It wouldn't matter if they WERE the best and brightest. If you study cryptography you learn about famous cryptographers such as Polybius, Trithemius, VigenÃre, Stager, Scherbius, Rivest, and Schneier. These are the best cryptographers the world has ever seen. They all have own thing in common - their creations have all been hacked, broken.
A fundamental law is that it is easier to break something than to make that thing. Physicists call this "maximum entropy" - things naturally tend away from order and structure, things break more easily than they are made. Any cipher, any encryption, which can be made by people can broken by people.
In cryptography, as in crime, one side has an almost insurmountable advantage. The cryptographer can come up with huge, complex systems with many parts. The cryptanalyst needs only find a single flaw, a single shortcoming or shortcut, anywhere in the system. Cryptonanalysists will amost always beat cryptographers for the same reason a determined police force will almost always find their murderer if they try hard enough - the murderer has to do everything perfect to get with it, the police only need to find that one stray hair, with its DNA, or one drop of blood under the carpet, to prove their case.
> The wording seemed to be there to target intentional abuse. This could be considered unintentional, though definitely avoidable.
You used the word "intentional" twice. You may recall that "intentional" is three levels higher (worse) than "knowingly". The authors of the law chose "knowingly", which *means* unintentional, though foreseen. If the law was supposed to mean "intentionally", it would say "intentionally" because that's one of the four choices. Apple knows that what they are currently doing causes 911 calls multiple times per day. Therefore by that wording they are liable.
If the law said "purposefully calls 911" there could be an argument, because "purposefully" isn't one of the four defined levels. Someone would argue that "purposefully" means the same thing as "intentionally" and someone else might argue otherwise. Since the law uses the legal term "knowingly", that's defined to mean intent does not matter. Had the law said "negligently" that would mean Apple is liable of they aren't being careful. Since the word "knowingly" is used, even being careful isn't enough - they know about it, they didn't stop it, therefore they are liable.
"knowingly" is a term of art in law, a well-established term with a very well known definition. It's part of a set:
Intentionally - doing it on purpose, trying to cause the result Grossly negligent - Reckless as to whether it happens Negligent - Not sufficiently careful to avoid the thing Knowingly - Aware that you're doing or causing some thing
So knowingly is the the bottom of the list, it requires only awareness. Because they have been aware for a long time, and they know that installing screening (Faraday cage) would prevent the problem, and they have failed to take these reasonable steps, they are now grossly negligent - two steps worse than "knowingly".
-- Going off on a tangent:
It's funny because it's a federal crime to be "negligent" in allowing classified information to be placed on unapproved storage systems. FBI Director Comey announced in the famous press conference that Clinton was "extremely careless in her handling of very sensitive, highly classified information.". Well "extremely careless" means the same thing as "grossly negligent", so that's a felony. He announced that she was guilty of a felony. Then proceeded to say "although there is evidence of violations... consider the context" a prosecutor won't indict the person about to be elected president.
What Google made was a Java-compatible runtime. Oracle claims that making it compatible, using the same interface, is unlawful.
Consider anything that uses any kind of network protocol, serial, protocol, etc. If Oracle wins, the precedent is that it's unlawful to make an accessory compatible with any device which uses a non-standard protocol, because you'd be copying interface, just as Google copied the interface to Java.
> Wait, what? Int round(float) isn't what is in question here, it's what the function round does and the underlying code to execute it.
Half right.
Oracle's claim is that Google isn't allowed to have round(float) round it's input. Google says the copyright protects the *expression* of the idea, the implementation. The actual copyright statute says the idea is not protected, the expression of the idea is. Oracle says it's unlawful for Google to have a function called round() which rounds it's input, because Java has that. Google would have to call theirs round_a_number() or something, Oracle says.
Google says you are allowed to make something COMPATIBLE with java, with a different implementation. Oracle says making it java compatible was unlawful.
> This is whether or not Google has the right to implement its own JVM.
And you can't implement a JVM without having round(). HOW round works can change (the expression, aka implementation).
> So for who is this message? Not for the "bad user" who (the 2 million of them) are identified.
Didn't bother to read even two sentences into the summary before posting your insightful knowledge about the topic? The message (an SEC filing) is for potential investors.
> So where is the real loss occurring?
