"youtube-dl-fork.org" pops up in Russia, there's exactly zero that YouTube or the US authorities can do about it.
They can force Afilias to hand over the.org domain to them, then they can use DMCA letters to remove all references to that website from search results, then DMCA letter against any Forum websites, etc linking to the domain.
doesn't access the Youtube website; only the people who download their program do.
Allow me to enlighten you then... (1) Youtube can use technical means to break the current version of the tool, and (2) Youtube just has to include a small element of the videos copyright by Youtube; A digital watermark would be sufficient... then... There is a a tort called CONTRIBUTORY INFRINGEMENT
One who knowingly induces, causes or materially contributes to copyright infringement, by another but who has not committed or participated in the infringing acts him or herself, may be held liable as a contributory infringer if he or she had knowledge, or reason to know, of the infringement. See, e.g., Metro-Goldwyn-Mayer Studios Inc. v. Grokster, Ltd., 545 U.S. 913 (2005); Sony Corp. v. Universal City Studios, Inc., 464 U.S. 417 (1984).
Some people will.... However, fewer people will figure it out easily (People tend to give up if they can't find the tool easily), and they can go after those too.
Google's also in a good position to make it hard to find information on youtube-dl/etc....
They're a major search engine, so they can just self-censor their search results.
That's not even true of many traditional proofs. Some traditional (i.e., by humans) are long enough to require weeks to months of study, as well as years to produce.
There's a major difference between 'require weeks to months of study' to review VS Time to Read VS
It would not be physically possible for you to read this in your lifetime!
The problem isn't just computers, it's a degree of complexity beyond what most professional mathematicians are prepared to deal with.
Greater complexity can also lead to subtle mistakes...... and eccentric tools sometimes have a way of blowing up in unexpected ways, so even a careful review of the tool itself may miss the fact that it's going to give an erroneous result under a certain condition.
Also.... Let's say you just wanted to publish a really long proof, but it turned out what you wanted to prove wasn't true after all....... So you conveniently stripped out the one counterexample you found from the data.
How the hell is a human going to discover that you cheated, or that your proof is wrong because of a rounding error in your program?
With a normal proof your reviewers don't need to go through extreme measures to be able to verify your result.
It's different from a traditional proof, Because you or I cannot sit down, read the proof, look through the logic in detail, and if there is an error that means the proof is bogus... probably spot the error in reasoning.
Enumeration of things in a proof is reasonable Within limits.
The size of any proof that can be trusted and published should be such that a normal human can at least read the entire proof within 24 hours.
That's it -- you've "proved" what the color of the sky is, i.e., "blue."
Perhaps you've proved the frequency of the color from the sky, but are you sure the definition of blue to include this particular frequency for this object is correct definition of blue? Perhaps not.
which means that the job of terminating the session when it's finished belongs to, err, umm, the init daemon.
No.... the job of terminating the session is The Shell's job. The session is terminated when the shell chooses to exit; Init is only responsible for starting/respawning processes and possibly passing signals through to the direct child process. If the user exits through means such as Hanging up their modem connection, then it's the kernel's job to signal hangup (SIGHUP).
And the Shell is responsible for Job Control: exiting the shell's child tasks.
The Init system or system daemon is Not responsible for Job Control; this is managed by tasks running under the user's identity.
Can we please get an architecture document from the Linux core developers LIMITING the scope of SystemD?
SystemD is supposed to be the Init / Service Management Daemon, and it should have no responsibilities related to managing user sessions.. That's Getty's Job, or SSHD's Job, for example, which is unrelated to what SystemD needs to be doing.
Why not require them to learn how to Solder, and assemble electronic components, construct circuit boards, and build digital logic circuits first?
The knowledge of the physics and electronics and the discipline of Engineering are more useful than learning a little bit of coding.
Also, coding is a manifestation of digital logic...... And I say start with the fundamentals such as assembly programming and machine language, not the most advanced higher-level topics that are built many layers up on top of the foundational concepts.
After all, you are expected to charge most of the time, at home, at night.
