The idea that decryption to/from a USB flash drive would have an CPU effect is laughable.
At best, a flash drive is getting read at about 30 MB/s (And written slower).
My laptop, a 1.6 Ghz dual processor Intel, can decrypt AES at 100 MB/s. (Incidentally, I have that entire computer encrypted.) My other computer, a 2.1Ghz AMD, gets 230 MB/s.
If your CPU cannot do AES at 30 MB/s, or if it's even noticeable, you probably should get a new computer. AES was designed to work on modern processors with minimal CPU.
Of course, as 'someone who works in the secure flash drive space', you're probably aware of all that, and just shilling for your rather unneeded industry.
Yeah, that's what gets me. I mean, it's one thing if they were selling special software and didn't want to have to distribute it, which the GPL would make them.
But they're selling a drive. I mean, it's just as much work any other way.
Edit TrueCrypt's interface, put it to autostart from the tiny cleartext partition (Using that autorun U3 trick), have it only look for a specially marked partition on the other drive, and mount it, or prompt for password and format it if the partition is blank.
Tada.
Instead, they use a dumbass hardware encryption with a single key.
I slightly understand the idea of hardware decryption on flash drives, although I still contend there is almost no possible sequence of events where hardware decryption would help vs. a truecrypt file on a flash drive. It doesn't help against keystoke loggers, it doesn't help against mirroring programs, I'll be damned if I can see what it defends against.
But this is just stupidity on top of that.
That said, hardware decryption is cool because it doesn't need admin privs...in theory. Although they could just as easily have a user-level version of truecrypt loop back to an installed driver.
I.e., the drive would have two partitions on it, but actually have three. (Or appear as two entirely separate devices.) Attempts to access the third one would, by the hardware, send a request to a user-space program running on the computer. Which would be Truecrypt, which would read the encrypted data off the drive, decrypt it, and pass it back to the hardware, which would pass it back again.
Sounds slow, but , hell, it's decryption, and no USB flash drive can keep up with the USB 2.0 standard anyway. Such a loopback chip, which could be some serial interface the hacked truecrypt connects to to get commands and send data, would certainly be cheaper than a hardware decryption chip, although who knows if they're just going to fake it with a single key. (Which is, strictly speaking, not even 'encryption'. It's just a goofy media encoding scheme.)
Heh, it's not like pirates invented the idea of removing credits. Blame broadcast TV for that.
But, anyway, removing credits is just one of those idiotic things that started with a reasonable reason that doesn't exist anymore.
On Usenet, 99% of video files are distributed as multiple rar files. Not for compression (You can't compress them anyway), but because rar had some error recovery, and because posters could repost individual rars.
Nowdays, of course, all files are followed with like 25% recovery information in par2 files, with no error recovery in the rar, and no one ever reposts anything (They sometimes will post more par2 files, though.) and the entire thing is a stupid nonsensical hassle, but it's still done that way, instead of just posting the avi followed by par2 info.
So don't blame pirates, blame tradition. It's worth nothing that such traditional is vanishing. I just watched part 2 of Doctor Who, and got all the credits.
I suspect a lot of the reason they've being cut is that there's an additional commercial break there.
Of course, none of this answers the question as to why broadcast networks don't stick up torrents with commercials in them, and let people download them legally.
As someone pointed out, the problem isn't the security model of current Windows.
The problem is the old Windows security model, where programs got to write all over the place.
If Windows would actually force the security model, it would be fine.
Actually, a bigger problem is that the new security model seems intent on prompting for everything. What would be nice is if the security model would actually do things like let you set IP addresses and whatnot without prompting.
I'd actually like for Windows to start having a repository of software that it can install stuff, without admin permissions. Yeah, I know everyone just winced and thought 'monopoly power', but it should be an entirely free system to add new repositories. Simply a requirement that you be an actual identifiable person or company, along with Windows having a blacklist of repositories for known malware ones that sneak in.
I don't know about 'diplomatic channels', we have diplomatic relations with almost every country in the world. There are only a few we have to go through back channels to get to, like Cuba and Iran. We even had official communications with the Soviets when they were around.
The rest we have normal communications with, just no extradition treaty. Strangely enough, the 'least civilized' of those are the easiest to extradite from, as the first world ones often have due process rules that keep governments from handing over people sans law or treaty, whereas we can just throw a few promises to the third world ones and get them to grab someone.
Well, we invaded Iraq about a decade earlier. And, of course, bombed them in December 1998.
And from 1975 to 1982 or so, we stupidly got involved in Lebanon's civil war, a giant absurd clusterfuck of a war. Mostly we were supporting Israel, but did plenty of stupid stuff ourself.
Oh, and let's not forget Iran Air Flight 655, along with the rest of the support we gave Iraq during the Iraq-Iran war.
And, oh, oh, Bosnia. Granted, we (As in NATO) didn't do it, but we certainly failed to prevent the Srebrenica massacre despite theoretically being in control of the area. Blaming this on the US is sorta silly, it was the fault the Dutch and NATO in general, but NATO is, rightly or wrongly, see as the US's puppet. (I mention Bosnia only because a few of the 9/11 hijackers were in Bosnia during all this, where NATO sorta kinda tried to stop the Muslim genocide, but not very hard.)
And that's not even talking about the US military support of Israel or, possibly more relevant, the US support of the Saudi government.
bin Laden essentially considers the US to have bribed the Saudi's to have put non-Muslim soldiers in the Muslim holy land, which was the justification for 9/11. Which is, indeed, not actually 'bombing' anyone, but that's just the umbrella under which people are recruited.
