No one seems to be concerned over Wikileaks' agenda, which is unknown. They selectively release material over time...why not just put it all up as they get it?
Good question, I'm guessing that they are checking the cables to make sure its not going to actually hurt someone before they release it?
I'm not sure any lesson will be learned by payment processors except to stay away from organizations that may come with this kind of baggage. At the end of the day, payment processors can get attacked just as hard by governments and governments have all sorts of ways of making life truly miserable for a business. A DOS attack is nothing compared to a pissed off tax collector.
Yeah I've considered that - would anyone be that insance as to attack everyone that isn't currently doing business with wikileaks (if you're not with us you're against us) - I think that qualifies as the cyber equivalent of global nuclear suicide for anyone stupid enough to do that. I don't think anyone is that crazy or stupid to do that (plus I dont see how it would scale, every bank on earth? Every hosting company? Talk about bringing down the wrath of god on yourself.)
I believe you misunderstood my point, of course I know how credit card companies work - the issue is do they make enough money in the form of profits from the transaction to offset the costs of doing business with someone that may draw the unwanted attention of governments, shareholders, negative press, lookback auditing costs, chargebacks etc. (which is why some processors won't work with adult sites anymore) and inversely the costs incurred - in the present case - with dumping that customer. Hence the term "theres no money in it". If you ain't profiting, you ain't making money you're spending it.
This reminds me of when the church of $cientology tried this same sort of tactic, punish your rivals with a DOS attack to teach them a lesson and hope that they change their ways (or that no one else repeats the same actions). In that case it was a massive multi-year flood of certain usenet groups, and its probably easier to see how the badguy was - but the method was the same and the result I suspect will be the same: It backfired on the co$ and I think the same if going to happen to here too to wikileaks. Wteher they have anything to with it or not (and I suspect they don't directly have anything to do with). Its not going to get wikileaks any sympathy, its not going to change the stance of companies like Amazon and Mastercard (give in to one DOS attack, then you need to give into the next one, etc.) and its going to scare away other businesses from every working with Wikileaks in the future. Why should a business take the chance, if you bring on wikileaks as a client and you can't handle the heat wikileaks fanboys will DOS you. Safe beat, don't do business with wikileaks.
So this is either a misguided attempt to help wikileaks, or a damn clever attack on wikileaks by destroying any chance they have of working with anyone else. Either way it seems to me (and what the hell do I know) that this going to backfire.
Perhaps the more constructive response is to figure out a way to do what you want without having to force someone else to do it. Mastercard is a business, they aren't in business to facilitate freedom of speech - and as annoying or insulting as that may be, and as much as it may piss some people off, its not going to change. Even if mastercard says they have changed their ways and suddenly become gods gift to the US first amendment, they really won't have done this - they exist to make money. If theres no money in it, they wont do it. Don't kid yourself, capitalism is about money - PERIOD.
To that end, it actually seems like there may be a genuine need for a sort of CausesPayment system - at least I think wikileaks supporters would agree, so I recommend that if you really want to fix this problem, make it your own - this DDOS isn't going to give you the control you want. even if you get a temporary victory, it can be snatched away because you don't control the flow of money and never will as long as you rely on third parties.
So go start a payment processor, it doesnt have to be anything fancy, you could just take payments in the form of checks to start with and send the money to whatever cause the person wants. Let them bankroll anything they want, let people bankroll anything they want - stand up, take action and stop waiting for someone else to do something about it. Then you can take whatever stance you want, and stand up for freedom of speech.
If you want something done, do it yourself. If you wait for others to do it, you may wait forever.
Its probably going to reenforce their decision, and give anyone else pause if they choose to do business with Wikileaks. This is a really dumb thing to do, look at it this way, why would any payment process ever want to work with wikileaks again if they know their fanboys will attack them if they don't continue to do business with them? Its a no win situation for the payment processor, its better to never do business with wikileaks.
It doesn't matter, the mob has spoken and we all know the mob is always right. Otherwise the mob will turn on us. See, who needs courts and laws, theres no such thing as mob justice that isn't always right.
"It" is the problem. The federal government is not qualified to set the standards or manage them. For example, look at FISMA - an unmitigated FAILURE in security. Its an excercise in building paper forts around computers and networks - and this is the BEST the federal government can do.
The federal government can not provide IT, the problem is one of design. Systems are not designed for the threats they face, and the federal government is worse than ill-equiped to lead that effort - its not only part of the problem, it fans the flames of the problem by forcing agencies to buy products not based on their technical merits but on bulk purchasing agreements, non-bid contracts, "certification programs" (look the EAL nonsense) and other nonsense. If you want security and IT to get worse, put the federal government in a position to rule over these things in private sector.
That depends. During Waco (under a democratic president) I imagine they would would say the US Govt. was the bad guys - thats certainly what the conservative commentators said.
If you accept what the Supreme Court said, then the 2nd amendment is basically about the inalienable right of the people to keep and bear arms.
It's also worth noting that the Constitution, the same document where we learn about the 2nd amendment, also says that the SCOTUS is the final arbiter on what the constitution means. I would think that if you are a 2nd amendment supporter, to be consistent, you must also accept what the SCOTUS rules.
I certainly do accept the SCOTUS on this one. Interestingly the ACLU, for example, does not. Specifically (and not pick on the ACLU, I really do appreciate them and support them) the ACLU states that they believe the SCOTUS was wrong on this one and that the 2nd amendment is just a group right. I for one think the ACLU is wrong and the SCOTUS is right and that the ACLU, and others, have always been wrong that the 2nd amendment only protects a group right.
It never made sense to me why you need a group right to arms as the government has always been in a position to have arms. There is no need to guarantee the National Guard or some "well regulated militia" has the right to arms - they can just have arms and who is going to stop them? Its just silly and I think some people trust their governments a little too much and the people too little which is why they may still be clinging to their erroneous logic that "the people" in the second amendment is somehow different from "the people" in the other amendments and the constitution itself. Maybe it scares them that "the people" might armed I suppose. The people means an individual right, and the SCOTUS agreed. Chock one up for logic, reason and reading comprehension skills!
