Except for the traditional breads that contain butter, milk, cream, olive oil, caraway seeds, spices, fruit, nuts... I'm sure there's a few I'm missing.
And where does this magic bread get the sugar required to feed the yeast, praytell?
Starch is literally made out of sugar.
Here's a hint: ALL bread uses sugar.
The hell it does. You can make leavened bread from nothing but flour and water (and an oven). It's a little easier if you add yeast rather than relying on whatever's in the air, and it's tastier if you add some salt.
Sort of. In order to have the encryption, you need to agree on a symmetric key. If anybody is able to listen in at all, then you should seriously be considering the problem of a man-in-the-middle attack. You can make a symmetric key agreement that third parties can't listen in on. However, you can't defend your key agreement against a MitM without some proof of identity. While there are certainly alternate systems, the one that SSL uses is certificates that are signed by a recognized authority. Here, "recognized authority" doesn't necessarily mean one of "the" CAs. It just means a signing authority that the other party recognizes as trustworthy. Certainly "the" CAs are the most convenient if the two parties have no substantial prior relationship (as is the case for most of the Web). Having your own CA is more reliable, cheaper, and easier to control if you happen to be able to deliver the CA's public key securely to everyone who will need it.
Despite what people on Slashdot will tell you, using SSL with self-signed certificates, clicking through the warning, and saying "well, at least it's encrypted" is barely better than nothing.
You don't send keys over the network; that's the whole point of certificate-backed key exchange -- no opportunity for man in the middle. The correct question is, what is the point of SSL if we trust certificate authorities that can't be trusted? We don't have to, of course, but it's more convenient if we do.
Riiiight... Because so many websites use https. Last I checked it was mainly banks, stores and a small number of tech-savvy folk willing to shell out for an official certificate. Because self-signed is scary. Everything else is transmitted in the clear. Never mind all those other communication channels like IM programs, online games, and email. Don't even get me started about the rise of social networking sites.
Most people don't seem to give a damn about privacy or encryption, and that is a shame, because it only works right if both parties are familiar with using it. The five people using PGP mail are safe but what about the rest?
Really? It's the default on most app-internal communication (updates, cloud sync products, etc.). It's the default or becoming the default on webmail and social media sites. That's a pretty substantial fraction of the Internet that's not porn, kittens, streaming video, and piracy -- applications where the data doesn't need to be encrypted.
A headline is for an expository piece. So a headline that's a question is intentionally leading. This is an "Ask"-type posting, so the "headline" is just the question. Betteridge's Law, such as it is, doesn't apply.
Many more people die from driving in cars than from playing Russian roulette, but that doesn't really say anything about the intrinsic danger of either activity; just how popular each is.
Sure. Take Windows as an example (though the same sorts of things exist on other OSes). You'd be using this storage for things, yes? Probably setting it up as a NAS so that it runs a file server and you connect to that? Of course, if you bind that file server to a drive letter, it's quite clear exactly what's going on. Even if you don't, lots of individual programs (say, image viewers or media players) keep recently-used-item lists that will now have paths to network resources. If you cache your access credentials, that'll be sitting in the registry. Say you run uTorrent on it and access it via the web UI -- now that's in your browser history. Its MAC address is on your router; making it stop wireless communication will eventually flush it off the ARP table, but not very fast. (That's assuming you don't set up MAC address filtering, firewalls, or static-address DHCP and that your router doesn't log per-machine errors or bandwidth usage.)
Operating systems and applications love to store little bits of information about what you are doing with your computer as a side effect of their normal operation. (Consider Safari, which caches the full text, a screenshot, the last-access date, access count, name, and URL of every item in your browser history, just so that it can implement some fancy sparkles.) These little bits reveal a lot about what you use your computer for and how.
I made this point elsewhere, but FDE is running counter to your purpose, here. An exit node doesn't store data. They can already tell you transmitted the data, that's why they're at your door. Run a dedicated exit node that isn't used for another purpose. Don't use it for anything even remotely illegal. (Hell, don't use it for *anything*.) Don't encrypt it. If possible, set it up to log information about what connections the exit node makes to the Internet. Hell, log information about who on Tor requested it; the design of the system is such that that information isn't worth anything. Now it's trivial for an investigator to confirm that your story of the exit node producing the offending traffic is actually true.
or even getting copyrighted movies without the permission of the copyright holders and not paying for them, or whatever.
For the most part, Joe Sheriff doesn't care about that, actually. Those are almost exclusively civil cases and the limited resources of public computer crime investigators is not wasted on civil cases. That's how they prefer it, too, because they (mostly) know that pursuing individuals for copyright infringement is unpopular, expensive (in investigator's time and resources), and doesn't solve any real crimes.
