For the most part of this, it is Charles Peters that is stupid. However, we really do need a system in which we can find out if a check REALLY does clear FINALLY and ONCE AND FOR ALL. It won't be easy to do, because if the account holder the check is drawn on is innocent, and only finds out a month later, they certainly must have a right to void the transfer. So this would have to be some specific number of days after which the check is absolutely as clear as cash. Maybe 100 days?
The MPs are wanting their child porn, and haven't been able to get it for a while. They are not smart enough on their own to figure out ways around the filters. But they figured out this scheme to deny all porn to everyone, motivating the teen boys to figure it out for them. Then all they have to do is watch for the solutions to get traded around.
Some of them will still need to replenish their supply of pr0n, tun3z, and v1dz, once enough memory stick trading spreads what they have now all around. Kids always want new stuff, and some of the kids always want to be the source for the new stuff. VPN is just one of many ways. What they use will depend on how innovative they are. I've seen HTTPS over DNS happen! All you are doing (which you probably already know) is just challenging the smarter ones to find new solutions.
... lists of public IPv4 addresses to identify "undesirable" hosts...
Legitimate mail servers will still need an IP address, whether that is IPv4 or IPv6. Their outbound SMTP connections can just use that same IP address. The real issue involves all those end user (broadband and dialup) IP addresses, which more and more will be multiple users sharing them for outbound connections, with no inbound. Make those have zero reputation. Let the IP addresses which are associated with real mail servers have the reputation earned by its behavior.
One big difficulty will be mail servers stuck only on IPv6 trying to deliver mail to those on IPv4, and visa-versa. But this is at least a substantial subset of the IP space. That means it can hold out for a while on IPv4, until enough IPv6 is deployed to make a "mad rush to IPv6 for email" can happen. But in the mean time, those who can do mail exchange between servers on IPv6 will be pretty much spam free, for at least a while. When spammers get on IPv6, then we know IPv6 is "happening".
To encourage IPv6, those who are on it can do things like adding extra goodies to IPv6 users. I do know a lot of porn is already there. Maybe extra features on web sites can be made to work on IPv6, too.
The way to do it is to put it all into the video card. The app just specifies the area of the screen to use for this, and shuffles data back and forth between the video card and the source. The video card verifies keys from the source and the HDCP compliant monitor that is connected via DVI or HDMI. If all checks out, the video path to the monitor becomes encrypted per HDCP, and the specified area is replaced with the protected video. This is done after the read-back buffer, so if some program code reads back the video buffer, it just gets the contents with the DRM video part showing was is behind the DRM display area.
All you need to do is get the video card makers to go along with it. If they weren't in bed with Microsoft (who wants to keep all the DRM in software so they can keep the market strangled), it might happen. It's NOT technology that prevents it from working on Linux/BSD... it's people.
It may not make business sense for Netflix to invest in a player for Linux, given the relatively small audience on the Linux desktop.
But if they were to use standardized program development models in a portable non-proprietary language, they would have minimal difficulty getting a common code base to work on BSD or Linux. Just hire programmers with BSD/Linux development experience and let them work out the remaining differences.
Ha! GLWT! These are US MIL addresses. You are probably just trying to attack them. We already know about Chinese espionage. Wikileaks told us all about it.
As a network and systems administrator, I'm all ready for IPv6. It's already running on our LAN and in use. I'm just waiting for our firewall maker to get their act together and implement IPv6, and for our ISP to get their act together and deploy IPv6.
Nor do you run out of the courtroom to deal with a major water leak from apartment B3. The reality is, someone in a crucial position like this needs to be excused from jury duty, or the court needs to find a way for them to address the matter (it's not easy, so excuse them). People in many self-owned and operated businesses do get excused from jury duty easily.
It could be interfered, but it would be harder. They'd have to track down the ISP. If the ISP is in another country, it's even harder. OTOH, lots of ISPs don't set up their reverse DNS.
More sharing is needed, and clearly they've done that to at least some extent. The problem is they included too many people in that sharing. Full access to "everything" should be limited to specific analysts with top clearance, and years of experience doing work under clearance (and thoroughly background/personality checked). It should NOT be for front line soldiers, which instead should have limited NTK access.
This alumnus person has some lack of mental ability at comprehension. I sure as hell hope we don't have idiots like that working in any government position or in any decision making capacity with any corporation. But, apparently, we have a lot of them in both.
What is leaked is NO LONGER confidential. One's ability to handle and deal with confidential or secret information has to do KEEPING it confidential or secret. Once it is widely public, all that effort is pointless. If you work in a government or private position where you get information, then keep THAT information totally confidential and secret, even if no one specifically told you to keep it secret (unless your job is something like media representative and you were told to release the information).