Anyway, my point with the caveat was to recognize that some people still do not believe the SCOTUS was right and continue to argue that the individual right does not exist (so in their case they do not, in fact, accept what the SCOTUS said). Its moot for them to pretend otherwise at the moment, but neverthless they persist.
It is worth also noting that the SCOTUS has changed its position before so its possible a different SCOTUS could rule in the other direction. Wrongly I would say - but nevertheless it could occur and maybe thats what some of these folks are hoping for.
Hence the caveat "if you accept". (And I should have also said - and if you can read the constitution *grin*)
Ah, you must be with JTF AFG, best of luck to you on the tour - think different and read some books on 4th generation warfare - we aren't going to win without some new thinking.
On a personal note when we operated west of your AO - around Yakhchal - we lost some folks to IEDS. Be careful on the A01, we just lost some good people to IEDs in the area, so stay in well armored vehicles that can take an IED if you travel known routes. Air movements are surprisingly less troublesome (well, maybe not so surprisingly). Ground movements via primary and secondary roads are an issue.
Also, you might want to have this debate with some US Army folk - you might find that your opinions of what the US Army could and would do in insurrection need some correction. I know many folks that would change sides if they were asked to wipe out a bunch of US civilians. Hell, technically everyone should refuse that unlawful order - not to mention the requirement in the US that all soldier swear an oath to out constitution - not to any government.
Not sure what you canucks do, but in the US when you sign up you raise you right hand to promise to uphold and defend the constitution from enemys both foreign and domestic - which means your own government sometimes.
And what you (and many others; you're in good company) keep overlooking is that A COUNTRY FACING ARMED INSURRECTION FROM ITS OWN PEOPLE CANNOT QUIT AND GO HOME.
And what you are missing is that yes they can - its called surrender or defeat. It happens a lot in history - go read the examples I and others have cited. You assume, incorrectly, that because an army can not leave the field that it will not YIELD the field. You are wrong. And sometimes a government can leave its own country, thus happens often as well.
Young? I think I'm probably older than you are. 21 years in the Army, and still going, thanks.
LOL! Only 21 years! You are a young man!;-)
Its 22 years for me - I went though Harmony Church in 1986 as an 11B back when we still had OG-107s, wore steel pots and damn it we held on to them all until 89 when they forced us to put on BDUs and those damn heavy kevlar helments that you couldn't shave out of. So if you want me to retract "young man" consider it retracted old man, but my knees still work and the only old man I know is my father. In my unit everyone is a "Young Man" - we have no Old Men and no one is called the "Old Man". Old Men retire - Young Men fight.
So back to the issue at hand, I think you're missing my point. The idea of assymetry in ANY form, even a civil war, is literal. If the other side is that out classed they can only use assymetric means to fight. And yes, it DOES work. Successfully winning any war is about making things harder for the superior force to the point that they either can not continue to fight or they don't want to. Destroy their lines of communication, tear down their bridges, destroy their logistics trains, strike fear into the heart of the enemy and make them question WHY they gight. If you can't go toe to toe with them you use other means to break their will to fight. Heres a simple example: snipers have been and still are highly effective at reducing combat effectiveness against a superior (or even inferior) force, instilling fear and sometimes turning the tide of battle - and all you need is a good rifle.
In civil wars the superior force has been known to throw in the towel - even on its own territory. So yes, this works in civil wars too. You could have the county split. For example: the American Revolutionary war which was, in fact, a Civil war was British on British warfare with the dominant force eventually giving up the territory it no longer wanted to hold.
Perhaps whats getting between us in the assumotion that a civil war has to be an all or nothing conflict. A 2nd American Civil War might end up with an impasse and a divided nation - but this is all much much harder if the population has no arms to fight with. You may also be assuming that an insurrection has to be nationwide. There are historical examples of local insurrections to overthrow cities, counties, states, principalities but not the national government.
The fact is that insurgencies sometimes succeed without the benefit of a superior force or technology, they simply have the minimum means necessary to break the will of the opponent. Just ask yourself one question: Would it be easier if the current insurgents were all disarmed?
So here are just a few examples of civil wars where the government did give up:
North Vietnam defeating South Vietnam
Cambodian Civil War
Russian Civil War
Finish Civil War of 1918
Greek Civil War of the late 1940s
Rwandan Civil War
Salvadorian Civil War
Sandanistas overthrow of Somoza regime in the late 70s
Fatah Hamas Civil war over Gaza (where as you recall, Fatah had no choice but to quit the field of battle causing a split into two territories and two governments)
Bangladesh Liberation War - where Pakistan lost East Pakistan forever due to Civil War
The Taliban in Afghanistan - you assume that a civil war can't involve outside parties? Whats to say an uprising in the US wouldn't be backed by someone else? It was before.
Guatemalan Civil War - that was literally the government against the people
Bosnian civil war - which lead to the creation of a new country out of the former Yugoslavia
And sometimes winning a civil war means both sides get some of what they want - but the key is that the superior force is willing to come to the table - they yield. Look at the Albian insurgency against the Macedonians. It was a civil war, and both sides brought it to an end with both sides offering something to the other. You could argue that's what's going on in Iraq right now - but this would not have happened with access to small arms.
Anyway, I hope this is food for thought. Best of luck to you on your tour.
Not to mention that the US Supreme court, this year, more or less put this to rest by ruling that second amendment is an individual right, so it more or less nullified the whole militia = group right argument. If you accept what the Supreme Court said, then the 2nd amendment is basically about the inalienable right of the people to keep and bear arms. Theres nothing in there about arms only for hunting purposes.
I'm sorry young man but you are misinformed about warfare and even modern history and asymmetric warfare and the use of small arms therein.