The people recruited all have either personal vendettas against the US, or are just essentially brainwashed youth that join a cult-like organization.
In the case of middle-eastern terrorists, I think it's mostly because we've maintained positive diplomatic relations with Israel since 1948 and consistently defended their right to exist as a sovereign nation.
If by 'defend their right to exist', you mean 'funded their military and refuse to condemn them in any way, shape, or form, even when they do things that are clearly idiotic and illegal', then, yes.
With any other country we'd be quick to at least slightly condemn them with at least the threat of withhold military support when they decide to build and maintain illegal settlements, and start shooting Palestines to defend said illegal settlements. Or, you know when they start a bombing run on Lebanon that served no military purpose at all. But they're Israel, apparently they can do whatever they want and we'll keep shoving cash and airplanes and bombs at them.
However, you're wrong. The vast majority of attacks against the US have nothing to do with Israel. The September 11th attack, for example, allegedly were due to the US being on Saudi soil(At the Saudi's request), not due to any Israel support.
Occasionally, US support for Israel gets mentioned by terrorists, but it's probably not even in the top five listed causes for any attack. Hamas is not running around attacking us.
Although I'm not entirely certainly how what I said is disproved by that idea. As I said, the listed causes for terrorism are not actually the personal cause of terrorism. There's a banner cause, an imaginary reason everyone has united behind...but the actual cause is that 'X has personally wronged me'. People do not give up their life to fight a war for no pay and certain death without some actual concrete reason.(1)
And plenty of Palestines have friends and relatives killed by Israelis using US tech, so could, rationally, be expected to attack the US. Usually, however, they aim themselves at Israel. I'm sure one of two of them has gone for the source, but it pales in comparison to the people who were wrong by the actual US and who attack us.
1) In general, that is. Obviously, there is a sort of cultist brainwashing that can go on and make people literally 'drink the Koolaid', but using a bomb instead, but that's not as common as people would assume.
Firstly, cell phones in flight are not out of range of towers. It confuses the hell out of them, and calls get dropped, but they do get a signal. I see no reason that A-GPS would not work.
Secondly, oh, well, thank goodness it's against the rules for terrorists to have their phone on during the flight. I'm sure that solves things. You know, perhaps we could just outlaw terrorism itself one day!
Thirdly, A-GPS is not needed for cell phones to have GPS. A-GPS is normally just a way to start GPS faster by giving it a list of frequencies and satellites to look for. Otherwise it can take 40 seconds or so to check everything. GPS in modern cell phones can work entirely without cell towers, and once started and it hones it on the sats, will continue to update in mostly real time. On a fast moving airplane, I wouldn't expect it to be within 100 feet or so, airplane bodies are distorting and the plane is moving a lot faster than the GPS expects, but that's plenty close enough for terrorism.
Now, older cell phones and GPS units used a form of A-GPS that the assistance server helped piece together signals, because they didn't have the CPU, but even they could eventually figure out where they were. Usually. I wouldn't try to use one on a plane, though. Modern phones, however, have enough CPU, or a dedicated GPS chip to calculate position.
Now, whether or not the GPS works in 'plane mode' is entirely up to the phone. My iPhone can turn off the GPS independent of the cell radio. I just checked with the phone off, and the GPS works fine. (Well, it's still about half a mile off at my house, but it's always that far off. And this is xGPS, which uses Google maps, downloaded as needed, which obviously would not work without either a phone or wifi connection, so it was using the later. I think terrorists who can buy plane tickets can swing a hundred for TomTom, though.)
I don't know why we're assuming cell phones, though. It's not like dedicated GPS receivers are barred from airplanes if for some reason terrorists have trouble with cell GPS. There isn't even a rule against using GPS on an airplane that I am aware of, as GPS receivers do not transmit anything. You'd have to turn them off when you turn off 'electric devices', but that's it.
Well, yeah, but it's more interesting than simply pointing a camera at something.
'News experts' are annoying because it's clear the network has leapt on 'news' before it actually happens, so are having to pad it. It's annoying because 24 hour news networks could, in fact, be covering something else instead of whatever stupid media frenzy for things that haven't happened yet and aren't going to happen for 30 minutes, and it doesn't help their experts obviously don't know anything their audience doesn't. Hell, half the time they don't know what Wikipedia does.
How useful experts are is relative to what else could be there. With CNN, they're wasting two hours waiting for Michael Jackson to show up at a courthouse or whatever stupid ass thing they're covering, so have to do something instead of showing an empty parking lot. Instead of, you know, showing actual news.
Seriously, 24 hour news networks are like the least efficient use of time ever. If you watched them all the time, you'd get the impression maybe a dozen things happened in the US every day...which is pretty stupid and implies they're spending an average on two hours a story. Sadly, it's not even that...they keep rotating from story to story every fine minutes and spending four minutes catching people up to date.
However, with NASA, it's different. It's not like there's some exciting space news they could be off covering instead of waiting for things. So their 'experts' sitting around talking would be a little less pointless. (And they could, in fact, find actual experts.)
Or they could just prepare animated simulations of orbits and stuff, and throw them in whenever there's a lull. They aren't incredibly interesting, but are more interesting than nothing.
Refusing to defecate can't kill you, no, but you can break something by refusing to urinate. Namely, your bladder will burst. And then you will die.
Urination and eating are the biological processes you can stop to kill yourself. You can't stop breathing, you'll pass out and breath, and while you can stop defecating, it won't kill you. (Although eventually you'll become unable to eat and start vomiting if you do.)
