Thanks for the link. It's a nice place for people who are unaware of the issues to start learning the practicalities of it all. I can't go to Anonymizer from work or I'd provide you the link, but there's a big catch here.
If you poke around their site, they make it clear that they cooperate with law enforcement. If they're served, they'll turn over all they know on you and help law enforcement collect data on your usage on an ongoing basis. IOW, they're worthless in the big sense. They might protect you from casually being snooped by some tech at the ISP, but LE can simply slap some paper on them and all their protection vanishes. And given that Congress can make anything illegal and that everyone is probably breaking some law right now, the need for LE to come up with the paper is reduced to a hollow formality.
Anonymization requires a lot more than this. Those who care about the subject will have to study a lot and will wind up mostly discouraged and certainly inconvenienced. It's not as simple as sending off your credit card number to some company and installing their software. I wish it were that simple.
If you care about anonymity, you can use Tor, Freenet, open proxies, chained proxies, and more. You can keep a clean laptop and only use it at free public hotspots. You can do all sorts of things that make you effectively anonymous but make using this big old network so inconvenient and slow it's no longer worth the trouble. Or you can do less, be less anonymous, and keep a usable online experience. It's up to you to draw the line.
Most people, unfortunately, don't have a glimmer of a clue of what they need to know to figure out where to draw that line. I've studied the subject quite a bit and I'm not filled with confidence in my level of expertise. I don't know whether to pity or envy the average Joe who exists in a state of blissful ignorance.
you probably have a very limited number of devices that go in and out your door.
About 80% of our computers go out the door. They are laptops issued to field agents, special agents, and officers, as well as a smattering of appraisers, engineers, analysts, and more. The whole disk encryption things is going to be very big for us. It might be easy if it gets well thought through before implementation. It might be a nightmare. I'm uneasy about the near future.
Why would this data be on a laptop in transit in the first place?
Pick any very large corporation that provides any measure of benefits for employees. Chances are good, if that corp is big enough, that it's currently under some kind of audit by the Internal Revenue Service. If so, there's a strong possibility that some portion of the examination is looking at the benefits plans provided to the the employees. In that case, there is a laptop at the IRS, belonging to the Employee Plans Revenue Agent on the case, that contains the W-2 records of every single employee of that corporation for the last several years. That data is being poured into spreadsheets, analyzed, and moved around every which way. The one I installed yesterday had about 3.5 uncompressed CDs worth of data just to contain the wage data of the single primary taxpayer under examination.
Yeah, there's plenty of reason for sensitive but unclassified data to be sitting on a laptop being carried around the country by an Agent. Happens all the time, and justifiably so.
BTW, such data is required to be kept in an EFS folder at all times. That keeps it fairly safe, I'd say. It's certainly safe from the average idiot who breaks into your trunk and steals your laptop case while you're out in the field, eating lunch at some restaurant. And that, btw, is the single most common data loss scenario I've run across in the last half-dozen years.
I work for a large TLA. Generally, our security is pretty good. Fire up a wireless access point in the building (or try to; they won't actually connect to anything) and guys with guns and a laptop running Fedora Core and some scanning software will be walking your floor in short order. I had to carry a couple of them around yesterday while we tried to track down a signal that we finally decided was coming from outside. Last time I saw them, the guys with guns were walking the parking lot, looking for someone with a laptop who shouldn't be there.
We also use encrypted VPN tunnels for remote access and, by default, require all data categorized "sensitive but unclassified" and above to be kept in encrypted folders. As a nearly all-XP shop, that generally means EFS.
I would imagine that we're on par with or better than most agencies. But getting that last little bit, getting into full compliance with these requirements is almost certainly going to require whole-disk encryption.
We can do that in hardware or software. Anybody have any thoughts on the best way to implement whole disk encryption on 100,000 computers in a short time frame? That's both a serious question and a problem statement; any insight into how you do it at your big corp/gov entity would be much appreciated.
Floppies? I still flash BIOSes with them. I use them in an old Sony Mavica. But that's not much and they're becoming less and less relevant daily, so your point is well taken.
Of course, there are other reasons. In my case, I still use reel-to-reel tape (Yes, I'm an old fart) so I wouldn't do it. I also spend a lot of time with bare hard drives and USB drives in my hands and the magnet in those rings is incredibly powerful; I wouldn't risk it. Still, one of those wonderful Smith and Wesson Performance Center 627s, the 8-shot snubby version, with a MagnaTrigger conversion would make for one fine, fine carry gun. If I ever dump my reel-to-reel collection, I just might take the plunge.
The best way to prevent accidental firing of a gun is to outlaw them completely, like here in the UK
By the way, how is that working out? (snicker, snicker)
Oh, yeah, and also by the way, how's the training going for your Olympic pistol team that can't train at home because pistols are illegal? And how are you looking forward to those London Olympics, prior to which your government is going to have to deal with either changing the laws or telling the Olympics to, at least in part, piss off since several events are illegal on your soil?
The fingerprint system and the ID ring system are already working examples of "smart guns". One gun fingerprints you, the other makes sure you are wearing a uniqe ring with some sort of RFID tag in it. These seam to be as simple as an owner-fire-only system you can get.
I disagree. The fingerprint prototypes are vaporware. Believe me, you'll hear about it when they become viable commercial products because the state of New Jersey has put some really silly laws on the books that will mandate their exclusive use in certain situations three years (IIRC) after they hit the market. As yet, that hasn't happened.
I'm not aware of the RFID ring system. First, the NJ laws would be triggered by it. Second, I think you actually have in mind the MagnaTrigger conversion, a viable product for about the last 4 decades or more. You can look at the Tarnhelm web site for more information.