Since you chose to open with an appeal to authority I'll respond in kind. I too am a multi decade combat arms Army vet with combat experience. The wins we have made in Iraq did not happen because of our superior forces, technology and tactics but through a political choice made by many insurgents to put down their weapons and join our side. We were not going turn Iraq until that happened - mass on target doesn't work in the modern battle field. Don't kid yourself it was a holding action at best until those insurgents decided it was in their best interests to stop fighting. Asymmetrical wars can not be won via conventional means alone.
To wit, the Iraqis NEVER had air power, artillery or anything more modern than explosives (IEDs, etc.) and small arms - with the occasional special unit with a better RPG - and yet they held against the finest fighting force the world has ever seen until they CHOOSE to put down their weapons. Its the war not the battle you have to look at. Yes you can win every battle and yet still lose a war.
Lets look at it more carefully. Iraq was not won with our bad ass fighting forces alone. Armed populations will not aqueous until a time of their own choosing - smashing villages in force just keeps producing more insurgents - which is the REAL reason we don't do that. It has nothing to do with a lack of will on our part, its just good sound strategy. If you want to be percieved as the good guy, you have to act the part. So in a complicated war that involves real time propaganda - or at least video and a means to send it to the population faster than we have ever had in the past - an armed militia force can indeed win against a more advanced force. You've cited examples yourself. But lets look at your example of this not working with an army that doesn't care and WILL kill whole villages:
Afghanistan circa 1980s: The Soviet Union WAS an advanced force, did wipe out whole villages, was BRUTAL to the afghans and the rag bags that took them on with nothing more than springfield bolt action rifles (which we technology superior to the AK-47 and AK-74 because they could engage beyond 400 meters, whereas the AK line could not) and guess who is NOT in Afghanistan anymore? Did the rag bags have stingers? Yes, did they have tanks? No, nor did they have any mass fire at all. Did the soviets care about civilian casualties? NO! They poisoned wells, wiped out villages, carrief out mass bombing campaigns and did this for YEARS. AND YET THEY LOST. Those ignorant mountain peasants with small arms, a handful of stingers and simple explosives got the Soviets to quit. They simply wore then down.
Another example: you mention Vietnam, yes there is another fine example of asymmetry in warfare - small arms again with some limited use of explosives. Did we bomb the hell out free fire zones - you bet your ass we did. We kills lots and lots of civilians and it made no difference. Break the enemies will and you win. You don't have to have a better, stronger or more advanced force to win a war you simply have to be more determined to win.
And if you are a military veteran (you imply that you are) then you should know about Somalia. There is black day for the US Army that should be burned into the brains of everyone in a western military force. If you recall, thats where an inferior fighting force could be argued to have won against a superior force with nothing but small arms and 2nd generation RPGs. Did they win the battle? Fuck no. But if you recall, we (the US) left because it was simply not worth it to us to continue the fight. To win against a superior force you don't have to defeat them - you simply have to get them to quit. So you miss the point of the 2nd amendment - its about being able to fight back and you miss the lesson about assymetric warfare that the founding fathers DID understand: You can lose the battl
We use evolution on our Linux boxes at a major Government site (to interface with Exchange) and with no issues. It may be that your UNIX users that are having problems are running an older version of Evolution, or perhaps its a config issue. The login procedure for Exchange is actually thru the OWA frontend, and you have to put your Domain before your username (DOMAIN\username). We've had plenty of senior linux engineers that did not know that, and thought it wasn't working. Simple mistake to make. The other config problem we saw was users that did not know they had to point to the OWA frontend, and thought they should be pointing to the backend exchange server (like in Outlook). Once they configured Evolution to point to the front end servers (the OWA boxes), it worked like a charm.
I've seen it happen. I was a classmate of the son of an Armed Forces officer in my country - we have very strict gun control here, and the gun crime rate is astonishingly low, which doesn't mean there is no crime, but rather that it is commited with "white" weapons (knives, etc) - and a burglar entered his house, found his cache of weapons, threatened him and his family (armed forces father absent) , stole all the valuables and left - with their weapons.
Look at what you just said, by your own admission, you did not see this happen. You just passing on a story someone else told you (which may or may not be true), so I'm sorry, but you did not see it happen. Equally, your story totally refutes your point, the burglar left, no one died - having guns will not kill you, or make it easier for you to be killed - thats what happened in your story. And a burglar is absolutely nothing like a razed person that wants to KILL you. Thiefs want to steal, they don't necessarily want to kill. So you story isn't even germane. We're talking about what to do when someone WANTs to kill you. If you lack the means to fight back, you will probably die. Someone of us just want the means to fight back. If you prefer to be unarmed, hey thats your life, do with it what you like, but I like being alive and as someone trained to use firearms - I'll take my chances protecting myself thank you.
Just ask yourself this: If you were one of those students, facing this murder and you just watched him kill your friend - wouldn't you want to be able to stop the murderer from killing you or anyone else? Its just you, and the shooter. What are you going to do? Tick tock, times up. Its kill or be killed. Welcome to the real world.
Really, do you carry your gun with you in your house at all times???
In my case, yes I do, my work requires it. Some people even sleep with them (In my line of work, its good insurance). When I was back on active duty in the Army, I was required to sleep with my loaded Rifle. Old habits die hard, and for good reason. There are bad people out there that want to kill you. Thankfully, its unlikely you will ever run into one of these people, but if you do, there is nothing you can do to prevent someone determined to die from causing situations like this. When you find yourself in this situtation, you run, you fight or you die. You better be prepared to fight for your life. If you want to be unarmed, thats your business, I'd rather be able to fight back.
Be that as it may, the valuable lesson here should be that appeals to authority should always be treated with suspicion. One should always be dubious of authorities - whether they are real or not. An expert still has to prove their point, and an appeal to their education, experience, etc. does not do that. Don't believe someone solely because they are educated or experienced in a topic. That does not, a priori, make them correct.