Why would they need to get out of their seat to set off a bomb, anyway? Granted, both idiotic 'clothing' bombers would probably have been able to set off their bomb if they'd done it in the bathroom instead of trying to do it in front of people, but the problem with bathroom bombs is that they probably wouldn't hurt anything besides the bathroom. I suspect said bombers have managed to figure this out. (And that a smarter bomber would, next time, get a window seat with a confederate next to them, so people can't obviously see something going on, and the confederate can fend people off if people notice.)
Oh, yeah, people can't have things 'in their laps'. Despite this guy, you know, having the bomb down his pants. (Holy crap, those jokes about what we would have had to take off had the 'shoe bomber' been the 'underwear bomber' have just come true!)
So I'm sure that if someone picks their laptop bag up off the floor, and puts it in their lap, they will instantly be shot dead by a sniper? No?
Instantly noticed by a flight attendant? No?
Eventually noticed by a flight attendant and politely asked to put the bag down, otherwise the flight attendant will ask again? Ah.
I feel safer already. Surely the threat of a flight attendant wandering up in a few minutes and politely insisting on something will deter terrorism.
I'm of the opinion that the TSA should be required to set up a fake airport security checkpoint. And anyone can pay $25 to go through it. The security can be as tight as possible, but they have to actually follow the rules they use at real checkpoints. On the other side, you have access to anything that would be sold in an airport or on an airplane, along with private areas to put things together.
Anything anyone gets on the other side should remove the rules barring similar items.
Within two hours, someone will have managed to smuggle razor blades through. (Probably inside a laptop.) Other people will have disassembled their luggage handles to make spears.
Within a few hours, people cycling in and out will have collected several gallons of 'explosive' liquid in a private area.
Oh, and we've already demonstrated that people who are on the terrorist watch list can fly on airplanes without fake IDs. (Buy the ticket under a fake name, present a fake boarding pass and real ID to the security checkpoint, and then use your real boarding pass to get on whatever plane you want.)
There's a guy up there who's a real security airplane expert who is pointing out 'violations of quarantine' and stuff like that, where people could presumably get stuff on airplanes without going through security screening.
But that is a failure of process. And even I can tell that, even if the process were perfect, even if we could magically keep exactly the stuff off planes we want to keep off planes, that you could replicate almost everything in some way by what is allowed. And I'm not some sort of McGuyer-ish genius.
Oh, and this instance demonstrates the same thing with the no-fly list. Even if people on the no-fly list could be kept off planes, apparently there's plenty of reported terrorists on FBI watchlists who aren't on the no-fly list. Whereas there are a lot of people on the no-fly list who clearly shouldn't be there. It's not just a failure of process, it's a failure of design that is totally obscured by the failure of process!
At some point we're going to have to start some civil disobedience. Buy tickets, go through security checkpoints with no prohibited items, and start assembling a large collect of liquids, or building spears and knifes and garrotes right past the checkpoint, using legal items, in blatant view of everyone. Get ten people, arm a goddamn army, and try to get on your plane.
No, he was not. Despite having been reported to the FBI and put on an FBI watchlist. (Which was entirely pointless as he was, at no time, actually in the US to be watched by said FBI.)
And while you are at it if some guy in Nigeria goes to the US embassy and says look out for my son here is his name then bloody look out for that name in visa requests and think twice before granting it.
You know what would be nice? If we had a list of names of, you know, people who were considered to be possible terrorists, so we could keep them off any flights in the US.
Instead, this guy just got put on some FBI watchlist, which of course airline passengers can't be checked against. If we had this hypothetical 'no-fly' list, he surely would have automatically been put on there. I mean, it would be the height of foolishness to actually have suspected terrorists that the government knows are suspected terrorists not be put on there.
Of course, if we had such a list, we'd probably have all sort of bitching because we'd put names like Cat Stevens and Ted Kennedy on it, but of course there'd be some sort of way for them to get removed, right?
Flight attendants have to deal with messes like that already. It's not like you're running around punching them in the face, you are adding two minutes of work to their actual job that they are being paid to do.
It's like yelling at a customer in Walmart because they didn't want to buy something and handed it to a cashier instead of walking back and putting it on the shelf. Um, that's the actual job of the employees of the store, to put things back on the shelves. Likewise, it's the actual job of the cleaning crew to, you know, clean up any urine.
Now, nice people don't create meaningless work for others if they can help it, but no one is actually saying to do this if you can hold it. No adult is going to wet themselves if they have any other choice.
Seriously, long boring drives to recovery sites, and dead silence?
Don't they have some, I dunno, science they could be telling us? Like a clip of the launch, or an explanation of the mission, or simulations of the orbit, or something?
People simply aren't interested in seeing every step of a recovery process with nothing else. That is because it is incredibly boring, and, no, that has nothing to do with modern society's short attention span or anything. That much time watching nothing happen, interspersed with short, boring comments, is boring to anyone!
At the very least, do what CNN does when they're waiting for stuff to happen on camera, like someone to come out of a courthouse...have a bunch of random 'experts' sitting around a table in the studio, and cut to them for a few minutes at a time, and back when things actually happen.
Although really NASA should be able to time things better than that. Their uncertainly is usually only a few seconds, except sometimes during launches.
Terrorists don't attack the US because the US cause X deaths a year...they attack us because we dropped a bomb on their sister. Or tortured their cousin.
Hate is not statistical. Anger is not statistical. Terrorists causes are not statistical. They are personal.
Sure, people like bin Laden will stand up and list of a lot of vague, impersonal reasons designed to make people sympathized with them, which does somewhat work. If people think they're fighting evil, those people will be able to overlook some of their evil.
