This is exactly why we need ubiquitous encryption. If all traffic is encrypted, emails to your wife, IM's to your mom, then They will never know what they should be wasting their time trying to decode. It's possibly feasible to decode encrypted IM traffic between Terrorist A and Corrupt Police Captain B (Or "Hippie Treehugger A and Cream Pie Throwing G8 Hater B", as you prefer), but if that traffic is buried in the noise of everyone elses encrypted traffic, the NSA won't know where to start decoding.
That gives regular people a good headstart over tyranny.
I think that's what he was getting at. With TC 5, you could do full-disk encryption, but the problem is that you can be legally compelled to give up your keys and the 5th amendment won't help you AFAIK. With TrueCrypt 6, it's possible to create a shadow volume with a bootable OS.
So with TC 6, you can have one "encrypted" OS that you boot from and do regular stuff from every once in a while, to make it look normal and active. Then you have a different password to boot off of the shadow volume, which is where all the top secret super missile codes go. Theoretically, there is no detecting that second shadow partition.
This should be good for passing through US customs and would probably prevent them stealing (yeah, stealing) your laptop, since you can boot it, log it in, and show there's nothing there.
Thanks, that answers that, go Apple. I'm happier every day that I bought Macs. It's funny, you also now have to think about other apps that might leak the "recent documents" paths, OpenOffice, Adobe apps, pretty much anything.
My bet would be that if you have the DFS filesystem mounted, then Spotlights (or Beagle on Linux) would just index it like any part of the filesystem.
They're not trying to decrypt files here, but just prove that files exist. TrueCrypt lets you put an encrypted volume inside an encrypted volume, such that if you mount the "outer" volume, you can't show evidence that there even exists an "inner" volume. However, if you mount that "inner" volume and use the files in it, Windows will make a Recent Documents shortcut to its location, thus disclosing the fact that there are files there.
I'm a TrueCrypt user, but not a DFS user, since I care more about the encryption than I do about plausible deniability, but I'm interested in trying this out. The test case might be along the lines of:
Mount a DFS volume on a Mac
Do a spotlights search for something inside that volume
Unmount the DFS volume
See if theres any cached data from Spotlights that still hints at the existence of the file within your hidden filesystem
Since Spotlights also does a full-text search, does it cache any of that full-text data to make the next search faster?
That's what I always wished had happened to this thing. C&W had the largest commercial dish in the world, as it is I believe it may have just gone for scrap. It felt VERY Goldeneye to go out for a smoke at 3am with that thing (and a bunch of teeny 3/5 meters) hanging over you.
I'm sure the IT management of one of the most IT savvy cities in the world never would have thought of trying that.
He was probably messing with the WAN itself, ie "He's a network engineer, not a Windows admin" seems likely. Even then, you can reset the gear to defaults or in many cases reload and recover the password. In that case, though, there are implications to taking down the entire city's core network infrastructure one router at a time, it's probably easier just to beat it out of him.
Of course, there's no saying that that's what he did, it could easily be that he changed something on a Windows AD domain and locked everyone out, but it seems more likely it's infrastructure.
DJB's source port randomization makes it much much harder to exploit the main bug, which is apparently a fundamental flaw in the DNS. We'll know on the 7th what that flaw is, but until DNSSEC or something similar is implemented, source port randomization will mitigate the risk until such time that the root cause is fixed.
You'd be surprised what a few dozen Mb/sec sustained can do to some of these countries in the middle of nowhere. Nevermind if there's an undersea cable break.
Yeah, that DoD root cert seems to be in the default trusted issuers for Safari, but not for Firefox. So on my machine, Safari complains about an expired cert, and FF complains about an expired cert from an untrusted authority.
I trust them too, but Firefox doesn't, it not only reports that the cert has expired, but that it's an unknown issuer. Safari appears to have no problem with the root cert.
That's what I was getting at with the "Yes I know the website has nothing to do with the security of the installation" above. Unless some important people made some really bad decisions.
It's cool to think of the site running on the WOPR, but I really hope it isn't.
I was under the impression that the facility wasn't actually doing anything critical anymore. I don't know where I got that idea, since looking at the Wikipedia page, it clearly looks like it was just upgraded in 2005.
In that case, they definitely should update their cert, but they took no action when I sent email 18 months ago when I noticed it was broken.
I feel safer already with the public site for one of the most secure military installations in the country on an expired cert signed by an untrusted authority.
/yes I know it's closed now, yes I know the site isn't run from there, please don't be that pedantic. The point is, the DoD doesn't necessarily renew all their certs, even though they sign them themselves. This one is two years expired.
I wouldn't think it would have too great an impact on tides and climates and such. Its gravity would only be as great as that of the sum of the mass it had absorbed, which by definition can't be more than the planet has now, so if it just sat there in the middle of the planet, it wouldn't change the gravity of the earth.
It's kind of like "Holy crap if the Sun collapsed into a black hole all the planets would be sucked in". If the Sun spontaneously collapsed and was a black hole, which theoretically can't happen because it doesn't have enough mass, the planets would orbit the black hole normally, just as they do the Sun now. The black hole would have the same mass as the sun, just be a lot smaller. We'd all die of course from things like "no heat", but the Earth would happily orbit its much smaller star.