The loss would be investors losing their investment. You, in your 401k, for example. If they invest in the company based on the claim that they have 159 million users generating revenue, but in fact there are only 100 million legitimate users, the company has a lower chance of success, a lower likely future value, and investors will likely lose money.
Public companies are required to do two things - state business facts such as the number of customers they have as accurately as they can, and report any foreseen risks. In its most recent filing, the company has amended their statements for both reasons. They reduced their customer count by 2 million, and acknowledged the risk that many more active accounts may not actually be able to bring revenue, because those users could be using hacked apps.
On a side note - I've been in computer security for twenty years, so I've seen a few things in that time. One thing I've noticed may seem obvious once I say it, but it's not obvious to a LOT of people:
Hacked apps are hacked, by hackers.
When you install a "cracked warez", you're installing something you've downloaded from a known disreputable site, that you KNOW was coded or modified by disreputable people who don't mind screwing somebody else over, and of course breaking the law. It has malware folks; most of the time "cracked" includes malware. These organizations and individuals don't crack and distribute the cracked software, risking legal trouble for themselves, out of the goodness of their hearts. They want you to install their hacked version because it includes a payload they want to sneak on to your system.
The numbers show the record companies got less MONEY from digital than from physical products, not that people listened to fewer songs. Downloads and streaming let the consumer get more music for little money.
If you want FREE music there are millions and millions of songs on MySpace, free. 15 million people post their creations on myspace. If you want professionally produced, highly polished music and you want what the record companies pick out for you, contributing your $1 to the cost of that is not only the best right thing to do, it also supports the artists (musicians and composers, producers, mix engineers, etc) so they can continue to produce the music you love.
Some people say they don't see value in talent scouts finding artists, they'd be happy browsing through the 15 million artists on MySpace. They don't see value in the half million dollars of production that goes into a typical major-label album. Cool. If you don't want that, MySpace has millions of songs produced in someone's basement.
If you DO want to listen to songs that have been through a year of production to make the sound perfect, grab four quarters off your night stand and toss your buck in the hat that pays for all that.
Threats and military force are the most VISIBLE use of a large military, but not at all the most common or most important to international relations. Ireland, spending 0.5% of its GDP on military, lacks even the most basic ability to defend itself. Ireland doesn't NEED to be able to defend itself because it can depend on its friend, the United States.
For comparison, Saudi Arabia spends 10% of GDP, the US 3.5%. The US doesn't need to threaten invasion, nations like Ireland know that they are 100% reliant on the US, UK, France, and Germany for their defense. The US has twice as much military power as the entire EU combined, so it's a really good idea to have the US on your side in case of any conflict.
That's the primary use of the US military - allowing countries like Ireland to be defended by the world's only $500 billion military while they spend only $500 million. They just have to be a good friend to the US.
This is 100% a prostitution bill. There WAS a sex trafficking bill. Then there was an amendment which replaced the entire text of the bill, other than the title. Read the bill as enrolled - it's all about prostitution, nothing about trafficking.
> The other issue is that while we generally say child porn is illegal the law requires three instances of it.
The rule there is no more than three IF the person immediately deletes it or reports it to law enforcement, without sending it or showing it to anyone else.
Amazon has been surviving on borrowed money since Amazon was a book seller. TRS declined in the 1990s vs Walmart and Target. In 1998 Walmart sold more toys than Toys R Us did. By 2005 Moody's rated TRS bonds as "extremely speculative" and "substantial risk" - indicating it was already likely TRS was headed for bankruptcy.
Investors including Bain Capital thought there was still value in the brand, and with better management they might be able to turn the company around, so they bought it (cheap). After analyzing what was happening, Bain and the new management invested in store upgrades and were able to improve sales and profits, with the new approach yielding a 55% profit increase in 2010. That still wasn't enough to support all the high-speed interest debt TRS has been surviving on for the last 20 years, though.
TRS has long been like a guy making $100K who is making minimum payments to float $200,000 in credit card debt. You can survive a long time doing that, but you know it's headed for bankruptcy unless they get lucky somehow.
Here's what I know, having not memorized the article or further investigated it's claims after discovering it contains claims that are easily proven false:
A. Someone wrote an article making false claims, claims that are easily debunked by reading even the first five words of the relevant law.
B. This same article, written by a highly unreliable source, claimed that the blockchain contains links to porn. (Porn is legal).
