As a Canadian, you can, however, apply for TN (NAFTA) status at the border. You need a prearranged job to do this, though, and it has to fit one of several categories defined by NAFTA. Typically, you must have at least a Bachelor's degree.
I'm a family-based immigrant so I don't know how hard it is to get prearranged work on a visa basis. I do see a lot of postings that require permanent residency or citizenship, though I believe such immigration classification discrimination is illegal.
Pick ONE (not two or three)
The EFF and the ACLU are fine for what they are, but they've got too broad of a mandate to have the kind of focused impact you want. You can't be an effective mainstream advocacy organization when you're off defending unsympathetic people for principled purposes. That's an important thing too, but it's a different thing.
For people interested in effecting real political change, I seriously recommend watching this documentary on the Prohibition: http://www.pbs.org/kenburns/prohibition. One group of people got a nation that until (and during and after!) prohibition drank 140 million gallons of liquor a year to outlaw alcohol. The money wasn't on their side (the government made 1/3 of its revenues from liquor taxes and the beer makers had tremendous power), but they accomplished their goal by masterful politicking: http://en.wikipedia.org/wiki/Wayne_Wheeler.
"Under Wheeler's leadership, the League focused entirely on the goal of achieving Prohibition. It organized at the grass-roots level and worked extensively through churches. It supported or opposed candidates based entirely on their position regarding prohibition, completely disregarding political party affiliation or other issues. Unlike other temperance groups, the Anti-Saloon League worked with the two major parties rather than backing the smaller Prohibition Party."
Well, first of course there's a lot of us. Even having only a fraction, the NRA now has 5 million members. The EFF? I would be surprised to learn they had more than 50,000 (couldn't find a number in a quick search).
2nd, we vote, and many of us vote first and foremost on this issue. Especially since it's a good general touchstone, not that more than a tiny tiny fraction of national level politicians really give a damn about either issue no matter what they say most of the time.
3rd, there are many major elections where it's clear gunowners were a necessary if not necessarily sufficient part of the winning side. Gun control at the national level mostly disappeared in this century until Newtown after the Democrats suffered a string of catastrophic defeats from losing both houses of the Congress in 1994 to Al Gore losing by a whisker in 2000. That it was even close is telling, especially since Bush isn't much of a conservative or friend to gun owners, e.g. he officially supported renewal of the "assault weapons" ban.
(Note that it's in our cultural DNA to defy being told we can't or shouldn't have something, be it guns or e.g. drugs. But those are tangible, literally put your hands on them things, not like "privacy", the loss of which isn't immediately visible.)
On the side of the Stupid Party, every post-Reagan defeated Presidential candidate was, or appeared to be bad on gun ownership (Romney's actions were good, but his rhetoric was very bad). Again, the very narrow margins by which Bush won in 2000 and 2004 are probably also telling, bad rhetoric and very few good actions.
Now for some historical specifics that made a difference:
The biggest is how extreme gun grabbers are. While businessman Eric Schmidt is notorious for some creepy even if possibly true statements, I'm not aware of any national level politician who's willing to go on record saying we have no right whatsoever to privacy (whatever they actually believe).
Nothing compared to e.g. Dianne Feinstein's "If I could have gotten 51 votes in the Senate of the United States for an outright ban, picking up every one of them . . . Mr. and Mrs. America, turn 'em all in, I would have done it. I could not do that. The votes weren't here.", or Michael Dukakis' "I do not believe in people owning guns. Guns should be owned only by police and military. I am going to do everything I can to disarm this state."
Legislation stripping us of gun rights are much more in your face than e.g. FISA, and have much more concrete results (see below). Privacy is much more a Federal issue, although there have been a number of gun privacy atrocities at the state and local level. Whereas the nation frequently watches some state go crazy and e.g. tell you that you can load only 7 bullets in your 10 round magazines ("clips"), and arrest people on that basis. Plus hypocrisy, there are many many carve outs for the anointed, be they police or politicians, or the frequent discovery that a prominent gun grabber owns guns. And all the politicians with armed bodyguards telling the rest of us we don't deserve that level of protection.
Then there are specific atrocities, cases well known by gun owners of innocents brutalized or killed by abusive organs of the states. This became big a while after the national Gun Control Act of 1968 was passed, when the BATF had to find something to do for its Revenuers after sugar price supports killed the moonshine industry.
