Hacker News new | past | comments | ask | show | jobs | submit | FredericJ's comments login

Just a quick warning though. A lot of those flights are not originating from the city or main airports. For instance, the "Brussels" flight they suggest taking is from an airport that is one hour away from Brussels (in Charleroi). It means that you will need to spend some more money to get to the city centres. These additional costs from "low cost" airports to the cities do add up to a significant amount on that entire itinerary. Just something to keep in mind.


That's quite right. You can safely add $10 per flight for transport to the airport.


If those kind of devices interest you, I'm quite intrigued by the IDQuantique ones that are based on quantum physics to generate randomness. They have a USB product that has a random stream of 4Mbits/sec and is used by lotteries and gambling sites.

http://www.idquantique.com/random-number-generation/quantis-...


Intel has a patent on a TRNG that has a throughput of 2 Gbps+. They published a paper on its operation in JSSC a while back [1]. It passes all NIST RNG tests and is PVT tolerant. Too bad it's patented...

[1]: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6...


It was originally going to be called "Whisper" (by Open Whisper Systems) ==> https://whispersystems.org/blog/a-whisper/

The name was changed after Whisper was launched https://whisper.sh/


This issue is intrinsic to the security model of Android before Marshmallow.

If an app is going to be able to send a contact, share a location, make a phone call ... all these permissions need to be demanded upfront, which I understand can be scary.

You also need to keep in mind that nobody is going to use "secure messaging" if it's a pain to use. You obviously don't want to be copy pasting contact information in the app for instance.

I'm glad to see that Android is following iOS's permission model where permissions are only asked at run time.


Isn't it ironic to see so much inline assembly while Apple is telling third party devs that they can't distribute binaries on WatchOS and that iOS apps are moving towards Bitcode too?

Apple's crypto people definitely know that assembly is key in performance and side-channel resistance of cryptographic implementations. They use it constantly. I guess at some point they will just ask 3rd party devs to call corecrypto methods if they want to use encryption in Bitcode apps.

But this means that you'll have to wait for Apple to implement whatever primitive you need for your app. Good enough in most cases but encryption apps with special needs will find this annoying.


So far as I can tell, libsodium works on iOS.

Don't write crypto for watches, is what I think.


Especially since a few implementations are actually borrowed from open-source projects. The 25519 implementations are from DJB's supercop for signing and Adam Langley's Donna for ECDH, both available online with open source licenses.


Important: The headline was modified since I submitted this. Apple didn't actually open-source the code. They give you a 90-day licence to read the code.

> Apple grants you, for a period of ninety days from the date you downloaded the Apple Software, a limited, non-exclusive, non-licensable license under Apple's copyrights in the Apple Software to make a reasonable number of copies of, compile and run the Apple Software internally within your organization only on devices and computers you own or control for the sole purpose of verifying the security characteristics and correct functioning of the Apple Software;...


> Apple didn't actually open-source the code.

In that case you shouldn't have said they did in the title.

We changed the title from "Apple open-sources cryptography library (limited, see license)". If there's an issue with the license, by all means point this out, but please use a comment in the thread to do so. Using the story title to point out what you think is the most important bit breaks the HN rule against editorializing.


In this specific case, DMCA doesn't apply. But it's interesting to read GitHub's policy about taking down forks.

> GitHub will not automatically disable forks when disabling a parent repository. This is because forks belong to different users, may have been altered in significant ways, and may be licensed or used in a different way that is protected by the fair-use doctrine. GitHub does not conduct any independent investigation into forks. We expect copyright owners to conduct that investigation and, if they believe that the forks are also infringing, expressly include forks in their takedown notice.

https://help.github.com/articles/dmca-takedown-policy/


The issue is that you're not Google's client. Maybe buy something from them (a large amount of ads), then try to get support?


This worked for me. My account was suspended in error years ago (Suspect logins or something), and the only way I got it back was by calling up an adwords representative and telling them I couldn't login to adwords and spend money until they unsuspend my email account.


That actually worked?


Yes. I had to fax them something (I forget what) to prove it was my email address. It took about a week to get it sorted.

I'd echo others though - Google is awful at support. They're awful at communication. They decide to shut down products at the drop of a hat without telling people. Avoid Google if you can.