C. The unreliable article also claimed there are images of some sort in the blockchain.
D. The same BS article attempted to draw some sort of connection to child porn.
E. A common scare tactic is to deliberately conflate porn and child porn, saying something about child porn, then saying "there is porn...", then something else about child porn. This is a deliberate tactic to mislead the reader into thinking the second statement is about child porn.
Here's the first line of the law for you so you don't have to even bother clicking the link: "Any person who knowingly:"
Knowingly is the first element of the offense.
The affirmative defenses are: 6a the alleged (simulated) child is real people who were adults at the time.
6d gives an affirmative defense to a(5):
(1) possessed less than three images of child pornography; and (2) promptly and in good faith, and without retaining or allowing any person, other than a law enforcement agency, to access any image or copy thereofâ" (A) took reasonable steps to destroy each such image; or (B) reported the matter to a law enforcement agency and afforded that agency access
Those are the affirmative defenses. "Knowingly" is an element of the offense, not a defense.
I'll never understand why people post on topics that they know nothing about. ESPECIALLY in reply to a post with a subject line citing the specific section of statue - it's pretty obvious that I know the statute when I cite it.
The federal law on the matter is 18 U.S. Code  2252A. It says it's illegal to KNOWINGLY send and receive child porn. Anyone who doesn't know it's there has not committed a crime. Even having read the summary, I know that the chain contains a) porn and b) links to child porn. I don't know/remember if it contains child porn, so it's not illegal for me to send or receive it.
Also, as confirmed in ELONIS, mens rea (guilty mind) is still required. To be criminally responsible for any action, one would have to intend to do something bad. That's true by default unless the statute for a particular crime specifically lays out a different treatment of mens rea for the elements of that particular crime. Since 2252 doesn't specify otherwise, the standard mens rea rule applies and one is not guilty unless they were they had guilty intent, unless they were trying to do a bad thing.
> And no, you can't turn chlorine gas back into chlorine by adding water,
Actually that's what happens if you sit and do nothing. Chlorine reacts with water in the air, strongly catalyzed by sunlight, to form hydrogen chloride. That's not the fastest and easiest way to get rid of it, though. Chlorine reacts (combines) with almost every element on the periodic table, other than the noble gasses, which don't really react with anything. So you could neutralize it by adding just about anything, or just sit and wait while it reacts with (bleaches) whatever happens to be in the room.
Soldiers in WW1 would protect themselves (somewhat) by breathing through a wet handkerchief, allowing the chlorine gas to react with the moisture on the handkerchief instead of the moisture of their mucous membranes.
Just curious, why are you arguing about chemistry.without having any idea what you're talking about?
PS the main chemical you put in swimming pools is bleach. Then you pour in that acid. In order to make the water SAFER than just plain water. Just add water - no more danger.
You've been on Slashdot long enough, and I've read enough of your posts, to know that when you quote me saying "until they are combined" you know what that means.
Bleach is in fact not all that dangerous, and doesn't require demolishing a building. Same with swimming pool chemicals. "until they are combined".
> A rather significant part of OChem is devoted pretty much to learning how to successfully synthesize organic substances without accidentally blowing yourself up or setting yourself on fire, with a section on the first day of lab typically devoted to what to do when that does happen anyway.
And we'd rather that not happen. We don't want untrained people trying to make acetone peroxide. Unfortunately there are people, such as my nephew, who will hear "this guy mixed up an explosive, acetone peroxide, from common household items" and they'll try mixing acetone and peroxide. My nephew would totally do that. When I was 14, I almost would have. There is no need for me or him to parse 3,3-Dimethyl-1,2-dioxacyclopropane in order to do something stupid.
Okay two issues. First, I'm talking about the components, the ingredients, used to make the explosive. Any actual explosives likely detonated in the explosion that killed him.
Secondly, the name of the explosive may very well be "acetone peroxide". Think nobody can guess which two ingredients you mix to make "acetone peroxide"? (For those unsure, it's acetone and peroxide.).
> Barring something in the way of highly exotic medical problems, your excrement is not likely to blow up. > And yes, yes you are randomly mixing the elemental ingredients when you use the toilet.
Try randomly mixing acetone and peroxide some time and see what happens. Mix no more than 1 gram, and make sure nobody is within 300 meters for the next several days.