Our side can point to kittens killed ("I swear I am not making this up"), pregnant mothers who miscarried, people crippled for life, mothers shot dead while holding a baby (Ruby Ridge, in which the BATF was enlisted to try to force her husband to spy), and many many outright killed (Waco started out as a BATF "ricebowl" operation, they wanted some nice video for their first budget in the Clinton Administration). Plus a constant drumbeat of gun owners ensnared by "flypaper" laws in gun grabbing localities; even NYC has realized it's damaging their tourist industry.
And how could I forget Fast and Furious, just one of several Federal Government gun running operations that sent thousands of guns south of the border, resulting in 350 deaths and counting, just to generate better statistics for gun grabbing propaganda (that reason is now on record and any other explanation suffers an Underpants Gnomes logical error).
The very secrecy of our national security privacy problems makes the latter problematical. Ignoring that the targets of the DEA are seldom ones we can empathize with, that they launder the tips they get from the NSA means that as of now I don't think there's a single specific case we know of.
And one final general point: lots of public figures are willing if not happy to demonize gun owners of almost every sort, and gun organizations (we can see the latter in this discussion). That results in strong push-back from the targeted (again, it's not in our cultural DNA to take that lying down).
The problem is, it's mostly supported by individuals, not the industry. And there are a lot more individuals interested in gun rights than electronic rights. It has a budget that's a tiny fraction of the NRA's.
Other ways you can help EFF, like using their Amazon referral link:
So apparently no one at Hacker News knows about EPIC:
which is, more or less, what the original poster is asking for. They're not militant, I suppose. They don't have the same level of anger that the NRA manages to harness, don't have talk radio hosts promoting them, that sort of thing. But they do exist and are focused on this one issue of electronic privacy, and yet apparently are failing at their job of self-promotion, because no one on HN knows they exist.
Are they failing to do enough outreach? Is a different organization really needed, or does EPIC just need to do a better job of marketing itself?
Privacy? Not so much. But we do have the EFF. So donate!
So, in the case of Privacy, you aren't fighting your Representatives who can be bought to change laws. You are fighting the Court. That fight is much more of a long game. And that long game would seem to be better won through broader Civil Rights which are already under attack. Read the First Amendment and think of Snowden and the media. Read the 4th and consider the broadness of "unreasonable" and where it extends to property seizure laws. Heck read the 8th and consider how broadly solitary confinement is used as punishment in our prisons. Or how anti-drug and anti-marriage laws restrict personal choice. To me, protection of our broad Rights against the Leviathan is the issue of our time.
That said, the 2nd Amendment is also an ally in this fight. In contrast to Privacy, the right of gun ownership is explicitly guaranteed and the NRA is a partner in questions of privacy. We just need to help them realize that the national security apparatus could easily be expanded inwards to target gun owners. We need to help them realize that the technology to do so is already trivial for the Big Bad Government.
The NRA & the gun industry have successfully marketed a product, and the NRA has successfully marketed itself as the means of protecting customer's rights to that product.
Note, the NRA doesn't have to be the one that markets gun ownership as a positive - that can come from any number of sources, inside and outside of the gun industry. The NRA just has to give the image of being the political outlet to protect that right. Thus the media and/or possibly the gun industry can throw gas on the fire to show that guns are a necessity of American life and in turn because of it's perceived credibility on the issue people vote according to what the NRA says.
Now, presently I don't think either the NRA or the industry really has to do much work marketing guns. All they have to do is hold back the tide whenever a tragic event happens and forestall action when the willpower to change is present. Then, when election season rolls around, they just remind their members how to vote.
In the case of privacy there is #1 no product, and #2 no clear "defender" of our right to privacy. Further, given the nature of privacy, I don't think there will ever be a clear product or defender for/of that right. Without that, there's never going to be the approach that markets the product as a necessity or a group people will pay attention to when voting.
Just think about the ACLU - part of their mission is privacy. But yet I'm sure half the people who care about internet privacy don't even like much less trust the ACLU. EFF - majority of the population hasn't heard of them. It's just too sensitive of an issue to have a blanket organization representing everyone's interest.
Finally, as a side note, I think I would pay for an email service like this: free email, with conditional payments. Whenever the service receives and refuses a government request, it charges a very small fee (couple cents or even a penny - will wait till x amount has accrued before charging card). Then in turn, the payment fee goes to the campaign of a pro-privacy candidate or organization like the EFF etc.
The NRA does this and, like the ACLU, knows to defend the extremes. If we want the 4th amendment defended, then we need that type of organization.
