I like wikileaks and I like what it stands for but to an extent I have to agree. Most of this leak seemed to be essentially gossip and bitching behind peoples backs.
Some of it was information that what somewhat in the interest of the public to know- the bit about nuclear material lost in Pakistan springs to mind The US spying on its allies and the UN thing was also an important one for non-americans(we count as people too).
but I got the impression wikileaks was somewhat anti-war and a lot of this leak is about as good for international stability as releasing tapes of every teenage girl in a school bitching about every other teenage girl in the school is for a happy and friendly school. It's most likely simply going to lead to blood and chunks of scalp on the ground.
Wikileaks only has what people send it. It's an english language site for the most part so that rules out much of the world, you probably wouldn't even hear about the sites existence in the most repressive countries in the world.
Americans have more of a culture of exposing corruption and the american government is unlikely to torture or kill the family of someone caught leaking documents.
Yes wikileaks has a large number of documents related to the US, the united states section has over nine thousand but most of those are the Congressional Research Service Reports who's publishing is unambiguously good for Americans.
no I'm saying that they couldn't build them but when someone talks about clipper ships they're implying you could get anything like the speed of a clipper ship out of super freighter powered by sails. They'd be damned slow and need a truly scary area of sails to get up to a sane speed.
As to why they're heavy enough that the sails would have to be so large that putting them one in front of the other you'd start to get similar problems as you get when you put wind turbines too close together unless you made the freighter really really long.
The problem with profiling is that it leads to a self perpetuating loop.
Drag aside and search everyone who fits the profile of those caught trying to smuggle weapons in the most in the last 6 months.
Lets say 80 year olds grandmothers.
now 80% of the people you search are old grannies, a few of them will have weapons and a few will have what look like weapons.
so 6 months later you decide to see if your profiling has worked: IT HAS! look! see over 50% of the people caught with weapons(in this case long sharp metal spikes which they claimed were merely for making clothes, as if you could make clothes with metal spikes! Ha!) in the last 6 months were grannies! LETS PROFILE HARDER!
of course the people you don't drag aside and search might be more likely to be carrying weapons but since we're basing our choices of who to search on the number of people caught it quickly begins to spiral and you catch less and less of anyone else and more and more from the group you profile.
All very good but you still have to do the math. when you're shipping 10000 tons of cargo making your hull out of lighter material can only gain you so much because you still have to carry 10000 tons of cargo.
Clipper ships were tiny, they couldn't carry more than 200 tons and they were covered in sails. And it doesn't just scale up, put 50 times the area of sail on a modern cargo ship and you probably aren't going to get 50 times the push.
I'd hate to think how strong the masts you'd need this would have to be and that adds more weight again and makes it more topheavy...
Think like an engineer, not a hippy. Sit down with a pen and paper and take some guesses as to how much sail area you'd need then try drawing an approximation to scale over a modern super-freighter.
Did anyone else notice the lovely little bit of racism at the top of the article: "'If a guy from Malaysia can get into networks like this, you can imagine what the Chinese and Russians... are able to do' "
With the net someone from anywhere has just as much access to all the information you'd need to learn how to do this. there's nothing special about the chinese, the russians or the americans, hackers come from everywhere.
because someone in management thinks it would be cool to be able to access it all from his blackberry from home and a consultant assured him that the system their company was selling would let him do that securely (with of course an explicit clause in the contract which states that they do not guarantee that it will be secure and take no responsibility of any kind if it is not).
plus of course the banking system is civilian and the costs of running a completely seperate network are prohibative and anyone who wants to use that system has to be connected and if any of them are insecure then someone can get in anyway... etc.
Finally, security is hard. it was once summed up to me thusly by a lecturer: "if the other guy is a better programmer than you he'll probably get into any system you build eventually, there will always be someone who is a better programmer than you thus assume your system will be breached eventually and build in many many layers of security."
the United States was the first country to concertedly undertake compulsory sterilization programs for the purpose of eugenics. In general, most sterilizations were performed under eugenic statutes, in state-run psychiatric hospitals and homes for the mentally disabled. over 65,000 individuals were sterilized in 33 states under state compulsory sterilization programs in the United States though a significant number of sterilizations continued in a few states until the early 1960s The Oregon Board of Eugenics, later renamed the Board of Social Protection, existed until 1983, with the last forcible sterilization occurring in 1981.
