That people don't understand this is, "weirdly", common.
The question of whether you could enforce action against infringers and/or whether reproducing those emails is against the copyright is another thing entirely and down to local law.
But, pretty much, this post is copyrighted. There may be a line somewhere that assigns the copyright in it to Slashdot (I don't think there is, Facebook tried that and couldn't get away with it), but otherwise it's mine. All comments are the property of the poster, remember.
And when you're talking about the contents of an internal email from a workplace, almost certainly those are the intellectual property of the employer - whether expressly stated or not.
It's not a question of "if".
And I'm pretty sure that a government organisation tasked with intercepting communications has some exception in the law for copying, reading and storing your email for a certain period of time. It's come up in the UK news for GCHQ, for instance.
In the same way you can't sue your ISP for copying your packets to this forum in the first place, or Slashdot for storing them, as there is an inherent permission granted by you posting.
I'm an avid board games collector, but I have specific interests.
I like "mathematically interesting" board games. A lot of the big-name games just don't do it for me. I also like board games with well-designed elements and pieces, no matter how bad the actual game. Yes, I'm odd.
I quite like the Pac-Man from the MB Game Pac-Man board game. It's a piece of design that I love. And I quite like the "inifinite board" concept of a Mad-Max like car board game I have called Thunderoad (also went by other names). But I really like things like Super Cluedo and even Cluedo: The Great Museum Caper (Cluedo = Clue in the US). However the original Cluedo is just boring. It's about how well it works as a game, not some hard-and-fast rule for what works.
It's the old story - you have to have something that nobody's seen before and telling you how to do that is impossible.
Strangely, I find RPGs and other tabletop games uninteresting for the most part.
Almost all of which are civil, not necessarily criminal.
And your assertion about the brothel laws is wrong - they would both have to be prostitutes to constitute a brothel under the law. Not saying you couldn't get hassle, but you couldn't be prosecuted without proving they were both/all prostitutes.
The police aren't interested in this kind of thing. If they needed to assist on a council-run benefit crackdown, it would be the council with those devices, powers and requiring warrants to use. Same as flying drones over houses to see if there's illegal housing in the back-yard.
Police would need these power in certain circumstances, e.g. hostage situations, etc. but it's impossible to imagine a realistic scenario where a warrant couldn't be applied for and granted, or where the power/equipment couldn't be assigned only to those necessary (e.g. in the UK only armed officers in a hostage situation).
There's no "need" of this. At all. It may be desirable or helpful but it shows nothing that legally entering the premises wouldn't show anyway. And blanket use of it will only cause good judgemental decisions like this ("I could authorise it, but I'd spend the next ten years justifying my decision and eventually having it overturned because it's just wrong", effectively).
It's hard to think of you as the end result of millions of years of evolution.
Nobody says it's the first thing that comes to mind. Nobody says it's even USEFUL in those jobs.
(To be honest, finding extraterrestrial life is probably ALWAYS going to be of more priority to scientists than finding some guy who's fled his country under persecution and hidden in the back of a shipping container.)
Your choice of OS, if you have something worth encrypting and hiding, is the least of your worries.
If you have any brains at all, all key generation is done offline on a clean machine and then that machine destroyed. Only a specific, purpose-built target on YOU would stop that working as intended without informing the NSA, and then they may as well just listen in to the room anyway.
What you are falling into is the "movie hackers" fallacy - "Gosh, everything hackable therefore everything is hacked all the time". If you have a clean, from-disk OS, even, and keep it off the net, and sign your messages with your pre-generated private key on a device that goes NOWHERE and only gets turned on when you need to use it - fuck 'em. Quite what power do you think they have over that?
The problem with modern day stuff is ALL Internet-access-based. Hell, most people think a computer isn't a computer unless it's on the Internet nowadays.
Don't get me wrong, if you're targeted by the NSA, I'm sure they can get to you somehow. But I can assure you they were targeting Bin Laden and he survived, what, a decade with the whole world looking for him? He was found to be couriering USB keys down to the local cybercafe.
Targeted malware only works if you're stupid enough to expose the machine to the net, or run programs that aren't verifying content. Fuck trying to "infect" someone who only reads their mail via "mutt", for example. It's all Hollywood tripe.
If there's a terrorist with a brain out there, and they are trying to avoid the NSA's glare, I'd be quite annoyed at their stupidity if they aren't using read-only boot media, a bunch of random devices bought in shops, PKE, and programs that aren't mainstream enough to have exploits written for them.
Fuck, even I know how to encrypt mail offline and have read my mail accounts via telnet in the past.
If you're targeted, malware is the fucking least of your worries, and easily countered by not allowing your PC to come into contact with it. Even that stuff about some malware making computers "talk" over audio channels to cross air-gaps only works when computers are infected in the first place.
We even have double-compilation-verification built operating systems, and you can boot some old shit off a floppy image from pre-Windows days if you're really paranoid.
The problem is not that - it's not encrypting, generating, or securing your message. It's how do you get your message to the wider net from there, and that identifies your location quite quickly. However, as pointed out above, you can sit in the same location for ten years with a willing stooge to courier to nearby cybercafes and NEVER get caught that way.
It lacks in imagination to think that the NSA, or indeed any intelligence agency, is really as good as you think they are. I'm a massive fan of GCHQ history, for instance, and I quite believe that today's GCHQ is a shadow of it's former self forced to resort to asking Facebook for copies of its data. Given that they invented this type of stuff to prevent EXACTLY what they are trying to do now, it's hilarious that it's backfired to the point where they are having to convince you they really can listen to everything, everywhere, always.