If you hate the NRA, it's easy to paint this political stance as nothing but a move of pure-gun-lust...however, such stances set precedent for other privacy related rights. To put it another way, just because the ACLU defends pornographers, it doesn't mean the ACLU is doing it purely out of love for pornography.
edit: In any case, there will never be a "NRA for Privacy". Pause and think about it. What does the average person experience in terms of privacy invasion? Not too much, and not at a constant clip. Would that average person be able to discern between heavy privacy protections versus some privacy protections, on a daily basis? Not really, you mostly only know your privacy is being invaded when it's too late.
Compare that with how your life as a gun owner changes if, say, conceal and carry is revoked. Or AR15 rifles are banned. You experience that immediately.
Also, good luck getting celebrities on board. They are used to having their privacy violated as a matter of routine. For them to experience a real change in privacy would involve infringing on certain First Amendment rights (look up the difference between public and private figures)
In the past, naturally occurring inefficiencies helped to safeguard privacy. Privacy was free. However, now that the technology to collect, store, analyze, and distribute information is so cheap and readily available, we are seeing a massive loss of privacy.
As an economic externality, privacy can only be protected through deliberate effort. We will not get privacy unless we demand it from society. Therefore, political action is a prerequisite. Pro-privacy organizations will be essential in the years ahead.
People only like privacy as an optional concept; what they really like is sharing their personal information with strangers on the internet.
Just as the Rutherford Institute is more protective of individual rights than the ACLU is.
But you're right we need an organization for privacy.
The EPIC and EFF are not enough.
Google don't be evil? FAIL
We need a global charter for privacy rights.
If you take a narrow focus on a particular cryptographic event (such as your encryption of a string with an RSA public key) then you miss the greater story about encryption: it's not just the individual cryptographic primitive that needs to be implemented correctly, it's everything else.
An RSA encryption like that does not stand alone. Keys must be generated, secured and distributed. The RSA library itself must be validated to ensure that it works correctly. The actual primitive must be used correctly (in the case of RSA don't use a stupid exponent as some have done). And the environment within which the encryption is used must be understood and secured (just look at the CRIME and BREACH attacks against TLS to see how something 'secure' can be broken because of something apparently irrelevant, in this case, compression).
The overriding reason that encryption is 'hard' is that secure computer systems have enemies and those enemies (attackers) will do _anything_ to attack the system. They will attack it based on timing, compression problems, flaws in the protocol, freezing the RAM to extract a private key, etc. etc. There's really no end to the variety of things you can try to attack a cryptosystem.
So, building a secure system may have encryption as a necessary condition, but it's not sufficient. So much else can and will go horribly wrong.
If you are interested in this hit the books and understand the history of cryptography. For example, look at how Vigenere was broken by Babbage, or the Venona ciphers, or Lorenz. These 'old' ciphers can tell you a lot about how people actually attack things. Then read about modern ciphers and attacks on them. Wikipedia has much. Read about TEMPEST and imagine other attacks possible in that way.
http://nacl.cr.yp.to/features.html High-level primitives A typical cryptographic library requires several steps to authenticate and encrypt a message. Consider, for example, the following typical combination of RSA, AES, etc.: * Generate a random AES key. * Use the AES key to encrypt the message. * Hash the encrypted message using SHA-256. * Read the sender's RSA secret key from "wire format." * Use the sender's RSA secret key to sign the hash. * Read the recipient's RSA public key from wire format. * Use the recipient's public key to encrypt the AES key, hash, and signature. * Convert the encrypted key, hash, and signature to wire format. * Concatenate with the encrypted message. Sometimes even more steps are required for storage allocation, error handling, etc. NaCl provides a simple crypto_box function that does everything in one step. The function takes the sender's secret key, the recipient's public key, and a message, and produces an authenticated ciphertext. All objects are represented in wire format, as sequences of bytes suitable for transmission; the crypto_box function automatically handles all necessary conversions, initializations, etc.
Somewhat unique to security and cryptography are the number of subtle bugs possible. There are both problems of actual "normal" bugs (like the Debian entropy bug) and system level design errors (like CRIME).
NaCl/Salt tries to reduce the number of errors possible by using the library wrong (as opposed to eg: openssl that has a very (some say too) rich interface). But you could still end up writing the secret key to swap. Or doing something silly with the plain text. Or expose yourself to a buffer overflow in the part of the code that renders those cute avatar-images for your chat application.
- Simply encrypting your message as indicated will not protect you from replay attacks. Someone could record your message and re-transmit.
- Simply encrypting your message will not assure that the contents haven't been modified, someone could patiently sit in the middle poking bits to see what happens.
- Most encryption schemes will require you to choose a block cypher, doing so requires some knowledge of the options and the data you're sending. Some handle large amounts of data poorly, others fail when you send identical messages.
