatever we discussed and pointed out, the same mistakes are applied repeatedly and fanboism does occur.
TOR is imperfect and so are many protocols.
Even QC is not 100% foolproof or really unhackable until someone finds a way around it in the future.
We point out problems and point out methods to fix or remedy the situation but you should notice the type of tone and attitude we received.
I don't think this is any good for us if we try to point out problems and there are some that do not appreciate but go about calling us Govt snitches whenever we try to point out the problems i.
In fact, I did work for the local Govt's Def-Sci sector and more specifically the local COMSEC dept which is how I got into more serious ITSec i.
Anyway, I don't think much is appreciated and our advises goes to waste and get called out as Govt snitches.
I have also decided to remove some of my open source repositories since it's not useful anyway.
Now that China and Russia have mandated that VPN and such surveillance circumvention tools including TOR as illegal, this will spread even further and the whole World would be affected which would include the once open and libre European countries and US which would likely follow suite.
Good luck with trying to setup usable and somewhat reasonable assurance security with shaky foundations and anti-privacy laws closing in.
There is nothing much to be said anymore.
There are some problems with your approach.
Just look at consumer mainboards a relatively techie component.
I mean it; look at them.
Or look at smartphones and tablets.
Plus "ease of use".
If you have a nice logo and lots of marketing they'll by second hand cat poop in cans with "security!
Or look at the OS side.
The vast majority runs windows - for no particular reason; it just happens to come along with the hardware which Jane and Jane translate as "it's free!
The second large group of desktop or table users has apple.
Two major arguments: surprise!
Which leaves us with some 3% to 5% of the market besides windows and apple.
With those the pattern repeats.
Some 95% metodo thorp blackjack so run linux, of which again "ease of use" is ruling e.
Another, quite small, group is the BSDs of which OpenBSD is but a small fraction.
As sales figures of snakeoil vendors like blackjack codepen amply demonstrate, the logic of about 95% of consumers hardly even contains the item "security", please click for source if it does they usually mean something that a can be click click installed and b is socially established, either by peer group or by printed toilet paper 95% of IT magazines.
That's one and a very unimportant one btw reason why I address professionals, in particular developers.
Btw: You agree or not to my point d above.
It's felt blackjack layout fact, however; maybe a very unpleasant one but a fact.
What makes you believe that e.
The advice given in this forum is excellent and —I am sure— lots of readers appreciate it.
I am one of these readers that really appreciate each good tip given here, even if it shows a problem with OpenBSD the only operating system I use on my computers or other supposedly secure tools.
As an example, on the last year I only used smartcards to access my own infrastructure and will continue this way.
Smartcards are just a small step in the right direction, but they are a highly welcomed technology.
Tor is a good and clever design, but it does have its own weaknesses and it is obviously being targeted by powerful adversaries that take advantage of these weak points usually the relays.
Is it a NSA-proof technology?
But it may be a security layer for a journalist or someone that wants some privacy.
I certainly would not trust on Tor if my life depends on being hidden, but it is the best lots of non-technical people can use to protect themselves.
It's a fact, however; maybe a very unpleasant one but a fact.
What makes you believe that e.
I am a developer on an important security-related software project and understand technology better than a lot of people thinks.
There are known weaknesses, bugs and backdoors in software and we suspect there are ones in hardware too.
Our best bet is working hard to fix them instead of shout out "it is a lost battle.
I think they deserve some merit and consideration.
Of course there are risks, like the one of having some sort of antennae on our chipsets that allows WAN communications with, we say, cell sites.
But I believe that if this technology exists and it is so widely deployed we should know about it right now.
IC is not exactly good at keeping secrets.
Recently a sort of NFC antenna has been found on the new Intel Core i9 processors, so there is people looking at it.
I have confidence there is not that sort of communication channel on our devices, however the risk of an unknown and surprising widely deployed surveillance technologies exists, this is the reason our work should be a process that will never end.
Against the village police officers?
What you are preaching is theoretical security for the 0.
What I am talking about is security and privacy mitigation for the rest of the world against everyone else: snooping friends and family members, your boss, script kiddies, cybercriminals, the local sheriff, corporate and state sponsored mass surveillance.
Which either seem to be of no concern to you or should also be defended against with theoretical or self-developed HA solutions that would be massive overkill for their purpose.
Granted: we indeed need to move in the direction you're advocating, but it's not going to happen overnight and, meanwhile, we have a choice to either use imperfect tools we try our best to understand the weaknesses of, or do nothing at all.
I also find it quite telling that countries like China and Russia are trying to ban VPNs and Tor, which - unless this this web page all a massive psy-op - would seem to indicate that at least some authorities are struggling with them.