This is not really a good idea. Not for a Tor exit node. (Of course, you shouldn't be *storing* much of anything if you're a Tor node.) See, the authorities will take all the computer hardware and networking equipment they can find. On one of these, there will almost certainly be tons of small bits of evidence that indicate that you were using exactly the setup you describe here. The normal course of using an operating system and working with data on an external server leaves countless markers that indicate that fact. The authorities will figure it out, they'll ask you, and they'll go back to your house and search harder. Outcomes range from "you might get off on a technicality because they can't find the server and you don't talk" to "they tear up your walls looking for it, find it's been destroyed, and prosecute you for destruction of evidence". None of them are good. None of them are substantially better than simply encrypting your disks with a password that's hard to guess and not written down. If you're running a Tor exit node, though, even encrypting your disk is unlikely to be a better approach than convincing a jury (or better, the prosecutor) that you're really not liable for the traffic other people send through you. If you're running a Tor exit node, it really should be on a clean computer where are you are not doing anything even remotely illegal so that it's easy for the authorities to look at that computer and verify that hey, you're telling the truth, all of the illegal activities that "seem" to come from your IP are due to the Tor exit node.
No, but the authorities are very familiar with what FedEx does and it's very visible. If you ran a local package-delivery service and the authorities found that big boxes of drugs keep managing to come from your facility, you can bet that they will show up, take some of your stuff, demand a bunch of records, and ask some very pointed questions. If you really know nothing about the drug cartels shipping product through your company, you'll probably be fine.
The same goes here, though laws very dramatically by country. If you run a Tor exit node, there's a distinct possibility that a lot of criminal activity will look like it came from your Internet connection. A lot of it you can't, in the end, be prosecuted for, because the laws generally require intent and there's no intent to commit criminal acts on your part. (Strict liability, conspiracy, etc. will make your life difficult, though.) But you should certainly expect to be investigated, at least. After all, the police shouldn't take you on your word that you were running a Tor exit node, and even when they verify that you are, they shouldn't just assume that if you're running an exit node, any criminal activity *must* have been through the exit node -- otherwise it would provide a perfect front for criminal activity.
You have access to Google. Though because you mentioned Critical Design Review, I will point out that it's Call Data Record. If you watch something like Law and Order, it's what they call "LUDs". (In case you're "worried", I'm just fine at expanding acronyms in real text, but don't put much effort into Slashdot comments.)
It is a fine excuse to spy on people. I'm just pointing out the entirely legitimate way in which this can happen. I think it's very reasonable that the subpoena not include any data following the assigning of a new phone and that, even if the CDRs include such data, it should not be included in the database. As with most systems, though, the devil is in the details. The police could be using this whole system for the very reasonable problem of finding repeat offenders -- carefully ensuring that any data of the victim's is redacted before being entered into the database -- or they could be slurping up any data people are dumb enough to offer them and using it to "solve" any case they can reasonably pin on the sucker. There's a wide field of possibilities, and I'm loath to think that either end of the spectrum is likely to be true.
What they are undoubtedly requesting is a CDR or equivalent. Particularly for so minor a crime as a stolen phone, they are not going to pay the very substantial fees phone companies charge for ongoing monitoring.
What TFA is referring to is almost certainly a race condition: The victim reports the theft to both (a) the police and (b) the cell company, and then gets a new cell phone and has the number transferred to it. The police eventually request call records from the cell company, and the cell company eventually services the request. The servicing of the request can easily take place after the number in question has been transferred to a new phone controlled by the victim, so necessarily, the requested logs will include calls made by the victim on his new phone.
There's a gap between when the phone is stolen and when the IMEI is blacklisted. At the very least, this gap must exist since you can't report the phone stolen at exactly the same time someone stole it. They can make calls during this time.
Call records are strictly retrospective -- they're not a monitoring of future calls, but a record of past calls. So you report your phone stolen, the police request a call log for the stolen phone, and they get a log of calls made before the IMEI was blacklisted. In theory, the ones of interest are those in the window between the time that you claim it was stolen and the time service was cut off.
The guys that sell the current vaccines, sure. Their competitors, not so much. Permanent cures are good business because they're high-value products. You can charge a lot for them, you can get a lot of people to buy them, you can get the state to mandate them, you can get the state to pay for them, etc. The current flu vaccines aren't some endless gravy train -- they require a lot of work every year to actually get out the door and people (and governments) get pissy when you're late on delivery. A develop-once vaccine that's you can almost guarantee a sale of to each new person born is nice business, especially if it lets you screw your competitor out of yearly flu vaccine sales.