So when someone is proven to be a fake authority, suddenly its news for the "experts", so they can turn the tide back towards their credentials. Credentials mean nothing. Prove your point with facts, not a diploma. An authority does not a fact make. Having a degree doesn't mean that you are right or wrong, it just means you may know something about the subject - right or wrong. You still have to prove your point, and all the authority in the world can't do that for you. What people should learn from this is not only to we wary of so-called experts (its the Internet people, come on!) but that even if someone IS an expert that doesn't mean they are right! Use those critical thinking skills yourself, and be your own expert.
Re:We should look back to the Copyright Act of 197
on
XM+MP3 Going to Trial
·
· Score: 1
3. Does the device implement the SCMS (serial copyright management system to prevent copying beyond the first duplication? Probably not if they are storing in MP3 format.
For what its worth, the XM recorder I have makes this requirement moot. You can not copy the content off the device. They have a segemented memory partition that keeps the recordings away from your PC. Its certainly possible that someone could debug the hardware and find a way to the content, but out of the box there is no way to copy anything digital off the recorder. You could only make analog copies, which you can do now with any radio on earth, XM or not. So it seems that they are in compliance with that requirement, and for what its worth the feature in the XM recorders has nothing to do with "illegal copying", as you can't copy the content off the device. This is just RIAA whining about "replay", which should be covered by fair use. The RIAA is just trying to battle for a bigger cut with XM, this is just a negotiating ploy pure and simple.
Be that as it may, the NIAP is still a failure because the agencies don't seem to understand the short comings of the program. The perception is that EAL levels are some quantification of security. The higher the level, the better it must be, and if a product doesn't have an EAL - well then we shouldn't use it. Which means a lot of excellent security tools are excluded from agencies, particularly at DoD where they are really needed.
For example, when conducting pen tests I've personally had to battle the EAL religion to just get decent tools approved for my teams, because NONE OF THEM ARE CERTIFIED. Which is both not a surprise, as some of the tools are so new (even the commercial ones) that they couldn't possibly have an EAL, are not maintained by people/organizations that have any motive to get them certified or take so long to get one that he state of the art tools are not available. You are left using older, less reliable and often times less secure products. Hell, at one point we had to battle over using Linux attack boxes because at the time Windows had a higher EAL! There was an insane perception that Windows would be better and after installing SP2, which was STIG mandated, the boxes were so slow at port scanning the IG caved and said go with Linux because the audit was going to take SO LONG it wouldn't get done in time. All of this stupidity was driven by the irrational belief in the holiness of the EAL.
Couple this with the false sense of security the level gives, and the fact that it really doesn't add anything by itself - as you yourself said - and it begs the question: Is the value worth the cost? Experience has taught me that it does not. The EAL is just a rehashing of older certification methods (remember the old A, B, C levels?) and those were not very useful either (unless you went for the top levels, and even then there were problems). Its not rigorous enough to be a real evaluation (even a full code review doesn't mean a product is safe, prudence says assume the worst, which is why its a damn good thing the GIG and SIPR are on their own physical networks), it doesn't truly test the security posture of a product, its takes too long to get a through test - so vendors are tempted to short cut via a bogus PP - and it doesn't mean that a product is or is not an acceptable risk for an organization to use. And yet, its POLICY now that you can't use controls that don't have an EAL. The EAL carries tremendous weight just for that alone. I can not tell you how many IASM's and IASO's that try to argue to IG teams that the higher an EAL score the more secure it must be. And then can't imagine how their precious boxes just got owned by the Red Team. Uh, because the EAL doesn't mean jack, or the PP was junk, or hell the box just had a big fat hole in it.
The NIAP program is garbage. The buyer is left with what, a level to tell them the confidence level in the conclusion? OK, so that means most of the EAL's mean: don't trust the conclusions. And yet the agencies think: EAL = secure. They don't get that. They don't understand that the EAL score is just a "only trust this conclusion X percent", they think its a score of how secure a product is. Its a failure for that reason alone. The NIAP just sends the wrong message to the agencies.
OK, first, this is not a new idea, and its been beaten to death in the security literature - it doesn't work. The DMI tried this back in the 90's with SDMI, and it was found be just an unworkable back then. Lets count the ways this new idea is still the same old unworkable problem:
1. All purchases would require ID. ID's are not only easy forged, but legitmate IDs can be purchased through corrupt government employees. So you create a barrier to purchasing the product (I need an ID to buy a $9 CD?), plus its not reliable. IDs can be faked or stolen. Just because it says Joe Smith, does not mean its Joe Smith.
2. IDing would require a national/international register. Just because it says Joe Smith, does not mean that its the Joe Smith from NY. So you need still more information about the person AND a means to confirm it. Its not enough to just have a credit card, identity theft scams abound, so Joe Smith from 1234 hartford st may not be the real Joe Smith. So we need their SSN, or some other national identifing scheme. (You need my SSN to buy a $9 CD?) Maybe even some biometric information to know that its Joe. Yikes! All this for a stinking CD?
3. You expose the customer to identity theft by collecting this information. Now you have a database of all sorts of useful information about the customer, controlled by people that might just want to steal it. What about that clerk at the music store? Can you trust her with your social security number, and other identifing information? (All for a $9 CD?)
4. Could you use cash anymore? Maybe, but you'd still have to produce ID, and maybe other information about yourself. What if I don't want you to know who I am? What business it of yours if I want to buy a Depeche Mode CD for my Niece. Fuck off.
5. What if the purchase was a gift? So I buy some media for my Niece, with my name attached to it, and she then gives it to her friend, who then puts it online. Guess who gets the call from the RIAA, and has to pay the expense of proving their innocence. (Which creates an incentive to remove these watermarks, and possibly even a business to do this)
6. As others have pointed out, what about theft? If my digital media is stolen, again the burden rests with me to prove my innocence. Also, now some of my personal information is in the hands of a thief! Yikes! Sounds like a really good reason to remove the watermark!
7. How do you know you can trust the watermark? Is it cryptographically secure? Could someone change the watermark to incriminate their neighbor? If its cryptographically strong, then it needs more bits, which makes it even easier to find and remove.
