New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Why Foma, why..
Yes, even a couple KVMs at about $5/month.
Yes, you're right - tabulator-era computational equipment. What I meant was to compare the level of technology in the 30s/40s to what's possible today.
There are many countries that do this.
History major here. You're dead wrong, and are confusing the temporary expedience of the non-aggression pact with Hitler's long-term, often vocalized, often written about plans. Stalin would disagree with you as well.
...which every history department in the world and about 75 years of scholarship would endorse. You're either intentionally misinterpreting facts due to twisted ideology or are thoroughly benighted.
Yet one in particular poses as a haven of liberty, democracy and "free market".
Enforcing that upon the others.
I didn't say that to look smart, I said it because any computing capability increases possibilities, in particular when most other countries have nothing comparable or even next to nothing (as it was then if I'm not mistaken).
Speaking of it: I think we can agree that Kazhakstan isn't one of the leading nations wrt computing. I mention that also because I often notice that people are very inconsistent; On the one hand they almost ridicule Russia (to not even speak of Kazhakstan) for being a backwater in technology and in particular in computing (which btw. is wrong) but when it fits their belief system then suddenly Russia (or in this case Kazhakstan) is painted as if its "FBI" had arrays of supercomputing facilities.
As for the time around the 2nd world war I hope you forgive my lack of interest. Unlike you I'm not particularly interested in history but a pure techie.
P.S. regarding the oh so great and democratic and lawful western world vs. the oh so evil eastern world I think that looking at Snowden and Assange could tell us a lot. The one in evil Russia is fine afaik while the one in the UK whom the USA want to have extradited to them does, well, not so well, not at all.
I'd just add that it's down to interests / politics. Russia has their own agenda with that - not they are any better (nor worse for that matter) than the USA and UK.
Yea, discussion starts from innocent report about mitm and upgrades it-self to full scale diplomatical warfare with high caliber political games... What a time to be on LET!
Long story short: the human species is violent, tribalist, and selfish. Forming exclusive groups and excluding others is one of our species' core attributes. We kill our young for convenience and recycle their body parts for our own vanity, exploit anyone we can for profit, eat lower life forms, and will readily destroy the lives of others in order to have a little more comfort ourselves. That is who humans are.
If you ever watch Star Trek, a show set in the future, the human species is better represented by the Cardassians than the humans. The humans on that show are complete aliens to the reality of humanity's trajectory.
Due to technological advance, we have become better at killing, exploiting, and persecuting. The human heart itself has not changed in the last 7,000ish years of recorded history, and it cannot because being violent, selfish tribalists is the human identity, and that is never going to change.
I sincerely hope that you are wrong but I'm afraid that you are right. But we can and should hope and try ... starting with ourselves.
Impossible. Too many humans and wide spread corruption, cinizm and selfishnes. This is subproduct of technological advance.
The world is ready for catastrofical events. It needs to be cleansed.
How am i dead wrong again? The USSR was not a threat to Nazi Germany and it did not violate the agreed upon border after which it was invaded?
So i'm either a sheep or just stupid? Gratitude for the kind words.
At the same time humans are generous, tolerant and peaceful.
It often depends on the circumstances and what you are "pulling out of them" - don't know the right English word.
Had numerous examples and experiences to support both claims.
True WW2 story, from a woman who was a small child then (never talked much about the war and I regard her as honest, but like all the stories, make what you want of it):
Local partisan resistance in my country was very problematic for the Germans. Anyone being related to the movement in any way was imprisoned, tortured for information and executed.
So all the partisans used nicknames - if no one knows your real name, they can't give it up when tortured, so your family is not in danger.
Province where I'm from had a mix of Serbs, Germans and Hungarians, so most people spoke all the 3 languages.
A German patrol (regular army, not the SS) came to the woman's village. They paid for food, supplies and soldiers chatted with the people. The woman's family was helping the partisans. Still, soldiers were nice and she talked to one of them. When he asked her name, she said something like "my name is this and this and my partisan name is that and that".
The soldier just smiled and went on with his business - turns out he didn't pass that information on (or they would all have been killed most probably).
Similar stuff happens in everyday life. Both acts of unwarranted kindness, and needles cruelty.
Kazkstan is a verry special country its a key city of kabbala having a large Muslim population the gov must spy on them as the secrets of kabbalah in the hands of islamists means end of the world.
I agree completely.
Um...I think you're confusing Jewish mysticism with Islam.
Also, the Kabbalah has nothing to do with end-times prophecy.
Also, the Kabbalah has been in print for ~400ish years so there aren't any secrets.
Also, I think you're confusing a country with a city.
You are correct that it has a huge Muslim population (80%+), as do its neighbors Uzbekistan, Tajikistan, Turkmenistan...
Hmm is it? If you have read the basics of it you will know secrets exists as the practicant version is transmitted orally also it has links with the freemasonry and pyramid of peace.
So I don't really think it's about only dictatorship staying too much in politics.
I'd like some of whatever you're smoking
y'all need @Jesus ...
Mrrr we all need that and communism jk. I ain't doing drugs people and no mental issues being active but I heard the plan isn't going too well to get all citizens to install the certificate. Do they use vpn to get around it even if authorities get alerted?
Small update: according to the Sydney Morning Herald (supposedly a major newspaper in down under) a major IT services company now warned that more and more IT companies from other countries are pulling out of Australia because of its very far reaching laws re. encryption which force companies to eavesdrop on their users and/or to provide access to decrypt anything the states agencies desire bad on a plethora of reasons.