And on a related note the US as late as 1972 poor black men were used in a completely crazy experiment to see how bad their symptoms would get if they weren't told they had syphilis and weren't treated.
Militarized encryption equipment, TEMPEST-approved electronics, custom cryptographic software, and even cryptographic consulting services still require an export license.
Don't know about the college in the OP but at mine they had a WPA2 enterprise network with username/password required and also mac registration.
I could change my laptop mac to match my phone or a second laptop but if the mac and password don't match then you can't connect.
If I got someones pass off them then I could spoof their MAC but if anyone set up a pool like you describe they'd all just be kicked off the network as giving away your pass is against the AUP.
actually if you distribute more than 1000 dollars worth of copyrighted material within a given timeframe (can't remember the limit) then it can be a felony.
Now given that some software retails for more than that uploading even a single copy of the latest adobe creative suite could push you over the limit.
many people can't type 8 characters with more than 50:50 accuracy without being able to see the output.
when i worked in student IT people thought I was really really good at fixing students problems with the wireless but the entire secret was that I simply made them check their password on the lab machines then type it slowly and carefully on their laptop. They would have seen right through me if it gave more sensible errors when the password was wrong.
Asking many people to type a long sentence without being able to see it and without typos is a tall order.
that was supposed to be an example of an awful password. My point was that these are the kinds of things people use to meet the uppercase,lowercase and numbers requirements and they're terrible and easily cracked.
a very common attack is where the attacker gets hold of the hashed passwords one way or another.
even a single *wierd* character can defeat that, learn a code for some unusual unicode character and include it and then you don't have to worry too much about that attack because the search space is massive.
any 8 character all lowercase can be cracked overnight. 8 character lowercase + numbers can be cracked in a reasonable time assuming people only use it weakly like only putting 1 number in at the end.
Example: passwor9
same thing with having an uppercase character but only as the first character in the password.
Example: Passwor9
using dictionary words in any language makes it trivial and reasonable assuming your only uppercase is at the start and only lowercase is at the end.
Example: Trustno1
these substitutions in the middle of a password also only add a small bit of strength, they're not worth much. 7 for T 0 for O 5 for S
Example: Tru57no1
Strength is all about how hard it is to crack when given a hash of it.
Of course now the breakthroughs aren't actually explained in the patents and are merely vaguely and broadly described in a general sense in the patent because if there is any requirement that the patent actually give enough information to build the invention it apparently isn't enforced.
So they get protection without actually giving away any meaningful information.
I was talking about white-listing processes on systems which absolutely have to be secure. As it stands antivirus software just blacklists virus code which is just an example of Enumerating Badness : http://www.ranum.com/security/computer_security/editorials/dumb/
It still astonishes me how utterly awful the whole credit card system is in terms of security, public key crypto should have made stealing someone's credit card into a physical problem of actually stealing some kind of physical object by now rather than a simple number. but since it's the merchants who pay the CC companies have no incentive to fix it.
but you missed the point! IT'S SCARY! AND WE SHOULD GIVE SOMEONE MONEY TO FIX THE PROBLEM!
I'm sure if we get scared enough and give enough money to companies which promise to make the problem go away then we'll be fine. if not then we just have to get scared enough and give enough money to government agencies which promise to make the problem go away.
I'd say that if security is a big issue on a given system then white-listing is vastly more secure than the blacklisting that is anti-viruses, it's a massive pain but it works better for systems which absolutely positively have to be secure.
If it weren't for FTP firewalls could be a lot more simple and probably more secure so there is a legacy problem there, it's just not the firewalls themselves.
Slashdot Mirror
I like wikileaks and I like what it stands for but to an extent I have to agree.
Most of this leak seemed to be essentially gossip and bitching behind peoples backs.
Some of it was information that what somewhat in the interest of the public to know-
the bit about nuclear material lost in Pakistan springs to mind
The US spying on its allies and the UN thing was also an important one for non-americans(we count as people too).
but I got the impression wikileaks was somewhat anti-war and a lot of this leak is about as good for international stability as releasing tapes of every teenage girl in a school bitching about every other teenage girl in the school is for a happy and friendly school.
It's most likely simply going to lead to blood and chunks of scalp on the ground.
not this bullshit again.
