Ah. I assumed you were the person I'd originally replied to. My "cities are hard" comment was talking about the original poster's voice call service dropouts, not the data service performance problems. Data performance problems are usually just caused by inadequate backhaul bandwidth....:-)
They offer things under two licenses: GPL and commercial. IMO, it is far more likely that some build script broke and failed to replace the copyright notice on the GPLed export than that Oracle has decided to try to take the man pages proprietary....:-)
I doubt LTE has anything to do with your voice call glitches. AFAIK, except for very limited testing by Sprint and T-Mobile, LTE is not used for voice calls by any of the U.S. carriers except MetroPCS. The reason for this is that (unless something has changed fairly recently) there's no mechanism for a call handoff from VoLTE/SRVCC to CDMA, so if you are using VoLTE, the moment you leave LTE range, you'd get a hard call drop. For this reason, you shouldn't expect widespread deployment of VoLTE until the LTE rollout is very nearly complete.
Cities are hard. Multipath distortion can cause very problematic handoff situations even when there's a moderately strong signal. This, in turn, can cause the sorts of glitches you're experiencing. My advice would be to complain to Sprint and ask if they'll set you up with a free picocell for your home. That should completely eliminate the problem.
BTW, if you think Sprint's glitch rate is bad, you should see how much worse AT&T is. Admittedly, I'm not in D.C., but at least here on the opposite coast, the difference is staggering. As I understand it, CDMA is much more resistant to dropouts than TDMA/GSM, so unless AT&T's tower density is on the order of 4x Sprint's tower density (half the mean distance), Sprint *should* have fewer problems, ignoring hardware bugs, deployment mistakes (high collision rate from nearby towers), etc.
And yes, their LTE service is still a long way from where I'd like to to be. Then again, they started out way behind (WiMAX being a dead end and all), so I'm willing to have a little patience. For now.:-)
Gee, maybe to provide information on an actual crime that someone had committed?
The problem is that rulings like this mean that people who have committed a crime (any crime) cannot report other unrelated crimes without putting their own freedom hopelessly at risk. It is cases like this one that are the primary reason why human trafficking still exists in the United States. Because the victims have committed crimes like prostitution, if they cannot plead the 5th at any time and have it actually stick, absent explicit laws to shield them from prosecution, those victims are, in effect, not protected by the law. Illegal immigrant populations are similarly marginalized because they use fake SSNs when applying for jobs and paying taxes. And so on.
Worse, when these people realize that the law cannot help them, they are much more likely to take the law into their own hands. This leads to unnecessary violence. Given enough time, many people will die because of this ruling, all because the Supreme Court decided that the state of Texas's need to convict someone based on his refusal to answer certain questions was more important than defending our Constitution. Bad, bad, bad SCOTUS.
First, the "we broke 20 plots" is bullshit. They have have used these tools in 20 investigations, so what?
This. In much the same way, they likely used text messages for some menial part of those 20 investigations. Does that mean that the plots would not have been broken if they had been forced to rely on email or phone calls instead?
For that matter, the statement that these tools were used in preventing 20 attacks doesn't even tell us with certainty that those tools provided any information that helped in those investigations. It may have been that it was used, but returned nothing but false leads.
In other words, that statement is a completely information-free data point. Mind you, that's pretty much the norm for statements made by politicians....
I really wish that you would show up the next time someone inn the US dies from what would have been preventable through analysis of the call records. That way you could say "sucks to be you" the the family. It's the part right after that that I'd enjoy...
The biggest problem with that statement is that nearly any crime could have been prevented through analysis of call records if you have the benefit of hindsight. That doesn't mean that it is actually possible to extract the signal from the noise, however.
Even better would be if Google provided open source tools to allow website owners to check images (again, anonymously) against Google's database as they are being uploaded by users. By tying into such a service, bulletin board tools could make it really easy for site admins to ensure that posting child porn on their boards was very, very hard. This would be particularly useful for newly established boards where the number of users is small enough that such postings might otherwise go unnoticed for an extended period of time.
The goal is to eliminate the known child porn, not to decide what is or is not child porn. Presumably their database will come from law enforcement agencies. That said, your comment brings up a valid point—that you can't always tell what is or is not legal. Those photos of that Hollywood actress a few years ago were taken when she was only 17. The fact that she took them and sent them to her boyfriend doesn't change the fact that (assuming she wasn't lying to try to make the photos go away) possessing those photos is technically illegal under child porn laws.