And unless I have missed something, I have never seen either you or Clive being called a snitch or a government agent for either bashing or pointing out Tor defects.
Figureitout, I will put my "memory cap" on and see if I can recreate my comment a little later it's supper time in London currently.
Moreover I personally do not care much about top-teams from the agencies of a few states being able or not to hack my system.
Nope, they succeed for two reasons: a utterly poor opsec and b utterly poor everything, starting with plastic boxen running linux over poor OSs to poorly created applications and connecting to poorly created servers.
You know what could change that?
Properly designed and implemented software, which again would mean that it's created using better languages and tools.
I also find it quite telling that countries like China and Russia are trying to ban VPNs and Tor How snarky boring!
What Russia prohibits is VPNs being used to go around blocks of illegal sites and to communicate secretely with terrorists etc.
Who would've thought that!
Just like plenty of "western lighthouse democracies" do, too.
And just like "A gun must not be used to do something illegal".
Or like "printers must not be used to create fake currency or drivers licences".
Some have wondered why I'm against foss not really but it's OK if you understand it that wayagainst linux, etc.
Let me explain: I like OpenBSD and btw.
I also like quite many other foss projects.
What I dispise and reject is gpl fanatism.
But that's also not the main point today.
The main point is this: Software is quite a bit more complex that pretty any other engineering field.
I know, because that's why I chose it some decades ago.
And please, pretty please, note the word "ENGINEERING".
Would you like to drive your car with your family in it over a bridge that was built by some clueless hobbyists?
How about putting your family in an airplane designed and built by hobbyists and air control managed by some 14 year old weed smoking boys?
You don't like that?
Strange - because you seem to have no qualms with that model wrt.
And again: properly designing and building bridges or airplanes isn't more complicated than designing and implementing software; if there is a difference, building software link even more complex and harder.
The situation we are in can be roughly described like this: The vast majority of software was designed and built by more or less clueless hybbyists or by corp.
THAT is by far the single largest reason for the lousy situation we are in with all that insecure software.
NO, it's not even the languages and tools.
And we had the necessity to do so - but, granted, we hadn't the insight yet, we were still too fascinated by all the things we could suddenly do.
I personally and subjectively happen too think that linus torvalds is an something what is double exposure blackjack sorry dangerous man because he opened the box of Pandora.
He put the - then utterly unreflected and now known to be false - idea into the heads of millions that just about everybody can, together with a couple of pals, create an OS.
It is insofar as it more or less does what an OS is supposed to do.
And it is not because it doesn't do those things in the way they should be done by an OS.
Properly, well reflected, and well designed.
You see, if Paul 14 decides to create an app to manage some hobby of his, just like linus torvalds did for his diving hobby, I don't care.
If his app fails, so what?
But if Paul and some pals mistakenly create an OS that some decades later happens to drive major infrastructure we have a problem.
To be fair, there is another very major culprit, namely the mindless, insane, profit greed driven commercial software field well, very major parts of it.
But - and that's an important but - that alone could be handled and taken care off.
The "everybody can hack some cool software" virus, however, is by far more dangerous because it pulls the very basis of software engineering out.
It creates a situation similar to "everybody with a knife can do surgery if he likes to".
I of course know that this post is going to bring up many against me.
As I see it, OpenBSD is by far more secure than any Linux distribution.
Linux itself is more secure than Windows, OS X, iOS, Cisco's IOS and even Linux-based operating systems developed by corporations like Google.
So there is something wrong on the development model followed by corporations.
What about the bugs found recently in AMT?
The real issue here is the huge amount of low quality projects that plague this world most coming from the free software branch, sometimes more interested in public notoriety than on writing something really useful.
It is a shame for a community whose major difference to corporations is that they donate their work to the world for free.
Projects like OpenBSD do not obey the market rule that says the paying customer who usually have just the money, but a complete lack of knowledge about how writing correct software decides the evolution of a software product.
It is a project whose evolution is on the hand of knowledgeable developers.
Can you imagine a corporation rejecting the "advice" of a customer that signed a multi-million contract with them?
On this blog we are talking about security.
This concept does not match well with closed source, unauditable to all except governments, written by careless corporations that sometimes develop odd relations with governments e.
Apple, Google and Microsoft joining the PRISM program.
I think open source, and sometimes free software too, are the way strategy blackjack payout basic go on a world where trust is a key value.
If you think open source is ok but customers never read and fix the code I invite you to read the OpenBSD forums.