If they could do that, you would never hear of it. Because, you see, they'd know about all the leaks and be able to stop them in their tracks - legally or illegally.
Because upgrading PHP breaks shit. It's the old story of backwards compatibility versus security and, inevitably, when you've commissioned a website in a language that you can't program in yourself, you will choose backwards compatibility every time.
Most people do not host their own web services. As such they are at the mercy of their host and what their host needs to run for everyone to be happy.
Every web host I've ever used, personally or professionally, will give you a version of PHP and rarely update it. When they do, they will invariably warn you that your scripts (i.e. website) are probably about to break. Most people in that position do not have the skills and knowledge (or even the tools or hosting capability!) to log in and fix the problem. So it's "we're going to break your website... you have to pay money to fix it".
Hence, there is a pushback every time they do it, and that makes them even more reluctant to suggest to their users that they need to do it again next month.
This is partly a user problem, yes, but it's mainly in the court of the PHP developers. Why does going from PHP 5.3 to 5.5 break SO MUCH without reason? Almost every bulletin board, forum, image gallery or what-have-you you find that runs PHP tells you version it will work on, and has had to issue at least one update that fixes shit that breaks on the newer versions of PHP.
I'm not sure there's another language out there that's quite so undefined and variable when it comes to how things should work and what could change/break in new versions.
Sure, I get that we have to keep everything up-to-date when we're running net-facing servers, but the problems of PHP compatibility and that most web-hosts are scared to upgrade has caused more problems than those old scripts still running. For the most part, they are even worked around so they are still compatible with old PHP's rather than, as should happen, upping the minimum required PHP version and making people get secure throughout.
I think we can safely lay the majority of this problem on the removal of register_globals (something that should never have existed in the first place), magic quotes and safe mode. The last two of which were touted as the lazy-man's security functions so you didn't have to worry about all the fine detail. The rest of the changes in those versions are pretty minor and to-be-expected of a new version of software.
If PHP hadn't done a "PHP isn't safe", "Here, use this hodgepodge of half-assed security feature", "Shit, they're more dangerous than what we were avoiding, remove them!", then maybe they wouldn't be in this mess.
So if they have the PSK, then they can decrypt your VPN connection?
Yeah, not surprising.
Nowhere does it say they actually have effective techniques for extracting the PSK from, say, a Diffie-Hellman exchange. Because.... well... pretty much, nobody can.
But, sure, if you plug in your VPN PSK into a router that's then compromised, your PSK is then public knowledge. Hell, in most places it's listed in your Cisco CLI and extractable if you have access to it (http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/82076-preshared-key-recover.html).
Isn't this why we have several things, not least SSL VPN with proper keychains, certificate revocation, passphrase-protected keys, etc.?
You can try to scaremonger all you like (this is, what? The fourth of fifth article this month with scaremongering like this about Tor, SSL, etc.?). Fact is nobody has demonstrated, or even pointed to suspicious circumstances that may hint, that the NSA or anyone else are doing anything different to the bad guys out there - finding out that compromising the devices is generally easier than decrypting proper TLS security. And nobody's been seen to actually have a shred of evidence that they can decrypt TLS by any way other than being handed the keys.
All this does is tell me the exact OPPOSITE of what the little guy (and presumably anyone reading this article, shame on you Slashdot) would take home. The NSA aren't able to do anything more than I thought they could. That the encryption is serving it's purpose to the point that it's easier to compromise the routers en-masse than it is to break the encryption.
All this does is say to me "Keep doing what you're doing". Use proper PKE with decent size keys and secure them as much as humanly possible.
All I've thought about these kinds of articles for the past year is "What are you trying to scare me onto?" Truecrypt, SSL, PFS etc. It all points towards a certain set of algorithms which are hailed as the "solution" to all these problems - Elliptic Curve. Strangely, one of the "official" curved was designed in co-operation with these people and they won't provide justification for it, and their track-record in this area is quite well-known. These are the people who paid RSA to weaken their encryption, the people who didn't want us to be able to have large-bit encryption available in any case, and who wanted us to have backdoored chips protecting our devices.
PKE is doing it's job at the moment. I'd hate to think that we all jump-ship to the thing that's ACTUALLY broken, in our haste to secure things against this kind of propaganda.
If the user you got access to has access to HR data, they have access to HR data. Anything else in the way is merely a hindrance (to you, and an intruder).
But if you compromised a server and used them to get administrator access on the storage arrays, pretty much it doesn't matter what you've got in-between.
The real solution, I think, would be proper encryption. But even there, you have the problem of key management that doesn't just hand out keys to the servers when they request them.
Fact is, yes, it might be sensible to cordon-off a few of these things. You already have to have PCI-DSS stuff on isolated networks (to simplify their requirements), but it doesn't seem to stop this stuff. I know schools that, for years, separated off curriculum and admin - i.e. it was impossible for a child to compromise the deputy-head's login in the classroom and use it to get access to personnel data). I still stick to that mentality and move things to be physically apart wherever possible but nowadays it's considered old-hat and all the separation is virtual - VLAN's and permissioning on the servers and storage arrays.
You put barriers in between but this kind of attack is more akin to the boy with his finger in the dyke. Your users (in HR, or Finance, or wherever) need that tiny hole to be open for them, and so piggybacking in on their connection automatically gives you access to this stuff.
The problem is that intrusion detection / prevention, really, is nothing more than checking EVERY transaction back and forth and that's a huge undertaking, slow, requires lots of equipment, and has to be constantly updated by people as threats appear. It's not an easy problem to solve. Even governments are having slips with their classified data, because even though the networks are supposed to be completely isolated, it only takes one guy (malicious or not) to be compromised for that barrier to have a gaping hole in it for him to do his job through.
