Slashdot Mirror


User: raymorris

raymorris's activity in the archive.

Stories
0
Comments
10,114
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 10,114

  1. Without lying, and best interests might be rehab on Ross Ulbricht's Lawyer Requests Suppression Of Silk Road Evidence · · Score: 1

    > Even if they know that the client is guilty and would like to see them die a horrible death they have to do their best to defend them in court

    Yep. More specifically, they are supposed to act in the best interest of the client, but without lying or helping the client lie.
    Spin is required, allowing or participating in actual lying is called "subornation of perjury" and it is grounds for disbarment and a maximum of about five years in prison.

    Also, they are not required to try to "get their client off". That's hookers who do that. It is acceptable, I believe, for an attorney to seek to have their drug-addicted client to prison rehab like SAFP, if that is in the client's best interest. That is unless the client specifically instructs their attorney to try to avoid prison rehab

  2. was, but not really. 99% of clist Ian isn't hooker on Ross Ulbricht's Lawyer Requests Suppression Of Silk Road Evidence · · Score: 1

    99% of the ads on Craigslist are for something other than hookers.
    Craigslist wasn't specifically designed for illegal activity.

    Silk Road was designed for illegal activity, and was mostly used for illegal activity.

    Further, Craigslist took care of the hooker issue when it became a problem. The hookers are on Backpage now.

  3. the CP sites is one thing, Freedom Hosting another on The FBI Is Infecting Tor Users With Malware With Drive-By Downloads · · Score: 1

    From the article, it sounds like we know they used it to identify computers browsing child porn sites. They had warrants. Okay, I'm not too upset about that. MAYBE they also did it to all sites hosted by Freedom Hosting. THAT would be a problem.

  4. CCE is a manager of drug dealers on Ross Ulbricht's Lawyer Requests Suppression Of Silk Road Evidence · · Score: 5, Informative

    CCE has nothing to do with being in prison. The requirements for conviction under Continuing Criminal Enterprise are that the defendant:
    Managed or supervised
    a series of
    felony
    drug offenses
    involving at least four other people.

    That actually sounds a LOT like "running a drug market", which about right.

    http://en.m.wikipedia.org/wiki...

  5. Re:$10 / month, no contract. Read the summary on Comcast Gives 6 Months Free Internet To Poor and Unpaid Bill Amnesty · · Score: 1

    > Give me one reason why anyone would trust Comcast?

    Given that you just lied to us, we certainly wouldn't trust anything else you have to say on the matter. That puts you and Comcast in the same category. We wouldn't believe either one of you.

    Next time, if you don't start out your comments with lies, you can point out who the bad guy is and be believed.

  6. Good point. $16 server admins in California on Comcast Gives 6 Months Free Internet To Poor and Unpaid Bill Amnesty · · Score: 1

    > Umm, please name any skein of human culture not rife with liars and idiots.

    Good point. Just before reading your message, I was dealing with yet another moron hosting company who doesn't know how to copy files. I was curious, so I clicked on their employment page. They're hiring server administrators in California at $16 / hour - less than gas station clerks make. Surprise, for $16 / hour in California they get server admins who are morons.

    And you're right, those aren't liberals, they're Californians. Oh wait ... ;)

  7. Only if they are smarter than politicians on Spain's Link Tax Taxes Journalist's Patience · · Score: 1

    That's a brilliant hack. If Google (and everyone else) is smarter than the politicians, they simply won't link to the newspapers. The newspapers will get no traffic and therefore no ad revenue, and go out of business. Damn those dastardly webmasters outsmarting the politicians.

    And elsewhere on this page, people are seriously suggesting that these same moron politicians should be running the news outlets.

  8. ads paid for newspapers 30 years ago on Spain's Link Tax Taxes Journalist's Patience · · Score: 1

    > And you aren't willing to pay for it. You forgot to add that point. And that little point make a HUGE difference.

    That's not a difference between dead-tree news and online news. Thirty years ago, before the web existed, I learned that a newspaper which sold for 25 cents cost $1.25 to produce. Just the blank paper was about 26 cents. All of the news-gathering, printing, and distribution was paid for by ads, exactly like online news sources today.

    The main point of the 25 cent charge was as a hit-counter. It assured advertisers that the papers weren't just being thrown in the dumpster by the printer, but that there was some subscriber actually receiving the paper. Today, advertisers can easily count how many people go to the exact page their ad is on, so they don't need to know how many subscribers a web site has. They can directly count how many times the ad is displayed, so there's no need to collect quarters as hit counters.

  9. $10 / month, no contract. Read the summary on Comcast Gives 6 Months Free Internet To Poor and Unpaid Bill Amnesty · · Score: 1

    I know you liberals can't be bothered to actually read an article, but come on, the summary is just a few sentences.
    After the six free months, it US $10 / month.

