Slashdot Mirror

Paris terrorists used burner phones, not encryption, to evade detection

"Everywhere they went, the attackers left behind their throwaway phones."

Glyn Moody (UK) - 3/21/2016, 6:39 AM

New details of the Paris attacks carried out last November reveal that it was the consistent use of prepaid burner phones, not encryption, that helped keep the terrorists off the radar of the intelligence services.

As an article in The New York Times reports: "the three teams in Paris were comparatively disciplined. They used only new phones that they would then discard, including several activated minutes before the attacks, or phones seized from their victims."

The article goes on to give more details of how some phones were used only very briefly in the hours leading up to the attacks. For example: "Security camera footage showed Bilal Hadfi, the youngest of the assailants, as he paced outside the stadium, talking on a cellphone. The phone was activated less than an hour before he detonated his vest." The information come from a 55-page report compiled by the French antiterrorism police for France’s Interior Ministry.

Outside the Bataclan theatre venue, the investigators found a Samsung phone in a dustbin: "It had a Belgian SIM card that had been in use only since the day before the attack. The phone had called just one other number—belonging to an unidentified user in Belgium."

As police pieced together the movements of the attackers, they found yet more burner phones: "Everywhere they went, the attackers left behind their throwaway phones, including in Bobigny, at a villa rented in the name of Ibrahim Abdeslam. When the brigade charged with sweeping the location arrived, it found two unused cellphones still inside their boxes." At another location used by one of the terrorists, the police found dozens of unused burner phones "still in their wrappers."

As The New York Times says, one of the most striking aspects of the phones is that not a single e-mail or online chat message from the attackers was found on them. That seems to be further evidence that they knew such communications were routinely monitored by intelligence agencies. But rather than trying to avoid discovery by using encryption—which would in itself have drawn attention to their accounts—they seem to have stopped using the Internet as a communication channel altogether, and turned to standard cellular network calls on burner phones.

That authorities are only now discovering this fact shows how well the strategy worked.

As Ars has reported, along with other countries the UK government is pushing for ways to circumvent or weaken encryption because it claims strong crypto creates a "safe space" for terrorists. This new information that the Paris attackers did not routinely use encryption, if at all, but turned instead to the tried-and-tested technique of burner phones, undermines the argument that everyone's communications must be weakened in order to tackle terrorism.

The New York Times article suggests that there was some evidence of encryption software being used elsewhere. A witness reported seeing a terrorist with a laptop, and told the investigators that as the computer powered up, "she saw a line of gibberish across the screen: "It was bizarre—he was looking at a bunch of lines, like lines of code. There was no image, no Internet," she said." The New York Times writes: "Her description matches the look of certain encryption software, which ISIS claims to have used during the Paris attacks."

But as many were quick to point out online, the witness probably wasn't looking at some encryption software in action, because such systems show the decrypted message, not the encrypted form. The former Ars Technica editor Julian Sanchez wrote on Twitter: "It's suggestive of a verbose boot. Using encryption looks like 'reading a message' because you decrypt it first."

Until we have stronger evidence to the contrary, it seems likely that encryption played little or no part in the Paris terrorist attacks.

This post originated on Ars Technica UK

http://arstechnica.com/apple/2...

Just Google it next time.

I did; but tofu description was so hyperbolic that I didn't find the reference.

And according to the article, Apple didn't "leak" anything. They simply used a default password for their battery controller..Not smart; but it only affected the battery subsystem, and couldn't be used to access anything else in the laptop.

Then they fixed it.

http://arstechnica.com/apple/2...

Just Google it next time.

I won't buy Soylent's products because of the tiny, tiny chance that the company is run by psychopaths

Do you mean like this guy? Soylent CEO charged over illegal shipping container his neighbors hate

You didn't have to leave Windows 7 entirely that's the beauty of Windows 7 (or even 8 really) you can disable certain updates that cause you problems while still getting the rest of the security patches. Honestly I'm surprised Windows 10 reception has been as positive as it has been. In my experience it's close to as unstable as Vista* was and the force updates are one of the worse things Microsoft has ever done some of us have work to do not to mention it seem Microsoft is constantly pushing botched updates that you can't disable.

If they don't get their shit together by 2020 (Windows 7 Extended supported end date) I'll be considering moving to Windows 8 or Linux as well.

*start menu doesn't work, explorer.exe crashing constantly I could go on but I won't.

it's good enough! good enough for me!

http://arstechnica.com/tech-po...

