Yes, and damned well they should unless your moral views are very shallow.
How many US politicians are laughing at the Wikileaks/Guardian partnership exploding so spectacularly?
I'd say it's the CIA laughing. This is incredibly valuable for them. They lose some secrets, but they discredit the messenger (And anyone who tries to replace them) to prevent future leaks. If I was running the CIA, I'd certainly run a program to discredit Wikileaks. A few rape allegations here, an ideological schism in the organization alleging untrustworthiness, some unveiling of sources to make future sources afraid...
Does Wikileaks finally realise there's a need for secrecy/privacy in the world?
Finally? They've said that all along. That's why they were redacting the documents in the first place.
Does privacy/secrecy all boil down to where someone draws an arbitrary line in the sand?
Yes. The world is a fuzzy place and doesn't lend itself to simple morals where you can divide things into the dark side and the light side. At some point it just comes down to someone looking at the situation and doing what they feel is right.
Should a lack of privacy/secrecy be all or nothing?
Of course not. In general, I believe that the larger an entity is, the less privacy they deserve.
Is Wikileaks cementing views that it is or isn't an organisation of journalists who are guided by traditional journalistic ethics?
They publish the truth and protect sources who need protection. They've pretty much always been in that camp.
Only if you habitually visit the same place does it provide any significant reduction in risk, so if you see a product you want on an as-yet unvisited storefront, you have zero protection against MITM.
Your home ISP isn't going to MITM you. They want to keep you as a customer. The coffee shop you visit isn't going to. They don't want to get prosecuted for credit card fraud. Same thing with a hotel network.
I'd expect it from random TOR exit nodes, but why would you use an anonymity network to shop with a credit card?
Passive eavesdropping is a real concern, but what's an example of a network where people would engage in active MITM attacks *hoping* that someone will try to send secret information on their very first visit to a new site?
But that's just not the case, self-signed certs *shouldn't* be any less scary than at least some semblance of a CA with a diligent client pulling CRLs.
I agree: self-signed should be slightly more scary than CA-signed. I just think that both need to move toward the center: self-signed should say "This is your first time here, and we have no way to verify who this is other than if you know this fingerprint:" vs CA-signed "This is your first time here, and says is good". Those are much more realistic, useful messages in a model that allows wider adoption of SSL everywhere than the current one, where you have a worthless CA grant certs that give absolutely no warning vs. self-signed which give the currently over-scary message.
See, this discourages organizations from ever changing keys even if they think there is a *chance* they were compromised.
That's a very good point. How about this: just use the CAs for revocation. The CA can't revoke a cert until you sign the revocation with your signing-key (so the CA isn't centrally-attackable to revoke the cert of a site you want to attack); and include the fingerprint of the new cert in the revocation. If the new cert matches the fingerprint, cache it and move on; if it doesn't match, big scary message.
That would limit the exploit to situations where the attacker gets a copy of the secret key from you, AND they convince the CA that they're validly revoking the cert. If the CA requires some out of band confirmation, that's a pretty tough bar to clear.
All that said, I agree that the current DNSSEC model is going to push things forward a lot.
1) You have an optional CA. Sites like Gmail will get a cert. That (usually) covers the initial connection.
2) Pop a huge warning if the cert changes, even if the CA signs the new one. This is the really important part.
3) Even if all of the network is subverted AND all of the CAs are subverted, the MITM is still detected when people VPN to another country, or dial out, or travel, or the fingerprints are manually verified.... you can't guarantee the availability of encryption, but you can always detect widespread (country-wide) MITM attacks.
How long until we collectively admit that centralized SSL certs are actually causing more problems than they solve?
The SSH model works great: connect to a site once; verify the fingerprint once if you consider a MITM to be a reasonable concern; cache the key and know that forever after you're connecting to the same site as you did the first time. That narrows the attack vector to active MITM attacks where Mallory can intercept your first connection (if they want to actually get your data) and every connection thereafter (if they don't want to be noticed). It makes widespread surveillance impossible (they'd be noticed) and targeted attacks very unlikely to succeed.
You can even add a CA to that model: have the first-time dialog be "[ nobody | ] certifies that is . Does that sound OK to you? (looks good) (hell no)". In other words, just make self-signed certs less scary, and CA-signed certs more scary... Which would accurately reflect the actual level of security you're getting: both are probably OK, and one is a little more certified but certainly not golden. Only pop up the BIG SCARY WARNING when the cert changes, even if it's signed by the CA.