The pharma industry isn't some monolithic ideal conspiracy. They have joint goals, but they're also made up of competing entities.
If your claim was true, we wouldn't see companies continuing to sell vaccines and develop new vaccines that provide cures to diseases. But we do.
Absolutely. Searching Amazon for a set of particular features is nearly impossible. (It's not so bad if you are searching a small space or searching for "oh hell, anything cheap that roughly fits the bill".) Newegg's search feature is great. It's not great enough to make me overlook the fact that I've been burned twice after actually buying from them.
I'll be honest -- I often use Newegg to find the product, then buy it off of Amazon.
As far as I know, all items fulfilled by Amazon (the seller line says "Amazon") qualify for free return shipping. However, free return shipping only applies if the problem is Amazon's -- it didn't arrive in time, it arrived broken, it was the wrong product, etc. Returns where the problem is yours (bought the wrong thing, changed my mind) don't get free shipping but have no restocking fee.
The situation with third parties selling through Amazon is a bit more complicated, though in theory they are supposed to provide a return policy that is at least as good as Amazon's.
I've started buying components from Amazon instead of Newegg. For my state, almost every online retailer charges sales tax. As a Prime member, the shipping is of course way better.
The major difference for me, though, is that Amazon's return policy is so much better. I've gotten both a drive and memory from Newegg that arrived DOA. The return procedure is a bit of a pain, they don't cross-ship (last I knew), and you're charged for shipping. You also have to get a replacement, rather than a refund, or pay a 15% restocking fee. If an item from Amazon is DOA, they'll ship you a new one immediately (second-day, generally) and pay for shipping the old one back. Return or refund, no fee.
I just don't feel like paying someone to send me broken items, especially when better options are available.
The only programs that truly matter as far as the deficit is concerned are Medicare/Medicaid, Defense and Social Security.... All other discretionary spending combined accounts for less than 20% of the budget.
This implies that Medicare, Medicaid, and Social Security are discretionary spending, but they're not; they're mandatory spending.
Slashdot Mirror
Actually, the problem comes when there's too much of it in our blood. How well that actually correlates to how much we eat is not well-accepted.
Except for the traditional breads that contain butter, milk, cream, olive oil, caraway seeds, spices, fruit, nuts... I'm sure there's a few I'm missing.
And where does this magic bread get the sugar required to feed the yeast, praytell?
Starch is literally made out of sugar.
Here's a hint: ALL bread uses sugar.
The hell it does. You can make leavened bread from nothing but flour and water (and an oven). It's a little easier if you add yeast rather than relying on whatever's in the air, and it's tastier if you add some salt.
Have you ever even made bread?
Sort of. In order to have the encryption, you need to agree on a symmetric key. If anybody is able to listen in at all, then you should seriously be considering the problem of a man-in-the-middle attack. You can make a symmetric key agreement that third parties can't listen in on. However, you can't defend your key agreement against a MitM without some proof of identity. While there are certainly alternate systems, the one that SSL uses is certificates that are signed by a recognized authority. Here, "recognized authority" doesn't necessarily mean one of "the" CAs. It just means a signing authority that the other party recognizes as trustworthy. Certainly "the" CAs are the most convenient if the two parties have no substantial prior relationship (as is the case for most of the Web). Having your own CA is more reliable, cheaper, and easier to control if you happen to be able to deliver the CA's public key securely to everyone who will need it.
Despite what people on Slashdot will tell you, using SSL with self-signed certificates, clicking through the warning, and saying "well, at least it's encrypted" is barely better than nothing.
You don't send keys over the network; that's the whole point of certificate-backed key exchange -- no opportunity for man in the middle. The correct question is, what is the point of SSL if we trust certificate authorities that can't be trusted? We don't have to, of course, but it's more convenient if we do.
Riiiight... Because so many websites use https. Last I checked it was mainly banks, stores and a small number of tech-savvy folk willing to shell out for an official certificate. Because self-signed is scary. Everything else is transmitted in the clear. Never mind all those other communication channels like IM programs, online games, and email. Don't even get me started about the rise of social networking sites.
Most people don't seem to give a damn about privacy or encryption, and that is a shame, because it only works right if both parties are familiar with using it. The five people using PGP mail are safe but what about the rest?
Really? It's the default on most app-internal communication (updates, cloud sync products, etc.). It's the default or becoming the default on webmail and social media sites. That's a pretty substantial fraction of the Internet that's not porn, kittens, streaming video, and piracy -- applications where the data doesn't need to be encrypted.
I'm not saying you're necessarily wrong, only that your reasoning and wording are both bad.
