I love NoScript. Browsing without it is painful. That being said, if it (and everything like it) didn't exist, I would still browse the web. But I wouldn't have flash installed.
I agree that recommending Skype for security is a bad idea, but for entirely different reasons. I consider my computer safe. Nothing is perfect, but my computer is much safer than the mess at the phone company. However Skype is not secure. It is not even open source. Just like people can do weird stuff at the phone company, they can do weird stuff at Skype. The creators have gone on record saying that the encryption code probably will not stand up to crackers over time. http://en.wikipedia.org/wiki/Skype
traffic spiked by hundreds of gigabits across North America.
Oh sorry, that was me. I downloaded several seasons of Star Trek: The Next Generation. Seriously, hundreds of gigabits across North America is a problem? 500 gigabits is approximately 62 GB.
"It's a fluke, from what I've understood of this case so far, that they uncovered child porn in the first place."
Not really. Remember the definition of kiddie porn. For all we know, this guy has a daughter, and has taken pictures of her. With clothes on. Or maybe he has a picture of a naked baby. Or maybe he has pictures of his children in the bathtub. Or maybe he's taken pictures of a 20-year old ex-girlfriend who he can no longer find to prove her age.
It's gotten to the point that it no longer means anything when the authorities claim someone has child porn. More often than not, they are just blowing smoke.
First, keep in mind that I haven't used any of these extensions. I assume that at least one of them behaves in a secure manner, but can't actually confirm it.
ok, so say its transmitted encrypted then
do you think its stored encrypted on the third party server ?
That depends what you mean by "transmitted encrypted". You see, the secure behavior is to encrypt it, symmetrically, before you send the data to the server. Then, the server has no choice but to store it encrypted, because it is not capable of decrypting it. The key is on the client, not the server.
However, you might be thinking of https/ssl, which would not be a full solution in this context. SSL is a method for remote parties to communicate securely. You would be hiding your data from people in between you and the server, but not the server itself. In other words, if you only use SSL for encrypting, the server can see your data, which is unnecessary and unsafe. Using SSL will, however, prevent a man in the middle from corrupting your data, which a symmetric cypher alone will not do.
Now if I was running a company theres [probably] some value in selling this information on about people's browsing habits and what kind of sites they'd bookmark possibly.
That is exactly why I doubt that Google's Browser Sync was ever secure. The open source extensions, however, I think would be (or at least could be).
Having bookmarks stored on third party servers
(Mozilla weave, Foxmarks, Google browser sync, Opera's Bookmarks sync,etc ) will always suffer from insecurity mentioned in the last line of the summary.
No, not always. There is an embarrassingly simple solution. Encrypt before send. There is no reason the server even needs to see the plain-text data. I would be surprised if this hasn't already been implemented into the open source extensions.
It seems so obvious, nowadays, that it's hard to imagine a science teacher dismissing it just like that.
Maybe it's hard for you to imagine. I went to school in the USA. Teachers here don't know anything that isn't in their text book. Independent thought is discouraged. Disagreeing with a teacher is bad for your grade. It's been like this for a while.
Wow, SkunkPusssy, that's exactly what I say. It's impossible for even a lawyer to know all of the laws. Even lawyers frequently have to look stuff up. "Ignorance is no excuse" my ass. Like most catchy sayings, it is complete bunk. How about, "If the law doesn't respect me, I don't respect the law." Making arbitrary rules for other people to follow, and punishing them for not following them, even when they never agreed to it or even knew about it in the first place, is wrong. This whole society thing is still in Beta even after tens of thousands of years.
This lock obviously wasn't designed for high security use since anyone in the same room would be able to see you and your amazing technicolor dream lock's pattern
That's OK. Regular locks aren't designed for high security either.
It's not like manufacturers advertise the "Must have full range of color vision" for their products. That's one of the reasons I buy stuff at places with a good return policy.
Disclaimer: I am not color-blind, but I have bought worthless crap that had to be returned.
Where I live (Canada) you can mark your mailbox with a label that says "No ad mail", and they will stop putting fliers and other junk in it.
Wow. That must be really nice. I wish you could do that here in the U.S. Unfortunately, the USPS is partially subsidized by spam. There is no way they would ever implement such a program down here.
I imagine that USPS, and others, have a similar policy.
Nope. We wish.
... you could probably call the sender to tell them to take you off the send list.