I'd like to provide my feedback to both parties in this. I found the email addresses of a couple people at PCMAG that I could write to an express my views. So far, I have found NO email addresses of ANY of the executives who wrote that letter to PCMAG (as seen on Billboard).
My conclusion is clear. PCMAG has at least some interest in what its readers, and the general public, think about this. But the music industry executives clearly have no interest in what people think. They have their heads in the sand. They have some idea of what product they want to deliver, and all they want is to push it so hard that people will just accept it.
I really just wanted to ask them... personally... and that means NOT some secretary answering... I want to hear directly from these executives themselves since they think their names are so important... just where I can BUY music that will work for me (beyond what Magnatune has). Do they even consider me to be part of their target market? I have some serious doubts. And I bet a lot of people do, now.
And once you are running arbitrary code, finding ways to be root are within possibility. Not every program around is bug free.
BTW, I did use Firefox profiles, and it didn't work for what I was trying to do (which was NOT to block tracking). My solution did work. It just happened to have the side effect of disrupting tracking outside of the scope of how long one instance of the browser was allowed to run. Sure, my 40 days old browser process I access Slashdot with can let Slashdot track me around. But then, I'm also logged in to Slashdot, too. But at least I can stay logged in quite a while here and don't have to get bumped off because some other web site decides to trigger a bunch of browser bugs or fill the DOM up with a bazillion objects.
I do suspect containers and virtual machines to isolate browsing is a real possibility, soon.
Basic tracking within the site is not my real concern. If you have users login, you can also track them quite well by that means. Isn't that good enough?
I am concerned about cross-site tracking. I'm concerned about a lot of other things like browsers getting too obese because they let their memory get and stay fragmented. A lot of the solutions are the same. And a lot of the solutions can impact things like tracking within the site.
Where intra-site tracking can be a problem is methods you develop that can be used cross-site as well. That pretty much assures that solutions against cross-site will impact intra-site.
As for headers, some proxies do have some limited means to change them. Further, once a proxy is used, all the surfing is going over a single connection that means it easier to inject a filter along the way.
Online games are not my concern. I don't play them. I can understand the problems you do have. My suggestions are few, but they do include the big one of "get away from HTTP". Maybe try VNC?
I have been using, for many years, a script that was originally intended to defeat Firefox's attempt to always run all browser windows under the same process. The method used is to create a fake home directory and populate it with some data that was derived from a "first run" of Firefox. The script applies a few tweaks to make the paths match the dynamically generated fake home directory. Firefox believes it is the home directory. It doesn't go so far to double check this in/etc/passwd or such... why would Firefox want to be that pedantic. If I had to, I could go a step further and defeat even that.
The intent of that script was to keep Firefox from getting overly bloated by allowing me to full quit (exit the process) for each site visited, without killing the windows of other sites I am still currently visiting. In some cases, some sites have triggered bugs, or caused lockups. I can kill the browser for that site (if it didn't crash on its own), still keeping the windows of other sites. It might seem counter-intuitive to many, but this does work to keep the bloat level down. At least it does so with my style of browsing (I keep a number of individual sites up in a browser sometimes for weeks).
One effect I did notice early on is that tracking was not happening if I quit a browser for one site and later started a new one to return. All the old cookies disappeared when the reaper component of the script cleaned up the leftover fake home directories. Cross site tracking wasn't happening as long as I started a new browser for each site, which I usually did, except when following links (in which case, they can get a referrer URL which I have not yet bothered to suppress). Referrers are sometimes useful (like to get a special pass through a paywall when coming from a partner site).
If it turns out that Firefox is so leaky that cookies can be placed outside of the context of the fake home directory, then I'll just have to raise the stakes and use a chroot directory (definitely not secure once arbitrary code can be run), or go even further and use either BSD Jails or Linux Containers (LXC, based on kernel cgroups). That will just mean I have to hard link in some more libraries from a read-only bind mount or some such thing. Maybe I'd even have to make truly real home directories for user dynamically added to/etc/passwd or something. It might add several milliseconds to the Firefox start time. Hopefully, if that happens, the Firefox developers will realize they have holes and get them fixed.
In any event, there's plenty more room to raise even higher walls between instances, even concurrently, of Firefox. We'll go where we need to go. There's only so far that the scumbag versions of web developers can go with this.
Slashdot Mirror
For the most part of this, it is Charles Peters that is stupid. However, we really do need a system in which we can find out if a check REALLY does clear FINALLY and ONCE AND FOR ALL. It won't be easy to do, because if the account holder the check is drawn on is innocent, and only finds out a month later, they certainly must have a right to void the transfer. So this would have to be some specific number of days after which the check is absolutely as clear as cash. Maybe 100 days?
