And most banks still consider knowledge of your birthday as an authentication question. Not identification, authentication.
I know of a few big banks that only allow numeric digits! "Between 8 and 12 NUMERIC DIGITS".
Effective MAXIMUM security level -- 6 character password. Poteltial MINIMUM security level -- 4 character password.
One of those institutions considers the account number itself as some "sup3r secr3t" number that only you are supposed to know, they warn you "don't let anyone know, keep your record of the account number secure".
The source of the "5000 troops in organized groups" is an 'anonymous government source'. The source of the "they are threatening to nuke us, they claim they will nuke us if necessary" is the Ukrainian government itself, the second least trustworthy source in the region. NOT GOOD ENOUGH. NOT BY FAR.
Without question they've been transferring in armoured equipment, and I wouldn't doubt the number of 1000, and some cross border shelling is believable (something the Russians think they could get away with), but whenever actual media on the ground go looking through "newly won rebel territory", they find nothing but locals. The Ukrainians haven't captured any regular Russian forces in actual combat, just that one small unit out of position near the border weeks ago.
The funniest thing in all of this is that weeks ago when the Ukrainians were making gains, they refused to negotiate while the Russians and Rebels seemed to be willing. Now that the rebels are making gains, guess what? Ukraine wants to negotiate, the rebels not so much.
This "slashdot submission" is dangerously alarmist, and completely unacceptable. The mainstream media needs to be a LOT MORE sensible about what drivel they publish. We cannot allow ourselves to get ourselves hyped up about imaginary dangers.
It would be one hell of a crime if our vaunted "fifth estate"... normally such a pivotal key part of democratic and free countries... helps drag us deeper into a pile of crap because they are pursuing advertising dollars.
> In July 2012 Mr. Justice Punnett ordered that the world wide assets of Morgan Jack and Datalink be frozen. The order prohibits Datalink from carrying on business because it prohibits the sale of any inventory. >... > The defendants have effectively disappeared. They have refused to provide any information about where they operate of where they manufacture the GW1000.... Further, the company appears to be a virtual one. >... > However, Datalink and Morgan Jack continue to sell their products in violation of these and other court orders.
I presume that this website is the seized website of the guy whom the BC court has ordered "all worldwide assets be seized". It looks like the BC court has tried everything underneath the sun to deal with this issue prior to going the google route. But the fact that the other guy has "gone underground" and is likely selling products from foreign jurisdictions... I think the plaintiff and the court going the google route is totally fair and justified in this case.
If it wasn't for google and the internet, this guy, wherever he is, wouldn't be able to carry on his illegal fraudulent business.
Sounds like Amazon and Netflix and Apple and others need to get together in a joint venture with Google to really go to town with Google Fiber. Imagine if all the big BIG tech vendors threw together, AND did an IPO to get enough funding to actually do it, AND did pre-sign-ups to get average people to scream blue murder to their elected representatives demanding that the TechFiber Alliance be given the same statutory access to run and bury fiber cables across people's streets and yards like the cable co's were given 50 years ago.
And then she goes to tell the real sky marshal that there is someone back there claiming to be in posession of a gun, and suddenly you're looking down the barrel of a real gun. Don't make any sudden moves!
(All flight staff are introduced to the marshal in person prior to the flight.)
Noooo no no no no. That's a good way of rsync'ing an empty mount point to your target and wiping all your backup data automatically.
If you want to rsync frequently, make sure you are using --link-dest or something to multiple targets. Thus the day that you have a main array failure and you also discover that last week's rsync was "empty", you've only lost a differential and the prior month's copy is still there.
I don't know what page you are looking at, but to use their cloud storage it's $4 to $9 a month (individual/family). Their "free" offering clearly says "backup to other computers and external drives, free" -- maybe they give you a demo period of cloud storage, but clearly the free is not cloud based.
I was thinking about this yesterday. Doesn't the vast majority of modern aviation tracking radar systems depend pretty heavily, not just for identification but for returns at all at at long distances, on the planes own IFFtransponders for replies?
Could it not "drop off" the long range radar simply by turning off it's transponder? At that distance the radar return might be low enough that without the transponder response, it'd "disappear"...
