Well... I tried to make a joke here, repeating the word SPAM a lot, but I got cought by slashdot's SPAM filter:
Your comment violated the "postercomment" compression filter. Try less whitespace and/or less repetition. But I didn't dive up! Thus, I have figured out a way to beat the system, here it goes:
Even though there is no nominal fee for using GMAIL, and it kinda looks like it is free (though you're trading your value as an advertisement target, actually), shouldn't this new regulation also include GMAIL, and for that matter all free services in the internet (like free email services, free hosting, personalized search engines, etc)?
I mean, these services are undoubtedly businesses that handle private consumer data, aren't they?
If that's really the case I see no way this law can ever be fully enforced. It's kinda like a joke, don't you think?
Google has offices in Brazil. If Google doesn't want to face Brazilian Justice system it should not have opened offices there. All pressure, legal and political, that was applied to Google was applied to its offices in Brazil. Regarding the US sovereignty being disrespected, Google is a multinational corporation, and not just a US corporation. I underdtand the internet raises a lot of international law issues, but since this is still an imprecise territory, I think the way Brazilian authorities went about this issue is not at all a disrespect to anybody's laws. Actually, as you probably already know, Google has complied with the court order in the end, and I saw no complaints from US authorities regarding this matter. This is because google can freely move data among its subsidiaries (including the Brazilian one) and as long as the data is physically stored in Brazil, there's no obstable for complying with Brazilian's laws. In the end, Google has more discritionary power on this matter than both governments (US or BR) and it decided to comply with the Brazilian Senate requests.
I'm not seeing anything in the article that says they either did or did not get warrants. Then again, I don't know if warrants are even required in Brazil. A Senate committee in Brazil has some powers that overlap those of a court. So they can issue such warranties. Let me remind you that the situation got as far as reaching the senate committee only because Google repeatedly refused to comply with previous court orders. This issue is not about about state sponsored censorship in any sense, this whole thing is about how multi-national corporations should handle local laws. In this case, there isn't even a conflict between Brazilian and US laws, the problem was just procedural, Google kept excusing itself from giving the data by saying they only could obey a court order issue in the US. As we can see, this isn't completely true. Google can move data among its subsidiaries freely without violating any laws or agreements. By storing such data physically in Brazil, all and any obstacles to comply with Brazilian laws (and court orders) cease to exist. That's demonstratively so based on the fact Google did comply with the Brazilian senate request and gave away the data. No US prosecutors have complained about it, though. That's because no laws were broken.
First of all, the crimes referenced in this pedophilia case were all committed by and/or against Brazilian nationals. Second, Had Google BR requested Google US back up copies of the aforementioned data, the sovereignty of both countries (US and BR) would still be respected. Google can move data among all its subsidiaries without violating any laws or privacy agreements (or their duties to their users, for that matter).
By having the data physically stored in Brazil, there is no obstacle to comply with Brazilian laws. In the end, this whole issue is just Google trying to keep good PR (as the one that does no evil), and not Google respecting any laws. It's not like Google was really tied by any laws, they just didn't do it based on their own interests and discretion. A proof of that is that now, after the senate hearing has happened, Google has provided the requested data, and I have seen no movement from US' prosecutors because of that, have you? That's because no laws were broken.
If a crime is committed, there will be a police investigation. The police then requests court orders to acquire private data belonging to the suspects. If the court finds there's reasonable evidence backing up the requests, it will gran them.. The police will then present the court order to the ISP and the ISP has to comply. That's how things already work in the US for all ISPs, including google.
The exact same procedure was followed in Brazil for this pedofilia case. As a matter of fact, the procedure was followed several times, but google failed to comply with all Brazilian's court orders regarding this matter. The case had to reach a senate comittee investigation ( which in Brazil functions similarly to a judicial investigation, but with more resources) in order to Google to comply with the court order.
Google's excuse for not complying with court order, you ask? Well, google told the Brazilian justice system that since the order wasn't isued within the USA they couldn't do a thing about it.
So that's it, folks, do panic for the same thing that's happening in Brazil has been happening in the US for quite a long time. The only difference is that google has kind of a hard time respecting Brazil's sovereigny.
Also informative is this recent Time magazine article debunking the benefits of ethanol. I've read the article and I'll tell you I was amazed... read on.