Is it one license per device or one license per household?
In what form is this porn block in the first place? How do they know a given encrypted data stream is transferring porn?
You have it right, except backwards.
The MPs are wanting their child porn, and haven't been able to get it for a while. They are not smart enough on their own to figure out ways around the filters. But they figured out this scheme to deny all porn to everyone, motivating the teen boys to figure it out for them. Then all they have to do is watch for the solutions to get traded around.
What about devices that output by RF and need to connect to the antenna input? Sounds like they need to encrypt BBC and charge for the keys.
Some of them will still need to replenish their supply of pr0n, tun3z, and v1dz, once enough memory stick trading spreads what they have now all around. Kids always want new stuff, and some of the kids always want to be the source for the new stuff. VPN is just one of many ways. What they use will depend on how innovative they are. I've seen HTTPS over DNS happen! All you are doing (which you probably already know) is just challenging the smarter ones to find new solutions.
Is this being done by IP address, or URL string, or are they looking at the contents of the page? What if you were using HTTPS?
Viruses will be written to detect anti-virus code coming in and trip the kill switch as punishment for trying to remove the virus.
... lists of public IPv4 addresses to identify "undesirable" hosts ...
Legitimate mail servers will still need an IP address, whether that is IPv4 or IPv6. Their outbound SMTP connections can just use that same IP address. The real issue involves all those end user (broadband and dialup) IP addresses, which more and more will be multiple users sharing them for outbound connections, with no inbound. Make those have zero reputation. Let the IP addresses which are associated with real mail servers have the reputation earned by its behavior.
One big difficulty will be mail servers stuck only on IPv6 trying to deliver mail to those on IPv4, and visa-versa. But this is at least a substantial subset of the IP space. That means it can hold out for a while on IPv4, until enough IPv6 is deployed to make a "mad rush to IPv6 for email" can happen. But in the mean time, those who can do mail exchange between servers on IPv6 will be pretty much spam free, for at least a while. When spammers get on IPv6, then we know IPv6 is "happening".
To encourage IPv6, those who are on it can do things like adding extra goodies to IPv6 users. I do know a lot of porn is already there. Maybe extra features on web sites can be made to work on IPv6, too.
The way to do it is to put it all into the video card. The app just specifies the area of the screen to use for this, and shuffles data back and forth between the video card and the source. The video card verifies keys from the source and the HDCP compliant monitor that is connected via DVI or HDMI. If all checks out, the video path to the monitor becomes encrypted per HDCP, and the specified area is replaced with the protected video. This is done after the read-back buffer, so if some program code reads back the video buffer, it just gets the contents with the DRM video part showing was is behind the DRM display area.
All you need to do is get the video card makers to go along with it. If they weren't in bed with Microsoft (who wants to keep all the DRM in software so they can keep the market strangled), it might happen. It's NOT technology that prevents it from working on Linux/BSD ... it's people.
From TFA:
It may not make business sense for Netflix to invest in a player for Linux, given the relatively small audience on the Linux desktop.
But if they were to use standardized program development models in a portable non-proprietary language, they would have minimal difficulty getting a common code base to work on BSD or Linux. Just hire programmers with BSD/Linux development experience and let them work out the remaining differences.
Ha! GLWT! These are US MIL addresses. You are probably just trying to attack them. We already know about Chinese espionage. Wikileaks told us all about it.
As a network and systems administrator, I'm all ready for IPv6. It's already running on our LAN and in use. I'm just waiting for our firewall maker to get their act together and implement IPv6, and for our ISP to get their act together and deploy IPv6.
Nor do you run out of the courtroom to deal with a major water leak from apartment B3. The reality is, someone in a crucial position like this needs to be excused from jury duty, or the court needs to find a way for them to address the matter (it's not easy, so excuse them). People in many self-owned and operated businesses do get excused from jury duty easily.
It could be interfered, but it would be harder. They'd have to track down the ISP. If the ISP is in another country, it's even harder. OTOH, lots of ISPs don't set up their reverse DNS.
... like this: http://3626153261/
mount -t tmpfs tmpfs /home/${user}/.adobe
More sharing is needed, and clearly they've done that to at least some extent. The problem is they included too many people in that sharing. Full access to "everything" should be limited to specific analysts with top clearance, and years of experience doing work under clearance (and thoroughly background/personality checked). It should NOT be for front line soldiers, which instead should have limited NTK access.
And http://3590033760/ works (it's really the same thing).
This alumnus person has some lack of mental ability at comprehension. I sure as hell hope we don't have idiots like that working in any government position or in any decision making capacity with any corporation. But, apparently, we have a lot of them in both.