I wanna be a fly on the wall the day (and it will happen) when a large number of people's bank accounts are drained, and the banks say "it was you, you logged in with your credentials"... then latter on the people hit and/or the banks finally figure out "oh, it was all these employees of company X whose accounts got drained"... THEN who is up sh*t creek?
I have a big enough problem with my stupid browser deciding that when I type "blahblah" into the host bar that if it can't reach "http://blahblah:80/" that it should automatically default to "http://blahblah.com/" or google "blahblah"... yeah, that's what I need, the internal hostnames leaked to google, thanks idiot browser developer.
Okay, it's good for grandma and everyone else using browsers. There should be a clear UI element that appears when this happens to allow me to disable it.
They still need to store that massive list of crucial phone numbers somewhere, and also increase communication via other means in order to propogate the phone number changes.
The only thing burner phones is good for is not allowing the cops to easily pull your number from phone company records by name so as to put a trace on your phone.
Instead they have do do actual legwork to figure out what phone you're calling from, and depending on which opponents you are facing and whether they have "high priority" FBI/FSB van-full-of-technology-on-your-ass nearby watching the call metadata from ALL the calls to nearby towers...
Burner phones are also good for people whom the police do not know about nor whom they can physically find... but that quickly breaks down as they hunt you down from the calls you make to numbers and people they do know about.
Shadowy japanese developer develops virtual currency.
Years latter japanese "virtual bank" dissolves with a third of a billion dollars missing.
Oh really?
The absolute best comparison would be that Eve Online bank whose founder closed shop and walked away with the ISK, or the Eve Online corporation whose director transferred all the assets and then dissolved it and walked away. Just the knowledge of those alone was enough to predict that this was inevetable with Bitcoin. I just cannot believe so many people were dumb enough to hand their virtual stuff lock stock and key to a virtual company.
If the "company" had been in Nigeria maybe they would have taken pause. But for some reason they think that "oh Japan, that's a modern country with some laws, obviously my untraceable currency will be safe with a company founded by some random nobody".
> It will take years, if not decades, for us to return to the position that we had prior to his disclosures
ALL THE REST OF US believe that "the position" they "held" is and/or should be flat out ***king illegal. We think the morons passing laws that mangae to circumvent and directly violate key attributes of our democracies - are the traitors. It's getting damn close to the time when a "citizen's rights" shouldn't be bound by borders, and a governments "limitations on powers" shouldn't end at the borders nor be different outside the borders.
"Oh look, I'm outside of X, obviously no laws at all apply to me, fuck you and you and you."
Actually, that sounds exactly like the governmental state equivalent of "Freemen on the Land"!
Always remember boys and girls, if you've ever been arrested for anything (not convicted, just arrested) - it's very possible that you won't ever in your life be admitted to Canada as a visitor or tourist. And that may someday extend to the rest of the entire world as well.
Same goes in reverse for Canadians who might ever wish to see some of the spectacular natural parks and things in the US.
Doesn't that blatantly violate the copyright of the websites who are serving that data?
Doesn't doubleclick have enough lawyers to blow Bell back to the stone age?
I specifically remember years ago, when someone tried to build a CLIENT SIDE application that allowed you and others to "comment on top of" a website as it was displayed in your browser, they got completely blown out of the water over this, because they were "defacing and modifying someone else's copyright'd content" -- and that wasn't even as clear as this, that was in your browser after it had been displayed, this is flat out interception of communication between me and a third party and MODIFICATION of said data.
It's just completely fucked up. Everyone needs to enable SSL on their websites, cpu and bandwidth be damned.
Two separate times over a couple years I have gone into my linked-in profile and de-selected ALL the "email you this" and "email you that" options.
I kept getting email notifications for large numbers of things. (Yes, I waited 7+ days after each profile change.)
TWICE I've gone to their technical support staff. TWICE they've failed to figure out how to configure their systems to not send me e-mail notifications. The second time they flat out apologized for not being able to do it successfully, they were able to recognize that however their back end is configured and architected... it's just impossible to do certain things.
I should say, I'm commenting on the "only 1 out of 100's" aspect -- not on the "oust the gov" ala revolution.
Rather -- we haven't even begun to use the peaceful means out society provides to correct things and enact change. It sometimes REQUIRES us to become involved with the process.