"UWP first step towards "locking down the consumer PC ecosystem," (3/5/2016) (Universal Windows Platform)
http://arstechnica.com/gaming/...

"The ABS will certainly try to force compliance—fines range from AUS$1800 (~£1,000 or ~$1,370) for providing false information to AUS$180 per day for failing to submit the form. But the agency will have no real way to verify the answers provided by those who do complete the form as accurate. Failure to vote in the Federal Election last month resulted in only a AUS$20 fine."
http://arstechnica.com/tech-po...

The point of signing the extensions is so that some compromised or malicious developer doesn't put malware into an extension's update stream; which can be (and has been) a huge problem, [ ... ]

[ Citation required ]

http://arstechnica.com/securit...

Comcast failed to install Internet for 10 months then demanded $60,000 in fees

Bet this guy wishes he had paid Comcast's paltry $500/month "we won't sue you after we fuck you over" protection fee. They don't push that one quite so heavily. You have to know and ask about a special promotion code.

I don't want Cortana, I don't want internet searches from the desktop and I DO NOT WANT telemetry or my WiFi passwords shared etc. etc. etc. I'm not a node in Microsofts network I'm a private business.

If I can't turn this shit off and uninstall the crap I don't want then it's not getting installed.

You can. Shared WiFi passwords has been removed with the Anniversary update. The other stuff you want can be fixed with Winaero Tweaker, including shutting down Cortana (as opposed to simply hiding it). and Classic Shell makes live tiles go away. You can even restore the Windows 7 calculator from here if you hate the Metro version. These things do a pretty good job of reducing 10 down to the non-intrusive OS, shell and app platform that 7 was.

That's adorable, you think 2G is a secure method of communication. http://arstechnica.com/gadgets...

It's adorable that you feel that any communication is truly secure these days.

I've not seen any evidence that there's anything insecure about end-to-end encrypted messages/calls using an accredited cipher.

That's adorable, you think 2G is a secure method of communication. http://arstechnica.com/gadgets...

It's adorable that you feel that any communication is truly secure these days.

That's adorable, you think 2G is a secure method of communication. http://arstechnica.com/gadgets...

They already did for mobile applications.

Windows 10 to Make the Secure Boot Alt OS Lock-Out A Reality

Note the graphic that shows the slide in the Windows presentation.

The slide in question

Regards the fraud, the statement was not about whether or not the merchant lost information on chip vs swipe, the duped cardholder still gets to charge back and the merchants still eat the full losses unless you are 'EMV certified' which is almost impossible to get (even with an EMV reader - see here: http://arstechnica.com/busines...).

The merchant is out of the product and fees regardless of a charge back being chip or swipe but the overhead of maintaining EMV connections, certifications, new terminals, technicians, it's simply not worth it to the retailers (EMV is only profitable to the banks and has seen serious holes poked at before they even made these card with chips in them). Although I've heard now card companies are charging EMV non-compliance fees - you get slightly higher fees if you're not EMV compliant. It's a complete money grab for a broken system, EMV chips can be quite successfully cloned.

I thought the U.S. screwed up too at first. But then I read an article that in Europe, you basically can't contest fraud on your card. The reasoning is that because the chip cannot be defeated, and you're not supposed to tell your PIN to anyone, any use of "your" card must be legit. Either you made the purchase yourself, or you loaned the card to someone else and told them the PIN. So it must be your fault, therefore you are on the hook for the fraudulent purchases. Even if you're talking with the bank on the phone while sitting at home with your card in your hand, and there are transactions showing up on your account from Indonesia, they'll insist it's your fault. You are presumed guilty, and have to work to prove your innocence.

The problem is the chip isn't hack-proof. A researcher (can't find the article right now) showed that the specs for the terminals have several different protocols, one of which confusingly uses the same signal for "the correct PIN was entered" and "a PIN (any PIN) was entered." He rigged up a card which would make the terminal accept his PIN via this message (card connected to a computer in his backpack via a cable hidden in his sweatshirt), grabbed a half dozen volunteers, and demonstrated his hack allowing him to put charges on their cards at a bunch of random stores in France. Criminals have already been caught using this hack in the wild. There are probably other ways to defeat it too which we haven't figured out yet.

The chip and signature system allows an American cardholder to contest a charge simply by pointing out the signature doesn't match their signature. The system is more secure than magnetic swipe cards, but not so secure that banks and the government start to assume fraud is "impossible" and thus shift the burden of proof onto the victim to prove that s/he was victimized.

