Do you REALLY think the bad guys aren't looking as hard or harder than those who present at DEFCON? Wow....
That's the typical black-and-white security bullshit coming from "computer science security researchers". None of the physical security systems people use are secure: they all have "security flaws". Every single one of them. It's only computer scientists that have some pipe dream of total security. Of course, although that is theoretically achievable, actual software fails to deliver.
Sadly the lesson doesn't appear to sink in and morons keep building insecure shit. When it hits their wallet they listen.
How does warballooning or telling people how to forge MBTA tickets help anybody? Why is it your problem whether people access my WiFi or whether people cheat on their MBTA fares?
Look at MBTA. Physical tokens used to be pretty easy to fake. The costs and risks of that were well understood. Now, they moved to mag stripes, and they are still easy to fake. Do you really think the MBTA didn't think about this? Most likely, they decided that the hassles and costs of key management and administration just weren't worth it.
But publicity from DEF CON presentations may force the MBTA to redo the entire system to make it cryptographically secure, even though that is clearly not the best cost/benefit solution for them. They will also increase police presence and stop and possibly arrest anybody doing anything with gadgets near their RFID readers.
Who do you think will suffer from this? The MBTA will have to pass on the costs of redoing their system to the riders, and the increased police vigilance will make geek life in Boston that much more unpleasant, since any PDA or gadget used around their machines will become suspect as a hacking tool. MBTA employees also probably will have to be tracked more carefully. Congratulations for bringing us one step closer to the police state.
All major smart phones in existence, other than the iPhone, only contact the servers and services that the user wants them to contact.
Nokia, Microsoft, and Palm cannot remotely disable the phone. They can't remotely push updates on the phone. They don't control where users download applications from. You don't even need to use them with their desktop software. And all of them are available unlocked and on many carriers.
Only Apple's iPhone has mandatory tie-ins with the phone maker's desktop software, servers, store, and preferred carrier.
Apple has truly innovated here: in taking away control from users and setting a very bad precedent.
After being the main driver behind establishing DRM technologies in the market place, Apple is now trying to firmly establish remote control over people's phones and the software they can install on it.
None of the other smart phone vendors can do this. I can install whatever I like on my Palm, Nokia, or Windows Mobile device, and none of those companies nor my cellular provider can do anything about it.
If Microsoft did anything like this, they would be torn apart in the press and investigated by the justice department. But somehow, when Steve Jobs does this, it's supposed to be OK?
Apple is using a pretty face to push some of the most evil technologies around. Apple must be stopped.
because they only do so when those damn geeks make up some threat about insecure networks and credit cards being stolen and all that other stuff that won't really happen
As I was saying: there are plenty of flaws in networks, software, and protocols. But only a complete moron would think that the right way of dealing with them is to publicize those flaws widely.
You're right, let's all shut up and stop defconning,
How stupid do you have to be to see that DEF CON isn't improving security? DEF CON has been exposing security problems for 15 years, and things have gotten steadily worse. It's not working. The assumption that if you expose security holes, people will fix them and things will improve clearly is wrong.
Are there really people stupid enough to think that awareness of security holes is something new? Every major piece of infrastructure over the last century has had major security holes. But rather than gleefully exploiting and exposing them for personal fame and fortune, the people who figured it out just shut up about them. Why? Because they understood that fixing those holes would be costly and intrusive, and it would ultimately still not make the system really safe.
So, if you enjoy body cavity searches, universal surveillance cameras, automated defense systems, and dealing with proprietary and intrusive access controls everywhere you go electronically or physically, then go ahead and keep wardriving and warballooning and defconnning.
Just be aware that it is your actions that are bringing us the police state, because once a bunch of geeks stands up and says "hey, your infrastructure isn't secure and we are at risk", then politicians and lawmakers have to act.
