Half the "fun" of a physical magazine is the ability to skim through it and flip the pages. Using "digital" magazines has none of that ability. Reading books in digital is great because it is a linear process. But how many people read magazines in a start to finish fashion?
I dunno - have you ever used an ipad - to read? Flipping pages is pretty damn easy (if the app doesn't suck). And jumping through articles could be pretty easy - again, if the app doesn't suck.
You have to get through your ISP in order to get to the outside world.
No, you don't. There are other ISPs. And there are other organizations. And there are other individuals (as he pointed out).
That's what your local unregulated ISP can do to you.
At which point you can ditch them. UUCP over 9600baud forever, man.
While that's not a practical solution, I think GP's point is that there is no internet to regulate - there are just a lot of cooperating sites.
Maybe it would be a good idea to regulate ISPs - but even that gets tricky. Am I an ISP? I have mostly open wifi. Is the cafe' down the street? The Library? The school?
Does net neutrality mean that an ISP won't be able to block port 25? I have really mixed feelings about that...
I'm perplexed why people continue to use XML when there is YAML...
The real answer is: who cares? They're both easy [enough] to parse data formats. It's about as interesting as arguing about what your favorite editor is and why. Or your favorite database. Everyone knows the ins and outs, and nobody cares (except maybe you and the person you're arguing with). We all have libraries. We all have parsers. It really doesn't matter.
The trivial answer to your question is: because YAML is very new in the grand scheme of things. And it's not so different that it's really interesting.
So, in your opinion, constitution limits are meaningless in regard to any action not absolutely necessary to survive? If so, why bother with a constitution in the first place? Please take a moment to savor just how ridiculous you appear right now.
Mmm. Savory.
There is obviously some kind of balance between the amazingly vaguely worded "provide for the common Defence and general Welfare" and just about everything else. I don't think the government has overstepped its bounds, here.
I do think the whole thing is ineffective, misguided, and ridiculously expensive. But I don't think it's illegal.
The Congress shall have Power To lay and collect Taxes, Duties, Imposts and Excises, to pay the Debts and provide for the common Defence and general Welfare of the United States; but all Duties, Imposts and Excises shall be uniform throughout the United States;
That covers the government not being able to violate your privacy without cause and specific warrant.
The constitution certainly doesn't guarantee your right to fly. Or even drive. The government has decided that it is not permissible to get on a flying bomb without being subject to search. And you can't drive on the road with just anything with 4 wheels.
Voluntarily subjecting yourself to a search in order to do something optional is not a violation of anything.
The key point is that you have not eliminated eavesdropping - there is only the appearance that you have. In order to eavesdrop the attacker just performs the MITM and offers you a fake router. Without authentication there is no protection against this.
We seem to have a definition problem - where you and I think eavesdropping mean different things.
Me: eavesdropping means that anyone in the room can listen to what is said. You: eavesdropping means you don't know who you're talking to.
Any time you connect to any encrypted service, you are placing your trust in that service. If you don't know who they are, that trust may be a poor decision.
Any time you connect to an unencrypted service, you are placing your trust in everyone in the room and along the entire path.
While it is true that you are vulnerable to MITM, etc, it is also true that you have eliminated an entire class of attacks: eavesdropping.
And I think that's huge and worthwhile.
Even if you have full encryption from end to end, with trust, you're still vulnerable to endpoint issues. Bad employees, api leaks, rooted servers. At your end (if you're not in the basement), it just isn't that hard to video you typing your password. Or keyloggers, etc.
Without eavesdropping attacks, this particular problem would drop from "no facebook in public" to "holy crap - someone bothered to set up a MITM to get my facebook password."
Obviously, this is just facebook we're talking about - not banking.
I honestly can not tell if you are trolling here or not....
The idea of SSL adding cost overhead for any company is completely nonsensical.
Nope, not trolling. All the money they've spent until now has been money saved. Again, I don't know how much it is. But it clearly adds expense (network, boxes, support, etc) to the mix.
Like I said: I'm sure they'll throw money at it and it'll go away. But I'm also sure they won't be happy to do it.
And if you want to foot the bill, I'm sure they'd be happy to hear it. Money is money.
