These notes help corroborate other facts that have been revealed, such as the massive archive that Vasili Mitrokhin brought over with him at the end of the Cold War.
While they may not be 100% accurate, I'm expecting they'll likely be 90% or better. His previous writings have mostly dovetailed with the Mitrokhin Archive.
Yes, Vassiliev is prone to exaggeration and self-aggrandizement, (men of power frequently are) but these notes are not the only glimpse into the KGB's archives.
Do you really think Neal Stephenson's books would do well on the big screen? Part of me would expect the movie to be about six hours long, with the entire plot wrapped up in a hasty, four-minute expository lump at the end. I can almost hear the cameraman whispering to the director "I've only got 100 feet of film left, can you get this done?"
Another part of me thinks it would be completely awesome to see Snow Crash on the big screen. But my brain has already filled in what I think the metaverse looks like, what the rat-things look like, smart spokes, all those ultra-cool ideas; and then I think of what other filmmakers have shat out trying to portray cool sci-fi toys. The wrong director could easily destroy a great story.
Just be careful that you're not relying on it being stored on business equipment. The business may not give you access to it once your employment is terminated.
Bummer, I don't think my Sansa c240 can take SDHC. Of course, it only cost $19 at microcenter, so I don't really expect much from it. And it runs Rockbox, which totally rocks. I've never actually used the Sansa-provided firmware, as I bought it with the intent of putting Rockbox on it. And the 2GB micro SD card was only $6.99, so for my $26 investment I have a nice little player.
Even when trying to take a fix on the same point over time, the margin of error is random. Most of the error is due to propagation delays of the signal. The atmosphere is constantly changing density - the jet stream can raise or lower air pressure between you and satellite #5 at this point in time, or between you and satellite #23 at another point in time. The ionosphere can cause delays or reflections. Nearby buildings, or cars, or airplanes can cause ghost signals. Remember your high school physics teacher who always qualified the the speed of light with the phrase "in a vacuum"? It really makes a difference.
Remember, the GPS satellites are flying in lower earth orbits, and are constantly moving over and around you. They are not fixed relative to you the same way a geosynchronous satellite is (like the DirecTV satellites.) So even if the weather patterns could be precisely measured and figured out, they would be meaningless as soon as the satellite moved - and they're always moving very, very fast.
Differential-GPS improves accuracy by having a mounted GPS receiver at a precisely surveyed point, then transmitting (via FM) the "error difference" between what is derived from the GPS system and the surveyed coordinates. If the error at a particular time is 3 meters at the DGPS antenna, then the error at any other GPS receiver in the area is probably pretty close to 3 meters at that same time (assuming the weather patterns are similar between you and the DGPS antenna.)
You can indeed leave a GPS fixed in a point and average the readings to reduce the margin of uncertainty, but you'll never achieve the high accuracy needed for surveying.
That's a really sad statement on the state of society.
Must every statement on Slashdot be misinterpreted to the maximum amount permitted by ridiculous thought? This isn't a rigid, unchangeable state. The curtains aren't welded shut, only to be opened or closed on the demand of your government or church. They're curtains! You can open and close them on your schedule. When you feel social, throw them open. If you require privacy, close them. When the sun shines, open them. When it's bedtime, close them.
It's just a simple concept that's not making a sociopolitical statement. It's applying common sense. You should, too.
[M]y solution: The Social Security Administration announces that on July 1st, 2010, all SSNs and the names they are associated with will be published and available to everyone. Leave it up to the finance and health care industries to stop using SSNs as authentication.
I love this solution! The Social Security Administration always said the number was not to be used for identification. This would prove they meant it.
Credit suffers from the same problem, by the way. We use the account number as the account to charge as well as the authorization to charge. If we used a different value for authorizing (such as one generated on a smart credit card) there would be no need to protect account numbers, other than simple privacy.
That's kind of what happens today, but the mess it leaves behind for the abused individual is still pretty heavy, and the bank doesn't really care what happens to them. Plus, in some cases the individual might have a dozen accounts to clean up.
Making credit harder to physically obtain would certainly place some additional burdens on all the customers, and would definitely reduce the number of cards issued. But in this debt-heavy economy, I have to ask if that would even be a bad thing?