This raises a more interesting question: Will it be possible for individuals to query that database? For example, if someone downloads a picture from somewhere and can't tell with certainty whether the girl is legal or not, could that person anonymously query the database to determine the legality of that photo? I mean, obviously the database would be incomplete, so lack of data does not necessarily indicate legality, but I could see something similar to virus scanners that periodically scan your porn collection against the child porn database and alert you to anything that shows up in that database so you can delete it. That would be a useful tool for staying on the right side of a law that is otherwise basically impossible to comply with (at least with any degree of certainty), particularly if it came with information describing how the age of the person in particular photo was determined and the level of certainty involved. For example, for a presumably legal photo, it might return "Over 18. Certainty: low. Reason: not found in database" or it might contain "Over 18. Certainty: high. Reason: Playboy affidavit" or anything in between.
All database backups are blank, and the PHPBB forum portion of the site has been broken since at least April (which is as far back as the archive.org archives go). A Google search reveals links that suggest that despite my attempts to lock down the board where no one could add accounts to it directly, someone constructed the URL directly (without clicking the nonexistent account links) and added accounts, then used them to post spam. I thought that I had disabled account creation more completely than that, but apparently I didn't do as good a job as I thought I did. Either way, it is disappointing that the captcha was so completely worthless at preventing spam.
My suspicion is that the site is down because my ISP got a complaint of some sort about something those bots posted (DMCA, abuse, law enforcement, take your pick). Sadly, I have no backups (and archive.org has no record of it prior to the error you're seeing, and Google won't let me look at caches for the site), so I can't determine what those bots posted. Because of the flood of bot attacks on my site, the site's logs only go back for two days, so I can't even see what means the attackers used for cracking into the PHPBB site, much less determine whether the wipe was a legitimate act by my ISP (in which case why in h*** wasn't I notified?) or a malicious act by yet another attacker. I've asked my ISP to produce logs farther back, but I have no idea if they are able to do so or not.
Either way, at this point, I would strongly urge anyone with a PHPBB installation to check your logs for malicious activity ASAP. If my forums can get attacked in this way, then anyone's can.
Will follow up if and when I learn more. My ISP has opened up a "hacked website" ticket, and is looking into the matter, whatever that means. My gut feeling says that I'm on my own, though, and that my best bet is to dump PHPBB as quickly as humanly possible in favor of something that was actually designed with security in mind to begin with. We shall see.
Why are you attacking his curiousity and not attaching WHAT HE SAID you are doing?
Simple. They already tried calling him a traitor, and it didn't work. The tide is turning fairly rapidly and angrily against the establishment in a way that they weren't expecting. In less than a week, the "Pardon Snowden" petition has gotten three-quarters of the whopping hundred thousand signatures required to demand a White House response. That's likely some sort of record for We the People petitions.
As for why they're attacking the messenger and not the message, that's because the government has been accused of heinous crimes against the people of the United States after having been repeatedly caught doing similar things in the past, so the government has zero credibility when attacking the message itself.
If I were in the NSA's shoes, I'd be panicking right now.
None of my problems involved the network. They were mostly bugs in the HTML editing behavior. The nearly unusable support for DOM selection objects was among the worst problems (no containsNode). I tried some of the tricks that Rangy uses, but even those were not sufficient to work around some of the bugs, IIRC. And I'm pretty sure I never did get copy/paste handling working adequately in IE. (The website requires the final HTML to conform strictly to a structure, which is not an easy thing to do even in WebKit and Firefox, both of which require entirely different code to work around the lack of a sane and standardized undo manger.)
Interesting. Looks like something wrong with my hosting provider. Either that or somebody recently exploited some new hole in PHPBB that I don't know about yet. I'll look into it.
I agree with you that ordinary websites should be usable in any browser, and should not depend on modern web technologies to show you content. That doesn't apply to web apps that actually do something useful for the user, though. (Think Google Docs.)
Then there are other sites that feature complete word processors (like Google Docs) or specialised editors like circuitlab.com. That's a totally different ballgame, but those sites are a tiny minority of all the web sites out there.