A headline is for an expository piece. So a headline that's a question is intentionally leading. This is an "Ask"-type posting, so the "headline" is just the question. Betteridge's Law, such as it is, doesn't apply.
By fraction of participants?
Many more people die from driving in cars than from playing Russian roulette, but that doesn't really say anything about the intrinsic danger of either activity; just how popular each is.
Sure. Take Windows as an example (though the same sorts of things exist on other OSes). You'd be using this storage for things, yes? Probably setting it up as a NAS so that it runs a file server and you connect to that? Of course, if you bind that file server to a drive letter, it's quite clear exactly what's going on. Even if you don't, lots of individual programs (say, image viewers or media players) keep recently-used-item lists that will now have paths to network resources. If you cache your access credentials, that'll be sitting in the registry. Say you run uTorrent on it and access it via the web UI -- now that's in your browser history. Its MAC address is on your router; making it stop wireless communication will eventually flush it off the ARP table, but not very fast. (That's assuming you don't set up MAC address filtering, firewalls, or static-address DHCP and that your router doesn't log per-machine errors or bandwidth usage.)
Operating systems and applications love to store little bits of information about what you are doing with your computer as a side effect of their normal operation. (Consider Safari, which caches the full text, a screenshot, the last-access date, access count, name, and URL of every item in your browser history, just so that it can implement some fancy sparkles.) These little bits reveal a lot about what you use your computer for and how.
I made this point elsewhere, but FDE is running counter to your purpose, here. An exit node doesn't store data. They can already tell you transmitted the data, that's why they're at your door. Run a dedicated exit node that isn't used for another purpose. Don't use it for anything even remotely illegal. (Hell, don't use it for *anything*.) Don't encrypt it. If possible, set it up to log information about what connections the exit node makes to the Internet. Hell, log information about who on Tor requested it; the design of the system is such that that information isn't worth anything. Now it's trivial for an investigator to confirm that your story of the exit node producing the offending traffic is actually true.
or even getting copyrighted movies without the permission of the copyright holders and not paying for them, or whatever.
For the most part, Joe Sheriff doesn't care about that, actually. Those are almost exclusively civil cases and the limited resources of public computer crime investigators is not wasted on civil cases. That's how they prefer it, too, because they (mostly) know that pursuing individuals for copyright infringement is unpopular, expensive (in investigator's time and resources), and doesn't solve any real crimes.
This is not really a good idea. Not for a Tor exit node. (Of course, you shouldn't be *storing* much of anything if you're a Tor node.) See, the authorities will take all the computer hardware and networking equipment they can find. On one of these, there will almost certainly be tons of small bits of evidence that indicate that you were using exactly the setup you describe here. The normal course of using an operating system and working with data on an external server leaves countless markers that indicate that fact. The authorities will figure it out, they'll ask you, and they'll go back to your house and search harder. Outcomes range from "you might get off on a technicality because they can't find the server and you don't talk" to "they tear up your walls looking for it, find it's been destroyed, and prosecute you for destruction of evidence". None of them are good. None of them are substantially better than simply encrypting your disks with a password that's hard to guess and not written down. If you're running a Tor exit node, though, even encrypting your disk is unlikely to be a better approach than convincing a jury (or better, the prosecutor) that you're really not liable for the traffic other people send through you. If you're running a Tor exit node, it really should be on a clean computer where are you are not doing anything even remotely illegal so that it's easy for the authorities to look at that computer and verify that hey, you're telling the truth, all of the illegal activities that "seem" to come from your IP are due to the Tor exit node.
No, but the authorities are very familiar with what FedEx does and it's very visible. If you ran a local package-delivery service and the authorities found that big boxes of drugs keep managing to come from your facility, you can bet that they will show up, take some of your stuff, demand a bunch of records, and ask some very pointed questions. If you really know nothing about the drug cartels shipping product through your company, you'll probably be fine.
The same goes here, though laws very dramatically by country. If you run a Tor exit node, there's a distinct possibility that a lot of criminal activity will look like it came from your Internet connection. A lot of it you can't, in the end, be prosecuted for, because the laws generally require intent and there's no intent to commit criminal acts on your part. (Strict liability, conspiracy, etc. will make your life difficult, though.) But you should certainly expect to be investigated, at least. After all, the police shouldn't take you on your word that you were running a Tor exit node, and even when they verify that you are, they shouldn't just assume that if you're running an exit node, any criminal activity *must* have been through the exit node -- otherwise it would provide a perfect front for criminal activity.
You have access to Google. Though because you mentioned Critical Design Review, I will point out that it's Call Data Record. If you watch something like Law and Order, it's what they call "LUDs". (In case you're "worried", I'm just fine at expanding acronyms in real text, but don't put much effort into Slashdot comments.)
It is a fine excuse to spy on people. I'm just pointing out the entirely legitimate way in which this can happen. I think it's very reasonable that the subpoena not include any data following the assigning of a new phone and that, even if the CDRs include such data, it should not be included in the database. As with most systems, though, the devil is in the details. The police could be using this whole system for the very reasonable problem of finding repeat offenders -- carefully ensuring that any data of the victim's is redacted before being entered into the database -- or they could be slurping up any data people are dumb enough to offer them and using it to "solve" any case they can reasonably pin on the sucker. There's a wide field of possibilities, and I'm loath to think that either end of the spectrum is likely to be true.
What they are undoubtedly requesting is a CDR or equivalent. Particularly for so minor a crime as a stolen phone, they are not going to pay the very substantial fees phone companies charge for ongoing monitoring.
What TFA is referring to is almost certainly a race condition: The victim reports the theft to both (a) the police and (b) the cell company, and then gets a new cell phone and has the number transferred to it. The police eventually request call records from the cell company, and the cell company eventually services the request. The servicing of the request can easily take place after the number in question has been transferred to a new phone controlled by the victim, so necessarily, the requested logs will include calls made by the victim on his new phone.
There's a gap between when the phone is stolen and when the IMEI is blacklisted. At the very least, this gap must exist since you can't report the phone stolen at exactly the same time someone stole it. They can make calls during this time.
Call records are strictly retrospective -- they're not a monitoring of future calls, but a record of past calls. So you report your phone stolen, the police request a call log for the stolen phone, and they get a log of calls made before the IMEI was blacklisted. In theory, the ones of interest are those in the window between the time that you claim it was stolen and the time service was cut off.
"Monitoring" is an active, ongoing process. Obtaining call records is a one-time request for a static set of data. Not the same.
The guys that sell the current vaccines, sure. Their competitors, not so much. Permanent cures are good business because they're high-value products. You can charge a lot for them, you can get a lot of people to buy them, you can get the state to mandate them, you can get the state to pay for them, etc. The current flu vaccines aren't some endless gravy train -- they require a lot of work every year to actually get out the door and people (and governments) get pissy when you're late on delivery. A develop-once vaccine that's you can almost guarantee a sale of to each new person born is nice business, especially if it lets you screw your competitor out of yearly flu vaccine sales.
The pharma industry isn't some monolithic ideal conspiracy. They have joint goals, but they're also made up of competing entities.
If your claim was true, we wouldn't see companies continuing to sell vaccines and develop new vaccines that provide cures to diseases. But we do.
Absolutely. Searching Amazon for a set of particular features is nearly impossible. (It's not so bad if you are searching a small space or searching for "oh hell, anything cheap that roughly fits the bill".) Newegg's search feature is great. It's not great enough to make me overlook the fact that I've been burned twice after actually buying from them.
I'll be honest -- I often use Newegg to find the product, then buy it off of Amazon.
As far as I know, all items fulfilled by Amazon (the seller line says "Amazon") qualify for free return shipping. However, free return shipping only applies if the problem is Amazon's -- it didn't arrive in time, it arrived broken, it was the wrong product, etc. Returns where the problem is yours (bought the wrong thing, changed my mind) don't get free shipping but have no restocking fee.
The situation with third parties selling through Amazon is a bit more complicated, though in theory they are supposed to provide a return policy that is at least as good as Amazon's.
I've started buying components from Amazon instead of Newegg. For my state, almost every online retailer charges sales tax. As a Prime member, the shipping is of course way better.
The major difference for me, though, is that Amazon's return policy is so much better. I've gotten both a drive and memory from Newegg that arrived DOA. The return procedure is a bit of a pain, they don't cross-ship (last I knew), and you're charged for shipping. You also have to get a replacement, rather than a refund, or pay a 15% restocking fee. If an item from Amazon is DOA, they'll ship you a new one immediately (second-day, generally) and pay for shipping the old one back. Return or refund, no fee.
I just don't feel like paying someone to send me broken items, especially when better options are available.
How so? Medicare is already means-tested and it's still mandatory spending. That is, it isn't part of the "discretionary spending" budget.
The only programs that truly matter as far as the deficit is concerned are Medicare/Medicaid, Defense and Social Security. ... All other discretionary spending combined accounts for less than 20% of the budget.
This implies that Medicare, Medicaid, and Social Security are discretionary spending, but they're not; they're mandatory spending.
You mean micro, which uses the mu symbol (a non-ASCII character). Nano is just "n".
Just use "u" for micro.