What am I gonna do when I drain my car battery while operating my 1000 Watt mobile radio station on 20 meters HF in morse code? I mean.... I just key out that last message on the air, and then suddenly realize that I there's not enough fuel left in the battery to make the trip home; or there's some iPhone-style battery gauge calibration issue, and the Lo-Batt light comes on unexpectedly.
This is problematic if i'm in the road in town, and my car runs low on battery.... VS Gasoline..... you can get a fill-up near any populated area, and every exit off the interstate.
The above map shows the same... that there's one at a Nissan dealership 0.8 Miles away, one at a Nissan dealership 25 miles away, then a Whole Foods Market 25 Miles away, then a Nissan Dealership 33 miles away, then a BMW Dealership 35 miles away, then a BMW Dealership 38 miles away.
Yeah.... I just did a search for EV charging stations in my city... the search result lists ONE charging station with a capacity of 1 Car ("1 Port SAE J1772 plug").
Oh yeah, and the location is a Nissan dealership....... I bet the folks there would just LOVE it if I drove over there in a Tesla and tried to ask someone in the dealership where I can charge my Tesla......
You don't have to pamper it any more than you have to pamper a normal car --- the maintenance and care it requires is just different: for example, you don't need an oil change every 2 months like you need for a Gasoline-fueled vehicle. It's the same deal with your iPhone, by the way.
The standard charge setting has the default limit of 85%, which is fine, and you could lower it to 80% if you wanted.
The ISPs shouldn't receive a penny until they do what they say they'll do.
The ISPs need funding for their projects.... My suggestion would be that the money granted, at least 90% of it should be a LOAN, which
will be automatically cancelled/forgiven with a graduated schedule as the project progress, subject to an independent reviewer
indicating that they are performing, and if they fail to perform, then the FCC's regulatory authority will be used to recover the payments.
Also, it should be setup as a debt partially secured by the ISP's software and network equipment.
This way the grant is an award, but only if they follow through.
But the bigger point is that when hackers do steal your database
As noted: it's not necessary to record the data in a manner that makes it possible for hackers to steal.
You assume it would be possible to grab some file and get a list of hashes, but it is not necessary for that to be the case.
The memory storage can be structured so that it is impossible to determine what the hashes actually are; HOWEVER,
If you are presented a hash as an Input, then it is possible to determine whether or not the hash already exists within the dataset.
The short of it is, that you wind up with a tree/associative-memory structure that adjusts elements of the tree when a new hash is added to the dataset.
This can also be implemented in hardware using logic gates, So there simply is no operation to "Recover a hash that is in the system".
You must know what the hash is to provide as input, in order to be able to ask the question, whether the hash is in there (another account has already set that password), or not....
What's even better is that your big database of CRC32 hashed passwords will be an absolute treasure trove for the hackers that download your data.
The point of using CRC32, or actually, 64-bit would probably be better, is that there are many different combinations which will hash to the same password.
The reason to use a hash that is not salted and has many collisions is to allow easy comparison of a candidate password against a blacklist;
without making the hash itself capable of being used to crack the password.
For example: If you try to "brute force" a CRC64, you will actually find trillions of possible passwords that could have the same hash value.
The downside of using high-collisions, is you will have false positives --- you will reject/block some passwords which are actually strong and unique.
There are alternatives that could be used instead.... for example saving the result of an UNSALTED but HARD hash, such as many rounds of SHA256 but no unique salt. Also, TLS/SSL could be used to encrypt the transmission of the hash to the approval server, And the approval service could keep them
encrypted at rest.
The approval service could use a hardware security module to secure access to Hashes which are known but not yet on the banlist
The communications to the approval service could use Public-key crypto on top of TLS/SSL, additionally, with a hard-coded Public key of trusted approval services.
Once a hash is on the banlist, then it is no longer sensitive information (Because all passwords with that Hash have been flagged as needing to be changed,
it can be distributed safely).