I like the idea, but the big problem I have with the MagnaTrigger is that wearing a powerful magnet on your hand all the time means you can't pick up a floppy without risking killing it. Ditto for the USB hard drives I regularly use. The MagnaTrigger works great if you never touch magnetic media, though. I think that rules out me and most Slashdotters.
Not a problem. The GP post got it wrong; they aren't RFID rings. He's thinking of the MagnaTrigger conversion, a viable product for about the last 4 decades or more. Replacement rings are available. You can look at the Tarnhelm web site for more information.
The big problem I have with the MagnaTrigger is that wearing a powerful magnet on your hand all the time means you can't pick up a floppy without risking killing it. Ditto for the USB hard drives I regularly use. The MagnaTrigger works great if you never touch magnetic media, though. I think that rules out most Slashdotters.
No, not the Peoples Republik of Kalifornia, much as it may seem out of character for them to be behind the curve on this one. The state in question is New Jersey and the law won't kick in until a few years after such products become commercially available. The problems with this law are just too many for me to spend my morning listing, but at least it won't come to a head for a few more years.
Feel free to call Seagate presales support and ask about drive availability for Momentus drives with Full Disk Encryption. Despite the kludged setup shown at CeBit, there is no current BIOS that can talk to this drive. The hardware is unavailable and will only become available with laptops from big manufacturers at some point in the future. The guy I just talked to said "2 months, 6 months, who knows?"
Note also that this thing has already been announced for a solid year. Even if you had one, you wouldn't be able to slap it into an existing machine and make it work.
Luckily, there are alternatives. Not so luckily, they are ridiculously expensive - on the order of USD$600 for a 60 gig drive. There are also inline encryption modules that may or may not be secure, but good luck getting your hands on one to test.
I've been trying to source product in this sector for months. When I finally have some success, maybe I'll submit an article. Until then, I'll just leave it at this: "Full disk encryption in hardware is impractical and hard for an individual. Governments and the military are another story."
If you're really interested, poke around in the "request for proposal" sites in the.mil domain and see what sort of stuff the military is buying. Fascinating stuff.
Absolutely. I'm glad that was your first response. It's not hard to follow the rules but trying to fudge even one little thing is an invitation to disaster.
Protect your investment and get a GOOD case.
Again, great advice. I spent more money on my primary traveling case than most people spend on a gun. I recommend Bear Track cases (which seem to be about the best currently on the market for this particular application) and Kalispel Case Line (which I fell in love with back in the 1980s when our Olympic shooting team was using them and I spent some time handling their guns). There are some others whose lineage is mostly from camera cases and they can be good, but don't scrimp on the case.
While I was there, a baggage handler was shot in the leg with a shotgun due to mishandling.
How did that happen? I didn't think that was possible. As a part of check-in, unless something has changed recently, the owner of a firearm is supposed to demonstrate that it's unloaded and unable to fire. (I travel with my guns partially disassembled for this reason.) That's a part of the process usually accomplished at the time I get my firearms ID tag at the front counter. Did some check-in person screw up and skip that part of the procedure? Or was someone trying to check through a firearm without declaring it?
TSA approved locks are "okay" but I would recommend a master lock. Simply put, a TSA approved lock is one that the TSA has ample copies of the key for that lock. While it's nice in the sense that it prevents them from having to cut it off, you will have almost no other indication that the bag was opened unless they left the TSA notice inside
You're right, but it goes further than that. It can be argued (and I take the position) that the FAA regs prohibit the use of a TSA approved lock on a gun case. The regs require that the case be locked and that only the passenger have the key. If you use a TSA lock, you don't meet that requirement. The last time I checked, the wording was muddy and open to interpretation. Also, it's been a while since I checked. My default position, however, is that I want them to come get me if they want to open my case.
Oh yeah, all ammunition should be in the factory container. TSA people are STUPID. Even if it's a really cool and safe ammo box designed for travel and the utmost safety.
This is the only thing that really bothers me. I comply, but it bothers me. Why? Because *I* am the manufacturer of my ammunition and, therefore, under the rules, I should be able to pack it in any container I want. That, however, would require screeners to do some thinking. I prefer to not require that of them and I put my handloaded ammunition in "factory" containers, even though those containers are far less safe than anything I would normally use. As consolation, those containers are usually lighter than what I would use, so I can pack more ammo and stay under the 5kg limit. (Actually, in the U.S., most carriers state "11 pounds." I'm not going to argue with them over the difference. I just make sure I'm well under the ammo weight limit. Often, that means separately shipping my ammunition.)
Thanks for the enlightening comments. It's nice to hear from the other side.
Damned straight Waco didn't involve firearm rights... It involved nothing short of Janet Reno proving she had a bigger pair than some goddamned hippy who still believed in the bill of rights.
Not really.
At the time, I worked for another agency out of the same building as the Houston ATF. I knew one of the SAs killed. He was a decent guy, which means he stuck out like a sore thumb in that group of cowboys.
The ATF was facing a budget crunch. They had done lots of mean-spirited things to FFL holders over the years and political pressure had been brought to bear. They had rightfully earned a reputation as being less than professional in many of their dealings. (Remember back when, as punishment for their transgressions, Congress was considering forcing ATF to be absorbed by either the Secret Service or the FBI and both those agencies threw a fit because they didn't want to deal with an influx of, frankly, the bottom of the barrel of Federal LEOs?) In that climate, they needed something splashy to get them press coverage as competent professionals. That's why they allowed a news crew to tag along. If the raid had gone well, there would have been dramatic pictures of lots of seized weapons along with "rescued" women and children looking pitiful. They would have forced their critics to shut up for a while.
Obviously, it didn't work out that way.
