Re:Shared keys, browsers, and malice
on
Spying On Tor
·
· Score: 1
Also, a government-run MitM node could very well possess a CA's private key and be able to fake legit certificates -- granted, that's paranoid -- whereas its significantly less likely that they could fake the fingerprint of joe random SSH server.
What's to stop a government having a finger in the certificate authority's servers? As you say, it's paranoid, but it does pose a big problem for someone who, for example, is actually doing something against the government in question.
Perhaps there could be a new way of certifying keys? Maybe on the basis of social networking, or some other decentralized method. Something that would cost too many resources for them to fake. I guess it's all been thought about before in any case, but I hope that the makers of tor find some kind of workaround and assurance for this.
If they are different enough for the company to give them a new model number, they are different enough to need recertification. And with widespread public suspicion on e-voting, the gov't will want to be seen to be doing the right thing.
"What do they think they can find out by following us around? Everything we do is digital.'" Maybe they will hound them into getting a cheauffeur, speed around the city streets at night and erm.. accidentally crash into a bridge and die later in hospital under great secrecy.. or something.
I mean, if we're going to be flooded with news articles about faeces, faeculent spam, poo-porn, slashdot articles about recycling animal waste products, then I can envisage a serious brownout. Or maybe they secretly mean the rise and rise of Ubuntu default wallpapers.
Microsoft is a company, there goal is profit. Not security, not saving the enviroment, not making linux geeks smile.
As correct as you are, there does not need to be a fine line between usability and security. There needs to be (and of course there will be) an ongoing evolution in software design to offer usability without compromising security. I reckon it won't be a long time before any software program that gets run in userspace (or any space) has to go out on bended knee requesting to do anything - forced to abide by a security policy by default which limits its access. I don't mean the old broad-brush users/groups/device permissions etc. model that is everywhere now, but stuff like "only allowed to read from this folder, only allowed to talk to this or that application, etc." with very low level behaviour controls.
I don't think this needs to result in a "the mouse pointer wants to move, confirm/deny" scenario, but that the software designers need to submit with their product a security policy within which their applicaton has to function. The user should be able to very easily browse this policy and see what the program expects to be able to do, and override things, such as "access the internet using HTTPS at port 3232 to server www.phonehome.net" or sloppy things like "read contents of/etc recursively" instead of "read contents of/etc/mostlyharmlesswidget/config".
I know things like this already exist and there is a limited implementation of it, but to me that just confirms the point that it is the obvious next step.
Oh well, we get a free newspaper but in exchange it means yet more of the media being owned by the same guy.
I agree it's a bit ironic, but seeing this in the context of a broader media war, it might make more sense. Research is showing that people are turning away from newspapers, both printed and on-line, as their source of news. Paid journalism is finding itself in a bit of a decline and the void is being filled by amateur bloggers. They have more freedom to sensationalize and report their own view from the coalface. Who knows if it's more reliable to read the New York Times for your financial news or Jim's Stock Blog? Many people I know have found the blogs & forums to be a much more useful and timely source of information about what they need to know.
The New York Times is likely to survive any trends against mainstream media, but they are like a closed source company competing against the open source equivalent of news, which is free as in speech, free as in beer.
Forced through tubes? So basically too many bee's cause the tubes to jam up? Actually, I think the correct terminology is 'honey up'. Maybe the internet is a bunch of honeypots and we're all like Winnie the Pooh trying to get up at them with balloons and.. uhh.. ohh look.. it's past my bed time.
Such swarm intelligence of these amazingly organized bees can also be used to improve the efficiency of Internet servers faced with similar challenges."
... for example it will help our local apiarists' internet servers to organize honey collections so much more efficiently. Sweet!
I think it is high time that people came out of the closet and admitted to all that backdooring.. err.. 'piggy-backing'. Then we can all accept that it's normal and get on with life.
Can someone explain to me what E8 is? The wikipedia article left me with more questions than answers:(
Simply put, it's a complex dimensional algebra with lots of non-trivial, commutative degrees of freedom. It features symmetry groups, conjugation and adjoint representation, and comes with a free manifold which displays automorphism - so it can neatly fit into any space. For a small extra fee, we'll throw in some Vogon Polynomials and a Spin(16) (Z/Z2) which, fundamentally, gets your clothes drier, quicker. The best thing about the E8 is it's R8 Root System(TM), which, with the use of Euclidean Space Vectors is guaranteed(*) to make sure you don't get octonions on your breath. And if you order now, we'll send you a bonus 8x6 photo of Jacques Tits.