People are stupid. And the planes have to get up there somehow. And, shockingly, most UFO reports (in the proper sense of the term, not "aliens") are near military bases and airports.
No doubt there are a million UFO reports because people were drunk, don't recognise Venus or there was a shiny bit on their windscreen.
You can't explain away everything but this just confirms what we already know - experimental aircraft are often the cause and CANNOT be confirmed until declassified. And, by definition, they will move in ways that are different to every known aircraft, especially while undergoing testing.
Cell phone = mini tablet = mini laptop ( ~= portable desktop).
All that changes are the screen size, the particular flavour of OS (all three major OS are available in all three sizes), and the "bolt-on" parts (keyboard, ports, storage, etc.).
Once you realise that, why would you need a laptop and a tablet and a phone? Phone is portable and mobile. That's great. Tablet isn't, but you can do more work and watch more TV on it. But laptop is where you have to do all serious work anyway. So what do you gain by having the middle-ground? Not very much at all.
Hence why most people I know have laptops, cell-phones and if they have a tablet, it's a games machines for the kids. But the kids pretty much have their own idea of what's a games machines nowadays and it won''t be long before you're buying them a laptop anyway.
CPU speeds have stagnated. Graphics capabilities are stagnating on the mobile platforms as they start to catch up the PC. All you have left is the particular size you want. One small, one large instead of one "tries to be both, and fails" is what people are going for. Hell, some PC manufacturers are trying to sell you laptops that basically are tablets, with a fancy hinge / keyboard. When the difference is that small, it's game over for one of those markets.
Unless there's another boost in CPU or GPU capabilities as radical as the introduction of 3D cards or multiple processors, there's not much that's going to change at the moment. It's truck/van for work and small car for home/family use. Few try to go in the middle and use for both.
The "anything can happen" rule is both the life and death of RPG's. No, it doesn't translate to even online play necessarily.
And it's more difficult than you might think to have a team of people playing those kinds of games WITHOUT going stupid. Your example is perfect. Exactly the kind of thing to give players a laugh, keep the DM on their toes, and not be covered by any existing rules.
Problem is, having people to play with where it doesn't descend into what happens in friendly-fire CS:GO matches.
I'm not saying they are invincible, but they probably have the power to survive quite a few huge, massive, complete flops of console releases before they actually would struggle to find investment. If they even needed it.
Not only that, people had dual-nationalities, the nationalities might be wrong (how many people were on the Greek ferry this week? I heard at least a hundred different answers over the course of a couple of days).
And if you think one of your friends might be on there, you'll be concerned whether or not the nationalities are right, surely? What would be infinitely more important would be, say, a copy of the list of names that they show you on the news being pored over by crying relatives, no? But a definitive list of names doesn't create drama, except for relative reactions.
Report news or don't report news. The list of names is fact and news that you could use to check if your friends are involved. That there were no particular race / nationality / age / gender on board is worthless when you have a list of names you could publish for those interested, and may be so inaccurate as to be worthless anyway.
How do they know there's no Brits, say, if people have dual nationality, have flown from another country, hold two passports, etc. unless they have a fucking list of names of who was involved - detailed down to their passport and original country of origin?
Take that second drive. Put it in a USB enclosure. Run a backup once a week.
Much less wear-and-tear on the drives. No big deal if something drops in your computer and shorts the 12V line, or you get water in it, or something else happens to the computer / SATA itself.
Also, you can then even do one full and multiple differential backups assuming you're not jamming the drive to capacity (handy if you suddenly discover that the thing you did last week was stupid and has corrupted your older data).
Live RAID is not a backup, just because it has a live copy of your data. That's not what backups are.
And, to be honest, I work in a large private school and our backups are all to other disks. Tape is way too expensive and hard to get going again in the case of complete site-loss (that £2k tape drive you have, try and get hold of one in an emergency when you can't otherwise use yours!). But a NAS enclosure with RAID5 and a synced (NOT LIVE) copy of your data? Invaluable and will restore at network speeds (or faster, if you put it into a machine).
I agree about trying to backup data for home use in the same way - tape is impractical and expensive for that kind of thing and drive backups are the way to go. Just don't do it live, do a verify (not just rely on your cheap-shit BIOS to verify the RAID mirror constantly and inform you of problems), and keep it away from the machine you're backing up more than you keep it near the machine.
As someone who got into back-yard astronomy a year or so ago, I can tell you that it's not so much the problem seeing anything as just never having looked.
I live in London. Way inside the boundaries of the M25, the motorway that circles London and distinguishes "Greater London" from the green belt which surrounds it. I have for most of my life. I live in the middle of a large town in London, it's complete suburban sprawl and the parks are the only break in it.
From my back-yard (which joins onto the back yards of 20+ other houses in a circle), I can see the planets and stars. We watched ISS traverse with the naked eye just the other night (because someone suggested it could be misconstrued as "Santa's Sleigh" to the right age of child). Nebulae are a struggle, but to image them is no more difficult than anywhere else (this is the bit where you need long exposures and motorised equipment anyway).
As a complete amateur, I can tell you that with the naked eye I can see hundreds of times more than I ever expected. I just wasn't looking. With a telescope, I can see anything I choose to see. I have imaged the larger planets with incredibly short exposures through a very cheap telescope. It's all there to see. A bigger hindrance, to me, is that the horizon is artificially raised by nearby houses, fences, etc. not that the light pollution from all those houses is destroying my enjoyment (and, trust me, I've yelled several times when a neighbours outside halogen PIR light turns on just as I got my night-vision).
