I kind of wish we could replay history just to disprove your (IMO) cockamamie theory that the left would challenge McCain's natural born citizen status. I'm not saying the left is saner than the right, I'm saying that McCain is white, a military vet and therefore not subject to the same sort of challenges to his identity at a guy who lived as a child in the most populous Muslim country in the world, who's middle name is Hussein and is black.
My opinion is that questions of Obama's identity are based on these and related factors and not any real questions about his birth documentation. Some people don't *want* him to be a natural born American and it all stems from that. I don't think criticisms of McCain would take the same form - he'd certainly be criticized if he were President but not for being "un-American" in the way Obama is.
Good point. Minor addition: I believe (personally, having studied anthropology) that the True Believer can also have their views modified by peer pressure. Cult followers for example: "de-programming" starts with removing the person from their True Believer environment. Over time they often mentally adapt to the new environment, and their views moderate slowly. Sometimes it doesn't work that way, but I think this is another (rocky) road out for true believers..
They aren't saying the call was faked (as in a false entry of the call was placed in the teleco logs), they are saying that a real call occurred but it was not made by his wife, but by an automated agent, making it seem like his wife was alive after a time when he was already seen to be at work and therefore not a candidate for the crime.
Yeah - V8 is really unbelievable for some applications - so much faster (10x) than any of the other JS interpreters (or should we call them compilers at this point?). In other cases it's not really that much, if any, better, but some of the shit those google JS dudes are doing is pretty impressive.
As much as I resent Google sometimes, in a lot of cases they really do have the smartest people in the room.
The really hard part is to figure out what deaths the US "caused" vs "killed." If we hadn't invaded Iraq, maybe 100k people would still be living? US military didn't kill most of them for sure, but the civil war did, and if US didn't go into Iraq, there would probably not have been a civil war (until now - want to bet Khadaffi and Saddam would be sending each other love letters from the bunkers right now if we hadn't invaded?).
Just some thoughts about implications versus actions..
Depends on their business model. A company I helped start a while back went from that level of revenue to *netting* $60M/year in about 6 years, and then went public at a $500M valuation. If they are growing fast, then their business model may be a good one and it'll just be a matter of time. One hard part (of many) is hanging onto enough of the equity while you are trying to grow fast enough (ie raising capital) to get a good valuation on future investments and eventually an IPO.
* Should do* for individuals but that's not how it works. If it's obvious that a business has an open wi-fi router, the cops aren't going to shut down the business b/c of traffic on the router. But they don't apply the same test to home routers, with the assumption that if it's coming to your house you must have asked for it. I think you *might* get some legal defense from the fact that your network is open and they would probably have to show that you have illegal stuff on your computer, but the fact is the whole terms of the prosecution (or decision to prosecute) are totally different for EFF and coffee shops than it is for home users (in the US anyway).
Assuming the passwords at Sony were hashed at all, which isn't a sure thing at this point. Would be shocking if they weren't but then this whole debacle is fairly shocking already.
Dictionary attacks can reverse some one way hashes. You just re-hash all the dictionary words and combinations of dictionary words you can afford through the same hash algo that they used and then just match between the password file and the dictionary hashes.
This is why you should always "salt" your password hashes with a unique random value. The value can be stored in plaintext and all it does is force the attacker to create a new dictionary hash table for every salted hash password they wish to crack, which greatly increases expense and difficulty.
Of course if a user's password is strong (upper, lower, syms, nums) and long, then it becomes a whole lot harder to crack their hashed p/w with brute force / dictionary-like lookup tables. Can still be done and probably gov't agencies do it periodically when they really want something. Who knows maybe even bot operators do it (they would seem to have the horse power if they were inclined to use it that way).
I was reading some docs on truecrypt recently where they suggest that less than 20 chars of hard p/w is not really secure against brute force anymore.
Well, they require *a* birthdate, and one you can remember later, but they don't verify it's really yours. I never put my real birthdate into these systems for exactly this reason. Just think of a birthdate near yours that you can remember and use that -- this may help keep thieves out of the really important accounts like banks, etc.
I have had repeated problems with their sync also - though it does work 99% of the time for me as a very small user (2gb free account). Great to know that their sync stuff doesn't work for large/complex deployments.
Ditto their backup solution -- it works great and has never lost anything for me.
He could be tried of course - but the DA's shop will generally look for sufficient evidence as they have motivation to keep their win record high (not to mention an ethical motivation to convict only guilty people, though this may be more remote in many cases).