But that just gets people to the 'I won't turn in that guy I know' stage of terrorism support, it doesn't make them get on an airplane with a bomb and destroy their life...only personal loss makes people do that.
Oh, and let's not confuse the people who are fighting to stop the US from occupying their country with 'terrorists'. Terrorism is a tactic, not a goal. Someone picking up a gun and shooting at people in the military is not terrorism...at worse, it's an insurrection.
If you were poor enough to have to work your way through college, either you graduated before 1980 or so, or you got grants. (Or your school had a really stupid financial aid department.)
The problem if it's a standard client feature than the second in shows up in clients, spammers will start adding it to their email. (As, in fact, they already do.)
So if everyone client is reading it, receiving mail servers need to strip existing ones even if they themselves aren't writing one. Otherwise, you just invented a way to trick mail clients.
However, mail servers are not supposed to strip X-Spam headers. They aren't, in fact, supposed to alter any header they're not specifically supposed to alter.
Ergo, to actually do this, you'd want to create a standard saying a certain header SHOULD be stripped on receipt. Which, incidentally, some already are, and replaced, like Delivered-To and Return-Path. (I don't know of any that get stripped even if not being replaced, but there's no reason why not.)
And no standard header is called X- anything. If defined, it would get an actual name, along with other rules, like whether or not you can have multiple ones.
Or, as I said, an interesting idea might be to make a header called 'Recipient-Headers', which lists trusted headers that were added by the local mail server.
This would, of course, require the local mail server to strip that out, but you'd only need to worry about adding that standard requirement once.
And, from then on, if you want to add a X-Spam header, or a X-Attachment-Saved-To header, or whatever, you can simply stick the name of that header in the Recipient-Headers line, which asserts the mail server stripped out any instances of that header to start with, and thus anything in it is trusted.
And any client would only trust X-Spam if there was a reference to X-Spam in the Recipient-Headers header.
As for the delimiter, I was actually saying that because there is a current way to see what headers were added locally...they'll be before the the Received line added by your local mail server. Lines are added to mail at the start.
The problem is that, for example, you will end up with something like, for the top of the email:
Return-Path: <sender@example.net>
X-Original-To: david@example.com
Delivered-To: david@example.com
Received: from localhost (localhost.localdomain [127.0.0.1]) by example.com (Postfix) with ESMTP id E9576738090 for <david@example.com>; Fri, 18 Dec 2009 19:57:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at example.com
Received: from example.com ([127.0.0.1]) by localhost (example.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N2pKNQAv+HqD for <david@example.com>; Fri, 18 Dec 2009 19:57:34 -0800 (PST)
Received: from lrcmmta08-srv.example.net (lrcmmta08-srv.example.net [10.0.0.1]) by example.com (Postfix) with ESMTP for <david@example.com>; Fri, 18 Dec 2009 19:57:33 -0800 (PST) ...other Received headers, and then the other email headers.
There's a received header after my local server does a virus scan. (Which is also where it would add an X-Spam header if I wanted that...I don't actually want the virus scan header either, I should get rid of that.) Also, in theory, there could be a local added header before the second received one. The bottommost header I showed is where it actually enters my control.
So an actual simple solution to this would be for all local mail servers to simply add 'X-Received-Locally' or something like that, at the top of the headers, the second they get an email, and then not add anything after that. Then we simply believe the topmost one of those headers. And, what's more, you could do this without any changes to mail servers...essentially all mail servers can add custom headers, and they always add them at the top.
I would only do it if I could figure out how to run the 'put on the whitelist' part during the day. So anyone that's sent email at any time that's gotten in would be already cleared. (Cleared to not be greylisted, I mean, not whitelisted in general.) Run that for a week, collect 'tuples', and then turn it on only at night. Most greylisting programs can run in 'collection only' mode.
I've also looked at the idea of greylisting, only by IP plus domain for all free email services.
I.e., if some IP says they're gmail.com, we'd greylist that IP, until they retry that email (With the same sender and recipient) a bit later.
Then we'd let that IP give us any gmail.com email, to anyone.
I could even grep the mail log and find some starting IPs.
Sadly, I've seen no program that does anything like this. I think I could do it with a postfix map that only sends certain domains to be greylisted, though.
That's what I would do. There are too many charitable organizations with really good PR and really shitty records of actually helping anything, like PETA.
Also, a lot of organizations do good work, but don't really need large amounts of cash. Like the Red Cross. They need volunteers, not money.
And plenty of organizations do good work, but are perceived, rightly or wrongly, as having a political bent, so for maximum PR, you'd want to leave those out.
My education involved no student loans. I suspect there is a significant amount of the audience that is in the same boat.
If by 'significant amount' you mean '1/3', then sure.
2/3rds of college graduates have student loans.
But, incidentally, that's incorrect for the point you're trying to make.
The drug laws bar all federal aids, not just loans, but grants also.
Almost every college student has Federal grants. Just the Pell grant alone went to about 7,000,000 people in 2009, which is half of all college students...and that's just one of the many out there.
If you got through college without any Federal aid at all, you either did it before 1980 or so, or you're fairly wealthy. I suspect the actual answer is : You've forgotten or did not know about the aid you were getting.
Slashdot Mirror
The idea that decryption to/from a USB flash drive would have an CPU effect is laughable.
At best, a flash drive is getting read at about 30 MB/s (And written slower).
My laptop, a 1.6 Ghz dual processor Intel, can decrypt AES at 100 MB/s. (Incidentally, I have that entire computer encrypted.) My other computer, a 2.1Ghz AMD, gets 230 MB/s.