I've been to Scotland, into the middle of the Highlands miles from anywhere, and seen Venus with the naked eye while driving there. The stars are "better" up there, but not magnificently so. I've been to Italy, into the middle of the North where it's all fields and no towns, and the same things happens - yes, it's slightly easier, and you can pick out the Milky Way easier, but it's not like the overlay you get on TV shows when they want to depict night-time. Unless you're in the middle of nowhere and spend hours acclimatising and have good eyesight or good equipment, it won't be. More likely to destroy your enjoyment of the stars is the weather, the cycle of what's actually up to see, spending hours aligning equipment and tracking (I don't like go-to technology as I feel it's cheating, so I do everything with push-to technology at worst, but manual hunting most of the time), and just the general difficulty of finding something interesting to look at.
I made some photos on the first few days of tying a Canon SLR to my telescope with some hodge-podge connections (one of them is actually taken through the eyepiece by holding the camera close). I consider them the worst photos I have taken, taken from London, with only manual tracking available, which is what piqued my interest - if this is the worst you can do with cheap equipment and no knowledge, what could you do after some practice and good equipment? Have a look, and you can also see my equipment:
There's a ton to see, even in the middle of a city. The light pollution - sure, I imagine it can be an issue and put a threshold on things. But, for the casual observer, it's only really an issue if you live close enough to the city to be priced out of owning a garden anyway. Hell, the local astronomy club meets in a park NEARER to central London - so far, in fact, that I can't be bothered to drive up there.
Don't believe the crap about not being able to see the night sky in an urban area. It's there. And even without any equipment, you can still see hundreds of stars, which is more than enough to start from (stars are VERY boring in any telescope that costs less than your car).
Yes, I intend to bring my equipment to Italy next time my girlfriend drags me over, but I will still need the equipment, and still have the same hassles as at home (except it'll be mountains in the way and n
If someone sends me something that I never asked for, I have to take specific measures against any and all such messages or I will be charged against my will.
That's RIDICULOUS.
The alternative is that the sending party that wants to spam me has to spend the money to do so, and their unwanted spam is nothing more than an annoyance (not a monetary cost on my part too). Which is how the rest of the world works.
Sorry, but I am not going to hold funds, or have a limited amount of minutes, which can be depleted at any time by random third parties without my authorisation.
Who pays for the lines and service in between? Who gives a shit? That's the provider's problem. We're talking about who can cost ME money (or remove some of my allowances).
Hell, you are paying for WRONG NUMBERS to ring you. It's just not sensible. And, as you point out, the technical side means there's NOTHING stopping your provider working the other way around (like the rest of the world). But they are profiteering from unwanted spam being sent to your phone, because YOU are paying for each call, not the spammer, or themselves.
Hell, in the EU, we are currently in the process of making even roaming calls be free-to-receive (and same-price-to-make) as local calls because of the artificial (and false) market involved in a German company operating in the UK charging a UK user more to make calls when they are in Germany.
Pay to receive is not a technical issue. Thus there's nothing stopping them working like every other provider in the world. Pay to receive is a con on YOU and if you don't see that, you really need to look into what they (sometimes the same company) are providing in other countries.
There are still forced marriages around the globe.
There are female circumcisions taking place this isn't.
Unless you want to be a "ANY NEWS!" site, this isn't the place for those stories. It doesn't mean they aren't important, or don't matter. It means that it's not appropriate for a tech-news site unless, specifically, there is tech involved in a non-trivial way.
The tech side of this story is "a plane". That's about it.
You want the non-tech stories, go elsewhere, or tell us where a PURELY tech news site is.
In Italy: "There were no Italians on board" x 5 within the space of a 2 minute news article.
In England: Even BBC News has a headline "Only one Brit onboard".
The crash isn't news if they're foreign or old. Same as everything else they portray on the news. War in the Middle East that involves no European/American countries? Barely mentioned. The US says something about a war in the Middle East? News article. The US is IN the Middle East, can't move for "news" of it, down to deaths of individual soldiers (an unprecedented coverage of a war).
TV News doesn't care about the news. They care about making you go "Oh my God!" when you see it, so you keep watching through the adverts.
That's one every two weeks. One of the ones you hint at was, what, July and over an entirely different continent anyway.
Learn some statistics. You soon find that people have selection-bias on what they see in the news, what they perceive as a "close fact" (being a plane heading TO Malaysia crashing in another continent, instead of one heading from Malaysia that crashes near Malaysia... very different things), and what they want to lump together to form some kind of extraordinary circumstance.
Slashdot Mirror
Of course... if you read it at proper news outlets, they might be able to get a headline with some semblance of truth in it:
http://www.bbc.co.uk/news/heal...
Most cancer TYPES 'just bad luck'
Most TYPES of cancer can simply be put down to bad luck rather than risk factors such as smoking, a study suggests. 338
Emails are copyrighted already.
Everything you make is copyrighted, to you.
That people don't understand this is, "weirdly", common.
The question of whether you could enforce action against infringers and/or whether reproducing those emails is against the copyright is another thing entirely and down to local law.
But, pretty much, this post is copyrighted. There may be a line somewhere that assigns the copyright in it to Slashdot (I don't think there is, Facebook tried that and couldn't get away with it), but otherwise it's mine. All comments are the property of the poster, remember.
And when you're talking about the contents of an internal email from a workplace, almost certainly those are the intellectual property of the employer - whether expressly stated or not.
