That's an easy thing to say. Coming up with a set of changes to push for is a little more difficult, and actually getting enough people to push in order to make a difference is harder still.
It is an easy thing to say, yes. It's also what I usually tell people who complain and complain about the way things are going but can't be bothered to vote, let alone call or write their congesscritter or representative to voice their complaints.
Incidentally, that you linked to actionable bills and social action for them marks you as not one of those people, which I find quite surprising, and refreshing. There are too many like that, these days.
What do you suggest are some good first steps?
What I suggest, and in fact practice myself is to compile lists of your representatives in government and keep in touch with them. Ostensibly, they are supposed to represent the will of the people, but if they don't know the will of the people they'll do their own thing. "Hi, I'm your constituent, these are the things important to me.. [list and reasons here]... If you listen to me and vote in such a way that you represent my interests I'll not only vote for your re-election but I'll contribute money, otherwise [name of other candidate here] would be more amenable to doing so and my vote and money will go to them. My tax dollars pay your salary."
I've found over the years that by bringing up the next election and the prospect of campaign donations makes it more likely that I'll get more than a canned reply when I do try to get in touch with them about something. Work all the angles you can.
Someone mentioned instant runoff voting, but I think that's jumping the gun--it (along with any other alternative to the current system) gives third parties a stronger voice, so you'll have a hard time convincing current politicians to back it.
Yeah, that would shake things up a lot. Given that some third-party candidates were unusually visible in the '04 election (which made a lot of people inside the Beltway nervous) that seems like a significant risk to the power bloc of the big two.
In my opinion, the best way to foster change is to spread the word about a few bills being sponsored by Downsize DC...
I've deleted your suggestions for the sake of brevity, but I will certainly look over the Downsize DC website and the bills you referenced. I wasn't aware of this before and I'll do some research on it. Offhand it seems potentially helpful.
Either one of these two measures by itself would do a lot to improve the quality of legislation coming out of Washington. DownsizeDC has a decent system for sending messages to all your congressmen. Their newsletter often has interesting (read: maddening) tidbits about what's going on in Washington, too, though the rhetoric can be juvenile at times.
Again, thank you for the heads-up. I've added it to my daily news crawl.
If you want to make a difference, start pushing for these bills. They have a lot of support already, and every new call for them makes it more likely that they'll actually be passed. Don't be put off because the organization doesn't support something that you do (the health care bill, for instance)--just make use of their system to keep increasing pressure on Congress to pass important legislation like the proposals listed above.
No organization will support everything that everyone wants or believes in. The only thing we can do is support those that seem to back most of them and speak out on the specifics.
You got me curious, so I fired up my copy of ENT and ran those two strings through it to see exactly how much entropy is contained therein.
'The Lord of the Rings is the Greatest Series Ever Written': 3.898965 bits of entropy per byte. Chi square distribution for 58 samples is 1238.79, and randomly would exceed this value less than 0.01 percent of the time (typo in the output corrected). Arithmetic mean value of the data bytes is 89.8448 (where 127.5 would be considered random). The Monte Carlo value for Pi is 4.0000000000 (error 27.32 percent). The serial correlation coefficient is -0.096773 (where being totally uncorrelated would equal 0.0).
'TLotRitGSER': 3.251629 bits of entropy per byte. Chi square distribution for 12 samples is 329.33, and randomly would exceed this value less than 0.12 percent of the time (typo in the output corrected again). Arithmetic mean value of the data bytes is 83.7500 (where 127.5 would be considered random). The Monte Carlo value for Pi is 4.0000000000 (error 27.32 percent). The serial correlation coefficient is 0.109522 (where being totally uncorrelated would equal 0.0).
So, if you're going by bits of entropy in the passphrase alone, go with the full sentence.
Re:If the grues don't get you, the gazebos will!
on
D&D On Google Wave
·
· Score: 1
"How does Forces-3/Prime-2 strike you?"
"I hope it doesn't!"
Natehoy said that he was keeping his seven-year old daughter offline (i.e., off the Net), not that he was keeping her away from computers entirely. The former does not necessarily imply the latter.
That's great!
So, what would YOU recommend that they use? What CMSes have you personally audited, deployed, and helped fix? You're the expert, help us out here!
So help the project. Write some code that speeds it up a little. Fix bugs in the source tree. Run a middleman (or better yet, exit) node with a decent allocation of bandwidth. Rent a VM someplace and run a Tor node. Advocate for the project to get more people to run middleman and exit nodes.
Until someone decides that they'd be useful deniable assets and cons them into doing something heinous, like a DDoS attack against an insecure SCADA box hanging on the end of a DSL line somewhere.
They actually pick the last known stable revision made available by the company/distro/manufacturer. The people who bless that release do not seem to be the ones who actually read the changelogs, the code, or anything else that has to do with the package or application in question.
I will bet you a good pile of money that the files which WERE "compromised" contained carefully polluted data. They want the hackers to think they got away with a good haul, when they probably were, in all reality, raiding a honey pot. This info will then be used by foreign agencies to help design their defense/intrusion/detection systems... and then those systems will completely under or over-estimate the capability of the actual craft.
