The republicans are a financially conservative party that wants to interfere with your personal life The democrats are a financially conservative party that doesn't want to interfere with your personal life
I think if you check the voting record and the actual history of their behaviour, you'll find that you're mistaken on almost all points. Don't just fall for the glossy brochures and TV ads, and don't rely on your recollection of what they were like when you were a kid. Ask what they do now instead. For example, obviously neither of them are financially conservative, and which party did Chris Dodd call home?
The original story was misleading: OpenStack want to extend the definition to things that would mean HP would not be in compliance, but HP have already said they'd be happy to come into compliance once that definition has been set.
So, samzenpus lies to its readers, is a credulous shill (or can be bribed? has sticks in this fire? just hates HP on principle?) for any sensationalist who comes around, and itwbennett spreads disinformation (or can be bribed? has sticks in this fire? just hates HP on principle?) presumably to discredit competitors. Astroturfing on/.; thanks a lot.
Good job, both of you.:-P I now know how much weight to give your stories in the future.
People not so warned, however, may have a "reasonable expectation of privacy" based on what they have and have not been told about email...
The other day, we were told that the DEA believed that Apple's iMessage service was unbreakable crypto opaque to them. Should those "People not so warned" believe they have a reasonable expectation of privacy using it? It turns out, that message is bogus and Apple stores iMessages, and can hand over decrypted cleartext. Should those "People not so warned" now believe they do not have a reasonable expectation of privacy using it?
Which is it? What are we supposed to believe? How the !@#$ do we get the law on our side when this level of wiggle room is involved? Was the game rigged recently, or has it always been this corrupted?
Tell that to Giovanni Caboto|Jean Cabot|John Cabot. "A rose by any other name..." That, and many, many other characters don't exist on my keyboard, and though I've heard there are ways to produce it it'd be used so seldom it's not worth the effort. Sorry Tatu, but thanks.
Speaking as someone who designs control systems like what you talk about for a living, the chances of that are slim. To penetrate the Iranian centrifuges... This kind of attack took [many] years to plan out and cooperation from the company that manurfactured the PLC's(Siemens), and it required the tech reprogramming them, which would only happen because the system was still in [its] software infancy.
Yet the result was, it worked. Someone was sufficiently motivated for the long haul to make it happen. I prefer not to underestimate the opposition. Slim chances are a challenge; that's all. We have to be right all the time. They only have to be right once. That story yesterday talked about (tens of|hundreds of) thousands of machines whose security were trivially unsecured (factory admin username/passwords unchanged & machines networked). It showed that there's oodles of low-hanging fruit with little to no failsafes enabled.
9/11 happened via a couple of months in flight simulators plus box cutters, combined with a lot of inertia on our part (poorly armoured cockpit doors). Look at the mess we've since created to prevent that sort of attack. Those bastards are now long dead, yet they're still winning that battle.
Kim Philby almost lost his job because Stalin could not believe there were no British spies in Moscow. Was that paranoia, or due diligence?
Wonder if North Korea was the original target, and the malware leaked out into the wild.
I wonder if the miscreant just used NK to carry out the attack, in order to incriminate them. I'm lookin' at you, CIA. I must say I'm also a bit surprised to learn that NK allows any connection to the net outside its borders, especially to SK (the enemy).
I'm still surprised they had the tech chops to pull that off...
You can buy tech chops. Cf. Werner von Braun. There's always been plenty of people who're easily persuaded to supress any sense of morality or ethics that might get in the way of them getting the filthy lucre. Some (WvB again) aren't even after money.
But I'm sure most civilians prefer an empty computer rather than being dead.
Most civillians are ignorant morons wrt computers. If that empty computer was used to locate (see story yesterday) the poorly secured, net connected SCADA box that controls the spillways of the hydroelectric dam upstream of your place, an empty computer is the least of your worries.
You missed the parent's point. Without knowing the alphabet from which the string is selected, we can't say anything about how quickly the string would be guessed. For example, if the alphabet is ASCII, into which both strings fall, they are just as good as each other, from a mathematical perspective.
I don't understand either. I suspect you're both splitting hairs, but I can't tell whether they're blond, brown, or red from here.
The latter is a significantly larger number than the former; more than ten times larger. The "10"s are the integers from 0 to 9. "52" == 26 letters in the alphabet * 2 (upper and lower case). "22" is the 11 punctuation keys * 2 (ibid.).