It's not a question of "if".
And I'm pretty sure that a government organisation tasked with intercepting communications has some exception in the law for copying, reading and storing your email for a certain period of time. It's come up in the UK news for GCHQ, for instance.
In the same way you can't sue your ISP for copying your packets to this forum in the first place, or Slashdot for storing them, as there is an inherent permission granted by you posting.
-1 Downvote for quoting the Daily Mail on anything.
I'm an avid board games collector, but I have specific interests.
I like "mathematically interesting" board games. A lot of the big-name games just don't do it for me. I also like board games with well-designed elements and pieces, no matter how bad the actual game. Yes, I'm odd.
I quite like the Pac-Man from the MB Game Pac-Man board game. It's a piece of design that I love. And I quite like the "inifinite board" concept of a Mad-Max like car board game I have called Thunderoad (also went by other names). But I really like things like Super Cluedo and even Cluedo: The Great Museum Caper (Cluedo = Clue in the US). However the original Cluedo is just boring. It's about how well it works as a game, not some hard-and-fast rule for what works.
It's the old story - you have to have something that nobody's seen before and telling you how to do that is impossible.
Strangely, I find RPGs and other tabletop games uninteresting for the most part.
Almost all of which are civil, not necessarily criminal.
And your assertion about the brothel laws is wrong - they would both have to be prostitutes to constitute a brothel under the law. Not saying you couldn't get hassle, but you couldn't be prosecuted without proving they were both/all prostitutes.
The police aren't interested in this kind of thing. If they needed to assist on a council-run benefit crackdown, it would be the council with those devices, powers and requiring warrants to use. Same as flying drones over houses to see if there's illegal housing in the back-yard.
Police would need these power in certain circumstances, e.g. hostage situations, etc. but it's impossible to imagine a realistic scenario where a warrant couldn't be applied for and granted, or where the power/equipment couldn't be assigned only to those necessary (e.g. in the UK only armed officers in a hostage situation).
There's no "need" of this. At all. It may be desirable or helpful but it shows nothing that legally entering the premises wouldn't show anyway. And blanket use of it will only cause good judgemental decisions like this ("I could authorise it, but I'd spend the next ten years justifying my decision and eventually having it overturned because it's just wrong", effectively).
Quote at the bottom of Slashdot:
It's hard to think of you as the end result of millions of years of evolution.
Nobody says it's the first thing that comes to mind.
Nobody says it's even USEFUL in those jobs.
(To be honest, finding extraterrestrial life is probably ALWAYS going to be of more priority to scientists than finding some guy who's fled his country under persecution and hidden in the back of a shipping container.)
Your choice of OS, if you have something worth encrypting and hiding, is the least of your worries.
If you have any brains at all, all key generation is done offline on a clean machine and then that machine destroyed. Only a specific, purpose-built target on YOU would stop that working as intended without informing the NSA, and then they may as well just listen in to the room anyway.
What you are falling into is the "movie hackers" fallacy - "Gosh, everything hackable therefore everything is hacked all the time". If you have a clean, from-disk OS, even, and keep it off the net, and sign your messages with your pre-generated private key on a device that goes NOWHERE and only gets turned on when you need to use it - fuck 'em. Quite what power do you think they have over that?
The problem with modern day stuff is ALL Internet-access-based. Hell, most people think a computer isn't a computer unless it's on the Internet nowadays.
Don't get me wrong, if you're targeted by the NSA, I'm sure they can get to you somehow. But I can assure you they were targeting Bin Laden and he survived, what, a decade with the whole world looking for him? He was found to be couriering USB keys down to the local cybercafe.
Targeted malware only works if you're stupid enough to expose the machine to the net, or run programs that aren't verifying content. Fuck trying to "infect" someone who only reads their mail via "mutt", for example. It's all Hollywood tripe.
If there's a terrorist with a brain out there, and they are trying to avoid the NSA's glare, I'd be quite annoyed at their stupidity if they aren't using read-only boot media, a bunch of random devices bought in shops, PKE, and programs that aren't mainstream enough to have exploits written for them.
Fuck, even I know how to encrypt mail offline and have read my mail accounts via telnet in the past.
If you're targeted, malware is the fucking least of your worries, and easily countered by not allowing your PC to come into contact with it. Even that stuff about some malware making computers "talk" over audio channels to cross air-gaps only works when computers are infected in the first place.
We even have double-compilation-verification built operating systems, and you can boot some old shit off a floppy image from pre-Windows days if you're really paranoid.
The problem is not that - it's not encrypting, generating, or securing your message. It's how do you get your message to the wider net from there, and that identifies your location quite quickly. However, as pointed out above, you can sit in the same location for ten years with a willing stooge to courier to nearby cybercafes and NEVER get caught that way.
It lacks in imagination to think that the NSA, or indeed any intelligence agency, is really as good as you think they are. I'm a massive fan of GCHQ history, for instance, and I quite believe that today's GCHQ is a shadow of it's former self forced to resort to asking Facebook for copies of its data. Given that they invented this type of stuff to prevent EXACTLY what they are trying to do now, it's hilarious that it's backfired to the point where they are having to convince you they really can listen to everything, everywhere, always.
If they could do that, you would never hear of it. Because, you see, they'd know about all the leaks and be able to stop them in their tracks - legally or illegally.
And why?
Because upgrading PHP breaks shit. It's the old story of backwards compatibility versus security and, inevitably, when you've commissioned a website in a language that you can't program in yourself, you will choose backwards compatibility every time.
