After the recent reports that companies like Levis were testing RFID tracking in their clothes I started searching around to see what it'd cost to get an RFID reader if I wanted to start tinkering. Although self-contained hand-held readers are still quite pricey I did find an alternative. There are companies that are selling RFID attachments for Palm and Windows CE devices. For about $200-$400 you can buy an RFID device that plugs into an SD slot. Depending on how much you want to pay you can get just a reader or a reader/writer. With a little bit of software work it probably wouldn't be very difficult at all to whip up an RFID "skimmer" that you could just stick into your pocket. Just casually walk buy a security guard and steal his access card, walk around a store and reprogram prices, etc. and nobody would know it was you since you're just walking around and the device in your pocket is doing all the real work.
However, JPG isn't an open standard, is it? Isn't it controlled by proprietary licenses as well?
JPEG is a standard, created by the Joint Photographic Experts Group. The problem with it is that it's entirely lossy. It's great for final images but any time you edit an image you'll lose more and more of the detail.
PNG is a newer open standard that was created in part to address the issue of loss. Prior to PNG many people used the GIF format, which is losless as well, but GIF has licensing/patent issues. Most mainstream web browsers, graphics editors, etc. now support PNG graphics natively.
I wonder if this might end up in direct (or indirect) competition with Google at some point in the future. With all the reports of dark fibre that Google is interested in, one possible purpose would be to provide free/cheap internet access to people. Google is rapidly becoming a major player in the advertising space. Providing free ad-based internet access is something they already seem to have many of the building blocks for.
As if there aren't enough totally useless text-based blogs filling up the internet, now our phones will be able to stream a constant flow of totally useless podcasts. I'm not sure which is worse, reading poor grammar in blogs on ugly looking websites, or trying to understand the voices of numerous self-important podcasters.
Just imagine if ever/. post was a min-podcast instead. How'd you like to try to listen to them all? The different voices (accents, etc) would drive me away in very little time.
I see. So you feel that counter-terrorism is effective if 100 people are killed by a suicide bomber six months or a year later than the terrorists originally hoped, simply because we forced them to be more careful in the way that they communicate with each other. Interesting idea of effective counter-terrorism that you have.
Well the problem is you don't have any evidence to assert your idea.
True, there's no evidence that's been made public. Yet. But if you think they're going to sit on encrypted data that they intercept and not do anything with it then you are in real need of a reality check.
Here's the NSA's own description of themselves:
The National Security Agency/Central Security Service is America's cryptologic organization. It coordinates, directs, and performs highly specialized activities to protect U.S. government information systems and produce foreign signals intelligence information. A high technology organization, NSA is on the frontiers of communications and data processing.
and
Signals Intelligence (SIGINT) is a unique discipline with a long and storied past. SIGINT's modern era dates to World War II, when the U.S. broke the Japanese military code and learned of plans to invade Midway Island.
and
NSA employs the country's premier cryptologists. It is said to be the largest employer of mathematicians in the United States and perhaps the world. Its mathematicians contribute directly to the two missions of the Agency: designing cipher systems that will protect the integrity of U.S. information systems and searching for weaknesses in adversaries' systems and codes.
So let's see. The NSA is apparently collecting vast amounts of internet data, something they wouldn't just go out and do on their own but would have the ok of the federal government (or at least the White House) to do. The NSA's stated purpose is analysis of that data, some of which may be encrypted. The NSA is "America's cryptologic organization", and "employs the country's premier cryptologists". Since the federal government (or at least the White House) has apparently already given the NSA the authority to collect all this internet traffic, they're going to do what they're tasked with doing, which is analyzing the data they collect. If some of that data is encrypted then they're not going to simply ignore it. They have the tools necessary to try to decrypt it, so why shouldn't they? I seriously doubt the feds and/or White House told the NSA "go ahead and look at whatever is in plain-text but don't you dare touch anything that's encrypted".
How's it effective? He and other members of al Queada have demonstrated extreme patience when planning terrorist attacks. Avoiding the use of phones, the internet, etc. to communicate certianly hasn't stopped them. Or do you consider simply delaying attacks as "effective"?