Stop storing this information unless you are able to prove beyond a shadow of a doubt that you are able to secure this information.
Unfortunately, there is (and can be) no such proof. It's a part of the fundamentals of security: you can't prove a negative.
The way I see it, we really have three choices for protecting data:
Armor your systems against all the possible known attacks. Use firewalls, intrusion detection systems, encrypt the data, require smart card access mechanisms, patch your servers, blah, blah, blah.
Reduce or remove the sensitive data entirely. You do not have to protect it if you do not have it.
Take away the value of the data. If the data is no longer valuable, there will be no incentive to steal it.
The problem with the first approach is that's what we're all "supposed" to be doing, but obviously are not. With millions of sites and retailers etc., there are always going to be leaks.
The second solution is the easiest and best way to protect your organization. Why store the data if you don't need it? Do they really need my SSN in their database? They could use their own numbering system. Why do they need my address? If I'm in a hospital, I'm not at home, I'm in the bed in room 217C -- if they want to find me, I'm right there. Do they even need my name? Why do they need all these different identifiers, and why do they need to tie them all together in a common database?
The third option requires a fundamental change in how credit is granted, but is the one of the best approaches to stem the tide of data thefts across the board. While it would remove incentive to steal the data for financial reasons, it would do little to protect against data theft for other reasons (perhaps a list of HIV-positive patients could be used for extortion: pay me a million dollars or I post it on the web.)
These approaches are not mutually exclusive. We can employ them all at the same time. It's just that it has to be done, and without tools like lawsuits or other punishments, few organizations are doing them.
But which is worse? Missing your medical history or having all that personal identifiable information in the hands of credit thieves?
Stand the problem on its ear: what if this information were worthless to credit thieves? What if this information simply was no longer able to wreck someone's life?
What we should do instead is make the paradigm of "name, address, SSN, etc.", valueless. Figure out a way to issue credit that wasn't strictly information based. One way would be to make the banks stop issuing credit by mail. If you physically had to walk into a secure building, and present credentials to someone trained to review them, credit fraud and identity theft would dramatically slow down.
We stupidly keep putting up with this crap. Regardless of how much security burden we place on banks, stores, schools and hospitals, there are always going to be leaks. With so many millions of retailers that have little to no oversight, there statistically HAVE to be "weak spots." Always. We have to change the fundamentals if we're going to fix the real problem.
That's easy enough. Cardinal Richelieu said "If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged." By now Slashdot's full of at least "disconnectable" offenses, so let's start here.
There's something else we get for it, too. Most of our recent technological advances have been engineering breakthroughs. There has been little advancement of actual understanding by comparison.
It seems the reason for that would be the fact that profit drives many current implementations of the scientific method. We all know that to solve a problem, you should formulate a hypothesis, design an experiment to prove/disprove the hypothesis, and conduct the experiment. Note that there is no step 2: ???, and no step 3: profit!, in this process.
Now, let's say you're creating a medication. If your hypothesis is the results should be 95% positive, and you do the experiment and get 95% positive results, that's good -- your hypothesis is validated. But lets say someone else is running the tests, and their boss wants 97% positive results so they can pass an FDA requirement, and they think factor A is probably responsible, maybe they tweak it a little and it goes to 96%. Well, their boss is happier, so he says "tweak it some more" and it goes to 97%. Nobody knows why, and nobody is paid to care why, they're paid to deliver higher positive results. They're not paid to go back and learn.
So our overall understanding doesn't necessarily get advanced when money is on the line.
I pointed it out because it shows one example in law where removing identification numbers that might hide a crime is a criminal activity in and of itself. Other such examples can be found in FAA regulations, medical devices, pharmaceuticals, and construction.
In this case, removing the serial number plate may not be a primary crime, but it would likely be used as evidence of criminal intent.
That's nice for you, but me, elmedico27, and the author of the article are all in America. Other jurisdictions are not under discussion here.
Here, buying stolen goods in good faith is also not a crime, but ownership of the stolen goods never passes to you. The victim gets his property back, and the problem of recompense falls between you and the thief or you and the seller. Some companies or people may choose to behave in a different, more generous manner (Paypal guarantees, that sort of thing,) but they are not legally compelled to do so here.