There are other concepts that COULD be used to transfer the substance of a password without revealing the password,
such as Fast-Fourier Transform, and techniques mentioned in some research papers that describe using Self-Organizing Maps and machine learning to help automatically detect and reject weak passwords.
Then the known weak ones could become part of a training set, AND the Self-Organizing map, or Neutral network can be distributed to On-Premise servers as a Blueprint for passwords to reject, without having to explicitly disclose a "Banned hashes list".
The report shows how outdated IT systems are being used to handle important functions related to the nation's taxpayers, federal prisoners and military veterans, as well as to the America's nuclear umbrella.
Sorry, "Outdated" is an improper way of describing implementations of custom systems using technology.
The terminology used is biased in favor of upgrades which might not be necessary and might not be significantly beneficial.
"They're still running DOS 5.0 or Xenix with COBOL-Based software," Is not in itself a good reason to replace proven working long-standing systems
with shiny boxes running a brand new C# application coded by the lowest bidder that runs on Windows 10.
Unless there is a fundamental change to the working environment that makes an upgrade necessary or beneficial, Or
if underlying code is no longer available to audit and update to resolve bugs or security issues, then it's not worth the risk to make a change.
Congress DID make a law determining penalties. It's the Communications act of 1934.... 47 USC S 503 Forfeitures,
https://www.law.cornell.edu/us...
And the FCC is specifically assigned the responsibility of determining the forfeiture amounts, within certian limits
(D) In any case not covered in subparagraph (A), (B), or (C), the amount of any forfeiture penalty determined under this subsection shall not exceed $10,000 for each violation or each day of a continuing violation, except that the amount assessed for any continuing violation shall not exceed a total of $75,000 for any single act or failure to act described in paragraph (1) of this subsection.
Places likes prisons, etc should be able to monitor communications inside their area and jam them.
No they should not, because this can interfere with communications unrelated to the prison as well.
Besides, they have perfectly viable means to address the issue of unauthorized transmitters.
Guards could quickly track down contraband phones.
"Stingray" devices and deceptive communications are not necessary for this.
A small sensor network with a few software-defined radios scanning all the frequency ranges used by cell phones could do this as well,
and could also potentially detect other contraband radios that are not cell-phones.
The laws still apply fully. Sometimes it can be challenging to get them enforced properly.
Two of the problems in the United States, are (1) The unduly high cost of lawyers and pursuing actions, And
(2) The high requirements to obtain "standing" in court to actually sue --- It is not enough that someone's legal rights are infringed....
In order to be heard in court, you actually have to have evidence that not only were YOU personally and directly affected, BUT
a Real material financial loss or other damage resulted.
Your anxiety that they could have used a stingray on you is not enough to be heard in court, you see, and the people using them are
very sneaky about it, so their targets are unlikely to get the evidence to actually file the suit.......
However, if the pattern of abuse continues.... they are bound to eventually create the right conditions for someone to sue, provided when they do so, that person has the right legal counsel to recognize this, AND the $$$, resources, time, patience, and perseverance are there to bring the whole thing to trial......
When law-enforcement plays with these toys, that means they too are interfering with
legitimate signals and communication.
Law enforcement officers are Not exempt from the FCC regulations, regarding usage and respect of spectrum allocations.
For example, their radios are not allowed to transmit outside their assigned or frequencies licensed for that purpose, with a radio
that is approved for the service it is operating in.
Cops are prohibited from transmitting a jamming signal, just like you are, even if they believe that they might
have some legitimate cause to pursue that course, they could still be subject personally to FCC fines, penalties, or
imprisonment with a felony charge, even if their local chief of police asked them to do it.
If you ban common passwords. Then you end up with a new set of common passwords. Going to ban those too?
I vote for recording a Fletcher-32 and CRC32 checksum of every password that a user creates,
and if 3 or more accounts in the entire system attempt to create a password that has the same Fletcher-32 and CRC32 checksum, Then (1) The password will be rejected and banned, And (2) The other accounts with the same F32 and CRC32 will be locked into a state where they will be forced to change password upon next login.
Also, they should give system administrators with On-Premise Active Directory installations an option to participate in the same system.