8. Will the watermark survive removal from simple lossy compression? Probably not. If its not supposed to effect the medium in such a way as to be perceptible by a human, then it will probably get lost in compression (afterall, those bits aren't needed, so out they go). So is it an effective system then? The science says no, you would lose the watermark, and probably without even thinking about. Rip CD to Vorbis, and the watermark is gone.
9. You can remove the watermark via other means. Steganography is hard, really really hard, and individually marking files makes it much easier to detect the "hidden data" by opening the file to comparison attacks. But there a few other attacks we could use:
a: Rosetta stone attack) If you have an unwatermarked file, you can use a rosetta stone attack. This happened with the ill fated SDMI approach from the 90s.
b: Oracle attack: If the attacker has access to an Oracle (a device/program for detecting the watermark), he/she can fiddle with the file with impunity to find the watermark, and again remove/obscure/modify it.
c: Lossy compression attack: Just use lossy compression, it will probably destroy the watermark.
10. This won't stop illegal copying. Its just a reactionary method, based on the assumpti
Slashdot Mirror
Good question, I'm guessing that they are checking the cables to make sure its not going to actually hurt someone before they release it?
I'm not sure any lesson will be learned by payment processors except to stay away from organizations that may come with this kind of baggage. At the end of the day, payment processors can get attacked just as hard by governments and governments have all sorts of ways of making life truly miserable for a business. A DOS attack is nothing compared to a pissed off tax collector.
Yeah I've considered that - would anyone be that insance as to attack everyone that isn't currently doing business with wikileaks (if you're not with us you're against us) - I think that qualifies as the cyber equivalent of global nuclear suicide for anyone stupid enough to do that. I don't think anyone is that crazy or stupid to do that (plus I dont see how it would scale, every bank on earth? Every hosting company? Talk about bringing down the wrath of god on yourself.)
I believe you misunderstood my point, of course I know how credit card companies work - the issue is do they make enough money in the form of profits from the transaction to offset the costs of doing business with someone that may draw the unwanted attention of governments, shareholders, negative press, lookback auditing costs, chargebacks etc. (which is why some processors won't work with adult sites anymore) and inversely the costs incurred - in the present case - with dumping that customer. Hence the term "theres no money in it". If you ain't profiting, you ain't making money you're spending it.
So this is either a misguided attempt to help wikileaks, or a damn clever attack on wikileaks by destroying any chance they have of working with anyone else. Either way it seems to me (and what the hell do I know) that this going to backfire.
Perhaps the more constructive response is to figure out a way to do what you want without having to force someone else to do it. Mastercard is a business, they aren't in business to facilitate freedom of speech - and as annoying or insulting as that may be, and as much as it may piss some people off, its not going to change. Even if mastercard says they have changed their ways and suddenly become gods gift to the US first amendment, they really won't have done this - they exist to make money. If theres no money in it, they wont do it. Don't kid yourself, capitalism is about money - PERIOD. To that end, it actually seems like there may be a genuine need for a sort of CausesPayment system - at least I think wikileaks supporters would agree, so I recommend that if you really want to fix this problem, make it your own - this DDOS isn't going to give you the control you want. even if you get a temporary victory, it can be snatched away because you don't control the flow of money and never will as long as you rely on third parties. So go start a payment processor, it doesnt have to be anything fancy, you could just take payments in the form of checks to start with and send the money to whatever cause the person wants. Let them bankroll anything they want, let people bankroll anything they want - stand up, take action and stop waiting for someone else to do something about it. Then you can take whatever stance you want, and stand up for freedom of speech. If you want something done, do it yourself. If you wait for others to do it, you may wait forever.
Its probably going to reenforce their decision, and give anyone else pause if they choose to do business with Wikileaks. This is a really dumb thing to do, look at it this way, why would any payment process ever want to work with wikileaks again if they know their fanboys will attack them if they don't continue to do business with them? Its a no win situation for the payment processor, its better to never do business with wikileaks.
It doesn't matter, the mob has spoken and we all know the mob is always right. Otherwise the mob will turn on us. See, who needs courts and laws, theres no such thing as mob justice that isn't always right.
The story should be called "How to prove you are a sociopathic narcissistic douche-bag".
So, yeah, it *is* what we need.
"It" is the problem. The federal government is not qualified to set the standards or manage them. For example, look at FISMA - an unmitigated FAILURE in security. Its an excercise in building paper forts around computers and networks - and this is the BEST the federal government can do.
The federal government can not provide IT, the problem is one of design. Systems are not designed for the threats they face, and the federal government is worse than ill-equiped to lead that effort - its not only part of the problem, it fans the flames of the problem by forcing agencies to buy products not based on their technical merits but on bulk purchasing agreements, non-bid contracts, "certification programs" (look the EAL nonsense) and other nonsense. If you want security and IT to get worse, put the federal government in a position to rule over these things in private sector.
That depends. During Waco (under a democratic president) I imagine they would would say the US Govt. was the bad guys - thats certainly what the conservative commentators said.
If you accept what the Supreme Court said, then the 2nd amendment is basically about the inalienable right of the people to keep and bear arms.
It's also worth noting that the Constitution, the same document where we learn about the 2nd amendment, also says that the SCOTUS is the final arbiter on what the constitution means. I would think that if you are a 2nd amendment supporter, to be consistent, you must also accept what the SCOTUS rules.
I certainly do accept the SCOTUS on this one. Interestingly the ACLU, for example, does not. Specifically (and not pick on the ACLU, I really do appreciate them and support them) the ACLU states that they believe the SCOTUS was wrong on this one and that the 2nd amendment is just a group right. I for one think the ACLU is wrong and the SCOTUS is right and that the ACLU, and others, have always been wrong that the 2nd amendment only protects a group right.
It never made sense to me why you need a group right to arms as the government has always been in a position to have arms. There is no need to guarantee the National Guard or some "well regulated militia" has the right to arms - they can just have arms and who is going to stop them? Its just silly and I think some people trust their governments a little too much and the people too little which is why they may still be clinging to their erroneous logic that "the people" in the second amendment is somehow different from "the people" in the other amendments and the constitution itself. Maybe it scares them that "the people" might armed I suppose. The people means an individual right, and the SCOTUS agreed. Chock one up for logic, reason and reading comprehension skills!