- Most encryption schemes will require you to initialize them with truly random data, both an early version of Netscape, and Debian messed something up and provided far less entropy than they appeared. Relying on /dev/urandom on a machine that's just booted, or otherwise faulty entropy providers is fatal.
- Attackers can record your data and play with it forever, so even if a mistake or attack isn't revealed for years, they can still go back and decrypt your data. I believe the NSA broke the Russian's use of a One Time Pad because they re-used pages years later.
- Simply encrypting data doesn't provide assurances that you're communicating with the system you think you are, the initial contact is still tricky.
So there's more to it than a single function call.
The overarching problem is that you don't really get any feedback about whether what you're doing is right or wrong. For example, no cryptographer would use RSA like that, but that's not obvious just from studying the wiki article. Or from looking at the function output - it does turn ASCII into gibberish, as advertised, and that's where most developers will call it a day.
The moving parts are also treacherous. You're not just going to encrypt a string - someone is meant to decrypt it. Have you authenticated the ciphertext? Are you exposing a padding oracle? Or timing attacks? Are messages susceptible to replay? In crypto systems, these things are equivalent to locking the front door and leaving the window wide open.
In practice, most insecure crypto constructions aren't due to bugs in the implementation of RSA or AES. They're because of developers choosing inappropriate primitives, gluing them together incorrectly, or inadvertently exposing dangerous side channels.
Fortunately, there are libraries that can help. As mentioned elsewhere, NaCl/Sodium and KeyCzar provide higher-level interfaces that can abstract away many of these issues.
A given: all software has bugs. Usually, that doesn't matter a CRUD app will eventually get debugged enough to the point of usability. (Sometimes even maintainability.) We do not understand enough about programming to guarantee perfect execution in all cases, but no one gains any value by causing an obscure input case to cause a null pointer exception.
Whenever we use crypto, however, we inherently have code which protects something valuable: from forum passwords to credit card numbers to state secrets. This means that all the subtleties which break in ordinary code, but no one cares about, suddenly become important. Every interaction of input to memory to processing to storage (to network) must be scrutinized for places where a crucial piece of data may leak an encryption key, or perhaps just enough known plaintext of known cyphertext to mount an attack.
To repeat what others have said in answer to your more general question - solutions to "real world" problems include more than a single call to a primitive. So you need to find libraries that provide a higher level API, like parts of NaCL http://nacl.cr.yp.to/, Google's keyczar http://www.keyczar.org/, etc.
Even for simply encrypting a string with a password - https://pypi.python.org/pypi/simple-crypt which is what I talk about in the first link - I needed three things: key strengthening, the encryption itself, and an HMAC. Making those work well together was harder than I expected (at least 5 bugs harder...)
The results of this is things like the developer who used "1" as the multiplication factor, so to decrypt the data, you need to divide each block by 1...
1. For a high value target like Edward Snowden, there is a broad spectrum of attacks, and any operational weakness is fatal. There are many examples of these attacks described on this thread. Unless you know what Snowden knows, odds are you will not get it right.
2. BUT, if everyone had easy encrypted email and real time communication, the mass surveillance machine would be blinded, because the kinds of attacks that are used against high value targets do not scale up well.
There's a massive market for easy-to-use encryption. Easy-to-use does not imply insecure in any way at all.
It's also very hard to figure out if your encryption is bugged or not. I guess that for most us, once your method returns a hash, you expect that everything is secure.
On a side note, I wonder how many people on HN would claim to know the inside out of encryptions. (Not the difference between SHA1/MD5/bcrypt but the actual math behind derivations and how they work)
disclosure: I'm a co-founder of LaunchKey
From their homepage:
Crypter crypter = new Crypter("/path/to/your/keys");
String ciphertext = crypter.encrypt("Secret message");
For example, a common mistake is to assume that by encrypting something, attackers can no longer change it. Or perhaps you'll use your standard equality operation to check whether a decrypted string matches some value, without thinking about timing attacks. Or maybe you'll just use AES in ECB mode.
A good crypto library should keep your data safe for decades. We don't make the same demands (no bugs, due to no updates possible) of other software that often.