Wikileaks only has what people send it.
It's an english language site for the most part so that rules out much of the world, you probably wouldn't even hear about the sites existence in the most repressive countries in the world.
Americans have more of a culture of exposing corruption and the american government is unlikely to torture or kill the family of someone caught leaking documents.
Yes wikileaks has a large number of documents related to the US, the united states section has over nine thousand but most of those are the Congressional Research Service Reports who's publishing is unambiguously good for Americans.
When I have kids, I'm convincing them that they can't get their fix of big breasts without proving p!=np. They'll win Field Medals in no time.
I find this plan oddly appealing....
You could probably turn a teen into a network engineer by gradually ramping up the hurdles between them and pornography....
no I'm saying that they couldn't build them but when someone talks about clipper ships they're implying you could get anything like the speed of a clipper ship out of super freighter powered by sails.
They'd be damned slow and need a truly scary area of sails to get up to a sane speed.
As to why they're heavy enough that the sails would have to be so large that putting them one in front of the other you'd start to get similar problems as you get when you put wind turbines too close together unless you made the freighter really really long.
The problem with profiling is that it leads to a self perpetuating loop.
Drag aside and search everyone who fits the profile of those caught trying to smuggle weapons in the most in the last 6 months.
Lets say 80 year olds grandmothers.
now 80% of the people you search are old grannies, a few of them will have weapons and a few will have what look like weapons.
so 6 months later you decide to see if your profiling has worked: IT HAS! look! see over 50% of the people caught with weapons(in this case long sharp metal spikes which they claimed were merely for making clothes, as if you could make clothes with metal spikes! Ha!) in the last 6 months were grannies! LETS PROFILE HARDER!
of course the people you don't drag aside and search might be more likely to be carrying weapons but since we're basing our choices of who to search on the number of people caught it quickly begins to spiral and you catch less and less of anyone else and more and more from the group you profile.
All very good but you still have to do the math.
when you're shipping 10000 tons of cargo making your hull out of lighter material can only gain you so much because you still have to carry 10000 tons of cargo.
Clipper ships were tiny, they couldn't carry more than 200 tons and they were covered in sails.
And it doesn't just scale up, put 50 times the area of sail on a modern cargo ship and you probably aren't going to get 50 times the push.
I'd hate to think how strong the masts you'd need this would have to be and that adds more weight again and makes it more topheavy...
Think like an engineer, not a hippy.
Sit down with a pen and paper and take some guesses as to how much sail area you'd need then try drawing an approximation to scale over a modern super-freighter.
wwwwwwhhhhhhooooossssssssssshhhhhhhhhhhhh!
Did anyone else notice the lovely little bit of racism at the top of the article: ... are able to do' "
"'If a guy from Malaysia can get into networks like this, you can imagine what the Chinese and Russians
With the net someone from anywhere has just as much access to all the information you'd need to learn how to do this.
there's nothing special about the chinese, the russians or the americans, hackers come from everywhere.
because someone in management thinks it would be cool to be able to access it all from his blackberry from home and a consultant assured him that the system their company was selling would let him do that securely (with of course an explicit clause in the contract which states that they do not guarantee that it will be secure and take no responsibility of any kind if it is not).
plus of course the banking system is civilian and the costs of running a completely seperate network are prohibative and anyone who wants to use that system has to be connected and if any of them are insecure then someone can get in anyway... etc.
Finally, security is hard. it was once summed up to me thusly by a lecturer: "if the other guy is a better programmer than you he'll probably get into any system you build eventually, there will always be someone who is a better programmer than you thus assume your system will be breached eventually and build in many many layers of security."
the United States was the first country to concertedly undertake compulsory sterilization programs for the purpose of eugenics.
In general, most sterilizations were performed under eugenic statutes, in state-run psychiatric hospitals and homes for the mentally disabled.
over 65,000 individuals were sterilized in 33 states under state compulsory sterilization programs in the United States
though a significant number of sterilizations continued in a few states until the early 1960s
The Oregon Board of Eugenics, later renamed the Board of Social Protection, existed until 1983, with the last forcible sterilization occurring in 1981.