In the aftermath, it was pretty easy to see that the warrant was crap. In the aftermath, it was obvious that actually *choosing* to do a high-tension raid on a facility where you'll be greatly outnumbered and there will be loads of innocent women and children walking around is just, frankly, stupid. In the aftermath, it ultimately became clear that even the FBI's vaunted HRT was unable to grok the situation; religious fundamentalists require a somewhat different negotiation strategy than common criminals and having your negotiator promise a cease-fire and cooling off period while simultaneously letting your tanks demolish all their cars, ATVs, farming tools, etc. tends to be a non-productive approach to the problem.
In the aftermath, a bunch of little kids wound up dead.
Still, it worked. The ATF managed to gain sympathy for their dead. Even LEOs from other agencies who had absolutely zero respect for the ATF and their SAs wouldn't speak ill of them. Fraternity, you know, is far more important than integrity to LEOs. They managed to remain a separate agency. They kept their budget. The raid was a success.
Sometimes you have no choice. I fly with firearms with some frequency. I don't have problems because I get there early, early, early. I hang around where I can be easily found to open my luggage. So far I haven't had any problems.
(Is this where I knock on wood?)
So what was it like for you, as a TSA screener, to inspect firearms? Anything special I should know?
I know you're kidding, but let's see how many examples we can think up where a law gets passed for one reason or with various promises that don't stand the test of time.
Here's one - In Texas, when the mandatory seat belt law was passed, it was stressed that no one would ever be pulled over just for something as trivial as not having a seat belt on. If you wanted to take risks with your own life, that was none of the govts business, said the legislators who needed votes from other legislators who represented the various "we want the dadgum guvment outta our lives" parts of the state. Within a week I saw a television interview with a Houston cop who was absolutely gleeful that this was another way he could get probable cause to pull over anyone whose looks he didn't like. He specifically called the law an "excuse" to pull people over. That was years ago. Today, we're in the middle of a statewide "Click It or Ticket" campaign of strict seat belt enforcement, complete with $200 fines for not being buckled in.
...the system would need extensive testing before she would be willing to ride in a fly-by-wireless plane.
I think that qualifies for understatement of the year.
Indiscriminate jamming isn't difficult. I used to hang out with a ham operator so old he had a 4-digit license. The guy had leydon jars made from all manner of old glass containers. He used to cackle with glee after applying the juice for a half-minute or so, then brag about how he had knocked out every TV and radio within a mile. I don't know about the range, but he sure managed to kill the TV and radio in his house by doing that. The point is that relying on wireless anything to stand between me and a flying machine suddenly dropping out of the sky strikes me (bad pun, I know) as a tad foolish.
Now, for deployment of cheaper, small drones in war zones against unsophisticated opponents, this might be a good strategy for making things more affordable. But for anything we might conceive of, today, as an "airplane," I just don't see it. I hope they get the problems worked out. That's what research is for and some really neat things might result. But my first reaction is pretty negative; it's just a weird idea. And it's posted right above a story on "Wireless Security Attacks and Defenses," fer Chrissakes!
On a larger scale, the complete decision making process of the computer infrastructure may be entirely out of the hands of the people who are actually knowledgable about it (and who will actually be doing the work!).
I will forever keep and cherish the emails that were posted to our in-house mailing list for techs a while back. The list is for people who actually do the work of making all our tools function. The people who actually spend billions on those tools aren't even aware it exists and would be very afraid of the technical expertise found there if they were to accidentally wander in.
A while back, some questions about wireless security policy and implementations came up. Some joker, I still don't know who, cc'd one of our executives who will be making the decisions on this issue in the future. I can picture this exec in his expensive suit, trailing an entourage, but that's just a fantasy. I don't know if it's true. What I *do* know is true is that the guy is a Blackberry addict. He answered the mail via his Blackberry. I don't think he could see everyone on his little screen. Literally dozens of people and a couple of lists with hundreds of subscribers were involved in what was a quite interesting blend of nitty-gritty tech and public policy.
Y'know, what? Every single email this guy posted (and he sent one every couple of hours) was along the lines of "Yes, we must be very careful and study this extensively." He had absolutely nothing to add. He was just making sure everyone knew he was around and didn't forget that he was in charge. Worse, he managed to reply specifically to some of the more clueless, technically wrong postings in agreement and it was obvious he was doing so simply because those postings were coming from middle managers who were throwing around the right buzzwords/executive jargon. It was totally freaking hilarious.
Then someone apparently told him he was showing his ignorance to a large group of people who could actually tell he had no idea what he was talking about. The Blackberry emails stopped suddenly.
...but not completely. There's a saying where I live that the County Prosecutor can get a grand jury to indict a ham sandwich. Any grand jury that doesn't do exactly what the prosecutor wants will find itself the subject of a carefully orchestrated smear campaign, complete with local news stories (planted by guess who) investigating the problem of "runaway grand juries."
My point is that prosecutors have a lot of power and any public servant with lots of power should always be willing to step outside the game and do what's right before they start punishing people. And yes, prosecutors punish people long before trials happen before supposedly impartial judges. Just being indicted for a serious crime, something the prosecution does essentially without oversight, is usually a life-wrecking event no matter how innocent the accused. Normally, prosecutors who exercise their power with an eye toward justice, declining to prosecute marginal cases or cases where a bad law could be enforced, wind up simultaneously serving two goals: they serve their public mandate and they don't wind up looking like idiots in the end.
In this case, the prosecution actually did something that was right and sacrificed a little of the "We're perfect" vibe they normally work so hard to maintain. I simply chose to think less of them for being so slow to reach the conclusion such was the right thing to do. By being so slow to act, they have punished someone who ought not to have been punished.
The first impression is that this is really weird. Prosecutors, at least in my neck of the woods, don't give two shits about justice or truth. They just want convictions. Do we actually have a prosecutor somewhere with integrity? How many times has hell frozen over this month?
