Great point. It reminds me of the O.J. trial where the prosecution DNA expert was explaining how the blood matched OJ's with a 1 in 6 million chance of being someone else (I'm fuzzy on the actual number - doesn't matter).
The defense lawyer asked the expert, "So did you test six million people to see if it matched all of them." The expert said something like, "No, we used a statistical procedure to determine the match, involving samples of 600 people's blood." (again I'm fuzzy on the actual #'s)
The defense lawyer said, "But what if the 601st person's blood had matched OJ's? No further questions."
Man we need to teach more stat or logic or something school..
We definitely made the bed and now we're stuck lying in it. Good point. But it still doesn't un-crazy the Iranian theocracy. Crazy US foreign policy gave them the vehicle to come to power but those nutjobs are doing fine being crazy all on their own now.
Ditto for Afghanistan come to think of it (twice there - first in the 80's and now again with Karzai). The more things change, the more they stay the same..
Those last round of elections were free and fair? Ahmadinejad sure sounds like a nut job whenever he opens his mouth in public.
Don't get me wrong, I agree there's tremendous media bias about Iran. But the Iranian gov't seems pretty loco. The US gov't up until recently seemed pretty loco to me as well.
The Iranian police and paramilitary stomping on civilians during a peaceful demonstration looked a lot more to me like Burma than the US or Europe. I marched peacefully against the (second) Iraq war and no one stomped on me. The gov't didn't listen, but I think there's a pretty big difference between those two things.
Thanks - I was going to post similarly. I haven't heard a peep in any med lit about H1N1 being anything other than a natural variant. Maybe OP heard it at the doctor's office but you hear a lot at the doctor's office that is worth a second opinion.
Bruce Schneirer debunked the sociopath theory reasonably well when he observed that this tool is very specifically focused. If this tool had been built with sociopathic/antisocial intent it would have f'ed-up way, way more public infrastructure world-wide.
Good point. Trusting a conf file that says only 127.0.0.1 is allowed in to a port is little dicey sometimes. Having a firewall making a more rigorous statement further up-chain about "no lookey" is a nice safety feature. Also it lets me work with nearby devs without totally going mando to the world.
Yeah, good point -- and they're also implicitly saying that you'll now never even know they were on your network since they've got that side of things wrapped up now too. Yikes.
I disagree. One should always weigh the cost of that assumption (and the associated security costs in tech and personnel) against the pain/cost of a less secure network. To always build the most secure network possible is not always cost efficient and therefore not always the right choice. Assuming your network is always in a state of compromise will often be a very expensive assumption, so should only be undertaken if it's worth it in terms of risk to what's on your network. For NSA clearly they've got some pretty important stuff in there so they'll do anything/everything to protect it. We're not all in that boat when it comes to network security. That's not sloppiness - sloppiness is getting blindsided by penetration vectors you didn't account for but should have.
That sounds dangerously like security through obscurity to me. Relying on lack of information about your password to protect it is insecure, as best as I understand the issue.
Good hashes should be able to share everything about themselves except the values that generated them. If you use a weak value to generate it, then any security hash is weak.
Good reference. Thanks. I use PasswordSafe but it's local. I actually like that feature b/c it reduces the number of vendor dependencies, but it's a pain b/c of sync. It might be worth checking out lastpass so thanks for the reference.
FYI, there's an interesting company called SpiderOak which has similar security (zero knowledge cloud encryption) for storing files online which is pretty handy as well.
Wikipedia is not (and my opinion should not be) a publisher of record. If you figure out an important scientific advance, you can't and shouldn't publish it first on WP. I think that admins who remove this kind of info are just following the guidelines for WP. Many folks on/. don't like this model and I guess there's a good argument both ways, but the fact is that WP is specifically and explicitly set up at this point to prevent this kind of "first posting."
Publish your advance on your blog, tweet it and wait for NYT to come write a story about it. Then link to the story and put it on WP. That's what WP is for.
Double plus. I agree. I find a lot of complaints around WP are about someone's inability to insert something they value but which isn't widely known or reported in the media.
There are good counter-examples where legitimate info is rejected for "bad" reasons of various kinds.
But as a core reference work, WP is better than anything else I've ever used. The effort to value ratio is just excellent.
I've had some run-in's with obnoxious editors messing with my stuff or personally insulting me, but I've also had lots of great cooperation and support in improving articles I've written or edited.
He tried it without all the eyeballs and google juice that WP gets. Everything looks different when you're building a business model from nothing than when you're extending one like WP.