Your example is wrong because without trust encrypting that first hop doesn't even stop other people on the router listening in - it just makes you think that it does. So it is not even the first in a complete solution.
I'm not sure what you mean. I said:
...So is that first hop encryption a complete solution? Nope. Anyone between the wireless router and facebook can still listen in. But it'd sure be a hellofa lot better than in the clear...
But I think that [radio] traffic to/from the router is safe if you use decent encryption (wpa, 2), with limited exceptions (http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access#Security_.26_Insecurity_in_pre-shared_key_mode).
The phrase is correct. Encryption without trust is little better than an unencrypted transmission. You reduce the pool of people that can get at it, to the ones that already know what to do with it. And on top of that you've got that nice sense of security to ensure that you're not as careful as you would've been.
Right, reducing the pool of people who can get at it. That's worthwhile.
As far as "not as careful as you would've been" - maybe you have not been reading much/. Most folks would not be even a little bit careful. Ever. Bad passwords, identical passwords across sites, don't care about http vs. https even when they do understand it, etc.
Well encrypted wifi would be a nice step. Instead of reading "anyone at a cafe' can steal anyone's facebook creds" we'd be reading "anyone running a wifi router can steal anyone's facebook creds". And while a lot of folks will claim there is little difference between the 2, it'd be nice for me not to have to worry about my mom visiting her usual cafe' and using facebook.
... (Well, I suppose it means that a second bad guy couldn't watch as the first bad guy empties your account).
Right. It means that you are narrowing your list of threats, and that is a worthwhile thing to do. In the general case, where you trust your cafe' just a little bit and they encrypt their wifi well, it means you don't have to worry about everyone else in the cafe'. And that's huge.
So it's a lot. So much that even if SSL overhead is just one one millionth of a cent per page served up, it is clearly at least hundreds of dollars a month. From the article, I'd guess that it's at least thousands of dollars a month.
Clearly, that's chump change for facebook, but until now, that's all money they've saved. And that's if the overhead is 1/10^6th of a penny. If it's 10^5th we're talking 10's of thousands. If ssl costs 1/10,000 of a penny per page, we're talking 100's of thousands of dollars a month. That starts to add up.
Again, I have absolutely no freaking idea how much overhead it is, and I have no idea their volume. But at the volume they're doing, you can see where any measurable overhead would cost real money.
My guess is that they will throw money at the problem and it'll go away. But they won't be happy to do it.
... Encryption without trust is less than useless.
I am so tired of that statement. Encryption without trust is Encryption. It is way less than ideal, but way better than cleartext.
I don't particularly trust my local cafe'. I really don't trust their ISP. I especially don't trust the phone company. I entirely don't trust the government. I certainly don't trust facebook.
But I use the cafe' wireless who uses their ISP who uses the phone company who is tapped by the government when I use facebook. And if the wifi were encrypted, I would not also have to worry about my fellow cafe' sniffers.
So is that first hop encryption a complete solution? Nope. Anyone between the wireless router and facebook can still listen in. But it'd sure be a hellofa lot better than in the clear.
Encryption without trust is not security, but it is encryption.
Slashdot Mirror
I, and many others, are perfectly willing to PAY good money for things that would otherwise be free.
Sadly, it seems that you + many others =
...NO. You can't have it both ways,
You want ads? You can't charge. Period.
You want to charge? You can't have ads.
I'd rather say you can have it both ways:
Pay & no ads or Ads and no (or small) payment.
It's digital. I can code that up for you if you like...
Half the "fun" of a physical magazine is the ability to skim through it and flip the pages. Using "digital" magazines has none of that ability. Reading books in digital is great because it is a linear process. But how many people read magazines in a start to finish fashion?
I dunno - have you ever used an ipad - to read? Flipping pages is pretty damn easy (if the app doesn't suck). And jumping through articles could be pretty easy - again, if the app doesn't suck.
Yeah, I saw the pic and thought, "Of all the damn screenshots in all the world, why did they leak that one?"
It was the first one that didn't have a crash backtrace?
>:-)
Exactly what I was thinking. It may be a few more miles before this is an iPad killer.
Woosh!
