Yep everyone in NZ just set the encryption on their torrent clients to "forced," thereby making it impossible for the ISPs to see what's going on unless they start monitoring swarms (and swarms with dynamic IPs in the same pool as their clients, if they don't want to be defeated by PeerBlock). Kiwis are known for their ingenuity and cleverness, and this isn't rocket science.
"Bias" is like "natural medicine." It's a real thing, but the words are most often used for spreading bullshit, so when you say it my bullshit detector goes on alert.
I'm seeing 197 results for "TSA smurf" (the quotation marks are important, that way you're searching for the exact phrase "TSA smurf" rather than "TSA" and/or "Smurf")
Yeah I've seen places on Google Earth that are a few inches per pixel, even back in the early days before Google had their quadcopters. But I suppose those could have been aerial photography vs. satellite images.
Within a half-second of seeing the title I knew they were talking about the Burning Man festival. But for some tiny sliver of time in there, I thought they had recorded video of an astronaut burning up on re-entry from space.
The problem with spreading lists around is that it requires creating another messy system that requires trust in some authority - the one compiling the list. The same way someone could intercept the website serving your Linux distros and give you an infected one, with a matching hash so it still looks A-OK, someone could intercept the list and the corresponding hash. It's a lighter version of the same kind of mess we've had with CAs.
Using torrents to distribute the list would at least prevent sabotage, if the torrent file can be handed out securely, but that's just clustering the requirement for trust at the pinnacle of the "trust pyramid" - and also creating a single weak point that can compromise the whole system.
Actually after just writing that I had an idea. The site distributing the list could be hosted on a darknet like an.onion site. This would make the pinnacle of the pyramid much harder to subvert or impersonate, and now the only point of trust required from the client side is that the correct darknet site and public key are embedded in the browser (which could be verified on any open source browser).
Now from the administration side, if a site wants to register info on their public key on this identity list, here is a process that could be used that prevents impersonation:
1. The site owner puts a file on their site, following a filename convention, that contains the line that will be added to the identity list. A part of this information is a string and a hash, let's call this string A and hash H.
2. The site owner sends a PGP-encrypted email to the darknet site, originating from a registered MX IP for the domain, containing only string B. StrongHashFunction(String A + String B) = Hash H, else the darknet site doesn't process the request. This way it's only possible to impersonate a site if you've taken full control of the server - a much bigger problem anyways. So, if everything checks out, the darknet site uses the info it retrieved (via HTTPS connection) to add a line to the identity list.
DNS hijacks alone will become useless since the identity is checked for every site before a secure connection is made to send confidential information - they'd need the SSL private key that matches the public key to make any sense of the data that comes in, so without that a DNS hijack is useless and an SSL connection can't be established.
So, weak points:
1. The darknet site hosting the identity list: This is the single point of blind trust in this system, the integrity of the site itself. It would have to be locked down with paranoid security and in the control of a trusted party. But at least this trust can be easily verified, if a site operator finds that their identity info on the site is wrong they can cry foul.
2. It would be impossible to fully trust closed-source browsers - but that is an inherent and unavoidable problem we have even today.
It's still a lighter version of the same problem we've had with CAs but I've lightened it up much more. Verifying identity without sending out-of-band information will always require some trust unfortunately. You can detect MITMs without trust but not verify identity.
Yeah you can buy whatever you want with MC/Visa: nazi/white supremacist paraphernalia, a donation to the KKK, some botnet time, whatever, just don't try to donate to Wikileaks or buy anything of questionable copyright status!
They run Windows ME and MSSQL in hell, I don't think anyone around here is going to question that. Now if the devil wants to spread more evil is he going to pump money into a big evil monopolistic corporation and make Steve Ballmer richer, or is he going to pirate it, removing the trouble of managing licenses from the backs of hell's sysadmins?
If the US economy hadn't been pillaged by 1%ers and bled dry by the specter of some religious nuts who live in caves, they'd be in a space-faring dickwaving competition with China right now. Sad to think of what could have been...
A bunch of admins are probably running into the server room with fire extinguishers at this moment. And hopefully one with a Scottish accent is yelling over a cell phone that the server is overloaded and can't take any more.
It's been said that getting a 100% of all our energy needs for the next thousand years wouldn't reduce the Earth's core temperature one degree so it's a potential long term solution.
Wow, makes you think...even if that's assuming no increase in energy use that's damn impressive.
Yep everyone in NZ just set the encryption on their torrent clients to "forced," thereby making it impossible for the ISPs to see what's going on unless they start monitoring swarms (and swarms with dynamic IPs in the same pool as their clients, if they don't want to be defeated by PeerBlock). Kiwis are known for their ingenuity and cleverness, and this isn't rocket science.
A few places above Sweden and Canada? That doesn't say a whole lot IMO.
"Bias" is like "natural medicine." It's a real thing, but the words are most often used for spreading bullshit, so when you say it my bullshit detector goes on alert.
I'm seeing 197 results for "TSA smurf" (the quotation marks are important, that way you're searching for the exact phrase "TSA smurf" rather than "TSA" and/or "Smurf")
I measured my AE92 the other day and it's about 123cm, HAW! :-P
Yeah I've seen places on Google Earth that are a few inches per pixel, even back in the early days before Google had their quadcopters. But I suppose those could have been aerial photography vs. satellite images.