I hope you're not suggesting something stupid like, "Given the choice between 1234 and 4t&q, either is just as likely to be chosen as the other." Well, duh.
Only wanna-be cryptonerds who still fail to understand why self-signed certs are next to worthless still carry on about 'web of trust' crap.
Your arrogance is unfounded. Multiple CAs have been cracked in the past few years and everyone who knows anything about the system knows it should be scrapped. Self-signed certs can be just as reliable as the snakeoil CAs spit out. You don't have to pay snakeoil salesmen for them either.
If I want to start a journal, I'm going to have to work extra hard not to look fake.
FTFY. It won't matter if you're in Pune or Kazachstan. Your actions define the result.
I don't understand why this's a problem. There's been vanity publishers out there ever since Gutenberg, and perhaps before. If you're a researcher wanting to publish results, it'd be pretty sad if you couldn't also research publishers first to do it.
Wouldn't you try a test run on one user account before letting it fly for all users?
I'm pretty much constantly amazed at what crap manages to be considered "competent IT staff" these days. This's at one of the biggest names out there too. There's a lot of blame to pass around here, from HR (for suggesting them), to management (for hiring them), to the drone who did this without bothering to first get their ducks in a row (research the problem maybe?). Then there's the moving from gmail to Yahoo bit. Wouldn't anyone be better than Yahoo, just based on their press over the last few years? Who made that ridiculous decision?
They haven't released much that's at all memorable in ten to fifteen years, yet they're only now being handed pink slips? Way to screw the pooch! I'm impressed! How do we find sinecures like that, or do they only exist in corporate boards of directors these days? Fifteen years of no, "What have you done for us lately?", and they got away with it (no lawsuits & etc)? That's pretty amazing.
What's sad is something like this was awarded a patent. I have two (physical) slide to unlock buttons on the base of my laptop. Why were they awarded a patent for doing the same in software?!? How much time, money, and effort has that stupid decision sucked out of the numerous justice systems where this raised its head?
Any laws that apply to individuals should also apply to large organizations.
Dreamer.
Sue them into the weeds. If your employer will not then try suing them yourself.
The judge, if s/he's in a good mood, is going to laugh that out of court. These aren't his systems. They're his employers' systems. He has no standing.
Make no mistake. They would have you for lunch if you hacked them.
I also find it funny how hypocritical slashdot is about public transportation. Slashdot group think says it's not ok to charge for access to articles and court documents because they were paid with tax payer money. But with public transportation, tax payers pay for he trains, roads, railroads, buses, etc...
Taxpayers pay for building/enabling them, to get other drivers off the road network. How selfish of them!!!111
Then, the people who actually use them pay for upkeep/maintenance, so they don't have to subject themselves to the road network. How selfish of them!!!111
The only Slashdot group think there is is inside "shallow as a pane of glass" intellects such as yours.
What harm can there be by getting rid of such people rather than having to constantly spend our time and money to undo what they have done?
If you're constantly spending time and money undoing what they've done, you're doin' it wrong. You're saying the wall around the Walled Garden is one foot high. People like this are doing you a service showing you how vulnerable you really are.
Obviously they have made the choice to not live within the common bounds of society...
The guilty should live if for no other reason than to suffer the ridicule...
Ridicule? $10,000/day and more than half a million computers pwned, he succeeded way beyond his wildest dreams! We can only dream about making a mark that big. No, I don't like malware and spam, but I do appreciate he did what he set out to do, spectacularly. Had I chosen that as a goal, I'd be beaming with pride right now.
Slashdot Mirror
The republicans are a financially conservative party that wants to interfere with your personal life
The democrats are a financially conservative party that doesn't want to interfere with your personal life
I think if you check the voting record and the actual history of their behaviour, you'll find that you're mistaken on almost all points. Don't just fall for the glossy brochures and TV ads, and don't rely on your recollection of what they were like when you were a kid. Ask what they do now instead. For example, obviously neither of them are financially conservative, and which party did Chris Dodd call home?
You're welcome.
The original story was misleading: OpenStack want to extend the definition to things that would mean HP would not be in compliance, but HP have already said they'd be happy to come into compliance once that definition has been set.
So, samzenpus lies to its readers, is a credulous shill (or can be bribed? has sticks in this fire? just hates HP on principle?) for any sensationalist who comes around, and itwbennett spreads disinformation (or can be bribed? has sticks in this fire? just hates HP on principle?) presumably to discredit competitors. Astroturfing on /.; thanks a lot.