Where did you get the impression from the story that a "VIN" or serial was even checked?
From TFA, where Alienware asked for a "warranty number" and refused to sell him the parts without it. He has no warranty number, and in fact said the name plate was removed from the machine (which would actually be a felony if this were a car and a VIN.) In order to get parts, they are requiring him to provide the warranty number.
Considering the extremely large problem of stolen laptops these days it's no surprise they are stonewalling people with no direct evidence of ownership. They've sent him a perfectly reasonable request: get the previous owner to associate him with the warranty. This will ensure he is not a thief by proving the legitimate owner they know of approved of the transfer of goods.
RTFA. He never wrote that Alienware directly accused him of a crime, or of being a thief. He is complaining that he is being treated like a thief. There is a significant difference between the two statements.
I'm fairly certain that even if it is stolen, if you buy goods without knowledge that they are stolen (i.e., in good faith) you are considered a buyer in the ordinary course of business and you'll take free of any prior interests. It's called the "garage sale rule". The person from whom it was stolen can still hold the thief liable for damages, but can't get their original goods back. If that's the case here, this guy is legally the rightful owner and Alienware should treat him as such.
You didn't have to write it, but You Are Not A Lawyer, and you should warn people before posting legal advice (especially incorrect legal advice.) There is no such legal concept as the "garage sale rule" with respect to stolen property. According to the law, as the purchaser of merchandise you have the same rights to the property as the person who sold it to you. That means if have a thing which you have used as collateral on a debt (called a secured interest) and you haven't paid it all back yet, even if you sell it to me the property is still secured by the bank, and can be repossessed by them if the loan is not repaid. It also means that if you have no rights to the property at all, as in the case of stolen property, then I as the buyer have no rights to it either.
A garage sale does provide protection from the seller being compelled to look up the serial number if such a lookup is required of an "ordinary course of business" seller; in the case of a garage sale the seller is classified as not an "in the ordinary course" seller and is exempted from that requirement. Maybe that's what you are thinking of as a "garage sale rule".
Of course I am not a lawyer either, so don't take this as gospel, but at least I do a bit of fact checking before making a really outlandish claim.
There's no indication that he's stolen it, they're assuming he has.
Wrong. RTFA. Nowhere does he say that Alienware called him a thief. He quoted their denial to sell him a part, read it for yourself. He may "feel like" he's being treated like a thief, but that's miles away from Alienware actually assuming he's a thief.
It sounds like the machine is supposed to have a plate on it with a warranty number. Alienware has reasonably asked for that information, but it was stripped off before he bought it used from eBay. Is there nothing suspicious about that statement? In the automotive world, tampering with or removing the VIN before selling the car is a crime all by itself:
TITLE 18. CRIMES AND CRIMINAL PROCEDURE
PART I. CRIMES
CHAPTER 113. STOLEN PROPERTY
18 USCS Section 2321 (2003)
Section 2321. Trafficking in certain motor vehicles or motor vehicle parts
(a) Whoever buys, receives, possesses, or obtains control of, with intent to sell or otherwise dispose of, a motor vehicle or motor vehicle part, knowing that an identification number for such motor vehicle or part has been removed, obliterated, tampered with, or altered, shall be fined under this title or imprisoned not more than ten years, or both.
I'd say that even if Alienware did assume the machine was stolen, they'd be perfectly justified, given the evidence provided in TFA.
I was using a very real car analogy for how auto thefts are handled. I see little difference here. We have no idea why Alienware is stonewalling this guy. He's claiming "oh, poor me, they think I'm a thief!" Instead, I'm claiming "there are other legitimate reasons for them to not sell him the part, especially when he is refusing to cooperate with their requests."
According to TFA, Alienware never called this guy a thief, but when you read the very title of this story, the guy makes it sound like they're sounding an alarm siren and flashing the red lights whenever they get an email from him.
Pay no attention to the hype! Pay no attention to the hype!
These notes help corroborate other facts that have been revealed, such as the massive archive that Vasili Mitrokhin brought over with him at the end of the Cold War.
While they may not be 100% accurate, I'm expecting they'll likely be 90% or better. His previous writings have mostly dovetailed with the Mitrokhin Archive.