Now, should the NSA be required to get a warrant to break the encryption on encrypted data? Yes, there is an assumption of privacy. Can they log it without breaking it? Absolutely. Having your encrypted data in still encrypted format does not violate your privacy.
Do you really that the NSA is just archiving all this data to tape, hoping that if they need to decrypt it at some unknown future date that they would first go get a court order? If you do then I have a bridge in New York that I'd like to sell you.
But IF... IF this spying program is meant to protect Americans from potential terrorist attacks, wouldn't it be better AS public knowledge?
Wouldn't the terrorists just say, "Crap, they know about it! Call it off."
When bin Laden finally realized that he was being tracked by the satellite phone he used to use, he simply stopped using it and reverted to writing things down on paper. Much slower, but also much more difficult to intercept. He certianly didn't just give up because he couldn't talk to them on the phone any more.
Committed terrorists will simply stop using high technology devices like cell phones, the internet, etc. to communicate with each other since it's been demonstrated that the government can and will intercept everything they possibly can. The terrorists will just go back to using snail-mail, word of mouth, etc. Again, it'll take longer but it'll also prove more secure. Unless, of course, the NSA then moves to have operatives put in every US Post Office to read every piece of mail that's sent in the country.
There is absolutely no possibility that it's something like an AT&T monitoring system to make sure that its employees are not committing fraud, hackers are not abusing the network, etc...
Not only did he not have access to it, but he also stated: "The telltale sign of an illicit government spy operation is the fact that only people with security clearance from the National Security Agency can enter this room."
The NSA doesn't monitor communications businesses for fraud, hacking, etc. That's not their job. Their job is signals/intelligence collection and analysis. A room in a datacenter that's off-limits to everybody but people with NSA security clearences is basically screaming "I'm a massive phone/data tap".
Simple solution: You have a new encryption scheme where there are 2 private keys. The first one allows decryption, the second wipes the drive. Guess which one you give to the police?
Guess what happens when the police decides to verify your key the day after you give it to them.
>Actually the FBI has no jurisdiction outside the USA..The F in FBI stands for FEDERAL...
So you're saying that if a non-US individual or company causes financial damage to companies inside the US that the FBI is powerless to do anything about it? By your flawed logic nobody would ever be able to investigate such crimes where the criminal & victim are located in different countries because no law enforcement agency has jurisdiction in both countries.
The FBI regularly works with law enforcement organizations in other countries when US individuals and/or corporations are targeted by foreign criminals. The FBI investigates, and when they've identified a suspect they contact the authorities in the suspects country, provide all the evidence, and request that they be arrested. The US has extradition treaties with over 100 other countries.
Also keep in mind that FBI agents do perform their own investigations in foreign countries when it's appropriate (both countries agree). Yes, the FBI doesn't have any law enforcement powers, but they can and do run investigations. After the USS Cole bombing FBI agents were sent to Yemen to investigate. FBI agents went to Aruba to help investigate the disappearance of Natalie Holloway.
So, as I said in my original post: "If either the Tucows server or one of those sites whose DNS is hosted by Tucows is located in the US then the FBI has all the jurisdiction they would need to launch an investigation."
I don't mind watching certian ads as long as they're of decent quality. On the other hand, there's one ad in particular that I refuse to watch. It's an ad for a local discount furniture store (I'm in the Boston area). All the ads feature the two owners and end with their stores jingle. It's the only ad that I will purposely go out of my way to either mute or change channels when it comes on, even if the remote is on the other side of the room. I simply can't stand their voices, their ads, or their jingle. And they run their ads every morning during all the local news casts, so I see/hear them virtually every single day. They've done a very good job of ensuring that I will never visit their stores, simply because their ads annoy me so much.
The point I'm trying to make is that if ads are made interesting and entertaining I'll be much more likely to watch them. If they get on my nerves then I'll be sure to skip them by whatever means necessary. If advertisers keep this in mind then they'll do a better job of getting eyeballs in front of their ads. Of course, entertainment value depends a great deal on relevence, so better targeting of ads, like what TiVo hopes to do, is big.