Enjoy being stuck on some old buggy version of Android for the next, oh, forever, while Apple devices continue to get the latest updates the day of their release for 5 years (yes, the iPhone 4S from 2011 runs iOS 9 beautifully). It'll be particulary fun when the next weekly vulnerability comes out. Oh and enjoy that shitty, (still!) stuttering Samsung UI that literally no one ever asked for and preloaded bizarre korean adware that you can't uninstall. How many text messaging apps are on the s7? Nineteen? Who knows!

The only people who care about this walled garden shit are the 0.1% of basement dwelling troglodites. I don't need to install some pirated chinese APK on my TV or car or smartphone. And if you think 99% of Galaxy owners give a shit about "walled gardens" and are rooting their phones and sideloading apps and hacking Gibsons, you're fucking deluded.

Intel and Microsoft joining hands in making a Windows 7 unfriendly ecosystem – SpeedStep to add support for RAM and more
http://wccftech.com/intel-skyl...

Skylake users given 18 months to upgrade to Windows 10
"And next generation processors, including Intel's Kaby Lake, won't be supported in old Windows."
http://arstechnica.com/informa...

This story from arstechnica Any use of this article without the NFL’s express written consent is prohibited is a good read, including

Attempts to alter these copyright claims have yet to produce real change, but the sports leagues have been forced to alter some of their behavior relating to copyright. Major League Baseball, for instance, has long claimed that fantasy sports leagues must take out a license in order to use real player names and stats—despite the "fact" that facts aren't copyrightable.

Basically what CrashNBrn stated. Arstechnica does a great breakdown why Tim Sweeney is an idiot. http://arstechnica.com/informa...

I'd like to know what evidence there is to support this, rather than words on a page ranting about perception. Not that I don't agree caution, it's one thing to make big noise and proclaim persecution when none exists. Show the evidence and remove doubt about Microsoft's intention.

There's none, and in fact Microsoft plans on releasing games on Steam

Based on my cursory Googling:

Microsoft keyboards have been broken for a while.
http://arstechnica.com/securit...

Logitech apparently actually uses 128-bit AES, though the question of how they generate their symmetric key isn't exactly answered in a way that's satisfying.
http://www.logitech.com/images...

Not sure about Dell. Couldn't find much on their keyboards with my cursory Googling. They seem to mostly rebrand other people's wireless keyboards?

And Apple keyboards all seem to be bluetooth.

Microsoft has launched many new features of Windows. Some survive, some don't (SideShow, Gadgets to name a few). "effectively telling developers" isn't the same as "actually telling developers" which is required for malfeasance. It is also not mutually exclusive. It doesn't say "if you're a game studio and developing for Windows, we are not going to let you run your program on our OS unless you make it compatible with UWP." They're also not curtailing users' freedom, though I admit I don't even know what he means by that. Not every piece of software installed on your PC will take advantage of all features of the OS. Why would my game need to manage my drive encryption or be able to set my desktop background? Heck, some don't even care if they're network enabled.

Basically, the statements quoted, to me, do not stand up to the idea of proof. Game studios could go right on doing what they're doing and say nuts to UWP. Besides, after just a shred of thought and research, these criticisms of UWP and any technical limitations that discourage development of PC Games in UWP, Microsoft has already responded to.

http://www.gamespot.com/articl...

http://arstechnica.com/gaming/...

The claim being made is that Microsoft will actively alter Windows so as to make alternate deployment platforms like Steam substandard and behave erratically. We are fully within our right to ask for proof of that activity being done. Besides, it seems like we're back to the age old Slashdot problem of reporting on old news.

Re " They are circumventing Constitutional rights with this type of behaviour"
Different groups have tried. http://arstechnica.com/tech-po...
Vast domestic spying by the NSA, CIA and other 5 eye nations as helpers should have all been fixed with the https://en.wikipedia.org/wiki/... back in the 1970's.

Color of law, rubber stamp courts for international collection are now been presented as useful for domestic spying.
Also remember that vast amounts of US private sector staff looking over their own hardware and software do not seem to even know what the US gov is installing.
Or generations are happy to help the US gov. Or mass collection is presented as a sub set of hardware via other domestic agencies with limited court paper work.
Data has to be decrypted for the "ads" and other sorting, backups and at that point the US gov collects all or demands access. Companies help or do not have the networking skills to understand the gov collect it all access to their own networks.
Long term different US state and federal officials want their own domestic and international version of XKeyscore https://en.wikipedia.org/wiki/....
Tracking the origin and destination of any internet usage without any court order to build on domestic parallel construction. Less need to request the NSA via a Fusion centre https://en.wikipedia.org/wiki/..., just go direct to all real time and short term US domestic networking logs.
For that different levels of the US gov need the same plain text access as the NSA to big US brands over decades with no domestic legal limits or any oversight.
Big brands have to consider the PR of been seen to be protecting their consumers rights or help design ever more US gov bandwidth deeper into their own networks.