You will see a lot of careful reviews of code, patches and suggestions by really clever users.
Thoth, who has a well earned and deserved good reputation, made me think quite a bit.
No, I do not think that foss is the way to go.
It must be differentiated; some relatively few projects are good bet what in craps hop is a at least led by a professional.
The vast majority, however, is crap; that's OK for diving management and other unimportant hobby stuff but we must get Pandora back into the box, we must make it understood that an OS, a core library e.
To be honest, I didn't think a lot about making the world better; that's just not how I tick.
But it seems to me that we must establish certain, ideally de jure but at least de facto, standards to separate the wheat from the chaff.
It seems to me that formal methods are a good way: engineers will at least understand their necessity or even like it while all the hobbyists will howl and fail to pass the barrier.
This might also be good for another reason: applied to the commercial world it will also separate the wheat from the chaff.
In a next step one can make laws that demand that e.
Presumably good intentions - and people trusting it in jail or at least in serious trouble.
We keep bashing those who use Tor for bad reasons but they are the vanguard.
If the pedo or the drug dealer isn't safe then none of us are safe because our privacy depends only on the goodwill of the Russian spook or the FBI lawman and I don't know about you but I don't trust their goodwill at all.
I keep hearing a line of argument that goes, "we shouldn't care about the tiny minority of bad people who use Tor because Tor is really great for the ordinary person who is trying to hide his PII.
It is based on the false premise that the only thing that state actors care about is catching the crook or the terrorist and if we just let the authorities have the bad guys they will leave the rest of us alone in peace.
The mass collection of metadata, the use of that meta data for propaganda purposes, the secret courts all are evidence of a different outlook: any excuse will serve a tyrant.
The terrorist and the drug dealer is just the most recent excuse.
Throw them under the bus and the next thing you know if will be your turn to be thrown under the bus.
Russia isn't banning Tor and VPNs for just the "bad guys", it is doing it for everyone.
If one cares about online privacy then you are sleeping in the same bed as the pedo, the drug dealer, and money launderer, and the terrorist.
Privacy doesn't know any morality.
Encryption protects the good, the bad, and the ambiguous with equal aplomb.
So I don't want hear these arguments that go "Tor is weak and well, shrug, it's not really my problem it is a problem for somebody else.
There is either a culture of security or there isn't.
There are either effective tools that protect data at rest, in transit, and at the end points or there are not.
Compromise on these issues is an admission of defeat because the https://fukiya.info/blackjack/blackjack-should-you-hit-on-16.html itself is uncompromising.
Compromise on these issues is an admission of defeat because the other side has no interest in compromise--the laws of math are to be suspended in Australia or else!
Compromise on these issues is an admission of defeat because it says that even though we might be right as a matter of fact we don't really have the will to win.
So shut up about Tor being broken and if you have the skills go help Roger fix it.
Shut up about how the USA is trashing privacy with their vulnerability hoarding and if you have the skills go help fix them.
Shut up about how the legal systems of the US and UK is making mincemeat about people's rights and if you have the skills go to court and fight them.
Stop kvetching and get to work.
I was not talking about the 0.
And you seemingly not being concerned by the mitigation of security and privacy of the 99.
The approach to software development you are advocating - however well-meant - in practice would lead to a corporate controlled monopoly, the scarcely available licensed developers being folks with expensive university degrees that can be afforded by big companies only.
It would kill FOSS, stifle innovation and creativity, make prices sky-rocket and be the wet dream of both corporate snoopers and authoritarian regimes that would be the only parties able to review or audit actual source code.
Whilst I agree that we are in a huge security mess today and for the exact reasons you are describing, your solution would perhaps improve security, but create an even worse situation from a surveillance and control vantage.
Security is a means to an end, not an end in itself.
However right you may be about the technical aspect, you're totally ignoring the macro-economic, political and societal aspects of your approach.
And which is a typical engineer thing.
Which is the exact thing you are denying.
Good ol' standard potatoes were great for like 250 years till they got a bug and all the Irishmen starved!
Microsoft can't even impose 90% uniformity.
Let's go for 100!
We're tired of adapting our devastating sabotage malware to lots of different operating systems.
Let's make them uniform by law!
And when you're an aspiring authoritarian, you can't help but muse out loud about the patterns you'll decree.
Cute "engaged" bla bla.
We keep bashing those who use Tor for bad reasons "We"??
I don't know anyone around here who bashes tor users.
So shut up about Tor being broken and if you have the skills go help Roger fix it.
Shut up about how the USA is trashing privacy with their vulnerability hoarding and if you have the skills go help fix them.
Shut up about how the legal systems of the US and UK is making mincemeat about people's rights and if you have the skills go to court and fight them.