    I've heard that Comcast sucks. If you think they do, you have two choices:
    a) tell people why Comcast sucks
    b) totally make shit up out of thin air, so readers think that people complaining about Comcast are liars and idiots

  10. only ones where they identified the children on Google Spots Explicit Images of a Child In Man's Email, Tips Off Police · · Score: 1

    The one used in this case is a database of in images where they know who the kids are. So not just "obviously underage", but "that's Megan Smith, who is 9 years old". More in info can be found here:
    http://www.missingkids.com/CVI...

    Other systems exist for "looks like probably". They are mostly useful when you don't want any porn, so Facebook and YouTube could use them. YouTube uses such a system as a pre-check, then has him humans manually confirm. At least, they DID. They could have stopped using it an hour ago and I wouldn't know.

  11. * emphasis on more bits (3DES) on Mozilla Dumps Info of 76,000 Developers To Public Web Server · · Score: 1

    I said:

    > A DES-based hash would still be fine, just by allowing more bits.

    I should clarify that DES itself specifies a key length of 56 bits. To get more bits, you do DES three times*, which is called Triple DES or 3DES. If you use three different 56-bit keys, that's effectively a 112 bit key due to meet-in-the-middle, and that's strong for an another fifteen years.

    * encrypt(key1,decrypt(key2,encrypt(key3,plaintext)))

  12. Re:On which the most common hash is based on Mozilla Dumps Info of 76,000 Developers To Public Web Server · · Score: 1

    A good encryption algorithm cannot be reversed without knowing the key, and a hash shouldn't be reversible, so a good encryption is a good basis for a hash. For PASSWORD hashing you don't use just the primitive, whether that primitive is DES or MD5. You do many rounds, with salt.

      If you're not kidding about MD5, DES was in use twelve years before Rivest proposed MD2. Maybe 20 years before MD5, I don't remember the exact year for MD5.

    Purpose-built hash algorithms have not been better, historically. MD2 had to be quickly replaced with MD3, which fell and required MD4, then MD5. MD5 was broken a few years ago. Each one lasted only a few years. On the other hand, DES encryption is still secure. A DES-based hash would still be fine, just by allowing more bits. The original hash dropped everything after the first eight characters before passing it to DES, and arbitrarily chose to use just 12 bits of salt. One could easily allow longer passwords and salt and have a secure DES-based hash. It would be more secure than any MDx.

  13. compared to hash database, with antivirus on Google Spots Explicit Images of a Child In Man's Email, Tips Off Police · · Score: 5, Informative

    It seems National Center for Missing and Exploited Children has a database of hashes, or "fingerprints" of known child porn images. When you use Gmail, it checks attachments against a database of viruses and also apparently against this CP database.

    A distinction can be made here. What the database does NOT do is any kind of image analysis to see if the picture LOOKS like child porn. It checks only against known, reported child porn, apparently.

  14. Millions $ through Wheeler to Obama campaign on Sprint/T-Mobile Plan To Buy Spectrum Together May Be Blocked By FCC · · Score: 1

    > who I guess are better at "lobbying" the FCC, where "lobbying" probably means effectively mailing them giant boxes of cash).

    They mailed checks to Wheeler, made out to "Obama campaign". Obama then appointed Wheeler.
    Bundlers like Wheeler only have to report the amount as "over $500,000", so we don't know the exact number but it's likely to be a few million dollars.
    http://www.opensecrets.org/pre...

  15. On which the most common hash is based on Mozilla Dumps Info of 76,000 Developers To Public Web Server · · Score: 3, Informative

    DES is the encryption standard which is the basis of what for many years was the most common type of hash.
    For DES-based hashing, as used in .htpasswd files, the least significant bits of the first eight characters are used as a 56-bit key. This key (the users password) is used to encrypt a null bytes, 25 times. crypt(3) accepts a two-character salt, but uses only the lowest six bits of each character, so it's a 12 bit salt and a 56 bit password (maximum).

    crypt(3) can also support better hash algorthims by passing salt values such as $1$xxxxxxxx$ or $5$xxxxxxxxxxxx$

  16. what kind of hash / salt? on Mozilla Dumps Info of 76,000 Developers To Public Web Server · · Score: 1

    Neither of the two links in TFS mentioned what kind of hash was being used. Does anyone happen to know? If it was the old fashioned DES hash as commonly used in .htpasswd, it may well be plaintext. If it was crypt('$5$xxxxxxxxxxxx' SHA, it's only a concern for people who chose very bad passwords.

  17. partly true. It's harder if they validate their in on UK Spy Agency Certifies Master's Degrees In Cyber Security · · Score: 2

    I agree you're not going to teach someone to be a hacker / cracker unless they have that innate talent and interest. That's true for a lot things. Athletics certainly involves some things that can't be taught. You CAN start with a strong, athletic kid who knows nothing about about football and TEACH him the game, the techniques, and the skills. Same thing with cracking. Starting with a cunning, devious kid who knows little about computers, you can teach them to look for unvalidated input, etc. the same way a con man can learn new cons.