First of all, I saw no hard evidence that would debunk the benefits of ethanol nor anything that would imply that more ethanol = less food (though I won't go into the matter itself, the article is just poor on defending these arguments). Also, a good chunck of the article is spent on describing Brazil's vanguard on ethanol and its problem with the Amazon forest (separately). What it is funny (not to mention outrageously stupid) is the way the author goes about these two separate things: he tries to make a correlation between the two issues like the fact Brazilian vanguard in biofuels is somehow destroying the Amazon Forest! It's simply stupid! Come on! There's no correlation whatsoever!
Brazilian ethanol program is almost 30 years old and the problems the Amazon Forest faces (now and before) haven't increased nor decreased because the program started and kept going. Hell, sugar cane is hardly one of the most profitable business that comes from deforestation, let alone the core reason for the problem!
This Time Magazine article only debunks one thing: the ability its author has to assess his readers' naiveness.
Any serious private or public effort in funding Earth's defenses against asteroids should pay special attention to the Arecibo Observatory. Besides the fact the observatory is facing serious funding issues (funding was cut to less than half of the regular funding bringing the possibility of actually closing down the facility), Arecibo is one of the best (if not THE best) facilities in the world for tracking asteroids (as a matter of fact the Arecibo Observatory has the biggest, most sensible radio telescope in the world). It is just a shame the effects the war has brought upon ourselves.
Didn't Scheneier mean Computer Security is becoming a commodity (infrastructure sounds rather vague)? Is it really a bad thing? I mean, security is such an essential part of every thing that it really is supposed to be a commodity IMHO. Nevertheless, I disagree with him, it is very hard to embed security for all aspects in all products, so you always going to need supporting tools or services that will complement the security of the product you are interested in (like Antivirus Sofware complements Operating Systems). Also, as long there's security, there's someone trying to break it. This means that even if you embed enough security in a product, this security might be eventually broken some time in the future and again you're gonna need some supporting tool or service to protect you. Specially, because these breaks many times aren't just related to the specific implementation of some security technique, but to the fundamental principal the technique is based on (like what we have seen happening to CAPTCHA systems and hard disk ecryption products, and also the implementation of attacks that were considered impossible before).
The notion of security becoming a commodity is hardly acceptable, let alone a reality.
Good luck trying to accomplish all of that in less than 30 seconds. Also, phishers don't usually exploit compromised accounts in real time like you've described (and a paypal account would be a lot trickier to exploit this way).
Any way, how is that scenario not applicable to any web browser as oposed to just a few "insecure" ones, like safari?
I am a PayPal customer. I have a paypal secure ID, a hardware token that generates 6 digits numbers (synchronized with paypal's servers) that are part my password authentication process. That means that even if someone gets my password (i.e. fisher), they won't be able to login that easily (they would need the hardware token to generate the current 6 digits number set, which changes periodically every 30 seconds). With all of that, I see no reason for paypal to block me if I am using Safari, even if Safari is a bit unsafer than other browsers. That would just mean adding an extra item to the list of things my iPhone can't do: access PayPal's webpage. That would really piss me off.
What about when both parties reach a consensus and the story ranks 100% liberal and 100% conservative? Does the system explode? Is this a new sort of Quantum Computer? Enlighten me, please! (but hey, be fair and balanced, will you?)
I thought he released only the diffs and not the whole binary. He should do that if he doesn't already, it would solve everything. Anyway, it remains legal in Brazil, though (because of the fact he's not selling the drivers themselves, but merely asking for donations).
From Daniel_K:
What I did wrong
(...)
Reversing ALchemy was also wrong, I know. But I reiterate, what is the point of improving ALchemy and changing for it, when it requires an improved driver? It was my protest against Creative. Just to clarify a few things. Maybe Daniel doesn't even know that, but reverse engineering is completely legal in Brazil, so he hasn't broken any laws. What he did is completely OK and law abiding.
Actually things run even deeper. Copying stuff for personal use isn't illegal in Brazil, even if you don't have a license. It can be anything, books, movies, software, etc.
Re:Security implications?
on
NXP RFID Cracked
·
· Score: 3, Informative
Is this simply lowering the security down to the same level as a barcode but with radio transmission?
Exactly that, and that's a serious problem. The chips might have been designed for working with small ranges, but you can easily build a reader that overcomes that. Better yet, you can build a reader that works at greater distances and reads tags in bulk. It's kinda like everybody having their bar codes in huge letters stamped at their foreheads, t-shirts, wallets, etc. It's actually worse than that.
It seems you didn't understand the text you've pasted. Let me try to help you out with that.