But honestly, I foud the wikipedia article pretty useless too. I'm not nerd enough.
Who decides what books are read in your school, what history texts are approved for use in classrooms and so forth? It's usually all regulated by the Education Board or equivalent, for the state or country, with their panel of experts and so forth. Call me a tinfoil all you like, but it is evident in English speaking countries that education standards have fallen by various measures (eg: literacy rates) over years, partly, no doubt, due to poor remuneration of teachers. I argue that the drop in standards has also been due to various ideologically driven changes in education (such as reducing the numerical and conceptual load in physics and mathematics to improve female participation, elimination of tiered schooling systems). In areas of literature and history there has always been a strong influence by education boards on appropriateness of content, usually leaning towards liberal/leftist ideologies and sensitivities to powerful minorities. Education Boards have the problem of being hijacked by interest groups and tending to cow-tow to the political party of the day.
Just consider this for a moment. What if texts were not prescribed as such, but the work left for the schools and teahers themselves to find the appropriate sources for their classes? This kind of deregulation would, I'm sure, result in a very varied education across the board, but it would emphasise the role of a teacher to educate. I reckon it would result in more motivated teachers and more educated students.
I'm glad they modded you funny, 'cause I almost laughed myself off my chair reading your post. Seriously, do you think 'downloaders' are hoarding tonnes of cash that they would otherwise have spent on software? I mean, if they didn't pirate software, they would just not have the software. If they didn't pirate music, they'd just not have music. They wouldn't go out and buy it, no matter what you do. In most cases, my guess is these people just don't have the disposable income to pay for music and games over and above the hardware they bought.
Put her in a lead vest and throw her into the sea. If she drowns, it means she didn't have the keys, but if she swims, she's a wicked witch and deserves to be punished.
Buy shares in Nuclear Energy Companies a week or two before you know this is definitely going to happen.
Not to suggest we break the law or anything, but the best way to make sure something happens is to make sure someone makes a ridiculous and unfair amount of money out of it, if it does happen.
As for burying waste, well the Pentagon or Whitehouse are probably secure enough to store the nuclear waste - full of bunkers.
And, by the way, I am with you all the way that it is an impractical scenario, but moral reasoning has a very important place in this, because it is the immorality of the war that fails to convince the Iraqi people that a US invasion of their country was a good idea for them.
Now for the crazy bit... Say I hadn't read any newspapers, didn't listen to anyone's political views, and someone just told me some facts about what's happening in Iraq - there being basically no effective government or infrastructure in place for the civilian population but at the same time there being a massive ongoing military presence and the construction of massive US bases there, and assuming that the US knows what it's doing, then it would appear to me that the US really just wants to be in (1) control of the natural resources of the country and (2) put its big foot in the middle east so it can be Israel's bodyguard / offset the influence of Russia which is not openly allied with Israel (Afghanistan is more convincing on the last point). And possibly (3), since the Gulf is, in the long term, not safe for oil transport, they have alternative plans as to how to transport and sell Iraq's oil in future, to tie in with 1 and 2.
And, given that the US had no morality issues with an unprovoked invasion in the first place, why the hell are they still there when it's such an apparent failure? My guess is it's not a failure for those who benefit most from this war. It's the ones who benefit from all this that should have the finger pointed at them.
Well it was a practical, moral and strategic mistake to invate Iraq, from the point of view of the USA. However it wasn't a mistake from other points of view (eg: Israel is the only country I can see that has benefited from all of this carnage). So it's not really a practical question about war, but it poses a question about whether America's allegiances and priorities are right.
There is a way for the US to get out of Iraq, but it doesn't consist of turning Iraq into a democratic state that is merely extension of the US influence in the region and a caretaker government whilst in all the important places (oil fields), US bases continue to exist etc. etc. The US has gotten itself into the stupid position, that if it leaves, will mean Iran will take Iraq (and effectively stabilize it, at the expense of pretty much every Sunni life), and Israel will shudder in fear - which would inevitably mean they pull the nuclear trigger.
Whatever the outcome, what is easy to say is that the decision makers behind the war should be behind bars or hanging in the gallows. The undue influence on government policy and intelligence by outside powers needs to be curtailed and some sort of balance needs to be returned to the US democratic system. As it stands, there is no practical difference between Republican or Democrat. That's for starters.