If your CPU cannot do AES at 30 MB/s, or if it's even noticeable, you probably should get a new computer. AES was designed to work on modern processors with minimal CPU.
Of course, as 'someone who works in the secure flash drive space', you're probably aware of all that, and just shilling for your rather unneeded industry.
That's the thing that gets me about USB hardware encryption. I can't figure out the damn point.
The only possible advantage is that hardware encryption could maybe work without admin privs.
Yeah, that's what gets me. I mean, it's one thing if they were selling special software and didn't want to have to distribute it, which the GPL would make them.
But they're selling a drive. I mean, it's just as much work any other way.
Edit TrueCrypt's interface, put it to autostart from the tiny cleartext partition (Using that autorun U3 trick), have it only look for a specially marked partition on the other drive, and mount it, or prompt for password and format it if the partition is blank.
Tada.
Instead, they use a dumbass hardware encryption with a single key.
I slightly understand the idea of hardware decryption on flash drives, although I still contend there is almost no possible sequence of events where hardware decryption would help vs. a truecrypt file on a flash drive. It doesn't help against keystoke loggers, it doesn't help against mirroring programs, I'll be damned if I can see what it defends against.
But this is just stupidity on top of that.
That said, hardware decryption is cool because it doesn't need admin privs...in theory. Although they could just as easily have a user-level version of truecrypt loop back to an installed driver.
I.e., the drive would have two partitions on it, but actually have three. (Or appear as two entirely separate devices.) Attempts to access the third one would, by the hardware, send a request to a user-space program running on the computer. Which would be Truecrypt, which would read the encrypted data off the drive, decrypt it, and pass it back to the hardware, which would pass it back again.
Sounds slow, but , hell, it's decryption, and no USB flash drive can keep up with the USB 2.0 standard anyway. Such a loopback chip, which could be some serial interface the hacked truecrypt connects to to get commands and send data, would certainly be cheaper than a hardware decryption chip, although who knows if they're just going to fake it with a single key. (Which is, strictly speaking, not even 'encryption'. It's just a goofy media encoding scheme.)
Oh, and, tada. Unpatentable for the win!
Heh, it's not like pirates invented the idea of removing credits. Blame broadcast TV for that.
But, anyway, removing credits is just one of those idiotic things that started with a reasonable reason that doesn't exist anymore.
On Usenet, 99% of video files are distributed as multiple rar files. Not for compression (You can't compress them anyway), but because rar had some error recovery, and because posters could repost individual rars.
Nowdays, of course, all files are followed with like 25% recovery information in par2 files, with no error recovery in the rar, and no one ever reposts anything (They sometimes will post more par2 files, though.) and the entire thing is a stupid nonsensical hassle, but it's still done that way, instead of just posting the avi followed by par2 info.
So don't blame pirates, blame tradition. It's worth nothing that such traditional is vanishing. I just watched part 2 of Doctor Who, and got all the credits.
I suspect a lot of the reason they've being cut is that there's an additional commercial break there.
Of course, none of this answers the question as to why broadcast networks don't stick up torrents with commercials in them, and let people download them legally.
As someone pointed out, the problem isn't the security model of current Windows.
The problem is the old Windows security model, where programs got to write all over the place.
If Windows would actually force the security model, it would be fine.
Actually, a bigger problem is that the new security model seems intent on prompting for everything. What would be nice is if the security model would actually do things like let you set IP addresses and whatnot without prompting.
I'd actually like for Windows to start having a repository of software that it can install stuff, without admin permissions. Yeah, I know everyone just winced and thought 'monopoly power', but it should be an entirely free system to add new repositories. Simply a requirement that you be an actual identifiable person or company, along with Windows having a blacklist of repositories for known malware ones that sneak in.
I don't know about 'diplomatic channels', we have diplomatic relations with almost every country in the world. There are only a few we have to go through back channels to get to, like Cuba and Iran. We even had official communications with the Soviets when they were around.
The rest we have normal communications with, just no extradition treaty. Strangely enough, the 'least civilized' of those are the easiest to extradite from, as the first world ones often have due process rules that keep governments from handing over people sans law or treaty, whereas we can just throw a few promises to the third world ones and get them to grab someone.
Seriously?
Well, we invaded Iraq about a decade earlier. And, of course, bombed them in December 1998.
And from 1975 to 1982 or so, we stupidly got involved in Lebanon's civil war, a giant absurd clusterfuck of a war. Mostly we were supporting Israel, but did plenty of stupid stuff ourself.
Oh, and let's not forget Iran Air Flight 655, along with the rest of the support we gave Iraq during the Iraq-Iran war.
And, oh, oh, Bosnia. Granted, we (As in NATO) didn't do it, but we certainly failed to prevent the Srebrenica massacre despite theoretically being in control of the area. Blaming this on the US is sorta silly, it was the fault the Dutch and NATO in general, but NATO is, rightly or wrongly, see as the US's puppet. (I mention Bosnia only because a few of the 9/11 hijackers were in Bosnia during all this, where NATO sorta kinda tried to stop the Muslim genocide, but not very hard.)
And that's not even talking about the US military support of Israel or, possibly more relevant, the US support of the Saudi government.
bin Laden essentially considers the US to have bribed the Saudi's to have put non-Muslim soldiers in the Muslim holy land, which was the justification for 9/11. Which is, indeed, not actually 'bombing' anyone, but that's just the umbrella under which people are recruited.
