Has anyone come up with a bit torrent client that includes a proxy? When it connects to a tracker, it also connects to a Proxy Tracker, and offers a proxy connection (or more than one) for use. The Proxy Tracker ('PT') then randomly routes one or more of the other client's data connections thru your proxy, and routes your data connections thru other people's proxy connections. Yes, it can be slow, and probably useless on dial or the cheapest/slowest connections, but it's secure as long as the PT and the clients don't track the proxy usage. IF the RIAA/MPAA comes and says they have your IP as downloading a file, you simply say "Musta been a proxy connection." It's Plausible Deniability- kinda like having an open wifi access point.
Want to run a Certified Email server? Go to your ISP (or other such companies that may arise to offer the service). They check you out (Are you who you say you are? Do you have valid contact information? Etc...), then have you produce a Public/Private key pair. You give them the 'Public' key, and keep the 'Private' one to configure your email server with. Your email server must add an additional header with your Certifier's Certification Server (usually their email server), and a header that is encrypted with your Private key.
An email client that is Certification-compatible will, when it receives an email, look to see if it has those two headers. If not, it will handle it according to the user's wishes. This means NON-Certified email might be deleted, or sent to a different folder, or whatever. Whitelists/blacklists are still possible.
If the email has the headers, the email client will connect to the Certification Server listed in the one header, and download the 'Public' key to attempt to decrypt the other header. If the decrypted header is valid, the client treats the email the way it is configured to, usually by placing it in the Inbox. Again, whitelists and blacklists can still be used.
Here's the most important part: If the user receives Spam that is Certified, they can easily report it to the Certifier (email clients would have a 'Report Certified Spam' button that automatically shoots an email off to the Certifier, for instance). The Certifier can then contact the owner of the Certified Server and notify them of the spam. This gives the server owner a chance to stop the spam, in case the server was hacked or the spam was accidental. If the Server owner does not stop the spam, the Certifier simply pulls the Certification, by removing the 'Public' key on their server. From that moment forward, ALL email the Email server in question sends will be NON-certified (and quite frankly, probably deleted by the recipients).
If the Certifier refuses to do anything about the Spamming Server (because they are 'in on it', friendly to spammers, or just incompetent), then ALL Certifications from that Certifier can be marked as 'bad', either on a client-by-client basis, or thru the use of a Certifier black-list.
-There is no 'Central Authority'- your ISP Certifies you for a modest fee. -You can still send non-certified email, so hobby mailing lists and the like are not affected- the people who receive the mailing list might just need to whitelist it. -Legit email will (eventually, almost always) be Certified, so Certified emails can be sent straight to the Inbox. Non-certified email will (eventually, almost always) be spam, so it can be trashed. -Any spam that is sent from a Certified server will quickly be reported by pissed-off recipients, and quick action will be needed to avoid that Certifier (and ALL the servers it has certified) from being put on a blacklist. -Spam will dwindle as Spammers either move to 'spam-friendly' Certifiers (which are blacklisted so the spam never gets thru anyway), or will spend huge amounts of money switching ISPs every 2-3 days to get re-certified over and over. Of course, ISPs could take a clue from the Las Vegas Casinos, and keep a 'black book' of known spammers, and check new clients against them before Certifying them. -This system does not need to be adopted all at once. Certified and non-certified emails can be handled both by email clients that are Certification aware and not.
You have public key encryption backwards. You never, ever, ever, give your private key to anyone. Ever. That's why it's called private.
Actually, the 'private key' and 'public key' are interchangeable. One will decrypt what the other has... crypted. Doesn't matter which you hand out, or which you keep.
If I want to know if a message came from Company X, they need to encrypt part of it (call it the signature) with their private key. I try decrypting their signature using their public key. If it works, I know it could only have been encrypted using their private key. If they're the only ones who have access to that private key, it must have come from them.
That's what I said: Your email server must add an additional header with your Certifier's Certification Server (usually their email server), and a header that is encrypted with your Public key.
If you use the public key for signing the email, all the sender has to do is spoof the from address, or whatever it is that indicates how to get the "private" key from the email certifier.
That would be the encrypted header. How are they going to 'spoof' the encrypted header?
Anybody has access to the public key (it's public after all), so anybody could send me that email and it would check out as legitimate.