Although the Berne Convention states that the copyright law of the country where copyright is claimed shall be applied, article 7.8 states that "unless the legislation of that country otherwise provides, the term shall not exceed the term fixed in the country of origin of the work", i.e. an author is normally not entitled a longer copyright abroad than at home, even if the laws abroad give a longer term. This is commonly known as "the rule of the shorter term". Not all countries have accepted this rule. This means that the host country will rule the copyright process in all regards exept when its law would grant more time to the copyright owner. In this case *only* the length of the copyright will be defined by the country of origin ( the rest remains ruled by the host country). That would mean less copyright time whenever it is applied. In other words the convention only contradicts the host country's law in order to limit copyright with regards to its time length.
This actualy strengthens my argument (that PB is law abiding), by the way.
The Berne Convention (...) states that copyrighted works are protected by the laws in the country where they were created. This means that in Sweden it is illegal to distribute a work created in the US unless you have been given a license to do so. I beg to differ. And since IANAL, here it is a quote from wikipedia about it:
The Berne Convention requires its signatories to recognise the copyright of works of authors from other signatory countries (known as members of the Berne Union) in the same way it recognises the copyright of its own nationals, which means that, for instance, French copyright law applies to anything published or performed in France, regardless of where it was originally created.
If you share a file for which you have not received authorization to do so in the form of a license, you are in fact participating in illegal file sharing. (...)As much as you don't like it, it's the way it is. Not all file sharing is illegal, but not all of it is legal. Morals have nothing do to with lawfulness of it. Pirate bay provides links (or trackers) to files, those trackers/links are not copyrighted in any way and there's not law in Sweden that forbids such practice (unlike USA's DMCA). So, In Sweden doing what Pirate Bay does is not illegal AT ALL. No morals, just legality.
Pirate bay doesn't disrespect any of Sweden's Copyright laws. In Sweden (unlike in the US) it is not forbidden to provide a link to a copyrighted material, even if this link connects you to a potential infringer (trackers have the same interpretation). Also, in order to be protected by copy right law in Sweden, works must have a certain level of artistry and/or technical merit. Simply the fact that you have written a piece of (crap) text doesn't entitle you to any copyrights over the text (say, like an email message), it's gotta be something really relevant, that you've put some effort in creating.
For starters it's a local arp poisoning attack, no big deal. Ok, myspace doesn't encrypt the login session, but let's assume it was Google's Gmail instead (they do encrypt the login session). With the same attack, it would be as easily to capture Gmail's session cookies and then be granted access to the victim's email account. I'll propably make a video and post it to/. under the title: "Man-in-the-Middle Attack on Gmail with Cain". That would get a lot more attention!
And Turing's point was that if you cannot distinguish between your two hypothetical types of intelligence then the assumed difference is irrelevant. I beg to differ. Turing only tried to show that it would be pointless to discuss something as vague as the concept of intelligence in the sense of describing its inner workings. So he proposed to verify the interface we have to connect with this theoretical notion instead (our perception of it). He never implied that the difference between the two was irrelevant.
Quoting Turing:
I do not wish to give the impression that I think there is no mystery about consciousness. There is, for instance, something of a paradox connected with any attempt to localise it. But I do not think these mysteries necessarily need to be solved before we can answer the question with which we are concerned in this paper. This clearly shows that for Turing there is an important difference between the perception of intelligence and its inner workings (which he calls consciousness), but we should first concentrate on analyzing the former.
You are completely misunderstanding the concept of a Turing Test, which is what the original poster indirectly referred to. The Turing Test is not about social interaction, it's about intelligence. The point of a Turing Test is essentially: "if it acts intelligently, then it is intelligent, regardless if it is programmed to be so (simulated) or not". It seems you're not understanding the concept behind the Turing test either, at least not the original one. If you take a look at Turing's "Computing machinery and intelligence" paper you will notice that passing the imitation game test is not a measure of intelligence per se. What Turing really believed is that we cannot define intelligence. Since we can't get to know what intelligence really is about, we can only talk about the perception of intelligence and not about intelligence itself (since we know heck about it). This way, he proposes that eventually machines will have the same level of "perceived intelligence" as humans (if I'm not mistaken he gave a 50 years deadline for that). The way to measure that would be through the "imitation game", where a human evaluator would try to distinguish between an actual human being and a bot (through a non-corporeal chat based interaction). My point is the turing test is all about social interaction (perceived intelligence), nothing to do with actual intelligence.