'Near the end of the operation, a Las Vegas Metropolitan Police cruiser drove by the parking lot to see what was going on. Hill and his team waved. The police officers waved back and drove off
If they hadn't, then there would have been a story about how intrusive and incompetent the police was.
The police did the right thing: they judged correctly that there was no imminent danger and drove on. It isn't their job to try to find economic or computer hacking crimes-in-progress, and they have neither the equipment nor the training to do that. And they were smart enough to see that a bunch of geeks playing with balloons are not terrorists.
Physical locks are basically advisory; it doesn't take a lot of determination or skill to circumvent them. If you really need to protect something, you need to back the locks up with other security mechanisms.
Something like Medeco is probably already overkill and beyond cost/benefit.
Mail and Calendar, you can simply back up by subscribing to them using IMAP/POP and iCal.
Google Sites, you can kind of backup with wget; just make a copy of the site from a cron job.
For Google Docs, you can use Gears; it won't be a full backup, but it will have local copies of the most important documents, and you can cut-and-paste out of that in a pinch.
In the long term, something like Gnome Conduit will probably solve this problem once and for all; until then, one just has to muddle through.
Why doesn't anyone want to talk about the known increase in solar radiation over the last 30 years?
That's not a "third possibility". It doesn't matter what current temperature increases are due to, or even if they are real. Carbon emissions into the atmosphere must invariably change global temperatures and weather at some point.
Maybe we won't run out of oil because it isn't really made from dead trees and dinosaurs
That's a real possibility, and if it's true, we are even more screwed because it would mean that the weather can become even more inhospitable than it has ever been in earth's history.
I'm just concerned that global warming is really another scam to take more of my money in the form of taxes to "save the earth"
The scam is that the government has been taking away everybody's money in the form of taxes to subsidize the oil, gas, automobile, and airline industries, and has been directing most of its military efforts at keeping the supplies from the Middle East flowing. The scam is that the government has been tearing up efficient transportation systems and changing urban planning in such a way that people simply don't have a choice but to drive a car.
Yes, and it can stabilize around many different points: something like we've had for the last few thousand years, an ice-free hot house, a snowball, or something completely different. All of those have happened in the past. All of them have led to massive extinctions.
That's what makes carbon emissions so dangerous: homeostasis will continue to mask the effect, but at some point, the climate will flip and change rapidly towards another equilibrium. And at that point, there is nothing we can do anymore.
Homeostasis ("robust earth") is what makes global warming so dangerous: changes seem small and hard to predict, but then suddenly become catastrophic.
It hurts us all to pay higher taxation to fix something tomorrow that is not really broken
But fossil fuel usage for transportation and heating is really broken. It would be broken even if there were no global warming at all. Fossil "fuel" is too valuable a resource to burn.
when we can slowly fix it over 10-15 years
It's not going to get fixed without massive economic incentives to fix it.
to pay higher taxation to fix something tomorrow
What you call "higher taxation" is actually just accounting better for the true costs of oil.
There is also a problem with say, North America makes changes, but growing nations like China and India do not. They will replace our former gas guzzling ways and the sum total is a zero balance
Well, and if we don't do it unilaterally, the sum total will be a huge positive balance, which is worse. And we're not going to convince India and China unless we lead.
Furthermore, India and China have a valid argument: we built our industrial base by imposing massive carbon emissions on the rest of the world over the last 50 years. If we hadn't done that, they could be growing now like we did back then. They are constrained because of our actions.
In different words, the US and Europe depleted a global, finite resource to build their industrial base and took more than their fair share. The rational and right thing to do would be to pay the rest of the world for that.
The real problem isn't nature, and to your point, the real solution isn't changing anything, it's dedicated research.
But we are changing something: we are emitting CO2 into the atmosphere, and our emissions are growing exponentially. That can't go on: either we stop voluntarily, or we run out of fossil fuel, or we get a climate catastrophe; there simply is no third possibility.