Anyway, my point with the caveat was to recognize that some people still do not believe the SCOTUS was right and continue to argue that the individual right does not exist (so in their case they do not, in fact, accept what the SCOTUS said). Its moot for them to pretend otherwise at the moment, but neverthless they persist.
It is worth also noting that the SCOTUS has changed its position before so its possible a different SCOTUS could rule in the other direction. Wrongly I would say - but nevertheless it could occur and maybe thats what some of these folks are hoping for.
Hence the caveat "if you accept". (And I should have also said - and if you can read the constitution *grin*)
On a personal note when we operated west of your AO - around Yakhchal - we lost some folks to IEDS. Be careful on the A01, we just lost some good people to IEDs in the area, so stay in well armored vehicles that can take an IED if you travel known routes. Air movements are surprisingly less troublesome (well, maybe not so surprisingly). Ground movements via primary and secondary roads are an issue.
Also, you might want to have this debate with some US Army folk - you might find that your opinions of what the US Army could and would do in insurrection need some correction. I know many folks that would change sides if they were asked to wipe out a bunch of US civilians. Hell, technically everyone should refuse that unlawful order - not to mention the requirement in the US that all soldier swear an oath to out constitution - not to any government.
Not sure what you canucks do, but in the US when you sign up you raise you right hand to promise to uphold and defend the constitution from enemys both foreign and domestic - which means your own government sometimes.
And what you are missing is that yes they can - its called surrender or defeat. It happens a lot in history - go read the examples I and others have cited. You assume, incorrectly, that because an army can not leave the field that it will not YIELD the field. You are wrong. And sometimes a government can leave its own country, thus happens often as well.
You totally missed the point. What if the US govt. were the bad guys.
Dennis what army are you with? Your website says you race cars and live in Canada: http://en.wikipedia.org/wiki/Dennis_Grant
LOL! Only 21 years! You are a young man! ;-)
Its 22 years for me - I went though Harmony Church in 1986 as an 11B back when we still had OG-107s, wore steel pots and damn it we held on to them all until 89 when they forced us to put on BDUs and those damn heavy kevlar helments that you couldn't shave out of. So if you want me to retract "young man" consider it retracted old man, but my knees still work and the only old man I know is my father. In my unit everyone is a "Young Man" - we have no Old Men and no one is called the "Old Man". Old Men retire - Young Men fight.
So back to the issue at hand, I think you're missing my point. The idea of assymetry in ANY form, even a civil war, is literal. If the other side is that out classed they can only use assymetric means to fight. And yes, it DOES work. Successfully winning any war is about making things harder for the superior force to the point that they either can not continue to fight or they don't want to. Destroy their lines of communication, tear down their bridges, destroy their logistics trains, strike fear into the heart of the enemy and make them question WHY they gight. If you can't go toe to toe with them you use other means to break their will to fight. Heres a simple example: snipers have been and still are highly effective at reducing combat effectiveness against a superior (or even inferior) force, instilling fear and sometimes turning the tide of battle - and all you need is a good rifle.
In civil wars the superior force has been known to throw in the towel - even on its own territory. So yes, this works in civil wars too. You could have the county split. For example: the American Revolutionary war which was, in fact, a Civil war was British on British warfare with the dominant force eventually giving up the territory it no longer wanted to hold.
Perhaps whats getting between us in the assumotion that a civil war has to be an all or nothing conflict. A 2nd American Civil War might end up with an impasse and a divided nation - but this is all much much harder if the population has no arms to fight with. You may also be assuming that an insurrection has to be nationwide. There are historical examples of local insurrections to overthrow cities, counties, states, principalities but not the national government. The fact is that insurgencies sometimes succeed without the benefit of a superior force or technology, they simply have the minimum means necessary to break the will of the opponent. Just ask yourself one question: Would it be easier if the current insurgents were all disarmed?
So here are just a few examples of civil wars where the government did give up:
North Vietnam defeating South Vietnam
Cambodian Civil War
Russian Civil War
Finish Civil War of 1918
Greek Civil War of the late 1940s
Rwandan Civil War
Salvadorian Civil War
Sandanistas overthrow of Somoza regime in the late 70s
Fatah Hamas Civil war over Gaza (where as you recall, Fatah had no choice but to quit the field of battle causing a split into two territories and two governments)
Bangladesh Liberation War - where Pakistan lost East Pakistan forever due to Civil War
The Taliban in Afghanistan - you assume that a civil war can't involve outside parties? Whats to say an uprising in the US wouldn't be backed by someone else? It was before.
Guatemalan Civil War - that was literally the government against the people
Bosnian civil war - which lead to the creation of a new country out of the former Yugoslavia
And sometimes winning a civil war means both sides get some of what they want - but the key is that the superior force is willing to come to the table - they yield. Look at the Albian insurgency against the Macedonians. It was a civil war, and both sides brought it to an end with both sides offering something to the other. You could argue that's what's going on in Iraq right now - but this would not have happened with access to small arms.
Anyway, I hope this is food for thought. Best of luck to you on your tour.
Not to mention that the US Supreme court, this year, more or less put this to rest by ruling that second amendment is an individual right, so it more or less nullified the whole militia = group right argument. If you accept what the Supreme Court said, then the 2nd amendment is basically about the inalienable right of the people to keep and bear arms. Theres nothing in there about arms only for hunting purposes.
Since you chose to open with an appeal to authority I'll respond in kind. I too am a multi decade combat arms Army vet with combat experience. The wins we have made in Iraq did not happen because of our superior forces, technology and tactics but through a political choice made by many insurgents to put down their weapons and join our side. We were not going turn Iraq until that happened - mass on target doesn't work in the modern battle field. Don't kid yourself it was a holding action at best until those insurgents decided it was in their best interests to stop fighting. Asymmetrical wars can not be won via conventional means alone.