Take a minute to think about it, though, and things change. Prosecutors still just want convictions that stand on appeal. In this case, the conviction was eventually going to get tossed, so the prosecution gets to look like a hero by bailing out early.
As usual, what at first blush appears to be a noble action by a public servant turns out to be self-serving. There is still no chance of a prosecutor having integrity. All is, again, right with the world.
I doubt there's a "typical" user, but I like it. I was a SCO OSR sysadmin for years before my organization moved on. So I like Unix and at one point thought I'd be happy with multiple terminal sessions for the rest of my life. However, work has taken me to Windows and it's OK. I've continued to dabble with various Linux distros and I always have a machine at home that I enjoy installing new stuff on. When things are slow at work, I'll take some hardware out of spares and do stuff like set up an OpenBSD machine just for grins like I did a couple of weeks ago.
I've tried all kinds of things. (Ubuntu is nice, btw. QNX was fun, too.) A long time ago I decided that I would eventually move off of Windows completely at home. I'm just tired of malicious content out there in the ether and I'd like a system that makes it easier to handle. I also want something that is inexpensive since my home computers are a minor hobby and tools for simple daily tasks, not something I want to spend much money on. So I want quality and ease and I'm not willing to work hard enough to be leet. And I don't care about that, anyway.
So a while back I tried PC-BSD. I loved it. Easy, stable, and it had nearly all the software I could want (my needs are modest; others should check the list of PBIs before taking the plunge) in their PBI format that installs just as easy as Windows. I decided then that I would try to migrate to PC-BSD for all my home uses.
Last weekend I started cleaning up. I pulled my last 11 hard drives off the storage shelf and copied all the data I wanted to keep from 10 of them onto my current Windows system. I'll get that last one done, as well as the two in my current backup system, this coming weekend. Then I'll put the biggest drive I have in that backup system and install PC-BSD.
Eventually, I'll sift through and delete all the redundant and useless data on my current Windows machine and move it to the PC-BSD machine and an external drive. I'll also make sure a couple of peripherals, specifically a scanner, are working right under PC-BSD. When that's done, my current Windows machine will be reformatted and PC-BSD installed. I'll have two PC-BSD machines, one for me and one for the rest of the family.
PC-BSD is the first OS/distro I've found that has inspired me to take the concrete steps required to abandon Windows at home. (And, believe me, installing/copying/wiping 10 drives over a weekend definitely qualifies as a major step toward change!) That's about as solid an endorsement as I can make.
The only thing I see lacking is a useful whole-disk encryption scheme that works with PC-BSD. (Then again, I haven't done much research, yet.) Right now I use the PGP Whole Disk Encryption product on my Windows machine and I'd really hate to give that up. Anybody have any thoughts on that?
It was called the ThinkNIC. Nowadays, the domain isn't even active anymore, but you can google for info if you like. I still have one; it was my moms first computer. She loved it, she couldn't screw it up, and it never broke.
Sometimes good ideas just don't get the traction they deserve.
of Slashdrones denouncing Dvorak as a troll. Well, that might be right, but he's a successful troll. You can only accomplish that if you put enough truth and insight, wacky and wrongheaded though it may eventually turn out to be, into your communications as to make for interesting reading. Dvorak does that.
Take this article. I don't know about all the reasons. For example, I'm not a gamer so I don't know crap about the 360. But there's something here for everyone. He says that Vista OS and Office 2007 will be problematic letdowns. He says MSN and the MSN Search Engine are essentially useless. He points out an abandoned former focus, pad-based computing. Is there anything there that's really all that nuts?
No, there isn't. But then, like a good troll who has thrown out a couple of interesting statements to which nearly everyone can say "He's got a point," he then moves on to the provocation - Preoccupation with Google. He calls it a distraction. He tosses out opinions like they're facts. No matter how you view the relationship between Google and MS, there's something in that paragraph to disagree with.
Thus, conversation ensues. Slashdot stories get posted. Traffic gets created.
The man is a damn good troll and he deserves far more props (for that) than he gets around here.
No, that's where the scaremongering comes in. Some transactions (and the myriad rules on such subjects are what keeps tax lawyers employed) are taxable when they occur, not when you finally cash out. So if you earn some magic sword that you could sell for USD$5K real-world dollars, it may be the case that you should be taxed on that USD$5K of income right now, before you sell it. Maybe.
Until such transactions become commonplace, however, nobody's going to go to the trouble of figuring all this out. For now, if people just report their earning when they cash out and pay their taxes accordingly, I feel sure it'll be years before the issue comes to a head, if ever. No one at the IRS wants to deal with that kind of complexity if they don't have to so no one is motivated to get all technical on the subject.
Now, if we find ourselves in a situation where large numbers of people are making serious money and trying to avoid taxes, then all bets are off and the IRS could come down on the whole thing pretty hard. I just don't see that happening.
Taxing in-game earnings has come up before and it'll come up again. In the U.S., the Internal Revenue Service will eventually take notice of the phenomena when someone who makes lots of real-world money by selling virtual goods gets audited by an ambitous Revenue Agent. Until then, unless you're actually converting virtual goods into real greenbacks, there's not much to say on the subject. Any scaremongering about taxable events occurring inside a game is just FUD. It may be fun to talk about, but I notice that no one has yet made the news after obtaining a private letter ruling. Until someone sparks a written determination from the IRS, this is really a non-issue. Someday it'll be an issue, but not for a while.
The biggest problem with Netflix is time. Like most folks, I figured to sign up, watch movies quickly, and really get my moneys worth. It doesn't work out that way. Just because "Teenage Exorcist" is waiting in my mailbox when I get home doesn't mean that I'm going to feel like watching it tonite. Recently, I've gone through nearly three busy weeks when I haven't had time and haven't been in the mood to watch a movie. At that point, my subscription isn't very cost-effective.