When you are saying that we shouldn't "change anything", you are actually advocating continuing a massive global change, a massive experiment with global climate. People like you are playing word games: you simply redefine what amounts to deliberate and massive change as "no change" by reframing the issue.
We have been emitting massive amounts of carbon into the atmosphere for maybe 50 years. It's a simple physical fact that that must lead to global warming sooner or later; whatever has kept anthropogenic global warming under control so far has been homeostatic mechanisms that invariably will get overwhelmed if we keep growing our emissions.
We know what the climate would likely be like without human carbon emissions and other human changes to the environment, because it's the climate that we have been getting for the last 5000 years of human civilization.
You're also wrong to assume that "mother nature works slowly". Once homeostasis is gone, things can spiral out of control in a matter of a few years. That is what makes continued massive carbon emissions particularly risky: by the time we have definitive proof that they are dangerous, it's far too late to do anything about it.
What you are advocating is a massive, risky, global climate experiment, for no other reason than the short term convenience of some oil and coal companies. There is no reason on earth, economically, meteorologically, socially, or ecologically, to continue emitting massive amounts of CO2 into the atmosphere, and the sooner and the closer we can get to pre-industrial levels, the better. It's the conservative thing to do and it's the right thing to do.
I get into piracy arguments with other folks all the time. They talk about how they want "DRM-free" music, information wants to be free, most modern music is crap anyways, etc. But when it comes down to it, they're just being cheap.
Bullshit. I have paid for every CD, video game, and book that I own. But if it comes with with DRM or copy protection, I will return it and demand my money back, and I will warn other people not to buy it.
I have no idea how well DRM or copy protection works against piracy, but I don't give a damn. If your non-DRM'ed game gets pirated so much that you can't make a living, go figure out a different business model. The world doesn't owe you a living as an independent developer or musician.
"Hey, John, before we can collaborate on this project, you need to buy a Mac, buy SubEthaEdit, install it, and then figure out how to let our two machines talk to each other through our firewalls." I don't think so.
instead of the limited functionality and bloat of Web applications
SubEthaEdit is a 6M download for basic collaborative text editing. Sounds quite bloated to me when you consider that Google Docs provides WYSIWYG editing, real-time collaboration, storage, indexing and search, chat, and complete version management in just a web page.
The question is whether or not I am prepared to spend 20 minutes trawling google to provide citations to satisfy the smarmy nitpicking of some random twat on the internet.
I'm not asking you for "citations", I am asking you for something, anything, to support your grandiose generalizations about US R&D.
Obviously, you have nothing, and you're just making things up out of thin air.
I didn't make any statements about US research output, you did. I'm asking you to support your assertions.
Who said I was trying to compare the US to another nation?
Indeed: you were completely oblivious to the issue. But either the US is using the best known practices for quantifying research output, or it is not. If it it using best known practices, you have nothing to complain about. If you want to argue that the US is not using best practices for quantifying research output, then please point to something that supports your statements.
It really pisses me off when people try and deflect or dodge questions in place of making a point.
Indeed, and that is exactly what you're doing. So far, all you have done is bash US research without any substance behind your arguments. Put up or shut up.
Slashdot Mirror
But but but... Microsoft is an EVIL EVIL convincted monopolist! Its even WORSE than a felon!!!
Yes they are: Microsoft has stolen many billions from the public and held back progress by at least a decade.
Apple hasn't been as successful at being evil, but they certainly are trying.
Do you REALLY think the bad guys aren't looking as hard or harder than those who present at DEFCON? Wow....
That's the typical black-and-white security bullshit coming from "computer science security researchers". None of the physical security systems people use are secure: they all have "security flaws". Every single one of them. It's only computer scientists that have some pipe dream of total security. Of course, although that is theoretically achievable, actual software fails to deliver.
Sadly the lesson doesn't appear to sink in and morons keep building insecure shit. When it hits their wallet they listen.
How does warballooning or telling people how to forge MBTA tickets help anybody? Why is it your problem whether people access my WiFi or whether people cheat on their MBTA fares?
