Re: [Discuss] Effort to repeal Mass Tax on Software Services

2013-08-05 Thread dan
> Serious question: is there any evidence that legislators care about > these petitions? This is a bit out of left field, but I used to be the head of a largish community organization (the combined neighborhood associations of Cambridge). The Mayor and City Council were all liberal and Democra

Re: [Discuss] email privacy/security

2013-08-05 Thread Edward Ned Harvey (blu)
> From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss- > bounces+blu=nedharvey@blu.org] On Behalf Of Tom Metro > > a phone call to > convey the password Phone calls are unencrypted going across the same public networks. Even the IRS acknowledges this - I called them to have them

Re: [Discuss] email privacy/security

2013-08-05 Thread Richard Pieri
Tom Metro wrote: But S/MIME encryption is better than either. No, it's not IF you value privacy. First problem with S/MIME is that it depends on a certificate authority to issue X.509 certificates. We all know how uncompromisable these are. Second problem with S/MIME is that it's still susce

Re: [Discuss] email privacy/security

2013-08-05 Thread Kent Borg
On 08/05/2013 11:30 AM, Richard Pieri wrote: S/MIME is that it depends on a certificate authority to issue X.509 certificates. And we know that they can't be trusted. But, a big realization I had recently is that even flawed crypto is valuable. Okay, maybe ROT-13 isn't worth much. But ROT

Re: [Discuss] email privacy/security

2013-08-05 Thread Richard Pieri
Kent Borg wrote: Okay, maybe ROT-13 isn't worth much. But ROT-12, being a bit more obscure, starts to be useful. And something that requires a man-in-the-middle attack, is very valuable. Substitution ciphers fall in near real time to automated frequency analysis. The obscurity of the algorit

Re: [Discuss] email privacy/security

2013-08-05 Thread Kent Borg
On 08/05/2013 02:07 PM, Richard Pieri wrote: Flawed cryptography is useless. Good cryptography may be useless when one of your foes is responsible for approving and endorsing the encryption systems you use. Flawed crypto is of little use if they are specifically after *you* (particularly if

Re: [Discuss] email privacy/security

2013-08-05 Thread Bill Bogstad
On Mon, Aug 5, 2013 at 12:39 PM, Kent Borg wrote: > On 08/05/2013 11:30 AM, Richard Pieri wrote: >> >> S/MIME is that it depends on a certificate authority to issue X.509 >> certificates. >... > Good cryptography is great. Flawed cryptography--even just using obscure > non-standard compression

Re: [Discuss] email privacy/security

2013-08-05 Thread Richard Pieri
Kent Borg wrote: Requiring them to take active measures in advance of the communication (MitM attacks) or even afterwards (human intervention) harms their economics *enormously*. Orders of magnitude. What harm? The NSA has an effectively unlimited budget. The only real cost is time and that's

Re: [Discuss] email privacy/security

2013-08-05 Thread Kent Borg
On 08/05/2013 02:49 PM, Richard Pieri wrote: What harm? The NSA has an effectively unlimited budget. For what values of "effectively"? Even the NSA needs to get money appropriated. Make them put extra zeros on the end and it matters. If your foes include lesser organizations then maybe you

Re: [Discuss] email privacy/security

2013-08-05 Thread Richard Pieri
Kent Borg wrote: For what values of "effectively"? Even the NSA needs to get money appropriated. Make them put extra zeros on the end and it matters. Where "effectively" means that they get everything they ask for in terms of money and equipment. What does it take to grab all the e-mail

Re: [Discuss] email privacy/security

2013-08-05 Thread Edward Ned Harvey (blu)
On 08/05/2013 02:49 PM, Richard Pieri wrote: > What harm? The NSA has an effectively unlimited budget. False. Their budget is not large enough to crack really good crypto (256 bit with truly random key, and no other way to expose the key). Which means even a targeted individual can keep them o

Re: [Discuss] email privacy/security

2013-08-05 Thread Richard Pieri
Edward Ned Harvey (blu) wrote: Their budget is not large enough to crack really good crypto (256 bit with truly random key, and no other way to expose the key). Which means even a targeted individual can keep them out, if you are very paranoid and smart about it. You're assuming that the NSA n

Re: [Discuss] Effort to repeal Mass Tax on Software Services

2013-08-05 Thread Derek Martin
On Mon, Aug 05, 2013 at 07:25:52AM -0400, d...@geer.org wrote: > In a face-to-face exchange over proposed changes to our zoning law > (to curb over-building), these were the exact words from the Mayor > of "our fair city": > > You're right, but irrelevant; you don't deliver any votes. > > That

Re: [Discuss] email privacy/security

2013-08-05 Thread Derek Martin
On Mon, Aug 05, 2013 at 02:49:32PM -0400, Richard Pieri wrote: > Kent Borg wrote: > >Requiring them to take active measures in advance of the communication > >(MitM attacks) or even afterwards (human intervention) harms their > >economics *enormously*. Orders of magnitude. > > What harm? The NSA

Re: [Discuss] Effort to repeal Mass Tax on Software Services

2013-08-05 Thread Bill Bogstad
On Sun, Aug 4, 2013 at 2:52 PM, Derek Martin wrote: > On Fri, Aug 02, 2013 at 12:46:59PM -0500, Derek Martin wrote: >> On Fri, Aug 02, 2013 at 10:25:46AM -0700, Joseph Guarino wrote: >> > Also, I know I started a petition but another person had one with more >> > online. If you support repealing

Re: [Discuss] [OT] political petitions

2013-08-05 Thread Tom Metro
Derek Martin wrote: > Dan Geer wrote: >> ...words from the Mayor of "our fair city": >> >> You're right, but irrelevant; you don't deliver any votes. >> >> That was educational and factual. Petitions, to be effective, >> need to be like tracer bullets for artillery to follow. > > My impressio

Re: [Discuss] Mass. outlawed independent contractors in software and other creative professions in 2004

2013-08-05 Thread Tom Metro
MBR wrote: > http://www.wbur.org/2010/06/30/independent-contractor-law. > > A 2004 change to Mass. law that software temp agencies have only > recently discovered, makes it effectively impossible for programmers and > people in other professions who create intellectual property to operate > as inde