    Further, I regularly teach programmers who aren't naturally devious important basics - always validate input carefully, never use eval(), always multiple argument form of system() if it's used at all, don't write your own encryption, etc. What they learn may not be enough to keep me from hacking their systems, but it can certainly make it a whole lot harder.

    Have a look through the nine online cyber security courses offered by TEEX I think you'll find they cover some good stuff, especially the more advanced courses. TEEX is part of the Texas A&M system and the courses are approved by DHS, do they demonstrate that a university system CAN provide some good education in this area, with courses approved by the relevant concern government agency.

    Before I saw the TEEX courses, I expected them to suck. I was pleasantly surprised.

  18. yep, welcome $large_organization networking on Recipe For Building a Cheap Raspberry Pi Honeypot Network · · Score: 1

    > > active directory

    > I see now - fully trusted hosts, potential malware ridden with no way to keep it off other than hoping the antivirus
    > updates arrive before the malware, and a closed system where you have to guess at the legitimate traffic to boot.

    Yep, welcome to office networking. In a government office, throw in a few DOS terminals and other systems that haven't seen a security update since 1982.

  19. ps My office has been investigated != fired on Recipe For Building a Cheap Raspberry Pi Honeypot Network · · Score: 1

    I should emphasize strange traffic being investigated doesn't mean anyone gets in trouble. The head of security cut off my network port once when he detected something weird. I explained what I was doing. He pointed out a security concern, and we agreed to a compromise configuration we could both live with.

  20. real storage, active directory servers get legit t on Recipe For Building a Cheap Raspberry Pi Honeypot Network · · Score: 2

    Let's consider the last piece of malware I dealt with. It searched the network for shared storage and did nasty things on the storage. The REAL storage server is used by thousands of people, so it gets many, many requests per minute. Sorting out legitimate use of the storage vs something suspicious would be nearly impossible. The honeypot storage, on the other hand, gets NO legitimate traffic. Any traffic to the honeypot is worth investigation. That makes it a much more reliable way to find malware or other traffic sources that merit investigation.

    Same with the active directory, the mail server, the database ...
    Do you have any idea how much traffic a corporate mail server can get? Looking for suspicious connections is worse than a needle in a haystack. An otherwise unused machine with the mail ports open quickly flags strange behaviour for investigation.

  21. Forgot to read your own link? on China Confirms New Generation of ICBM · · Score: 1

    Did you forget to look at that page before linking to it?
    Iron Dome, fully deployed in November 2012, is a system for intercepting medium-range rockets. Count the number of ROCKET fatalities after November 2012. For that matter, look at the number after they STARTED deploying Iron Dome in the first location compared to before they had iron dome.

    Iron Dome is not designed to defend against snipers, flu, mortars, or insults. It defends against rockets.

  22. Postol's argument is weak. No fatalities. on China Confirms New Generation of ICBM · · Score: 1

    His argument is based on looking at contrails and comparing them to his guess as to the best angle of intercept, then theorizing about what might happen. What actually HAS happened is that thousands of rockets have been fired at Israel and no-one has been killed by them.

  23. maybe nobody prioritizes lightweight and Emacs on Comparison: Linux Text Editors · · Score: 1

    Emacs bindings and light weight, eh? Maybe nobody who cares about light weight is accustomed to emacs and vice versa.

  24. vi CAN run in the browser, or plugin lynx on Comparison: Linux Text Editors · · Score: 1

    There are assorted plugins to integrate vim and other vi-like editors with web browsers. So I might be using vim keystrokes to write this. Alternatively, a vim plugin can also call lynx. I'm not sure why you'd want to do the latter. The former might be handy if just avoid accidentally ending your posts like this. :wq

  25. Local very important. More working-age voters. on Ask Slashdot: Should I Fight Against Online Voting In Our Municipality? · · Score: 2

    I'd agree with others who have said local elections are very important. My local fire, police, schools, roads, and job opportunities are more important to me than whatever Washington did today.

    I think you've missed the largest difference that online voting might make. Retired people are over-represented in local elections because they take the time to vote, more often than working-age people do. Online voting might make that more balanced or even swing the other way. Retirement age people also have the majority of the money and therefore influence through political donations.

    Along the same lines, traditional voting methods mean only people who care enough to take the time to vote do so. (Unless a politician has a pizza party on the voting bus and pays each voter $10 to get on board.) Online voting, if it takes just a few seconds, MIGHT increase the number of votes by people who can't be bothered to take a few minutes to get involved. That could be good or bad. Personally, I think that if you don't know the name of the incumbent, you probably aren't informed enough to make an informed vote and I'd prefer you choose not to vote that time around. I'd hope that everyone gets informed, but if someone isn't interested enough to know what's on the ballot ahead of time, I don't see a need to encourage them to vote anyway.