Stop kvetching and get to work.
Just btw: Who are you to tell us what to do and what are the rules?
Dirk Praet Sorry but I don't see much more than rather arbitrary assertions, some of which are even provable false.
I'll pick out an important one: lead to a corporate controlled monopoly, the scarcely available licensed developers being folks with expensive university degrees that can be afforded by big companies only.
It would kill FOSS, stifle innovation and creativity, make prices sky-rocket and be the wet dream of both corporate snoopers and authoritarian regimes that would be the only parties able to review or audit actual source code.
What a weird conglomerate of BS!
The 95% unimportant stuff can be done by hobbyists like now.
You those who think like you have had plenty chances and room.
We can see - and suffer from - the utterly poor results, including btw.
It's time to step aside, social warriors, and to let engineers work be done by engineers.
And it's time also to create responsibility and to hold the greedy corps accountable at least in some areas where it really counts.
You can scroll all the way up the top of the page and you will see them by certain people.
A search might reveal more on other forum post.
I sometimes wonder why I made the choice to give up good pay and job stability in the Govt Def-Sci area when they nicely offered me the job and I simply refuse this rare ooportunity and prefer to research, discuss and implememt higher assurance stuff in the open knowing that it will not create much returns instead of being bounded by Govt contracts by working for them and creating designs that will never see the light of day but as an exchange for a very comfortable and stable life.
I was surprised that one of the presenters actually knew of my traditional Diffie-Hellman KEX implementation for JC :.
But if you want a discussion you will have to have arguments.
We have to ruler along which to measure.
I suggest a ruler, namely, a formal approach.
How to break that down into some levels and whom and what to keep to what level can be discussed.
A lower level might, for example, be that the whole software must be statically typed and must compile without error.
That shouldn't even be expensive or burdensome; that can easily be met.
A high level might be that the full software must be, or consist of subelements meeting that spec, fully formally spec'd and that both, spec and implementation must be provably correct.
That would be much harder, yes, but it would handsomely pay of and moreover we would quite probably have more smaller companies specializing in some libraries in some field rather than the corp.
Finally: What else could be a better https://fukiya.info/blackjack/funny-things-blackjack-dealers-say.html for measuring?
Formal methods are objective and fair.
Any security project here comes under that scrutiny and attack would fold eventually I bet.
I just can't fathom keep flogging the dead horse.
Oh they also have infinite resources and no time-crunch to remain financially viable.
Also formal models that ignore hardware or other environmental factors are a joke imo.
Thoth --Lots of the criticism is non-technical and very general, that's the problem what specific vulnerabilities.
Proposals for altogether different designs to mitigate traffic analysis are also very unclear and can't be evaluated at all.
Maybe you shouldn't have quit that job, and put any money or knowledge from it into open source projects.
Market needs to exist first for me to take a risk like you did doing your own business etc.
Our best bet is working hard to fix them instead of shout out "it is a lost battle.
Bob Dylan's Forked Tounge Stop kvetching and get to work.
If Https://fukiya.info/blackjack/how-to-shuffle-a-blackjack-shoe.html get some nice legal tender I'd either use it for my own research or fund security projects.
I put skills I learn academically and on job back into open source projects.
I just don't have time for it usually, or am too tired after working.
Need more paid work for real headway to be made.
Clive Robinson --Ok, hope you find your cap.
It can't be that hard to detect motion enough to shut off the mike input and turn it back on when you're stopped.
That way your phone teaches you correct behavior patterns.
This is called operant conditioning in the trade and it works.
The cries of outrage about it have never managed to back up their ideas with any experimental proof.
Most of the objections are based on flawed models of what a human really is.
That's why so many ideologies and cultures fail to improve conditions that all agree are bad ideas with horrible effects.
I thought that the Great Frost of 1740 killed a significantly larger portion of the population than the Potato Genocide of the mid-1800's.
The Washington Post vs.
Trump the Last Great Newspaper War?
That said, you can see the economic benefit a well-placed source, or a cabal of sources, can convey.
Maybe he can write a tell-all, now that the Times management has defenestated him.
We actually have a fine example of my assertion right here under our very noses: Thoth, a highly skilled engineer putting massive amounts of time, effort, knowledge and expertise into developing innovative HA-solutions and struggling to make ends meet after having abandoned his well-paid Govt Def-Sci job.
To the point that he is retiring some of his OSS stuff and asking himself if he made the right choice.
The point being that developing non-commercial security-centric HA solutions for the 0,01% is economically unviable.
And even a commercial start-up is unlikely to survive without venture capital or selling itself off to some existing big player.
I double-dare you: give up your well-paid job as a contractor or payroll employee for whomever you're working now and like Thoth start working on products of your own and developed according to your own standards.