Good job, both of you. :-P I now know how much weight to give your stories in the future.
People not so warned, however, may have a "reasonable expectation of privacy" based on what they have and have not been told about email ...
The other day, we were told that the DEA believed that Apple's iMessage service was unbreakable crypto opaque to them. Should those "People not so warned" believe they have a reasonable expectation of privacy using it? It turns out, that message is bogus and Apple stores iMessages, and can hand over decrypted cleartext. Should those "People not so warned" now believe they do not have a reasonable expectation of privacy using it?
Which is it? What are we supposed to believe? How the !@#$ do we get the law on our side when this level of wiggle room is involved? Was the game rigged recently, or has it always been this corrupted?
Biden says the chance of the U.S. Gov becoming oppressive is virtually nil.
He's correct. When you're already oppressive, how can you become oppressive?
Cluebats welcome.
I'm wondering what's wrong with "scp -rp ~/.ssh user@host:~/" (assuming pword auth can be enabled momentarily).
Tatu Ylonen (creator of SSH 1.x)
Ylönen.
Tell that to Giovanni Caboto|Jean Cabot|John Cabot. "A rose by any other name ..." That, and many, many other characters don't exist on my keyboard, and though I've heard there are ways to produce it it'd be used so seldom it's not worth the effort. Sorry Tatu, but thanks.
Speaking as someone who designs control systems like what you talk about for a living, the chances of that are slim. To penetrate the Iranian centrifuges ... This kind of attack took [many] years to plan out and cooperation from the company that manurfactured the PLC's(Siemens), and it required the tech reprogramming them, which would only happen because the system was still in [its] software infancy.
Yet the result was, it worked. Someone was sufficiently motivated for the long haul to make it happen. I prefer not to underestimate the opposition. Slim chances are a challenge; that's all. We have to be right all the time. They only have to be right once. That story yesterday talked about (tens of|hundreds of) thousands of machines whose security were trivially unsecured (factory admin username/passwords unchanged & machines networked). It showed that there's oodles of low-hanging fruit with little to no failsafes enabled.
9/11 happened via a couple of months in flight simulators plus box cutters, combined with a lot of inertia on our part (poorly armoured cockpit doors). Look at the mess we've since created to prevent that sort of attack. Those bastards are now long dead, yet they're still winning that battle.
Kim Philby almost lost his job because Stalin could not believe there were no British spies in Moscow. Was that paranoia, or due diligence?
Wonder if North Korea was the original target, and the malware leaked out into the wild.
I wonder if the miscreant just used NK to carry out the attack, in order to incriminate them. I'm lookin' at you, CIA. I must say I'm also a bit surprised to learn that NK allows any connection to the net outside its borders, especially to SK (the enemy).
I'm still surprised they had the tech chops to pull that off ...
You can buy tech chops. Cf. Werner von Braun. There's always been plenty of people who're easily persuaded to supress any sense of morality or ethics that might get in the way of them getting the filthy lucre. Some (WvB again) aren't even after money.
But I'm sure most civilians prefer an empty computer rather than being dead.
Most civillians are ignorant morons wrt computers. If that empty computer was used to locate (see story yesterday) the poorly secured, net connected SCADA box that controls the spillways of the hydroelectric dam upstream of your place, an empty computer is the least of your worries.
You missed the parent's point. Without knowing the alphabet from which the string is selected, we can't say anything about how quickly the string would be guessed. For example, if the alphabet is ASCII, into which both strings fall, they are just as good as each other, from a mathematical perspective.
I don't understand either. I suspect you're both splitting hairs, but I can't tell whether they're blond, brown, or red from here.
(0) infidel /home/keeling_ calcme 10*10*10*10 /home/keeling_ calcme 10*52*22*52
10000
(0) infidel
594880
The latter is a significantly larger number than the former; more than ten times larger. The "10"s are the integers from 0 to 9. "52" == 26 letters in the alphabet * 2 (upper and lower case). "22" is the 11 punctuation keys * 2 (ibid.).
I hope you're not suggesting something stupid like, "Given the choice between 1234 and 4t&q, either is just as likely to be chosen as the other." Well, duh.
Only wanna-be cryptonerds who still fail to understand why self-signed certs are next to worthless still carry on about 'web of trust' crap.