I have found that when the security team sends out "phishing" emails about once a month, that helps. Opening the link takes the employee to a page reminding them about phishing. If instead they click the "report" button in Outlook, they get a happy message. It changes behavior after a few months.
> mention the chemical names because that might (somehow) enable people to whip them up in their kitchen...never mind that by that same theory, merely knowing the word 'cake' would grant one the necessary knowledge to produce one from scratch.
Although I don't necessarily disagree with your conclusion, that's really not a good analogy. We're talking about listing the ingredients used. If major newspapers published the ingredients for Coca-Cola, some people might TRY to make it. Not knowing anything more than the ingredient list, they'd probably fail to make it right. When making high explosives, failing to do things right can result in KABOOM, as it did in this case.
So the theory is given the list of ingredients, some idiot might TRY to make it, perhaps by just mixing together random amounts. In the case of acetone peroxide, just mixing the two ingredients will cause an explosion. It'll go off without being purposely detonated, if you don't take active steps to prevent spontaneous detonation.
>. 'blows self up' though, smart money is on hydrogen peroxide and acetone. Good old TAP - high explosive you can make in your kitchen from readily available chemicals. Also tends to explode if you just stir it a little too fast.
I thought of the same. Low explosives such as black powder don't tend to kill the maker in an accident. (Unless it's industrial scale). Losing a finger is entirely possible. Acetone peroxide, as you said, attracts idiots because the components are readily available, AND it's very unsafe to make - killing yourself is entirely possible.
I heard one guy who lives near me had a lot of experience making pyrotechnics, making black powder and such. He (very carefully) made a few MILLIgrams of acetone peroxide. Seeing what just a few milligrams was like, he swore to never again go near AP.
Slashdot Mirror
> For even a simple example, "knowingly" can refer to knowledge of the criminal nature of an act, mere knowledge of the act itself,
Can you cite even one example, in all of federal or state law, in which "knowingly does ..." EVER means "with knowledge of the criminality of the act"?
It wouldn't matter if they WERE the best and brightest. If you study cryptography you learn about famous cryptographers such as Polybius, Trithemius, VigenÃre, Stager, Scherbius, Rivest, and Schneier. These are the best cryptographers the world has ever seen. They all have own thing in common - their creations have all been hacked, broken.
A fundamental law is that it is easier to break something than to make that thing. Physicists call this "maximum entropy" - things naturally tend away from order and structure, things break more easily than they are made. Any cipher, any encryption, which can be made by people can broken by people.
In cryptography, as in crime, one side has an almost insurmountable advantage. The cryptographer can come up with huge, complex systems with many parts. The cryptanalyst needs only find a single flaw, a single shortcoming or shortcut, anywhere in the system. Cryptonanalysists will amost always beat cryptographers for the same reason a determined police force will almost always find their murderer if they try hard enough - the murderer has to do everything perfect to get with it, the police only need to find that one stray hair, with its DNA, or one drop of blood under the carpet, to prove their case.
> The wording seemed to be there to target intentional abuse. This could be considered unintentional, though definitely avoidable.
You used the word "intentional" twice. You may recall that "intentional" is three levels higher (worse) than "knowingly". The authors of the law chose "knowingly", which *means* unintentional, though foreseen. If the law was supposed to mean "intentionally", it would say "intentionally" because that's one of the four choices. Apple knows that what they are currently doing causes 911 calls multiple times per day. Therefore by that wording they are liable.
If the law said "purposefully calls 911" there could be an argument, because "purposefully" isn't one of the four defined levels. Someone would argue that "purposefully" means the same thing as "intentionally" and someone else might argue otherwise. Since the law uses the legal term "knowingly", that's defined to mean intent does not matter. Had the law said "negligently" that would mean Apple is liable of they aren't being careful. Since the word "knowingly" is used, even being careful isn't enough - they know about it, they didn't stop it, therefore they are liable.
"knowingly" is a term of art in law, a well-established term with a very well known definition. It's part of a set:
Intentionally - doing it on purpose, trying to cause the result
Grossly negligent - Reckless as to whether it happens
Negligent - Not sufficiently careful to avoid the thing
Knowingly - Aware that you're doing or causing some thing
So knowingly is the the bottom of the list, it requires only awareness. Because they have been aware for a long time, and they know that installing screening (Faraday cage) would prevent the problem, and they have failed to take these reasonable steps, they are now grossly negligent - two steps worse than "knowingly".