There are two keys. Let's forget 'public' and 'private', and call then 'A' and 'B'. My email server (controlled by me) has Key 'A'. It uses key 'A' to encrypt a header line in the email. Also in the header is an unencrypted line that points to "cert.MyCertifyingCompany.com". You receive my email, and your server (or client) contacts "cert.MyCertifyingCompany.com" and requests my key 'B'. Your server uses key 'B' to decrypt the encrypted header, and compare it to to the unencrypted header ("cert.MyCertifyingCompany.com") if it matches, then the email is considered 'certified'.
See, my 'private' key, 'A' is kept only on MY email server, my 'public' key, 'B', is kept by the certifying authority. As I said above, the keys are interchangeable, which one you call 'private', and which one you call 'public' is arbitrary.
What do the certifiers add to the process that someone like Verisign doesn't do already? Today a company (or individual) could already send me digitally signed email that I could verify, and I could set up my mail to reject any non-whitelisted mail that's not signed.
Sure, if you trust ONE COMPANY. With my idea, anyone could certify emails. Your ISP. A company. A government. An individual. You don't need to trust that one company won't go spam-friendly, or get hacked, or even go out of business.
Want to run a Certified Email server? Go to your ISP (or other such companies that may arise to offer the service). They check you out (Are you who you say you are? Do you have valid contact information? Etc...), then have you produce a Public/Private key pair. You give them the 'Private' key, and keep the 'Public' one to configure your email server with. Your email server must add an additional header with your Certifier's Certification Server (usually their email server), and a header that is encrypted with your Public key.
An email client that is Certification-compatable will, when it reveives an email, look to see if it has those two headers. If not, it will handle it according to the user's wishes. This means NON-Certified email might be deleted, or sent to a different folder, or whatever. Whitelists/blacklists are still possible.
If the email has the headers, the email client will connect to the Certification Server listed in the one header, and download the 'Private' key to attempt to decrypt the other header. If the decrypted header is valid, the client treats the email the way it is configured to, usually by placing it in the Inbox. Again, whitelists and blacklists can still be used.
If the user receives Spam that is Certified, they can easily report it to the Certifier (email clients can have a 'Report Cetrtified Spam' button that automatically shoots an email off to the Certifier, for instance). The Certifier can then contact the owner of the Certified Server and notify them of the spam. This gives the server owner a chance to stop the spam, in case the server was hacked or the spam was accidental. If the Server owner does not stop the spam, the Certifier simply pulls the Certification, by removing the 'Private' key on their server. From that moment forward, ALL email the Email server in question sends will be NON-certified (and quite frankly, probably deleted by the recipients).
If the Certifier refuses to do anything about the Spamming Server (because they are 'in on it', friendly to spammers, or just incompetent), then ALL Certifications from that Certifier can be marked as 'bad', either on a client-by-client basis, or thru the use of a Certifier black-list.
-There is no 'Central Authority'- your ISP Certifies you for a modest fee. -You can still send non-certified email, so hobby mailing lists and the like are not affected- the people who receive the mailing list just need to whitelist it. -Legit email will (eventually, almost always) be Certified, so Certified emails can be sent straight to the Inbox. Non-certified email will (eventually, almost always) be spam, so it can be trashed. -Any spam that is sent from a Certified server will quickly be reported by pissed-off recipients, and quick action will be needed to avoid that Certifier (and ALL the servers it has certified) from being put on a blacklist. -Spam will dwindle as Spammers either move to 'spam-friendly' Certifiers (which are blacklisted so the spam never gets thru anyway), or will spend huge amounts of money switching ISPs every 2-3 days to get re-certified over and over. Of course, ISPs could take a clue from the Las Vegas Casinos, and keep a 'black book' of known spammers, and check new clients against them before Certifying them. -This system does not need to be adopted all at once. Certified and non-certified emails can be handled both by email clients that are Certification aware and not.
Next time you're standing in line at your neighborhood Security Theatre, look carefully at all of the signs. Among those describing the protean potential dangers of tiny things with points and overlarge liquids you will see something to the effect of "Passage beyond this point gives us permission to search you".
If you want to argue that this violates your fourth amendment rights go hire a (good) lawyer. But you do give explicit permission as soon as you walk past that door.
