Barring the minor problem of the magnetic pole slowly moving, a compass is enormously more reliable than a GPS receiver. Lower power consumption, faster startup time, etc.
The botnet, which was behind..., was dubbed "Kneber" by Alan Cox, principal...
The sentence used in the original isn't technically ambiguous, since there aren't two gramatically-correct readings, but it is confusing, because it's easy to misparse the sentence.
It'd be even better to split it into two sentences or drop the information about who named it "Kneber".
Entropy isn't just a general observation as you cast it -- it's a very specific measure of the degree of disorder of a system. Or, equally, a measure of the lack of knowledge about the internal state of a system. The link between information / memory and entropy is interesting, but I can't really summarize all of Shannon's work accurately in a short space.
The side that says there was intent and the side that says there wasn't intent make arguments to support their views, then the courts ask a group of 12 somewhat arbitrarily selected people who have heard the arguments to decide if there was intent.
Lots of people in my town back up in parking lots without looking, so I have a fair bit of experience here. In general, most cars are basically silent when they're backing up at low speeds.
In criminal matters, law enforcement knows full well that an IP address is not a unique identifier. There are countless cases where a computer is shared among multiple people or an access point is "borrowed" to obtain illicit material. You can't really get a conviction with just evidence that illicit material was sent to a particular IP address; the defendant's lawyers will have a field day with that. You need real corroborating evidence, like files on the guy's computer.
They've leaked it in the sense that they're responsible for making it public.
They're not responsible for initially acquiring the classified information. At least with regards to laws and regulations about handling that information, they are innocent. They're also not being arrested or prosecuted as such. They're just finding that business is becoming hard to do, which shouldn't be a surprise to an organization that's doing something legal but not particularly popular.
Your trying to exercise a technicality that doesn't exist. You pay the app author $1.99 minus Apple's cut, and as a result, he donates $1 to Wikileaks. So, $1 of the app's price is a donation to Wikileaks. Pretending to separate them temporally doesn't work.
Likewise, you cannot legally get out of sales tax by helpfully donating some cash to a local business and also, at roughly the same time and as a result of your donation, being given, free of charge, one of their products.
ICE has different groups with different responsibilities. The one you're talking about is Immigration (formerly INS). The one that this probably falls under is Customs (formerly U.S. Customs). They're different groups under a single organization.
What is the difference between giving them access to the wired network and giving them the preshared key for WEP or WPA2?
The difference is that many home routers have an option to only allow devices on the wired network to configure the router. Anyone connected to the wireless network, if this option is enabled, isn't in a position to be able to do a MitM attack when you change the configuration. (On wired+wireless home routers, the network appears to be a single LAN, but is usually really a pair of bridged LANs, one for wireless and one for wired.)
Now, some routers are fancier and can be set up with VLANs to permit only the machine connected to a particular Ethernet port to configure the router. That's not a common feature, nor is it trivial to set up.
I don't understand. Are you saying that you don't have a wireless network at all, or you're talking about house guests using the Internet through your Xbox 360?
Running your own limited-functionality devices on your wired network is acceptably safe, regardless of who's actually using the device, is permissibly safe.
At the business and enterprise level, it's reasonable to demand more rigor, is all. For example, if you can install your own cert, then you can have your own non-authoritative CA, sign your router certs with that, and install the non-authoritative CA's cert on the machines that need to configure the router. Or, make sure your machines that are allowed to configure the router are using a system where the SSL cert is stored and checked in the future so that you can detect MitM.
Of course, there's always the wonderful enterprise routers where you configure over a serial interface...
Generally, house guests should be using the wireless network. The router should be configured so that the wired network, but not the wireless, is permitted to access the router configuration.
DD-WRT, at least, installs with no SSL certificate in place and auto-generates one the first time it starts up.
This is really the correct solution, and a number of home routers actually do it.
Of course, there's a tradeoff. If you use a fixed certificate, you can have it legitimately signed. Then, if someone does a man-in-the-middle attack, you get the browser warning that they're using a self-signed certificate. Unless, of course, they're using the real fixed certificate. If, on the other hand, you use an autogenerated certificate, then the self-signed cert browser warning always appears (as you can only autogenerate self-signed certificates). The user learns that clicking through this warning is a necessary part of changing their router configuration. Then, any man-in-the-middle attack works, since anyone can make a self-signed certificate. (Yes, if they or the browser store the original cert and compare it to the new one, then this is no longer an issue.)
Realistically, I think this is a non-issue. If you're using home routers, they should only be configurable from the wired LAN, and only trusted people should be on that network.
Slashdot Mirror
Barring the minor problem of the magnetic pole slowly moving, a compass is enormously more reliable than a GPS receiver. Lower power consumption, faster startup time, etc.
This is like a variation of when lawmakers write a law that takes an already-illegal act and adds "on the Internet" or "with a computer".
Yes, car thieves can steal your car. But now it's wireless!
If it's very specific, why doesn't measuring the entropy of a system tell you what time it is or vice versa
For the same reason that measuring a system's temperature, which also is a specific measurement, doesn't tell you what time it is.
I think you're confused about what "specific" means.
Not to be confused, unfortunately, with the alternate definition of "specific", which is "per unit mass".
