383700+ entries in 0.136s
mircea_popescu: there's a reason people engaged in fencing stand sideways. and they all do it, because even if awkawrd and lulzy a stance, it is more secure.
mircea_popescu: security is, in the end, the job of minimizing exposure.
mircea_popescu: also, whole disk vs file that was being processed. also very different payoffs.
mircea_popescu: again different windows. "computer being on" vs "that second right after he's typed a pw"
mircea_popescu: re-reading the thing i gotta give it to dub... he kinda has good points.
mircea_popescu: jurov ostensibly they can just shoot you, too. hardly part of the discussion i guess.
mircea_popescu: we can agree that wearing a maillot is kinda like being dressed, except if it gets wet, or if it gets flashed or if there's a black light etc.
mircea_popescu: they may be more convenient or profitable or w/e, but they're still qualitatively different.
mircea_popescu: nanotube yes, we can. but we'll have to agree that while some things provide absolute protection against the attack vector, some other things provide partial protection.
mircea_popescu: you're not making his case for him in any circumstance.
mircea_popescu: Bunnyh in most free countries it's enough to say it's nobody;'s business what you kee pthere and the da can either make a case or get lost.
mircea_popescu: circumstantial evidence, of the weakest sort. i'll just point and laugh at you.
mircea_popescu: "your honor, we know X talked to Y. therefore X did it" ?
mircea_popescu: nanotube it's basically an antivirus product. it's good to have for your girlfriend, so it keeps the system sorta-above water.
mircea_popescu: nanotube nope. recall, im the guy using his real name in the bitcoin space.
mircea_popescu: i mean i get it, it's lazy cvasisecurity. grand. may work well in many cases. i don't want it in my airgapped machine.
mircea_popescu: otherwise, in good old unix fashion, a partition is a file anyway.
mircea_popescu: nanotube as long as it's not bootable, perhaps it can be well implemented.
mircea_popescu: ftr, im not saying fde will never work. it may eventually work. we're not there yet.
mircea_popescu: 's convenient in some cases. you have to appreciate we were discussing a specific rthing, ie, making an airgapped machine.
mircea_popescu: dub well sure, but it still is a smaller burden. smaller burden wins.
mircea_popescu: otherwise we're back to yadda yadfda, you can't say faith healing doesn't work.
mircea_popescu: this is why you need experts : so they make definite statements in places where the common sense seems lost.
mircea_popescu: without going into all the ways truecrypt is broken and etc, which i don't feel i have the energy for
☟︎ mircea_popescu: file level encryption makes a less burdensome requirement.
mircea_popescu: basically, in the simplest of terms : fde requires key be available for the os at all times the disk is in use.
mircea_popescu: how the hell are you going to boot an encrypted disk ?
mircea_popescu: ok, let's make it simple : do you agree that in order for your system to be safe it has to be powered down, whereas for gpg to be safe it doesn't have to be powered down ?
mircea_popescu: it's just nonsense. to be able to boot you will have to at some point trust the machine. that's all.
mircea_popescu: i can just steal your key from the boot in a variety of different ways, also from recently powered down systems,
mircea_popescu: dexX7 there are numerous different avenues to remove encryption from a full disk encryption schemes.
mircea_popescu: because should you obtain the encrypted file there's nothing you can do.
mircea_popescu: nanotube and as to "use both" : the point of science, any science, is to isolate what works from what doesn't and exclude the latter. this is why dentist treats your teeth his way rather than recommending you "also use shaman method".
mircea_popescu: so what is this, "it's safe because bad guy is presumed stupid" ?
mircea_popescu: but that's the usecase man. full disk encryption is supposed to protect the data from physical access attacks.
mircea_popescu: nanotube if i get your "full disk encrupted" pc i can full disk decrypt it. if i get your gpg'd stuff, good luck to me.
mircea_popescu: we'll be registered once we take over, and we make the rules for registration.
mircea_popescu: until such a time I move into the building vacated by the fiat ex-stock exchange, and until such a time I'm sitting on the policy panel deciding how stock exchanging works, this will remain the case.
mircea_popescu: "Dr. Garrow states President Obama had Tom Clancy killed as well and noted that it takes 5 days for plant toxins and most poisons to break down and leave no traces in the human body. Amazingly enough, or coincidentally, the doctors did not perform an autopsy on Tom Clancy’s body for 5 days."
mircea_popescu: that aside, i can live fine with people up to about "modern conservatism"
mircea_popescu: big deal russian girl band. first group to get eu platinum in two languages.
mircea_popescu: "si no cocino, no como" > if i don't pork, i don't come.