Brekken's Law (assuming that's his surname from the email in his profile). It's a snowclone of Zawinski's law of software development[1]:
Every program attempts to expand until it can read mail. Those programs which cannot so expand are replaced by ones which can.
It really is true. My previous employer had a dream of turning their extremely specific web app into a platform, with an app store and everything. I assume that being a platform means big bucks, idk.
Putting even the most secure and resilient backdoor should be considered a failure of freedom, privacy, and politics.
At the end of the day backdooring encryption does nothing but weaken everyone's security without actually helping intelligence agencies, at least in the face of serious actors.
Fine, agree to a global backdoor or all crypto with a handful of trusted key holders, how long until the algo or key is leaked, how long until a flaw in it's implementation is found, how long until some TSA agent is photographed with the password blinking on his screen in a news article.
All this will do for bad actors is ensure they assume whatever service provider isn't to be trusted in their implementation and just use a 3rd party process and/or open source tool chain to produce encrypted messages that will be routed over already encrypted networks. Great, your backdoor got you to a second layer of ciphertext that you still can't make heads or tails of, meanwhile you've weakened the security of literally every person on earth.
A backdoor is unacceptable, no matter it's perceived strength, value, or safety.
Encryption with a backdoor is not weak it's unencrypted. Anyone who says they want such a thing should surrender their band account credentials first so we can demo what will happen.
I understand the aversion to backdoors and am quite sympathetic to the view that all encrypted communication should be revealed only to the sender's intended recipient(s). However, the choice is not always ours to make.
I'll be interested to see how they prevent theft of their source. It doesn't take long to get around obfuscation and such. If a person takes their HTML libs and slightly modifies the code and releases as an open source alternative to GreenSock... just curious how they'd go about combating that. Obviously they'd have to go after the site owner, but I don't think most site owners know what underlying frameworks go into their sites functionality. If they have thousands of sites using a port of their code and it was developed in India by a small team found online or something... where does the hammer fall?
You think that the email spam industry collectively employs more than 500,000 full-time voting adults, rather than a relative handful of humans and tons of bots? It's fine if you do, my hunch is just different.
LOADS of what people classify as "spam" is simply stuff they signed up for and forgot about. Just last night a client had someone write in saying "I'm not getting your emails!". After some back and forth they had - 2 days prior - marked it as "spam" because they didn't recognize the name of the list, and so weren't getting any more mails (or, they were getting junked).
You may be able to make an internal distinction between "the spam industry" and "email" but many people can't or don't. Or perhaps more to the point, many people classify spam as "anything I don't like or didn't ask for" (even if, by dint of entering in to a transaction, they do in fact grant permission to get necessary emails now and then).
I'm glad someone else made this reference. The first half of the story reminded me of Chappelle's "I'm sorry officer - I didn't know I couldn't do that" bit
Note: I'm not much of a rap fan, but rapgenius has more than rap on it.
>Why? For what exactly?
It's interesting to see what other people think some of your favorite songs mean and you can look at music in different ways. The same reason I'll talk about good albums with friends.
> How do you put up with that UI?
I can read the content and while I'd appreciate a better design I'm not an elitist.
Can't tell if serious...in all reality though, why not? It's not like I get a big break by defaulting on my loans (or rather, being sold to a different collection agency). If Company A is going to sell $10,000 of debt to Company B for $1000, and I'm going to have my credit dragged through the mud, make my life miserable and still owe $10,000 that I might be able to settle down to $5000, why not just pay Company A $1000, have my credit dragged through the mud, and get on with my life? Company A doesn't lose anything they haven't already lost, my situation is greatly improved, and I don't think anyone is crying for the piranha Company Bs out there. And it's not like my credit going to crap is a win-win scenario.
I'd assume this maneuver would trash the debtor's credit, reducing their future access to credit - thus, limited moral hazard. The presumption, more likely, is that any price a debt collector is willing to pay for a debt is more than what a penniless debtor is able to. $20k of debt wouldn't sell for $1k unless the debtor were making so little that $1k would be a substantial amount of their time (else the cc company wouldn't sell for $1k).
CC companies have no idea what you can or cannot pay, nor do they care. What they care about is that you haven't made a payment in a while, despite letters and phone calls urging you to pay. After a fairly short time they want (and perhaps must) clear the debt off their books, so they sell it to a collection agency. They appear (based on the article) to sell at a fixed 5% rate rather than auctioning the debt to the highest bidder.
So, if the debtor can afford 5% but no more, the CC company achieves their goal of clearing the bad debt for the same price they would by selling to an agency.
Why not hold out for more? The debtor has already shown an unwillingness to pay under the current terms, and time has run out for holding the bad debt.
Why would the debtor be willing/able to pay 5% but not the current terms? For a CC, it's probably the interest rate and interest balance. In this situation the CC company is usually charging 19% - 25% interest and including accumulated unpaid interest in the balance. If the debtor makes a payment, the terms say that the payment is applied to interest first, so the debtor's principal is not reduced at all until ALL of the interest is paid. That can be lifetime indenture to the CC company. A 5% payoff is a renegotiation of the terms which will terminate the account and prevent any further interest charges. That's worth scraping together the money needed for the payoff.
What if I told you that medical/accident/disaster expenses (even just counting deductables and co-pays when insured), are not "borrowed to live a comfortable life" but are treated by the credit system the same as unbridled credit spending?
Even the better - someone who has decided that he really doesn't need to ever borrow money has no worries about any credit ratings, so borrowing $20 000, 'defaulting' and paying $10 000 to cover the loan would be completely free legal money with no practical consequences.
I think the "Dark" in "Dark Mail Alliance" is meant more in the sense that it's "off the grid" of NSA spying capabilities, not that it's meant to be used for nefarious purposes.
I would agree, but the word means what people think that it means, and the most likely interpretation will be "nefarious purposes". Especially when the powers that be will likely oppose this, the more braindead you can make your image, the better.
I'm sure their intention was not to be used for nefarious purposes, but that doesn't mean NSA/FBI/Congress won't try to portray it as such.
But anyway, I'm starting to get the feeling this issue is taking too much attention from the protocol itself, which is the big news here. If they want to change it, great, if not that's fine, too. They just need to make sure the protocol is great, and can get other big e-mail providers to support it, or at least a ton of smaller ones.