Also, when users are originally creating a password: Microsoft should submit the password to the PASSFAULT algorithm, And if Time to Crack shows as less than 1 Month,
the requested password should be rejected, and the hash added to the banned list.
Slashdot Mirror
They are probably all fakers on /. pretending that they are close to the situation.
"Pics or it didn't happen"
"youtube-dl-fork.org" pops up in Russia, there's exactly zero that YouTube or the US authorities can do about it.
They can force Afilias to hand over the .org domain to them, then they can use DMCA letters to remove all references to that website from search results, then DMCA letter against any Forum websites, etc linking to the domain.
They can just paper the competing search engines with DMCA takedown requests.
doesn't access the Youtube website; only the people who download their program do.
Allow me to enlighten you then... (1) Youtube can use technical means to break the current version of the tool, and (2) Youtube just has to include a small element of the videos copyright by Youtube; A digital watermark would be sufficient... then... There is a a tort called CONTRIBUTORY INFRINGEMENT
Some people will.... However, fewer people will figure it out easily (People tend to give up if they can't find the tool easily), and they can go after those too.
Google's also in a good position to make it hard to find information on youtube-dl/etc.... They're a major search engine, so they can just self-censor their search results.
That's not even true of many traditional proofs. Some traditional (i.e., by humans) are long enough to require weeks to months of study, as well as years to produce.
There's a major difference between 'require weeks to months of study' to review VS Time to Read VS It would not be physically possible for you to read this in your lifetime!
The problem isn't just computers, it's a degree of complexity beyond what most professional mathematicians are prepared to deal with.
Greater complexity can also lead to subtle mistakes...... and eccentric tools sometimes have a way of blowing up in unexpected ways, so even a careful review of the tool itself may miss the fact that it's going to give an erroneous result under a certain condition.
Also.... Let's say you just wanted to publish a really long proof, but it turned out what you wanted to prove wasn't true after all....... So you conveniently stripped out the one counterexample you found from the data.
How the hell is a human going to discover that you cheated, or that your proof is wrong because of a rounding error in your program?
With a normal proof your reviewers don't need to go through extreme measures to be able to verify your result.
doesn't constitute "a traditional proof".
Nullius in verba.
It's different from a traditional proof, Because you or I cannot sit down, read the proof, look through the logic in detail, and if there is an error that means the proof is bogus... probably spot the error in reasoning.
Enumeration of things in a proof is reasonable Within limits. The size of any proof that can be trusted and published should be such that a normal human can at least read the entire proof within 24 hours.
That's it -- you've "proved" what the color of the sky is, i.e., "blue."
Perhaps you've proved the frequency of the color from the sky, but are you sure the definition of blue to include this particular frequency for this object is correct definition of blue? Perhaps not.
which means that the job of terminating the session when it's finished belongs to, err, umm, the init daemon.
No.... the job of terminating the session is The Shell's job. The session is terminated when the shell chooses to exit; Init is only responsible for starting/respawning processes and possibly passing signals through to the direct child process. If the user exits through means such as Hanging up their modem connection, then it's the kernel's job to signal hangup (SIGHUP).
And the Shell is responsible for Job Control: exiting the shell's child tasks.
The Init system or system daemon is Not responsible for Job Control; this is managed by tasks running under the user's identity.
Can we please get an architecture document from the Linux core developers LIMITING the scope of SystemD?
SystemD is supposed to be the Init / Service Management Daemon, and it should have no responsibilities related to managing user sessions.. That's Getty's Job, or SSHD's Job, for example, which is unrelated to what SystemD needs to be doing.
Why not require them to learn how to Solder, and assemble electronic components, construct circuit boards, and build digital logic circuits first?
The knowledge of the physics and electronics and the discipline of Engineering are more useful than learning a little bit of coding.
Also, coding is a manifestation of digital logic...... And I say start with the fundamentals such as assembly programming and machine language, not the most advanced higher-level topics that are built many layers up on top of the foundational concepts.