"replying to this post gives me permission to empty out your bank accounts" "Speaking to me in public gives me permission to punch you in the face" "opening/installing this software gives us permission to install a rootkit on your PC"
On 1), they don't count the items. They look in the bag for high-value items and verify that they're on the receipt
No, they don't. At least, they never have with me.
Besides, considering the type of people who have that job, I'm pretty sure they wouldn't be able to tell a 'high-value' item from a low-value item just by looking at it.
On 2), most people don't realize they're free to walk right out.
But the 'friend' part of an 'employee-and-friend' shoplifting team will certainly know, and certainly take advantage of that. So, again, it does NOT stop theft. Which was my original point.
No, it doesn't. It does not cut down on "employee theft". It MAY cut down on "employee and friend theft".
I say "may", because 1) I've never had the receipt-checker actually count the items in the bag, much less check to make sure they are the correct items, and 2) customers are perfectly free to walk right past the receipt-checker and out the door.
The coffee case has largely been misrepresented in popular media.
No, it has been misrepresentated by softies like you.
Liebeck, the plaintiff, suffered third degree burns on her thighs, buttocks, and genitals.
No one disputes that. It's a horrible thing to get burned. But it was her own fault.
There have been frivolous lawsuits, definitely true. The scalding coffee was not.
Incorrect.
Other coffee vendors around the city were, at the highest temperature, 20 degrees Fahrenheit cooler than McDonald's coffee.
Also incorrect. Doing even a tiny bit of research will show that McDonalds was brewing and serving their coffee at the correct temperature, which was the same temperature other placed brew/serve theirs.
electricity... no one seems to be bothered by the fact that if everyone consumed even 50% of their capacity at the same time the system would die a flaming death. And very few people even think about consuming 100% of the electricity available to their home.
I don't care about "the system". I care about the fact that if I have "200 amp service" to my house, I better be able to get 200 amps of electricity. The fact that "the system would die a flaming death" if enough people used the full amount available is not my problem- it's the electric company's.
And what happens to you if you're convicted under this law, and it is struck down later? Do they let you go? How do they refund the time you spent in pound-you-in-the-ass prison? How do they repair your reputation?
the two situations are very different in pretty much all aspects except that they both involve remote access to transit token in public
So, they're different, except where they're the same? Brilliant insight.
rfid won't flash wirelessly
Depends on the type. And, even in the case where it's not, it's perfectly possible to READ the RFID, and have a box that 'repeats' that RFID upon demand. Maybe I can't 'swap' your RFID, but I can clone it and use it.
Which is from Cory Doctorow's "Little Bother", and which from the court documents in this case?
"Just flash the firmware on a ten-dollar Radio Shack reader/writer and you're done. What we do is go around and randomly swap the tags on people, overwriting their Fast Passes and FasTraks with other people's codes. That'll make everyone skew all weird and screwy, and make everyone look guilty. Then: total gridlock."
vs.:
"An attacker uses RFID equipment purchased online to sniff communications between a legitimate CharlieCard and a turnstile. He takes the data back home and executes one of several attacks that exploit the weak Crypto-1 cipher to recover a key. Armed with this key, a high-gain antenna, and RFID equipment, he walks down a crowded street in boston remotely copying the CharlieCards in people's pockets."
Most libraries have a copy machine in them. So, Person 'A' walks into a library, takes a book off the shelf, walks over tot he library's copy machine, and copies the book.
Who's responsible? Person 'A' who did the copying? Or the library for 'making available' the copier??
As that article says: "Of course jurists might be influenced by dual defenses such as "my dog was tied up" and "I don't have a dog"..."
In other words, while "pleading the alternative" is allowed, it's easy for the prosecution to point out the inherent contradictions to the jury. The jury, not being lawyers, will think 'wait a minute, how can these things both be true? Oh, I see, he's just trying anything in a desprate attempt to confuse the issue. I don't like that- Guilty.'
Besides, in the section 'Criminal law', it says:
"Because pleading in the alternative is generally permitted in criminal cases, a defendant may claim to have not committed the crime itself, but at the same time may claim that if the defendant had committed the crime, the act was excused for a reason such as insanity or intoxication, or was justified due to provocation or self defense. However, a jury will naturally be suspicious if a defendant claims the benefits of, for example, both alibi and self defense."
