I've never (ten years or so) had a local hardware issue extend into the host network. It seems to be fairly hard to do that if you're not an idiot (and if your own equipment is truly solid, which mine is).
Take a patch cable. Plug one end into a switch. Plug the other end into another switch on the same network. Or even the same switch.
Happened twice at my old office, once during an office move, once just by accident. More sophisticated equipment detects this problem, but we just had dumb switches.
If you assume encryption is useless, then what's the point?
It's not the encryption is useless, it's that you can't trust it against the full might of the NSA or equivalent. Even for those whose messages would get that sort of scrutiny, encryption is still useful -- for one thing, to hide that the message is of that much interest in the first place.
(Of course, it's possible, even likely, that the NSA isn't _that_ far ahead in decryption. But that's not the way a paranoid would bet)
Societies have a life cycle starting with strong leaders and ending with populist democracy.
So the US died in Andrew Jackson's presidency?
The Patriot Act and TSA ended up not being a big deal and we can see them backing off, not because of some citizens' protest, but because they managed to deter terrorism.
Because if you do leave now, then Iraq is going to become a bloodbath in a sectarian war. Again.
And if the US leaves some other time, that won't happen?
Find an end state that A) Doesn't leave the US in Iraq indefinitely and B) Doesn't result in a sectarian bloodbath and C) Doesn't involve nuking the country to glass or any other form of genocide and that's a valid argument for the US not leaving now.
But if whenever the US leaves, there will be a sectarian bloodbath, it may as well be now.
1) Any packet which leaves your local network must be assumed to be intercepted by the authorities in your country.
2) Any data provided to anyone you can't personally trust must be assumed to be available to the authorities in your country.
2a) You can't personally trust any corporation, association, partnership, etc.
These apply to _any_ country in any situation.
If you're of special interest to any 1st or 2nd world government, you have to assume
3) All data on your own machines is already compromised, unless you take extreme precautions to avoid those machines being associated with you.
If you're of extreme interest to the US government or any of its allies, you must also assume
4) The authorities can read any of your encrypted data, if they find out it is associated with you, even if they do not acquire the keys.
All this applies whether Microsoft, Yahoo, and Google are sincere or not (and of course they aren't). Even if they don't provide the data willingly, governments will find a way to get it.
Servos and remotes are cheaper than people. Why do we still have suicide bombers?
The minor reason would be that a car driven by a dummy (or no driver at all) is likely to be noticed.
The major reason is probably that your premise is false, at least where we have suicide bombers. Getting a car rigged to run by remote costs more than getting a <strike>sucker</strike>martyr to drive it there.
We've seen Baudot, ASCII, EBCDIC, and codepages for things not quite ASCII. Now we have UTF-8 (which thankfully has a special relationship to ASCII) and half a dozen other encodings that are 8, 16, 32, or some variable bit length in multiples of 8 bits from 8 bits to 48 bits depending on the character.
I dare say that if I gave an English-speaking computer geek who had never heard of EBCDIC a long document encoded as EBCDIC, and told him (truthfully) that it consisted mostly of English text, he'd have most of EBCDIC reverse-engineered within a few days.
Go back a few more years, say pull some PDP11 files or EBCIDIC files, it's not impossible by any stretch to decode them but the benchmark goes up just a touch more.
Easy, provided the physical problem of getting the data into a system is solved. Chances are the original program still exists and can be run in emulation.
Fast forward say 100 years, your great great great grand son finds a way to pull our ODT Resume off of a DVD, what's the liklihood of him building an ODT viewer to crack open the data?
Darned good. The compression scheme is the hardest part, but there's no reason for that to have been forgotten. The files themselves are XML encoded as ASCII (or is it UTF-8?), which is certainly not going to have been forgotten. And that's assuming he can't simply run OpenOffice in emulation. The big issue is whether or not he can pull them off the DVD in the first place; if DVD is long since obsolete and working mechanisms are scarce, he probably won't. But by then maybe he'll be able to put the whole DVD into a 30-zillion VPI 3D scanner and read it all at once, then decode the DVD image with software written by archivists or enthusiasts.
Recently at work we ran into a problem where a "knowledge management" package died. The company had gone belly up and there is no converter. We are printing and re-typing in thousands of pages because there is just no other way. I collect antiquarian books. Funny that a collection of plays printed up in Latin in 1542 only require the learning of a language, yet a knowledge base less then 10 years old is unreadable...
Only? I dare say I'd find it easier to read your knowledge management database than to learn Latin.
Of course the Internet doesn't scale to its projected size, and of course SMTP is insufficiently secure. This has nothing to do with the worse-is-better design, though. It's just that the Internet existed before any of those requirements were even conceived.