I'll keep subscribing for now, but I may just be one more watching-mood-drought away from cancellation. What would really keep me as a customer is someone who could offer high quality and fast downloads for a buck or two. Then I could buy on a whim and get exactly what I'm in the mood for instead of picking from among the three Netflix envelopes on the kitchen table that just happened to be fairly close to the top of my queue but aren't *precisely* what I want tonite.
Slashdot Mirror
Thanks for the link. It's a nice place for people who are unaware of the issues to start learning the practicalities of it all. I can't go to Anonymizer from work or I'd provide you the link, but there's a big catch here.
If you poke around their site, they make it clear that they cooperate with law enforcement. If they're served, they'll turn over all they know on you and help law enforcement collect data on your usage on an ongoing basis. IOW, they're worthless in the big sense. They might protect you from casually being snooped by some tech at the ISP, but LE can simply slap some paper on them and all their protection vanishes. And given that Congress can make anything illegal and that everyone is probably breaking some law right now, the need for LE to come up with the paper is reduced to a hollow formality.
Anonymization requires a lot more than this. Those who care about the subject will have to study a lot and will wind up mostly discouraged and certainly inconvenienced. It's not as simple as sending off your credit card number to some company and installing their software. I wish it were that simple.
If you care about anonymity, you can use Tor, Freenet, open proxies, chained proxies, and more. You can keep a clean laptop and only use it at free public hotspots. You can do all sorts of things that make you effectively anonymous but make using this big old network so inconvenient and slow it's no longer worth the trouble. Or you can do less, be less anonymous, and keep a usable online experience. It's up to you to draw the line.
Most people, unfortunately, don't have a glimmer of a clue of what they need to know to figure out where to draw that line. I've studied the subject quite a bit and I'm not filled with confidence in my level of expertise. I don't know whether to pity or envy the average Joe who exists in a state of blissful ignorance.
About 80% of our computers go out the door. They are laptops issued to field agents, special agents, and officers, as well as a smattering of appraisers, engineers, analysts, and more. The whole disk encryption things is going to be very big for us. It might be easy if it gets well thought through before implementation. It might be a nightmare. I'm uneasy about the near future.
Pick any very large corporation that provides any measure of benefits for employees. Chances are good, if that corp is big enough, that it's currently under some kind of audit by the Internal Revenue Service. If so, there's a strong possibility that some portion of the examination is looking at the benefits plans provided to the the employees. In that case, there is a laptop at the IRS, belonging to the Employee Plans Revenue Agent on the case, that contains the W-2 records of every single employee of that corporation for the last several years. That data is being poured into spreadsheets, analyzed, and moved around every which way. The one I installed yesterday had about 3.5 uncompressed CDs worth of data just to contain the wage data of the single primary taxpayer under examination.
Yeah, there's plenty of reason for sensitive but unclassified data to be sitting on a laptop being carried around the country by an Agent. Happens all the time, and justifiably so.
BTW, such data is required to be kept in an EFS folder at all times. That keeps it fairly safe, I'd say. It's certainly safe from the average idiot who breaks into your trunk and steals your laptop case while you're out in the field, eating lunch at some restaurant. And that, btw, is the single most common data loss scenario I've run across in the last half-dozen years.
I work for a large TLA. Generally, our security is pretty good. Fire up a wireless access point in the building (or try to; they won't actually connect to anything) and guys with guns and a laptop running Fedora Core and some scanning software will be walking your floor in short order. I had to carry a couple of them around yesterday while we tried to track down a signal that we finally decided was coming from outside. Last time I saw them, the guys with guns were walking the parking lot, looking for someone with a laptop who shouldn't be there.
We also use encrypted VPN tunnels for remote access and, by default, require all data categorized "sensitive but unclassified" and above to be kept in encrypted folders. As a nearly all-XP shop, that generally means EFS.
I would imagine that we're on par with or better than most agencies. But getting that last little bit, getting into full compliance with these requirements is almost certainly going to require whole-disk encryption.
We can do that in hardware or software. Anybody have any thoughts on the best way to implement whole disk encryption on 100,000 computers in a short time frame? That's both a serious question and a problem statement; any insight into how you do it at your big corp/gov entity would be much appreciated.
Floppies? I still flash BIOSes with them. I use them in an old Sony Mavica. But that's not much and they're becoming less and less relevant daily, so your point is well taken.
Of course, there are other reasons. In my case, I still use reel-to-reel tape (Yes, I'm an old fart) so I wouldn't do it. I also spend a lot of time with bare hard drives and USB drives in my hands and the magnet in those rings is incredibly powerful; I wouldn't risk it. Still, one of those wonderful Smith and Wesson Performance Center 627s, the 8-shot snubby version, with a MagnaTrigger conversion would make for one fine, fine carry gun. If I ever dump my reel-to-reel collection, I just might take the plunge.
By the way, how is that working out? (snicker, snicker)
Oh, yeah, and also by the way, how's the training going for your Olympic pistol team that can't train at home because pistols are illegal? And how are you looking forward to those London Olympics, prior to which your government is going to have to deal with either changing the laws or telling the Olympics to, at least in part, piss off since several events are illegal on your soil?
Do you enjoy looking like idiots?
I disagree. The fingerprint prototypes are vaporware. Believe me, you'll hear about it when they become viable commercial products because the state of New Jersey has put some really silly laws on the books that will mandate their exclusive use in certain situations three years (IIRC) after they hit the market. As yet, that hasn't happened.