Q. How much older was Aragorn than Arwen? No, sorry. That doesn't fly. I don't care if you read the books or not*. If you know random trivia like that offhand, you're a LoTR geek.
Anyone who's read the books can see it's a trick question. As an elf (actually half-elf), she has quite a long lifespan.
Wiki gives the details: she was born in the year 241 (third age), he was born in 2931 (third age). That makes HER some 2690 years OLDER than HIM.
The people standing around ignoring the kids trying to pull the door off of the phone booth were trying not to become involved because they feared they would be attacked...and with good reason.
::whoosh::
That's the sound of the point flying far, far, over your head.
It is certainly true that if JUST ONE person stands up asgainst a gang of hooligans, they risk getting beat/killed.
But if ALL the people stand up against them, it is the gang that would be outnumbered, and would risk getting beat (possibly killed, depending) if they start something. But for that to happen, each individual in the crowd needs to make the decision to stand up to them.
With people like you saying "Your solution, while noble, is not an option...", that has a low probability of happening.
it's not that hard to print (in color even) a fake plate and stick it over your real one. It would not fool a cop, but if it can fool the camera, the cop'll never see it.
Slashdot Mirror
Has anyone come up with a bit torrent client that includes a proxy? When it connects to a tracker, it also connects to a Proxy Tracker, and offers a proxy connection (or more than one) for use. The Proxy Tracker ('PT') then randomly routes one or more of the other client's data connections thru your proxy, and routes your data connections thru other people's proxy connections. Yes, it can be slow, and probably useless on dial or the cheapest/slowest connections, but it's secure as long as the PT and the clients don't track the proxy usage. IF the RIAA/MPAA comes and says they have your IP as downloading a file, you simply say "Musta been a proxy connection." It's Plausible Deniability- kinda like having an open wifi access point.
I've said it before- Email Certification.
Want to run a Certified Email server? Go to your ISP (or other such companies that may arise to offer the service). They check you out (Are you who you say you are? Do you have valid contact information? Etc...), then have you produce a Public/Private key pair. You give them the 'Public' key, and keep the 'Private' one to configure your email server with. Your email server must add an additional header with your Certifier's Certification Server (usually their email server), and a header that is encrypted with your Private key.
An email client that is Certification-compatible will, when it receives an email, look to see if it has those two headers. If not, it will handle it according to the user's wishes. This means NON-Certified email might be deleted, or sent to a different folder, or whatever. Whitelists/blacklists are still possible.
If the email has the headers, the email client will connect to the Certification Server listed in the one header, and download the 'Public' key to attempt to decrypt the other header. If the decrypted header is valid, the client treats the email the way it is configured to, usually by placing it in the Inbox. Again, whitelists and blacklists can still be used.
Here's the most important part: If the user receives Spam that is Certified, they can easily report it to the Certifier (email clients would have a 'Report Certified Spam' button that automatically shoots an email off to the Certifier, for instance). The Certifier can then contact the owner of the Certified Server and notify them of the spam. This gives the server owner a chance to stop the spam, in case the server was hacked or the spam was accidental. If the Server owner does not stop the spam, the Certifier simply pulls the Certification, by removing the 'Public' key on their server. From that moment forward, ALL email the Email server in question sends will be NON-certified (and quite frankly, probably deleted by the recipients).
If the Certifier refuses to do anything about the Spamming Server (because they are 'in on it', friendly to spammers, or just incompetent), then ALL Certifications from that Certifier can be marked as 'bad', either on a client-by-client basis, or thru the use of a Certifier black-list.
-There is no 'Central Authority'- your ISP Certifies you for a modest fee.
-You can still send non-certified email, so hobby mailing lists and the like are not affected- the people who receive the mailing list might just need to whitelist it.
-Legit email will (eventually, almost always) be Certified, so Certified emails can be sent straight to the Inbox. Non-certified email will (eventually, almost always) be spam, so it can be trashed.
-Any spam that is sent from a Certified server will quickly be reported by pissed-off recipients, and quick action will be needed to avoid that Certifier (and ALL the servers it has certified) from being put on a blacklist.