It performs better because it has a whole bunch of antennas all over their body and can select the one that has the best performance at any given moment. Being able to choose one in the best spot is sometimes better than having a single efficient antenna. Of course, strapping 50 whip antennas to yourself would perform better than either a single whip or the antennasuit alone. Just don't try to move through bushes or interact with humans.
The Kindle goes for weeks without being careful about battery life. One of the cool things about e-ink is that the image persists passively, so when you turn the page, it just powers up for a moment to flip then goes back to sleep.
Gun oil evaporates enough to lubricate poorly after just three days.
Quit using CLP.:) It's designed for military use where their guns are maintained frequently. Or Kroil... it's designed to creep, not to stay.
I use Tetra. I had a rifle in storage for over a year and when I inspected it before use, I found the oil still right where it should be. Mobil 1 also works well in this regard, as do many heavier-weight gun oils.
I DO fault RSA for not compartmentalizing their security. A compromise of a user desktop should be expected. The fact that this foothold let someone get to the token seeds suggests some serious design and procedural negligence on RSA's part. The damage should have been limited to some emails getting leaked, not a compromise of their most vital secrets.
Also, with the very large number in existence these days, if they decide they don't like you because you're supporting the terrorists / pedophiles / commies, I guarantee you, they can convict you of something. Perhaps it's totally unrelated to what they were originally investigating you for, but as long as they had legitimate probable cause for the initial investigation, anything else they find is fair game. So this isn't true:
Running an open Wi-Fi hotspot, or Tor exit node, would make you both more likely to be investigated, and less likely to be convicted, of any cyber crimes.
No sir. It makes you less likely to be convicted than someone else who is being investigated, but overall, you're much more likely to be convicted of something once their gaze falls on you.
First, analog electronics don't *have* memory cells. Basic RC control systems don't use a single byte of memory; they're just FM radios that demodulate a few overlaid waves into a few analog outputs. Interference will make the controls twitch a little, but the scale of these circuits is enormous compared to RAM, and so the interference is very small.
Second, you're seriously overestimating the amount of radiation. Things will malfunction terribly if they're directly over an exposed core or otherwise getting huge amounts of direct shine, but the hottest of the hot spots inside the building would probably only cause some CCD sparkle, not a complete failure.
Of course culture has an effect too. Lots of things have an effect.
The question asked was "Does religion influence epidemics", not "Is religion the biggest influence on epidemics".
Condoms aren't the sole solution - nothing is - but the in epidemiology, every small effect you can make to transmission rates adds up has a large effect on an epidemic. Once you get below a certain level you can even achieve "herd immunity" where the disease will die out on its own - much like smallpox, where we never got everyone vaccinated, but we did get enough.
So you knock down the infection rates with needle exchange programs, cultural changes, condom use, testing programs... All of which help a little. Hopefully it adds up to enough.
Because that was the official position of the Catholic Church for a very long time. Recently they've conceded that it can be the lesser of two evils, but they haven't exactly tried hard to push them for disease prevention.
... All of which is why I never suggested it for going inside.
For just getting pictures looking through the holes in the walls, I think the balance of Need vs Risk was well in favor of Need when they were running blind and there was considerable Risk from not acting.
All that still doesn't answer why they didn't move in much sooner with the commercial robots that are designed for this.
Inferring from TFA, the bots are able to run over WiFi, and one of the ways they increased range was by dragging an AP into the building. They can also run over an optical fiber - I'd assume that's also Ethernet, since it'd be silly to use a whole different technology when it's already controlled by 802 frames. I can't imagine why they couldn't scrounge some repeaters.
Shielding isn't too big a deal. You don't take that much damage from direct radiation unless you're standing near a large emitter... Just check your dosimeter before you set up camp. The much bigger hazard is inhaling particles of alpha-emitter which a) do a lot of damage when they're inside you and b) keep doing it for a long time. Fortunately, that's easy to handle with cleanroom-type particle filters.
Personally, I'd have volunteered in a minute if I had a specialized skill that would help that way.
I think your CYA theory is closest to the truth. It's not just a fear of failure; it's a fear of looking embarrassingly like a bunch of amateurs on TV if they don't perform smoothly. The Japanese have a lot of pride, with all the good and bad that entails.
They had plane-type UAVs do some fly-bys at a hundred meters or so about two weeks in; the helicopter-type capable of close-up pictures weren't used for over a month.
