Techdirt should really know better. This is tabloid (or cable news) level bullshit. The only revelation here is that the campaign website uses Cloudflare. Good for them, Cloudflare knows what they're doing. The SSL certs used by CF often serve multiple websites. That's all that's going on here. It has nothing to do with Ted Cruz, and little to do with Cloudflare.
Cisco's plan makes a lot of assumptions about the NSA's capabilities, most of which aren't particularly sound...
I don't agree. Cisco is well aware of NSA capabilities, and they know that this plan isn't enough to prevent tampering en route. With enough tracking/surveillance/infiltration of Cisco operations/personnel, the NSA can and likely will still find, intercept, and tamper with intended targets.
In that case, why did Cisco bother? Two reasons. First, which was touched on in the article, is to simply make a statement. They are proclaiming to the world and to the NSA that they're not willing to sit idly by while the surveillance state drives their reputation (and their bottom line) into the ground. This is a symbolic protest as much as an actual mitigation.
Second, yes, this is a mitigation. These precautions won't make it impossible for resourceful (in both meanings) third parties to intercept equipment, but they will make it more difficult, and thus costlier. Even the NSA only has so many man-hours it can direct. If it now takes twice as many man-hours (an over-estimation, I'm sure, but no matter) in order to backdoor a router en route, then they are only able to do so half as often.
Cisco, or any US based company, can only do so much to thwart the surveillance state. Any pushback, however minor or symbolic, is to be applauded. On the same note, any willful collusion should be considered a betrayal of their customers, and the public at large.
Though, I'd like to point out that the first parenthetical in his post follows a full stop, and encapsulates a discrete sentence. In informal grammar, this indicates an aside, a thought tangentially related to the current topic, but not fitting in the paragraph flow. (Yes, in case you were wondering, I am enjoying myself.) It is perfectly valid, though, again, less than formal.
The main performance bottleneck on encrypting these devices is caused be the lack of a dedicated hardware encryption chip. That costs money, and necessitates a major hardware redesign. So they tried software FDE, which has performance costs. The performance drag was too great, so they complained to Google.
Google quietly backpedaled their encryption requirement. Not permanently (at least according to them), but just an extension to give the manufacturers more time to meet the requirement.
So... disappointing is the word. Especially how Google loudly boasted about always on encryption, but was nearly silent about pushing back the requirement.
It is certainly feasible that the NSA did not need access to the firmware source code in order to pull off these kind of attacks. Ars Technica has an article explaining. These drives use standard debugging interfaces, and, with a bit of work, anybody with the right skill set can reverse engineer the firmware.
That's not to say that the NSA didn't have access to the firmware source. They certainly could get at it if they wanted. Just that they did not necessarily need the source in order to write this kind of malware.
Since competition doesn't exist, and because they're trying to charge me and everyone else for imaginary resources, I believe they are engaged in anti-consumer, monopolistic, behavior that is not required for the health of the network or for their own business requirements and therefore should be regulated.
Yeah, that's the crux of the matter right there. If there were real competition in the sector this sort of activity would be fine. Arbitrary limits on usage can reduce network saturation. The result for the end consumer is a less useful and more expensive service, but that would be fine, if there were alternatives.
However, ISPs (both wired and wireless) have spent the last two decades or more deeply entrenching themselves. The networks they operate were often subsidized, at Federal, State, and Local levels. They have spent millions of dollars lobbying (successfully) for anti-competitive laws of their own design. They have either natural or government (Local or State) granted monopolies in most of the regions they operate in. They collaborate with their so-called competitors, dividing territory and colluding on prices and practices. All while providing what few would disagree is a basic necessity of modern life.
When all the significant providers of a necessary service engage in collusion and anti-consumer behavior, it is, and rightfully should be, time to regulate that industry. I don't lightly suggest regulation. Careless or unnecessary regulation can have enormous costs and serious repercussions. However, ISPs have shown time and again that, like the banking industry, they will engage in anti-consumer behavior for so long as they are permitted to do so. It's time to tell them otherwise.
Add to that the fact that Fat Noodle has come back and demonstrated that they had come up with the concept for their restaurant in 2008, trademarked the name in 2012, and failed to hear a word from Chubby Noodle's lawyers for months, suggests the Fat Noodle lawyers might need to get their heads straight.
Maybe that sentence has too many Noodles to be sure, but I think you meant to reference Chubby Noodle's lawyers as needing a good head straightening.
Just as IQ is really only a measure of how good you are at taking IQ tests, the only thing those brain games improve is your ability in that specific game. You might improve over time in that game, but that won't carry over into anything else.
That fuzziness or stretching sometimes makes it hard to make out fine details. E.g., when a character looks at phone. With lower quality video, all that you'll see is blurred letters.
Higher quality video won't make a bad movie good, but it does enhance my enjoyment of a good movie.
If you already have a movie in DVD format, there's no need to go out and buy a Blu-ray version. The increased quality is probably only worth ~$1-$3 (depending on how good the movie is), not the $20 you'll pay for a replacement.
I certainly don't get 4k, unless your TV takes up a wall. 1080p makes sense in some scenarios, but I usually go with 720p where available. My monitor is only 24", so I can't tell the difference between 1080p and 720p. Might as well save the bandwidth/space.
"(Source: 14 years of research into domain registration patterns and what's likely the largest database of abusive domains.)"
Oh yeah, the old "I won't provide my sources or credentials but I *know* and you just have to believe me". That's always a good argument. /s
Eh... I think I'll take him at his word on that. I've worked for a registrar before, and a common pattern of domains that show up in the abuse department is that most used the private registration service.
The problem is, there's a huge selection bias in his sample. He's seeing only those domains that cause problems, not the copious quantities of private domains registered for legitimate privacy / anti-spam (digital and physical) reasons.
I get what you're trying to say, but it's not exactly accurate.
Registering a domain requires registering a valid point of contact with ICANN. A "privately registered domain" is really another entity (usually the registrar, such as Go Daddy) putting themselves as the point of contact, and then forwarding you any correspondence (digital or otherwise) associated with that domain.
What you're paying for is the cost of that forwarding. Some companies may tack some profit on there, which is a bit reprehensible, but it's not as if it's a zero-cost thing.
There is no such thing as absolute security. Period, full stop. It doesn't matter how big or how small the target is.
That said, why should NDT know better? He's not a security expert, he isn't even in the IT field. He's a frakking astrophysicist. Because he's a celebrity, suddenly that means he has to be absolutely accurate 100% of the time, without leaving any room in his statements for misinterpretation? Just as the only unhackable system is one that doesn't exist, the only person who hasn't made a mistake in his statements is one that has never spoken. Why are people surprised that he's human? Why attack him just because he isn't infallible, when he never claimed to be?
The basic premise of NDT's statement is sound, even if he screwed up in the delivery.