Actually, when I went to Wikileaks, I found the entire order of battle and equipment register for all of our forces in Iraq. What exactly was the motivation for leaking that and what higher purpose was served?
Maybe you didn't spend more than about a minute on the front page of the website? The point of that leak was that the US has chemical weapons in Iraq. Maybe they even used them... say it ain't so!
Most wars have been started because one or more sides in a war thought that they would do a lot better than they actually did. Except of course when wars have been started because the weaker party was fooled into starting a war they couldn't win.
So what we now know is that the Chinese have subs of a certain capacity. This was probably unknown to the US. Whenever there is one thing that was unknown, it is possible that the US has been missing something big. Actually, the less people think they know about eachother, the better. It's what keeps the peace.
Slashdot Mirror
What's to stop a government having a finger in the certificate authority's servers? As you say, it's paranoid, but it does pose a big problem for someone who, for example, is actually doing something against the government in question.
Perhaps there could be a new way of certifying keys? Maybe on the basis of social networking, or some other decentralized method. Something that would cost too many resources for them to fake. I guess it's all been thought about before in any case, but I hope that the makers of tor find some kind of workaround and assurance for this.
I mean, if we're going to be flooded with news articles about faeces, faeculent spam, poo-porn, slashdot articles about recycling animal waste products, then I can envisage a serious brownout. Or maybe they secretly mean the rise and rise of Ubuntu default wallpapers.
As correct as you are, there does not need to be a fine line between usability and security. There needs to be (and of course there will be) an ongoing evolution in software design to offer usability without compromising security. I reckon it won't be a long time before any software program that gets run in userspace (or any space) has to go out on bended knee requesting to do anything - forced to abide by a security policy by default which limits its access. I don't mean the old broad-brush users/groups/device permissions etc. model that is everywhere now, but stuff like "only allowed to read from this folder, only allowed to talk to this or that application, etc." with very low level behaviour controls.
I don't think this needs to result in a "the mouse pointer wants to move, confirm/deny" scenario, but that the software designers need to submit with their product a security policy within which their applicaton has to function. The user should be able to very easily browse this policy and see what the program expects to be able to do, and override things, such as "access the internet using HTTPS at port 3232 to server www.phonehome.net" or sloppy things like "read contents of /etc recursively" instead of "read contents of /etc/mostlyharmlesswidget/config".
I know things like this already exist and there is a limited implementation of it, but to me that just confirms the point that it is the obvious next step.
I agree it's a bit ironic, but seeing this in the context of a broader media war, it might make more sense. Research is showing that people are turning away from newspapers, both printed and on-line, as their source of news. Paid journalism is finding itself in a bit of a decline and the void is being filled by amateur bloggers. They have more freedom to sensationalize and report their own view from the coalface. Who knows if it's more reliable to read the New York Times for your financial news or Jim's Stock Blog? Many people I know have found the blogs & forums to be a much more useful and timely source of information about what they need to know.
The New York Times is likely to survive any trends against mainstream media, but they are like a closed source company competing against the open source equivalent of news, which is free as in speech, free as in beer.
... for example it will help our local apiarists' internet servers to organize honey collections so much more efficiently. Sweet!
All I see is whitespace.
... but for a second I could swear that I saw "Math Coprocessor Error: N$A"
I think it is high time that people came out of the closet and admitted to all that backdooring.. err.. 'piggy-backing'. Then we can all accept that it's normal and get on with life.
Simply put, it's a complex dimensional algebra with lots of non-trivial, commutative degrees of freedom. It features symmetry groups, conjugation and adjoint representation, and comes with a free manifold which displays automorphism - so it can neatly fit into any space. For a small extra fee, we'll throw in some Vogon Polynomials and a Spin(16) (Z/Z2) which, fundamentally, gets your clothes drier, quicker. The best thing about the E8 is it's R8 Root System(TM), which, with the use of Euclidean Space Vectors is guaranteed(*) to make sure you don't get octonions on your breath. And if you order now, we'll send you a bonus 8x6 photo of Jacques Tits.
But honestly, I foud the wikipedia article pretty useless too. I'm not nerd enough.
..or that could be a bluff as they will know that we know what they know we will know. In any case, we need to know to know whether we need to know.Fanny? Is that you?