They are based in Israel so this spammer doesn't need to worry about the might of the FBI.
Not true. Since the idiot spammer DDoS'd the Tucows DNS server it affected thousands of sites all over the world. If either the Tucows server or one of those sites whose DNS is hosted by Tucows is located in the US then the FBI has all the jurisdiction they would need to launch an investigation. Of course just because they can doesn't necessarially mean they will. But if any of those customers is big enough they just might.
Obviously spammers are trying to get through filters by making their email appear legitimate. The closer spam looks like legitimate email traffic the harder it is to block them without also blocking some legitimate email.
But the spammers are caught in a bit of a catch-22 situation, especially when it comes to distributed spam-blocking tools like Razor, DCC, etc. If a spam is obviously forged then it's easy to flag as a spam. But alternatively if a spam has non-munged contact information, whether an e-mail address, a URL, or even a phone number or snail-mail address, those are all strings that it's VERY easy for filters to test against.
When I worked for a search engine company we relied on a combination of IP address and HTTP cookie to identify unique users. True, many people disable cookies, delete them, etc. but by making use of multiple tracking methods you get a much more accurate idea of usage.
I wonder if Chinese users will start significant adoption of gpg or other encryption technologies to try to keep their communications secure. Of course then the Chinese government will just ban all use of mail encryption if they haven't done so already...
True, that's one of the meanings for IHTFP, but there are so many that you can't really say one stands above the others.
I used to work in Cambridge, right across the street from one of the MIT parking lots for their facilities department. For a while one of their vans (looked like a converted ambulance) sported the message "IHTFP Hack Removal Squad" on its side. It looked professionally done - quite a good hack in my opinion.
I dunno about you guys, but I've had a VCR that could do that since before anyone had come up with the name "TiVo".
Are you sure about that? You had a VCR that could record one show to tape while playing another show from the same tape at the same time? I think that more accurately describes the TiVo patent. Their patent involved technology to write one realtime multimedia stream to a disk while simultaneously reading another realtime multimedia stream from the same disk. That's not exactly an easy thing to do with the level of technology that exists in the original series 1 TiVo's.
Medicine absolutely amazes me sometimes
on
Nanotech and the Blind
·
· Score: 4, Interesting
Absolutely amazing story. On a related note I know a guy who has been stuck in a wheelchair for 10+ years. He was a helicoptor pilot for the national guard long ago and had an accident where he landed really hard. The skids of the helicoptor were damaged but he walked away with a really bruised backside. 10 years after the accident he woke up one morning unable to move his legs. Apparently the accident had caused some sort of damage to his lower spine that wasn't diagnosed until his legs stopped working. Well after 10+ years in the wheelchair he was picked for a double-blind medical study with some European medical firm. After doing nothing more than taking a pill for a few weeks he was able to walk again with the help of a walker. The fact that we can develop a pill that can target conditions like blindness or this spinal injury is truely amazing.
they don't even bother to tell Microsoft what's wrong with what they've provided
Yes, they have. The EU said that Microsoft had to provide complete and accurate reference documentation of API's, etc. so that third party developers would be able to make use of it. Microsoft said "rather than that, we'll make the source code available so those third parties can see exactly what our code does".
As someone who has developed software professionaly for ten years I can tell you that there's a HUGE difference between source code and documented API's and data structures. Trying to figure out what a complex function does just by looking at source code is extremely difficult. With something as complex as Windows it'd be virtually impossible. Having access to the source code would just be a huge waste of time & money. Having access to accurately documented API's would be a godsend to MS competitors.
Not to mention the fact that in TFA it states that a company hired to reverse engineer some of the MS code in order to validate the documentation they DID provide found the documentation to be "self-contradictory".