Indeed, this is the category that my site falls into.
Outside of that, what sites can't feasibly ditch lt-IE9? The one's that can't afford it?
In my case, it's because the site depends heavily on HTML editing actually working and behaving in some sensible and consistent way, and IE did not as of IE 9. I can't remember the laundry list of bugs that I could not find viable workarounds for, but the list was not insignificant, if memory serves.
Just stop supporting it. That simple.
Yes, that's pretty much the only choice, but that doesn't mean it is a good choice. It's basically equivalent to telling about a third of your users that they don't matter. We're not talking about stinging a little. We're talking about slicing your website's wrists and pouring lemon juice on it.
No. I've never used IE, so I don't care if it is unusable. As a web developer, I found IE to be unsupportable. Chrome is always a better option. However, most websites cannot realistically tell their users, "You need to switch browsers." Chrome Frame used to provide a mechanism by which websites could support IE without having to actually support IE ("For Internet Explorer users, this website requires the Chrome Frame plug-in. Click here to download it.").
Google is now the bad guy because now the only remaining option available to websites that can't feasibly support IE directly is to tell IE users to FOAD. Now do you get it?
Why the heck do you need Chrome Frame for anyway? Just install Chrome.
Let me see if I understand you correctly. You're saying I should exploit a security hole in ActiveX to forcibly install Chrome on the computer of every user who comes to my website?:-D
I'm not an IE user. At all. I'm a web developer. As a web developer, I don't get to choose what browser people come to my site with. I only get to choose whether to support them or not. Chrome frame provided a fairly lightweight option whereby I could require that they install a simple plug-in and continue using their existing browser. Without that option, the only choice is to tell IE users "Go download another browser or go away." See the problem now?
Then again, the difference between the Democrats and Republicans these days is getting so small that it feels like we're almost there. On nearly every important issue, they agree, which means that there are few to no dissenting voices pointing out the flaws in their positions on important issues. Even in the best of cases, they only disagree as long as the other guy is in power. Then, when they get power, their positions swap.
The current US government no longer operates with the will of the governed.
Yes, it does, and the election results prove it...
And I suppose you believe that elections in various third-world nations prove that their governments operates according to the will of the governed, too. An election that is not free is not an assertion of assent. Unfortunately, because of the way in which the U.S. election system was designed (plurality rule or worse), and because of the insane amount of money required to campaign for any national office, our elections are effectively rigged so that only a couple of candidates actually have a chance of winning, no matter what the two parties might want you to believe. That's hardly a free election by any reasonable standard. Therefore, the election does not prove anything except that more people voted for one candidate than another (at best).
I was seriously considering using Chrome Frame just a few months back as the means to support a very complex website based on HTML editing because IE's support is so broken so as to be almost useless. I tried very hard to support IE, but after spending a small eternity on it, I eventually gave up and declared IE unsupportable. Although I have not tried IE 10 yet, IE 9 and earlier are basically unusable in many areas, and were running at least two or three years behind where Safari, Chrome, and Firefox are in terms of robustness and feature support. Thus, all of the reasons for using Chrome Frame are still there just as much as they were four years ago, and I have zero faith in Microsoft improving that significantly at any point in the foreseeable future.
In spite of that horrible state, however, I did not bother to take the time to implement support for using and recommending Chrome Frame, even though I seriously considered it. Why didn't I take the time? Precisely because after watching so many people get burned repeatedly by Google yanking support out from under them, I no longer trust that anything Google provides will still be supported in six months. They've burned too many bridges at this point, to such a degree that at this point, I assume that if Google was behind it, it's only a matter of time before they drop support.
So thanks, Google, for proving my cynic hat astoundingly right yet again.
Unless "pretty much never has a place in security" actually means "has a critical place in security", please tell me your usernames, passwords, crypto keys, host addresses, VPN token parameters, etc. Also your bank account numbers as well as your bank routing number.
I think what the GP meant is that any crypto system in which the security of the data depends on the secrecy of the mechanism itself is fundamentally flawed. For example, keeping crypto keys secret is critical to security, which is why DRM doesn't work; the only thing protecting those keys from the user is the way in which the DRM code hides those keys, so as soon as that hiding mechanism is exposed, the entire scheme breaks down.