Yes, Vassiliev is prone to exaggeration and self-aggrandizement, (men of power frequently are) but these notes are not the only glimpse into the KGB's archives.
Do you really think Neal Stephenson's books would do well on the big screen? Part of me would expect the movie to be about six hours long, with the entire plot wrapped up in a hasty, four-minute expository lump at the end. I can almost hear the cameraman whispering to the director "I've only got 100 feet of film left, can you get this done?"
Another part of me thinks it would be completely awesome to see Snow Crash on the big screen. But my brain has already filled in what I think the metaverse looks like, what the rat-things look like, smart spokes, all those ultra-cool ideas; and then I think of what other filmmakers have shat out trying to portray cool sci-fi toys. The wrong director could easily destroy a great story.
Just be careful that you're not relying on it being stored on business equipment. The business may not give you access to it once your employment is terminated.
Oh, cool! Thanks!
Bummer, I don't think my Sansa c240 can take SDHC. Of course, it only cost $19 at microcenter, so I don't really expect much from it. And it runs Rockbox, which totally rocks. I've never actually used the Sansa-provided firmware, as I bought it with the intent of putting Rockbox on it. And the 2GB micro SD card was only $6.99, so for my $26 investment I have a nice little player.
I was kind of thinking they "rafed" us taxpayers to fund it, but your explanation works too.
So did I. But some companies still wanted two digit years because it was "too hard" to enter four digit years.
In 1998 I made a killing :-)
Ha! I made my killing in 98, not 1998.
Even when trying to take a fix on the same point over time, the margin of error is random. Most of the error is due to propagation delays of the signal. The atmosphere is constantly changing density - the jet stream can raise or lower air pressure between you and satellite #5 at this point in time, or between you and satellite #23 at another point in time. The ionosphere can cause delays or reflections. Nearby buildings, or cars, or airplanes can cause ghost signals. Remember your high school physics teacher who always qualified the the speed of light with the phrase "in a vacuum"? It really makes a difference.
Remember, the GPS satellites are flying in lower earth orbits, and are constantly moving over and around you. They are not fixed relative to you the same way a geosynchronous satellite is (like the DirecTV satellites.) So even if the weather patterns could be precisely measured and figured out, they would be meaningless as soon as the satellite moved - and they're always moving very, very fast.
Differential-GPS improves accuracy by having a mounted GPS receiver at a precisely surveyed point, then transmitting (via FM) the "error difference" between what is derived from the GPS system and the surveyed coordinates. If the error at a particular time is 3 meters at the DGPS antenna, then the error at any other GPS receiver in the area is probably pretty close to 3 meters at that same time (assuming the weather patterns are similar between you and the DGPS antenna.)
You can indeed leave a GPS fixed in a point and average the readings to reduce the margin of uncertainty, but you'll never achieve the high accuracy needed for surveying.
Oooh, a new acronym!
RAFES - Redundant Arrays of Fucking Expensive Satellites.
Close your fucking curtains!
That's a really sad statement on the state of society.
Must every statement on Slashdot be misinterpreted to the maximum amount permitted by ridiculous thought? This isn't a rigid, unchangeable state. The curtains aren't welded shut, only to be opened or closed on the demand of your government or church. They're curtains! You can open and close them on your schedule. When you feel social, throw them open. If you require privacy, close them. When the sun shines, open them. When it's bedtime, close them.
It's just a simple concept that's not making a sociopolitical statement. It's applying common sense. You should, too.
[M]y solution: The Social Security Administration announces that on July 1st, 2010, all SSNs and the names they are associated with will be published and available to everyone. Leave it up to the finance and health care industries to stop using SSNs as authentication.
I love this solution! The Social Security Administration always said the number was not to be used for identification. This would prove they meant it.
Credit suffers from the same problem, by the way. We use the account number as the account to charge as well as the authorization to charge. If we used a different value for authorizing (such as one generated on a smart credit card) there would be no need to protect account numbers, other than simple privacy.
That's kind of what happens today, but the mess it leaves behind for the abused individual is still pretty heavy, and the bank doesn't really care what happens to them. Plus, in some cases the individual might have a dozen accounts to clean up.