You're assuming that the powers that be would let the techies do such a thing. In all probability they wouldn't. The people in charge don't differentiate between a compromised machine and a honeypot full of bad data that's meant to be compromised. Not only does it look bad (due to lack of clue on this particular topic) but they're not really willing to accept the risk (however small it might be) that the cracked honeypot could be misused as a staging point for another attack. Throw a firewall of some kind in front of or on that honeypot that make it ineffective in a DDoS attack (for example, by limiting outgoing ICMP to one packet every 60 seconds) and that is still considered far too much liability to assume.
Also, it takes time to create realistic looking but worthless data to seed a honeypot with. That's a lot of billable time that's would better be spent auditing system logs, examining security alerts, watching for patch updates, and writing code. It's hard to justify that kind of money right now. A faster way of going about it would be to take real data and doctor it sufficiently that it looks good but is useless. The line between "useless" and "attackers can figure out what the data should really look like" is a very fine one, and that's a risk that few are willing to take, even with known-unusable information (botched projects, false starts, what have you).
When the Iranians take control of a predator drone with full armament and turn it against our bases in Iraq, something blows up.
On this particular point you might want to look into Peter W. Singer's unclassified research on military robotics. If his data is to be believed, some of the US' older drones were compromised and repurposed while on mission a couple of years ago. The remaining Predators (and later generations of the hardware) supposedly had their C&C gear replaced to get around those attacks. If I recall his presentation correctly, UAVs are now controlled via satellite and not ground based radio because to get a stronger signal to the drones the attacker would have to be above them, and in the regions those drones are deployed that's really not possible.
Where I work, we get together about once a week to take ten or fifteen pound sledgehammers to decomissioned drives. Not only is it good for disposing of our clients' old drives but it's a great way to work off the week's stress.
Remove the circuit board, take the screws out, separate the two halves of the drive's casing to expose the platters, and pretend you're playing Donkey Kong...
Slashdot Mirror
And they still think that nothing will happen to them as a result.
That's an easy thing to say. Coming up with a set of changes to push for is a little more difficult, and actually getting enough people to push in order to make a difference is harder still.
It is an easy thing to say, yes. It's also what I usually tell people who complain and complain about the way things are going but can't be bothered to vote, let alone call or write their congesscritter or representative to voice their complaints.
Incidentally, that you linked to actionable bills and social action for them marks you as not one of those people, which I find quite surprising, and refreshing. There are too many like that, these days.
What do you suggest are some good first steps?
What I suggest, and in fact practice myself is to compile lists of your representatives in government and keep in touch with them. Ostensibly, they are supposed to represent the will of the people, but if they don't know the will of the people they'll do their own thing. "Hi, I'm your constituent, these are the things important to me.. [list and reasons here]... If you listen to me and vote in such a way that you represent my interests I'll not only vote for your re-election but I'll contribute money, otherwise [name of other candidate here] would be more amenable to doing so and my vote and money will go to them. My tax dollars pay your salary." I've found over the years that by bringing up the next election and the prospect of campaign donations makes it more likely that I'll get more than a canned reply when I do try to get in touch with them about something. Work all the angles you can.
Someone mentioned instant runoff voting, but I think that's jumping the gun--it (along with any other alternative to the current system) gives third parties a stronger voice, so you'll have a hard time convincing current politicians to back it.
Yeah, that would shake things up a lot. Given that some third-party candidates were unusually visible in the '04 election (which made a lot of people inside the Beltway nervous) that seems like a significant risk to the power bloc of the big two.
In my opinion, the best way to foster change is to spread the word about a few bills being sponsored by Downsize DC...
I've deleted your suggestions for the sake of brevity, but I will certainly look over the Downsize DC website and the bills you referenced. I wasn't aware of this before and I'll do some research on it. Offhand it seems potentially helpful.
Either one of these two measures by itself would do a lot to improve the quality of legislation coming out of Washington. DownsizeDC has a decent system for sending messages to all your congressmen. Their newsletter often has interesting (read: maddening) tidbits about what's going on in Washington, too, though the rhetoric can be juvenile at times.
Again, thank you for the heads-up. I've added it to my daily news crawl.
If you want to make a difference, start pushing for these bills. They have a lot of support already, and every new call for them makes it more likely that they'll actually be passed. Don't be put off because the organization doesn't support something that you do (the health care bill, for instance)--just make use of their system to keep increasing pressure on Congress to pass important legislation like the proposals listed above.
No organization will support everything that everyone wants or believes in. The only thing we can do is support those that seem to back most of them and speak out on the specifics.
> The smart ones are bored out of their skull? Who cares!
The smart ones.
The ones who made it through with their sanity mostly intact.
Just was has to happen to make people realize (or make lawmakers force them to) that securing your boxes is a necessity?
The Infocalypse?
Perhaps the reason we are so blase about it is what little we can actually do about the problem.
The two party system ensures that corruption comes in a cartel of two.
And that is why you fail. If you don't think anything can change and never bother to try, nothing will.
Great. My plan for world domination just went public.