How about all software must be released under an open source license / free software license...
IMO, free is not free enough. For a mechanical patent, you provide specifications that must be detailed enough so that after the patent expires, other companies can build it. If the other company has to clean-room the code and rewrite it from scratch, then the source code provides no additional benefit to other companies beyond the specification of the data structures and math and what not.
No, any software company that wants a patent should be required to publish that software under a 2-clause or 3-clause BSD license.
Ah. I assumed you were the person I'd originally replied to. My "cities are hard" comment was talking about the original poster's voice call service dropouts, not the data service performance problems. Data performance problems are usually just caused by inadequate backhaul bandwidth.... :-)
They offer things under two licenses: GPL and commercial. IMO, it is far more likely that some build script broke and failed to replace the copyright notice on the GPLed export than that Oracle has decided to try to take the man pages proprietary.... :-)
I doubt LTE has anything to do with your voice call glitches. AFAIK, except for very limited testing by Sprint and T-Mobile, LTE is not used for voice calls by any of the U.S. carriers except MetroPCS. The reason for this is that (unless something has changed fairly recently) there's no mechanism for a call handoff from VoLTE/SRVCC to CDMA, so if you are using VoLTE, the moment you leave LTE range, you'd get a hard call drop. For this reason, you shouldn't expect widespread deployment of VoLTE until the LTE rollout is very nearly complete.
Cities are hard. Multipath distortion can cause very problematic handoff situations even when there's a moderately strong signal. This, in turn, can cause the sorts of glitches you're experiencing. My advice would be to complain to Sprint and ask if they'll set you up with a free picocell for your home. That should completely eliminate the problem.
BTW, if you think Sprint's glitch rate is bad, you should see how much worse AT&T is. Admittedly, I'm not in D.C., but at least here on the opposite coast, the difference is staggering. As I understand it, CDMA is much more resistant to dropouts than TDMA/GSM, so unless AT&T's tower density is on the order of 4x Sprint's tower density (half the mean distance), Sprint *should* have fewer problems, ignoring hardware bugs, deployment mistakes (high collision rate from nearby towers), etc.
And yes, their LTE service is still a long way from where I'd like to to be. Then again, they started out way behind (WiMAX being a dead end and all), so I'm willing to have a little patience. For now. :-)
The problem is that rulings like this mean that people who have committed a crime (any crime) cannot report other unrelated crimes without putting their own freedom hopelessly at risk. It is cases like this one that are the primary reason why human trafficking still exists in the United States. Because the victims have committed crimes like prostitution, if they cannot plead the 5th at any time and have it actually stick, absent explicit laws to shield them from prosecution, those victims are, in effect, not protected by the law. Illegal immigrant populations are similarly marginalized because they use fake SSNs when applying for jobs and paying taxes. And so on.
Worse, when these people realize that the law cannot help them, they are much more likely to take the law into their own hands. This leads to unnecessary violence. Given enough time, many people will die because of this ruling, all because the Supreme Court decided that the state of Texas's need to convict someone based on his refusal to answer certain questions was more important than defending our Constitution. Bad, bad, bad SCOTUS.
This. In much the same way, they likely used text messages for some menial part of those 20 investigations. Does that mean that the plots would not have been broken if they had been forced to rely on email or phone calls instead?
For that matter, the statement that these tools were used in preventing 20 attacks doesn't even tell us with certainty that those tools provided any information that helped in those investigations. It may have been that it was used, but returned nothing but false leads.
In other words, that statement is a completely information-free data point. Mind you, that's pretty much the norm for statements made by politicians....
The biggest problem with that statement is that nearly any crime could have been prevented through analysis of call records if you have the benefit of hindsight. That doesn't mean that it is actually possible to extract the signal from the noise, however.
Even better would be if Google provided open source tools to allow website owners to check images (again, anonymously) against Google's database as they are being uploaded by users. By tying into such a service, bulletin board tools could make it really easy for site admins to ensure that posting child porn on their boards was very, very hard. This would be particularly useful for newly established boards where the number of users is small enough that such postings might otherwise go unnoticed for an extended period of time.