Making credit harder to physically obtain would certainly place some additional burdens on all the customers, and would definitely reduce the number of cards issued. But in this debt-heavy economy, I have to ask if that would even be a bad thing?
Stop storing this information unless you are able to prove beyond a shadow of a doubt that you are able to secure this information.
Unfortunately, there is (and can be) no such proof. It's a part of the fundamentals of security: you can't prove a negative.
The way I see it, we really have three choices for protecting data:
The problem with the first approach is that's what we're all "supposed" to be doing, but obviously are not. With millions of sites and retailers etc., there are always going to be leaks.
The second solution is the easiest and best way to protect your organization. Why store the data if you don't need it? Do they really need my SSN in their database? They could use their own numbering system. Why do they need my address? If I'm in a hospital, I'm not at home, I'm in the bed in room 217C -- if they want to find me, I'm right there. Do they even need my name? Why do they need all these different identifiers, and why do they need to tie them all together in a common database?
The third option requires a fundamental change in how credit is granted, but is the one of the best approaches to stem the tide of data thefts across the board. While it would remove incentive to steal the data for financial reasons, it would do little to protect against data theft for other reasons (perhaps a list of HIV-positive patients could be used for extortion: pay me a million dollars or I post it on the web.)
These approaches are not mutually exclusive. We can employ them all at the same time. It's just that it has to be done, and without tools like lawsuits or other punishments, few organizations are doing them.
> Slashdot editors posting stories that are days old? Never!
Evidently, this is the exception that proves the rule.
Normally, they wait until a story is a month or two old, but someone screwed up and posted it before its time.
Don't worry, someone will post a dupe of it about the time it's due.
But which is worse? Missing your medical history or having all that personal identifiable information in the hands of credit thieves?
Stand the problem on its ear: what if this information were worthless to credit thieves? What if this information simply was no longer able to wreck someone's life?
What we should do instead is make the paradigm of "name, address, SSN, etc.", valueless. Figure out a way to issue credit that wasn't strictly information based. One way would be to make the banks stop issuing credit by mail. If you physically had to walk into a secure building, and present credentials to someone trained to review them, credit fraud and identity theft would dramatically slow down.
We stupidly keep putting up with this crap. Regardless of how much security burden we place on banks, stores, schools and hospitals, there are always going to be leaks. With so many millions of retailers that have little to no oversight, there statistically HAVE to be "weak spots." Always. We have to change the fundamentals if we're going to fix the real problem.
I guess its easier to just take away all rights.
That's easy enough. Cardinal Richelieu said "If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged." By now Slashdot's full of at least "disconnectable" offenses, so let's start here.
There's something else we get for it, too. Most of our recent technological advances have been engineering breakthroughs. There has been little advancement of actual understanding by comparison.
It seems the reason for that would be the fact that profit drives many current implementations of the scientific method. We all know that to solve a problem, you should formulate a hypothesis, design an experiment to prove/disprove the hypothesis, and conduct the experiment. Note that there is no step 2: ???, and no step 3: profit!, in this process.
Now, let's say you're creating a medication. If your hypothesis is the results should be 95% positive, and you do the experiment and get 95% positive results, that's good -- your hypothesis is validated. But lets say someone else is running the tests, and their boss wants 97% positive results so they can pass an FDA requirement, and they think factor A is probably responsible, maybe they tweak it a little and it goes to 96%. Well, their boss is happier, so he says "tweak it some more" and it goes to 97%. Nobody knows why, and nobody is paid to care why, they're paid to deliver higher positive results. They're not paid to go back and learn.
So our overall understanding doesn't necessarily get advanced when money is on the line.
I pointed it out because it shows one example in law where removing identification numbers that might hide a crime is a criminal activity in and of itself. Other such examples can be found in FAA regulations, medical devices, pharmaceuticals, and construction.
In this case, removing the serial number plate may not be a primary crime, but it would likely be used as evidence of criminal intent.
That's nice for you, but me, elmedico27, and the author of the article are all in America. Other jurisdictions are not under discussion here.
Here, buying stolen goods in good faith is also not a crime, but ownership of the stolen goods never passes to you. The victim gets his property back, and the problem of recompense falls between you and the thief or you and the seller. Some companies or people may choose to behave in a different, more generous manner (Paypal guarantees, that sort of thing,) but they are not legally compelled to do so here.