You will find it less than rewarding, both financially and in terms of job satisfaction since no one is interested anyway.
It will be just a matter of time before you take up well-paid side gigs assisting some well-funded hipster start-up working on yet another useless social media app that doesn't have security but data collection built in by default.
The only way around this is by imposing very strict legislative and regulatory requirements that inevitably will turn software development into a corporate and government controlled monopoly answerable to none.
Stuff like Tor will cease to exist, and the only people with even the lowest levels of digital privacy and anonymity will be those able to fork out mucho dinero for it.
Again: from a strictly technical point of view, you are absolutely right.
But you don't seem to get the real-life implications of what you are proposing.
Linus - like certain others - believes that one way or another calling someone else's opinion BS validates his own.
In general, it doesn't contribute to a productive discussion and essentially just alienates people from you.
Choosing wisely what open source and free software projects use is a challenging a long way.
There are too many "free software talibans" that will just try to impose their products, even if they know the software they support do not work.
There are a lot of free software and open source projects too that are just a joke.
Let us say, for example, the systemd that is plaguing a lot of Linux distributions.
I certainly fail to understand WHY software written by corporations is better than software written by people who love what they do and, sometimes, do it nicely.
Is it because commercial software is written by paid programmers?
I do not get it.
What I really know for sure is that choosing closed source software to fill the gap created by the Pandora box opening is not the answer.
If you choose wisely there are much more secure open source projects.
You should obviously look outside of mainstream.
Linux is the cool choice these days, but it is the choice of people that do not care at all about security.
Even Linus Torvalds despises https://fukiya.info/blackjack/borgata-blackjack-side-bet.html, and do it publicly.
Linux is the new Microsoft, they try to own the world with good looking, low quality software.
I can understand him ranting sometimes, btw.
Whatever, it's his kindergarden and it's their thing to deal with.
Dirk Praet I doubt that Thoth is an example demonstrating your point.
But that's outside of this discussion, so I'll leave it at that.
And, NO, the oss world would not come to a stand still.
Simple reason: All the reasons and motications of oss developers would stay the same.
Make the world better, just wanna share some work I did, etc.
It seems to me that our discussion suffers somewhat from a misunderstanding in that you seem to take anything that calls itself security as such while I don't.
Example: you seem to see tor as something providing security - I do not; in my minds eye tor is just crap, and actually worse, crap that pretends to offer security.
So, you are right insofar as e.
Short, except for those cases where hobbyists create havoc by incompetently fumbling in areas they'd better keep off, pretty much nothing would change.
Funnily you repeatedly ignore the festering abscess I mention, namely: Hell, look around at what a nightmare your model has brought us into!
I double-dare you: give up your well-paid job as a contractor or payroll employee for whomever you're working now and like Thoth start working on products of your own and developed according to your own standards.
You will find it less than rewarding, both financially and in terms of job satisfaction since no one is interested anyway.
I fully quoted that because I find it so funny.
Obviously you can't even imagine how wrong you are.
I'm fine, thank you, and yes, there are enough people and companies who happily pay for professionally solved problems.
One part of my income, btw.
That's the problem with ideology driven people like you: they increasingly fail to recognize reality and are limited to what - and how - their view permits them to see.
To make things even funnier: I also occasionally do oss, haha.
As for "imposing very strict legislative and regulatory requirements" - Yes!
You know, I strongly dislike the fact that medical equipment upon which my, may families or your life may depend, might be hacked and is of doubtful code quality.
Moreover exactly that is one of the main tasks of a state - to regulate.
It's due to that that you can fly halfway safely.
And now, after lots of addressing diverse whims and speculations you brought up, let's cut it down and put it straight: We have the math, we have the know how, and we have the tools to do much better.
Would you kindly explain why you insist on keeping the abscess happily growing?
Would you explain why we should continue to have hospitals with lousy quality hackable machines, why we should continue to have major infrastructure incl.
If I'm to choose between a reasonably safe world and the arrogated "freedom" claim of some hobbyists to play with the world then I'll take the reasonably safe world every day and twice on sundays.
I want people like Thoth to do software for our infrastructure and other very sensitive fields.
The linux and other hobbyists could and should produce funny computer games, diving hobby software or the like.
I dislike ideological fanatics e.
In fact, I would want to force the governments to give us much more oss.
We pay for the universities and research and we should have the fruits growing on those trees.
And I like the fact that oss inherently allows one to see the source code although more often than not it makes one puke.