-Spam will dwindle as Spammers either move to 'spam-friendly' Certifiers (which are blacklisted so the spam never gets thru anyway), or will spend huge amounts of money switching ISPs every 2-3 days to get re-certified over and over. Of course, ISPs could take a clue from the Las Vegas Casinos, and keep a 'black book' of known spammers, and check new clients against them before Certifying them.
-This system does not need to be adopted all at once. Certified and non-certified emails can be handled both by email clients that are Certification aware and not.
It may not be perfect, but it'd be a good start.
You have public key encryption backwards. You never, ever, ever, give your private key to anyone. Ever. That's why it's called private.
Actually, the 'private key' and 'public key' are interchangeable. One will decrypt what the other has... crypted. Doesn't matter which you hand out, or which you keep.
If I want to know if a message came from Company X, they need to encrypt part of it (call it the signature) with their private key. I try decrypting their signature using their public key. If it works, I know it could only have been encrypted using their private key. If they're the only ones who have access to that private key, it must have come from them.
That's what I said:
Your email server must add an additional header with your Certifier's Certification Server (usually their email server), and a header that is encrypted with your Public key.
If you use the public key for signing the email, all the sender has to do is spoof the from address, or whatever it is that indicates how to get the "private" key from the email certifier.
That would be the encrypted header. How are they going to 'spoof' the encrypted header?
Anybody has access to the public key (it's public after all), so anybody could send me that email and it would check out as legitimate.
There are two keys. Let's forget 'public' and 'private', and call then 'A' and 'B'. My email server (controlled by me) has Key 'A'. It uses key 'A' to encrypt a header line in the email. Also in the header is an unencrypted line that points to "cert.MyCertifyingCompany.com". You receive my email, and your server (or client) contacts "cert.MyCertifyingCompany.com" and requests my key 'B'. Your server uses key 'B' to decrypt the encrypted header, and compare it to to the unencrypted header ("cert.MyCertifyingCompany.com") if it matches, then the email is considered 'certified'.
See, my 'private' key, 'A' is kept only on MY email server, my 'public' key, 'B', is kept by the certifying authority. As I said above, the keys are interchangeable, which one you call 'private', and which one you call 'public' is arbitrary.
What do the certifiers add to the process that someone like Verisign doesn't do already? Today a company (or individual) could already send me digitally signed email that I could verify, and I could set up my mail to reject any non-whitelisted mail that's not signed.
Sure, if you trust ONE COMPANY. With my idea, anyone could certify emails. Your ISP. A company. A government. An individual. You don't need to trust that one company won't go spam-friendly, or get hacked, or even go out of business.
I've said it before- Email Certification.
Want to run a Certified Email server? Go to your ISP (or other such companies that may arise to offer the service). They check you out (Are you who you say you are? Do you have valid contact information? Etc...), then have you produce a Public/Private key pair. You give them the 'Private' key, and keep the 'Public' one to configure your email server with. Your email server must add an additional header with your Certifier's Certification Server (usually their email server), and a header that is encrypted with your Public key.
An email client that is Certification-compatable will, when it reveives an email, look to see if it has those two headers. If not, it will handle it according to the user's wishes. This means NON-Certified email might be deleted, or sent to a different folder, or whatever. Whitelists/blacklists are still possible.
If the email has the headers, the email client will connect to the Certification Server listed in the one header, and download the 'Private' key to attempt to decrypt the other header. If the decrypted header is valid, the client treats the email the way it is configured to, usually by placing it in the Inbox. Again, whitelists and blacklists can still be used.
If the user receives Spam that is Certified, they can easily report it to the Certifier (email clients can have a 'Report Cetrtified Spam' button that automatically shoots an email off to the Certifier, for instance). The Certifier can then contact the owner of the Certified Server and notify them of the spam. This gives the server owner a chance to stop the spam, in case the server was hacked or the spam was accidental. If the Server owner does not stop the spam, the Certifier simply pulls the Certification, by removing the 'Private' key on their server. From that moment forward, ALL email the Email server in question sends will be NON-certified (and quite frankly, probably deleted by the recipients).
If the Certifier refuses to do anything about the Spamming Server (because they are 'in on it', friendly to spammers, or just incompetent), then ALL Certifications from that Certifier can be marked as 'bad', either on a client-by-client basis, or thru the use of a Certifier black-list.