Within a half-second of seeing the title I knew they were talking about the Burning Man festival. But for some tiny sliver of time in there, I thought they had recorded video of an astronaut burning up on re-entry from space.
The problem with spreading lists around is that it requires creating another messy system that requires trust in some authority - the one compiling the list. The same way someone could intercept the website serving your Linux distros and give you an infected one, with a matching hash so it still looks A-OK, someone could intercept the list and the corresponding hash. It's a lighter version of the same kind of mess we've had with CAs.
Using torrents to distribute the list would at least prevent sabotage, if the torrent file can be handed out securely, but that's just clustering the requirement for trust at the pinnacle of the "trust pyramid" - and also creating a single weak point that can compromise the whole system.
Actually after just writing that I had an idea. The site distributing the list could be hosted on a darknet like an .onion site. This would make the pinnacle of the pyramid much harder to subvert or impersonate, and now the only point of trust required from the client side is that the correct darknet site and public key are embedded in the browser (which could be verified on any open source browser).
Now from the administration side, if a site wants to register info on their public key on this identity list, here is a process that could be used that prevents impersonation:
1. The site owner puts a file on their site, following a filename convention, that contains the line that will be added to the identity list. A part of this information is a string and a hash, let's call this string A and hash H.
2. The site owner sends a PGP-encrypted email to the darknet site, originating from a registered MX IP for the domain, containing only string B. StrongHashFunction(String A + String B) = Hash H, else the darknet site doesn't process the request. This way it's only possible to impersonate a site if you've taken full control of the server - a much bigger problem anyways. So, if everything checks out, the darknet site uses the info it retrieved (via HTTPS connection) to add a line to the identity list.
DNS hijacks alone will become useless since the identity is checked for every site before a secure connection is made to send confidential information - they'd need the SSL private key that matches the public key to make any sense of the data that comes in, so without that a DNS hijack is useless and an SSL connection can't be established.
So, weak points:
1. The darknet site hosting the identity list: This is the single point of blind trust in this system, the integrity of the site itself. It would have to be locked down with paranoid security and in the control of a trusted party. But at least this trust can be easily verified, if a site operator finds that their identity info on the site is wrong they can cry foul.
2. It would be impossible to fully trust closed-source browsers - but that is an inherent and unavoidable problem we have even today.
It's still a lighter version of the same problem we've had with CAs but I've lightened it up much more. Verifying identity without sending out-of-band information will always require some trust unfortunately. You can detect MITMs without trust but not verify identity.
I don't think the distributed lists is a good idea. Just stick to distributed verification / SSL notaries.
In 2010 Groupon lost $456M.
Let's put that money in perspective:
- That's like crashing a Bugatti Veyron nearly once per day. Almost exactly once per day if you assume they get their money for the scrap metal back.
- That's like crashing a Cessna Citation X (high-end business jet) roughly once every 18 days.
- That's roughly equal to crashing an A380, then getting another one half-built, and setting it on fire within a year.
- That's nearly 1/3rd the cost of the Burj Khalifa, except with nothing to show for it.
That's true in the UK and many other countries but I'm not sure if US law is the same.
Apparently, if you close your ears, hold your hands to you ears and yell LALALALALALA all problems instantly disappear.
I think this also explains how people who are normally anti-DRM see Steam as acceptable.
Yeah you can buy whatever you want with MC/Visa: nazi/white supremacist paraphernalia, a donation to the KKK, some botnet time, whatever, just don't try to donate to Wikileaks or buy anything of questionable copyright status!
They run Windows ME and MSSQL in hell, I don't think anyone around here is going to question that. Now if the devil wants to spread more evil is he going to pump money into a big evil monopolistic corporation and make Steve Ballmer richer, or is he going to pirate it, removing the trouble of managing licenses from the backs of hell's sysadmins?
If it makes you feel any better, the only moon landing deniers I know are 50+ years old.
If the US economy hadn't been pillaged by 1%ers and bled dry by the specter of some religious nuts who live in caves, they'd be in a space-faring dickwaving competition with China right now. Sad to think of what could have been...
Oh good for them. It bogged down pretty hard when the article was first posted but I was finally able to load it about a minute ago.
That image is a hotlinked, bigass JPEG.
A bunch of admins are probably running into the server room with fire extinguishers at this moment. And hopefully one with a Scottish accent is yelling over a cell phone that the server is overloaded and can't take any more.
That was my point.
That's only the Danger Room section.
Care to give a little hint about what in that book is eugenicist? I can't tell from the summary of topics it touches on.
Also I'm sacrificing some potential future lulz by revealing this, but the author of that book has been called a climate science denier.
...and we've come full circle back to the polygraph machine.
It's been said that getting a 100% of all our energy needs for the next thousand years wouldn't reduce the Earth's core temperature one degree so it's a potential long term solution.
Wow, makes you think...even if that's assuming no increase in energy use that's damn impressive.
Mine exploded about half way down this page, I'm gonna stop buying the expensive ones :-(
Depends on whether he's flying in a commercial airliner, or more likely, in some dude's little 2-seater, in which case it wouldn't be a problem.