To wit, the Iraqis NEVER had air power, artillery or anything more modern than explosives (IEDs, etc.) and small arms - with the occasional special unit with a better RPG - and yet they held against the finest fighting force the world has ever seen until they CHOOSE to put down their weapons. Its the war not the battle you have to look at. Yes you can win every battle and yet still lose a war.
Lets look at it more carefully. Iraq was not won with our bad ass fighting forces alone. Armed populations will not aqueous until a time of their own choosing - smashing villages in force just keeps producing more insurgents - which is the REAL reason we don't do that. It has nothing to do with a lack of will on our part, its just good sound strategy. If you want to be percieved as the good guy, you have to act the part. So in a complicated war that involves real time propaganda - or at least video and a means to send it to the population faster than we have ever had in the past - an armed militia force can indeed win against a more advanced force. You've cited examples yourself. But lets look at your example of this not working with an army that doesn't care and WILL kill whole villages: Afghanistan circa 1980s: The Soviet Union WAS an advanced force, did wipe out whole villages, was BRUTAL to the afghans and the rag bags that took them on with nothing more than springfield bolt action rifles (which we technology superior to the AK-47 and AK-74 because they could engage beyond 400 meters, whereas the AK line could not) and guess who is NOT in Afghanistan anymore? Did the rag bags have stingers? Yes, did they have tanks? No, nor did they have any mass fire at all. Did the soviets care about civilian casualties? NO! They poisoned wells, wiped out villages, carrief out mass bombing campaigns and did this for YEARS. AND YET THEY LOST. Those ignorant mountain peasants with small arms, a handful of stingers and simple explosives got the Soviets to quit. They simply wore then down.
Another example: you mention Vietnam, yes there is another fine example of asymmetry in warfare - small arms again with some limited use of explosives. Did we bomb the hell out free fire zones - you bet your ass we did. We kills lots and lots of civilians and it made no difference. Break the enemies will and you win. You don't have to have a better, stronger or more advanced force to win a war you simply have to be more determined to win.
And if you are a military veteran (you imply that you are) then you should know about Somalia. There is black day for the US Army that should be burned into the brains of everyone in a western military force. If you recall, thats where an inferior fighting force could be argued to have won against a superior force with nothing but small arms and 2nd generation RPGs. Did they win the battle? Fuck no. But if you recall, we (the US) left because it was simply not worth it to us to continue the fight. To win against a superior force you don't have to defeat them - you simply have to get them to quit. So you miss the point of the 2nd amendment - its about being able to fight back and you miss the lesson about assymetric warfare that the founding fathers DID understand: You can lose the battl
We use evolution on our Linux boxes at a major Government site (to interface with Exchange) and with no issues. It may be that your UNIX users that are having problems are running an older version of Evolution, or perhaps its a config issue. The login procedure for Exchange is actually thru the OWA frontend, and you have to put your Domain before your username (DOMAIN\username). We've had plenty of senior linux engineers that did not know that, and thought it wasn't working. Simple mistake to make. The other config problem we saw was users that did not know they had to point to the OWA frontend, and thought they should be pointing to the backend exchange server (like in Outlook). Once they configured Evolution to point to the front end servers (the OWA boxes), it worked like a charm.
Look at what you just said, by your own admission, you did not see this happen. You just passing on a story someone else told you (which may or may not be true), so I'm sorry, but you did not see it happen. Equally, your story totally refutes your point, the burglar left, no one died - having guns will not kill you, or make it easier for you to be killed - thats what happened in your story. And a burglar is absolutely nothing like a razed person that wants to KILL you. Thiefs want to steal, they don't necessarily want to kill. So you story isn't even germane. We're talking about what to do when someone WANTs to kill you. If you lack the means to fight back, you will probably die. Someone of us just want the means to fight back. If you prefer to be unarmed, hey thats your life, do with it what you like, but I like being alive and as someone trained to use firearms - I'll take my chances protecting myself thank you.
Just ask yourself this: If you were one of those students, facing this murder and you just watched him kill your friend - wouldn't you want to be able to stop the murderer from killing you or anyone else? Its just you, and the shooter. What are you going to do? Tick tock, times up. Its kill or be killed. Welcome to the real world.
In my case, yes I do, my work requires it. Some people even sleep with them (In my line of work, its good insurance). When I was back on active duty in the Army, I was required to sleep with my loaded Rifle. Old habits die hard, and for good reason. There are bad people out there that want to kill you. Thankfully, its unlikely you will ever run into one of these people, but if you do, there is nothing you can do to prevent someone determined to die from causing situations like this. When you find yourself in this situtation, you run, you fight or you die. You better be prepared to fight for your life. If you want to be unarmed, thats your business, I'd rather be able to fight back.
Be that as it may, the valuable lesson here should be that appeals to authority should always be treated with suspicion. One should always be dubious of authorities - whether they are real or not. An expert still has to prove their point, and an appeal to their education, experience, etc. does not do that. Don't believe someone solely because they are educated or experienced in a topic. That does not, a priori, make them correct.
So when someone is proven to be a fake authority, suddenly its news for the "experts", so they can turn the tide back towards their credentials. Credentials mean nothing. Prove your point with facts, not a diploma. An authority does not a fact make. Having a degree doesn't mean that you are right or wrong, it just means you may know something about the subject - right or wrong. You still have to prove your point, and all the authority in the world can't do that for you. What people should learn from this is not only to we wary of so-called experts (its the Internet people, come on!) but that even if someone IS an expert that doesn't mean they are right! Use those critical thinking skills yourself, and be your own expert.
For what its worth, the XM recorder I have makes this requirement moot. You can not copy the content off the device. They have a segemented memory partition that keeps the recordings away from your PC. Its certainly possible that someone could debug the hardware and find a way to the content, but out of the box there is no way to copy anything digital off the recorder. You could only make analog copies, which you can do now with any radio on earth, XM or not. So it seems that they are in compliance with that requirement, and for what its worth the feature in the XM recorders has nothing to do with "illegal copying", as you can't copy the content off the device. This is just RIAA whining about "replay", which should be covered by fair use. The RIAA is just trying to battle for a bigger cut with XM, this is just a negotiating ploy pure and simple.