You have to get through your ISP in order to get to the outside world.
No, you don't. There are other ISPs. And there are other organizations. And there are other individuals (as he pointed out).
That's what your local unregulated ISP can do to you.
At which point you can ditch them. UUCP over 9600baud forever, man.
While that's not a practical solution, I think GP's point is that there is no internet to regulate - there are just a lot of cooperating sites.
Maybe it would be a good idea to regulate ISPs - but even that gets tricky. Am I an ISP? I have mostly open wifi. Is the cafe' down the street? The Library? The school?
Does net neutrality mean that an ISP won't be able to block port 25? I have really mixed feelings about that...
Off/Airplane mode.
I'm perplexed why people continue to use XML when there is YAML...
The real answer is: who cares? They're both easy [enough] to parse data formats. It's about as interesting as arguing about what your favorite editor is and why. Or your favorite database. Everyone knows the ins and outs, and nobody cares (except maybe you and the person you're arguing with). We all have libraries. We all have parsers. It really doesn't matter.
The trivial answer to your question is: because YAML is very new in the grand scheme of things. And it's not so different that it's really interesting.
Man. My mod points just evaporated - but I'd have marked your post
+1 Awesome
if I still had 'em.
So, in your opinion, constitution limits are meaningless in regard to any action not absolutely necessary to survive? If so, why bother with a constitution in the first place? Please take a moment to savor just how ridiculous you appear right now.
Mmm. Savory.
There is obviously some kind of balance between the amazingly vaguely worded "provide for the common Defence and general Welfare" and just about everything else. I don't think the government has overstepped its bounds, here.
I do think the whole thing is ineffective, misguided, and ridiculously expensive. But I don't think it's illegal.
The Congress shall have Power To lay and collect Taxes, Duties, Imposts and Excises, to pay the Debts and provide for the common Defence and general Welfare of the United States; but all Duties, Imposts and Excises shall be uniform throughout the United States;
So... done? Or did I miss something?
That covers the government not being able to violate your privacy without cause and specific warrant.
The constitution certainly doesn't guarantee your right to fly. Or even drive. The government has decided that it is not permissible to get on a flying bomb without being subject to search. And you can't drive on the road with just anything with 4 wheels.
Voluntarily subjecting yourself to a search in order to do something optional is not a violation of anything.
How is "right"? A personal account can't take payments funded from credit cards, but a premier account has a fee deducted even from ACH payments.
Huh. I have a Personal account that says:
Funding Source: XXXX Checking (Confirmed) x-XXXX
Back Up Funding Source: Visa Card XXXX-XXXX-XXXX-XXXX
I didn't get charged anything for the last few hand-offs I made...
Those were the days. I'd love a Tribes remake (and mac port).
So I won't be able to give $20 to a friend without: 1) being tracked;
On a piece of paper, write "IOU $20". Sign it. Or do the same with GPG.
and 2) giving a cut to some payment processor like PayPal? I'd rather use cash.
Paypal won't take a cut of anything that small if you pay right.
But in general I tend to agree. Of course greenbacks will remain available for that kind of thing for quite a while, I think.
The key point is that you have not eliminated eavesdropping - there is only the appearance that you have. In order to eavesdrop the attacker just performs the MITM and offers you a fake router. Without authentication there is no protection against this.
We seem to have a definition problem - where you and I think eavesdropping mean different things.
Me: eavesdropping means that anyone in the room can listen to what is said.
You: eavesdropping means you don't know who you're talking to.
Any time you connect to any encrypted service, you are placing your trust in that service. If you don't know who they are, that trust may be a poor decision.
Any time you connect to an unencrypted service, you are placing your trust in everyone in the room and along the entire path.
While it is true that you are vulnerable to MITM, etc, it is also true that you have eliminated an entire class of attacks: eavesdropping.
And I think that's huge and worthwhile.
Even if you have full encryption from end to end, with trust, you're still vulnerable to endpoint issues. Bad employees, api leaks, rooted servers. At your end (if you're not in the basement), it just isn't that hard to video you typing your password. Or keyloggers, etc.
Without eavesdropping attacks, this particular problem would drop from "no facebook in public" to "holy crap - someone bothered to set up a MITM to get my facebook password."