You don't have to open the door to your house for example.

I doubt, that's the case, but IANAL. All of the "layman" guides out there emphasize, that you don't have to open your house unless police have a warrant, which would seem to imply, that, when they do have it, you must open.

The police instead have the right to break in likely damaging your property to execute the search

Or they can go back to the judge, who issued the warrant, and complain, And the judge may then find you in contempt — which is exactly, what happened in this case...

Also, quite obviously, if you think police are justified in applying violence, they'd also be able to forcefully apply the suspect's fingerprint to his phone — it would, of course, be far less painful and damaging to him, than the forced entry, which you've already allowed, and other aspects of a resisted arrest, that is sure to follow.

but at the very least [Nintendo] actually recognize that their customers are human beings who play games for fun, they aren't fleshbags with coin purses.
Really? You might wanna rethink that. If your decision to chose one technology over the other based on each one's privacy policy, you're always going to lose. You are always the product.

Sorry I call bullshit on the claim that 100GB/mo is a lot for a fiber connection
from a few months ago http://arstechnica.com/busines...

And I quote ""AT&T said that its home Internet customers "use just over 100 GB of data per month on average""

What is the collected data? last time MS responded, the data collected was no more than what you search engine collects.

1. I don't recall Microsoft ever detailing exactly what data is being collected.

2. It's encrypted, so we can't examine it for ourselves.

3. Microsoft has been deceptive and even telling outright lies since the beginning of the Windows 10 rollout.

I have yet to hear a case where this collection of data was detrimental to an individual.

See 2, above. No one can look and see what data Microsoft is collecting from their Windows 10 PC, so how is one to know whether or not they've been harmed? Your argument is the same one NSA uses to claim they can't be sued over warrantless wiretapping. "No one can prove they specifically were wiretapped, so no one has any standing to sue." I say bullshit to that argument.

Sorry but Spybot Anti-Beacon is frankly magic beans, as a big part of their "security" is using HOSTS files which has already been proven to be completely ineffective because MSFT hardcoded the IP addresses into the spyware programs themselves.

Hmmm...I've seen that behavior before at the shop, where did I see that? Oh yeah....malware.

If you want to use a portion of DRM proctected film in your own film (as part of a narrative etc), you can't do that

For educational fair use, the MPAA encourages teachers to cam the monitor.

Some of the Pokestops are apparently paid ads from businesses. (I know that Ingress portals could be paid ads for businesses as well, so this isn't surprising.)

If we're going to talk about this stupid game, might as well mention that apparently their method of monetizing is making it impossible to catch Pokemon after you break a certain level, requiring you to buy "better" Pokeballs for real money or something along those lines.

Juniper already had a backdoor in VPN products.

Does it means they had NSA-corrupted engineers, or that they have better processes than others to find this kind of stuff that would happen everywhere?

Well when you can't get the OS to stop calling home despite flipping every switch, disabling multiple programs AND using reg hacks I'd say it really doesn't matter WHAT information they are collecting, the simple fact that I have zero control over what my OS is doing is enough to consider it malware.

Advisor claims Obama "revitalized" planetary science, but the opposite is true.

Casey Dreier, director of space policy for The Planetary Society

"Now the Obama legacy is, unfortunately, going to be that NASA’s presence in the Solar System is going to be diminished, particularly in the outer Solar System," Dreier said. "When Obama leaves office, every mission in the outer Solar System except for New Horizons will be ending in 2017. Juno, Cassini—those are done in 2017. Dawn ends, too. New Horizons is way out in the Kuiper belt. And that’s it. It’s the first time the United States hasn’t had a presence in the outer Solar System since 1972 when they launched Pioneer 10."

it has your passwords and gives them to anyone on the social networks of people who you allow to access your computer Now if this is true then you can demonstrate to me how such a person can get say my internet banking password. But I already know you can't do that because you're lying and your post is a troll.

Look up wifi sense. If you allow someone using Windows 10 or a Windows phone access to your wireless network, it will share that with others. So your buddy Joe's shady cousin can log on to your local network.