Most people do not host their own web services. As such they are at the mercy of their host and what their host needs to run for everyone to be happy.
Every web host I've ever used, personally or professionally, will give you a version of PHP and rarely update it. When they do, they will invariably warn you that your scripts (i.e. website) are probably about to break. Most people in that position do not have the skills and knowledge (or even the tools or hosting capability!) to log in and fix the problem. So it's "we're going to break your website... you have to pay money to fix it".
Hence, there is a pushback every time they do it, and that makes them even more reluctant to suggest to their users that they need to do it again next month.
This is partly a user problem, yes, but it's mainly in the court of the PHP developers. Why does going from PHP 5.3 to 5.5 break SO MUCH without reason? Almost every bulletin board, forum, image gallery or what-have-you you find that runs PHP tells you version it will work on, and has had to issue at least one update that fixes shit that breaks on the newer versions of PHP.
I'm not sure there's another language out there that's quite so undefined and variable when it comes to how things should work and what could change/break in new versions.
Sure, I get that we have to keep everything up-to-date when we're running net-facing servers, but the problems of PHP compatibility and that most web-hosts are scared to upgrade has caused more problems than those old scripts still running. For the most part, they are even worked around so they are still compatible with old PHP's rather than, as should happen, upping the minimum required PHP version and making people get secure throughout.
I think we can safely lay the majority of this problem on the removal of register_globals (something that should never have existed in the first place), magic quotes and safe mode. The last two of which were touted as the lazy-man's security functions so you didn't have to worry about all the fine detail. The rest of the changes in those versions are pretty minor and to-be-expected of a new version of software.
If PHP hadn't done a "PHP isn't safe", "Here, use this hodgepodge of half-assed security feature", "Shit, they're more dangerous than what we were avoiding, remove them!", then maybe they wouldn't be in this mess.
Would love to.
Apparently I have to sign up to do so.
Makes you wonder why someone would bother to post the link and the article really, when I have to sign up elsewhere to actually read the damn thing.
So if they have the PSK, then they can decrypt your VPN connection?
Yeah, not surprising.
Nowhere does it say they actually have effective techniques for extracting the PSK from, say, a Diffie-Hellman exchange. Because.... well... pretty much, nobody can.
But, sure, if you plug in your VPN PSK into a router that's then compromised, your PSK is then public knowledge. Hell, in most places it's listed in your Cisco CLI and extractable if you have access to it (http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/82076-preshared-key-recover.html).
Isn't this why we have several things, not least SSL VPN with proper keychains, certificate revocation, passphrase-protected keys, etc.?
You can try to scaremonger all you like (this is, what? The fourth of fifth article this month with scaremongering like this about Tor, SSL, etc.?). Fact is nobody has demonstrated, or even pointed to suspicious circumstances that may hint, that the NSA or anyone else are doing anything different to the bad guys out there - finding out that compromising the devices is generally easier than decrypting proper TLS security. And nobody's been seen to actually have a shred of evidence that they can decrypt TLS by any way other than being handed the keys.
All this does is tell me the exact OPPOSITE of what the little guy (and presumably anyone reading this article, shame on you Slashdot) would take home. The NSA aren't able to do anything more than I thought they could. That the encryption is serving it's purpose to the point that it's easier to compromise the routers en-masse than it is to break the encryption.
All this does is say to me "Keep doing what you're doing". Use proper PKE with decent size keys and secure them as much as humanly possible.
All I've thought about these kinds of articles for the past year is "What are you trying to scare me onto?" Truecrypt, SSL, PFS etc. It all points towards a certain set of algorithms which are hailed as the "solution" to all these problems - Elliptic Curve. Strangely, one of the "official" curved was designed in co-operation with these people and they won't provide justification for it, and their track-record in this area is quite well-known. These are the people who paid RSA to weaken their encryption, the people who didn't want us to be able to have large-bit encryption available in any case, and who wanted us to have backdoored chips protecting our devices.
PKE is doing it's job at the moment. I'd hate to think that we all jump-ship to the thing that's ACTUALLY broken, in our haste to secure things against this kind of propaganda.
That's covered by basic permissioning, surely?
If the user you got access to has access to HR data, they have access to HR data. Anything else in the way is merely a hindrance (to you, and an intruder).
But if you compromised a server and used them to get administrator access on the storage arrays, pretty much it doesn't matter what you've got in-between.
The real solution, I think, would be proper encryption. But even there, you have the problem of key management that doesn't just hand out keys to the servers when they request them.
Fact is, yes, it might be sensible to cordon-off a few of these things. You already have to have PCI-DSS stuff on isolated networks (to simplify their requirements), but it doesn't seem to stop this stuff. I know schools that, for years, separated off curriculum and admin - i.e. it was impossible for a child to compromise the deputy-head's login in the classroom and use it to get access to personnel data). I still stick to that mentality and move things to be physically apart wherever possible but nowadays it's considered old-hat and all the separation is virtual - VLAN's and permissioning on the servers and storage arrays.
You put barriers in between but this kind of attack is more akin to the boy with his finger in the dyke. Your users (in HR, or Finance, or wherever) need that tiny hole to be open for them, and so piggybacking in on their connection automatically gives you access to this stuff.
The problem is that intrusion detection / prevention, really, is nothing more than checking EVERY transaction back and forth and that's a huge undertaking, slow, requires lots of equipment, and has to be constantly updated by people as threats appear. It's not an easy problem to solve. Even governments are having slips with their classified data, because even though the networks are supposed to be completely isolated, it only takes one guy (malicious or not) to be compromised for that barrier to have a gaping hole in it for him to do his job through.