Also, proper key management is out of reach for most of us.
e.g. easiest to use :: SSH with password <<>> SSH with passphraseless keys <<>> SSH with passphrase-protected keys :: most secure
I think what we need, for email at least, is a completely new protocol that's end to end secure (as hard as that is). The problem though is that I don't think something like this can be done anymore, without "interested" corporations co-opting or talking it to death. The golden age of the internet is gone.
and took the Science and Business course at Waterloo/
And if you're a Windows user wanting to use Python modules that are partly implemented in C, I recommend downloading them in binary form: http://www.lfd.uci.edu/~gohlke/pythonlibs
It's better that they don't use encryption than it is for them to use it incorrectly (insecurely) and give them a false sense of security.
This "idea" comes up year after year after year after year. Occasionally, someone says they'll build a better mousetrap. Always, nothing comes of it.
PS: Zuck does not care about your privacy in the least. You are not his customer, you are his product. Advertisers are his customers.
The biggest challenge is to get grandma / soccer mom and the girl next door to care the tiniest bit about encryption and privacy.
It's the cold hard truth, the overwhelming majority simply don't care. They don't understand why they should care and they don't care enough to learn why they should care.
With things like this, the average person continues ignoring it, until he feels directly threatened in the near future. Anything more than that and they start to think "meh...who cares...maybe another time"
Imagine in 1990 someone told you "in 20 years time people are going to be spying on themselves on a daily basis and providing detailed information about their lives to their government, they will login to a computer system and will enter what's on their mind, what they've been thinking about, who their family is, where they work, with whom they've had relationships with, what they like, where they have been, what events they have attended, their gender, sexuality, birthday, religious and political views and albums and albums of photos of themselves and those who refuse to spy on themselves will be rather alone, disconnected and viewed as rather weird for not participating in these wonderful activities".
Who would've believed that? To an spying/intelligence agency that sounds so good that wouldn't even be capable of imagining ever seeing it as a reality.
Yet here we are, 23 years later, and it sounds all too easy "Facebook", "Twitter", "LinkedIn", "Social Media". The population has been brain-washed to accept, adopt and love these tools with their cute names and logos and seemingly innocent appearance.
Before NSA and PRISM revelations you could call me a delusional, overly-negative, cynic, techophobe or conspiracy theorist. But not today. Today we know for a fact what is happening, and we know that's just the tip of the iceberg that we know about, and just like pre-PRISM times, there's probably a lot of nasty crap that we are not aware of until the next Snowden reveals it.
It all makes sense now.
I wouldn't count on Zuck though, he kind of lives from facebook being unencrypted.
The private key should never leave the users machine and should definitely not find it's way to one of the worlds biggest eavesdroppers.
He always seems to be in absolute control of the conversation. If somebody wants something done, he'll always be totally honest with them, in a very direct way. So, if someone says, "Instead of buying recommended UTM, I'd like to just use free Antivirus program that's not fit for business use", he doesn't let it just go, he'll say something like, "That isn't a complete solution and it's going to end up costing you in malware removal time and headaches. You really should just use this product as it will save you money and time in the long run. I can get you a quote on it before the day is over."
He totally owns the conversation and directs and redirects it to a central point. In this case, that point is 'Free AV is not a good solution for businesses that have hardware in house. You need a UTM of some kind." It's never, 'I recommend..." or "I think you should...", it's always, "This is how it is in the real world. You aren't hiring me to softball in suggestions, you are hiring me to be an expert." He addresses their motivations, in this case, cost and benefit of a proper solution.
For design, I'd imagine it'd be very similiar. Something on the lines of, "Comic Sans is an unprofessional font. It does the face of your company a huge disservice and should be avoided."
I honestly suck at it and I'm trying to get better and owning and directing conversations with customers -- The advice he gives me is go into a conversation with a purpose and a direction. Redirect the conversation to the original purpose when you need to ("We can talk about other thing, but first, I really want to get this product/website/solution in your hands before we address that. What do we need to do to make that happen."), and finally, slow the conversation down enough to really hear what they are saying and understand their motivations and then respond accordingly. It's really easy to let a conversation run away from you and you end up following a mental script instead of actually responding to a customer.
If he'll pay - he's yours.
If he won't - he never was.
* The spinning gear for 'Rapid Setup' really distracts me. Animation is good when used well (perhaps to direct people to the sign up form?) but this looks like it is not well thought out.
* The features panels have blank space underneath them. It looks weird and incomplete. You should make their heights consistent and the height should be set to that of the tallest panel.
* The scrolling threshold for the menu banner appearing is too high - it feels unnatural. I think it should appear earlier. Is there another site that uses the concept that feels more natural, so you can copy their timing?
Sorry, no comments on the actual product as I'm not in your target market.
I signed up and am really interested in hearing more such as what the time line looks like. In short, my company is a group of clinicians + developers.
www.aqua.io may or may not be doing the same thing.