After all, you are expected to charge most of the time, at home, at night.
What am I gonna do when I drain my car battery while operating my 1000 Watt mobile radio station on 20 meters HF in morse code? I mean.... I just key out that last message on the air, and then suddenly realize that I there's not enough fuel left in the battery to make the trip home; or there's some iPhone-style battery gauge calibration issue, and the Lo-Batt light comes on unexpectedly.
This is problematic if i'm in the road in town, and my car runs low on battery.... VS Gasoline..... you can get a fill-up near any populated area, and every exit off the interstate.
The above map shows the same... that there's one at a Nissan dealership 0.8 Miles away, one at a Nissan dealership 25 miles away, then a Whole Foods Market 25 Miles away, then a Nissan Dealership 33 miles away, then a BMW Dealership 35 miles away, then a BMW Dealership 38 miles away.
So a few, maybe? But not much.....
What is your suggested alternative? The people who didn't take the FOOD must not have lived very long......
Yeah.... I just did a search for EV charging stations in my city... the search result lists ONE charging station with a capacity of 1 Car ("1 Port SAE J1772 plug").
Oh yeah, and the location is a Nissan dealership....... I bet the folks there would just LOVE it if I drove over there in a Tesla and tried to ask someone in the dealership where I can charge my Tesla......
You don't have to pamper it any more than you have to pamper a normal car --- the maintenance and care it requires is just different: for example, you don't need an oil change every 2 months like you need for a Gasoline-fueled vehicle. It's the same deal with your iPhone, by the way.
The standard charge setting has the default limit of 85%, which is fine, and you could lower it to 80% if you wanted.
The ISPs shouldn't receive a penny until they do what they say they'll do.
The ISPs need funding for their projects.... My suggestion would be that the money granted, at least 90% of it should be a LOAN, which will be automatically cancelled/forgiven with a graduated schedule as the project progress, subject to an independent reviewer indicating that they are performing, and if they fail to perform, then the FCC's regulatory authority will be used to recover the payments.
Also, it should be setup as a debt partially secured by the ISP's software and network equipment.
This way the grant is an award, but only if they follow through.
But the bigger point is that when hackers do steal your database
As noted: it's not necessary to record the data in a manner that makes it possible for hackers to steal.
You assume it would be possible to grab some file and get a list of hashes, but it is not necessary for that to be the case.
The memory storage can be structured so that it is impossible to determine what the hashes actually are; HOWEVER, If you are presented a hash as an Input, then it is possible to determine whether or not the hash already exists within the dataset.
The short of it is, that you wind up with a tree/associative-memory structure that adjusts elements of the tree when a new hash is added to the dataset.
This can also be implemented in hardware using logic gates, So there simply is no operation to "Recover a hash that is in the system". You must know what the hash is to provide as input, in order to be able to ask the question, whether the hash is in there (another account has already set that password), or not....
What's even better is that your big database of CRC32 hashed passwords will be an absolute treasure trove for the hackers that download your data.
The point of using CRC32, or actually, 64-bit would probably be better, is that there are many different combinations which will hash to the same password.
The reason to use a hash that is not salted and has many collisions is to allow easy comparison of a candidate password against a blacklist; without making the hash itself capable of being used to crack the password.
For example: If you try to "brute force" a CRC64, you will actually find trillions of possible passwords that could have the same hash value.
The downside of using high-collisions, is you will have false positives --- you will reject/block some passwords which are actually strong and unique.
There are alternatives that could be used instead.... for example saving the result of an UNSALTED but HARD hash, such as many rounds of SHA256 but no unique salt. Also, TLS/SSL could be used to encrypt the transmission of the hash to the approval server, And the approval service could keep them encrypted at rest.
The approval service could use a hardware security module to secure access to Hashes which are known but not yet on the banlist
The communications to the approval service could use Public-key crypto on top of TLS/SSL, additionally, with a hard-coded Public key of trusted approval services.
Once a hash is on the banlist, then it is no longer sensitive information (Because all passwords with that Hash have been flagged as needing to be changed, it can be distributed safely).