People are stupid. And the planes have to get up there somehow. And, shockingly, most UFO reports (in the proper sense of the term, not "aliens") are near military bases and airports.
No doubt there are a million UFO reports because people were drunk, don't recognise Venus or there was a shiny bit on their windscreen.
You can't explain away everything but this just confirms what we already know - experimental aircraft are often the cause and CANNOT be confirmed until declassified. And, by definition, they will move in ways that are different to every known aircraft, especially while undergoing testing.
The problem is even simpler than that.
Cell phone = mini tablet = mini laptop ( ~= portable desktop).
All that changes are the screen size, the particular flavour of OS (all three major OS are available in all three sizes), and the "bolt-on" parts (keyboard, ports, storage, etc.).
Once you realise that, why would you need a laptop and a tablet and a phone? Phone is portable and mobile. That's great. Tablet isn't, but you can do more work and watch more TV on it. But laptop is where you have to do all serious work anyway. So what do you gain by having the middle-ground? Not very much at all.
Hence why most people I know have laptops, cell-phones and if they have a tablet, it's a games machines for the kids. But the kids pretty much have their own idea of what's a games machines nowadays and it won''t be long before you're buying them a laptop anyway.
CPU speeds have stagnated. Graphics capabilities are stagnating on the mobile platforms as they start to catch up the PC. All you have left is the particular size you want. One small, one large instead of one "tries to be both, and fails" is what people are going for. Hell, some PC manufacturers are trying to sell you laptops that basically are tablets, with a fancy hinge / keyboard. When the difference is that small, it's game over for one of those markets.
Unless there's another boost in CPU or GPU capabilities as radical as the introduction of 3D cards or multiple processors, there's not much that's going to change at the moment. It's truck/van for work and small car for home/family use. Few try to go in the middle and use for both.
The "anything can happen" rule is both the life and death of RPG's. No, it doesn't translate to even online play necessarily.
And it's more difficult than you might think to have a team of people playing those kinds of games WITHOUT going stupid. Your example is perfect. Exactly the kind of thing to give players a laugh, keep the DM on their toes, and not be covered by any existing rules.
Problem is, having people to play with where it doesn't descend into what happens in friendly-fire CS:GO matches.
To echo one of the IBM posts above:
They've only been around through two world wars.
I'm not saying they are invincible, but they probably have the power to survive quite a few huge, massive, complete flops of console releases before they actually would struggle to find investment. If they even needed it.
A quick Google saves a lot of idle speculation:
"It finally turned its first profit in the fourth quarter of 2001: $5 million (i.e., 1Â per share), on revenues of more than $1 billion."
Precisely what I was going to reply.
Not only that, people had dual-nationalities, the nationalities might be wrong (how many people were on the Greek ferry this week? I heard at least a hundred different answers over the course of a couple of days).
And if you think one of your friends might be on there, you'll be concerned whether or not the nationalities are right, surely? What would be infinitely more important would be, say, a copy of the list of names that they show you on the news being pored over by crying relatives, no? But a definitive list of names doesn't create drama, except for relative reactions.
Report news or don't report news. The list of names is fact and news that you could use to check if your friends are involved. That there were no particular race / nationality / age / gender on board is worthless when you have a list of names you could publish for those interested, and may be so inaccurate as to be worthless anyway.
How do they know there's no Brits, say, if people have dual nationality, have flown from another country, hold two passports, etc. unless they have a fucking list of names of who was involved - detailed down to their passport and original country of origin?
Take that second drive.
Put it in a USB enclosure.
Run a backup once a week.
Much less wear-and-tear on the drives. No big deal if something drops in your computer and shorts the 12V line, or you get water in it, or something else happens to the computer / SATA itself.
Also, you can then even do one full and multiple differential backups assuming you're not jamming the drive to capacity (handy if you suddenly discover that the thing you did last week was stupid and has corrupted your older data).
Live RAID is not a backup, just because it has a live copy of your data. That's not what backups are.
And, to be honest, I work in a large private school and our backups are all to other disks. Tape is way too expensive and hard to get going again in the case of complete site-loss (that £2k tape drive you have, try and get hold of one in an emergency when you can't otherwise use yours!). But a NAS enclosure with RAID5 and a synced (NOT LIVE) copy of your data? Invaluable and will restore at network speeds (or faster, if you put it into a machine).
I agree about trying to backup data for home use in the same way - tape is impractical and expensive for that kind of thing and drive backups are the way to go. Just don't do it live, do a verify (not just rely on your cheap-shit BIOS to verify the RAID mirror constantly and inform you of problems), and keep it away from the machine you're backing up more than you keep it near the machine.
As someone who got into back-yard astronomy a year or so ago, I can tell you that it's not so much the problem seeing anything as just never having looked.
I live in London. Way inside the boundaries of the M25, the motorway that circles London and distinguishes "Greater London" from the green belt which surrounds it. I have for most of my life. I live in the middle of a large town in London, it's complete suburban sprawl and the parks are the only break in it.
From my back-yard (which joins onto the back yards of 20+ other houses in a circle), I can see the planets and stars. We watched ISS traverse with the naked eye just the other night (because someone suggested it could be misconstrued as "Santa's Sleigh" to the right age of child). Nebulae are a struggle, but to image them is no more difficult than anywhere else (this is the bit where you need long exposures and motorised equipment anyway).