Your arrogance is unfounded. Multiple CAs have been cracked in the past few years and everyone who knows anything about the system knows it should be scrapped. Self-signed certs can be just as reliable as the snakeoil CAs spit out. You don't have to pay snakeoil salesmen for them either.
If I want to start a journal, I'm going to have to work extra hard not to look fake.
FTFY. It won't matter if you're in Pune or Kazachstan. Your actions define the result.
I don't understand why this's a problem. There's been vanity publishers out there ever since Gutenberg, and perhaps before. If you're a researcher wanting to publish results, it'd be pretty sad if you couldn't also research publishers first to do it.
Wouldn't you try a test run on one user account before letting it fly for all users?
I'm pretty much constantly amazed at what crap manages to be considered "competent IT staff" these days. This's at one of the biggest names out there too. There's a lot of blame to pass around here, from HR (for suggesting them), to management (for hiring them), to the drone who did this without bothering to first get their ducks in a row (research the problem maybe?). Then there's the moving from gmail to Yahoo bit. Wouldn't anyone be better than Yahoo, just based on their press over the last few years? Who made that ridiculous decision?
They haven't released much that's at all memorable in ten to fifteen years, yet they're only now being handed pink slips? Way to screw the pooch! I'm impressed! How do we find sinecures like that, or do they only exist in corporate boards of directors these days? Fifteen years of no, "What have you done for us lately?", and they got away with it (no lawsuits & etc)? That's pretty amazing.
We need another Eisenhower... He stood up to NK/China and put in place the armistise that survived until Lil Kim got ahold of it just now.
That's news to me. I thought it was the Truman-MacArthur show.
We probably have a nuclear sub or 2 off the cost. We could empty all tubes on NK and level the country.
Murdering millions of innocent non-combattant peasants, nice. I thought Milosevic was dead. See you at the Hague when you're done, ASSHOLE!
That something like this even comes to court.
What's sad is something like this was awarded a patent. I have two (physical) slide to unlock buttons on the base of my laptop. Why were they awarded a patent for doing the same in software?!? How much time, money, and effort has that stupid decision sucked out of the numerous justice systems where this raised its head?
Any laws that apply to individuals should also apply to large organizations.
Dreamer.
Sue them into the weeds. If your employer will not then try suing them yourself.
The judge, if s/he's in a good mood, is going to laugh that out of court. These aren't his systems. They're his employers' systems. He has no standing.
Make no mistake. They would have you for lunch if you hacked them.
True enough.
Why did you feel the need to re-post this as AC?
I also find it funny how hypocritical slashdot is about public transportation. Slashdot group think says it's not ok to charge for access to articles and court documents because they were paid with tax payer money. But with public transportation, tax payers pay for he trains, roads, railroads, buses, etc...
Taxpayers pay for building/enabling them, to get other drivers off the road network. How selfish of them!!!111
Then, the people who actually use them pay for upkeep/maintenance, so they don't have to subject themselves to the road network. How selfish of them!!!111
The only Slashdot group think there is is inside "shallow as a pane of glass" intellects such as yours.
... officials of Microsoft, which designed the system with the New York Police Department ...
Microsoft has such a stellar record wrt security. What nitwit fell for those fools' marketing shpiel?
I can almost see members of Anonymous fighting each other to get to the head of the line to break into this thing and post the results on YouTube.
You travel to work in a tank, and have a fully armored environmental suit on at all times right?
That's the best description of *nix I've seen in a while, thanks.
Because anyone can walk up to you and show you how vulnerable you are at any time.
I've no doubt they try. So far, so good. What'd you pay for that foot high walled garden you put your trust in?
What harm can there be by getting rid of such people rather than having to constantly spend our time and money to undo what they have done?
If you're constantly spending time and money undoing what they've done, you're doin' it wrong. You're saying the wall around the Walled Garden is one foot high. People like this are doing you a service showing you how vulnerable you really are.
Obviously they have made the choice to not live within the common bounds of society ...
Somebody needs to read Thoreau.
The guilty should live if for no other reason than to suffer the ridicule ...
Ridicule? $10,000/day and more than half a million computers pwned, he succeeded way beyond his wildest dreams! We can only dream about making a mark that big. No, I don't like malware and spam, but I do appreciate he did what he set out to do, spectacularly. Had I chosen that as a goal, I'd be beaming with pride right now.