Look at MBTA. Physical tokens used to be pretty easy to fake. The costs and risks of that were well understood. Now, they moved to mag stripes, and they are still easy to fake. Do you really think the MBTA didn't think about this? Most likely, they decided that the hassles and costs of key management and administration just weren't worth it.
But publicity from DEF CON presentations may force the MBTA to redo the entire system to make it cryptographically secure, even though that is clearly not the best cost/benefit solution for them. They will also increase police presence and stop and possibly arrest anybody doing anything with gadgets near their RFID readers.
Who do you think will suffer from this? The MBTA will have to pass on the costs of redoing their system to the riders, and the increased police vigilance will make geek life in Boston that much more unpleasant, since any PDA or gadget used around their machines will become suspect as a hacking tool. MBTA employees also probably will have to be tracked more carefully. Congratulations for bringing us one step closer to the police state.
How stupid do you have to be not to notice this?
Yes, indeed, how stupid do you have to be?
All major smart phones in existence, other than the iPhone, only contact the servers and services that the user wants them to contact.
Nokia, Microsoft, and Palm cannot remotely disable the phone. They can't remotely push updates on the phone. They don't control where users download applications from. You don't even need to use them with their desktop software. And all of them are available unlocked and on many carriers.
Only Apple's iPhone has mandatory tie-ins with the phone maker's desktop software, servers, store, and preferred carrier.
Apple has truly innovated here: in taking away control from users and setting a very bad precedent.
After being the main driver behind establishing DRM technologies in the market place, Apple is now trying to firmly establish remote control over people's phones and the software they can install on it.
None of the other smart phone vendors can do this. I can install whatever I like on my Palm, Nokia, or Windows Mobile device, and none of those companies nor my cellular provider can do anything about it.
If Microsoft did anything like this, they would be torn apart in the press and investigated by the justice department. But somehow, when Steve Jobs does this, it's supposed to be OK?
Apple is using a pretty face to push some of the most evil technologies around. Apple must be stopped.
because they only do so when those damn geeks make up some threat about insecure networks and credit cards being stolen and all that other stuff that won't really happen
As I was saying: there are plenty of flaws in networks, software, and protocols. But only a complete moron would think that the right way of dealing with them is to publicize those flaws widely.
You're right, let's all shut up and stop defconning,
How stupid do you have to be to see that DEF CON isn't improving security? DEF CON has been exposing security problems for 15 years, and things have gotten steadily worse. It's not working. The assumption that if you expose security holes, people will fix them and things will improve clearly is wrong.
Are there really people stupid enough to think that awareness of security holes is something new? Every major piece of infrastructure over the last century has had major security holes. But rather than gleefully exploiting and exposing them for personal fame and fortune, the people who figured it out just shut up about them. Why? Because they understood that fixing those holes would be costly and intrusive, and it would ultimately still not make the system really safe.
So, if you enjoy body cavity searches, universal surveillance cameras, automated defense systems, and dealing with proprietary and intrusive access controls everywhere you go electronically or physically, then go ahead and keep wardriving and warballooning and defconnning.
Just be aware that it is your actions that are bringing us the police state, because once a bunch of geeks stands up and says "hey, your infrastructure isn't secure and we are at risk", then politicians and lawmakers have to act.
'Near the end of the operation, a Las Vegas Metropolitan Police cruiser drove by the parking lot to see what was going on. Hill and his team waved. The police officers waved back and drove off
If they hadn't, then there would have been a story about how intrusive and incompetent the police was.
The police did the right thing: they judged correctly that there was no imminent danger and drove on. It isn't their job to try to find economic or computer hacking crimes-in-progress, and they have neither the equipment nor the training to do that. And they were smart enough to see that a bunch of geeks playing with balloons are not terrorists.
Think of the "Microsoft open source lab" more like an "alien autopsy" lab than, say, Mozilla labs.
