Sort of an eye-for-an-eye problem there, since Seal Team 6 was our firing squad. See, Bin Laden planned the murder of a couple thousand foreign nationals on sovereign grounds. Granted, our firing squad wasn't exactly *quick*...
a) who would want to collect half a million $ worth of experimental currency that can't really be used widely?
IIRC, he mined it, so it was essentially free.
b) why would you want to keep that much money as a virtual currency?
Hopefully, because he hadn't sold it yet. If I'd mined that many bitcoins, I'd have sold at least by the time it bubbled up to ~30 $/BTC.
c) why would you want to keep that wallet accessible on your PC and not on some external, removable media, or at the very least under tight lock e.g. via encrypted file?
The eternal hope most people have that security breaches only ever happen to other, stupider people.
It pains me to admit that Bitcoins are more legitimate. While if someone steals your WoW gold, you have *some* recourse, it's much harder and more expensive to convert between WoW gold and USD than it is to convert between Bitcoins and USD.
The claim "has value only" on Wikipedia is a little inaccurate. There are a lot of reasons that a particular fiat currency has more or less value that are only indirectly because of law. However, a fiat currency ultimately has legitimacy as a currency and is made worthwhile by law. (A common way this is done, as in the US, is that it is the currency with which you can pay debts and taxes.)
In contract, a private currency is not given legitimacy by law. It may be given legitimacy through some other means (such as backing in another currency), or it may be granted no legitimacy at all (like Bitcoins) and have value solely based on its buying power.
Really, what is currently granting Bitcoin any value at all is that it is fairly easily convertible into US Dollars.
They only sync parts that have changed, with a 4 MB granularity. (That is, files are logically divided into 4 MB chunks, and only chunks that change are synced.)
Depends. But both the hacker and the NRC agreed that it was unlikely that he could have cause a meltdown or serious damage. Shut off power to their customers, yes -- which is a problem.
It brings it closer to an 83% chance of accessing it, actually. Not 100%. (15% of top passcodes x only 20% of iPhones locked = 3% of total iPhones use one of the top passcodes).
Surely you know the difference between a defense network and a civilian power plant. They're run by entirely different people and do very different things. Infrastructure security is a concern, but it's not at all the same as defense.
That's a generous definition of "fiat currency". Fiat currency is supported by law (e.g., you're required to pay taxes in it, or transactions within the country can only be made in it, or something) that gives it some measure of usefulness. This is more like anarcho-currency: it neither has intrinsic value nor is supported by fiat.
First adopters have an inherent advantage since they could buy lots of Treasury bonds in the early days of the Republic when they still traded at a discount.
Federal bonds issued anywhere near the early days of the Republic are long gone -- and modern government bonds have only been issued since World War 1. For the most part, there aren't traded bonds more than 30 years old. While some bonds are currently trading at no discount or a premium (though not a negative yield-to-maturity), it looks like most Federal bonds are still traded at a discount.
Single actions generally shouldn't be given a particular "alignment". They can often fit into a pattern of behavior that's appropriate for many different alignments.
Buying laws is certainly acceptable for LE. Lawful evil manipulates the rules to their own personal advantage.
The more general "bribery", on the other hand, could be acceptable to most alignments, except perhaps LG and LN. (Even then, LN would accept bribery if it was socially accepted.)
Which is all automated systems. In any automated system, a person with sufficient access to the system can decrypt any stored data. (If the key is offline and you have only non-automated access to the data, you can store it securely.)
That's kind of tricky. It often can be easier to identify that there has been a potential data breach that it is to identify whether there actually was a breach and, if so, what the target was, was information was lost, and was systems were affected. It can take more than a day, on big targets, to get all of the data that may contain evidence from the targets (even after you've identified the targets). Worse, it can take a long time to identify what non-target machines were involved in the attack -- and for proper incident response, you need the data from them, too.
So I think it's tough to set a timetable, especially a short one, for reporting data breaches.
On the other hand, I think it should be mandatory to report data breaches to the public once the breach has been investigated.
They're not really a hardware company, they're an IP company. The cost of manufacturing the devices is low compared to what they charge for them, but they do a lot of R&D work to develop them.
They do have a better net profit margin than IBM, though, which is in more or less the same business.
There are lots of organisms that digest wood. That's why dead wood rots and eventually turns into (a component of) soil. Living trees fight off these organisms.
Even at that rate, a random 10-character password is essentially uncrackable.
The standard way of artificially strengthening the hash is to N-round HMAC-SHA1 (or HMAC-MD5, I suppose), where N is chosen so that the computation takes a fair amount of time. This is better for client-side encryption, where you have time to waste per request, and less popular for server-side encryption, where you don't want to consume that much processing power. Still usable server-side, though.
WPA2-PSK at least makes it so that individual users can't spy on one anothers' packets, as is the case with an open network. Having a well-publicized WPA2 key is the way to go.
When I was in undergrad, the university had just set up its new wireless network and they secured it with WEP (as was the style at the time). Since they wanted to give access only to actual students/faculty/staff, they wanted to keep the key secret. So, you had to hand them your laptop and they'd set up Windows to remember the SSID and key. They didn't "allow" Linux devices to connect to the wireless network because they knew the WEP key was stored in the clear in an easily-found text file. Naturally, Windows stores it in the clear as well, so of course our solution was to pull the key off of a configured Windows machine and publicize it so that Linux laptops could connect to the wireless network.
Slashdot Mirror
Sort of an eye-for-an-eye problem there, since Seal Team 6 was our firing squad. See, Bin Laden planned the murder of a couple thousand foreign nationals on sovereign grounds. Granted, our firing squad wasn't exactly *quick*...
a) who would want to collect half a million $ worth of experimental currency that can't really be used widely?
