Why is a disk superior to tape? Tape is
* Cheap (dont think anything comes close in $ / GB)
* Fast (sequential speeds ~ 150MB/s)
* durable (no need to worry about scratches, no dies to degrade)
* Already has enterprise infrastructure at most places-- autoloaders are not exactly rare
Id actually be astonished if you could get GB / Volume close for these disks. We're coming out with 3TB native / 5+TB compressed LTO tapes soon, so youd need ~15 of these archival disks to match them.
We have some of the fairest elections in the world. The complaints I see on slashdot are that people dont care enough, or dont care about the things that slashdotters care about. Thats not the same thing as living in Russia, for example.
Seriously, this whole "it doesnt matter because our democracy is broken" meme is more harmful to our democracy than anything else. Want our system to suck less? Stop encouraging apathy!
A double bluff with names is stupid. There are literally an unlimited number of names he could have chosen, and no matter what the one name GUARANTEED to get scrutiny is the one he gives.
And a citizens duty in a democracy is to-- in most circumstances-- obey the laws passed by its people.
Sometimes those laws are particularly egregious, and in those RARE circumstances civil disobedience may be justified. But that bar needs to be VERY high, otherwise it just degenerates into "I really think IP laws suck, so Im torrenting everything and calling it civil disobedience." Thats not a noble cause, its undermining democracy and society.
I dont really see how you could classify export restrictions as being serious enough to qualify.
You can sue and fire off nastygrams all day long. Doesnt mean the law is on your (or Barbara Streisand's) side.
The ruling (http://www.californiacoastline.org/streisand/slapp-ruling.pdf) basically threw the case out. Regardless, the issue here was whether this was an invasion of the privacy of one's home, which is a separate issue than being photographed in public.
Owner of an object in a photo has zero copyright claims, regardless of how many nastygrams they fire off or how many lawyers they threaten to sic on you. The creator of the photograph-- the creative work-- is the one who owns the copyright.
You also generally do not have to get permission to photograph things visible in public, though people like to fight over that as well.
In large parts of Europe we live with that and we like it.
I have noticed a fairly large divide between how europeans THINK america should be and how it is. Thats not accidental; its not like we're desperately yearning to be Europe no matter what Piers Morgan may think. There are some big cultural differences, and some big differences in the genesis of the countries involved.
We tend to fall very hard on the side of "individual rights"-- that is, freedom to DO things-- while it seems that Europe falls very hard on the "freedom FROM things" side of the coin. Personally, I find the whole approach of legislating away things I dont like as a nasty slippery slope that ends in authoritarianism. Id rather err far more on the "too permissive" side than to wake up one day and realize we're revisiting Europe in the 40s.
Technologically, it's a terrible idea. The client software and the end user no longer have any ability to inspect the actual certificates used for an HTTPS connection. From the client's perspective, all HTTPS connections are really with the MITM device and use the same cert chain.
That is completely incorrect.
The MITM mechanism is the company creating an internal CA (which they and ONLY they control), and installing it as trusted on your workstation. SSL certs are still validated, its just that your employer can generate legitimately* signed certificates for any website on demand.
So, no revoking CAs that are compromised.
Again, thats not really true. A proper SSL proxy is gonna reject a bad SSL connection if the cert was revoked, or the timestamp is wrong, or the CA isnt trusted.
No using non-default root CAs
Its your employers machine; id say he has the greater right to decide which SSL certs are and are not trusted. If you need to connect to the DoD, your employer almost certainly knows about it, and if he doesnt you should probably let him know.
90% of your objections are basically that a dedicated IT team is writing the security policy (what crypto algos to use, what CAs to trust, etc) rather than you getting a say in it. Guess what: thats not your job, and the employer has every right to enforce the security policy of his choosing. It may even be a legal requirement for him to do so.
If you have no idea what the threat model is, what the legal requirements are, or what the business cases are for the practice, and have generally little IT background-- you will think it is evil (unless you actually read that computer use policy).
If you deal with IT security regularly and / or have dealt with the threats, legal burdens, etc-- youll generally understand that not only does everyone do it, but its pretty important to do.