( Dang it, when will slashdot let me edit a post? Get with the times man. )
Yeah, there is a massive amount of historical evidence that people will "go with the crowd" and it's rare, really rare, to see someone sacrifice even a modecum of their... time let alone personal safety/comfort, even if it's just theoretical acceptance of a risk... to help defend what they think is important. It's too easy to come up with excuses to not act*.
- Things aren't too bad yet
- Other people are working on it
- I'll do something when the time is right
- Well it's not as important as I thought
- I'm not potentially sacrificing my career or even a small part of my liberty for this, simply "holding my opinion" is my contribution to "resisting".
- My contribution is too small to matter. No one will listen.
- Secret dark forces we cannot fight are arrayed against us**.
- etc
(*) And I'm Including myself here. I haven't written a letter to anyone yet about any of the serious things that have happened lately. (**) A huge fraction of people are conspiracy theorists, and they ALWAYS pull this out of the hat when you ask them "omg that's horrible, what are you personally doing about it".)
> The late Donald Murray, a rifleman in WWII, wrote that the guys who were loudest before combat usually were the ones he could not rely on in a firefight.
Too many "Donald Murray's" in the world for google to find, got any references/links? Always love reading a good first person story from people like this.
It is theatre. Even your non-techie friends can use google, which immediately leads to tools that can brute force the master password (http://securityxploded.com/firemaster.php), and without a doubt there are tools out there that will read the master password from running memory, and I'd expect that to appear in open/published tools like the above someday too.
The main problem with this theatre is that you and other people might be fooled into believing you are more secure than you are, and store things there that you should not.
The software developers are refusing to participate in this theatre in order to force you to recognize the actual reality of the situation.
If one person stores their bank credentials in their browser password database and looses their life savings, it's unacceptable.
Note -- Pidgin doesn't support a master password nor does it even obfuscate the stored passwords, the passwords are stored in a text file IN THE CLEAR, because they are making a conscious choice to explicitly point out to you that there is no actual security for 90% of the cases where you will be attacked. If someone can read your files and your user's system memory, they have you.
2099 to 2135 - Second Era of Known Space: Life-extending organ transplants are supplied by the organ banks, which are mainly supplied by the bodies of executed criminals. The enormous demand for organs has vastly increased use of the death penalty, to include even minor crimes.
Is infinite and open access to information the core of "what's wrong" with society in 1984? Or is it the fact that the citizens have no control over their government, no freedom of speach, etc?
What's the technological difference between
- all citizens each day looking at photos of people wanted by the police for what we consider crimes, and calling the local detachment when we recognize someone - a computer doing the above - citizens calling the KGB because their neighbour said something snarky about the state - a computer doing the above
> Brave New World
And I quote: "The vast majority of the population is unified under the World State, an eternally peaceful, stable global society in which goods and resources are plentiful (because the population is permanently limited to no more than two billion people) and everyone is happy."
I strongly object to warrantless wiretapping, and I definitely want tons of checks and balances, and I want my elected representatives to share my values.
That doesn't mean that "databases" are inherently bad, or can't help us create a more effective just society. Like all tools, it depends on how you use them. Ever read "The Golden Age" by John C. Wright, or any of the Polity novels by Neal Asher?
I kid you not, 90% of general purpose software developers are not sharp enough to "touch" security related code or systems without leaving GAPING holes because they totally don't understand or misunderstand simple things.
They can write an if/else or a while loop, but other more advanced things... just beyond them. And even the moderately smart senior personnel will accidentally leave something in a "prototype" state and accidentally ship it because of deadlines.
This is the security/encryption equivalent of a Barracuda anti-spam appliance. Yes, any smart sharp sysadmin with sufficient time allocated to the task can implement brilliant near-perfect spam filtering using open source products. LOTS of sysadmins a) aren't that smart: it won't be configured nearly as well as a company needs, and it'll fail frequently or do strange things because they disagree on how it should work, and b) they won't have sufficient man weeks allocated to it, and remember, the less sharp the person is, the more time they'll need and the more problems there will be.
WAY BETTER for an SMB* to simply drop cash on an "appliance". It's almost impossible for a Barracuda to do worse than your average overworked sysadmin.
I'm not a shill for the latter, it's simply the device the SMB I work for uses. And our sysadmin's aren't dumb. They're just not brilliant and they are, of course, overworked.
Slashdot Mirror
And most banks still consider knowledge of your birthday as an authentication question. Not identification, authentication.