Be that as it may, the NIAP is still a failure because the agencies don't seem to understand the short comings of the program. The perception is that EAL levels are some quantification of security. The higher the level, the better it must be, and if a product doesn't have an EAL - well then we shouldn't use it. Which means a lot of excellent security tools are excluded from agencies, particularly at DoD where they are really needed.
For example, when conducting pen tests I've personally had to battle the EAL religion to just get decent tools approved for my teams, because NONE OF THEM ARE CERTIFIED. Which is both not a surprise, as some of the tools are so new (even the commercial ones) that they couldn't possibly have an EAL, are not maintained by people/organizations that have any motive to get them certified or take so long to get one that he state of the art tools are not available. You are left using older, less reliable and often times less secure products. Hell, at one point we had to battle over using Linux attack boxes because at the time Windows had a higher EAL! There was an insane perception that Windows would be better and after installing SP2, which was STIG mandated, the boxes were so slow at port scanning the IG caved and said go with Linux because the audit was going to take SO LONG it wouldn't get done in time. All of this stupidity was driven by the irrational belief in the holiness of the EAL.
Couple this with the false sense of security the level gives, and the fact that it really doesn't add anything by itself - as you yourself said - and it begs the question: Is the value worth the cost? Experience has taught me that it does not. The EAL is just a rehashing of older certification methods (remember the old A, B, C levels?) and those were not very useful either (unless you went for the top levels, and even then there were problems). Its not rigorous enough to be a real evaluation (even a full code review doesn't mean a product is safe, prudence says assume the worst, which is why its a damn good thing the GIG and SIPR are on their own physical networks), it doesn't truly test the security posture of a product, its takes too long to get a through test - so vendors are tempted to short cut via a bogus PP - and it doesn't mean that a product is or is not an acceptable risk for an organization to use. And yet, its POLICY now that you can't use controls that don't have an EAL. The EAL carries tremendous weight just for that alone. I can not tell you how many IASM's and IASO's that try to argue to IG teams that the higher an EAL score the more secure it must be. And then can't imagine how their precious boxes just got owned by the Red Team. Uh, because the EAL doesn't mean jack, or the PP was junk, or hell the box just had a big fat hole in it.
The NIAP program is garbage. The buyer is left with what, a level to tell them the confidence level in the conclusion? OK, so that means most of the EAL's mean: don't trust the conclusions. And yet the agencies think: EAL = secure. They don't get that. They don't understand that the EAL score is just a "only trust this conclusion X percent", they think its a score of how secure a product is. Its a failure for that reason alone. The NIAP just sends the wrong message to the agencies.
OK, first, this is not a new idea, and its been beaten to death in the security literature - it doesn't work. The DMI tried this back in the 90's with SDMI, and it was found be just an unworkable back then. Lets count the ways this new idea is still the same old unworkable problem:
1. All purchases would require ID. ID's are not only easy forged, but legitmate IDs can be purchased through corrupt government employees. So you create a barrier to purchasing the product (I need an ID to buy a $9 CD?), plus its not reliable. IDs can be faked or stolen. Just because it says Joe Smith, does not mean its Joe Smith.
2. IDing would require a national/international register. Just because it says Joe Smith, does not mean that its the Joe Smith from NY. So you need still more information about the person AND a means to confirm it. Its not enough to just have a credit card, identity theft scams abound, so Joe Smith from 1234 hartford st may not be the real Joe Smith. So we need their SSN, or some other national identifing scheme. (You need my SSN to buy a $9 CD?) Maybe even some biometric information to know that its Joe. Yikes! All this for a stinking CD?
3. You expose the customer to identity theft by collecting this information. Now you have a database of all sorts of useful information about the customer, controlled by people that might just want to steal it. What about that clerk at the music store? Can you trust her with your social security number, and other identifing information? (All for a $9 CD?)
4. Could you use cash anymore? Maybe, but you'd still have to produce ID, and maybe other information about yourself. What if I don't want you to know who I am? What business it of yours if I want to buy a Depeche Mode CD for my Niece. Fuck off.
5. What if the purchase was a gift? So I buy some media for my Niece, with my name attached to it, and she then gives it to her friend, who then puts it online. Guess who gets the call from the RIAA, and has to pay the expense of proving their innocence. (Which creates an incentive to remove these watermarks, and possibly even a business to do this)
6. As others have pointed out, what about theft? If my digital media is stolen, again the burden rests with me to prove my innocence. Also, now some of my personal information is in the hands of a thief! Yikes! Sounds like a really good reason to remove the watermark!
7. How do you know you can trust the watermark? Is it cryptographically secure? Could someone change the watermark to incriminate their neighbor? If its cryptographically strong, then it needs more bits, which makes it even easier to find and remove.
8. Will the watermark survive removal from simple lossy compression? Probably not. If its not supposed to effect the medium in such a way as to be perceptible by a human, then it will probably get lost in compression (afterall, those bits aren't needed, so out they go). So is it an effective system then? The science says no, you would lose the watermark, and probably without even thinking about. Rip CD to Vorbis, and the watermark is gone.
9. You can remove the watermark via other means. Steganography is hard, really really hard, and individually marking files makes it much easier to detect the "hidden data" by opening the file to comparison attacks. But there a few other attacks we could use:
a: Rosetta stone attack) If you have an unwatermarked file, you can use a rosetta stone attack. This happened with the ill fated SDMI approach from the 90s.
b: Oracle attack: If the attacker has access to an Oracle (a device/program for detecting the watermark), he/she can fiddle with the file with impunity to find the watermark, and again remove/obscure/modify it.
c: Lossy compression attack: Just use lossy compression, it will probably destroy the watermark.
10. This won't stop illegal copying. Its just a reactionary method, based on the assumpti