Obviously, this is just facebook we're talking about - not banking.
where the fuck these people were during bush era, and why didnt they call any inquiry to bush administrations BLATANT dealings with haliburton ?
In office?
I honestly can not tell if you are trolling here or not. ...
The idea of SSL adding cost overhead for any company is completely nonsensical.
Nope, not trolling. All the money they've spent until now has been money saved. Again, I don't know how much it is. But it clearly adds expense (network, boxes, support, etc) to the mix.
Like I said: I'm sure they'll throw money at it and it'll go away. But I'm also sure they won't be happy to do it.
And if you want to foot the bill, I'm sure they'd be happy to hear it. Money is money.
...
Your example is wrong because without trust encrypting that first hop doesn't even stop other people on the router listening in - it just makes you think that it does. So it is not even the first in a complete solution.
I'm not sure what you mean. I said:
...So is that first hop encryption a complete solution? Nope. Anyone between the wireless router and facebook can still listen in. But it'd sure be a hellofa lot better than in the clear...
But I think that [radio] traffic to/from the router is safe if you use decent encryption (wpa, 2), with limited exceptions (http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access#Security_.26_Insecurity_in_pre-shared_key_mode).
The phrase is correct. Encryption without trust is little better than an unencrypted transmission. You reduce the pool of people that can get at it, to the ones that already know what to do with it. And on top of that you've got that nice sense of security to ensure that you're not as careful as you would've been.
Right, reducing the pool of people who can get at it. That's worthwhile.
As far as "not as careful as you would've been" - maybe you have not been reading much /. Most folks would not be even a little bit careful. Ever. Bad passwords, identical passwords across sites, don't care about http vs. https even when they do understand it, etc.
Well encrypted wifi would be a nice step. Instead of reading "anyone at a cafe' can steal anyone's facebook creds" we'd be reading "anyone running a wifi router can steal anyone's facebook creds". And while a lot of folks will claim there is little difference between the 2, it'd be nice for me not to have to worry about my mom visiting her usual cafe' and using facebook.
... (Well, I suppose it means that a second bad guy couldn't watch as the first bad guy empties your account).
Right. It means that you are narrowing your list of threats, and that is a worthwhile thing to do. In the general case, where you trust your cafe' just a little bit and they encrypt their wifi well, it means you don't have to worry about everyone else in the cafe'. And that's huge.
Exactly.
Ugh. Replies about SSL's being expensive. Please.
SSL is overhead. Let's say that you're facebook, and let's say that the actual cost overhead is 1/1,000,000 of a penny per page served up.
What is facebook's throughput? I have no idea.
http://techcrunch.com/2010/04/21/facebook-like-button/
So it's a lot. So much that even if SSL overhead is just one one millionth of a cent per page served up, it is clearly at least hundreds of dollars a month. From the article, I'd guess that it's at least thousands of dollars a month.
Clearly, that's chump change for facebook, but until now, that's all money they've saved. And that's if the overhead is 1/10^6th of a penny. If it's 10^5th we're talking 10's of thousands. If ssl costs 1/10,000 of a penny per page, we're talking 100's of thousands of dollars a month. That starts to add up.
Again, I have absolutely no freaking idea how much overhead it is, and I have no idea their volume. But at the volume they're doing, you can see where any measurable overhead would cost real money.
My guess is that they will throw money at the problem and it'll go away. But they won't be happy to do it.
... Encryption without trust is less than useless.
I am so tired of that statement. Encryption without trust is Encryption. It is way less than ideal, but way better than cleartext.
I don't particularly trust my local cafe'.
I really don't trust their ISP.
I especially don't trust the phone company.
I entirely don't trust the government.
I certainly don't trust facebook.
But I use the cafe' wireless who uses their ISP who uses the phone company who is tapped by the government when I use facebook. And if the wifi were encrypted, I would not also have to worry about my fellow cafe' sniffers.
So is that first hop encryption a complete solution? Nope. Anyone between the wireless router and facebook can still listen in. But it'd sure be a hellofa lot better than in the clear.
Encryption without trust is not security, but it is encryption.
You, sir, are brilliant.