That works for phones (officially, at least) but not usually for mail. Mailers are not required to specify contact information for getting yourself removed from their lists, and they rarely do. It's just more costly to maintain lists of people that won't buy their junk, or removing them from the list of potentials, than it is to just send the junk to everybody they can. Bulk mail is much cheaper than first-class mail, because the Post Office wants to encourage junk mail.
That's either bordering on a tinfoil hat level of crazy conspiracy theory, or it represents an equally crazy level of disdain for other people's intellect.
There is no crazy level of disdain for other people's intellect. There is only accuracy, and naivety. Not commenting on the theories, just saying that a certain level of distrust for strangers, even P.H.D.s, is healthy.
Do you honestly think climate scientists don't take this into account?
Again, not commenting on global warming, but presuming that experts checked their facts was for a time long ago, if ever at all.
The government will shut down the spoon! There is no spoon! I tried to find the Article Poll, but I can't even find the article. The summary doesn't link to any article.
Can somebody please direct us slow people to the poll?
That's exactly what they should do. They should charge per bandwidth. The problem is exactly that they aren't doing that. They advertise unlimited service, but then they go and snipe connections and disconnect users who use more than an unspecified amount. They need to be up front and honest about what they provide and how much it costs. Hopefully these lawsuits will make a dent in these crimes.
"Ebay isn't interested in policing the existing business"
That's not true. eBay bans stuff on its site all the time. Like MMORPG gold. And that's legal everywhere. Before you can decide whether or not eBay will choose to ban ivory, you need to figure out what criteria eBay uses to ban stuff.
In the case of MMORPG gold, it was because large corporations wanted them too (and probably paid them). If people with a lot of power ask them to ban ivory, they might do it. You're right about the little people though. eBay doesn't care about them.
"At 128-bits, assuming the algorithm does not have a weakness, a brute force attack takes longer than the age of the universe. The amount of power that such an attack would require is also quite staggering.
At 256-bits, brute-forcing would require being able to harness the entire output of a star (or stars) to power the computer needed to complete the task."
See: http://en.wikipedia.org/wiki/RSA_numbers#RSA-100 On a fast computer, it takes a few days to crack RSA-100, which is 330 bits. Guess how long it takes to crack open your session with your bank, which probably uses only uses 128 bits? 128-bit was never a part of the RSA challenge because it is ridiculously weak. It would probably take minutes, or maybe hours on a modern computer. Unlike banks though, this guy used 1024-bit encryption, which would be difficult, but not impossible to crack.
Note that when I say "crack" I don't mean that a flaw in RSA itself has been found. I mean that RSA, by its nature, requires a long key length, and short lengths are easily brute forced.
You were probably thinking of symmetric encryption. 128 bits of symmetric encryption is enough for now. Symmetric encryption wouldn't work so well for this type of attack though, because the key would be a part of the virus.
RMS means "Royal Mail Ship" and is used by any ship granted a mail-carrying contract. However, in order to earn that contract, the ship and crew traditionally had to be consistently fast and reliable.
This is one of those cases where I think we won. Websites are more compliant than they once were. Alternate browsers are taken seriously. This is what we clamored for a few years ago... and we've largely achieved it!
Not to burst your bubble, but this isn't true at all. Estimated from personal observation, 90% of web sites which claim to be (X)HTML compliant are not. Those which do not claim so are probably less likely to be compliant. A few years ago, more than 99% of all web pages were broken, and I believe that is still the case.
What you are seeing is advancements in Firefox. Firefox is much better at rendering broken pages like IE does.
I've always considered proprietary to mean "specific to a project or company". For example, if you make a game with maps, and you make your own map format instead of using something like tiled or mappy, then that is a proprietary map format. If you design your own scripting language, rather than using python or lua, then that is proprietary. Wesnoth, for example, uses a proprietary format for its maps. Despite being proprietary, it is completely free and open. It's just that no other projects use it.
It's also worthy of note that the Wikipedia article has since been changed, and no longer refers to Linos as proprietary.
That's the whole point, which you seem to have missed. IE for Mac and IE for Unix are different IEs. Until recently, the browser which rendered the most of the web was IE (for Windows). Microsoft created IE for Mac and Unix, etc, as part of their embrace, extend, extinguish policy. Once IE became dominate, they stopped supporting and updating IE for Mac and Unix.
Microsoft uses Internet Explorer's broken HTML renderer to confuse web developers. More than 90% of the web is broken, in large part because of IE.* Until recently, this meant that using any browser besides IE would make web browsing difficult, navigating some sites without IE was impossible. Internet Explorer only runs on one platform. This kept a lot of people from switching to another platform, such as Linux or Mac.