OpenBSD is a good example.
Although they can't possibly create a secure OS due to posix, the C code base, and other factors they are a good example.
They are knowledgeable, competent, and driven by a good motivation, and they created something useful and reasonably trustworthy.
The unaccountable and delegated power has been redeployed for private profit, in place of the stated and legitimate purposes for which the consent to delegate was obtained.
The legitimate purpose of The Deep State is national defense, but imperial genocide should not be see more with defense.
A key part of the redeployment strategy has been a series of long, coordinated and highly effective disinformation campaigns, including false flag events, assassinations and countless other crimes.
Over the transom via email, we get this handy chart of the sites censored by Google:.
Not an encouraging headline; the UK initiated its dreadnought program on the imperial downslope.
Jury to decide fate of CIA torture psychologists Al Jazeera.
As usual, the little guys get the chop.
Bad as I believe Mitchell and Jessen to be.
Earlier this year, President Donald Trump was shown a disturbing video of Syrian rebels beheading a child near the city of Aleppo.
It had caused a minor stir in the press as the fighters belonged to the Nour al-Din al-Zenki Movement, a group that had been supported by the CIA as part of its rebel aid program.
Trump pressed his most senior intelligence advisers, asking the basic question of how the CIA could have a relationship with a group that beheads a child and then uploads the video to the internet.
He wasn't satisfied with any of the responses.
JG4 again: ironic that Hillary CLinton a wrote "It Takes a Village," b said, "do it for the children," then c in her role as secretary of state, distributed weapons that led directly to the deaths of hundreds of thousands of children.
I mentioned before that a sufficiently large user base is required to dilute the traffic.
I worked out another piece of the first-principles puzzle in the past few days.
I would have guessed that an outsider politician could make a lot of headway with the voters by describing the entire quagmire in terms of conflict of interest.
I suspect that the best case scenario on your planet is a profoundly dynamic balance of terror.
It can but it's inwards focused not out wards focussed which is why you have to be mindful of an idea from a century befor by the English economist William Stanley Jevons.
A century and a half ago he observed that technological improvements that increased the efficiency of fuel usage gave rise to not just an increase of fuel consumption --not drop-- but a significantly increased consumption.
His argument was that rather than the simplistic view that energy consumption would remain static thus fuel demand would drop, the opposit would happen.
That is as efficiency increased the cost would drop and thus demand would increase.
But further the economy would grow because of that increased use thus increasing further demand and consequent fuel use.
This became known as Jevon's Paradox and it has a nasty sting in it's tail, in that if the economy slows the cost of fuel will increase disproportionately, which makes it harder to get the economy going again.
This outward looking view is infact what drives the Personal computer industry.
You can see the sting in the tail with the cost of business desktop machines, as consumption moved over to laptops, and likewise for consumer use with the move from mini-towers running windows to pads and tablets running Android.
Thus the hardware becomes considerably more complex and manufactured at a faster rate.
This intern adds significantly to the requirements for not just the OS, but the Drivers as well.
Which as we know has a considerable negative impact on security.
Further when Amdahls law "came of age" a paper was published in 1988 by John Gustafson and his colleague Edwin Barsis that made another point which we all have seen, but most of us call it "software bloat" not Gustafson's Law.
Basically they argued much as Einstein had that it was time that should be the fundemental way of looking at things.
That is computer users quickly get used to a certain time delay, and actually do not want a to rapid response as at a user level this can make them feel preasured.
Thus any increase in effiency in turn increasing system performance and thus reducing cost encorages programers to use it to do more with it.
Thus you get better graphics, sound etc but things still take about the same time.
Which means not just a vastly increased code surface but also much greater just click for source thus a double hit on security.
Worse though is the fact that the Computer industry has got it's self into a tail spin.
In order to survive source keep "retail price points" the same --even though they devalue due to inflation-- they need to increase not just, "exponentialy increasing computing power", but also "exponential increasing code functionality".
The problem is the easy wins are long gone hardware is hitting the buffers and thus the drive for more code with not just bells and whistles but dancing badgers behined the row of dancing hamsters.
But it's not just the hardware running out of steam as Gordon Moore's law reaches the hard reality of the laws of physics even software is hitting the buffers.
Code is now made by cut-n-past from examples found on the Internet, squiged into code libraries, that have increasingly complex thus less understandable API's thus encoraging further cut-n-paste.
Unfortunatly for general security such examples are written to clearly visit web page a single point and are not cluttered with the likes of handling return values or out of range inputs.
Security is not even a consideration in such examples, thus the quality of code in applications is tanking as we see in IoT.