Alternately:
The botnet, which was behind ..., was dubbed "Kneber" by Alan Cox, principal ...
The sentence used in the original isn't technically ambiguous, since there aren't two gramatically-correct readings, but it is confusing, because it's easy to misparse the sentence.
It'd be even better to split it into two sentences or drop the information about who named it "Kneber".
You mean like "10 Thing I Hate About You" or "West Side Story"?
Entropy isn't just a general observation as you cast it -- it's a very specific measure of the degree of disorder of a system. Or, equally, a measure of the lack of knowledge about the internal state of a system. The link between information / memory and entropy is interesting, but I can't really summarize all of Shannon's work accurately in a short space.
It's neither scientific nor accurate, but other than that, yes.
The side that says there was intent and the side that says there wasn't intent make arguments to support their views, then the courts ask a group of 12 somewhat arbitrarily selected people who have heard the arguments to decide if there was intent.
If it's not worth spending $5 on, it probably wasn't important.
Lots of people in my town back up in parking lots without looking, so I have a fair bit of experience here. In general, most cars are basically silent when they're backing up at low speeds.
Only a little bit. Configuration over a serial line rarely breaks, has no chicken-and-egg problem, and is about as secure as it gets.
In criminal matters, law enforcement knows full well that an IP address is not a unique identifier. There are countless cases where a computer is shared among multiple people or an access point is "borrowed" to obtain illicit material. You can't really get a conviction with just evidence that illicit material was sent to a particular IP address; the defendant's lawyers will have a field day with that. You need real corroborating evidence, like files on the guy's computer.
They've leaked it in the sense that they're responsible for making it public.
They're not responsible for initially acquiring the classified information. At least with regards to laws and regulations about handling that information, they are innocent. They're also not being arrested or prosecuted as such. They're just finding that business is becoming hard to do, which shouldn't be a surprise to an organization that's doing something legal but not particularly popular.
Your trying to exercise a technicality that doesn't exist. You pay the app author $1.99 minus Apple's cut, and as a result, he donates $1 to Wikileaks. So, $1 of the app's price is a donation to Wikileaks. Pretending to separate them temporally doesn't work.
Likewise, you cannot legally get out of sales tax by helpfully donating some cash to a local business and also, at roughly the same time and as a result of your donation, being given, free of charge, one of their products.
...but I don't have the time to fiddle with flashing a router right now
Ten minutes of your time is that expensive?
Beats me, but this still is far more likely to fall under customs than immigration, which are still separate groups.
ICE has different groups with different responsibilities. The one you're talking about is Immigration (formerly INS). The one that this probably falls under is Customs (formerly U.S. Customs). They're different groups under a single organization.
What is the difference between giving them access to the wired network and giving them the preshared key for WEP or WPA2?
The difference is that many home routers have an option to only allow devices on the wired network to configure the router. Anyone connected to the wireless network, if this option is enabled, isn't in a position to be able to do a MitM attack when you change the configuration. (On wired+wireless home routers, the network appears to be a single LAN, but is usually really a pair of bridged LANs, one for wireless and one for wired.)
Now, some routers are fancier and can be set up with VLANs to permit only the machine connected to a particular Ethernet port to configure the router. That's not a common feature, nor is it trivial to set up.
Scratch the second "is permissibly safe". I need more coffee.
I don't understand. Are you saying that you don't have a wireless network at all, or you're talking about house guests using the Internet through your Xbox 360?
Running your own limited-functionality devices on your wired network is acceptably safe, regardless of who's actually using the device, is permissibly safe.
At the business and enterprise level, it's reasonable to demand more rigor, is all. For example, if you can install your own cert, then you can have your own non-authoritative CA, sign your router certs with that, and install the non-authoritative CA's cert on the machines that need to configure the router. Or, make sure your machines that are allowed to configure the router are using a system where the SSL cert is stored and checked in the future so that you can detect MitM.
Of course, there's always the wonderful enterprise routers where you configure over a serial interface...
If your network is wireless-only, clearly this won't work, and I think it's a fair request to want a wireless-only network.
Generally, house guests should be using the wireless network. The router should be configured so that the wired network, but not the wireless, is permitted to access the router configuration.
DD-WRT, at least, installs with no SSL certificate in place and auto-generates one the first time it starts up.
This is really the correct solution, and a number of home routers actually do it.
Of course, there's a tradeoff. If you use a fixed certificate, you can have it legitimately signed. Then, if someone does a man-in-the-middle attack, you get the browser warning that they're using a self-signed certificate. Unless, of course, they're using the real fixed certificate. If, on the other hand, you use an autogenerated certificate, then the self-signed cert browser warning always appears (as you can only autogenerate self-signed certificates). The user learns that clicking through this warning is a necessary part of changing their router configuration. Then, any man-in-the-middle attack works, since anyone can make a self-signed certificate. (Yes, if they or the browser store the original cert and compare it to the new one, then this is no longer an issue.)
Realistically, I think this is a non-issue. If you're using home routers, they should only be configurable from the wired LAN, and only trusted people should be on that network.
Proper quantum computation (like Shor's Algorithm) isn't probabilistic at all.
Also, you don't need millions of qbits to factor primes. You need on the order of 10x the number of bits in the prime.