--
Going off on a tangent:
It's funny because it's a federal crime to be "negligent" in allowing classified information to be placed on unapproved storage systems. FBI Director Comey announced in the famous press conference that Clinton was "extremely careless in her handling of very sensitive, highly classified information.". Well "extremely careless" means the same thing as "grossly negligent", so that's a felony. He announced that she was guilty of a felony. Then proceeded to say "although there is evidence of violations ... consider the context" a prosecutor won't indict the person about to be elected president.
What Google made was a Java-compatible runtime.
Oracle claims that making it compatible, using the same interface, is unlawful.
Consider anything that uses any kind of network protocol, serial, protocol, etc. If Oracle wins, the precedent is that it's unlawful to make an accessory compatible with any device which uses a non-standard protocol, because you'd be copying interface, just as Google copied the interface to Java.
> Wait, what? Int round(float) isn't what is in question here, it's what the function round does and the underlying code to execute it.
Half right.
Oracle's claim is that Google isn't allowed to have round(float) round it's input. Google says the copyright protects the *expression* of the idea, the implementation. The actual copyright statute says the idea is not protected, the expression of the idea is. Oracle says it's unlawful for Google to have a function called round() which rounds it's input, because Java has that. Google would have to call theirs round_a_number() or something, Oracle says.
Google says you are allowed to make something COMPATIBLE with java, with a different implementation. Oracle says making it java compatible was unlawful.
> This is whether or not Google has the right to implement its own JVM.
And you can't implement a JVM without having round(). HOW round works can change (the expression, aka implementation).
> So for who is this message? Not for the "bad user" who (the 2 million of them) are identified.
Didn't bother to read even two sentences into the summary before posting your insightful knowledge about the topic? The message (an SEC filing) is for potential investors.
> So where is the real loss occurring?
The loss would be investors losing their investment. You, in your 401k, for example. If they invest in the company based on the claim that they have 159 million users generating revenue, but in fact there are only 100 million legitimate users, the company has a lower chance of success, a lower likely future value, and investors will likely lose money.
Public companies are required to do two things - state business facts such as the number of customers they have as accurately as they can, and report any foreseen risks. In its most recent filing, the company has amended their statements for both reasons. They reduced their customer count by 2 million, and acknowledged the risk that many more active accounts may not actually be able to bring revenue, because those users could be using hacked apps.
On a side note -
I've been in computer security for twenty years, so I've seen a few things in that time. One thing I've noticed may seem obvious once I say it, but it's not obvious to a LOT of people:
Hacked apps are hacked, by hackers.
When you install a "cracked warez", you're installing something you've downloaded from a known disreputable site, that you KNOW was coded or modified by disreputable people who don't mind screwing somebody else over, and of course breaking the law. It has malware folks; most of the time "cracked" includes malware. These organizations and individuals don't crack and distribute the cracked software, risking legal trouble for themselves, out of the goodness of their hearts. They want you to install their hacked version because it includes a payload they want to sneak on to your system.
The numbers show the record companies got less MONEY from digital than from physical products, not that people listened to fewer songs. Downloads and streaming let the consumer get more music for little money.
If you want FREE music there are millions and millions of songs on MySpace, free. 15 million people post their creations on myspace. If you want professionally produced, highly polished music and you want what the record companies pick out for you, contributing your $1 to the cost of that is not only the best right thing to do, it also supports the artists (musicians and composers, producers, mix engineers, etc) so they can continue to produce the music you love.
Some people say they don't see value in talent scouts finding artists, they'd be happy browsing through the 15 million artists on MySpace. They don't see value in the half million dollars of production that goes into a typical major-label album. Cool. If you don't want that, MySpace has millions of songs produced in someone's basement.
If you DO want to listen to songs that have been through a year of production to make the sound perfect, grab four quarters off your night stand and toss your buck in the hat that pays for all that.
Threats and military force are the most VISIBLE use of a large military, but not at all the most common or most important to international relations. Ireland, spending 0.5% of its GDP on military, lacks even the most basic ability to defend itself. Ireland doesn't NEED to be able to defend itself because it can depend on its friend, the United States.