Who decides what books are read in your school, what history texts are approved for use in classrooms and so forth? It's usually all regulated by the Education Board or equivalent, for the state or country, with their panel of experts and so forth. Call me a tinfoil all you like, but it is evident in English speaking countries that education standards have fallen by various measures (eg: literacy rates) over years, partly, no doubt, due to poor remuneration of teachers. I argue that the drop in standards has also been due to various ideologically driven changes in education (such as reducing the numerical and conceptual load in physics and mathematics to improve female participation, elimination of tiered schooling systems). In areas of literature and history there has always been a strong influence by education boards on appropriateness of content, usually leaning towards liberal/leftist ideologies and sensitivities to powerful minorities. Education Boards have the problem of being hijacked by interest groups and tending to cow-tow to the political party of the day.
Just consider this for a moment. What if texts were not prescribed as such, but the work left for the schools and teahers themselves to find the appropriate sources for their classes? This kind of deregulation would, I'm sure, result in a very varied education across the board, but it would emphasise the role of a teacher to educate. I reckon it would result in more motivated teachers and more educated students.
I'm glad they modded you funny, 'cause I almost laughed myself off my chair reading your post. Seriously, do you think 'downloaders' are hoarding tonnes of cash that they would otherwise have spent on software? I mean, if they didn't pirate software, they would just not have the software. If they didn't pirate music, they'd just not have music. They wouldn't go out and buy it, no matter what you do. In most cases, my guess is these people just don't have the disposable income to pay for music and games over and above the hardware they bought.
Put her in a lead vest and throw her into the sea. If she drowns, it means she didn't have the keys, but if she swims, she's a wicked witch and deserves to be punished.
Not to suggest we break the law or anything, but the best way to make sure something happens is to make sure someone makes a ridiculous and unfair amount of money out of it, if it does happen.
As for burying waste, well the Pentagon or Whitehouse are probably secure enough to store the nuclear waste - full of bunkers.
And, by the way, I am with you all the way that it is an impractical scenario, but moral reasoning has a very important place in this, because it is the immorality of the war that fails to convince the Iraqi people that a US invasion of their country was a good idea for them.
Now for the crazy bit... Say I hadn't read any newspapers, didn't listen to anyone's political views, and someone just told me some facts about what's happening in Iraq - there being basically no effective government or infrastructure in place for the civilian population but at the same time there being a massive ongoing military presence and the construction of massive US bases there, and assuming that the US knows what it's doing, then it would appear to me that the US really just wants to be in (1) control of the natural resources of the country and (2) put its big foot in the middle east so it can be Israel's bodyguard / offset the influence of Russia which is not openly allied with Israel (Afghanistan is more convincing on the last point). And possibly (3), since the Gulf is, in the long term, not safe for oil transport, they have alternative plans as to how to transport and sell Iraq's oil in future, to tie in with 1 and 2.
And, given that the US had no morality issues with an unprovoked invasion in the first place, why the hell are they still there when it's such an apparent failure? My guess is it's not a failure for those who benefit most from this war. It's the ones who benefit from all this that should have the finger pointed at them.
Well it was a practical, moral and strategic mistake to invate Iraq, from the point of view of the USA. However it wasn't a mistake from other points of view (eg: Israel is the only country I can see that has benefited from all of this carnage). So it's not really a practical question about war, but it poses a question about whether America's allegiances and priorities are right.
There is a way for the US to get out of Iraq, but it doesn't consist of turning Iraq into a democratic state that is merely extension of the US influence in the region and a caretaker government whilst in all the important places (oil fields), US bases continue to exist etc. etc. The US has gotten itself into the stupid position, that if it leaves, will mean Iran will take Iraq (and effectively stabilize it, at the expense of pretty much every Sunni life), and Israel will shudder in fear - which would inevitably mean they pull the nuclear trigger.
Whatever the outcome, what is easy to say is that the decision makers behind the war should be behind bars or hanging in the gallows. The undue influence on government policy and intelligence by outside powers needs to be curtailed and some sort of balance needs to be returned to the US democratic system. As it stands, there is no practical difference between Republican or Democrat. That's for starters.
Maybe you didn't spend more than about a minute on the front page of the website? The point of that leak was that the US has chemical weapons in Iraq. Maybe they even used them... say it ain't so!
haha, yes, you're right.
So what we now know is that the Chinese have subs of a certain capacity. This was probably unknown to the US. Whenever there is one thing that was unknown, it is possible that the US has been missing something big. Actually, the less people think they know about eachother, the better. It's what keeps the peace.