But hey, maybe some people like viruses on their network being able to communicate to their C&C server over SSL unhindered. Cant have the company interfering, right?
I'm not sure "my system, my rules" would go very far in court.
I think you would be surprised, and (IANAL but) I suspect misusing that info and / or capturing it for the purposes of fraud would be a whole different discussion.
Theres not much difference between this and bugging your own house or having an audio recorder in your own car. Your property, your rules.
Why are you assuming that the employees are dishonest and stealing company time and access? My company specifically allows personal use of their network (within certain limitations), so nobody here is being dishonest.
These systems are not for the 99% of honest users. Nor are access controls, privilege restrictions, admin-off-by-default, etc.
These systems are for A) outside intrusions (detection/prevention), and B) those very few but very dangerous malicious users.
It is generally legal, and according to wikipedia it is legal in MOST countries when notice is given. Generally, notice IS given in the Acceptable Use Policy, but even when it is not it seems like it would be a tough thing to argue that you have any special privacy rights in someone else's network. Claiming that you do would make any kind of IDS/IPS pretty hard to do.
FTFY. Their equipment, their responsibility. They have a right and duty to police the data leaving the network, for a large number of reasons.
I would not assume that theyre capturing and / or storing passwords, however, as that quickly passes from "due diligence" to "legally murky", and generally the goal is to REDUCE headaches, not cause them.
Takking a photo in public should be freakishly illegal in a "modern, developed country"?
I thought we got up in arms when the government stopped us from photographing public buildings, and you want to make it possible to sue private citizens taking photos in public? What sort of statist, authoritarian nightmare constitutes "modern" in your world?
Fun fact: Most routers handle more than just 2 networks. Routing between 4 virtual interfaces is nothing particularly fancy, just unusual in a home router.
You cannot break the key in a properly implemented OTP. You have no way knowing which of the 8 zillion possible valid plaintexts was actually sent.
The weaknesses are only:
* If the OTP repeats-- that is, the key is not the same length as the message. For an unbreakable 2KB OTP message, you need a 16000bit key (2KB).
* If the OTP is generated deterministically-- it is not random.
* Key distribution is vulnerable. No matter what method you use, unless it is face to face, the OTP can be "broken" by intercepting the key.
* Key storage. If anyone captures your OTP booklet or file, you have no security whatsoever.
If you figure those out, its "perfectly" secure-- but as mentioned it basically requires face-to-face before hand OTP distribution and storing the OTP keys in a physical, airgapped vault.
The entire system is a failure. Bleating that the protocol is technically good (maybe not*) while the entire system is incredibly volatile and provides no way to hold anyone accountable is just enacting one of the classic failures that engineers and geeks get snared by: failure to consider the human element.
You have a system whose primary users are either in it for the money or are in it to perform criminal activity (silk road), whose primary exchanges have no background in financial services (MTGox, etc), and looks/smells entirely like a pyramid scheme-- and its proponents want to focus on how hard it is to forge a bitcoin. Way to miss the big picture.
*I say "maybe not" because AFAIK at least some of the nodes on the network are going to end up storing the entire transaction log, which IIRC already ran into scaling problems once or twice. Imagine what would happen if the majority of transactions went through it, rather than a tiny fraction of a fraction of a percent of transactions; and who is going to volunteer to host these petabytes of transaction logs + associated hardware, in a system that is ostensibly decentralized?
Your decision making may be better than an automobile, but generally reaction speed is far more important and generally machines will have far superior reaction time.
That might hold if actual money was lost. Thats not the case.
This is like if your WoW account got hacked and you lost a ton of virtual gold. It may be tradeable for IRL money, but that doesnt mean the courts will treat it like IRL money or hold blizzard liable for monetary damages.
Slashdot Mirror
Can you clarify what you mean by "proprietary"?
Why is a disk superior to tape? Tape is
* Cheap (dont think anything comes close in $ / GB)
* Fast (sequential speeds ~ 150MB/s)
* durable (no need to worry about scratches, no dies to degrade)
* Already has enterprise infrastructure at most places-- autoloaders are not exactly rare
Id actually be astonished if you could get GB / Volume close for these disks. We're coming out with 3TB native / 5+TB compressed LTO tapes soon, so youd need ~15 of these archival disks to match them.