As a complete amateur, I can tell you that with the naked eye I can see hundreds of times more than I ever expected. I just wasn't looking. With a telescope, I can see anything I choose to see. I have imaged the larger planets with incredibly short exposures through a very cheap telescope. It's all there to see. A bigger hindrance, to me, is that the horizon is artificially raised by nearby houses, fences, etc. not that the light pollution from all those houses is destroying my enjoyment (and, trust me, I've yelled several times when a neighbours outside halogen PIR light turns on just as I got my night-vision).
I've been to Scotland, into the middle of the Highlands miles from anywhere, and seen Venus with the naked eye while driving there. The stars are "better" up there, but not magnificently so. I've been to Italy, into the middle of the North where it's all fields and no towns, and the same things happens - yes, it's slightly easier, and you can pick out the Milky Way easier, but it's not like the overlay you get on TV shows when they want to depict night-time. Unless you're in the middle of nowhere and spend hours acclimatising and have good eyesight or good equipment, it won't be. More likely to destroy your enjoyment of the stars is the weather, the cycle of what's actually up to see, spending hours aligning equipment and tracking (I don't like go-to technology as I feel it's cheating, so I do everything with push-to technology at worst, but manual hunting most of the time), and just the general difficulty of finding something interesting to look at.
I made some photos on the first few days of tying a Canon SLR to my telescope with some hodge-podge connections (one of them is actually taken through the eyepiece by holding the camera close). I consider them the worst photos I have taken, taken from London, with only manual tracking available, which is what piqued my interest - if this is the worst you can do with cheap equipment and no knowledge, what could you do after some practice and good equipment? Have a look, and you can also see my equipment:
http://www.ledow.org.uk/joomla...
There's a ton to see, even in the middle of a city. The light pollution - sure, I imagine it can be an issue and put a threshold on things. But, for the casual observer, it's only really an issue if you live close enough to the city to be priced out of owning a garden anyway. Hell, the local astronomy club meets in a park NEARER to central London - so far, in fact, that I can't be bothered to drive up there.
Don't believe the crap about not being able to see the night sky in an urban area. It's there. And even without any equipment, you can still see hundreds of stars, which is more than enough to start from (stars are VERY boring in any telescope that costs less than your car).
Yes, I intend to bring my equipment to Italy next time my girlfriend drags me over, but I will still need the equipment, and still have the same hassles as at home (except it'll be mountains in the way and n
The justification is not technical.
It's social, and commercial.
If someone sends me something that I never asked for, I have to take specific measures against any and all such messages or I will be charged against my will.
That's RIDICULOUS.
The alternative is that the sending party that wants to spam me has to spend the money to do so, and their unwanted spam is nothing more than an annoyance (not a monetary cost on my part too). Which is how the rest of the world works.
Sorry, but I am not going to hold funds, or have a limited amount of minutes, which can be depleted at any time by random third parties without my authorisation.
Who pays for the lines and service in between? Who gives a shit? That's the provider's problem. We're talking about who can cost ME money (or remove some of my allowances).
Hell, you are paying for WRONG NUMBERS to ring you. It's just not sensible. And, as you point out, the technical side means there's NOTHING stopping your provider working the other way around (like the rest of the world). But they are profiteering from unwanted spam being sent to your phone, because YOU are paying for each call, not the spammer, or themselves.
Hell, in the EU, we are currently in the process of making even roaming calls be free-to-receive (and same-price-to-make) as local calls because of the artificial (and false) market involved in a German company operating in the UK charging a UK user more to make calls when they are in Germany.
Pay to receive is not a technical issue. Thus there's nothing stopping them working like every other provider in the world. Pay to receive is a con on YOU and if you don't see that, you really need to look into what they (sometimes the same company) are providing in other countries.
Only in the US.
Paying to receive is RIDICULOUS. Just because it's the norm for you, doesn't mean it's not still ridiculous.
There are children starving in Africa.
There are still forced marriages around the globe.
There are female circumcisions taking place this isn't.
Unless you want to be a "ANY NEWS!" site, this isn't the place for those stories. It doesn't mean they aren't important, or don't matter. It means that it's not appropriate for a tech-news site unless, specifically, there is tech involved in a non-trivial way.
The tech side of this story is "a plane". That's about it.
You want the non-tech stories, go elsewhere, or tell us where a PURELY tech news site is.
Try watching it on the news.
In Italy: "There were no Italians on board" x 5 within the space of a 2 minute news article.
In England: Even BBC News has a headline "Only one Brit onboard".
The crash isn't news if they're foreign or old. Same as everything else they portray on the news. War in the Middle East that involves no European/American countries? Barely mentioned. The US says something about a war in the Middle East? News article. The US is IN the Middle East, can't move for "news" of it, down to deaths of individual soldiers (an unprecedented coverage of a war).
TV News doesn't care about the news. They care about making you go "Oh my God!" when you see it, so you keep watching through the adverts.
http://www.planecrashinfo.com/...
Commercial aircraft go down anything up to 20 times a year, even in modern times. Back when you were a kid, likely 30 times a year or more.
Already we have this lot:
http://en.wikipedia.org/wiki/C...
That's one every two weeks. One of the ones you hint at was, what, July and over an entirely different continent anyway.
Learn some statistics. You soon find that people have selection-bias on what they see in the news, what they perceive as a "close fact" (being a plane heading TO Malaysia crashing in another continent, instead of one heading from Malaysia that crashes near Malaysia... very different things), and what they want to lump together to form some kind of extraordinary circumstance.
Do Not Track was always useless.
Why the fuck are we still talking about it years later? And why the fuck have browsers taken it even semi-seriously?
It's the "evil bit" for the Internet - nothing more than a joke. Let's treat it like that.