I agree about the problems going in the building - there's no way a heli could do it. The PackBot is the right tool for the entry job. iRobot sent them about a week in, but TEPCO waited weeks more before using them. Training is the only excuse I can think of, and it's pretty thin: I'm sure someone experienced with them would have volunteered to work the first couple weeks until TEPCO employees were ready to go.
They could have gotten by with consumer-grade parts. There's no substitute for rad-hardened parts on satellites because launching another is very expensive, but that wasn't the case here.
In Fukushima, they could have done what hundreds of hobbyists do: Run down to Radio Shack, get a cheap toy helicopter, strap a camera to it. This is all analog tech, so there's no OS to crash if the circuits pick up some noise, as long as it's not so much nose that the thing fries entirely - and even that would give you a pretty useful bit of information.
Possible failure scenarios:
* Helicopter fails when it gets close and drops to the ground. Solution: Get another helicopter.
* Helicopter goes haywire and crashes headfirst into the spent fuel pool. Solution: This building is already blown right the fuck up; the mechanical damage is utterly irrelevant, and worst case, the li-poly batteries might slightly contaminate the water. Deal with that later. Get another helicopter.
Cost: Less than $1000 a pop for a really nice toy chopper and a very decent video camera. Risks: Essentially none, as above. Rewards: Nice up-close pictures instead of fast manned fly-bys hundreds of meters away.
Even if that plan gets vetoed, there are commercially available rad-hardened UAVs and ground recon bots. All they had to do was google it, call someone up, and get a handful flown out there. I'm sure they could get a few bots for $1M, or even for free given the publicity. That's essentially what the eventually did - why did they wait?
Agreed. And as the other AC said, they're sort of conceding a "lesser of two evils" stance.
Credit given.
However, they're generally pushing abstinence in lieu of safe sex education when possible. On the whole of it, it probably results in less total sex, but more unprotected sex. The original question was whether religion was influencing the course of epidemics, and they pretty clearly are.
Slashdot Mirror
FTFA:
Wikileaks complaining of a leak?
Yes, and damned well they should unless your moral views are very shallow.
How many US politicians are laughing at the Wikileaks/Guardian partnership exploding so spectacularly?
I'd say it's the CIA laughing. This is incredibly valuable for them. They lose some secrets, but they discredit the messenger (And anyone who tries to replace them) to prevent future leaks. If I was running the CIA, I'd certainly run a program to discredit Wikileaks. A few rape allegations here, an ideological schism in the organization alleging untrustworthiness, some unveiling of sources to make future sources afraid...
Does Wikileaks finally realise there's a need for secrecy/privacy in the world?
Finally? They've said that all along. That's why they were redacting the documents in the first place.
Does privacy/secrecy all boil down to where someone draws an arbitrary line in the sand?
Yes. The world is a fuzzy place and doesn't lend itself to simple morals where you can divide things into the dark side and the light side. At some point it just comes down to someone looking at the situation and doing what they feel is right.
Should a lack of privacy/secrecy be all or nothing?
Of course not. In general, I believe that the larger an entity is, the less privacy they deserve.
Is Wikileaks cementing views that it is or isn't an organisation of journalists who are guided by traditional journalistic ethics?
They publish the truth and protect sources who need protection. They've pretty much always been in that camp.
Except T-Mobile doesn't get the cash. DT gets the cash.
And T-Mobile is a wholly-owned subsidiary of DT. What's your point?
"[ nobody | <CA>] certifies that <fingerprint> is <domain>. Does that sound OK to you? (looks good) (hell no)"
Only if you habitually visit the same place does it provide any significant reduction in risk, so if you see a product you want on an as-yet unvisited storefront, you have zero protection against MITM.
Your home ISP isn't going to MITM you. They want to keep you as a customer. The coffee shop you visit isn't going to. They don't want to get prosecuted for credit card fraud. Same thing with a hotel network.
I'd expect it from random TOR exit nodes, but why would you use an anonymity network to shop with a credit card?
Passive eavesdropping is a real concern, but what's an example of a network where people would engage in active MITM attacks *hoping* that someone will try to send secret information on their very first visit to a new site?
But that's just not the case, self-signed certs *shouldn't* be any less scary than at least some semblance of a CA with a diligent client pulling CRLs.