I recommend learning C after Java. It's much more difficult to learn, but your prior Java experience will help you pull through.
Note: this all depends on what you mean by "some" programming experience.
If you're the litigious or confrontational type, you might be able to spin this type of incident into a lawsuit or threaten them in some sly way to guarantee the job. I wouldn't do it that way or recommend doing that, but that's certainly an option for aggressive personality types.
The personal family stuff is just wierd.
Friends, family and fools come first as a source of borrowing.
Then perhaps a credit card (0% intro APR if possible; that should play well against your 5 month plan to repay).
LendingClub, Prosper.com, and similar make a song and dance a possible vector for getting crowdsourced loans.
Then perhaps a bank loan, or title loan/second mortgage if you have anything of value.
Depending on what you plan on spending the money on, store credit cards from Walmart, etc. can also come in handy.
Hopefully you're not planning on investing it in Bitcoin mining equipment from a mysterious seller on the internet.
I'll go ahead and ask another question:
If I've got a multitenant system, how can I best protect my clients if they're on a box with somebody who pisses off the feds? I don't want to go all Cryptonomicon here, but what can I do beyond a bunch of separate encryption keys and directories and whatnot?
Anything less would be folly, there are so many hops where people could be listening in on your data (starting with the cable that runs from your keyboard to your computer) that even an email sent to your 'drafts' box on your own IMAP server is probably not secure. Unless you own the co-location facility and all the infrastructure between where you sit and where you store the mail.
The whole security thing to me is a matter of economics. I assume that any data that is not worth reading is collected and that anything that is worth more than it would cost to collect and read is read.
Maybe that's a paranoid view of the state of affairs but at least I won't be surprised or disappointed. My main bulwark against wholesale exposure of the contents of my inbox is a 'Rob'. Rob is a veteran sysadmin who configured and set up my machine and I trust him (I have to, since he has access).
Rob is secure in the sense that he's an honorable person, and that I believe that there is no offer that could be made that would make him break our bond of trust. So short of blackmailing Rob (which is hard, and I would definitely forgive him if that were to happen) my stored email is reasonably secure, but any email in transit is fair game and will probably be caught somewhere along the line and I treat all email that I send and receive as public as a consequence of that.
Even if you use the "technically challenging" PGP (i.e. challenging for the layman), then the metadata still leaks relationships.
We need a replacement that is secure by default and easy to use, so that 'Mom and Pop' can make the easy switch. Get that right and you can replace email.
In my opinion, a company like Yahoo is in the perfect position to write, sponsor and open source an new innovative messaging solution, that is secure by default (and cannot be made insecure) and cannot be monitored. External validation of the source code and cryptographic implementation would be paramount. A whole ecosystem of new "secure messaging" servers and clients could spring up. It could be the next paradigm shift on the internet.
Yahoo are slowly getting back on their feet. If there ever was a perfect time to release a killer app that would resonate with the majority, it would be this. From trampled and downtrodden to the golden boys (and girls) again.
Go on Yahoo. I dare you!
From a simpleton POV... there is a wire from my computer to an ISP. Then from that ISP to another ISP. Then from that ISP to a recipient. At any point some one can intercept and decode. So, AFAIAC, that's an end to it. Even if the data can be secured from being read, there is proof that one computer talked to another computer about something. That's often enough "evidence". Its an opening.
Frankly I don't see how the internet can be secure. AFAIK, it never was.
I knew that well funded government agencies could probably get access to anything, so with that caveat yes, I trusted a few providers.
In general if it's important you shouldn't trust anyone. Use GPG, but do so carefully after reading all the documentation.
I trust providers that offer encryption to prevent basic things like my ISP looking at data or maybe casual eavesdropping if I'm in a foreign country. But the idea of hosted services that completely protect you even against the government of the hosting country, which is how these services seem to be sold, is sort of unrealistic.
And in the broader sense, I trust something like Lavabit less than Gmail. Permanently losing access to my email without any warning is a bigger threat to me than whatever ill defined privacy line Lavabit claims was being crossed. Email for me is primarily about convenient communication. If I want extra security for some reason, I'll use something else or combine GPG with email.
Yes I'm aware of GPG etc but no one else is.
Of course, it all depends on what your threat model is. Are you a target of the NSA, or a jealous spouse? That's what this comes down to. Neither Lavabit nor Silent Circle could have given encrypted and unattributable email service - so if that's what you needed, you're SoL. If server-to-server encryption was all you were interested in, then the distros of pgpu they used would have been fine for you.