Physical locks are basically advisory; it doesn't take a lot of determination or skill to circumvent them. If you really need to protect something, you need to back the locks up with other security mechanisms.
Something like Medeco is probably already overkill and beyond cost/benefit.
Mail and Calendar, you can simply back up by subscribing to them using IMAP/POP and iCal.
Google Sites, you can kind of backup with wget; just make a copy of the site from a cron job.
For Google Docs, you can use Gears; it won't be a full backup, but it will have local copies of the most important documents, and you can cut-and-paste out of that in a pinch.
In the long term, something like Gnome Conduit will probably solve this problem once and for all; until then, one just has to muddle through.
Tribbles invade William Shatner's hairpiece? No, wait, that was the other one that just won't go away.
Any E-mail that you don't want to be seen, you have to encrypt. Otherwise, you can be sure that it will be data mined, analyzed, and keyword spotted.
Why doesn't anyone want to talk about the known increase in solar radiation over the last 30 years?
That's not a "third possibility". It doesn't matter what current temperature increases are due to, or even if they are real. Carbon emissions into the atmosphere must invariably change global temperatures and weather at some point.
Maybe we won't run out of oil because it isn't really made from dead trees and dinosaurs
That's a real possibility, and if it's true, we are even more screwed because it would mean that the weather can become even more inhospitable than it has ever been in earth's history.
I'm just concerned that global warming is really another scam to take more of my money in the form of taxes to "save the earth"
The scam is that the government has been taking away everybody's money in the form of taxes to subsidize the oil, gas, automobile, and airline industries, and has been directing most of its military efforts at keeping the supplies from the Middle East flowing. The scam is that the government has been tearing up efficient transportation systems and changing urban planning in such a way that people simply don't have a choice but to drive a car.
The earth is clearly a self-regulating system
Yes, and it can stabilize around many different points: something like we've had for the last few thousand years, an ice-free hot house, a snowball, or something completely different. All of those have happened in the past. All of them have led to massive extinctions.
That's what makes carbon emissions so dangerous: homeostasis will continue to mask the effect, but at some point, the climate will flip and change rapidly towards another equilibrium. And at that point, there is nothing we can do anymore.
Homeostasis ("robust earth") is what makes global warming so dangerous: changes seem small and hard to predict, but then suddenly become catastrophic.
It hurts us all to pay higher taxation to fix something tomorrow that is not really broken
But fossil fuel usage for transportation and heating is really broken. It would be broken even if there were no global warming at all. Fossil "fuel" is too valuable a resource to burn.
when we can slowly fix it over 10-15 years
It's not going to get fixed without massive economic incentives to fix it.
to pay higher taxation to fix something tomorrow
What you call "higher taxation" is actually just accounting better for the true costs of oil.
There is also a problem with say, North America makes changes, but growing nations like China and India do not. They will replace our former gas guzzling ways and the sum total is a zero balance
Well, and if we don't do it unilaterally, the sum total will be a huge positive balance, which is worse. And we're not going to convince India and China unless we lead.
Furthermore, India and China have a valid argument: we built our industrial base by imposing massive carbon emissions on the rest of the world over the last 50 years. If we hadn't done that, they could be growing now like we did back then. They are constrained because of our actions.
In different words, the US and Europe depleted a global, finite resource to build their industrial base and took more than their fair share. The rational and right thing to do would be to pay the rest of the world for that.
The real problem isn't nature, and to your point, the real solution isn't changing anything, it's dedicated research.
But we are changing something: we are emitting CO2 into the atmosphere, and our emissions are growing exponentially. That can't go on: either we stop voluntarily, or we run out of fossil fuel, or we get a climate catastrophe; there simply is no third possibility.
When you are saying that we shouldn't "change anything", you are actually advocating continuing a massive global change, a massive experiment with global climate. People like you are playing word games: you simply redefine what amounts to deliberate and massive change as "no change" by reframing the issue.