The people recruited all have either personal vendettas against the US, or are just essentially brainwashed youth that join a cult-like organization.
In the case of middle-eastern terrorists, I think it's mostly because we've maintained positive diplomatic relations with Israel since 1948 and consistently defended their right to exist as a sovereign nation.
If by 'defend their right to exist', you mean 'funded their military and refuse to condemn them in any way, shape, or form, even when they do things that are clearly idiotic and illegal', then, yes.
With any other country we'd be quick to at least slightly condemn them with at least the threat of withhold military support when they decide to build and maintain illegal settlements, and start shooting Palestines to defend said illegal settlements. Or, you know when they start a bombing run on Lebanon that served no military purpose at all. But they're Israel, apparently they can do whatever they want and we'll keep shoving cash and airplanes and bombs at them.
However, you're wrong. The vast majority of attacks against the US have nothing to do with Israel. The September 11th attack, for example, allegedly were due to the US being on Saudi soil(At the Saudi's request), not due to any Israel support.
Occasionally, US support for Israel gets mentioned by terrorists, but it's probably not even in the top five listed causes for any attack. Hamas is not running around attacking us.
Although I'm not entirely certainly how what I said is disproved by that idea. As I said, the listed causes for terrorism are not actually the personal cause of terrorism. There's a banner cause, an imaginary reason everyone has united behind...but the actual cause is that 'X has personally wronged me'. People do not give up their life to fight a war for no pay and certain death without some actual concrete reason.(1)
And plenty of Palestines have friends and relatives killed by Israelis using US tech, so could, rationally, be expected to attack the US. Usually, however, they aim themselves at Israel. I'm sure one of two of them has gone for the source, but it pales in comparison to the people who were wrong by the actual US and who attack us.
1) In general, that is. Obviously, there is a sort of cultist brainwashing that can go on and make people literally 'drink the Koolaid', but using a bomb instead, but that's not as common as people would assume.
Firstly, cell phones in flight are not out of range of towers. It confuses the hell out of them, and calls get dropped, but they do get a signal. I see no reason that A-GPS would not work.
Secondly, oh, well, thank goodness it's against the rules for terrorists to have their phone on during the flight. I'm sure that solves things. You know, perhaps we could just outlaw terrorism itself one day!
Thirdly, A-GPS is not needed for cell phones to have GPS. A-GPS is normally just a way to start GPS faster by giving it a list of frequencies and satellites to look for. Otherwise it can take 40 seconds or so to check everything. GPS in modern cell phones can work entirely without cell towers, and once started and it hones it on the sats, will continue to update in mostly real time. On a fast moving airplane, I wouldn't expect it to be within 100 feet or so, airplane bodies are distorting and the plane is moving a lot faster than the GPS expects, but that's plenty close enough for terrorism.
Now, older cell phones and GPS units used a form of A-GPS that the assistance server helped piece together signals, because they didn't have the CPU, but even they could eventually figure out where they were. Usually. I wouldn't try to use one on a plane, though. Modern phones, however, have enough CPU, or a dedicated GPS chip to calculate position.
Now, whether or not the GPS works in 'plane mode' is entirely up to the phone. My iPhone can turn off the GPS independent of the cell radio. I just checked with the phone off, and the GPS works fine. (Well, it's still about half a mile off at my house, but it's always that far off. And this is xGPS, which uses Google maps, downloaded as needed, which obviously would not work without either a phone or wifi connection, so it was using the later. I think terrorists who can buy plane tickets can swing a hundred for TomTom, though.)
I don't know why we're assuming cell phones, though. It's not like dedicated GPS receivers are barred from airplanes if for some reason terrorists have trouble with cell GPS. There isn't even a rule against using GPS on an airplane that I am aware of, as GPS receivers do not transmit anything. You'd have to turn them off when you turn off 'electric devices', but that's it.
Well, yeah, but it's more interesting than simply pointing a camera at something.
'News experts' are annoying because it's clear the network has leapt on 'news' before it actually happens, so are having to pad it. It's annoying because 24 hour news networks could, in fact, be covering something else instead of whatever stupid media frenzy for things that haven't happened yet and aren't going to happen for 30 minutes, and it doesn't help their experts obviously don't know anything their audience doesn't. Hell, half the time they don't know what Wikipedia does.
How useful experts are is relative to what else could be there. With CNN, they're wasting two hours waiting for Michael Jackson to show up at a courthouse or whatever stupid ass thing they're covering, so have to do something instead of showing an empty parking lot. Instead of, you know, showing actual news.
Seriously, 24 hour news networks are like the least efficient use of time ever. If you watched them all the time, you'd get the impression maybe a dozen things happened in the US every day...which is pretty stupid and implies they're spending an average on two hours a story. Sadly, it's not even that...they keep rotating from story to story every fine minutes and spending four minutes catching people up to date.
However, with NASA, it's different. It's not like there's some exciting space news they could be off covering instead of waiting for things. So their 'experts' sitting around talking would be a little less pointless. (And they could, in fact, find actual experts.)
Or they could just prepare animated simulations of orbits and stuff, and throw them in whenever there's a lull. They aren't incredibly interesting, but are more interesting than nothing.
Luckily, there's no other way for people to figure out where they are in a flight.
Because cell phone GPS magically stops working on airplanes, and people can't look out the window.
No, start with the razorblade you put inside the SD card slot of your digital camera.
But, yes, you could probably find something inside the airplane itself.
Refusing to defecate can't kill you, no, but you can break something by refusing to urinate. Namely, your bladder will burst. And then you will die.