The goal is to eliminate the known child porn, not to decide what is or is not child porn. Presumably their database will come from law enforcement agencies. That said, your comment brings up a valid point—that you can't always tell what is or is not legal. Those photos of that Hollywood actress a few years ago were taken when she was only 17. The fact that she took them and sent them to her boyfriend doesn't change the fact that (assuming she wasn't lying to try to make the photos go away) possessing those photos is technically illegal under child porn laws.
This raises a more interesting question: Will it be possible for individuals to query that database? For example, if someone downloads a picture from somewhere and can't tell with certainty whether the girl is legal or not, could that person anonymously query the database to determine the legality of that photo? I mean, obviously the database would be incomplete, so lack of data does not necessarily indicate legality, but I could see something similar to virus scanners that periodically scan your porn collection against the child porn database and alert you to anything that shows up in that database so you can delete it. That would be a useful tool for staying on the right side of a law that is otherwise basically impossible to comply with (at least with any degree of certainty), particularly if it came with information describing how the age of the person in particular photo was determined and the level of certainty involved. For example, for a presumably legal photo, it might return "Over 18. Certainty: low. Reason: not found in database" or it might contain "Over 18. Certainty: high. Reason: Playboy affidavit" or anything in between.
Except the more appropriate quote would be, "And from now on, stop playing with yourself."
Watching that movie now.
Easy fix: Smear Vaseline on the lens. It will still be able to detect motion, but the image won't be useful for much else.
All database backups are blank, and the PHPBB forum portion of the site has been broken since at least April (which is as far back as the archive.org archives go). A Google search reveals links that suggest that despite my attempts to lock down the board where no one could add accounts to it directly, someone constructed the URL directly (without clicking the nonexistent account links) and added accounts, then used them to post spam. I thought that I had disabled account creation more completely than that, but apparently I didn't do as good a job as I thought I did. Either way, it is disappointing that the captcha was so completely worthless at preventing spam.
My suspicion is that the site is down because my ISP got a complaint of some sort about something those bots posted (DMCA, abuse, law enforcement, take your pick). Sadly, I have no backups (and archive.org has no record of it prior to the error you're seeing, and Google won't let me look at caches for the site), so I can't determine what those bots posted. Because of the flood of bot attacks on my site, the site's logs only go back for two days, so I can't even see what means the attackers used for cracking into the PHPBB site, much less determine whether the wipe was a legitimate act by my ISP (in which case why in h*** wasn't I notified?) or a malicious act by yet another attacker. I've asked my ISP to produce logs farther back, but I have no idea if they are able to do so or not.
Either way, at this point, I would strongly urge anyone with a PHPBB installation to check your logs for malicious activity ASAP. If my forums can get attacked in this way, then anyone's can.
Will follow up if and when I learn more. My ISP has opened up a "hacked website" ticket, and is looking into the matter, whatever that means. My gut feeling says that I'm on my own, though, and that my best bet is to dump PHPBB as quickly as humanly possible in favor of something that was actually designed with security in mind to begin with. We shall see.
Simple. They already tried calling him a traitor, and it didn't work. The tide is turning fairly rapidly and angrily against the establishment in a way that they weren't expecting. In less than a week, the "Pardon Snowden" petition has gotten three-quarters of the whopping hundred thousand signatures required to demand a White House response. That's likely some sort of record for We the People petitions.
As for why they're attacking the messenger and not the message, that's because the government has been accused of heinous crimes against the people of the United States after having been repeatedly caught doing similar things in the past, so the government has zero credibility when attacking the message itself.
If I were in the NSA's shoes, I'd be panicking right now.
None of my problems involved the network. They were mostly bugs in the HTML editing behavior. The nearly unusable support for DOM selection objects was among the worst problems (no containsNode). I tried some of the tricks that Rangy uses, but even those were not sufficient to work around some of the bugs, IIRC. And I'm pretty sure I never did get copy/paste handling working adequately in IE. (The website requires the final HTML to conform strictly to a structure, which is not an easy thing to do even in WebKit and Firefox, both of which require entirely different code to work around the lack of a sane and standardized undo manger.)
Interesting. Looks like something wrong with my hosting provider. Either that or somebody recently exploited some new hole in PHPBB that I don't know about yet. I'll look into it.