IIRC, he mined it, so it was essentially free.
b) why would you want to keep that much money as a virtual currency?
Hopefully, because he hadn't sold it yet. If I'd mined that many bitcoins, I'd have sold at least by the time it bubbled up to ~30 $/BTC.
c) why would you want to keep that wallet accessible on your PC and not on some external, removable media, or at the very least under tight lock e.g. via encrypted file?
The eternal hope most people have that security breaches only ever happen to other, stupider people.
It pains me to admit that Bitcoins are more legitimate. While if someone steals your WoW gold, you have *some* recourse, it's much harder and more expensive to convert between WoW gold and USD than it is to convert between Bitcoins and USD.
The claim "has value only" on Wikipedia is a little inaccurate. There are a lot of reasons that a particular fiat currency has more or less value that are only indirectly because of law. However, a fiat currency ultimately has legitimacy as a currency and is made worthwhile by law. (A common way this is done, as in the US, is that it is the currency with which you can pay debts and taxes.)
In contract, a private currency is not given legitimacy by law. It may be given legitimacy through some other means (such as backing in another currency), or it may be granted no legitimacy at all (like Bitcoins) and have value solely based on its buying power.
Really, what is currently granting Bitcoin any value at all is that it is fairly easily convertible into US Dollars.
They only sync parts that have changed, with a 4 MB granularity. (That is, files are logically divided into 4 MB chunks, and only chunks that change are synced.)
Depends. But both the hacker and the NRC agreed that it was unlikely that he could have cause a meltdown or serious damage. Shut off power to their customers, yes -- which is a problem.
It brings it closer to an 83% chance of accessing it, actually. Not 100%. (15% of top passcodes x only 20% of iPhones locked = 3% of total iPhones use one of the top passcodes).
Surely you know the difference between a defense network and a civilian power plant. They're run by entirely different people and do very different things. Infrastructure security is a concern, but it's not at all the same as defense.
Alternately, "private currency".
It's just an alternative currency: in this case, a paper-like (though not paper), unbacked alternative currency.
That's a generous definition of "fiat currency". Fiat currency is supported by law (e.g., you're required to pay taxes in it, or transactions within the country can only be made in it, or something) that gives it some measure of usefulness. This is more like anarcho-currency: it neither has intrinsic value nor is supported by fiat.
First adopters have an inherent advantage since they could buy lots of Treasury bonds in the early days of the Republic when they still traded at a discount.
Federal bonds issued anywhere near the early days of the Republic are long gone -- and modern government bonds have only been issued since World War 1. For the most part, there aren't traded bonds more than 30 years old. While some bonds are currently trading at no discount or a premium (though not a negative yield-to-maturity), it looks like most Federal bonds are still traded at a discount.
Hello, /etc/shadow, how are you?
What critical defense network is connected to the Internet?
Single actions generally shouldn't be given a particular "alignment". They can often fit into a pattern of behavior that's appropriate for many different alignments.
Buying laws is certainly acceptable for LE. Lawful evil manipulates the rules to their own personal advantage.
The more general "bribery", on the other hand, could be acceptable to most alignments, except perhaps LG and LN. (Even then, LN would accept bribery if it was socially accepted.)
Breaking in to get information to help political prisoners? White hat.
That's grey at best. White-hat hacking is generally limited to penetration testing and research proofs-of-concept.
US cars use metric fasteners?
Which is all automated systems. In any automated system, a person with sufficient access to the system can decrypt any stored data. (If the key is offline and you have only non-automated access to the data, you can store it securely.)
That's kind of tricky. It often can be easier to identify that there has been a potential data breach that it is to identify whether there actually was a breach and, if so, what the target was, was information was lost, and was systems were affected. It can take more than a day, on big targets, to get all of the data that may contain evidence from the targets (even after you've identified the targets). Worse, it can take a long time to identify what non-target machines were involved in the attack -- and for proper incident response, you need the data from them, too.
So I think it's tough to set a timetable, especially a short one, for reporting data breaches.
On the other hand, I think it should be mandatory to report data breaches to the public once the breach has been investigated.
They're not really a hardware company, they're an IP company. The cost of manufacturing the devices is low compared to what they charge for them, but they do a lot of R&D work to develop them.
They do have a better net profit margin than IBM, though, which is in more or less the same business.
And it seems to me, Apple operates on a high margin anyway.
21.48% net profit margin in 2010: lower than both Google and Microsoft.
There are lots of organisms that digest wood. That's why dead wood rots and eventually turns into (a component of) soil. Living trees fight off these organisms.
Even at that rate, a random 10-character password is essentially uncrackable.
The standard way of artificially strengthening the hash is to N-round HMAC-SHA1 (or HMAC-MD5, I suppose), where N is chosen so that the computation takes a fair amount of time. This is better for client-side encryption, where you have time to waste per request, and less popular for server-side encryption, where you don't want to consume that much processing power. Still usable server-side, though.
WPA2-PSK at least makes it so that individual users can't spy on one anothers' packets, as is the case with an open network. Having a well-publicized WPA2 key is the way to go.
When I was in undergrad, the university had just set up its new wireless network and they secured it with WEP (as was the style at the time). Since they wanted to give access only to actual students/faculty/staff, they wanted to keep the key secret. So, you had to hand them your laptop and they'd set up Windows to remember the SSID and key. They didn't "allow" Linux devices to connect to the wireless network because they knew the WEP key was stored in the clear in an easily-found text file. Naturally, Windows stores it in the clear as well, so of course our solution was to pull the key off of a configured Windows machine and publicize it so that Linux laptops could connect to the wireless network.
Thankfully, the policy is different now.
Have you tried? All you have to do to get the iPhone SDK documentation is register as an Apple developer, which is free.