Urination and eating are the biological processes you can stop to kill yourself. You can't stop breathing, you'll pass out and breath, and while you can stop defecating, it won't kill you. (Although eventually you'll become unable to eat and start vomiting if you do.)
Why would they need to get out of their seat to set off a bomb, anyway? Granted, both idiotic 'clothing' bombers would probably have been able to set off their bomb if they'd done it in the bathroom instead of trying to do it in front of people, but the problem with bathroom bombs is that they probably wouldn't hurt anything besides the bathroom. I suspect said bombers have managed to figure this out. (And that a smarter bomber would, next time, get a window seat with a confederate next to them, so people can't obviously see something going on, and the confederate can fend people off if people notice.)
Oh, yeah, people can't have things 'in their laps'. Despite this guy, you know, having the bomb down his pants. (Holy crap, those jokes about what we would have had to take off had the 'shoe bomber' been the 'underwear bomber' have just come true!)
So I'm sure that if someone picks their laptop bag up off the floor, and puts it in their lap, they will instantly be shot dead by a sniper? No?
Instantly noticed by a flight attendant? No?
Eventually noticed by a flight attendant and politely asked to put the bag down, otherwise the flight attendant will ask again? Ah.
I feel safer already. Surely the threat of a flight attendant wandering up in a few minutes and politely insisting on something will deter terrorism.
AMEN
I'm of the opinion that the TSA should be required to set up a fake airport security checkpoint. And anyone can pay $25 to go through it. The security can be as tight as possible, but they have to actually follow the rules they use at real checkpoints. On the other side, you have access to anything that would be sold in an airport or on an airplane, along with private areas to put things together.
Anything anyone gets on the other side should remove the rules barring similar items.
Within two hours, someone will have managed to smuggle razor blades through. (Probably inside a laptop.) Other people will have disassembled their luggage handles to make spears.
Within a few hours, people cycling in and out will have collected several gallons of 'explosive' liquid in a private area.
Oh, and we've already demonstrated that people who are on the terrorist watch list can fly on airplanes without fake IDs. (Buy the ticket under a fake name, present a fake boarding pass and real ID to the security checkpoint, and then use your real boarding pass to get on whatever plane you want.)
There's a guy up there who's a real security airplane expert who is pointing out 'violations of quarantine' and stuff like that, where people could presumably get stuff on airplanes without going through security screening.
But that is a failure of process. And even I can tell that, even if the process were perfect, even if we could magically keep exactly the stuff off planes we want to keep off planes, that you could replicate almost everything in some way by what is allowed. And I'm not some sort of McGuyer-ish genius.
Oh, and this instance demonstrates the same thing with the no-fly list. Even if people on the no-fly list could be kept off planes, apparently there's plenty of reported terrorists on FBI watchlists who aren't on the no-fly list. Whereas there are a lot of people on the no-fly list who clearly shouldn't be there. It's not just a failure of process, it's a failure of design that is totally obscured by the failure of process!
At some point we're going to have to start some civil disobedience. Buy tickets, go through security checkpoints with no prohibited items, and start assembling a large collect of liquids, or building spears and knifes and garrotes right past the checkpoint, using legal items, in blatant view of everyone. Get ten people, arm a goddamn army, and try to get on your plane.
He was already on a "no fly" list was he not?
No, he was not. Despite having been reported to the FBI and put on an FBI watchlist. (Which was entirely pointless as he was, at no time, actually in the US to be watched by said FBI.)
And while you are at it if some guy in Nigeria goes to the US embassy and says look out for my son here is his name then bloody look out for that name in visa requests and think twice before granting it.
You know what would be nice? If we had a list of names of, you know, people who were considered to be possible terrorists, so we could keep them off any flights in the US.
Instead, this guy just got put on some FBI watchlist, which of course airline passengers can't be checked against. If we had this hypothetical 'no-fly' list, he surely would have automatically been put on there. I mean, it would be the height of foolishness to actually have suspected terrorists that the government knows are suspected terrorists not be put on there.
Of course, if we had such a list, we'd probably have all sort of bitching because we'd put names like Cat Stevens and Ted Kennedy on it, but of course there'd be some sort of way for them to get removed, right?
Good lord, you're an idiot.
Flight attendants have to deal with messes like that already. It's not like you're running around punching them in the face, you are adding two minutes of work to their actual job that they are being paid to do.
It's like yelling at a customer in Walmart because they didn't want to buy something and handed it to a cashier instead of walking back and putting it on the shelf. Um, that's the actual job of the employees of the store, to put things back on the shelves. Likewise, it's the actual job of the cleaning crew to, you know, clean up any urine.
Now, nice people don't create meaningless work for others if they can help it, but no one is actually saying to do this if you can hold it. No adult is going to wet themselves if they have any other choice.
Yes.
Seriously, long boring drives to recovery sites, and dead silence?
Don't they have some, I dunno, science they could be telling us? Like a clip of the launch, or an explanation of the mission, or simulations of the orbit, or something?
People simply aren't interested in seeing every step of a recovery process with nothing else. That is because it is incredibly boring, and, no, that has nothing to do with modern society's short attention span or anything. That much time watching nothing happen, interspersed with short, boring comments, is boring to anyone!
At the very least, do what CNN does when they're waiting for stuff to happen on camera, like someone to come out of a courthouse...have a bunch of random 'experts' sitting around a table in the studio, and cut to them for a few minutes at a time, and back when things actually happen.
Although really NASA should be able to time things better than that. Their uncertainly is usually only a few seconds, except sometimes during launches.