I know of a few big banks that only allow numeric digits! "Between 8 and 12 NUMERIC DIGITS".
Effective MAXIMUM security level -- 6 character password.
Poteltial MINIMUM security level -- 4 character password.
One of those institutions considers the account number itself as some "sup3r secr3t" number that only you are supposed to know, they warn you "don't let anyone know, keep your record of the account number secure".
The source of the "5000 troops in organized groups" is an 'anonymous government source'. The source of the "they are threatening to nuke us, they claim they will nuke us if necessary" is the Ukrainian government itself, the second least trustworthy source in the region. NOT GOOD ENOUGH. NOT BY FAR.
Without question they've been transferring in armoured equipment, and I wouldn't doubt the number of 1000, and some cross border shelling is believable (something the Russians think they could get away with), but whenever actual media on the ground go looking through "newly won rebel territory", they find nothing but locals. The Ukrainians haven't captured any regular Russian forces in actual combat, just that one small unit out of position near the border weeks ago.
The funniest thing in all of this is that weeks ago when the Ukrainians were making gains, they refused to negotiate while the Russians and Rebels seemed to be willing. Now that the rebels are making gains, guess what? Ukraine wants to negotiate, the rebels not so much.
This "slashdot submission" is dangerously alarmist, and completely unacceptable. The mainstream media needs to be a LOT MORE sensible about what drivel they publish. We cannot allow ourselves to get ourselves hyped up about imaginary dangers.
It would be one hell of a crime if our vaunted "fifth estate" ... normally such a pivotal key part of democratic and free countries ... helps drag us deeper into a pile of crap because they are pursuing advertising dollars.
Some nice detailed info over here: http://www.equustek.info/
> In July 2012 Mr. Justice Punnett ordered that the world wide assets of Morgan Jack and Datalink be frozen. The order prohibits Datalink from carrying on business because it prohibits the sale of any inventory. ... ... Further, the company appears to be a virtual one. ...
>
> The defendants have effectively disappeared. They have refused to provide any information about where they operate of where they manufacture the GW1000.
>
> However, Datalink and Morgan Jack continue to sell their products in violation of these and other court orders.
I presume that this website is the seized website of the guy whom the BC court has ordered "all worldwide assets be seized". It looks like the BC court has tried everything underneath the sun to deal with this issue prior to going the google route. But the fact that the other guy has "gone underground" and is likely selling products from foreign jurisdictions ... I think the plaintiff and the court going the google route is totally fair and justified in this case.
If it wasn't for google and the internet, this guy, wherever he is, wouldn't be able to carry on his illegal fraudulent business.
Sounds like Amazon and Netflix and Apple and others need to get together in a joint venture with Google to really go to town with Google Fiber. Imagine if all the big BIG tech vendors threw together, AND did an IPO to get enough funding to actually do it, AND did pre-sign-ups to get average people to scream blue murder to their elected representatives demanding that the TechFiber Alliance be given the same statutory access to run and bury fiber cables across people's streets and yards like the cable co's were given 50 years ago.
And then she goes to tell the real sky marshal that there is someone back there claiming to be in posession of a gun, and suddenly you're looking down the barrel of a real gun. Don't make any sudden moves!
(All flight staff are introduced to the marshal in person prior to the flight.)
> rsync hourly.
Noooo no no no no. That's a good way of rsync'ing an empty mount point to your target and wiping all your backup data automatically.
If you want to rsync frequently, make sure you are using --link-dest or something to multiple targets. Thus the day that you have a main array failure and you also discover that last week's rsync was "empty", you've only lost a differential and the prior month's copy is still there.
I don't know what page you are looking at, but to use their cloud storage it's $4 to $9 a month (individual/family). Their "free" offering clearly says "backup to other computers and external drives, free" -- maybe they give you a demo period of cloud storage, but clearly the free is not cloud based.
I was thinking about this yesterday. Doesn't the vast majority of modern aviation tracking radar systems depend pretty heavily, not just for identification but for returns at all at at long distances, on the planes own IFFtransponders for replies?
http://en.wikipedia.org/wiki/S...
Could it not "drop off" the long range radar simply by turning off it's transponder? At that distance the radar return might be low enough that without the transponder response, it'd "disappear"...