Slashdot Mirror
After the recent reports that companies like Levis were testing RFID tracking in their clothes I started searching around to see what it'd cost to get an RFID reader if I wanted to start tinkering. Although self-contained hand-held readers are still quite pricey I did find an alternative. There are companies that are selling RFID attachments for Palm and Windows CE devices. For about $200-$400 you can buy an RFID device that plugs into an SD slot. Depending on how much you want to pay you can get just a reader or a reader/writer. With a little bit of software work it probably wouldn't be very difficult at all to whip up an RFID "skimmer" that you could just stick into your pocket. Just casually walk buy a security guard and steal his access card, walk around a store and reprogram prices, etc. and nobody would know it was you since you're just walking around and the device in your pocket is doing all the real work.
However, JPG isn't an open standard, is it? Isn't it controlled by proprietary licenses as well?
JPEG is a standard, created by the Joint Photographic Experts Group. The problem with it is that it's entirely lossy. It's great for final images but any time you edit an image you'll lose more and more of the detail.
PNG is a newer open standard that was created in part to address the issue of loss. Prior to PNG many people used the GIF format, which is losless as well, but GIF has licensing/patent issues. Most mainstream web browsers, graphics editors, etc. now support PNG graphics natively.
I wonder if this might end up in direct (or indirect) competition with Google at some point in the future. With all the reports of dark fibre that Google is interested in, one possible purpose would be to provide free/cheap internet access to people. Google is rapidly becoming a major player in the advertising space. Providing free ad-based internet access is something they already seem to have many of the building blocks for.
As if there aren't enough totally useless text-based blogs filling up the internet, now our phones will be able to stream a constant flow of totally useless podcasts. I'm not sure which is worse, reading poor grammar in blogs on ugly looking websites, or trying to understand the voices of numerous self-important podcasters.
/. post was a min-podcast instead. How'd you like to try to listen to them all? The different voices (accents, etc) would drive me away in very little time.
Just imagine if ever
I see. So you feel that counter-terrorism is effective if 100 people are killed by a suicide bomber six months or a year later than the terrorists originally hoped, simply because we forced them to be more careful in the way that they communicate with each other. Interesting idea of effective counter-terrorism that you have.
Well the problem is you don't have any evidence to assert your idea.
True, there's no evidence that's been made public. Yet. But if you think they're going to sit on encrypted data that they intercept and not do anything with it then you are in real need of a reality check.
Here's the NSA's own description of themselves:
The National Security Agency/Central Security Service is America's cryptologic organization. It coordinates, directs, and performs highly specialized activities to protect U.S. government information systems and produce foreign signals intelligence information. A high technology organization, NSA is on the frontiers of communications and data processing.
and
Signals Intelligence (SIGINT) is a unique discipline with a long and storied past. SIGINT's modern era dates to World War II, when the U.S. broke the Japanese military code and learned of plans to invade Midway Island.
and
NSA employs the country's premier cryptologists. It is said to be the largest employer of mathematicians in the United States and perhaps the world. Its mathematicians contribute directly to the two missions of the Agency: designing cipher systems that will protect the integrity of U.S. information systems and searching for weaknesses in adversaries' systems and codes.
So let's see. The NSA is apparently collecting vast amounts of internet data, something they wouldn't just go out and do on their own but would have the ok of the federal government (or at least the White House) to do. The NSA's stated purpose is analysis of that data, some of which may be encrypted. The NSA is "America's cryptologic organization", and "employs the country's premier cryptologists". Since the federal government (or at least the White House) has apparently already given the NSA the authority to collect all this internet traffic, they're going to do what they're tasked with doing, which is analyzing the data they collect. If some of that data is encrypted then they're not going to simply ignore it. They have the tools necessary to try to decrypt it, so why shouldn't they? I seriously doubt the feds and/or White House told the NSA "go ahead and look at whatever is in plain-text but don't you dare touch anything that's encrypted".
So, its effective then...
How's it effective? He and other members of al Queada have demonstrated extreme patience when planning terrorist attacks. Avoiding the use of phones, the internet, etc. to communicate certianly hasn't stopped them. Or do you consider simply delaying attacks as "effective"?
Now, should the NSA be required to get a warrant to break the encryption on encrypted data? Yes, there is an assumption of privacy. Can they log it without breaking it? Absolutely. Having your encrypted data in still encrypted format does not violate your privacy.