Where did you get the impression from the story that a "VIN" or serial was even checked?
From TFA, where Alienware asked for a "warranty number" and refused to sell him the parts without it. He has no warranty number, and in fact said the name plate was removed from the machine (which would actually be a felony if this were a car and a VIN.) In order to get parts, they are requiring him to provide the warranty number.
Considering the extremely large problem of stolen laptops these days it's no surprise they are stonewalling people with no direct evidence of ownership. They've sent him a perfectly reasonable request: get the previous owner to associate him with the warranty. This will ensure he is not a thief by proving the legitimate owner they know of approved of the transfer of goods.
Whoever dies with the most kids wins!
Regarding your sig, do you mean that in the "parent" sense or in the "school bus driver at a train crossing" sense? :-)
RTFA. He never wrote that Alienware directly accused him of a crime, or of being a thief. He is complaining that he is being treated like a thief. There is a significant difference between the two statements.
I'm fairly certain that even if it is stolen, if you buy goods without knowledge that they are stolen (i.e., in good faith) you are considered a buyer in the ordinary course of business and you'll take free of any prior interests. It's called the "garage sale rule". The person from whom it was stolen can still hold the thief liable for damages, but can't get their original goods back. If that's the case here, this guy is legally the rightful owner and Alienware should treat him as such.
You didn't have to write it, but You Are Not A Lawyer, and you should warn people before posting legal advice (especially incorrect legal advice.) There is no such legal concept as the "garage sale rule" with respect to stolen property. According to the law, as the purchaser of merchandise you have the same rights to the property as the person who sold it to you. That means if have a thing which you have used as collateral on a debt (called a secured interest) and you haven't paid it all back yet, even if you sell it to me the property is still secured by the bank, and can be repossessed by them if the loan is not repaid. It also means that if you have no rights to the property at all, as in the case of stolen property, then I as the buyer have no rights to it either.
A garage sale does provide protection from the seller being compelled to look up the serial number if such a lookup is required of an "ordinary course of business" seller; in the case of a garage sale the seller is classified as not an "in the ordinary course" seller and is exempted from that requirement. Maybe that's what you are thinking of as a "garage sale rule".
Of course I am not a lawyer either, so don't take this as gospel, but at least I do a bit of fact checking before making a really outlandish claim.
There's no indication that he's stolen it, they're assuming he has.
Wrong. RTFA. Nowhere does he say that Alienware called him a thief. He quoted their denial to sell him a part, read it for yourself. He may "feel like" he's being treated like a thief, but that's miles away from Alienware actually assuming he's a thief.
It sounds like the machine is supposed to have a plate on it with a warranty number. Alienware has reasonably asked for that information, but it was stripped off before he bought it used from eBay. Is there nothing suspicious about that statement? In the automotive world, tampering with or removing the VIN before selling the car is a crime all by itself:
TITLE 18. CRIMES AND CRIMINAL PROCEDURE
PART I. CRIMES
CHAPTER 113. STOLEN PROPERTY
18 USCS Section 2321 (2003)
Section 2321. Trafficking in certain motor vehicles or motor vehicle parts
(a) Whoever buys, receives, possesses, or obtains control of, with intent to sell or otherwise dispose of, a motor vehicle or motor vehicle part, knowing that an identification number for such motor vehicle or part has been removed, obliterated, tampered with, or altered, shall be fined under this title or imprisoned not more than ten years, or both.
I'd say that even if Alienware did assume the machine was stolen, they'd be perfectly justified, given the evidence provided in TFA.
I was using a very real car analogy for how auto thefts are handled. I see little difference here. We have no idea why Alienware is stonewalling this guy. He's claiming "oh, poor me, they think I'm a thief!" Instead, I'm claiming "there are other legitimate reasons for them to not sell him the part, especially when he is refusing to cooperate with their requests."
According to TFA, Alienware never called this guy a thief, but when you read the very title of this story, the guy makes it sound like they're sounding an alarm siren and flashing the red lights whenever they get an email from him.
Pay no attention to the hype! Pay no attention to the hype!