I wanna be a fly on the wall the day (and it will happen) when a large number of people's bank accounts are drained, and the banks say "it was you, you logged in with your credentials"... then latter on the people hit and/or the banks finally figure out "oh, it was all these employees of company X whose accounts got drained" ... THEN who is up sh*t creek?
I have a big enough problem with my stupid browser deciding that when I type "blahblah" into the host bar that if it can't reach "http://blahblah:80/" that it should automatically default to "http://blahblah.com/" or google "blahblah" ... yeah, that's what I need, the internal hostnames leaked to google, thanks idiot browser developer.
Okay, it's good for grandma and everyone else using browsers. There should be a clear UI element that appears when this happens to allow me to disable it.
They still need to store that massive list of crucial phone numbers somewhere, and also increase communication via other means in order to propogate the phone number changes.
The only thing burner phones is good for is not allowing the cops to easily pull your number from phone company records by name so as to put a trace on your phone.
Instead they have do do actual legwork to figure out what phone you're calling from, and depending on which opponents you are facing and whether they have "high priority" FBI/FSB van-full-of-technology-on-your-ass nearby watching the call metadata from ALL the calls to nearby towers...
Burner phones are also good for people whom the police do not know about nor whom they can physically find ... but that quickly breaks down as they hunt you down from the calls you make to numbers and people they do know about.
Shadowy japanese developer develops virtual currency.
Years latter japanese "virtual bank" dissolves with a third of a billion dollars missing.
Oh really?
The absolute best comparison would be that Eve Online bank whose founder closed shop and walked away with the ISK, or the Eve Online corporation whose director transferred all the assets and then dissolved it and walked away. Just the knowledge of those alone was enough to predict that this was inevetable with Bitcoin. I just cannot believe so many people were dumb enough to hand their virtual stuff lock stock and key to a virtual company.
If the "company" had been in Nigeria maybe they would have taken pause. But for some reason they think that "oh Japan, that's a modern country with some laws, obviously my untraceable currency will be safe with a company founded by some random nobody".
ALL THE REST OF US believe that "the position" they "held" is and/or should be flat out ***king illegal. We think the morons passing laws that mangae to circumvent and directly violate key attributes of our democracies - are the traitors. It's getting damn close to the time when a "citizen's rights" shouldn't be bound by borders, and a governments "limitations on powers" shouldn't end at the borders nor be different outside the borders.
Actually, that sounds exactly like the governmental state equivalent of "Freemen on the Land"!
The adblock guys should package it as a local standalone proxy then.
Always remember boys and girls, if you've ever been arrested for anything (not convicted, just arrested) - it's very possible that you won't ever in your life be admitted to Canada as a visitor or tourist. And that may someday extend to the rest of the entire world as well.
Same goes in reverse for Canadians who might ever wish to see some of the spectacular natural parks and things in the US.
Doesn't that blatantly violate the copyright of the websites who are serving that data?
Doesn't doubleclick have enough lawyers to blow Bell back to the stone age?
I specifically remember years ago, when someone tried to build a CLIENT SIDE application that allowed you and others to "comment on top of" a website as it was displayed in your browser, they got completely blown out of the water over this, because they were "defacing and modifying someone else's copyright'd content" -- and that wasn't even as clear as this, that was in your browser after it had been displayed, this is flat out interception of communication between me and a third party and MODIFICATION of said data.
It's just completely fucked up. Everyone needs to enable SSL on their websites, cpu and bandwidth be damned.
Two separate times over a couple years I have gone into my linked-in profile and de-selected ALL the "email you this" and "email you that" options.
I kept getting email notifications for large numbers of things. (Yes, I waited 7+ days after each profile change.)
TWICE I've gone to their technical support staff. TWICE they've failed to figure out how to configure their systems to not send me e-mail notifications. The second time they flat out apologized for not being able to do it successfully, they were able to recognize that however their back end is configured and architected ... it's just impossible to do certain things.
Yeah, no, I'm not trusting private data to them.
I should say, I'm commenting on the "only 1 out of 100's" aspect -- not on the "oust the gov" ala revolution.
Rather -- we haven't even begun to use the peaceful means out society provides to correct things and enact change. It sometimes REQUIRES us to become involved with the process.
