FamilyManFirst’s Techdirt Profile


About FamilyManFirst

FamilyManFirst’s Comments comment rss

  • Feb 12th, 2015 @ 3:33pm

    Obligatory Princess Bride quote

    “A lot of men have died over [the flag], men and women,” Archuleta said. “We fought to keep our country safe and to keep it free.”

    You keep using that word. I do not think it means what you think it means.

  • Aug 27th, 2014 @ 2:30pm

    Perhaps this will be a good thing

    If RECAP winds up with a more-comprehensive database than PACER, PACER will gradually (or rapidly?) be abandoned in favor of RECAP. Competition in action ...

  • Jun 20th, 2014 @ 12:41pm

    Re: Re: Re: More apologies and misdirection to protect GOOG

    If you don't accept their terms, you're out of YouTube.

    Baloney. You can post whatever you want, for free. YouTube won't interfere with that. Or, you can sign up for their Subscriber program. However, the Ad-Sense program is going away, so if you only post your videos there, they'll go away when that program goes away.

  • Apr 15th, 2014 @ 4:59pm

    Re: ME3 ending

    Someday, years from now, one of the main developers of ME3, who by that time will no longer be working for EA or Bioware, will come out and reveal how the ending of ME3 was messed up so badly. I am impatiently waiting for the day.

    My guess is sheer arrogance of the lead developer, possibly aggravated by time pressure. However, I could readily be off.

  • Nov 26th, 2013 @ 4:06pm

    Bad and Worse

    I am concerned about the massive database that the NSA (and others) are compiling, because despite the fact that "I have never done anything wrong," I understand perfectly that I am, along with almost everyone else in the US, technically a felon due to the proliferation of laws. I now, or soon, will live at the sufferance of those with access to this database.

    I am more concerned because the same database can and will be used to influence and/or control our elected representatives through blackmail. If it hasn't happened yet, it will - always in the name of patriotism, of course - and I then begin to wonder why there are so few representatives who are up in arms about the deceitfulness of the NSA. I'd think that the reps would be more paranoid, and more worried about what that database might eventually contain on them ... unless they already know, and are keeping quiet as a result.

    Before Snowden I'd have dismissed this notion as a laughable conspiracy theory. I'm not laughing anymore.

  • Oct 16th, 2013 @ 2:44pm

    Re: Re: Re:

    what they wanted initially was known as a 'pen register', and amounted to giving the NSA access to monitor who a person was contacting/possible content monitoring. However, because that data stream being monitored is encrypted, the pen register told them nothing.

    That's not what I recall. As I recall, Lavabit refused to comply with the pen register order. That's when the NSA went to court to force Lavabit to comply. Things escalated from there.

    Clearly, Lavabit didn't implement a "proper" PGP system, with encryption/decryption happening at the client *only*, or handing over the SSL key wouldn't have granted access to users' emails (which seems to be what's being argued). I'm not sure how Lavabit did provide its secure email services, though.

  • Oct 10th, 2013 @ 12:28pm

    Re: Possible out

    I wonder how a judge would react if, in court (a la the Lavabit hearings), the judge ordered that the company turn over their cert and the company rep responded that, sure, they'd do so, but that they were then contractually bound to notify the CA that the cert had been compromised, which would lead to the revocation of the cert? Can a judge order a company to willfully violate a contract like this?

  • Sep 10th, 2013 @ 1:02pm

    Re: Re: Re: This is supporting evidence that root CA is pwned

    Sorry, AC, this is not nonsense. MITM certificates is exactly what we're talking about here, and it is the mostly likely method used to achieve this "FLYING PIG" operation. I myself can think of 3 ways that the NSA could acquire MITM certificates, and there are probably more:

    1) Issue an NSL (or equivalent) to a medium-sized CA demanding an MITM cert. Even a large CA would be reluctant to challenge such a thing, and a medium-sized CA wouldn't have the corporate courage nor the resources to do so. They'd roll over quickly.

    2) Get a mole into any given CA and have them supply an MITM cert at need. We have already seen that the NSA does, indeed, seek to plant moles in various companies. CAs would be a prime target.

    3) Steal a CA's private authentication key so that the NSA could sign their own MITM keys at need. Pre-Snowden, this would be laughed off. Now, it looks quite likely. Again, this would be a prime target for the NSA to acquire if it could, and it has billions to spend to achieve that.