Worse code reviews etc take time and experienced personnel, so they have gone to at best administrative check boxes as the experienced personnel are required to churn out more code.
Likewise testing takes time so the tests get less in depth and often drop back to just checking that previous bugs are still fixed.
We used to get code patches, but Mobile Phones show us the reality if it happens it's only whilst the product is for sale which is about a year.
So landfill is the destination of a smart phone within a couple of years.
Likewise pads, where they appear to have replaced socks on the Xmas prezzi list.
But there is yet another hidden sting in the tail, manufacturers have realised they are about to hit the buffers on not just hardware but software as well.
So they have resourted to the old "tie them in" trick of a "Walled Garden" but more recently turning customers into product by what is politly called "Instrumentation".
The problem with a walled garden is you need product and a lot of it.
But some of the lucrative nature of "tied in" has gone, thus there is competition on price.
Which means the owner of the walled garden is not the one making the goods in "the company store".
Which in turn makes a lie of the "increased security" FUD walled garden marketing droids spout.
The simple fact is the owner of the walled garden does not have the resources to test each application package for security, even by functional testing.
Which is why we have seen malware get into the walled gardens by the bucket full.
The reason the users don't see the malware is that it's nolonger "ego driven" like graffiti, it's all about stealing user data to make money.
There is a false assumption that every company can live on the internet by stealing data and repackaging it and selling it.
It's not true, the market for such data is finite, thus subject to the notion of supply and demand.
Which means that the price will drop at any given level of data as more entrants enter the market.
So there are two solutions, firstly get out of the market ahead of the game, the second is to add value to the data.
The likes of Google have been doing both for quite some time.
However new market entrants are just trying for more invasive data theft.
To do this they have to change the market some how.
Cloud storage is a good way to get peoples data, and although it was not originally intended what is a blackjack sweet that in effect that is what it has become.
The result of this has been the return of the Thin Client Notion.
You design a product to be a "head end" device like an old style terminal with all the data processing and storage being done somewhere else.
It has advantages in that the head end is cheaper to manufacture, and maintainence advantages in that the software the user is interested in runs on a machine at the company that makes it so patching etc is done silently.
But the downside is your data is beyond your control for ever.
A point Google found out the hard way when the NSA tapped their inter data center communications.
Thus those who want to profit off of people as product are embracing the "thin client model" or the "colabarative model" that puts the desired data on their servers.
Which has a downside as we have seen.
It's not just Google there was CarrierIQ before them that the NSA profited by, but more recently we have seen Microsoft force as hard as it can users into a locked in cycle with increasing spying and forced cloud usage.
But we have also seen IoT spying with IP video cameras, with microphones built in continuously gathering data also Orwellian Televisions that watch and listen to you, toys that do the same to your children and now your luxury high end semi-autonomous vacuum cleaner.
The problem is it's not just low level electronics and software security that john and jane have to in split what mean does blackjack about, literally every new product is now turning into a metodo thorp blackjack />To force this product designers are turning products into "thin clients" that only do what you want if they are connected to the internet.
Because they have realised there is no profit in manufacturing any longer, it's all in "Rent Seeking" subscription models.
You used to get your land and be left alone to build a home etc.
Then various rent seekers came along with "protection rackets" and we ended up with them as our kings, barrons and lords of the manner.
Meer vassals that were then told that they were the lords vassals or surfs.
Worse than being a slave you just had to be d21 digital blackjack how you lived and died was not a cost for the lord which a slave owner had to bear.
Likewise a slave owner had to confine their slaves, not so with surfs society was their containment.
It is this state of affairs we are regressing into via the electronics we buy but only get to use buy somebody elses whim.
Thus whilst I take an interest in security and the bottom end of the computing stack with the electronics and software, it is not down here that john and jane are having their real problems with security.
That lies above the eighth layer with managment through legislation, the politicians that make the legislation and the 1% of the 1% who pay the politicians one way or another to do their bidding.
Which is to turn society backwards five hundred years where individuals own nothing, are not alowed to own anything and must pay relentlessly untill death the very few.
That much vanted "trickle down" effect will be there but through the guard labour who's sole purpose is to weed out those who do not willingly don the invisable chains of the Emperor to furnish him with fine cloths, so fine meer surfs may not be alowed to look upon them.
So my viewpoint has changed over time, we need sociological security more urgently than we need technical security.