Nobody thought, "Hmm, you know, we have a requirement for electronic mail to be secure, but that's too hard, so we'll just skip it". Certainly no one thought "We're going to need more than 2^32 Internet nodes, but that's too hard, so we won't do it. Instead, the use to which IPv4 and SMTP have been put to have resulted in newly discovered requirements which were simply not there originally.
Apparently it is you who misunderstand what it means to say that "MD5 is broken", as the numbers you gave were for an unbroken hash.
It is possible to generate MD5 collisions in reasonable amounts of time. It is possible to generate different meaningful files which have the same MD5 hash in reasonable amounts of time. It is not currently practical to generate a different file which has the same MD5 hash as another existing file, but that's not what I was suggesting.
Here's what our crusader would do
1) Select an existing child porn file
2) Generate two new files. One is crafted to render pretty much the same as the existing child porn file. The other is crafted to look like something which isn't contraband. Both have the same MD5 hash (different from the existing CP file).
3) Enter the new child porn file, and its MD5, in the child porn database. (or, more subtly, distribute it to known child porn purveyors who are about to be busted, and let someone else enter it in the database)
4) Distributed the non-contraband file via legitimate channels.
5) Go after people who are likely to have the non-contraband file, search computer using MD5 tool, and find evil MD5 (on legit file).
6) Use existence of evil MD5 to get warrant to do a thorough search of the computer
There's two major sections of the DMCA that are commonly discussed.
17 USC 1201: There's basically nothing good to be said about this one. This is the anti-circumvention provision, with a few extra goodies like protection for Macrovision's analog copy-protection as well.
17 USC 512: This is what the article is referring to. The story goes that this article trades a takedown provision for safe harbor. Only problem with the story is that the safe harbor already existed in precedent. So what does 512 really do? It provides an effortless takedown procedure, gives ISPs an excuse to boot users off for no reason, gives the claimant in a copyright case what amounts to an automatic temporary restraining order against the ISP, and facilitated discovery of the claimed infringer's identity. The ISPs get a slightly more solid version of the safe harbor they already had (though the xxAAs have been trying to get that part revoked, as with the YouTube wrangling), and the users get... squat.
You want a real copyright act for the digital millennium? Start with "Article 17 of the United States Code is hereby repealed". Then start over from scratch, without making every operation performed by a computer into a technical violation.
Not only did they search the drive without a warrant, but they also got the defendant to confess to putting the files there by questioning him without reading his rights and telling him that he didn't need an attorney. Genius.
Even dumber: Based on the testimony of the guy who originally found the child porn, they could have gone to a magistrate and gotten a warrant. Then there would have been no issue of a warrantless search.
BTW, for those considering the abandoned-property angle -- the court goes into that. It wasn't a legal eviction and the defendant hadn't abandoned his stuff; he merely hadn't removed it all yet.
Are you sure? MD5 is broken. If I were a child porn crusader in law enforcement, I might create matched pairs of images, one legit, one child porn (derived from an existing child porn image), with the same MD5, then put that MD5 in the "evil MD5" database. Then I'd distribute the legit ones (perhaps adult porn, perhaps anime, maybe lolcats, anything appealing to a group I think contains a lot of filthy pedophiles) far and wide. Then if I can do MD5 hashes of suspect's laptops without triggering 4th amendment scrutiny, I can use the "evil" hashes as evidence to search the laptop "for real". This ruling precludes that particular dodge.
Go read the FAQ on the linked site. Anyone except those using "designated computers" in public libraries is still only going to be able to perform limited searching and previewing of in-print works.
So one compromised machine in one public library and it's all out of the bag...
Or, in other words, a 217Hz signal is amplitude modulated onto the GSM signal. Some electronic devices (like amplifiers) incidentally demodulate the 217 Hz and convert that to sound. 217Hz is well within the human audible range, thus... dutuh, dutuh, dutuh, dutuh, dutzzzzzzzz.....
(since it's a 217 hz square wave you get lots of harmonics as well)
To treat those TOSs as the useless virtual toilet paper they are. While the particular terms of services you'd be breaking might not be so unreasonable, the whole idea that someone can impose an obligation on you for downloading a web page is offensive.
Your application sounds pretty shady on its own, but just tell your boss that and do it anyway. When the web sites you're scraping start feeding you false data (or just 501 errors) and making your company look stupid, you can say you warned them... especially if you did so in writing or at least e-mail.
What if they had discovered that Joe the Plumber's favorite website is purenudism.com. Do you really think the government would have kept quiet about it?
Take a patch cable. Plug one end into a switch. Plug the other end into another switch on the same network. Or even the same switch.