You got me curious, so I fired up my copy of ENT and ran those two strings through it to see exactly how much entropy is contained therein.
'The Lord of the Rings is the Greatest Series Ever Written': 3.898965 bits of entropy per byte. Chi square distribution for 58 samples is 1238.79, and randomly would exceed this value less than 0.01 percent of the time (typo in the output corrected). Arithmetic mean value of the data bytes is 89.8448 (where 127.5 would be considered random). The Monte Carlo value for Pi is 4.0000000000 (error 27.32 percent). The serial correlation coefficient is -0.096773 (where being totally uncorrelated would equal 0.0).
'TLotRitGSER': 3.251629 bits of entropy per byte. Chi square distribution for 12 samples is 329.33, and randomly would exceed this value less than 0.12 percent of the time (typo in the output corrected again). Arithmetic mean value of the data bytes is 83.7500 (where 127.5 would be considered random). The Monte Carlo value for Pi is 4.0000000000 (error 27.32 percent). The serial correlation coefficient is 0.109522 (where being totally uncorrelated would equal 0.0).
So, if you're going by bits of entropy in the passphrase alone, go with the full sentence.
"How does Forces-3/Prime-2 strike you?"
"I hope it doesn't!"
Natehoy said that he was keeping his seven-year old daughter offline (i.e., off the Net), not that he was keeping her away from computers entirely. The former does not necessarily imply the latter.
Incorrect. Vidalia makes it easy to not only operate Tor but set up a middleman, bridge, or exit node as well.
That's great!
So, what would YOU recommend that they use? What CMSes have you personally audited, deployed, and helped fix? You're the expert, help us out here!
So help the project. Write some code that speeds it up a little. Fix bugs in the source tree. Run a middleman (or better yet, exit) node with a decent allocation of bandwidth. Rent a VM someplace and run a Tor node. Advocate for the project to get more people to run middleman and exit nodes.
TL;DR : Read the manual before using Tor. It explains all of this.
Until someone decides that they'd be useful deniable assets and cons them into doing something heinous, like a DDoS attack against an insecure SCADA box hanging on the end of a DSL line somewhere.
# shred -f -n 7 -u /mnt/netapp
Why, because it would try to eat a Higgs boson?
Yes, it is. It requires accepting responsibility for one's actions and a little critical thinking.
They actually pick the last known stable revision made available by the company/distro/manufacturer. The people who bless that release do not seem to be the ones who actually read the changelogs, the code, or anything else that has to do with the package or application in question.
That appears to be their threat model, yes.
I will bet you a good pile of money that the files which WERE "compromised" contained carefully polluted data. They want the hackers to think they got away with a good haul, when they probably were, in all reality, raiding a honey pot. This info will then be used by foreign agencies to help design their defense/intrusion/detection systems... and then those systems will completely under or over-estimate the capability of the actual craft.
You're assuming that the powers that be would let the techies do such a thing. In all probability they wouldn't. The people in charge don't differentiate between a compromised machine and a honeypot full of bad data that's meant to be compromised. Not only does it look bad (due to lack of clue on this particular topic) but they're not really willing to accept the risk (however small it might be) that the cracked honeypot could be misused as a staging point for another attack. Throw a firewall of some kind in front of or on that honeypot that make it ineffective in a DDoS attack (for example, by limiting outgoing ICMP to one packet every 60 seconds) and that is still considered far too much liability to assume.
Also, it takes time to create realistic looking but worthless data to seed a honeypot with. That's a lot of billable time that's would better be spent auditing system logs, examining security alerts, watching for patch updates, and writing code. It's hard to justify that kind of money right now. A faster way of going about it would be to take real data and doctor it sufficiently that it looks good but is useless. The line between "useless" and "attackers can figure out what the data should really look like" is a very fine one, and that's a risk that few are willing to take, even with known-unusable information (botched projects, false starts, what have you).
When the Iranians take control of a predator drone with full armament and turn it against our bases in Iraq, something blows up.
On this particular point you might want to look into Peter W. Singer's unclassified research on military robotics. If his data is to be believed, some of the US' older drones were compromised and repurposed while on mission a couple of years ago. The remaining Predators (and later generations of the hardware) supposedly had their C&C gear replaced to get around those attacks. If I recall his presentation correctly, UAVs are now controlled via satellite and not ground based radio because to get a stronger signal to the drones the attacker would have to be above them, and in the regions those drones are deployed that's really not possible.
That's easy! The Beltway's a parking lot for six hours out of every day, so they don't really run a risk of being squished.
Don't forget roasting marshmallows over the remains!
Where I work, we get together about once a week to take ten or fifteen pound sledgehammers to decomissioned drives. Not only is it good for disposing of our clients' old drives but it's a great way to work off the week's stress. Remove the circuit board, take the screws out, separate the two halves of the drive's casing to expose the platters, and pretend you're playing Donkey Kong...
This site has been blocked and the attempted access has been logged by the SonicWALL Content Filtering Service.
http://www.networkworld.com/news/2009/011309-zero-day-worm.html?hpg1=bn
Reason for restriction: Forbidden Category "Adult Entertainment"
Way to go, Cheetancheri.