It's hard to think of a threat that would be stymied by server-to-server encryption alone. Maybe someone else has a good idea of what that might be, but it's too early for me.
Lava happened to have a known, admitted national security threat as a client/user. It is expected, legal, and proper for a national security letter to be used in this context.
It is possible that the NSL was demanding things that were way too broad, but I imagine that this was not the case (and rather that Lava had an ethical issue with the whole process).
If by "works" you mean "has a familiar and mostly-polished interface", then I would agree. If you like Mint so far, go with that. To give a comparison on the "other end" of the user experience spectrum, try Crunchbang. It is the same underlying ecosystem as Mint (Debian), but builds itself out of a handful of more minimal components. It's my go-to dev distro because it's just enough to get work done in, and nothing more.
If you've tried "the big common ones", then you've hit 90% of the mainstream options. If you need something special, unique or custom beyond those, you definitely would have identified those needs in your post.
I recently got a Macbook Air (the new 2013 one) and it's working out pretty well. Rather than deal with a desktop Linux OS I've got everything running in VMs and either work through them or cloud based remote servers.
For casual computer use (web browsing, email, etc) I use native apps. For software dev I use a combination of SSH to VMs/remote servers and native text editors accessing shared filesystems (mainly sshfs).
I still much prefer my desktop (a real keyboard is always way better) but at this point my laptop is tolerable enough that I can roam around and actually get work done.
It's Debian based with minimal extra bullshit, has a super-friendly config script right out of the box on first boot, and uses OpenBox as the WM. Very snappy and minimalist distro.
If you're selling into an enterprise that requires RedHat, Oracle etc, then possibly CentOs for cheaper development costs as compared to developing on RedHat itself. Those are in the RPM world.
So many other ways to slice this pie, depending on what you need and how involved you want to be with your disto as opposed to whatever it is you're doing.
- Package management: DEBs were sooo much easier to deal with than RPMs.
- Hardware support - usually everything just seemed to work or there was a forum discussion with a solution on what to do about it.
- Good variety of included packages.
- Excellent support forums, even if you are doing non base Ubuntu stuff there's probably a discussion a 'google' away that covers whatever issue you have.So, even tough Canonical does not-so-pleasant things to the UX, you can easily find ways to fix your experience and back to developing.
If you have similar positive experiences with Mint, why switch? Figure out what you are missing or looking for first.
Anyway at work I run Ubuntu 12.04. Mostly because I find it to be a little more forgiving than Debian out of the box.
At home a run Debian Sid. I ran Wheezey for almost a year and when it was released as stable I switched to Sid. My only real issue is the lack of the full Firefox.. Right now I'm pretty sure I have the one installed from a mint repo. Ice Weasel just isn't the same. For example when using outlook it would set my spell check to Bolivia Spanish. Despite the default being English.
Take this example, some years ago I tried Debian, SuSe, Mandrake, and a few others, ended up using Gentoo and it is still my distro of choice, I won't say it's the best for everyone, but so far has been the best for my needs.
Then all the windows managers are a mere apt-get install ... away.
The only thing that irks me is the driver support for laptop peripherals. Still can't get MBP to run as cool and for as long on battery with Linux as with OS X. I've given up on VmWare as it seems to churn the CPU even doing very little.
I've been using ArchLinux for a while, but have been slowly moving to stock debian.
You don't want to waste time setting up X.. resolving dependencies.. making things 'work' that should 'just work'.
So, whatever solves that?
Personally, I've gone for the latest available release of Ubuntu where possible, although recently i've started using OS X and shelling into a linux machine to do any necessary work that requires it. I find OS X provides a decent *nix underneath and with the addition of http://brew.sh/ - makes it a viable choice for me over a Linux set up.
However the pain points that you actually should solve are the ones that drive you crazy, that make you woof in annoyance when they just don't work. Stuff that you know you 'should' do but find a way to put it off. People tend to stay away from these areas because - well they hate them!
Yet that is where the solutions are needed the most.
Some pain points that really frustrate me :-
* Getting an e-mail with an attachment that I have to print out, fill in, sign, scan back to my e-mail and then attach back to the receipient. That is just far too many steps. I don't think the likes of 'Sign Now' cut it because that relies on the sender sending it in that format. It needs to be a solution for the recipient.
* Setting up mailing lists.
* Formatting & nice templates for e-books.
* Following up enquiries x number of days after I sent a quote.
* Tracking the ROI from different advertising methods (adwords, print advertising, facebook etc)
* Tracking all the issues & bugs I fix at work to prove my productivity.