This is pretty well documented by Microsoft and others, I'm a little surprised that a W10 expert doesn't know that. Do you really need the citations? Okay, http://bgr.com/2015/08/03/wind...

They did finally kill it after massive outrage: http://www.extremetech.com/com...

As for my other assertations, if you have W10, you've certainly read the security and privacy settings? It's all in there, except for the telemetry part So here ya go: http://arstechnica.com/informa... https://forums.untangle.com/we...

http://www.dslreports.com/foru...

As well, they bypass your hosts file a good bit. Anyone really concerned about privacy should have a non-microsoft firewall in the loop. Note that some sites they don't allow you to block should be allowed os that your computer acts properly.

Everybody goes on about the firstborn thing, but the arstechnica article subtitle says "Study says participants also agreed to allow data sharing with NSA and employers." and nobody bats an eye about that.

Here is an arstechnica article reporting on a judge ruling that the "cut the internet, then claim to fix it" lie is illegal:

Arstechnica story

and here is a link to the official ruling:
arstechnica hosted court ruling.

Ha ha, no. Apple and Intel are tight, and Apples tend to get the best, latest intel chips that will fit within the (ever thinner) machine they're building. Easy to look up.

The problem with Apples they aren't very upgradeable. You're often stuck with what you get, and maxing it out at purchase time tends to cost a lot more than equivalent upgrades on the street... assuming those upgrades would fit, which they probably won't.

You buy a Mac because it has a warranty, will be sold in its same configuration for at least a year so getting support is easy, and will be repairable for as many as 5 years or more (my 2010 Macbook Pro just got cut off the list this year). Most other consumer electronics have the lifespan of a fruitfly. That Sony Vaio isn't a 2011 model, it's a VWETB236623626-ASD23423 that had a two-week production run and was replaced months before Sony cleared out a thousand of them for sale at Best Buy. Your Apple will be current for at least a year... but a year in, it'll still be sold with the same, now aging, CPU. Trade-off. That's why you check the Buyer's Guide at MacRumors.com before you buy.

But it's FUD that they're putting 2-year old crap in new models. Except, maybe, when you consider the GPU. It will be recent hardware, but it's mid-range performance compared to the best of what's out there. Because top-of-the-line desktop GPU's like the GTX Titan doesn't fit an iMac, and sure as shit not in a laptop or a Mini. Apple doesn't build an affordable desktop, and even if a funny-looking Mac Pro is on your radar, Apple does a frustratingly bad job of updating it as newer, faster chips come out.

So, there you have it. For most of what people buy Macs for, this isn't a problem. But nobody thinks of a Mac as a gaming rig. A recent Mac will play, Steam runs on it, but if you're serious about gaming you're serious enough to build a PC rig.

The Macbook comes with 8GB of memory built in. RAM is not upgradable in this model.

The Macbook has a 12-inch screen and weighs 2 pounds. And has one, single port for power and everything else. What knucklehead would consider that a gaming rig? It's a portable internet work machine for when a tablet won't cut it, for business people in airports and kids with 50-pound backpacks biking to class. You're paying for the thinnest, lightest... not gaming power or expandability. and the few comparable PC laptops are comparably spec'ed and priced. Games? Seriously? I use Macs, I won't game on a Mac.

Wait, you can game on a Mac. Build a decent PC rig based on, I dunno, Ars Technica, Toms Hardware, wherever, install Windows on PC, install Steam on PC, install Steam on Mac, use Steam client on Mac to stream game running on PC rig to Mac. There. Gaming on Mac. Using a PC. No worries.

The Macbook comes with 8GB of memory built in. RAM is not upgradable in this model.

The Macbook has a 12-inch screen and weighs 2 pounds. And has one, single port for power and everything else. What knucklehead would consider that a gaming rig? It's a portable internet work machine for when a tablet won't cut it, for business people in airports and kids with 50-pound backpacks biking to class. You're paying for the thinnest, lightest... not gaming power or expandability. and the few comparable PC laptops are comparably spec'ed and priced. Games? Seriously? I use Macs, I won't game on a Mac.

Wait, you can game on a Mac. Build a decent PC rig based on, I dunno, Ars Technica, Toms Hardware, wherever, install Windows on PC, install Steam on PC, install Steam on Mac, use Steam client on Mac to stream game running on PC rig to Mac. There. Gaming on Mac. Using a PC. No worries.

The Macbook comes with 8GB of memory built in. RAM is not upgradable in this model.