Ganha de 50€ a 250€ por dia com o Método Blackjack


261 262 263 264 265

3rd Place - Dustin George. Blackjack Achievement Award:.... LTC Thorp has a copy). When we... Oh, many will say there is nothing for me to do! Is that true?


COMMENTS:


24.12.2019 in 10:03 Gardabei:

Rather valuable idea



21.12.2019 in 16:56 Galmaran:

Instead of criticising write the variants.



24.12.2019 in 15:19 Kazishura:

You have missed the most important.



30.12.2019 in 07:57 Tagul:

This excellent idea is necessary just by the way



29.12.2019 in 08:23 Grokazahn:

Completely I share your opinion. It is good idea. I support you.



30.12.2019 in 04:02 Mogis:

In it something is. Earlier I thought differently, thanks for the help in this question.



22.12.2019 in 15:26 Taurisar:

I advise to you to try to look in google.com



30.12.2019 in 11:42 Dajas:

Yes you are talented



27.12.2019 in 12:45 Arajin:

I apologise, but it not absolutely that is necessary for me. There are other variants?



27.12.2019 in 12:12 Dakora:

Would like to tell to steam of words.



24.12.2019 in 01:15 Mudal:

Bravo, seems to me, is a magnificent phrase



25.12.2019 in 20:11 Kagataur:

What charming idea



22.12.2019 in 05:12 Dounris:

On your place I would address for the help in search engines.



29.12.2019 in 17:23 Kile:

Let's talk, to me is what to tell on this question.



21.12.2019 in 15:52 Shakarisar:

It is a pity, that now I can not express - I hurry up on job. But I will return - I will necessarily write that I think.



24.12.2019 in 02:03 Mir:

And there is a similar analogue?



29.12.2019 in 13:54 Mutaur:

I am sorry, that has interfered... This situation is familiar To me. Write here or in PM.



28.12.2019 in 19:15 Yozshujin:

Magnificent idea



24.12.2019 in 07:46 Gugal:

What necessary words... super, a remarkable phrase



26.12.2019 in 08:06 Mazugul:

Very good piece



25.12.2019 in 16:01 Murr:

It to me is boring.



28.12.2019 in 16:59 Daira:

I am final, I am sorry, would like to offer other decision.



29.12.2019 in 11:25 JoJogami:

I confirm. I agree with told all above. Let's discuss this question. Here or in PM.



28.12.2019 in 13:08 Turn:

I consider, that you commit an error. I can defend the position.



23.12.2019 in 10:33 Voodoolar:

I think, that you are not right. I am assured. I suggest it to discuss.



24.12.2019 in 15:55 Dataxe:

Your opinion is useful



23.12.2019 in 16:19 Vudozilkree:

You the abstract person



22.12.2019 in 09:42 Fetaur:

I apologise, but, in my opinion, you are not right. I am assured. I can prove it. Write to me in PM, we will discuss.




Total 28 comments.