Do you really that the NSA is just archiving all this data to tape, hoping that if they need to decrypt it at some unknown future date that they would first go get a court order? If you do then I have a bridge in New York that I'd like to sell you.
But IF... IF this spying program is meant to protect Americans from potential terrorist attacks, wouldn't it be better AS public knowledge?
Wouldn't the terrorists just say, "Crap, they know about it! Call it off."
When bin Laden finally realized that he was being tracked by the satellite phone he used to use, he simply stopped using it and reverted to writing things down on paper. Much slower, but also much more difficult to intercept. He certianly didn't just give up because he couldn't talk to them on the phone any more.
Committed terrorists will simply stop using high technology devices like cell phones, the internet, etc. to communicate with each other since it's been demonstrated that the government can and will intercept everything they possibly can. The terrorists will just go back to using snail-mail, word of mouth, etc. Again, it'll take longer but it'll also prove more secure. Unless, of course, the NSA then moves to have operatives put in every US Post Office to read every piece of mail that's sent in the country.
There is absolutely no possibility that it's something like an AT&T monitoring system to make sure that its employees are not committing fraud, hackers are not abusing the network, etc...
Not only did he not have access to it, but he also stated: "The telltale sign of an illicit government spy operation is the fact that only people with security clearance from the National Security Agency can enter this room."
The NSA doesn't monitor communications businesses for fraud, hacking, etc. That's not their job. Their job is signals/intelligence collection and analysis. A room in a datacenter that's off-limits to everybody but people with NSA security clearences is basically screaming "I'm a massive phone/data tap".
Simple solution: You have a new encryption scheme where there are 2 private keys. The first one allows decryption, the second wipes the drive. Guess which one you give to the police?
Guess what happens when the police decides to verify your key the day after you give it to them.
>Actually the FBI has no jurisdiction outside the USA..The F in FBI stands for FEDERAL...
So you're saying that if a non-US individual or company causes financial damage to companies inside the US that the FBI is powerless to do anything about it? By your flawed logic nobody would ever be able to investigate such crimes where the criminal & victim are located in different countries because no law enforcement agency has jurisdiction in both countries.
The FBI regularly works with law enforcement organizations in other countries when US individuals and/or corporations are targeted by foreign criminals. The FBI investigates, and when they've identified a suspect they contact the authorities in the suspects country, provide all the evidence, and request that they be arrested. The US has extradition treaties with over 100 other countries.
Also keep in mind that FBI agents do perform their own investigations in foreign countries when it's appropriate (both countries agree). Yes, the FBI doesn't have any law enforcement powers, but they can and do run investigations. After the USS Cole bombing FBI agents were sent to Yemen to investigate. FBI agents went to Aruba to help investigate the disappearance of Natalie Holloway.
So, as I said in my original post: "If either the Tucows server or one of those sites whose DNS is hosted by Tucows is located in the US then the FBI has all the jurisdiction they would need to launch an investigation."
Let me guess: Bob's Discount Furniture
Nope, but those ads are pretty bad too... The ones I'm talking about: "Quality, Comfort, and Price".
I don't mind watching certian ads as long as they're of decent quality. On the other hand, there's one ad in particular that I refuse to watch. It's an ad for a local discount furniture store (I'm in the Boston area). All the ads feature the two owners and end with their stores jingle. It's the only ad that I will purposely go out of my way to either mute or change channels when it comes on, even if the remote is on the other side of the room. I simply can't stand their voices, their ads, or their jingle. And they run their ads every morning during all the local news casts, so I see/hear them virtually every single day. They've done a very good job of ensuring that I will never visit their stores, simply because their ads annoy me so much.
The point I'm trying to make is that if ads are made interesting and entertaining I'll be much more likely to watch them. If they get on my nerves then I'll be sure to skip them by whatever means necessary. If advertisers keep this in mind then they'll do a better job of getting eyeballs in front of their ads. Of course, entertainment value depends a great deal on relevence, so better targeting of ads, like what TiVo hopes to do, is big.