The Macbook has a 12-inch screen and weighs 2 pounds. And has one, single port for power and everything else. What knucklehead would consider that a gaming rig? It's a portable internet work machine for when a tablet won't cut it, for business people in airports and kids with 50-pound backpacks biking to class. You're paying for the thinnest, lightest... not gaming power or expandability. and the few comparable PC laptops are comparably spec'ed and priced. Games? Seriously? I use Macs, I won't game on a Mac.

Wait, you can game on a Mac. Build a decent PC rig based on, I dunno, Ars Technica, Toms Hardware, wherever, install Windows on PC, install Steam on PC, install Steam on Mac, use Steam client on Mac to stream game running on PC rig to Mac. There. Gaming on Mac. Using a PC. No worries.

Beats me, I haven't tried the app yet, I was basing my post on this Ars Technica article.

The comments are suggesting that this issue exists for some Android users as well, but not all.

But, yeah, apparently it skips the part where it asks for permissions (sometimes, always for iOS?) and just gives Niantic full control of your Google account.

Hosting illegal materials is still illegal. The CDA doesn't exonerate someone who knowingly and willfully continues to make content available that is illegal regardless of who is considered the "publisher". Ever seen the operator of a child porn site get raided? Yeah, it's like that except with terrorists. Just because Facebook is Facebook doesn't make them above the law, and trying to cling to your weak/twisted interpretation of the CDA doesn't change that.

Prevailing interpretation of the CDA to you.

It's not as if we haven't seen this before:
Twitter responded that as a publisher, it is immune from liability for content posted by its users under the Communications Decency Act of 1996.
          But plaintiffs' attorney Joshua Arisohn said that because direct messages are not published, they fall outside the protections of that statute.
          "The common definition of publisher is one who disseminates information to the public," Arisohn said. "If Congress wanted a broader definition for publisher, it could have made one."
          Twitter attorney Seth Waxman replied that direct messages are covered under the 2009 Ninth Circuit ruling, Barnes v. Yahoo!, which found that entities cannot be held liable for content posted online by third parties. Finding otherwise would that mean every provider of email and direct messaging, such as Apple and Google, could be liable for content exchanged by their users, Waxman said.
          Orrick was not persuaded that companies like Twitter could be sued for messages sent by users.
          "Just because it's private messaging doesn't put this beyond the Communications Decency Act's reach," Orrick said.

But please, continue to make unsupported assertions about the field I practice in. I'll certainly take your word over actual precedent and reputable lawyers.

It helps if you read everything that I wrote. Then again, the original poster did not say that Facebook could be sued for not censoring something, so I didn't emphasize that point.

If you want to take that position, you should research the CDA as well. We've seen it before, we will see it again, and I for one do not expect to see a different result.

It sucks that people can't lave others alone.

But forgetting that "people are real assholes sometimes", here you have a game that leads someone with a multi-hundred dollar smartphone to a location not necessarily controlled by them. May you live in interesting times.

You may find this interesting then.

http://arstechnica.com/science...

"...conspicuous financial rewards"

I guess Oracle don't understand that you're more likely to get "conspicuous financial rewards" by becoming a modest sized fish in an ocean than trying to be the biggest fish in a small pond.

Sun seemed to understand that in what it was trying to do with Java. These guys are opening up their patents so they seemed to understand that too. And this guyshowed there's more shareholder value in using patents to ensure standardization and make the market huge than in trying to wring out licence fees.

Those container patents are one of the reasons you can buy lots of cheap stuff made far away. Oracle are acting more like the losing side in this case who don't know how to cope with "a technological advance of great importance ... which at the same time threatened the jobs of ... by dramatically increasing their productivity.

SIP is a driver whitelist and a lock on system directories analogous to Trusted Solaris or SELinux. At the high level, it doesn't block user mode execution of compiled source code or of executables obtained from third parties. (That's Gatekeeper, which can be turned off.) At the low level, it doesn't block the owner from turning it off in recovery console (which an article by Andrew Cunningham and Lee Hutchinson admits that 5 percent of users may have a good reason to do) or from installing another operating system. A console blocks all four of these.

"Enough horsepower to run an Oculus Rift well?"

Quoting from the The Rift’s Recommended Spec:
"For the full Rift experience, we recommend the following system: NVIDIA GTX 970 / AMD 290 equivalent or greater"

Ars Technica writes "Faster than a GTX 980".
PCworld even uses the title "GTX 1060 is a $250 GTX 980 killer".

So, yes, it's easily enough to use the Rift.
And the HTC Vive for that matter.