I agree with you that ordinary websites should be usable in any browser, and should not depend on modern web technologies to show you content. That doesn't apply to web apps that actually do something useful for the user, though. (Think Google Docs.)
Indeed, this is the category that my site falls into.
In my case, it's because the site depends heavily on HTML editing actually working and behaving in some sensible and consistent way, and IE did not as of IE 9. I can't remember the laundry list of bugs that I could not find viable workarounds for, but the list was not insignificant, if memory serves.
Yes, that's pretty much the only choice, but that doesn't mean it is a good choice. It's basically equivalent to telling about a third of your users that they don't matter. We're not talking about stinging a little. We're talking about slicing your website's wrists and pouring lemon juice on it.
No. I've never used IE, so I don't care if it is unusable. As a web developer, I found IE to be unsupportable. Chrome is always a better option. However, most websites cannot realistically tell their users, "You need to switch browsers." Chrome Frame used to provide a mechanism by which websites could support IE without having to actually support IE ("For Internet Explorer users, this website requires the Chrome Frame plug-in. Click here to download it.").
Google is now the bad guy because now the only remaining option available to websites that can't feasibly support IE directly is to tell IE users to FOAD. Now do you get it?
Let me see if I understand you correctly. You're saying I should exploit a security hole in ActiveX to forcibly install Chrome on the computer of every user who comes to my website? :-D
I'm not an IE user. At all. I'm a web developer. As a web developer, I don't get to choose what browser people come to my site with. I only get to choose whether to support them or not. Chrome frame provided a fairly lightweight option whereby I could require that they install a simple plug-in and continue using their existing browser. Without that option, the only choice is to tell IE users "Go download another browser or go away." See the problem now?
Then again, the difference between the Democrats and Republicans these days is getting so small that it feels like we're almost there. On nearly every important issue, they agree, which means that there are few to no dissenting voices pointing out the flaws in their positions on important issues. Even in the best of cases, they only disagree as long as the other guy is in power. Then, when they get power, their positions swap.
And I suppose you believe that elections in various third-world nations prove that their governments operates according to the will of the governed, too. An election that is not free is not an assertion of assent. Unfortunately, because of the way in which the U.S. election system was designed (plurality rule or worse), and because of the insane amount of money required to campaign for any national office, our elections are effectively rigged so that only a couple of candidates actually have a chance of winning, no matter what the two parties might want you to believe. That's hardly a free election by any reasonable standard. Therefore, the election does not prove anything except that more people voted for one candidate than another (at best).
I was seriously considering using Chrome Frame just a few months back as the means to support a very complex website based on HTML editing because IE's support is so broken so as to be almost useless. I tried very hard to support IE, but after spending a small eternity on it, I eventually gave up and declared IE unsupportable. Although I have not tried IE 10 yet, IE 9 and earlier are basically unusable in many areas, and were running at least two or three years behind where Safari, Chrome, and Firefox are in terms of robustness and feature support. Thus, all of the reasons for using Chrome Frame are still there just as much as they were four years ago, and I have zero faith in Microsoft improving that significantly at any point in the foreseeable future.
In spite of that horrible state, however, I did not bother to take the time to implement support for using and recommending Chrome Frame, even though I seriously considered it. Why didn't I take the time? Precisely because after watching so many people get burned repeatedly by Google yanking support out from under them, I no longer trust that anything Google provides will still be supported in six months. They've burned too many bridges at this point, to such a degree that at this point, I assume that if Google was behind it, it's only a matter of time before they drop support.
So thanks, Google, for proving my cynic hat astoundingly right yet again.
I think what the GP meant is that any crypto system in which the security of the data depends on the secrecy of the mechanism itself is fundamentally flawed. For example, keeping crypto keys secret is critical to security, which is why DRM doesn't work; the only thing protecting those keys from the user is the way in which the DRM code hides those keys, so as soon as that hiding mechanism is exposed, the entire scheme breaks down.
IMO, free is not free enough. For a mechanical patent, you provide specifications that must be detailed enough so that after the patent expires, other companies can build it. If the other company has to clean-room the code and rewrite it from scratch, then the source code provides no additional benefit to other companies beyond the specification of the data structures and math and what not.
No, any software company that wants a patent should be required to publish that software under a 2-clause or 3-clause BSD license.