I'm not aware of the RFID ring system. First, the NJ laws would be triggered by it. Second, I think you actually have in mind the MagnaTrigger conversion, a viable product for about the last 4 decades or more. You can look at the Tarnhelm web site for more information.
I like the idea, but the big problem I have with the MagnaTrigger is that wearing a powerful magnet on your hand all the time means you can't pick up a floppy without risking killing it. Ditto for the USB hard drives I regularly use. The MagnaTrigger works great if you never touch magnetic media, though. I think that rules out me and most Slashdotters.
Not a problem. The GP post got it wrong; they aren't RFID rings. He's thinking of the MagnaTrigger conversion, a viable product for about the last 4 decades or more. Replacement rings are available. You can look at the Tarnhelm web site for more information.
The big problem I have with the MagnaTrigger is that wearing a powerful magnet on your hand all the time means you can't pick up a floppy without risking killing it. Ditto for the USB hard drives I regularly use. The MagnaTrigger works great if you never touch magnetic media, though. I think that rules out most Slashdotters.
No, not the Peoples Republik of Kalifornia, much as it may seem out of character for them to be behind the curve on this one. The state in question is New Jersey and the law won't kick in until a few years after such products become commercially available. The problems with this law are just too many for me to spend my morning listing, but at least it won't come to a head for a few more years.
No, you don't.
Feel free to call Seagate presales support and ask about drive availability for Momentus drives with Full Disk Encryption. Despite the kludged setup shown at CeBit, there is no current BIOS that can talk to this drive. The hardware is unavailable and will only become available with laptops from big manufacturers at some point in the future. The guy I just talked to said "2 months, 6 months, who knows?"
.mil domain and see what sort of stuff the military is buying. Fascinating stuff.
Note also that this thing has already been announced for a solid year. Even if you had one, you wouldn't be able to slap it into an existing machine and make it work.
Luckily, there are alternatives. Not so luckily, they are ridiculously expensive - on the order of USD$600 for a 60 gig drive. There are also inline encryption modules that may or may not be secure, but good luck getting your hands on one to test.
I've been trying to source product in this sector for months. When I finally have some success, maybe I'll submit an article. Until then, I'll just leave it at this: "Full disk encryption in hardware is impractical and hard for an individual. Governments and the military are another story."
If you're really interested, poke around in the "request for proposal" sites in the
Absolutely. I'm glad that was your first response. It's not hard to follow the rules but trying to fudge even one little thing is an invitation to disaster.
Again, great advice. I spent more money on my primary traveling case than most people spend on a gun. I recommend Bear Track cases (which seem to be about the best currently on the market for this particular application) and Kalispel Case Line (which I fell in love with back in the 1980s when our Olympic shooting team was using them and I spent some time handling their guns). There are some others whose lineage is mostly from camera cases and they can be good, but don't scrimp on the case.
How did that happen? I didn't think that was possible. As a part of check-in, unless something has changed recently, the owner of a firearm is supposed to demonstrate that it's unloaded and unable to fire. (I travel with my guns partially disassembled for this reason.) That's a part of the process usually accomplished at the time I get my firearms ID tag at the front counter. Did some check-in person screw up and skip that part of the procedure? Or was someone trying to check through a firearm without declaring it?
You're right, but it goes further than that. It can be argued (and I take the position) that the FAA regs prohibit the use of a TSA approved lock on a gun case. The regs require that the case be locked and that only the passenger have the key. If you use a TSA lock, you don't meet that requirement. The last time I checked, the wording was muddy and open to interpretation. Also, it's been a while since I checked. My default position, however, is that I want them to come get me if they want to open my case.
This is the only thing that really bothers me. I comply, but it bothers me. Why? Because *I* am the manufacturer of my ammunition and, therefore, under the rules, I should be able to pack it in any container I want. That, however, would require screeners to do some thinking. I prefer to not require that of them and I put my handloaded ammunition in "factory" containers, even though those containers are far less safe than anything I would normally use. As consolation, those containers are usually lighter than what I would use, so I can pack more ammo and stay under the 5kg limit. (Actually, in the U.S., most carriers state "11 pounds." I'm not going to argue with them over the difference. I just make sure I'm well under the ammo weight limit. Often, that means separately shipping my ammunition.)
Thanks for the enlightening comments. It's nice to hear from the other side.
Not really.
At the time, I worked for another agency out of the same building as the Houston ATF. I knew one of the SAs killed. He was a decent guy, which means he stuck out like a sore thumb in that group of cowboys.
The ATF was facing a budget crunch. They had done lots of mean-spirited things to FFL holders over the years and political pressure had been brought to bear. They had rightfully earned a reputation as being less than professional in many of their dealings. (Remember back when, as punishment for their transgressions, Congress was considering forcing ATF to be absorbed by either the Secret Service or the FBI and both those agencies threw a fit because they didn't want to deal with an influx of, frankly, the bottom of the barrel of Federal LEOs?) In that climate, they needed something splashy to get them press coverage as competent professionals. That's why they allowed a news crew to tag along. If the raid had gone well, there would have been dramatic pictures of lots of seized weapons along with "rescued" women and children looking pitiful. They would have forced their critics to shut up for a while.
Obviously, it didn't work out that way.
In the aftermath, it was pretty easy to see that the warrant was crap. In the aftermath, it was obvious that actually *choosing* to do a high-tension raid on a facility where you'll be greatly outnumbered and there will be loads of innocent women and children walking around is just, frankly, stupid. In the aftermath, it ultimately became clear that even the FBI's vaunted HRT was unable to grok the situation; religious fundamentalists require a somewhat different negotiation strategy than common criminals and having your negotiator promise a cease-fire and cooling off period while simultaneously letting your tanks demolish all their cars, ATVs, farming tools, etc. tends to be a non-productive approach to the problem.