And on a related note the US as late as 1972 poor black men were used in a completely crazy experiment to see how bad their symptoms would get if they weren't told they had syphilis and weren't treated.
http://en.wikipedia.org/wiki/Tuskegee_syphilis_experiment
As late as the 1950's the UK still chemically castrated gay people.
http://en.wikipedia.org/wiki/Alan_Turing
Militarized encryption equipment, TEMPEST-approved electronics, custom cryptographic software, and even cryptographic consulting services still require an export license.
also would you be making a reference to this:
http://xkcd.com/504/
Don't know about the college in the OP but at mine they had a WPA2 enterprise network with username/password required and also mac registration.
I could change my laptop mac to match my phone or a second laptop but if the mac and password don't match then you can't connect.
If I got someones pass off them then I could spoof their MAC but if anyone set up a pool like you describe they'd all just be kicked off the network as giving away your pass is against the AUP.
actually if you distribute more than 1000 dollars worth of copyrighted material within a given timeframe (can't remember the limit) then it can be a felony.
Now given that some software retails for more than that uploading even a single copy of the latest adobe creative suite could push you over the limit.
Furthermore is there any warning on the phone that it alters SD cards as such?
This sounds like a major defect in both the phones and the SD cards.
A salt defeats precomputation attacks.
if the password is weak however they don't prevent brute forcing the password.
many people can't type 8 characters with more than 50:50 accuracy without being able to see the output.
when i worked in student IT people thought I was really really good at fixing students problems with the wireless but the entire secret was that I simply made them check their password on the lab machines then type it slowly and carefully on their laptop.
They would have seen right through me if it gave more sensible errors when the password was wrong.
Asking many people to type a long sentence without being able to see it and without typos is a tall order.
that was supposed to be an example of an awful password.
My point was that these are the kinds of things people use to meet the uppercase,lowercase and numbers requirements and they're terrible and easily cracked.
If you've pre-computed the hashes then sure but I was talking about doing it with no precomputation.
like account logins
assume an attacker will get the list of hashed passwords because it's a very common way of getting into accounts.
"strong" is all about cracking hashed passwords.
a very common attack is where the attacker gets hold of the hashed passwords one way or another.
even a single *wierd* character can defeat that, learn a code for some unusual unicode character and include it and then you don't have to worry too much about that attack because the search space is massive.
any 8 character all lowercase can be cracked overnight.
8 character lowercase + numbers can be cracked in a reasonable time assuming people only use it weakly like only putting 1 number in at the end.
Example: passwor9
same thing with having an uppercase character but only as the first character in the password.
Example: Passwor9
using dictionary words in any language makes it trivial and reasonable assuming your only uppercase is at the start and only lowercase is at the end.
Example: Trustno1
these substitutions in the middle of a password also only add a small bit of strength, they're not worth much.
7 for T
0 for O
5 for S
Example: Tru57no1
Strength is all about how hard it is to crack when given a hash of it.
The *GPL* works because of copyright.
many of the other open source licences which don't require improvements be released would work exactly the same without copyright.
Of course now the breakthroughs aren't actually explained in the patents and are merely vaguely and broadly described in a general sense in the patent because if there is any requirement that the patent actually give enough information to build the invention it apparently isn't enforced.
So they get protection without actually giving away any meaningful information.
I was talking about white-listing processes on systems which absolutely have to be secure.
As it stands antivirus software just blacklists virus code which is just an example of Enumerating Badness : http://www.ranum.com/security/computer_security/editorials/dumb/
It still astonishes me how utterly awful the whole credit card system is in terms of security, public key crypto should have made stealing someone's credit card into a physical problem of actually stealing some kind of physical object by now rather than a simple number.
but since it's the merchants who pay the CC companies have no incentive to fix it.
but you missed the point!
IT'S SCARY!
AND WE SHOULD GIVE SOMEONE MONEY TO FIX THE PROBLEM!
I'm sure if we get scared enough and give enough money to companies which promise to make the problem go away then we'll be fine.
if not then we just have to get scared enough and give enough money to government agencies which promise to make the problem go away.
I'd say that if security is a big issue on a given system then white-listing is vastly more secure than the blacklisting that is anti-viruses, it's a massive pain but it works better for systems which absolutely positively have to be secure.
If it weren't for FTP firewalls could be a lot more simple and probably more secure so there is a legacy problem there, it's just not the firewalls themselves.