For comparison, Saudi Arabia spends 10% of GDP, the US 3.5%. The US doesn't need to threaten invasion, nations like Ireland know that they are 100% reliant on the US, UK, France, and Germany for their defense. The US has twice as much military power as the entire EU combined, so it's a really good idea to have the US on your side in case of any conflict.
That's the primary use of the US military - allowing countries like Ireland to be defended by the world's only $500 billion military while they spend only $500 million. They just have to be a good friend to the US.
This is 100% a prostitution bill. There WAS a sex trafficking bill. Then there was an amendment which replaced the entire text of the bill, other than the title. Read the bill as enrolled - it's all about prostitution, nothing about trafficking.
> The other issue is that while we generally say child porn is illegal the law requires three instances of it.
The rule there is no more than three IF the person immediately deletes it or reports it to law enforcement, without sending it or showing it to anyone else.
Amazon has been surviving on borrowed money since Amazon was a book seller. TRS declined in the 1990s vs Walmart and Target. In 1998 Walmart sold more toys than Toys R Us did. By 2005 Moody's rated TRS bonds as "extremely speculative" and "substantial risk" - indicating it was already likely TRS was headed for bankruptcy.
Investors including Bain Capital thought there was still value in the brand, and with better management they might be able to turn the company around, so they bought it (cheap). After analyzing what was happening, Bain and the new management invested in store upgrades and were able to improve sales and profits, with the new approach yielding a 55% profit increase in 2010. That still wasn't enough to support all the high-speed interest debt TRS has been surviving on for the last 20 years, though.
TRS has long been like a guy making $100K who is making minimum payments to float $200,000 in credit card debt. You can survive a long time doing that, but you know it's headed for bankruptcy unless they get lucky somehow.
Here's what I know, having not memorized the article or further investigated it's claims after discovering it contains claims that are easily proven false:
A. Someone wrote an article making false claims, claims that are easily debunked by reading even the first five words of the relevant law.
B. This same article, written by a highly unreliable source, claimed that the blockchain contains links to porn. (Porn is legal).
C. The unreliable article also claimed there are images of some sort in the blockchain.
D. The same BS article attempted to draw some sort of connection to child porn.
E. A common scare tactic is to deliberately conflate porn and child porn, saying something about child porn, then saying "there is porn ...", then something else about child porn. This is a deliberate tactic to mislead the reader into thinking the second statement is about child porn.
No, the affirmative defenses start at 6a. See for yourself, this is the law, which I had already cited for you:
https://www.law.cornell.edu/us...
Here's the first line of the law for you so you don't have to even bother clicking the link:
"Any person who knowingly:"
Knowingly is the first element of the offense.
The affirmative defenses are:
6a the alleged (simulated) child is real people who were adults at the time.
6d gives an affirmative defense to a(5):
(1) possessed less than three images of child pornography; and
(2) promptly and in good faith, and without retaining or allowing any person, other than a law enforcement agency, to access any image or copy thereofâ"
(A) took reasonable steps to destroy each such image; or
(B) reported the matter to a law enforcement agency and afforded that agency access
Those are the affirmative defenses. "Knowingly" is an element of the offense, not a defense.
I'll never understand why people post on topics that they know nothing about. ESPECIALLY in reply to a post with a subject line citing the specific section of statue - it's pretty obvious that I know the statute when I cite it.
Obviously you weren't and aren't an expert on law. I cited the section for you. You can read it here:
https://www.law.cornell.edu/us...
Here's the first line of the law for you so you don't have to even bother clicking the link:
"Any person who knowingly:"
The federal law on the matter is 18 U.S. Code  2252A. It says it's illegal to KNOWINGLY send and receive child porn. Anyone who doesn't know it's there has not committed a crime. Even having read the summary, I know that the chain contains a) porn and b) links to child porn. I don't know/remember if it contains child porn, so it's not illegal for me to send or receive it.
Also, as confirmed in ELONIS, mens rea (guilty mind) is still required. To be criminally responsible for any action, one would have to intend to do something bad. That's true by default unless the statute for a particular crime specifically lays out a different treatment of mens rea for the elements of that particular crime. Since 2252 doesn't specify otherwise, the standard mens rea rule applies and one is not guilty unless they were they had guilty intent, unless they were trying to do a bad thing.
You are correct, SSL is a PCI fail. As is TLS 1.0. TLS 1.1 is frowned upon but it won't make you fail PCI.