In the aftermath, a bunch of little kids wound up dead.
Still, it worked. The ATF managed to gain sympathy for their dead. Even LEOs from other agencies who had absolutely zero respect for the ATF and their SAs wouldn't speak ill of them. Fraternity, you know, is far more important than integrity to LEOs. They managed to remain a separate agency. They kept their budget. The raid was a success.
And those little kids stayed just as dead.
Sometimes you have no choice. I fly with firearms with some frequency. I don't have problems because I get there early, early, early. I hang around where I can be easily found to open my luggage. So far I haven't had any problems.
(Is this where I knock on wood?)
So what was it like for you, as a TSA screener, to inspect firearms? Anything special I should know?
I know you're kidding, but let's see how many examples we can think up where a law gets passed for one reason or with various promises that don't stand the test of time.
Here's one - In Texas, when the mandatory seat belt law was passed, it was stressed that no one would ever be pulled over just for something as trivial as not having a seat belt on. If you wanted to take risks with your own life, that was none of the govts business, said the legislators who needed votes from other legislators who represented the various "we want the dadgum guvment outta our lives" parts of the state. Within a week I saw a television interview with a Houston cop who was absolutely gleeful that this was another way he could get probable cause to pull over anyone whose looks he didn't like. He specifically called the law an "excuse" to pull people over. That was years ago. Today, we're in the middle of a statewide "Click It or Ticket" campaign of strict seat belt enforcement, complete with $200 fines for not being buckled in.
The developer says:
I think that qualifies for understatement of the year.
Indiscriminate jamming isn't difficult. I used to hang out with a ham operator so old he had a 4-digit license. The guy had leydon jars made from all manner of old glass containers. He used to cackle with glee after applying the juice for a half-minute or so, then brag about how he had knocked out every TV and radio within a mile. I don't know about the range, but he sure managed to kill the TV and radio in his house by doing that. The point is that relying on wireless anything to stand between me and a flying machine suddenly dropping out of the sky strikes me (bad pun, I know) as a tad foolish.
Now, for deployment of cheaper, small drones in war zones against unsophisticated opponents, this might be a good strategy for making things more affordable. But for anything we might conceive of, today, as an "airplane," I just don't see it. I hope they get the problems worked out. That's what research is for and some really neat things might result. But my first reaction is pretty negative; it's just a weird idea. And it's posted right above a story on "Wireless Security Attacks and Defenses," fer Chrissakes!
Am I being too shortsighted, here?
I will forever keep and cherish the emails that were posted to our in-house mailing list for techs a while back. The list is for people who actually do the work of making all our tools function. The people who actually spend billions on those tools aren't even aware it exists and would be very afraid of the technical expertise found there if they were to accidentally wander in.
A while back, some questions about wireless security policy and implementations came up. Some joker, I still don't know who, cc'd one of our executives who will be making the decisions on this issue in the future. I can picture this exec in his expensive suit, trailing an entourage, but that's just a fantasy. I don't know if it's true. What I *do* know is true is that the guy is a Blackberry addict. He answered the mail via his Blackberry. I don't think he could see everyone on his little screen. Literally dozens of people and a couple of lists with hundreds of subscribers were involved in what was a quite interesting blend of nitty-gritty tech and public policy.
Y'know, what? Every single email this guy posted (and he sent one every couple of hours) was along the lines of "Yes, we must be very careful and study this extensively." He had absolutely nothing to add. He was just making sure everyone knew he was around and didn't forget that he was in charge. Worse, he managed to reply specifically to some of the more clueless, technically wrong postings in agreement and it was obvious he was doing so simply because those postings were coming from middle managers who were throwing around the right buzzwords/executive jargon. It was totally freaking hilarious.
Then someone apparently told him he was showing his ignorance to a large group of people who could actually tell he had no idea what he was talking about. The Blackberry emails stopped suddenly.
Sad, really. It was fun while it lasted.
...but not completely. There's a saying where I live that the County Prosecutor can get a grand jury to indict a ham sandwich. Any grand jury that doesn't do exactly what the prosecutor wants will find itself the subject of a carefully orchestrated smear campaign, complete with local news stories (planted by guess who) investigating the problem of "runaway grand juries."
My point is that prosecutors have a lot of power and any public servant with lots of power should always be willing to step outside the game and do what's right before they start punishing people. And yes, prosecutors punish people long before trials happen before supposedly impartial judges. Just being indicted for a serious crime, something the prosecution does essentially without oversight, is usually a life-wrecking event no matter how innocent the accused. Normally, prosecutors who exercise their power with an eye toward justice, declining to prosecute marginal cases or cases where a bad law could be enforced, wind up simultaneously serving two goals: they serve their public mandate and they don't wind up looking like idiots in the end.
In this case, the prosecution actually did something that was right and sacrificed a little of the "We're perfect" vibe they normally work so hard to maintain. I simply chose to think less of them for being so slow to reach the conclusion such was the right thing to do. By being so slow to act, they have punished someone who ought not to have been punished.
The first impression is that this is really weird. Prosecutors, at least in my neck of the woods, don't give two shits about justice or truth. They just want convictions. Do we actually have a prosecutor somewhere with integrity? How many times has hell frozen over this month?
Take a minute to think about it, though, and things change. Prosecutors still just want convictions that stand on appeal. In this case, the conviction was eventually going to get tossed, so the prosecution gets to look like a hero by bailing out early.
As usual, what at first blush appears to be a noble action by a public servant turns out to be self-serving. There is still no chance of a prosecutor having integrity. All is, again, right with the world.