I agree: self-signed should be slightly more scary than CA-signed. I just think that both need to move toward the center: self-signed should say "This is your first time here, and we have no way to verify who this is other than if you know this fingerprint:" vs CA-signed "This is your first time here, and says is good". Those are much more realistic, useful messages in a model that allows wider adoption of SSL everywhere than the current one, where you have a worthless CA grant certs that give absolutely no warning vs. self-signed which give the currently over-scary message.
See, this discourages organizations from ever changing keys even if they think there is a *chance* they were compromised.
That's a very good point. How about this: just use the CAs for revocation. The CA can't revoke a cert until you sign the revocation with your signing-key (so the CA isn't centrally-attackable to revoke the cert of a site you want to attack); and include the fingerprint of the new cert in the revocation. If the new cert matches the fingerprint, cache it and move on; if it doesn't match, big scary message.
That would limit the exploit to situations where the attacker gets a copy of the secret key from you, AND they convince the CA that they're validly revoking the cert. If the CA requires some out of band confirmation, that's a pretty tough bar to clear.
All that said, I agree that the current DNSSEC model is going to push things forward a lot.
1) You have an optional CA. Sites like Gmail will get a cert. That (usually) covers the initial connection.
2) Pop a huge warning if the cert changes, even if the CA signs the new one. This is the really important part.
3) Even if all of the network is subverted AND all of the CAs are subverted, the MITM is still detected when people VPN to another country, or dial out, or travel, or the fingerprints are manually verified.... you can't guarantee the availability of encryption, but you can always detect widespread (country-wide) MITM attacks.
How long until we collectively admit that centralized SSL certs are actually causing more problems than they solve?
The SSH model works great: connect to a site once; verify the fingerprint once if you consider a MITM to be a reasonable concern; cache the key and know that forever after you're connecting to the same site as you did the first time. That narrows the attack vector to active MITM attacks where Mallory can intercept your first connection (if they want to actually get your data) and every connection thereafter (if they don't want to be noticed). It makes widespread surveillance impossible (they'd be noticed) and targeted attacks very unlikely to succeed.
You can even add a CA to that model: have the first-time dialog be "[ nobody | ] certifies that is . Does that sound OK to you? (looks good) (hell no)". In other words, just make self-signed certs less scary, and CA-signed certs more scary... Which would accurately reflect the actual level of security you're getting: both are probably OK, and one is a little more certified but certainly not golden. Only pop up the BIG SCARY WARNING when the cert changes, even if it's signed by the CA.
It performs better because it has a whole bunch of antennas all over their body and can select the one that has the best performance at any given moment. Being able to choose one in the best spot is sometimes better than having a single efficient antenna. Of course, strapping 50 whip antennas to yourself would perform better than either a single whip or the antennasuit alone. Just don't try to move through bushes or interact with humans.
So am I! Clearly a tablet is better for your use. We were talking about this, though:
I expect millions of Kindle owners will happily skip the added weight and shorter battery life of a full-fledged tablet
I personally think there's room in the market for both kinds of devices. I wouldn't mind having one of each, really.
hipster Amazon disciples
Wait... what?
I hope this is an Apple joke. :)
The Kindle goes for weeks without being careful about battery life. One of the cool things about e-ink is that the image persists passively, so when you turn the page, it just powers up for a moment to flip then goes back to sleep.
Gun oil evaporates enough to lubricate poorly after just three days.
Quit using CLP. :) It's designed for military use where their guns are maintained frequently. Or Kroil... it's designed to creep, not to stay.
I use Tetra. I had a rifle in storage for over a year and when I inspected it before use, I found the oil still right where it should be. Mobil 1 also works well in this regard, as do many heavier-weight gun oils.
I DO fault RSA for not compartmentalizing their security. A compromise of a user desktop should be expected. The fact that this foothold let someone get to the token seeds suggests some serious design and procedural negligence on RSA's part. The damage should have been limited to some emails getting leaked, not a compromise of their most vital secrets.
Also, with the very large number in existence these days, if they decide they don't like you because you're supporting the terrorists / pedophiles / commies, I guarantee you, they can convict you of something. Perhaps it's totally unrelated to what they were originally investigating you for, but as long as they had legitimate probable cause for the initial investigation, anything else they find is fair game. So this isn't true:
Running an open Wi-Fi hotspot, or Tor exit node, would make you both more likely to be investigated, and less likely to be convicted, of any cyber crimes.
No sir. It makes you less likely to be convicted than someone else who is being investigated, but overall, you're much more likely to be convicted of something once their gaze falls on you.