Terrorists don't attack the US because the US cause X deaths a year...they attack us because we dropped a bomb on their sister. Or tortured their cousin.
Hate is not statistical. Anger is not statistical. Terrorists causes are not statistical. They are personal.
Sure, people like bin Laden will stand up and list of a lot of vague, impersonal reasons designed to make people sympathized with them, which does somewhat work. If people think they're fighting evil, those people will be able to overlook some of their evil.
But that just gets people to the 'I won't turn in that guy I know' stage of terrorism support, it doesn't make them get on an airplane with a bomb and destroy their life...only personal loss makes people do that.
Oh, and let's not confuse the people who are fighting to stop the US from occupying their country with 'terrorists'. Terrorism is a tactic, not a goal. Someone picking up a gun and shooting at people in the military is not terrorism...at worse, it's an insurrection.
If you were poor enough to have to work your way through college, either you graduated before 1980 or so, or you got grants. (Or your school had a really stupid financial aid department.)
The problem if it's a standard client feature than the second in shows up in clients, spammers will start adding it to their email. (As, in fact, they already do.)
So if everyone client is reading it, receiving mail servers need to strip existing ones even if they themselves aren't writing one. Otherwise, you just invented a way to trick mail clients.
However, mail servers are not supposed to strip X-Spam headers. They aren't, in fact, supposed to alter any header they're not specifically supposed to alter.
Ergo, to actually do this, you'd want to create a standard saying a certain header SHOULD be stripped on receipt. Which, incidentally, some already are, and replaced, like Delivered-To and Return-Path. (I don't know of any that get stripped even if not being replaced, but there's no reason why not.)
And no standard header is called X- anything. If defined, it would get an actual name, along with other rules, like whether or not you can have multiple ones.
Or, as I said, an interesting idea might be to make a header called 'Recipient-Headers', which lists trusted headers that were added by the local mail server.
This would, of course, require the local mail server to strip that out, but you'd only need to worry about adding that standard requirement once.
And, from then on, if you want to add a X-Spam header, or a X-Attachment-Saved-To header, or whatever, you can simply stick the name of that header in the Recipient-Headers line, which asserts the mail server stripped out any instances of that header to start with, and thus anything in it is trusted.
And any client would only trust X-Spam if there was a reference to X-Spam in the Recipient-Headers header.
As for the delimiter, I was actually saying that because there is a current way to see what headers were added locally...they'll be before the the Received line added by your local mail server. Lines are added to mail at the start.
The problem is that, for example, you will end up with something like, for the top of the email:
Return-Path: <sender@example.net>
...other Received headers, and then the other email headers.
X-Original-To: david@example.com
Delivered-To: david@example.com
Received: from localhost (localhost.localdomain [127.0.0.1]) by example.com (Postfix) with ESMTP id E9576738090 for <david@example.com>; Fri, 18 Dec 2009 19:57:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at example.com
Received: from example.com ([127.0.0.1]) by localhost (example.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N2pKNQAv+HqD for <david@example.com>; Fri, 18 Dec 2009 19:57:34 -0800 (PST)
Received: from lrcmmta08-srv.example.net (lrcmmta08-srv.example.net [10.0.0.1]) by example.com (Postfix) with ESMTP for <david@example.com>; Fri, 18 Dec 2009 19:57:33 -0800 (PST)
There's a received header after my local server does a virus scan. (Which is also where it would add an X-Spam header if I wanted that...I don't actually want the virus scan header either, I should get rid of that.) Also, in theory, there could be a local added header before the second received one. The bottommost header I showed is where it actually enters my control.
So an actual simple solution to this would be for all local mail servers to simply add 'X-Received-Locally' or something like that, at the top of the headers, the second they get an email, and then not add anything after that. Then we simply believe the topmost one of those headers. And, what's more, you could do this without any changes to mail servers...essentially all mail servers can add custom headers, and they always add them at the top.
I would only do it if I could figure out how to run the 'put on the whitelist' part during the day. So anyone that's sent email at any time that's gotten in would be already cleared. (Cleared to not be greylisted, I mean, not whitelisted in general.) Run that for a week, collect 'tuples', and then turn it on only at night. Most greylisting programs can run in 'collection only' mode.
I've also looked at the idea of greylisting, only by IP plus domain for all free email services.
I.e., if some IP says they're gmail.com, we'd greylist that IP, until they retry that email (With the same sender and recipient) a bit later.
Then we'd let that IP give us any gmail.com email, to anyone.
I could even grep the mail log and find some starting IPs.
Sadly, I've seen no program that does anything like this. I think I could do it with a postfix map that only sends certain domains to be greylisted, though.
That's what I would do. There are too many charitable organizations with really good PR and really shitty records of actually helping anything, like PETA.
Also, a lot of organizations do good work, but don't really need large amounts of cash. Like the Red Cross. They need volunteers, not money.
And plenty of organizations do good work, but are perceived, rightly or wrongly, as having a political bent, so for maximum PR, you'd want to leave those out.
My education involved no student loans. I suspect there is a significant amount of the audience that is in the same boat.
If by 'significant amount' you mean '1/3', then sure.
2/3rds of college graduates have student loans.
But, incidentally, that's incorrect for the point you're trying to make.
The drug laws bar all federal aids, not just loans, but grants also.
Almost every college student has Federal grants. Just the Pell grant alone went to about 7,000,000 people in 2009, which is half of all college students...and that's just one of the many out there.
If you got through college without any Federal aid at all, you either did it before 1980 or so, or you're fairly wealthy. I suspect the actual answer is : You've forgotten or did not know about the aid you were getting.