Followup, in case you dont know how to do that:
http://www.howtogeek.com/14195...
Its been available for quite some time IIRC.
Encrypt the phone, and set a numeric PIN of 6 or more.
Done and done.
We have some of the fairest elections in the world. The complaints I see on slashdot are that people dont care enough, or dont care about the things that slashdotters care about. Thats not the same thing as living in Russia, for example.
Seriously, this whole "it doesnt matter because our democracy is broken" meme is more harmful to our democracy than anything else. Want our system to suck less? Stop encouraging apathy!
A double bluff with names is stupid. There are literally an unlimited number of names he could have chosen, and no matter what the one name GUARANTEED to get scrutiny is the one he gives.
And a citizens duty in a democracy is to-- in most circumstances-- obey the laws passed by its people.
Sometimes those laws are particularly egregious, and in those RARE circumstances civil disobedience may be justified. But that bar needs to be VERY high, otherwise it just degenerates into "I really think IP laws suck, so Im torrenting everything and calling it civil disobedience." Thats not a noble cause, its undermining democracy and society.
I dont really see how you could classify export restrictions as being serious enough to qualify.
You can sue and fire off nastygrams all day long. Doesnt mean the law is on your (or Barbara Streisand's) side.
The ruling (http://www.californiacoastline.org/streisand/slapp-ruling.pdf) basically threw the case out. Regardless, the issue here was whether this was an invasion of the privacy of one's home, which is a separate issue than being photographed in public.
Owner of an object in a photo has zero copyright claims, regardless of how many nastygrams they fire off or how many lawyers they threaten to sic on you. The creator of the photograph-- the creative work-- is the one who owns the copyright.
You also generally do not have to get permission to photograph things visible in public, though people like to fight over that as well.
In large parts of Europe we live with that and we like it.
I have noticed a fairly large divide between how europeans THINK america should be and how it is. Thats not accidental; its not like we're desperately yearning to be Europe no matter what Piers Morgan may think. There are some big cultural differences, and some big differences in the genesis of the countries involved.
We tend to fall very hard on the side of "individual rights"-- that is, freedom to DO things-- while it seems that Europe falls very hard on the "freedom FROM things" side of the coin. Personally, I find the whole approach of legislating away things I dont like as a nasty slippery slope that ends in authoritarianism. Id rather err far more on the "too permissive" side than to wake up one day and realize we're revisiting Europe in the 40s.
Technologically, it's a terrible idea. The client software and the end user no longer have any ability to inspect the actual certificates used for an HTTPS connection. From the client's perspective, all HTTPS connections are really with the MITM device and use the same cert chain.
That is completely incorrect.
The MITM mechanism is the company creating an internal CA (which they and ONLY they control), and installing it as trusted on your workstation. SSL certs are still validated, its just that your employer can generate legitimately* signed certificates for any website on demand.
So, no revoking CAs that are compromised.
Again, thats not really true. A proper SSL proxy is gonna reject a bad SSL connection if the cert was revoked, or the timestamp is wrong, or the CA isnt trusted.
No using non-default root CAs
Its your employers machine; id say he has the greater right to decide which SSL certs are and are not trusted. If you need to connect to the DoD, your employer almost certainly knows about it, and if he doesnt you should probably let him know.
90% of your objections are basically that a dedicated IT team is writing the security policy (what crypto algos to use, what CAs to trust, etc) rather than you getting a say in it. Guess what: thats not your job, and the employer has every right to enforce the security policy of his choosing. It may even be a legal requirement for him to do so.
Depends who you are.
If you have no idea what the threat model is, what the legal requirements are, or what the business cases are for the practice, and have generally little IT background-- you will think it is evil (unless you actually read that computer use policy).
If you deal with IT security regularly and / or have dealt with the threats, legal burdens, etc-- youll generally understand that not only does everyone do it, but its pretty important to do.