First, analog electronics don't *have* memory cells. Basic RC control systems don't use a single byte of memory; they're just FM radios that demodulate a few overlaid waves into a few analog outputs. Interference will make the controls twitch a little, but the scale of these circuits is enormous compared to RAM, and so the interference is very small.
Second, you're seriously overestimating the amount of radiation. Things will malfunction terribly if they're directly over an exposed core or otherwise getting huge amounts of direct shine, but the hottest of the hot spots inside the building would probably only cause some CCD sparkle, not a complete failure.
Of course culture has an effect too. Lots of things have an effect.
The question asked was "Does religion influence epidemics", not "Is religion the biggest influence on epidemics".
Condoms aren't the sole solution - nothing is - but the in epidemiology, every small effect you can make to transmission rates adds up has a large effect on an epidemic. Once you get below a certain level you can even achieve "herd immunity" where the disease will die out on its own - much like smallpox, where we never got everyone vaccinated, but we did get enough.
So you knock down the infection rates with needle exchange programs, cultural changes, condom use, testing programs... All of which help a little. Hopefully it adds up to enough.
...which is why I specifically said "the Catholic Church".
Because that was the official position of the Catholic Church for a very long time. Recently they've conceded that it can be the lesser of two evils, but they haven't exactly tried hard to push them for disease prevention.
... All of which is why I never suggested it for going inside.
For just getting pictures looking through the holes in the walls, I think the balance of Need vs Risk was well in favor of Need when they were running blind and there was considerable Risk from not acting.
All that still doesn't answer why they didn't move in much sooner with the commercial robots that are designed for this.
Inferring from TFA, the bots are able to run over WiFi, and one of the ways they increased range was by dragging an AP into the building. They can also run over an optical fiber - I'd assume that's also Ethernet, since it'd be silly to use a whole different technology when it's already controlled by 802 frames. I can't imagine why they couldn't scrounge some repeaters.
Shielding isn't too big a deal. You don't take that much damage from direct radiation unless you're standing near a large emitter... Just check your dosimeter before you set up camp. The much bigger hazard is inhaling particles of alpha-emitter which a) do a lot of damage when they're inside you and b) keep doing it for a long time. Fortunately, that's easy to handle with cleanroom-type particle filters.
Personally, I'd have volunteered in a minute if I had a specialized skill that would help that way.
I think your CYA theory is closest to the truth. It's not just a fear of failure; it's a fear of looking embarrassingly like a bunch of amateurs on TV if they don't perform smoothly. The Japanese have a lot of pride, with all the good and bad that entails.
They had plane-type UAVs do some fly-bys at a hundred meters or so about two weeks in; the helicopter-type capable of close-up pictures weren't used for over a month.
I agree about the problems going in the building - there's no way a heli could do it. The PackBot is the right tool for the entry job. iRobot sent them about a week in, but TEPCO waited weeks more before using them. Training is the only excuse I can think of, and it's pretty thin: I'm sure someone experienced with them would have volunteered to work the first couple weeks until TEPCO employees were ready to go.
They could have gotten by with consumer-grade parts. There's no substitute for rad-hardened parts on satellites because launching another is very expensive, but that wasn't the case here.
In Fukushima, they could have done what hundreds of hobbyists do: Run down to Radio Shack, get a cheap toy helicopter, strap a camera to it. This is all analog tech, so there's no OS to crash if the circuits pick up some noise, as long as it's not so much nose that the thing fries entirely - and even that would give you a pretty useful bit of information.
Possible failure scenarios:
Cost: Less than $1000 a pop for a really nice toy chopper and a very decent video camera.
Risks: Essentially none, as above.
Rewards: Nice up-close pictures instead of fast manned fly-bys hundreds of meters away.
Even if that plan gets vetoed, there are commercially available rad-hardened UAVs and ground recon bots. All they had to do was google it, call someone up, and get a handful flown out there. I'm sure they could get a few bots for $1M, or even for free given the publicity. That's essentially what the eventually did - why did they wait?
I don't dispute it, but IMO, we shouldn't use monogamy as our only strategy.
Agreed. And as the other AC said, they're sort of conceding a "lesser of two evils" stance.
Credit given.
However, they're generally pushing abstinence in lieu of safe sex education when possible. On the whole of it, it probably results in less total sex, but more unprotected sex. The original question was whether religion was influencing the course of epidemics, and they pretty clearly are.
Yes? Then I'd say they're having an influence.