Don't pick what you WANT to work on. Pick something that is currently a pain in the ass and feel the benefit of your own solution.
2. Get in touch with owners/managers in your chosen area.
3. Take them to lunch and discuss their business. Watch their face and when they show you a pain point, try to pinpoint the cause.
4. You should discover more than a few problems they would spend money to have solved if you talk to enough of them.
5. Follow up with an email thanking them for their time and mention again how you have been giving some thought to a particular pain point. Try to find an article, software package, etc that attempts to solve their pain point and send them the link.
6. Build a true MVP (should be embarrassing, yet offer value to them), and follow-up with an email. Tell them you have been thinking more about their problem and wrote up a quick dirty app that might help them. Offer to demo it for them. While demoing discuss how much their pain costs their business.
7. Iterate based on their collective feedback.
8. Based on the discussion about pain costs, come up with a value-based price for your solution.
9. Refine your MVP, follow-up with another demo. Sell them a subscription to your solution. It may still be rough, but you should be able to demonstrate value and savings compared to their pain costs. CLOSE THE DEAL.
Just a thought - Good Luck!
A lot of people would like to have X feature, X website, X software. Would they pay for it? Ask that question. For what would you pay for right now?
For example: I am starting to selling goods. I'd like a place where I put all my good purchases from ebay, alliexpress or wherever, and I can track it, see when it will arrive, how much stock I have left, etc.
With collocation you'll end up responsible for all of the hardware and still be dependent on remote hands so service could still suck and likely get much worse.
System Administration is hard and unless you have the $$ to pay one full time, rent the HW.
Most hosting companies will suck if you don't have much business with them. I worked for Rackspace years ago and bigger fish always get much more attention.
I do some consulting work now and find myself on calls with Hostway pretty often and they seem to know their stuff. You might check them out.
I'd say flip it around, think about what you're trying to achieve and do the math on all the options to solve it. Pre-framing it as a dedicated rental versus a self-managed purchased is unnecessarily narrow.
Feel free to connect. I can speak to how I do it with about ~1.25 racks worth of servers for my company for ~5 years now. I've also done it for MUCH larger international companies. No, I am not trying to sell you something :)
I've built a a lot co-lo solutions for clients. They end up being very expensive if you use a "name brand" provider. You are paying for rack space, power, A/C, security, bandwidth, etc, etc. And then anytime something breaks, you need to send somebody in to fix it. If the provider supplies "hands" then they charge heavily for that. Remote consoles are good, but not that good.
With so many providers out there, ranging from bare metal to VPS to PaaS - I find that hybrid solutions work the best. Not putting all your eggs in one basket, etc.
In my experience, the greater the lock-in the worse the service - of course YMMV. I tend towards pay-by-month and stay flexible. Whilst AWS is expensive if used continuously, I find it good for handling spikes. But you do need to architect you solution to move the workload around and that can end up being more bother than its worth.
There are lots of very, very good providers of servers out there. Sign up with one of them.
Shoot me an email firstname.lastname@example.org I am developing a service specifically for startups, that you may be interested in, I can probably help.
Benefits that I can see:
* Purity. You can test the hell out of this with no side effects.
* Transaction log built in.
* The ability to look back in time, by only applying the events up until the point you're interested in and disregarding the rest.
* Very flexible and scalable.
* You can retrospectively answer questions that you might not have known how to ask, by creating new operations over your states.
* Plays well with monitoring, and analysis. E.g. just stream all of your events into logstash and elastic search.
* The purpose of copyright is to encourage creation of more works of art than would happen without it. In return, the rest of society agrees to grant the author a limited-time exclusive right for the work. Shorter (10-15 year) copyright terms should be sufficient to make a profit from a book/movie/software. After that, the authors can publish new or updated works to continue making money. There is no way the Disney corporation's copyright on Mickey Mouse character is still encouraging the long dead Walt Disney to produce more artworks.
* The purpose of patents is to encourage both more invention, and detailed publication the methods than would happen without it. In return, the rest of society agrees to grant the inventor a limited-time exclusive right to use the invention. Patents which are obvious, or patents whose methods can be determined by looking at the final product or outcome do not bring value to the society in that transaction.
-the cost of innovating has become higher. -it's unusual for lawyers and accountants to determine the intensity and speed of relationships between customers and products/services.-since 1984, semiconductor companies have focused a large amount of resources on building patent armories rather than innovating. -a world without patent law would allow for competition and products/technologies to reach the entire world faster at viable prices. -that the world can function and entrepreneurs will be fine without IP protection.