However, Microsoft's control of the web is pretty much over now. Firefox is able to render most broken web pages, and any current web site that doesn't want to exclude a huge number of customers at least makes sure that their sites work in Firefox, if not all compliant browsers. The web is still broken, and will probably never be fixed, but Microsoft has pretty much lost its control of it for now.
* IE isn't completely to blame. Part of the problem is that the official HTML standard was late to the party. In the beginning, web pages were an ugly concoction called "tag soup". Every browser designer and their grandmother was adding tags, with nobody to answer to.
Slashdot Mirror
I love NoScript. Browsing without it is painful. That being said, if it (and everything like it) didn't exist, I would still browse the web. But I wouldn't have flash installed.
Silly cloricus. Large companies don't have to follow the same rules people do.
I agree that recommending Skype for security is a bad idea, but for entirely different reasons. I consider my computer safe. Nothing is perfect, but my computer is much safer than the mess at the phone company. However Skype is not secure. It is not even open source. Just like people can do weird stuff at the phone company, they can do weird stuff at Skype. The creators have gone on record saying that the encryption code probably will not stand up to crackers over time.
http://en.wikipedia.org/wiki/Skype
Oh sorry, that was me. I downloaded several seasons of Star Trek: The Next Generation. Seriously, hundreds of gigabits across North America is a problem? 500 gigabits is approximately 62 GB.
"It's a fluke, from what I've understood of this case so far, that they uncovered child porn in the first place."
Not really. Remember the definition of kiddie porn. For all we know, this guy has a daughter, and has taken pictures of her. With clothes on. Or maybe he has a picture of a naked baby. Or maybe he has pictures of his children in the bathtub. Or maybe he's taken pictures of a 20-year old ex-girlfriend who he can no longer find to prove her age.
It's gotten to the point that it no longer means anything when the authorities claim someone has child porn. More often than not, they are just blowing smoke.
First, keep in mind that I haven't used any of these extensions. I assume that at least one of them behaves in a secure manner, but can't actually confirm it.
ok, so say its transmitted encrypted then do you think its stored encrypted on the third party server ?That depends what you mean by "transmitted encrypted". You see, the secure behavior is to encrypt it, symmetrically, before you send the data to the server. Then, the server has no choice but to store it encrypted, because it is not capable of decrypting it. The key is on the client, not the server.
However, you might be thinking of https/ssl, which would not be a full solution in this context. SSL is a method for remote parties to communicate securely. You would be hiding your data from people in between you and the server, but not the server itself. In other words, if you only use SSL for encrypting, the server can see your data, which is unnecessary and unsafe. Using SSL will, however, prevent a man in the middle from corrupting your data, which a symmetric cypher alone will not do.
Now if I was running a company theres [probably] some value in selling this information on about people's browsing habits and what kind of sites they'd bookmark possibly.That is exactly why I doubt that Google's Browser Sync was ever secure. The open source extensions, however, I think would be (or at least could be).
No, not always. There is an embarrassingly simple solution. Encrypt before send. There is no reason the server even needs to see the plain-text data. I would be surprised if this hasn't already been implemented into the open source extensions.
Maybe it's hard for you to imagine. I went to school in the USA. Teachers here don't know anything that isn't in their text book. Independent thought is discouraged. Disagreeing with a teacher is bad for your grade. It's been like this for a while.
Wow, SkunkPusssy, that's exactly what I say. It's impossible for even a lawyer to know all of the laws. Even lawyers frequently have to look stuff up. "Ignorance is no excuse" my ass. Like most catchy sayings, it is complete bunk. How about, "If the law doesn't respect me, I don't respect the law." Making arbitrary rules for other people to follow, and punishing them for not following them, even when they never agreed to it or even knew about it in the first place, is wrong. This whole society thing is still in Beta even after tens of thousands of years.
That's OK. Regular locks aren't designed for high security either.
It's not like manufacturers advertise the "Must have full range of color vision" for their products. That's one of the reasons I buy stuff at places with a good return policy.
Disclaimer: I am not color-blind, but I have bought worthless crap that had to be returned.
Wow. That must be really nice. I wish you could do that here in the U.S. Unfortunately, the USPS is partially subsidized by spam. There is no way they would ever implement such a program down here.
I imagine that USPS, and others, have a similar policy.Nope. We wish.