There are other concepts that COULD be used to transfer the substance of a password without revealing the password, such as Fast-Fourier Transform, and techniques mentioned in some research papers that describe using Self-Organizing Maps and machine learning to help automatically detect and reject weak passwords.
Then the known weak ones could become part of a training set, AND the Self-Organizing map, or Neutral network can be distributed to On-Premise servers as a Blueprint for passwords to reject, without having to explicitly disclose a "Banned hashes list".
The report shows how outdated IT systems are being used to handle important functions related to the nation's taxpayers, federal prisoners and military veterans, as well as to the America's nuclear umbrella.
Sorry, "Outdated" is an improper way of describing implementations of custom systems using technology.
The terminology used is biased in favor of upgrades which might not be necessary and might not be significantly beneficial.
"They're still running DOS 5.0 or Xenix with COBOL-Based software," Is not in itself a good reason to replace proven working long-standing systems with shiny boxes running a brand new C# application coded by the lowest bidder that runs on Windows 10.
Unless there is a fundamental change to the working environment that makes an upgrade necessary or beneficial, Or if underlying code is no longer available to audit and update to resolve bugs or security issues, then it's not worth the risk to make a change.
Congress DID make a law determining penalties. It's the Communications act of 1934.... 47 USC S 503 Forfeitures, https://www.law.cornell.edu/us...
And the FCC is specifically assigned the responsibility of determining the forfeiture amounts, within certian limits
Places likes prisons, etc should be able to monitor communications inside their area and jam them.
No they should not, because this can interfere with communications unrelated to the prison as well.
Besides, they have perfectly viable means to address the issue of unauthorized transmitters.
Guards could quickly track down contraband phones.
"Stingray" devices and deceptive communications are not necessary for this. A small sensor network with a few software-defined radios scanning all the frequency ranges used by cell phones could do this as well, and could also potentially detect other contraband radios that are not cell-phones.
The laws still apply fully. Sometimes it can be challenging to get them enforced properly.
Two of the problems in the United States, are (1) The unduly high cost of lawyers and pursuing actions, And (2) The high requirements to obtain "standing" in court to actually sue --- It is not enough that someone's legal rights are infringed.... In order to be heard in court, you actually have to have evidence that not only were YOU personally and directly affected, BUT a Real material financial loss or other damage resulted.
Your anxiety that they could have used a stingray on you is not enough to be heard in court, you see, and the people using them are very sneaky about it, so their targets are unlikely to get the evidence to actually file the suit.......
However, if the pattern of abuse continues.... they are bound to eventually create the right conditions for someone to sue, provided when they do so, that person has the right legal counsel to recognize this, AND the $$$, resources, time, patience, and perseverance are there to bring the whole thing to trial......
When law-enforcement plays with these toys, that means they too are interfering with legitimate signals and communication.
Law enforcement officers are Not exempt from the FCC regulations, regarding usage and respect of spectrum allocations. For example, their radios are not allowed to transmit outside their assigned or frequencies licensed for that purpose, with a radio that is approved for the service it is operating in.
Cops are prohibited from transmitting a jamming signal, just like you are, even if they believe that they might have some legitimate cause to pursue that course, they could still be subject personally to FCC fines, penalties, or imprisonment with a felony charge, even if their local chief of police asked them to do it.
If you ban common passwords. Then you end up with a new set of common passwords. Going to ban those too?
I vote for recording a Fletcher-32 and CRC32 checksum of every password that a user creates, and if 3 or more accounts in the entire system attempt to create a password that has the same Fletcher-32 and CRC32 checksum, Then (1) The password will be rejected and banned, And (2) The other accounts with the same F32 and CRC32 will be locked into a state where they will be forced to change password upon next login.
Also, they should give system administrators with On-Premise Active Directory installations an option to participate in the same system.
Also, when users are originally creating a password: Microsoft should submit the password to the PASSFAULT algorithm, And if Time to Crack shows as less than 1 Month, the requested password should be rejected, and the hash added to the banned list.