If something I learned about this world is that money talks. Always.


Or a Google Apps for your Domain account. $5 a month, and you have full admin control over the account (and a payment channel backing it, so if someone does compromise the account, you can stop paying the bill to get Google's attention).


Remember: We're not Google's clients, we're Google's products


Only in the sense that I'm the "product" of broadcast television, terrestrial radio, and my local free alt-weekly.

Calling someone a "product" is a great way to make a flippant jab at a company but as far as a product is something a company produces, it's just not the case.

Google, like these other companies, produces useful (to many at least) services. The way they make money on this is by selling ad space or access to my eyeballs and earholes. So to claim that users are simply "product" is misleading at best. Their "product" for me is webmail, search, navigation, and file hosting. Their "product" for other companies is space where they can reach potential customers.

So in this sense, like countless other media and information companies, access is one of their products and information services make up their other products.


> Only in the sense that I'm the "product" of broadcast television

Well, yes you are. Some years ago, a CEO of french television said that his business was to sell "available brain time" to advertisers.


False dichotomy, and just a plainly dumb and lazy statement.

To sell to advertisers Google has to get people to use its search engine and other products. To do that it has to treat users like customers in that it would rather have them be happy than not happy, at least unless it costs them too much. This is precisely the relationship that other businesses have with their traditional, simple customers.


Perhaps it is lazy, but what is dumb about the OP's statement?? Personally, I would argue that starting a comment with something as inflammatory as you just did is truly dumb.


Not necessarily. If you use Google Apps, you pay a monthly fee and are a client, with telephone support, no ads, etc.


What if you're a Google Apps or Drive customer?


Please stop repeating this intellectually lazy and false meme. Or go to reddit; platitudes that don't require critical thinking tend to do better there.


What is false or lazy about this? The service is free; Google makes money selling ads to users. Is this in dispute?

Pointing out that Google has little incentive to support it's users in a post about getting little support from Google seems very on-topic (but perhaps unoriginal) to me.


A loss of a user represents a loss of income for Google in both cases. The reason they have little incentive is because they don't get much per user, but that has nothing to do with where the money comes from.


Your best bet at stopping a false meme is to replace it with a better one. What do you recommend?


I would go with

> You're not Google's product, you're their supplier; one of their many millions of suppliers.

Their product is your personal information, which you supply to them in exchange for their services. The fact that you are one of many millions of suppliers (each dealing in microtransactions) means you don't have a lot of weight when you need to get help from them.


Catchy ;-)

The best counter to the lazy Google meme is to think of all the companies where you are indisputably the customer and you also get awful incompetent support.


Internet service providers? Every ISP I've ever used I had to navigate their awful customer service infrastructure on multiple occasions and none of them were what I would call competent.


What is lazy or false about it??


For those not familiar with Craig Murray:

- former British ambassador to Uzbekistan

- he accused the Karimov administration of human rights abuses, which he argued was a step against the wishes of the British government and the reason for his removal.

- complained to the Foreign and Commonwealth Office that intelligence linking the Islamic Movement of Uzbekistan to al-Qaeda was unreliable, immoral and illegal, as it was thought to have been obtained through torture

- was subsequently removed from his ambassadorial post on 14 October 2004

Source: https://en.wikipedia.org/wiki/Craig_Murray


He also claimed that the US brought people to Uzbekistan to be tortured and that one of the methods employed was to boil people alive.

Good times.


This is a person who died in the custody of the Uzbekistan government (extremely graphic photo, do not click):

http://www.interet-general.info/IMG/jpg/Muzafar-Avazov-4.jpg

You can decide for yourself what you think the manner of death was, but it wasn't "natural causes".

Here's a NYT story on sending people to Uzbekistan to be jailed/tortured:

http://www.nytimes.com/2005/05/01/world/us-recruits-a-rough-...


The sad thing is that it isn't especially unbelivable.

We know that the US used torture, and this is acknowledged by the government.


Hey Now, the US NEVER used torture. We let other countries torture the people for us, while we were in the room asking questions and taking notes.

(The fact that somebody in the administration somehow thought that was different and acceptable makes me weep.)


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: