I know that, although what I'm really referring to is that their business is to obtain fossil fuels, which are then burned and contribute to global warming.
The only way it can change the device type is to disconnect and re-connect to the USB bus. That can be done in software (no physical device removal required) but it would also make it obvious to the OS/drive/AV software what had just happened. On Windows it would have to send a different device ID because as I discovered the OS caches the descriptor.
You can't really do it "in software" AFAIK, but you can do it electrically with no physical device removal. You can even set up your electronics to put in an arbitrary connect/disconnect delay so that it's not obvious to the OS at all. Sensing actual physical device removal requires electrical tricks that no hardware currently implements. It doesn't matter, though. No OS or AV software, AFAIK, cares at all if a USB device disconnects itself and reconnects itself as a different device. So the fact that it's easy to detect is irrelevant -- it's allowed.
The device can also claim that it's a hub with a permanently-connected $real_device. The OS won't warn you about that. It can then claim that an open hub port (which don't really exist) had $evil_device connected to it.
Two minor notes: * Climatologists don't generally research things like wave-generated energy. They don't really have the background for it and their interests are in, well, climatology. At nearly all research universities, researchers are required to obtain their own funding by proposing projects to funding agencies. So a scheme where a climatologist "helps out" another researcher by claiming that there's global warming so that the other researcher can get funding for wave-generated energy has a lot of problems, chief among them that it requires a lot of climatologists buying into this and that the potential impact on their careers is quite bad. * The climatologists who figured out that there was AGW were, not surprisingly, getting funding and researching the climate before anyone knew AGW was a problem.
Regardless of the Patriot Act, other US laws, or Dropbox's hosting location, if you are using an online service (hosted by a third party) to store data that you would be uncomfortable with the US government having, you need to encrypt it.
On top of that, Dropbox's security track record isn't great. You really shouldn't store data on it (or, I would argue, any cloud storage service) that you would be uncomfortable with the world accessing unless you encrypt that data.
Also, a lot of organizations (including US corporations) block Dropbox because it makes it much too easy to accidentally or intentionally exfiltrate data. It's a huge data security problem for any company that has even marginally sensitive data.
As others commented, the start of the DLL loading path is the directory containing the executable, not the various incarnations of "the current directory". Still, it's a problem on modern machines when people make a file called "Fluffy Kitty.jpg.exe".
If you can figure out how to do that in USB, it's worth a lot more than teaching people a lesson about security. (I suppose you could do some of it with a trojan, but that's cheating.) Sadly, USB isn't FireWire.
The DMCA is irrelevant here, and bringing up "anti-hacking laws" doesn't make any sense. Do you think anything that LulzSec was doing should actually be legal?
Further, there are already anti-hacking laws. They don't really seem to prevent hacking. Apparently your idea of lobbying for anti-hacking laws to save money on security isn't really effective. I'd be surprised if any organization thought that was a viable alternative to actually having network security.
Re:Tau is used everywhere. I prefer k_k
on
Happy Tau Day
·
· Score: 1
Right. I meant to say five. It's offensive LaTeX notation to fail to separate the 2 and the \pi with a space.
Re:Tau is already used
on
Happy Tau Day
·
· Score: 1
All of the Greek and Latin characters are used for more than one thing just in physics alone -- to say nothing of subscripts, typographical variants like blackletter, decorator symbols, and the occasional Hebrew letter.
Re:Tau is used everywhere. I prefer k_k
on
Happy Tau Day
·
· Score: 1
If you're writing out "2pi" and "(1/2)tau", you're doing it wrong.
2 pi either takes two characters, one of which is Greek, or four: 2 \pi.
Re:They've got a point
on
Happy Tau Day
·
· Score: 1
No, it's for people who are too lazy to multiply by 2. Consider that physicists have two constants for the same physical constant -- h and hbar -- because tracking the 2*pi factors is a pain. (For that matter, tracking the 2's with pi is also a pain. It's not really intuitive to look at 4*pi^3 and realize that in this case, that's because it's (1/2)*(8*pi^3).)
That's just a marketing phrase, but it does suggest a target acceptance rate. For example, while all are very good journals, Physical Review, Physical Review Letters, and Nature are in distinctly different tiers because of their acceptance rates.
While that's certainly a danger, you're misinterpreting. Access to the content of the papers is open. The reviewer's comments are anonymous. Access to being a reviewer and selection of being a reviewer for a particular paper is not open. Compare this to the normal peer review process, where the reviewers are selected and their comments aren't available at all: here, the only thing that's different is the comments are available, but with the name of the reviewer redacted.
The US only requires a passport to enter, not to leave. It's the other country (the one you're entering) that requires a passport when you enter their country.
Probably. Or the FBI had reason to believe the hosting company would protect the customer under investigation by supplying false information. (Or the investigation is so serious that it's dangerous to trust the hosting company at all.)
In order to not miss evidence, you either need the assistance of a trustworthy sysadmin who can accurately identify which resources might have been used by the suspect, or you need to seize everything.
Law enforcement can and has had warrants rejected because they are too broad and would cause unnecessary injury to the business. It's not really in the FBI's best interests to seize everything unless they have a reason to do so.
Plus, it annoys their forensics guys, since now there's a lot more machines to look through. If the hosting company is smart, there'll be a suit demanding the return of the hardware not needed for the investigation, which adds substantial time pressure. Heck, a number of forensics guys have had to work under the restriction that, as soon as possible, they: image all of the case-related machines, redact illegal data from the original machines, and then return the machines.
At least usually the name of the fees suggest that it was for some non-absurd purpose, but it's fairly annoying to have the cost of small tickets doubled our tripled because of surcharges.
Slashdot Mirror
I know that, although what I'm really referring to is that their business is to obtain fossil fuels, which are then burned and contribute to global warming.
Any bus that permits the existence of hubs has this "design flaw", since you can put a hub plus multiple devices within a single plastic enclosure.
The only way it can change the device type is to disconnect and re-connect to the USB bus. That can be done in software (no physical device removal required) but it would also make it obvious to the OS/drive/AV software what had just happened. On Windows it would have to send a different device ID because as I discovered the OS caches the descriptor.
You can't really do it "in software" AFAIK, but you can do it electrically with no physical device removal. You can even set up your electronics to put in an arbitrary connect/disconnect delay so that it's not obvious to the OS at all. Sensing actual physical device removal requires electrical tricks that no hardware currently implements. It doesn't matter, though. No OS or AV software, AFAIK, cares at all if a USB device disconnects itself and reconnects itself as a different device. So the fact that it's easy to detect is irrelevant -- it's allowed.
The device can also claim that it's a hub with a permanently-connected $real_device. The OS won't warn you about that. It can then claim that an open hub port (which don't really exist) had $evil_device connected to it.
That's kind of a problem if you have a USB mouse, keyboard, or security device.
I believe you'll find the oil companies have put hundreds of millions of dollars of funding into 'global warming'
Oil companies have put basically all of their money into funding global warming.
Or is that not what you meant?
Two minor notes:
* Climatologists don't generally research things like wave-generated energy. They don't really have the background for it and their interests are in, well, climatology. At nearly all research universities, researchers are required to obtain their own funding by proposing projects to funding agencies. So a scheme where a climatologist "helps out" another researcher by claiming that there's global warming so that the other researcher can get funding for wave-generated energy has a lot of problems, chief among them that it requires a lot of climatologists buying into this and that the potential impact on their careers is quite bad.
* The climatologists who figured out that there was AGW were, not surprisingly, getting funding and researching the climate before anyone knew AGW was a problem.
Regardless of the Patriot Act, other US laws, or Dropbox's hosting location, if you are using an online service (hosted by a third party) to store data that you would be uncomfortable with the US government having, you need to encrypt it.
On top of that, Dropbox's security track record isn't great. You really shouldn't store data on it (or, I would argue, any cloud storage service) that you would be uncomfortable with the world accessing unless you encrypt that data.
Also, a lot of organizations (including US corporations) block Dropbox because it makes it much too easy to accidentally or intentionally exfiltrate data. It's a huge data security problem for any company that has even marginally sensitive data.
As others commented, the start of the DLL loading path is the directory containing the executable, not the various incarnations of "the current directory". Still, it's a problem on modern machines when people make a file called "Fluffy Kitty.jpg.exe".
So can I. But it's simply easier and more legal than the alternative. Although selling information about USB exploits isn't necessarily illegal.
If you can figure out how to do that in USB, it's worth a lot more than teaching people a lesson about security. (I suppose you could do some of it with a trojan, but that's cheating.) Sadly, USB isn't FireWire.
The DMCA is irrelevant here, and bringing up "anti-hacking laws" doesn't make any sense. Do you think anything that LulzSec was doing should actually be legal?
Further, there are already anti-hacking laws. They don't really seem to prevent hacking. Apparently your idea of lobbying for anti-hacking laws to save money on security isn't really effective. I'd be surprised if any organization thought that was a viable alternative to actually having network security.
Right. I meant to say five. It's offensive LaTeX notation to fail to separate the 2 and the \pi with a space.
All of the Greek and Latin characters are used for more than one thing just in physics alone -- to say nothing of subscripts, typographical variants like blackletter, decorator symbols, and the occasional Hebrew letter.
If you're writing out "2pi" and "(1/2)tau", you're doing it wrong.
2 pi either takes two characters, one of which is Greek, or four: 2 \pi.
No, it's for people who are too lazy to multiply by 2. Consider that physicists have two constants for the same physical constant -- h and hbar -- because tracking the 2*pi factors is a pain. (For that matter, tracking the 2's with pi is also a pain. It's not really intuitive to look at 4*pi^3 and realize that in this case, that's because it's (1/2)*(8*pi^3).)
That's just a marketing phrase, but it does suggest a target acceptance rate. For example, while all are very good journals, Physical Review, Physical Review Letters, and Nature are in distinctly different tiers because of their acceptance rates.
While that's certainly a danger, you're misinterpreting. Access to the content of the papers is open. The reviewer's comments are anonymous. Access to being a reviewer and selection of being a reviewer for a particular paper is not open. Compare this to the normal peer review process, where the reviewers are selected and their comments aren't available at all: here, the only thing that's different is the comments are available, but with the name of the reviewer redacted.
If only they mentioned such an app in TFA.
Oh wait.
The US only requires a passport to enter, not to leave. It's the other country (the one you're entering) that requires a passport when you enter their country.
Both Apple and the makers of the magnetic power cords for deep fat fryers and Japanese kitchen appliances seem happy with this interpretation.
Yes. I too enjoy redesigning workspaces to meet the design limitations of gadgets.
Because patents are for implementations and not for broad concepts like "magnetic power cable"?
Probably. Or the FBI had reason to believe the hosting company would protect the customer under investigation by supplying false information. (Or the investigation is so serious that it's dangerous to trust the hosting company at all.)
In order to not miss evidence, you either need the assistance of a trustworthy sysadmin who can accurately identify which resources might have been used by the suspect, or you need to seize everything.
Law enforcement can and has had warrants rejected because they are too broad and would cause unnecessary injury to the business. It's not really in the FBI's best interests to seize everything unless they have a reason to do so.
Plus, it annoys their forensics guys, since now there's a lot more machines to look through. If the hosting company is smart, there'll be a suit demanding the return of the hardware not needed for the investigation, which adds substantial time pressure. Heck, a number of forensics guys have had to work under the restriction that, as soon as possible, they: image all of the case-related machines, redact illegal data from the original machines, and then return the machines.
At least usually the name of the fees suggest that it was for some non-absurd purpose, but it's fairly annoying to have the cost of small tickets doubled our tripled because of surcharges.
A fee for a service, even if charged after the service is rendered, is not the same as a debt.
Private businesses aren't required to accept US Dollars in exchange for goods or services. Even the Treasury says so:
http://www.treasury.gov/resource-center/faqs/Currency/Pages/legal-tender.aspx