... you could probably call the sender to tell them to take you off the send list.That works for phones (officially, at least) but not usually for mail. Mailers are not required to specify contact information for getting yourself removed from their lists, and they rarely do. It's just more costly to maintain lists of people that won't buy their junk, or removing them from the list of potentials, than it is to just send the junk to everybody they can. Bulk mail is much cheaper than first-class mail, because the Post Office wants to encourage junk mail.
There is no crazy level of disdain for other people's intellect. There is only accuracy, and naivety. Not commenting on the theories, just saying that a certain level of distrust for strangers, even P.H.D.s, is healthy.
Do you honestly think climate scientists don't take this into account?Again, not commenting on global warming, but presuming that experts checked their facts was for a time long ago, if ever at all.
Who bought SUV a coffin? That's pre-mature.
Sure, mod me down. I'm just pointing out that SUVs are popular, and there was never any indication otherwise.
The government will shut down the spoon! There is no spoon! I tried to find the Article Poll, but I can't even find the article. The summary doesn't link to any article.
Can somebody please direct us slow people to the poll?
That's exactly what they should do. They should charge per bandwidth. The problem is exactly that they aren't doing that. They advertise unlimited service, but then they go and snipe connections and disconnect users who use more than an unspecified amount. They need to be up front and honest about what they provide and how much it costs. Hopefully these lawsuits will make a dent in these crimes.
My wife for hire!
"Ebay isn't interested in policing the existing business"
That's not true. eBay bans stuff on its site all the time. Like MMORPG gold. And that's legal everywhere. Before you can decide whether or not eBay will choose to ban ivory, you need to figure out what criteria eBay uses to ban stuff.
In the case of MMORPG gold, it was because large corporations wanted them too (and probably paid them). If people with a lot of power ask them to ban ivory, they might do it. You're right about the little people though. eBay doesn't care about them.
"At 128-bits, assuming the algorithm does not have a weakness, a brute force attack takes longer than the age of the universe. The amount of power that such an attack would require is also quite staggering.
At 256-bits, brute-forcing would require being able to harness the entire output of a star (or stars) to power the computer needed to complete the task."
See: http://en.wikipedia.org/wiki/RSA_numbers#RSA-100 On a fast computer, it takes a few days to crack RSA-100, which is 330 bits. Guess how long it takes to crack open your session with your bank, which probably uses only uses 128 bits? 128-bit was never a part of the RSA challenge because it is ridiculously weak. It would probably take minutes, or maybe hours on a modern computer. Unlike banks though, this guy used 1024-bit encryption, which would be difficult, but not impossible to crack.
Note that when I say "crack" I don't mean that a flaw in RSA itself has been found. I mean that RSA, by its nature, requires a long key length, and short lengths are easily brute forced.
You were probably thinking of symmetric encryption. 128 bits of symmetric encryption is enough for now. Symmetric encryption wouldn't work so well for this type of attack though, because the key would be a part of the virus.
Yes, EMACS has an editor. Vi runs in EMACS.
Reliable like the Titanic?
I've always considered proprietary to mean "specific to a project or company". For example, if you make a game with maps, and you make your own map format instead of using something like tiled or mappy, then that is a proprietary map format. If you design your own scripting language, rather than using python or lua, then that is proprietary. Wesnoth, for example, uses a proprietary format for its maps. Despite being proprietary, it is completely free and open. It's just that no other projects use it.
It's also worthy of note that the Wikipedia article has since been changed, and no longer refers to Linos as proprietary.
That's the whole point, which you seem to have missed. IE for Mac and IE for Unix are different IEs. Until recently, the browser which rendered the most of the web was IE (for Windows). Microsoft created IE for Mac and Unix, etc, as part of their embrace, extend, extinguish policy. Once IE became dominate, they stopped supporting and updating IE for Mac and Unix.
Microsoft uses Internet Explorer's broken HTML renderer to confuse web developers. More than 90% of the web is broken, in large part because of IE.* Until recently, this meant that using any browser besides IE would make web browsing difficult, navigating some sites without IE was impossible. Internet Explorer only runs on one platform. This kept a lot of people from switching to another platform, such as Linux or Mac.
However, Microsoft's control of the web is pretty much over now. Firefox is able to render most broken web pages, and any current web site that doesn't want to exclude a huge number of customers at least makes sure that their sites work in Firefox, if not all compliant browsers. The web is still broken, and will probably never be fixed, but Microsoft has pretty much lost its control of it for now.
* IE isn't completely to blame. Part of the problem is that the official HTML standard was late to the party. In the beginning, web pages were an ugly concoction called "tag soup". Every browser designer and their grandmother was adding tags, with nobody to answer to.