Don't synchronize with a time server in Denmark, unless of course you are in Denmark.
They are based in Israel so this spammer doesn't need to worry about the might of the FBI.
Not true. Since the idiot spammer DDoS'd the Tucows DNS server it affected thousands of sites all over the world. If either the Tucows server or one of those sites whose DNS is hosted by Tucows is located in the US then the FBI has all the jurisdiction they would need to launch an investigation. Of course just because they can doesn't necessarially mean they will. But if any of those customers is big enough they just might.
Obviously spammers are trying to get through filters by making their email appear legitimate. The closer spam looks like legitimate email traffic the harder it is to block them without also blocking some legitimate email.
But the spammers are caught in a bit of a catch-22 situation, especially when it comes to distributed spam-blocking tools like Razor, DCC, etc. If a spam is obviously forged then it's easy to flag as a spam. But alternatively if a spam has non-munged contact information, whether an e-mail address, a URL, or even a phone number or snail-mail address, those are all strings that it's VERY easy for filters to test against.
When I worked for a search engine company we relied on a combination of IP address and HTTP cookie to identify unique users. True, many people disable cookies, delete them, etc. but by making use of multiple tracking methods you get a much more accurate idea of usage.
I wonder if Chinese users will start significant adoption of gpg or other encryption technologies to try to keep their communications secure. Of course then the Chinese government will just ban all use of mail encryption if they haven't done so already...
True, that's one of the meanings for IHTFP, but there are so many that you can't really say one stands above the others.
I used to work in Cambridge, right across the street from one of the MIT parking lots for their facilities department. For a while one of their vans (looked like a converted ambulance) sported the message "IHTFP Hack Removal Squad" on its side. It looked professionally done - quite a good hack in my opinion.
Ahhh, the one reason why I would have considered going to MIT. So many of their hacks are truely inspirational.
IHTFP : Interesting Hacks To Fascinate People
I dunno about you guys, but I've had a VCR that could do that since before anyone had come up with the name "TiVo".
Are you sure about that? You had a VCR that could record one show to tape while playing another show from the same tape at the same time? I think that more accurately describes the TiVo patent. Their patent involved technology to write one realtime multimedia stream to a disk while simultaneously reading another realtime multimedia stream from the same disk. That's not exactly an easy thing to do with the level of technology that exists in the original series 1 TiVo's.
Absolutely amazing story. On a related note I know a guy who has been stuck in a wheelchair for 10+ years. He was a helicoptor pilot for the national guard long ago and had an accident where he landed really hard. The skids of the helicoptor were damaged but he walked away with a really bruised backside. 10 years after the accident he woke up one morning unable to move his legs. Apparently the accident had caused some sort of damage to his lower spine that wasn't diagnosed until his legs stopped working. Well after 10+ years in the wheelchair he was picked for a double-blind medical study with some European medical firm. After doing nothing more than taking a pill for a few weeks he was able to walk again with the help of a walker. The fact that we can develop a pill that can target conditions like blindness or this spinal injury is truely amazing.
Exactly how does this help with the global problem of overfishing?
Simple. No more fish means no more fishermen. Problem Solved.
(Actually I had the exact same thought as you when I read that part of it)
they don't even bother to tell Microsoft what's wrong with what they've provided
Yes, they have. The EU said that Microsoft had to provide complete and accurate reference documentation of API's, etc. so that third party developers would be able to make use of it. Microsoft said "rather than that, we'll make the source code available so those third parties can see exactly what our code does".
As someone who has developed software professionaly for ten years I can tell you that there's a HUGE difference between source code and documented API's and data structures. Trying to figure out what a complex function does just by looking at source code is extremely difficult. With something as complex as Windows it'd be virtually impossible. Having access to the source code would just be a huge waste of time & money. Having access to accurately documented API's would be a godsend to MS competitors.
Not to mention the fact that in TFA it states that a company hired to reverse engineer some of the MS code in order to validate the documentation they DID provide found the documentation to be "self-contradictory".