Right on. This has me baffled too. Just doing some basic audit tracking and detection would seriously reduce the damage any one low-level person could inflict.
How many people need to access to the entire database of data? Probably a lot.
How many need a copy of the entire database? Hopefully nobody?
I don't know if it is true but I've read in some media accounts that these attacks have in some cases prevented these companies from conducting their regular financial transactions with customers.
Anyone know if this is true? If it is true Anon. is doing a lot more than preventing these companies from sharing info via a website..
I don't it's your googlefu gone bad but others getting better. The others being all the SEO link-spamming, metatag stuffing trolls. So it's harder for google to give you the right results now than it has ever been. At least that's how I see it..
Let me say it again: he didn't commit espionage to obtain the information; he was GIVEN it.
I am by no means an expert, but my understanding is that espionage crimes can include a whole pile of actions beyond the original obtainment. Those facilitating the transfer, publication or dissemination can also be tried (in absentia in some cases I think) and convicted. So it is possible that the US law might reasonably (that's the legal term "reasonably") be interpreted to indicate that Wikileaks is in violation of its espionage statutes.
However the same might often be true for New York Times reporters when they leak information from "senior white house sources" (Valerie Plame anyone). However, the reporters have clear first amendment rights that protect them from gov't prosecution for espionage (so in general Justice won't even bring it to trial - fails a reasonableness test).
The big question (as best I understand it) is does Wikileaks enjoy similar FA rights . I'm pretty sure the Justice Department wants to see that question answered in court, with Assange in the pokey for the whole (very very long) time the trial takes to resolve.
The general point I think you're getting at is that there are some first amendment protections that can override any attempt to convict for espionage? And I think that's a very important point. Does one's first amendment rights prevents conviction for espionage in some cases?
Someone with more FA and espionage legal expertise may be able to give a more precise answer.. hopefully!
Slashdot Mirror
Great point. It reminds me of the O.J. trial where the prosecution DNA expert was explaining how the blood matched OJ's with a 1 in 6 million chance of being someone else (I'm fuzzy on the actual number - doesn't matter).
The defense lawyer asked the expert, "So did you test six million people to see if it matched all of them." The expert said something like, "No, we used a statistical procedure to determine the match, involving samples of 600 people's blood." (again I'm fuzzy on the actual #'s)
The defense lawyer said, "But what if the 601st person's blood had matched OJ's? No further questions."
Man we need to teach more stat or logic or something school..
We definitely made the bed and now we're stuck lying in it. Good point. But it still doesn't un-crazy the Iranian theocracy. Crazy US foreign policy gave them the vehicle to come to power but those nutjobs are doing fine being crazy all on their own now.
Ditto for Afghanistan come to think of it (twice there - first in the 80's and now again with Karzai). The more things change, the more they stay the same..
Those last round of elections were free and fair? Ahmadinejad sure sounds like a nut job whenever he opens his mouth in public.
Don't get me wrong, I agree there's tremendous media bias about Iran. But the Iranian gov't seems pretty loco. The US gov't up until recently seemed pretty loco to me as well.
The Iranian police and paramilitary stomping on civilians during a peaceful demonstration looked a lot more to me like Burma than the US or Europe. I marched peacefully against the (second) Iraq war and no one stomped on me. The gov't didn't listen, but I think there's a pretty big difference between those two things.
Thanks - I was going to post similarly. I haven't heard a peep in any med lit about H1N1 being anything other than a natural variant. Maybe OP heard it at the doctor's office but you hear a lot at the doctor's office that is worth a second opinion.
Bruce Schneirer debunked the sociopath theory reasonably well when he observed that this tool is very specifically focused. If this tool had been built with sociopathic/antisocial intent it would have f'ed-up way, way more public infrastructure world-wide.
Good point. Trusting a conf file that says only 127.0.0.1 is allowed in to a port is little dicey sometimes. Having a firewall making a more rigorous statement further up-chain about "no lookey" is a nice safety feature. Also it lets me work with nearby devs without totally going mando to the world.
Yeah, good point -- and they're also implicitly saying that you'll now never even know they were on your network since they've got that side of things wrapped up now too. Yikes.