TL;DR Australia, a "good" western country is doing by far worse things against their citizens than Kazhakstan - but (just as I had said) there is no major outcry because the australian
thugspoliticians act "democratically" and just do "what's needed".The Australian thing was all over Reddit, and coding blogs, especially since Atlassian (bitbucket) is Aussie.
No point trying to make this an us Vs them thing, any government attempt to circumvent encryption is bad.
The difference is our government (Australia) isn't forcing us to install anything. They would need to actually break encryption to do anything other than collecting metadata.
The relevant thesis is not "our politicians/our system is less evil than theirs", even if it turned out to be true in some cases.
The relevant thesis is "a political system/country does not lie to its citizens and plays fair and clean".
There are sensible reasons for governments to spy and eavesdrop and even break privacy of communications, albeit only in very few cases.
So, how about shifting the discussion away from "ours is democratic", "ours does at least not force stuff (e.g. root cert) upon us" ... and away to the relevant - but somehow almost never looked at point: how do they do that? How clean, how transparent? how careful and respectful?
Frankly, I don't care that much, *if they occasionally eavesdrop (in well justified circumstances), break privacy, etc. because I understand that it's sometimes necessary. What worries me though is questions like why do they not inform those citizens after the fact, be it in court as defendants or be it by mail, for exactly which period of time exactly what intrusions they did, what data they copied or grabbed, how properly and well those data were stored and then deleted?
Funny sidenote: in at least many countries (probably most) you will never be told who exactly had access to your data (e.g. by eavesdropping) - although your, the victims privacy seems to not be worth even half a penny.
I see an awful imbalance and injustice there.
Besides, with ~ 95% of people not really knowing a lot about IT safety and security, clicking happily on pretty much anything and plenty of vulnerabilities out in the wild ... I would bet very reluctantly about Ozzies (or anyone) being safe ...
so, ah ... (how might I put this?) - "What about" Kazakhstan?
as per the title of this thread: "Kazakhstan begins nationwide HTTPS MITM, requiring everyone to install root certificate"
EDIT2: What could possibly go wrong?
@uptime
I'm sorry, my fault. I didn't mean this discussion here but rather the general discussion ("countries and any kind of breaking privacy or data of citizens").
@jsg fair enough ... I'd appreciate whatever insight on the technical aspects of MITM via root certs etc you might care to share.
EDIT2: Specifically with regards to ... my favorite question to ask - what could possibly go wrong?
First: Do not underestimate the non tech aspects of ITsec.
I'll limit myself to the OP case, the "MITM root cert".
Technically it's quite simple. The KZ government (from here on called simply "KZG") having their root cert installed on many/the majority/all(?) computers means that they can eavesdrop on (and potentially even change) communication IF that communication
Explanation: problem 1 which SSL/TLS pretends to solve is crypto. Another 2nd problem SSL/TLS pretends to solve is to verify (systems or users) identities ("Is that server I'm connecting to really 'mybank.com'?"). Root certs are involved in the 2nd case and it should be noted that there are multiple alternative mechanisms, incl. the extreme "I don't care".
Unfortunately - and to a frighteningly large degree due to SSL/TLS hype - much if not most practically used communication systems do use (usually 1 side only, the server) identity verification and hence fall under the spell of that KZG root cert law. There are alternatives, however
Now that is one important point and why I try to have a more sensible discussion. Explanation: If ones actually used alternative (and you bet it is for many) is "Well, I'll just use a VPN" one can easily end up worse than just obediently using https with the KZG cert. Reason: A very significant part of SSL/TLS based software, incl. VPN software/configs, do use id verif. too, just like the browser. So they don't gain any security but additionally stand out from the crowd (in a way flashing and saying "hey KZG, my system is worth a closer look!").
One major reason being that asym. crypto and id verif is computationally bloody expensive (plus adds latency, plus ...), so obviously any massive spying operations either (a) has next to unlimited resources (like NSA), or (b) tries to filter what is worth the effort and what is not which can bring costs/efforts down by ~95% to 99.9% and then agains by a factor of 1:10 - 1:1000 after a 2nd (more elaborate and costly) filtering stage - and that, I bet, is the way KZG chose just like most others and which also provides at least some looking legal/"democratic" because they can say "we are only eavesdropping extremely selectively and only in well justified cases (which actually is BS because it's a form of motivation dressing, a form of lie).
Looking closely and knowing a little bit about that region of the world it might be noteworthy to mention that that mechanism can be used not ony in a negative way (spying on citizens) but also in a positive way (at least in terms of intentions) because it would allow KZG to cut off or modify alien misinformation, revolutionary, and suchlike operations. Example: western country tries to instigate unrest in eastern country by spreading false info (this has happened multiple times) but now KZG can cut it off or even modify it.
I think that something in that direction is actually one important reason for KZG to do what they did because I know that one of their real worries is terrorism - but terrorists usually communicate via other means and channels (e.g. telegram, which is why Russia started almost a war with Telegram) so their root cert approach doesn't help them a lot against terrorists.
Some side notes: Such a mechanism could also be used in the context of an open major disinfo, ransom, etc attack on KZ. And, pardon me but that's important, THE VERY MAJOR PROBLEM is a mixture of ignorance, plain stupidity, unbased trust of US, THE PEOPLE. If we were just a bit more interested in and worried about our safety/security rather than in e.g. "nice modern 'user experience'" BS, many mechanisms against the people simply wouldn't work or at least the costs would rise dramatically.
Most of what could go wrong already has been and/or is going wrong. So, don't worry.