There are search proxies to google which would guard your search traffic. Unfortunately that means you have to trust Scroogle on top of everything else, and of course, if you click on any of the results, you'll go to the target page in the clear.
Why does Google not want to provide an SSL search page? It could only be a benefit to their users.
I also have no idea why more people don't use GPG/PGP. Ease of use has come a long way, at least in Thunderbird. I find the Outlook and Mail.app plugins that are currently available lacking in the area of non-annoyance.
I'm not buying it until they tell me how many IPs there will be for every page in the LoC. No measurement actually counts until it's measured in units/LoC.
Looks standard enough. Based on the colors you can easily make out (Orange, blue and brown), it looks like the pinout could be orange-white, orange, green-white, blue, blue-white, green, brown-white, brown.
Besides, even if it's a "special" pinout, today it would cost me about 60 cents to make a 5' Cat5e cable, any pinout I want.
It's a flaw in so far as it relates to the third point of "They just close bugs without explanation". The poster states "If they said 'you fix it', that's fine", implying that they'd be willing to help fix bugs. Then the problem is that since you have to pay for compilers that will compile the app, it presents a barrier to entry for people who like the editor and just want to fix some bugs in it for free.
I loved being the 7834th person to figure out how to crack Psygnosis titles back in the Atari ST days. Not that I cared about being able to copy the games, they were available anywhere, but just to figure out how to get around the hurdle.
Back then every game was like buying two games, one that they wanted you to play, and one that they didn't want you to play, the "figure out how to copy it" game. I was never really any good at the cracking-the-game game, but it was interesting and fun anyway.
My quad core Pro got a 200MB update too. I'd almost put it down to "some update servers are serving gzipped files and some aren't, or are compressing on the fly (mod_gzip or somesuch)". You could watch it go across the wire, or update the same machine a bunch of times, but hey, I got my updates, ultimately, I don't think there's a broken patch or anything here.
At the time that I paid $2800 for my quad core 2.66Ghz Mac Pro, the reason I bought it was because the cost of an HP workstation matched part-for-part was $4000. I can put more RAM in the Mac, and it will take more disk than the HP I was sizing. Plus, the silly thing is damn near silent.
Slashdot Mirror
This is exactly why we need ubiquitous encryption. If all traffic is encrypted, emails to your wife, IM's to your mom, then They will never know what they should be wasting their time trying to decode. It's possibly feasible to decode encrypted IM traffic between Terrorist A and Corrupt Police Captain B (Or "Hippie Treehugger A and Cream Pie Throwing G8 Hater B", as you prefer), but if that traffic is buried in the noise of everyone elses encrypted traffic, the NSA won't know where to start decoding.
That gives regular people a good headstart over tyranny.
I think that's what he was getting at. With TC 5, you could do full-disk encryption, but the problem is that you can be legally compelled to give up your keys and the 5th amendment won't help you AFAIK. With TrueCrypt 6, it's possible to create a shadow volume with a bootable OS.
So with TC 6, you can have one "encrypted" OS that you boot from and do regular stuff from every once in a while, to make it look normal and active. Then you have a different password to boot off of the shadow volume, which is where all the top secret super missile codes go. Theoretically, there is no detecting that second shadow partition.
This should be good for passing through US customs and would probably prevent them stealing (yeah, stealing) your laptop, since you can boot it, log it in, and show there's nothing there.
Thanks, that answers that, go Apple. I'm happier every day that I bought Macs. It's funny, you also now have to think about other apps that might leak the "recent documents" paths, OpenOffice, Adobe apps, pretty much anything.
It's good food for thought if nothing else.
They're not trying to decrypt files here, but just prove that files exist. TrueCrypt lets you put an encrypted volume inside an encrypted volume, such that if you mount the "outer" volume, you can't show evidence that there even exists an "inner" volume. However, if you mount that "inner" volume and use the files in it, Windows will make a Recent Documents shortcut to its location, thus disclosing the fact that there are files there.
I'm a TrueCrypt user, but not a DFS user, since I care more about the encryption than I do about plausible deniability, but I'm interested in trying this out. The test case might be along the lines of:
Since Spotlights also does a full-text search, does it cache any of that full-text data to make the next search faster?
That's what I always wished had happened to this thing. C&W had the largest commercial dish in the world, as it is I believe it may have just gone for scrap. It felt VERY Goldeneye to go out for a smoke at 3am with that thing (and a bunch of teeny 3/5 meters) hanging over you.
I'm sure the IT management of one of the most IT savvy cities in the world never would have thought of trying that.
He was probably messing with the WAN itself, ie "He's a network engineer, not a Windows admin" seems likely. Even then, you can reset the gear to defaults or in many cases reload and recover the password. In that case, though, there are implications to taking down the entire city's core network infrastructure one router at a time, it's probably easier just to beat it out of him.
Of course, there's no saying that that's what he did, it could easily be that he changed something on a Windows AD domain and locked everyone out, but it seems more likely it's infrastructure.