( Dang it, when will slashdot let me edit a post? Get with the times man. )
Yeah, there is a massive amount of historical evidence that people will "go with the crowd" and it's rare, really rare, to see someone sacrifice even a modecum of their ... time let alone personal safety/comfort, even if it's just theoretical acceptance of a risk ... to help defend what they think is important. It's too easy to come up with excuses to not act*.
- Things aren't too bad yet
- Other people are working on it
- I'll do something when the time is right
- Well it's not as important as I thought
- I'm not potentially sacrificing my career or even a small part of my liberty for this, simply "holding my opinion" is my contribution to "resisting".
- My contribution is too small to matter. No one will listen.
- Secret dark forces we cannot fight are arrayed against us**.
- etc
(*) And I'm Including myself here. I haven't written a letter to anyone yet about any of the serious things that have happened lately.
(**) A huge fraction of people are conspiracy theorists, and they ALWAYS pull this out of the hat when you ask them "omg that's horrible, what are you personally doing about it".)
> The late Donald Murray, a rifleman in WWII, wrote that the guys who were loudest before combat usually were the ones he could not rely on in a firefight.
Too many "Donald Murray's" in the world for google to find, got any references/links? Always love reading a good first person story from people like this.
Cheers.
It is theatre. Even your non-techie friends can use google, which immediately leads to tools that can brute force the master password (http://securityxploded.com/firemaster.php), and without a doubt there are tools out there that will read the master password from running memory, and I'd expect that to appear in open/published tools like the above someday too.
The main problem with this theatre is that you and other people might be fooled into believing you are more secure than you are, and store things there that you should not.
The software developers are refusing to participate in this theatre in order to force you to recognize the actual reality of the situation.
If one person stores their bank credentials in their browser password database and looses their life savings, it's unacceptable.
Note -- Pidgin doesn't support a master password nor does it even obfuscate the stored passwords, the passwords are stored in a text file IN THE CLEAR, because they are making a conscious choice to explicitly point out to you that there is no actual security for 90% of the cases where you will be attacked. If someone can read your files and your user's system memory, they have you.
SHHHHHHhhh, don't give them any ideas!
I think he's using the past tense as in the DISTANT past, like 250 years ago on western sailing warships and the like, or back in the days of slavery.
> 1984
Is infinite and open access to information the core of "what's wrong" with society in 1984? Or is it the fact that the citizens have no control over their government, no freedom of speach, etc?
What's the technological difference between
- all citizens each day looking at photos of people wanted by the police for what we consider crimes, and calling the local detachment when we recognize someone
- a computer doing the above
- citizens calling the KGB because their neighbour said something snarky about the state
- a computer doing the above
> Brave New World
And I quote: "The vast majority of the population is unified under the World State, an eternally peaceful, stable global society in which goods and resources are plentiful (because the population is permanently limited to no more than two billion people) and everyone is happy."
I strongly object to warrantless wiretapping, and I definitely want tons of checks and balances, and I want my elected representatives to share my values.
That doesn't mean that "databases" are inherently bad, or can't help us create a more effective just society. Like all tools, it depends on how you use them. Ever read "The Golden Age" by John C. Wright, or any of the Polity novels by Neal Asher?
Afford, yes. Implement? PROPERLY?
I kid you not, 90% of general purpose software developers are not sharp enough to "touch" security related code or systems without leaving GAPING holes because they totally don't understand or misunderstand simple things.
They can write an if/else or a while loop, but other more advanced things ... just beyond them. And even the moderately smart senior personnel will accidentally leave something in a "prototype" state and accidentally ship it because of deadlines.
This is the security/encryption equivalent of a Barracuda anti-spam appliance. Yes, any smart sharp sysadmin with sufficient time allocated to the task can implement brilliant near-perfect spam filtering using open source products. LOTS of sysadmins a) aren't that smart: it won't be configured nearly as well as a company needs, and it'll fail frequently or do strange things because they disagree on how it should work, and b) they won't have sufficient man weeks allocated to it, and remember, the less sharp the person is, the more time they'll need and the more problems there will be.
WAY BETTER for an SMB* to simply drop cash on an "appliance". It's almost impossible for a Barracuda to do worse than your average overworked sysadmin.
I'm not a shill for the latter, it's simply the device the SMB I work for uses. And our sysadmin's aren't dumb. They're just not brilliant and they are, of course, overworked.
(*) Small and Medium Busuiness