If they have evidence of porn to his router, they'll presumably look for offending files on his computer. If they find them, I'd guess they'll prosecute. If they don't, and the guy is able to afford a decent lawyer, most likely they wouldn't, as best I understand what would be needed for a solid conviction in a case like this in most areas. If the guy is poor, he'll probably have a much tougher time of it, but that's not related to IP addresses or anything else, just that more people who get convicted of crimes are poor and less able to defend themselves in court.
Use SpiderOak instead - zero prior knowledge encryption so no one but the password holder can see the files. (My relation to SO is as a non-paying customer).
I believe the original reason for local blackouts was the fear that people wouldn't buy tickets and physically go to the games, if they could listen on the radio. Then the same concept got applied to live televised games, and so on. It may have become more of a local ad revenue thing, but I wouldn't be at all surprised if the luddite owners still fear loss of ticket revenue due to live broadcasts on any medium.
That was a stimulus, not a year-on-year budget increase. Not saying it worked, but it was an emergency economic measure. Bush was heading down that road also before he left office, and in fact a lot of the language was drafted during the Bush administration with input from the incoming administrative leadership.
Some would argue the Iraq war was an emergency too when Bush undertook it, but I personally find that hard to believe.
I'm pretty sure that MITM doesn't work against SSL? Once you know the public cert from your root key server (something baked into most browsers), no one can MITM your channel. Since you know the public cert of your root key server before you even reach out to them, so it's hard for someone in the middle to impersonate them, and once you've got info from your root key server, it's similarly hard to impersonate an authorized channel. At least that's my understanding. http://en.wikipedia.org/wiki/Man-in-the-middle_attack
That's a good point. But I'd suggest that in my experience there are lot of perl libs that I simply can't read at all, and most ruby libs I dig into are "figureoutable." Probably that's a cultural thing -- perl devs often know the system so well they write hard to read code at the expense of compactness and internal elegance. Internal elegance in ruby (by culture) often values readability.
Slashdot Mirror
I kind of wish we could replay history just to disprove your (IMO) cockamamie theory that the left would challenge McCain's natural born citizen status. I'm not saying the left is saner than the right, I'm saying that McCain is white, a military vet and therefore not subject to the same sort of challenges to his identity at a guy who lived as a child in the most populous Muslim country in the world, who's middle name is Hussein and is black.
My opinion is that questions of Obama's identity are based on these and related factors and not any real questions about his birth documentation. Some people don't *want* him to be a natural born American and it all stems from that. I don't think criticisms of McCain would take the same form - he'd certainly be criticized if he were President but not for being "un-American" in the way Obama is.
Good point. Minor addition: I believe (personally, having studied anthropology) that the True Believer can also have their views modified by peer pressure. Cult followers for example: "de-programming" starts with removing the person from their True Believer environment. Over time they often mentally adapt to the new environment, and their views moderate slowly. Sometimes it doesn't work that way, but I think this is another (rocky) road out for true believers..
They aren't saying the call was faked (as in a false entry of the call was placed in the teleco logs), they are saying that a real call occurred but it was not made by his wife, but by an automated agent, making it seem like his wife was alive after a time when he was already seen to be at work and therefore not a candidate for the crime.
Took us 6 years to make our first dollar, and then we had the six years I was referring to above.
Yeah - V8 is really unbelievable for some applications - so much faster (10x) than any of the other JS interpreters (or should we call them compilers at this point?). In other cases it's not really that much, if any, better, but some of the shit those google JS dudes are doing is pretty impressive.
As much as I resent Google sometimes, in a lot of cases they really do have the smartest people in the room.
The really hard part is to figure out what deaths the US "caused" vs "killed." If we hadn't invaded Iraq, maybe 100k people would still be living? US military didn't kill most of them for sure, but the civil war did, and if US didn't go into Iraq, there would probably not have been a civil war (until now - want to bet Khadaffi and Saddam would be sending each other love letters from the bunkers right now if we hadn't invaded?).
Just some thoughts about implications versus actions..
Depends on their business model. A company I helped start a while back went from that level of revenue to *netting* $60M/year in about 6 years, and then went public at a $500M valuation. If they are growing fast, then their business model may be a good one and it'll just be a matter of time. One hard part (of many) is hanging onto enough of the equity while you are trying to grow fast enough (ie raising capital) to get a good valuation on future investments and eventually an IPO.
I read the book describing their method (bringing down the house) and I think you've accurately described it, fwiw.