-There is no 'Central Authority'- your ISP Certifies you for a modest fee.
-You can still send non-certified email, so hobby mailing lists and the like are not affected- the people who receive the mailing list just need to whitelist it.
-Legit email will (eventually, almost always) be Certified, so Certified emails can be sent straight to the Inbox. Non-certified email will (eventually, almost always) be spam, so it can be trashed.
-Any spam that is sent from a Certified server will quickly be reported by pissed-off recipients, and quick action will be needed to avoid that Certifier (and ALL the servers it has certified) from being put on a blacklist.
-Spam will dwindle as Spammers either move to 'spam-friendly' Certifiers (which are blacklisted so the spam never gets thru anyway), or will spend huge amounts of money switching ISPs every 2-3 days to get re-certified over and over. Of course, ISPs could take a clue from the Las Vegas Casinos, and keep a 'black book' of known spammers, and check new clients against them before Certifying them.
-This system does not need to be adopted all at once. Certified and non-certified emails can be handled both by email clients that are Certification aware and not.
It may not be perfect, but it'd be a good start.
Next time you're standing in line at your neighborhood Security Theatre, look carefully at all of the signs. Among those describing the protean potential dangers of tiny things with points and overlarge liquids you will see something to the effect of "Passage beyond this point gives us permission to search you".
If you want to argue that this violates your fourth amendment rights go hire a (good) lawyer. But you do give explicit permission as soon as you walk past that door.
"replying to this post gives me permission to empty out your bank accounts"
"Speaking to me in public gives me permission to punch you in the face"
"opening/installing this software gives us permission to install a rootkit on your PC"
Think it'll hold up in court??
On 1), they don't count the items. They look in the bag for high-value items and verify that they're on the receipt
No, they don't. At least, they never have with me.
Besides, considering the type of people who have that job, I'm pretty sure they wouldn't be able to tell a 'high-value' item from a low-value item just by looking at it.
On 2), most people don't realize they're free to walk right out.
But the 'friend' part of an 'employee-and-friend' shoplifting team will certainly know, and certainly take advantage of that. So, again, it does NOT stop theft. Which was my original point.
No, it doesn't. It does not cut down on "employee theft". It MAY cut down on "employee and friend theft".
I say "may", because 1) I've never had the receipt-checker actually count the items in the bag, much less check to make sure they are the correct items, and 2) customers are perfectly free to walk right past the receipt-checker and out the door.
I wish I had mod points.
The ladder is frivolous in comparison
The LATTER...
The coffee case has largely been misrepresented in popular media.
No, it has been misrepresentated by softies like you.
Liebeck, the plaintiff, suffered third degree burns on her thighs, buttocks, and genitals.
No one disputes that. It's a horrible thing to get burned. But it was her own fault.
There have been frivolous lawsuits, definitely true. The scalding coffee was not.
Incorrect.
Other coffee vendors around the city were, at the highest temperature, 20 degrees Fahrenheit cooler than McDonald's coffee.
Also incorrect. Doing even a tiny bit of research will show that McDonalds was brewing and serving their coffee at the correct temperature, which was the same temperature other placed brew/serve theirs.
I can tell you're in Retail Management. You actually think that searching CUSTOMERS cuts down on EMPLOYEE theft.
Then we'll give you 5 amp current limited service...
The service they already installed says 200 amp. That's what I'm paying for, that's what I want.
But hey, if they want to cut my bill by 97.5%, I'll take the 5amp service. :-)
electricity... no one seems to be bothered by the fact that if everyone consumed even 50% of their capacity at the same time the system would die a flaming death. And very few people even think about consuming 100% of the electricity available to their home.
I don't care about "the system". I care about the fact that if I have "200 amp service" to my house, I better be able to get 200 amps of electricity. The fact that "the system would die a flaming death" if enough people used the full amount available is not my problem- it's the electric company's.