We have been emitting massive amounts of carbon into the atmosphere for maybe 50 years. It's a simple physical fact that that must lead to global warming sooner or later; whatever has kept anthropogenic global warming under control so far has been homeostatic mechanisms that invariably will get overwhelmed if we keep growing our emissions.
We know what the climate would likely be like without human carbon emissions and other human changes to the environment, because it's the climate that we have been getting for the last 5000 years of human civilization.
You're also wrong to assume that "mother nature works slowly". Once homeostasis is gone, things can spiral out of control in a matter of a few years. That is what makes continued massive carbon emissions particularly risky: by the time we have definitive proof that they are dangerous, it's far too late to do anything about it.
What you are advocating is a massive, risky, global climate experiment, for no other reason than the short term convenience of some oil and coal companies. There is no reason on earth, economically, meteorologically, socially, or ecologically, to continue emitting massive amounts of CO2 into the atmosphere, and the sooner and the closer we can get to pre-industrial levels, the better. It's the conservative thing to do and it's the right thing to do.
Because smaller companies are more relaxed and not as arsey about hitting deadlines.
Yeah, small companies simply go out of business when they miss deadlines.
I get into piracy arguments with other folks all the time. They talk about how they want "DRM-free" music, information wants to be free, most modern music is crap anyways, etc. But when it comes down to it, they're just being cheap.
Bullshit. I have paid for every CD, video game, and book that I own. But if it comes with with DRM or copy protection, I will return it and demand my money back, and I will warn other people not to buy it.
I have no idea how well DRM or copy protection works against piracy, but I don't give a damn. If your non-DRM'ed game gets pirated so much that you can't make a living, go figure out a different business model. The world doesn't owe you a living as an independent developer or musician.
Do you have a family? As a new dad (my boy's just 8 days old)
Well, kids don't fall from the sky and you knew what your responsibilities were going to be. You just can't have it all, sorry.
... SubEthaEdit ...
"Hey, John, before we can collaborate on this project, you need to buy a Mac, buy SubEthaEdit, install it, and then figure out how to let our two machines talk to each other through our firewalls." I don't think so.
instead of the limited functionality and bloat of Web applications
SubEthaEdit is a 6M download for basic collaborative text editing. Sounds quite bloated to me when you consider that Google Docs provides WYSIWYG editing, real-time collaboration, storage, indexing and search, chat, and complete version management in just a web page.
I can't figure out who this is supposed to be for.
My parents and family would be thoroughly confused by it, as would likely be most other "normal" users.
As a power users, I'm not sure this helps me either. I don't want icons "drifting away" from me, and it doesn't seem to make anything I do any faster.
Here is an example of the rate of patents being used as a surrogate for rate of innovaction
And here is an example where they are not:
http://www.businessweek.com/innovate/content/apr2007/id20070420_997596.htm?chan=innovation_innovation+%2B+design_top+stories
And that examples shows what the position of the US government, US academics, and leading US businesses is.
In different words, you're full of shit.
The question is whether or not I am prepared to spend 20 minutes trawling google to provide citations to satisfy the smarmy nitpicking of some random twat on the internet.
I'm not asking you for "citations", I am asking you for something, anything, to support your grandiose generalizations about US R&D.
Obviously, you have nothing, and you're just making things up out of thin air.
What are you producing then, smartarse?
I didn't make any statements about US research output, you did. I'm asking you to support your assertions.
Who said I was trying to compare the US to another nation?
Indeed: you were completely oblivious to the issue. But either the US is using the best known practices for quantifying research output, or it is not. If it it using best known practices, you have nothing to complain about. If you want to argue that the US is not using best practices for quantifying research output, then please point to something that supports your statements.
It really pisses me off when people try and deflect or dodge questions in place of making a point.
Indeed, and that is exactly what you're doing. So far, all you have done is bash US research without any substance behind your arguments. Put up or shut up.