"Only one iPhone application can run at a time, and third-party applications never run in the background." This is a completely fabricated limitation. For starters, the iPhone email app does run in the background (when it's fetching new messages). There is a good number of non-official (as in jailbreak based) 3rd party applications for the iPhone that run as background processes (including some popular daemons like apache, sshd, tinyproxy, etc). There are even applications that run their UI on top of the UI of another application (both applications running at the same time), like the dock App that runs on top of Springboard.app.
I am positive that it will be fairly feasible to bypass that limitation given the current state of the art on iPhone hacking. I wonder if that would disrespect the developers license agreement (thus causing account termination).
Excuse me? Aside from the standard malware risks and stupid users, how is P2P an ID Theft risk? Not that I agree with this argument, but it is possible to argue that a P2P user might eventually download potentially harmful software, like an "infected" program, one that has an embedded malware that will grab you credit card and social security numbers and send it back to the malevolent ID thieve.
Slashdot Mirror
Your comment violated the "postercomment" compression filter. Try less whitespace and/or less repetition. But I didn't dive up! Thus, I have figured out a way to beat the system, here it goes:
while echo "SPAM!"; do echo "SPAM!"; done
So for much for a SPAM filter, slashdot!
Even though there is no nominal fee for using GMAIL, and it kinda looks like it is free (though you're trading your value as an advertisement target, actually), shouldn't this new regulation also include GMAIL, and for that matter all free services in the internet (like free email services, free hosting, personalized search engines, etc)?
I mean, these services are undoubtedly businesses that handle private consumer data, aren't they?
If that's really the case I see no way this law can ever be fully enforced. It's kinda like a joke, don't you think?
Google has offices in Brazil. If Google doesn't want to face Brazilian Justice system it should not have opened offices there. All pressure, legal and political, that was applied to Google was applied to its offices in Brazil. Regarding the US sovereignty being disrespected, Google is a multinational corporation, and not just a US corporation. I underdtand the internet raises a lot of international law issues, but since this is still an imprecise territory, I think the way Brazilian authorities went about this issue is not at all a disrespect to anybody's laws. Actually, as you probably already know, Google has complied with the court order in the end, and I saw no complaints from US authorities regarding this matter. This is because google can freely move data among its subsidiaries (including the Brazilian one) and as long as the data is physically stored in Brazil, there's no obstable for complying with Brazilian's laws. In the end, Google has more discritionary power on this matter than both governments (US or BR) and it decided to comply with the Brazilian Senate requests.
First of all, the crimes referenced in this pedophilia case were all committed by and/or against Brazilian nationals. Second, Had Google BR requested Google US back up copies of the aforementioned data, the sovereignty of both countries (US and BR) would still be respected. Google can move data among all its subsidiaries without violating any laws or privacy agreements (or their duties to their users, for that matter). By having the data physically stored in Brazil, there is no obstacle to comply with Brazilian laws. In the end, this whole issue is just Google trying to keep good PR (as the one that does no evil), and not Google respecting any laws. It's not like Google was really tied by any laws, they just didn't do it based on their own interests and discretion. A proof of that is that now, after the senate hearing has happened, Google has provided the requested data, and I have seen no movement from US' prosecutors because of that, have you? That's because no laws were broken.
If a crime is committed, there will be a police investigation. The police then requests court orders to acquire private data belonging to the suspects. If the court finds there's reasonable evidence backing up the requests, it will gran them.. The police will then present the court order to the ISP and the ISP has to comply. That's how things already work in the US for all ISPs, including google.
The exact same procedure was followed in Brazil for this pedofilia case. As a matter of fact, the procedure was followed several times, but google failed to comply with all Brazilian's court orders regarding this matter. The case had to reach a senate comittee investigation ( which in Brazil functions similarly to a judicial investigation, but with more resources) in order to Google to comply with the court order.
Google's excuse for not complying with court order, you ask? Well, google told the Brazilian justice system that since the order wasn't isued within the USA they couldn't do a thing about it.
So that's it, folks, do panic for the same thing that's happening in Brazil has been happening in the US for quite a long time. The only difference is that google has kind of a hard time respecting Brazil's sovereigny.
Any serious private or public effort in funding Earth's defenses against asteroids should pay special attention to the Arecibo Observatory. Besides the fact the observatory is facing serious funding issues (funding was cut to less than half of the regular funding bringing the possibility of actually closing down the facility), Arecibo is one of the best (if not THE best) facilities in the world for tracking asteroids (as a matter of fact the Arecibo Observatory has the biggest, most sensible radio telescope in the world). It is just a shame the effects the war has brought upon ourselves.