What is leaked is NO LONGER confidential. One's ability to handle and deal with confidential or secret information has to do KEEPING it confidential or secret. Once it is widely public, all that effort is pointless. If you work in a government or private position where you get information, then keep THAT information totally confidential and secret, even if no one specifically told you to keep it secret (unless your job is something like media representative and you were told to release the information).
... pirated copies of these documents?
I'd like to provide my feedback to both parties in this. I found the email addresses of a couple people at PCMAG that I could write to an express my views. So far, I have found NO email addresses of ANY of the executives who wrote that letter to PCMAG (as seen on Billboard).
My conclusion is clear. PCMAG has at least some interest in what its readers, and the general public, think about this. But the music industry executives clearly have no interest in what people think. They have their heads in the sand. They have some idea of what product they want to deliver, and all they want is to push it so hard that people will just accept it.
I really just wanted to ask them ... personally ... and that means NOT some secretary answering ... I want to hear directly from these executives themselves since they think their names are so important ... just where I can BUY music that will work for me (beyond what Magnatune has). Do they even consider me to be part of their target market? I have some serious doubts. And I bet a lot of people do, now.
And once you are running arbitrary code, finding ways to be root are within possibility. Not every program around is bug free.
BTW, I did use Firefox profiles, and it didn't work for what I was trying to do (which was NOT to block tracking). My solution did work. It just happened to have the side effect of disrupting tracking outside of the scope of how long one instance of the browser was allowed to run. Sure, my 40 days old browser process I access Slashdot with can let Slashdot track me around. But then, I'm also logged in to Slashdot, too. But at least I can stay logged in quite a while here and don't have to get bumped off because some other web site decides to trigger a bunch of browser bugs or fill the DOM up with a bazillion objects.
I do suspect containers and virtual machines to isolate browsing is a real possibility, soon.
Basic tracking within the site is not my real concern. If you have users login, you can also track them quite well by that means. Isn't that good enough?
I am concerned about cross-site tracking. I'm concerned about a lot of other things like browsers getting too obese because they let their memory get and stay fragmented. A lot of the solutions are the same. And a lot of the solutions can impact things like tracking within the site.
Where intra-site tracking can be a problem is methods you develop that can be used cross-site as well. That pretty much assures that solutions against cross-site will impact intra-site.
As for headers, some proxies do have some limited means to change them. Further, once a proxy is used, all the surfing is going over a single connection that means it easier to inject a filter along the way.
Online games are not my concern. I don't play them. I can understand the problems you do have. My suggestions are few, but they do include the big one of "get away from HTTP". Maybe try VNC?
I have been using, for many years, a script that was originally intended to defeat Firefox's attempt to always run all browser windows under the same process. The method used is to create a fake home directory and populate it with some data that was derived from a "first run" of Firefox. The script applies a few tweaks to make the paths match the dynamically generated fake home directory. Firefox believes it is the home directory. It doesn't go so far to double check this in /etc/passwd or such ... why would Firefox want to be that pedantic. If I had to, I could go a step further and defeat even that.
The intent of that script was to keep Firefox from getting overly bloated by allowing me to full quit (exit the process) for each site visited, without killing the windows of other sites I am still currently visiting. In some cases, some sites have triggered bugs, or caused lockups. I can kill the browser for that site (if it didn't crash on its own), still keeping the windows of other sites. It might seem counter-intuitive to many, but this does work to keep the bloat level down. At least it does so with my style of browsing (I keep a number of individual sites up in a browser sometimes for weeks).
One effect I did notice early on is that tracking was not happening if I quit a browser for one site and later started a new one to return. All the old cookies disappeared when the reaper component of the script cleaned up the leftover fake home directories. Cross site tracking wasn't happening as long as I started a new browser for each site, which I usually did, except when following links (in which case, they can get a referrer URL which I have not yet bothered to suppress). Referrers are sometimes useful (like to get a special pass through a paywall when coming from a partner site).
If it turns out that Firefox is so leaky that cookies can be placed outside of the context of the fake home directory, then I'll just have to raise the stakes and use a chroot directory (definitely not secure once arbitrary code can be run), or go even further and use either BSD Jails or Linux Containers (LXC, based on kernel cgroups). That will just mean I have to hard link in some more libraries from a read-only bind mount or some such thing. Maybe I'd even have to make truly real home directories for user dynamically added to /etc/passwd or something. It might add several milliseconds to the Firefox start time. Hopefully, if that happens, the Firefox developers will realize they have holes and get them fixed.
In any event, there's plenty more room to raise even higher walls between instances, even concurrently, of Firefox. We'll go where we need to go. There's only so far that the scumbag versions of web developers can go with this.