DJB's source port randomization makes it much much harder to exploit the main bug, which is apparently a fundamental flaw in the DNS. We'll know on the 7th what that flaw is, but until DNSSEC or something similar is implemented, source port randomization will mitigate the risk until such time that the root cause is fixed.
Good going Dan, this should add spice to the proceedings this year.
You'd be surprised what a few dozen Mb/sec sustained can do to some of these countries in the middle of nowhere. Nevermind if there's an undersea cable break.
This can't happen soon enough.
Yeah, that DoD root cert seems to be in the default trusted issuers for Safari, but not for Firefox. So on my machine, Safari complains about an expired cert, and FF complains about an expired cert from an untrusted authority.
I trust them too, but Firefox doesn't, it not only reports that the cert has expired, but that it's an unknown issuer. Safari appears to have no problem with the root cert.
That's what I was getting at with the "Yes I know the website has nothing to do with the security of the installation" above. Unless some important people made some really bad decisions.
It's cool to think of the site running on the WOPR, but I really hope it isn't.
I was under the impression that the facility wasn't actually doing anything critical anymore. I don't know where I got that idea, since looking at the Wikipedia page, it clearly looks like it was just upgraded in 2005.
In that case, they definitely should update their cert, but they took no action when I sent email 18 months ago when I noticed it was broken.
DoD certs aren't necessarily any more trustworthy, viz: https://www.cheyennemountain.af.mil/
/yes I know it's closed now, yes I know the site isn't run from there, please don't be that pedantic. The point is, the DoD doesn't necessarily renew all their certs, even though they sign them themselves. This one is two years expired.
I feel safer already with the public site for one of the most secure military installations in the country on an expired cert signed by an untrusted authority.
I wouldn't think it would have too great an impact on tides and climates and such. Its gravity would only be as great as that of the sum of the mass it had absorbed, which by definition can't be more than the planet has now, so if it just sat there in the middle of the planet, it wouldn't change the gravity of the earth.
It's kind of like "Holy crap if the Sun collapsed into a black hole all the planets would be sucked in". If the Sun spontaneously collapsed and was a black hole, which theoretically can't happen because it doesn't have enough mass, the planets would orbit the black hole normally, just as they do the Sun now. The black hole would have the same mass as the sun, just be a lot smaller. We'd all die of course from things like "no heat", but the Earth would happily orbit its much smaller star.
Right? I'm not a physicist.
There are search proxies to google which would guard your search traffic. Unfortunately that means you have to trust Scroogle on top of everything else, and of course, if you click on any of the results, you'll go to the target page in the clear.
Why does Google not want to provide an SSL search page? It could only be a benefit to their users.
I also have no idea why more people don't use GPG/PGP. Ease of use has come a long way, at least in Thunderbird. I find the Outlook and Mail.app plugins that are currently available lacking in the area of non-annoyance.
I'm not buying it until they tell me how many IPs there will be for every page in the LoC. No measurement actually counts until it's measured in units/LoC.
Looks standard enough. Based on the colors you can easily make out (Orange, blue and brown), it looks like the pinout could be orange-white, orange, green-white, blue, blue-white, green, brown-white, brown.
Besides, even if it's a "special" pinout, today it would cost me about 60 cents to make a 5' Cat5e cable, any pinout I want.
It's a flaw in so far as it relates to the third point of "They just close bugs without explanation". The poster states "If they said 'you fix it', that's fine", implying that they'd be willing to help fix bugs. Then the problem is that since you have to pay for compilers that will compile the app, it presents a barrier to entry for people who like the editor and just want to fix some bugs in it for free.
I loved being the 7834th person to figure out how to crack Psygnosis titles back in the Atari ST days. Not that I cared about being able to copy the games, they were available anywhere, but just to figure out how to get around the hurdle.
Back then every game was like buying two games, one that they wanted you to play, and one that they didn't want you to play, the "figure out how to copy it" game. I was never really any good at the cracking-the-game game, but it was interesting and fun anyway.
My quad core Pro got a 200MB update too. I'd almost put it down to "some update servers are serving gzipped files and some aren't, or are compressing on the fly (mod_gzip or somesuch)". You could watch it go across the wire, or update the same machine a bunch of times, but hey, I got my updates, ultimately, I don't think there's a broken patch or anything here.
I have a first gen. MacBook (Intel Graphics), and I got the 198MB update. Roll of the dice?
Dear crazy man,
At the time that I paid $2800 for my quad core 2.66Ghz Mac Pro, the reason I bought it was because the cost of an HP workstation matched part-for-part was $4000. I can put more RAM in the Mac, and it will take more disk than the HP I was sizing. Plus, the silly thing is damn near silent.
You have no idea how important that post is. Chris DiBona admits to being "Evil".
This Chris DiBona. So much for Google's only rule. This thread is conspiracy theory central apparently.
no QA team.
What do you think those little white things in all the cages are for? Lunch? They're there to A the Q of the lab's product, right?
Great, now who's going to ride the Unicorn Chaser?