And what happens to you if you're convicted under this law, and it is struck down later? Do they let you go? How do they refund the time you spent in pound-you-in-the-ass prison? How do they repair your reputation?
the two situations are very different in pretty much all aspects except that they both involve remote access to transit token in public
So, they're different, except where they're the same? Brilliant insight.
rfid won't flash wirelessly
Depends on the type. And, even in the case where it's not, it's perfectly possible to READ the RFID, and have a box that 'repeats' that RFID upon demand. Maybe I can't 'swap' your RFID, but I can clone it and use it.
ANYWAY, you obviously missed my point.
Which is from Cory Doctorow's "Little Bother", and which from the court documents in this case?
"Just flash the firmware on a ten-dollar Radio Shack reader/writer and you're done. What we do is go around and randomly swap the tags on people, overwriting their Fast Passes and FasTraks with other people's codes. That'll make everyone skew all weird and screwy, and make everyone look guilty. Then: total gridlock."
vs.:
"An attacker uses RFID equipment purchased online to sniff communications between a legitimate CharlieCard and a turnstile. He takes the data back home and executes one of several attacks that exploit the weak Crypto-1 cipher to recover a key. Armed with this key, a high-gain antenna, and RFID equipment, he walks down a crowded street in boston remotely copying the CharlieCards in people's pockets."
Please, check out 'Little Brother'. FREE for download at http://craphound.com/littlebrother/download/ , or available at fine bookstores everywhere.
Most libraries have a copy machine in them. So, Person 'A' walks into a library, takes a book off the shelf, walks over tot he library's copy machine, and copies the book.
Who's responsible? Person 'A' who did the copying? Or the library for 'making available' the copier??
As that article says: "Of course jurists might be influenced by dual defenses such as "my dog was tied up" and "I don't have a dog"..."
In other words, while "pleading the alternative" is allowed, it's easy for the prosecution to point out the inherent contradictions to the jury. The jury, not being lawyers, will think 'wait a minute, how can these things both be true? Oh, I see, he's just trying anything in a desprate attempt to confuse the issue. I don't like that- Guilty.'
Besides, in the section 'Criminal law', it says:
"Because pleading in the alternative is generally permitted in criminal cases, a defendant may claim to have not committed the crime itself, but at the same time may claim that if the defendant had committed the crime, the act was excused for a reason such as insanity or intoxication, or was justified due to provocation or self defense. However, a jury will naturally be suspicious if a defendant claims the benefits of, for example, both alibi and self defense."
Which was my point.
The trouble is that really remote areas also have crappy cell phone service, which is what On*star uses.
"But it's turtles all the way down!"
'All the way down... to what?'
Q. How much older was Aragorn than Arwen?
No, sorry. That doesn't fly. I don't care if you read the books or not*. If you know random trivia like that offhand, you're a LoTR geek.
Anyone who's read the books can see it's a trick question. As an elf (actually half-elf), she has quite a long lifespan.
Wiki gives the details: she was born in the year 241 (third age), he was born in 2931 (third age). That makes HER some 2690 years OLDER than HIM.
Give a man a fish, and he'll eat for a day.
Teach a man to fish, and he'll feed himself for years.
No, no. I've found it to be more like this:
Give a man a fish, and he'll eat for a day.
Teach a man to fish, and he'll whine about how hard it is, and bitch at you for not just giving him a fish.
the attacker might have used social engineering ...which is a vulnerability. Lack of proper security measures and security training.
Fewer than 25 percent of attacks took advantage of a known or unknown vulnerability
So, 75% of attacks didn't take advantage of a vulnerability at all?
The people standing around ignoring the kids trying to pull the door off of the phone booth were trying not to become involved because they feared they would be attacked...and with good reason.
::whoosh::
That's the sound of the point flying far, far, over your head.
It is certainly true that if JUST ONE person stands up asgainst a gang of hooligans, they risk getting beat/killed.
But if ALL the people stand up against them, it is the gang that would be outnumbered, and would risk getting beat (possibly killed, depending) if they start something. But for that to happen, each individual in the crowd needs to make the decision to stand up to them.
With people like you saying "Your solution, while noble, is not an option...", that has a low probability of happening.
Too many people to send to prison, too much expense to continually replace the cameras
No need to send anyone to jail- kill two birds with one stone and fine them the cost of the camera. Withhold it from their pay.
it's not that hard to print (in color even) a fake plate and stick it over your real one. It would not fool a cop, but if it can fool the camera, the cop'll never see it.