Real-time analysis of TLS traffic is okay. GP said it was LOGGED. That's probably a fail, because the logs probably aren't secured enough.
> And no, you can't turn chlorine gas back into chlorine by adding water,
Actually that's what happens if you sit and do nothing. Chlorine reacts with water in the air, strongly catalyzed by sunlight, to form hydrogen chloride. That's not the fastest and easiest way to get rid of it, though. Chlorine reacts (combines) with almost every element on the periodic table, other than the noble gasses, which don't really react with anything. So you could neutralize it by adding just about anything, or just sit and wait while it reacts with (bleaches) whatever happens to be in the room.
Soldiers in WW1 would protect themselves (somewhat) by breathing through a wet handkerchief, allowing the chlorine gas to react with the moisture on the handkerchief instead of the moisture of their mucous membranes.
Just curious, why are you arguing about chemistry.without having any idea what you're talking about?
PS the main chemical you put in swimming pools is bleach.
Then you pour in that acid. In order to make the water SAFER than just plain water. Just add water - no more danger.
You've been on Slashdot long enough, and I've read enough of your posts, to know that when you quote me saying "until they are combined" you know what that means.
Bleach is in fact not all that dangerous, and doesn't require demolishing a building. Same with swimming pool chemicals. "until they are combined".
> A rather significant part of OChem is devoted pretty much to learning how to successfully synthesize organic substances without accidentally blowing yourself up or setting yourself on fire, with a section on the first day of lab typically devoted to what to do when that does happen anyway.
And we'd rather that not happen. We don't want untrained people trying to make acetone peroxide. Unfortunately there are people, such as my nephew, who will hear "this guy mixed up an explosive, acetone peroxide, from common household items" and they'll try mixing acetone and peroxide. My nephew would totally do that. When I was 14, I almost would have. There is no need for me or him to parse 3,3-Dimethyl-1,2-dioxacyclopropane in order to do something stupid.
Okay two issues. First, I'm talking about the components, the ingredients, used to make the explosive. Any actual explosives likely detonated in the explosion that killed him.
Secondly, the name of the explosive may very well be "acetone peroxide". Think nobody can guess which two ingredients you mix to make "acetone peroxide"? (For those unsure, it's acetone and peroxide.).
> Barring something in the way of highly exotic medical problems, your excrement is not likely to blow up.
> And yes, yes you are randomly mixing the elemental ingredients when you use the toilet.
Try randomly mixing acetone and peroxide some time and see what happens. Mix no more than 1 gram, and make sure nobody is within 300 meters for the next several days.
I have found that when the security team sends out "phishing" emails about once a month, that helps. Opening the link takes the employee to a page reminding them about phishing. If instead they click the "report" button in Outlook, they get a happy message. It changes behavior after a few months.
> mention the chemical names because that might (somehow) enable people to whip them up in their kitchen...never mind that by that same theory, merely knowing the word 'cake' would grant one the necessary knowledge to produce one from scratch.
Although I don't necessarily disagree with your conclusion, that's really not a good analogy. We're talking about listing the ingredients used. If major newspapers published the ingredients for Coca-Cola, some people might TRY to make it. Not knowing anything more than the ingredient list, they'd probably fail to make it right. When making high explosives, failing to do things right can result in KABOOM, as it did in this case.
So the theory is given the list of ingredients, some idiot might TRY to make it, perhaps by just mixing together random amounts. In the case of acetone peroxide, just mixing the two ingredients will cause an explosion. It'll go off without being purposely detonated, if you don't take active steps to prevent spontaneous detonation.
>. 'blows self up' though, smart money is on hydrogen peroxide and acetone. Good old TAP - high explosive you can make in your kitchen from readily available chemicals. Also tends to explode if you just stir it a little too fast.
I thought of the same. Low explosives such as black powder don't tend to kill the maker in an accident. (Unless it's industrial scale). Losing a finger is entirely possible. Acetone peroxide, as you said, attracts idiots because the components are readily available, AND it's very unsafe to make - killing yourself is entirely possible.
I heard one guy who lives near me had a lot of experience making pyrotechnics, making black powder and such. He (very carefully) made a few MILLIgrams of acetone peroxide. Seeing what just a few milligrams was like, he swore to never again go near AP.