But hey, maybe some people like viruses on their network being able to communicate to their C&C server over SSL unhindered. Cant have the company interfering, right?
I'm not sure "my system, my rules" would go very far in court.
I think you would be surprised, and (IANAL but) I suspect misusing that info and / or capturing it for the purposes of fraud would be a whole different discussion.
Theres not much difference between this and bugging your own house or having an audio recorder in your own car. Your property, your rules.
Why are you assuming that the employees are dishonest and stealing company time and access? My company specifically allows personal use of their network (within certain limitations), so nobody here is being dishonest.
These systems are not for the 99% of honest users. Nor are access controls, privilege restrictions, admin-off-by-default, etc.
These systems are for A) outside intrusions (detection /prevention), and B) those very few but very dangerous malicious users.
It is generally legal, and according to wikipedia it is legal in MOST countries when notice is given. Generally, notice IS given in the Acceptable Use Policy, but even when it is not it seems like it would be a tough thing to argue that you have any special privacy rights in someone else's network. Claiming that you do would make any kind of IDS /IPS pretty hard to do.
but the reality was "Our hardware, our rules."
FTFY. Their equipment, their responsibility. They have a right and duty to police the data leaving the network, for a large number of reasons.
I would not assume that theyre capturing and / or storing passwords, however, as that quickly passes from "due diligence" to "legally murky", and generally the goal is to REDUCE headaches, not cause them.
Takking a photo in public should be freakishly illegal in a "modern, developed country"?
I thought we got up in arms when the government stopped us from photographing public buildings, and you want to make it possible to sue private citizens taking photos in public? What sort of statist, authoritarian nightmare constitutes "modern" in your world?
Maybe people need to realize that when you are in public, no amount of legislation is going to change how trivial snapping a picture is.
Technology has changed and created new capabilities, but license plates have NEVER been private. Dont have to like it to accept it.
Fun fact: Most routers handle more than just 2 networks. Routing between 4 virtual interfaces is nothing particularly fancy, just unusual in a home router.
Next challenge: TwitchTV codes kernel drivers.
Im expecting great things.
You cannot break the key in a properly implemented OTP. You have no way knowing which of the 8 zillion possible valid plaintexts was actually sent.
The weaknesses are only:
* If the OTP repeats-- that is, the key is not the same length as the message. For an unbreakable 2KB OTP message, you need a 16000bit key (2KB).
* If the OTP is generated deterministically-- it is not random.
* Key distribution is vulnerable. No matter what method you use, unless it is face to face, the OTP can be "broken" by intercepting the key.
* Key storage. If anyone captures your OTP booklet or file, you have no security whatsoever.
If you figure those out, its "perfectly" secure-- but as mentioned it basically requires face-to-face before hand OTP distribution and storing the OTP keys in a physical, airgapped vault.
The entire system is a failure. Bleating that the protocol is technically good (maybe not*) while the entire system is incredibly volatile and provides no way to hold anyone accountable is just enacting one of the classic failures that engineers and geeks get snared by: failure to consider the human element.
You have a system whose primary users are either in it for the money or are in it to perform criminal activity (silk road), whose primary exchanges have no background in financial services (MTGox, etc), and looks /smells entirely like a pyramid scheme-- and its proponents want to focus on how hard it is to forge a bitcoin. Way to miss the big picture.
*I say "maybe not" because AFAIK at least some of the nodes on the network are going to end up storing the entire transaction log, which IIRC already ran into scaling problems once or twice. Imagine what would happen if the majority of transactions went through it, rather than a tiny fraction of a fraction of a percent of transactions; and who is going to volunteer to host these petabytes of transaction logs + associated hardware, in a system that is ostensibly decentralized?
Your decision making may be better than an automobile, but generally reaction speed is far more important and generally machines will have far superior reaction time.
Youd probably get the same amount of sympathy from a court, too.
That might hold if actual money was lost. Thats not the case.
This is like if your WoW account got hacked and you lost a ton of virtual gold. It may be tradeable for IRL money, but that doesnt mean the courts will treat it like IRL money or hold blizzard liable for monetary damages.