Didn't Scheneier mean Computer Security is becoming a commodity (infrastructure sounds rather vague)? Is it really a bad thing? I mean, security is such an essential part of every thing that it really is supposed to be a commodity IMHO. Nevertheless, I disagree with him, it is very hard to embed security for all aspects in all products, so you always going to need supporting tools or services that will complement the security of the product you are interested in (like Antivirus Sofware complements Operating Systems). Also, as long there's security, there's someone trying to break it. This means that even if you embed enough security in a product, this security might be eventually broken some time in the future and again you're gonna need some supporting tool or service to protect you. Specially, because these breaks many times aren't just related to the specific implementation of some security technique, but to the fundamental principal the technique is based on (like what we have seen happening to CAPTCHA systems and hard disk ecryption products, and also the implementation of attacks that were considered impossible before). The notion of security becoming a commodity is hardly acceptable, let alone a reality.
Good luck trying to accomplish all of that in less than 30 seconds. Also, phishers don't usually exploit compromised accounts in real time like you've described (and a paypal account would be a lot trickier to exploit this way). Any way, how is that scenario not applicable to any web browser as oposed to just a few "insecure" ones, like safari?
I am a PayPal customer. I have a paypal secure ID, a hardware token that generates 6 digits numbers (synchronized with paypal's servers) that are part my password authentication process. That means that even if someone gets my password (i.e. fisher), they won't be able to login that easily (they would need the hardware token to generate the current 6 digits number set, which changes periodically every 30 seconds). With all of that, I see no reason for paypal to block me if I am using Safari, even if Safari is a bit unsafer than other browsers. That would just mean adding an extra item to the list of things my iPhone can't do: access PayPal's webpage. That would really piss me off.
What about when both parties reach a consensus and the story ranks 100% liberal and 100% conservative? Does the system explode? Is this a new sort of Quantum Computer? Enlighten me, please! (but hey, be fair and balanced, will you?)
I thought he released only the diffs and not the whole binary. He should do that if he doesn't already, it would solve everything. Anyway, it remains legal in Brazil, though (because of the fact he's not selling the drivers themselves, but merely asking for donations).
What I did wrong
(...)
Reversing ALchemy was also wrong, I know. But I reiterate, what is the point of improving ALchemy and changing for it, when it requires an improved driver? It was my protest against Creative. Just to clarify a few things. Maybe Daniel doesn't even know that, but reverse engineering is completely legal in Brazil, so he hasn't broken any laws. What he did is completely OK and law abiding.
Actually things run even deeper. Copying stuff for personal use isn't illegal in Brazil, even if you don't have a license. It can be anything, books, movies, software, etc.
Is this simply lowering the security down to the same level as a barcode but with radio transmission?
Exactly that, and that's a serious problem. The chips might have been designed for working with small ranges, but you can easily build a reader that overcomes that. Better yet, you can build a reader that works at greater distances and reads tags in bulk. It's kinda like everybody having their bar codes in huge letters stamped at their foreheads, t-shirts, wallets, etc. It's actually worse than that.
This actualy strengthens my argument (that PB is law abiding), by the way.
Pirate bay doesn't disrespect any of Sweden's Copyright laws. In Sweden (unlike in the US) it is not forbidden to provide a link to a copyrighted material, even if this link connects you to a potential infringer (trackers have the same interpretation). Also, in order to be protected by copy right law in Sweden, works must have a certain level of artistry and/or technical merit. Simply the fact that you have written a piece of (crap) text doesn't entitle you to any copyrights over the text (say, like an email message), it's gotta be something really relevant, that you've put some effort in creating.
For starters it's a local arp poisoning attack, no big deal. Ok, myspace doesn't encrypt the login session, but let's assume it was Google's Gmail instead (they do encrypt the login session). With the same attack, it would be as easily to capture Gmail's session cookies and then be granted access to the victim's email account. I'll propably make a video and post it to /. under the title: "Man-in-the-Middle Attack on Gmail with Cain". That would get a lot more attention!
Get the facts!
Quoting Turing:
I do not wish to give the impression that I think there is no mystery about consciousness. There is, for instance, something of a paradox connected with any attempt to localise it. But I do not think these mysteries necessarily need to be solved before we can answer the question with which we are concerned in this paper. This clearly shows that for Turing there is an important difference between the perception of intelligence and its inner workings (which he calls consciousness), but we should first concentrate on analyzing the former.