I disagree. One should always weigh the cost of that assumption (and the associated security costs in tech and personnel) against the pain/cost of a less secure network. To always build the most secure network possible is not always cost efficient and therefore not always the right choice. Assuming your network is always in a state of compromise will often be a very expensive assumption, so should only be undertaken if it's worth it in terms of risk to what's on your network. For NSA clearly they've got some pretty important stuff in there so they'll do anything/everything to protect it. We're not all in that boat when it comes to network security. That's not sloppiness - sloppiness is getting blindsided by penetration vectors you didn't account for but should have.
Yeah - great point. Thief was much smarter to post this photo on the victim's facebook page than on his own!
FTW! Thanks for getting this all-too-pedantic conversation back to reality.
That sounds dangerously like security through obscurity to me. Relying on lack of information about your password to protect it is insecure, as best as I understand the issue.
Good hashes should be able to share everything about themselves except the values that generated them. If you use a weak value to generate it, then any security hash is weak.
Problem is most *users* do not care at all about user security so they wont pay for it.
There fixed that for you.
Good reference. Thanks. I use PasswordSafe but it's local. I actually like that feature b/c it reduces the number of vendor dependencies, but it's a pain b/c of sync. It might be worth checking out lastpass so thanks for the reference.
FYI, there's an interesting company called SpiderOak which has similar security (zero knowledge cloud encryption) for storing files online which is pretty handy as well.
Wikipedia is not (and my opinion should not be) a publisher of record. If you figure out an important scientific advance, you can't and shouldn't publish it first on WP. I think that admins who remove this kind of info are just following the guidelines for WP. Many folks on /. don't like this model and I guess there's a good argument both ways, but the fact is that WP is specifically and explicitly set up at this point to prevent this kind of "first posting."
Publish your advance on your blog, tweet it and wait for NYT to come write a story about it. Then link to the story and put it on WP. That's what WP is for.
Unless of course WP's proposed ads were so effective that they drove *up* demand for purchasing online ads.. Hmm.
Double plus. I agree. I find a lot of complaints around WP are about someone's inability to insert something they value but which isn't widely known or reported in the media.
There are good counter-examples where legitimate info is rejected for "bad" reasons of various kinds.
But as a core reference work, WP is better than anything else I've ever used. The effort to value ratio is just excellent.
I've had some run-in's with obnoxious editors messing with my stuff or personally insulting me, but I've also had lots of great cooperation and support in improving articles I've written or edited.
Hello Yahoo, is that you?
He tried it without all the eyeballs and google juice that WP gets. Everything looks different when you're building a business model from nothing than when you're extending one like WP.
Right on. This has me baffled too. Just doing some basic audit tracking and detection would seriously reduce the damage any one low-level person could inflict.
How many people need to access to the entire database of data? Probably a lot.
How many need a copy of the entire database? Hopefully nobody?
More like destroying some cash in a bank and then leaving a cell phone behind so the bank staff can call the cops and/or press.
Scat analogy ftw!
Some 16 year old in Europe has already been arrested over the anon. ddos attacks - at least I read it in the paper..
I don't know if it is true but I've read in some media accounts that these attacks have in some cases prevented these companies from conducting their regular financial transactions with customers.
Anyone know if this is true? If it is true Anon. is doing a lot more than preventing these companies from sharing info via a website..
I don't it's your googlefu gone bad but others getting better. The others being all the SEO link-spamming, metatag stuffing trolls. So it's harder for google to give you the right results now than it has ever been. At least that's how I see it..
Let me say it again: he didn't commit espionage to obtain the information; he was GIVEN it.
I am by no means an expert, but my understanding is that espionage crimes can include a whole pile of actions beyond the original obtainment. Those facilitating the transfer, publication or dissemination can also be tried (in absentia in some cases I think) and convicted. So it is possible that the US law might reasonably (that's the legal term "reasonably") be interpreted to indicate that Wikileaks is in violation of its espionage statutes.
However the same might often be true for New York Times reporters when they leak information from "senior white house sources" (Valerie Plame anyone). However, the reporters have clear first amendment rights that protect them from gov't prosecution for espionage (so in general Justice won't even bring it to trial - fails a reasonableness test).
The big question (as best I understand it) is does Wikileaks enjoy similar FA rights . I'm pretty sure the Justice Department wants to see that question answered in court, with Assange in the pokey for the whole (very very long) time the trial takes to resolve.
The general point I think you're getting at is that there are some first amendment protections that can override any attempt to convict for espionage? And I think that's a very important point. Does one's first amendment rights prevents conviction for espionage in some cases?
Someone with more FA and espionage legal expertise may be able to give a more precise answer.. hopefully!