I doubt there's a "typical" user, but I like it. I was a SCO OSR sysadmin for years before my organization moved on. So I like Unix and at one point thought I'd be happy with multiple terminal sessions for the rest of my life. However, work has taken me to Windows and it's OK. I've continued to dabble with various Linux distros and I always have a machine at home that I enjoy installing new stuff on. When things are slow at work, I'll take some hardware out of spares and do stuff like set up an OpenBSD machine just for grins like I did a couple of weeks ago.
I've tried all kinds of things. (Ubuntu is nice, btw. QNX was fun, too.) A long time ago I decided that I would eventually move off of Windows completely at home. I'm just tired of malicious content out there in the ether and I'd like a system that makes it easier to handle. I also want something that is inexpensive since my home computers are a minor hobby and tools for simple daily tasks, not something I want to spend much money on. So I want quality and ease and I'm not willing to work hard enough to be leet. And I don't care about that, anyway.
So a while back I tried PC-BSD. I loved it. Easy, stable, and it had nearly all the software I could want (my needs are modest; others should check the list of PBIs before taking the plunge) in their PBI format that installs just as easy as Windows. I decided then that I would try to migrate to PC-BSD for all my home uses.
Last weekend I started cleaning up. I pulled my last 11 hard drives off the storage shelf and copied all the data I wanted to keep from 10 of them onto my current Windows system. I'll get that last one done, as well as the two in my current backup system, this coming weekend. Then I'll put the biggest drive I have in that backup system and install PC-BSD.
Eventually, I'll sift through and delete all the redundant and useless data on my current Windows machine and move it to the PC-BSD machine and an external drive. I'll also make sure a couple of peripherals, specifically a scanner, are working right under PC-BSD. When that's done, my current Windows machine will be reformatted and PC-BSD installed. I'll have two PC-BSD machines, one for me and one for the rest of the family.
PC-BSD is the first OS/distro I've found that has inspired me to take the concrete steps required to abandon Windows at home. (And, believe me, installing/copying/wiping 10 drives over a weekend definitely qualifies as a major step toward change!) That's about as solid an endorsement as I can make.
The only thing I see lacking is a useful whole-disk encryption scheme that works with PC-BSD. (Then again, I haven't done much research, yet.) Right now I use the PGP Whole Disk Encryption product on my Windows machine and I'd really hate to give that up. Anybody have any thoughts on that?
It was called the ThinkNIC. Nowadays, the domain isn't even active anymore, but you can google for info if you like. I still have one; it was my moms first computer. She loved it, she couldn't screw it up, and it never broke.
Sometimes good ideas just don't get the traction they deserve.
of Slashdrones denouncing Dvorak as a troll. Well, that might be right, but he's a successful troll. You can only accomplish that if you put enough truth and insight, wacky and wrongheaded though it may eventually turn out to be, into your communications as to make for interesting reading. Dvorak does that.
Take this article. I don't know about all the reasons. For example, I'm not a gamer so I don't know crap about the 360. But there's something here for everyone. He says that Vista OS and Office 2007 will be problematic letdowns. He says MSN and the MSN Search Engine are essentially useless. He points out an abandoned former focus, pad-based computing. Is there anything there that's really all that nuts?
No, there isn't. But then, like a good troll who has thrown out a couple of interesting statements to which nearly everyone can say "He's got a point," he then moves on to the provocation - Preoccupation with Google. He calls it a distraction. He tosses out opinions like they're facts. No matter how you view the relationship between Google and MS, there's something in that paragraph to disagree with.
Thus, conversation ensues. Slashdot stories get posted. Traffic gets created.
The man is a damn good troll and he deserves far more props (for that) than he gets around here.
No, that's where the scaremongering comes in. Some transactions (and the myriad rules on such subjects are what keeps tax lawyers employed) are taxable when they occur, not when you finally cash out. So if you earn some magic sword that you could sell for USD$5K real-world dollars, it may be the case that you should be taxed on that USD$5K of income right now, before you sell it. Maybe.
Until such transactions become commonplace, however, nobody's going to go to the trouble of figuring all this out. For now, if people just report their earning when they cash out and pay their taxes accordingly, I feel sure it'll be years before the issue comes to a head, if ever. No one at the IRS wants to deal with that kind of complexity if they don't have to so no one is motivated to get all technical on the subject.
Now, if we find ourselves in a situation where large numbers of people are making serious money and trying to avoid taxes, then all bets are off and the IRS could come down on the whole thing pretty hard. I just don't see that happening.
Taxing in-game earnings has come up before and it'll come up again. In the U.S., the Internal Revenue Service will eventually take notice of the phenomena when someone who makes lots of real-world money by selling virtual goods gets audited by an ambitous Revenue Agent. Until then, unless you're actually converting virtual goods into real greenbacks, there's not much to say on the subject. Any scaremongering about taxable events occurring inside a game is just FUD. It may be fun to talk about, but I notice that no one has yet made the news after obtaining a private letter ruling. Until someone sparks a written determination from the IRS, this is really a non-issue. Someday it'll be an issue, but not for a while.
The biggest problem with Netflix is time. Like most folks, I figured to sign up, watch movies quickly, and really get my moneys worth. It doesn't work out that way. Just because "Teenage Exorcist" is waiting in my mailbox when I get home doesn't mean that I'm going to feel like watching it tonite. Recently, I've gone through nearly three busy weeks when I haven't had time and haven't been in the mood to watch a movie. At that point, my subscription isn't very cost-effective.
I'll keep subscribing for now, but I may just be one more watching-mood-drought away from cancellation. What would really keep me as a customer is someone who could offer high quality and fast downloads for a buck or two. Then I could buy on a whim and get exactly what I'm in the mood for instead of picking from among the three Netflix envelopes on the kitchen table that just happened to be fairly close to the top of my queue but aren't *precisely* what I want tonite.