Maybe it's different for pedophiles?
In terms of dealing with abusers of your open wifi, here's a great project: http://www.ex-parrot.com/pete/upside-down-ternet.html
* Should do* for individuals but that's not how it works. If it's obvious that a business has an open wi-fi router, the cops aren't going to shut down the business b/c of traffic on the router. But they don't apply the same test to home routers, with the assumption that if it's coming to your house you must have asked for it. I think you *might* get some legal defense from the fact that your network is open and they would probably have to show that you have illegal stuff on your computer, but the fact is the whole terms of the prosecution (or decision to prosecute) are totally different for EFF and coffee shops than it is for home users (in the US anyway).
Well said.
Assuming the passwords at Sony were hashed at all, which isn't a sure thing at this point. Would be shocking if they weren't but then this whole debacle is fairly shocking already.
Dictionary attacks can reverse some one way hashes. You just re-hash all the dictionary words and combinations of dictionary words you can afford through the same hash algo that they used and then just match between the password file and the dictionary hashes.
This is why you should always "salt" your password hashes with a unique random value. The value can be stored in plaintext and all it does is force the attacker to create a new dictionary hash table for every salted hash password they wish to crack, which greatly increases expense and difficulty.
Of course if a user's password is strong (upper, lower, syms, nums) and long, then it becomes a whole lot harder to crack their hashed p/w with brute force / dictionary-like lookup tables. Can still be done and probably gov't agencies do it periodically when they really want something. Who knows maybe even bot operators do it (they would seem to have the horse power if they were inclined to use it that way).
I was reading some docs on truecrypt recently where they suggest that less than 20 chars of hard p/w is not really secure against brute force anymore.
Well, they require *a* birthdate, and one you can remember later, but they don't verify it's really yours. I never put my real birthdate into these systems for exactly this reason. Just think of a birthdate near yours that you can remember and use that -- this may help keep thieves out of the really important accounts like banks, etc.
I have had repeated problems with their sync also - though it does work 99% of the time for me as a very small user (2gb free account). Great to know that their sync stuff doesn't work for large/complex deployments.
Ditto their backup solution -- it works great and has never lost anything for me.
He could be tried of course - but the DA's shop will generally look for sufficient evidence as they have motivation to keep their win record high (not to mention an ethical motivation to convict only guilty people, though this may be more remote in many cases).
If they have evidence of porn to his router, they'll presumably look for offending files on his computer. If they find them, I'd guess they'll prosecute. If they don't, and the guy is able to afford a decent lawyer, most likely they wouldn't, as best I understand what would be needed for a solid conviction in a case like this in most areas. If the guy is poor, he'll probably have a much tougher time of it, but that's not related to IP addresses or anything else, just that more people who get convicted of crimes are poor and less able to defend themselves in court.
I'm not an expert or a lawyer though..
Use SpiderOak instead - zero prior knowledge encryption so no one but the password holder can see the files. (My relation to SO is as a non-paying customer).
I believe the original reason for local blackouts was the fear that people wouldn't buy tickets and physically go to the games, if they could listen on the radio. Then the same concept got applied to live televised games, and so on. It may have become more of a local ad revenue thing, but I wouldn't be at all surprised if the luddite owners still fear loss of ticket revenue due to live broadcasts on any medium.
IIRC the number was 640k and it was Bill G who said it.
Winner of Godwin's law prize!
That was a stimulus, not a year-on-year budget increase. Not saying it worked, but it was an emergency economic measure. Bush was heading down that road also before he left office, and in fact a lot of the language was drafted during the Bush administration with input from the incoming administrative leadership.
Some would argue the Iraq war was an emergency too when Bush undertook it, but I personally find that hard to believe.
"Because it's very very cold in.. spaaace."
I'm pretty sure that MITM doesn't work against SSL? Once you know the public cert from your root key server (something baked into most browsers), no one can MITM your channel. Since you know the public cert of your root key server before you even reach out to them, so it's hard for someone in the middle to impersonate them, and once you've got info from your root key server, it's similarly hard to impersonate an authorized channel. At least that's my understanding. http://en.wikipedia.org/wiki/Man-in-the-middle_attack
That's a good point. But I'd suggest that in my experience there are lot of perl libs that I simply can't read at all, and most ruby libs I dig into are "figureoutable." Probably that's a cultural thing -- perl devs often know the system so well they write hard to read code at the expense of compactness and internal elegance. Internal elegance in ruby (by culture) often values readability.
I'll be curious what you think!