Happened twice at my old office, once during an office move, once just by accident. More sophisticated equipment detects this problem, but we just had dumb switches.
It's not the encryption is useless, it's that you can't trust it against the full might of the NSA or equivalent. Even for those whose messages would get that sort of scrutiny, encryption is still useful -- for one thing, to hide that the message is of that much interest in the first place.
(Of course, it's possible, even likely, that the NSA isn't _that_ far ahead in decryption. But that's not the way a paranoid would bet)
Chechnya? Chechnya remains occupied in all but name. It's a satellite of Russia. That violates condition A), not remaining there indefinitely.
So the US died in Andrew Jackson's presidency?
So tell me, are you a shill or just trolling?
This needs to go into the textbooks as the defining example of "Damning by faint praise."
Bookies don't gamble. They set the odds to make sure the house wins regardless who wins the underlying bet.
I'm all for sending them.
And if the US leaves some other time, that won't happen?
Find an end state that
A) Doesn't leave the US in Iraq indefinitely and
B) Doesn't result in a sectarian bloodbath
and
C) Doesn't involve nuking the country to glass or any other form of genocide
and that's a valid argument for the US not leaving now.
But if whenever the US leaves, there will be a sectarian bloodbath, it may as well be now.
1) Any packet which leaves your local network must be assumed to be intercepted by the authorities in your country.
2) Any data provided to anyone you can't personally trust must be assumed to be available to the authorities in your country.
2a) You can't personally trust any corporation, association, partnership, etc.
These apply to _any_ country in any situation.
If you're of special interest to any 1st or 2nd world government, you have to assume
3) All data on your own machines is already compromised, unless you take extreme precautions to avoid those machines being associated with you.
If you're of extreme interest to the US government or any of its allies, you must also assume
4) The authorities can read any of your encrypted data, if they find out it is associated with you, even if they do not acquire the keys.
All this applies whether Microsoft, Yahoo, and Google are sincere or not (and of course they aren't). Even if they don't provide the data willingly, governments will find a way to get it.
The minor reason would be that a car driven by a dummy (or no driver at all) is likely to be noticed.
The major reason is probably that your premise is false, at least where we have suicide bombers. Getting a car rigged to run by remote costs more than getting a <strike>sucker</strike>martyr to drive it there.
I dare say that if I gave an English-speaking computer geek who had never heard of EBCDIC a long document encoded as EBCDIC, and told him (truthfully) that it consisted mostly of English text, he'd have most of EBCDIC reverse-engineered within a few days.
Easy, provided the physical problem of getting the data into a system is solved. Chances are the original program still exists and can be run in emulation.
Darned good. The compression scheme is the hardest part, but there's no reason for that to have been forgotten. The files themselves are XML encoded as ASCII (or is it UTF-8?), which is certainly not going to have been forgotten. And that's assuming he can't simply run OpenOffice in emulation. The big issue is whether or not he can pull them off the DVD in the first place; if DVD is long since obsolete and working mechanisms are scarce, he probably won't. But by then maybe he'll be able to put the whole DVD into a 30-zillion VPI 3D scanner and read it all at once, then decode the DVD image with software written by archivists or enthusiasts.
Only? I dare say I'd find it easier to read your knowledge management database than to learn Latin.
Of course the Internet doesn't scale to its projected size, and of course SMTP is insufficiently secure. This has nothing to do with the worse-is-better design, though. It's just that the Internet existed before any of those requirements were even conceived.
Nobody thought, "Hmm, you know, we have a requirement for electronic mail to be secure, but that's too hard, so we'll just skip it". Certainly no one thought "We're going to need more than 2^32 Internet nodes, but that's too hard, so we won't do it. Instead, the use to which IPv4 and SMTP have been put to have resulted in newly discovered requirements which were simply not there originally.
Apparently it is you who misunderstand what it means to say that "MD5 is broken", as the numbers you gave were for an unbroken hash.
It is possible to generate MD5 collisions in reasonable amounts of time. It is possible to generate different meaningful files which have the same MD5 hash in reasonable amounts of time. It is not currently practical to generate a different file which has the same MD5 hash as another existing file, but that's not what I was suggesting.
Here's what our crusader would do
1) Select an existing child porn file
2) Generate two new files. One is crafted to render pretty much the same as the existing child porn file. The other is crafted to look like something which isn't contraband. Both have the same MD5 hash (different from the existing CP file).
3) Enter the new child porn file, and its MD5, in the child porn database. (or, more subtly, distribute it to known child porn purveyors who are about to be busted, and let someone else enter it in the database)
4) Distributed the non-contraband file via legitimate channels.
5) Go after people who are likely to have the non-contraband file, search computer using MD5 tool, and find evil MD5 (on legit file).
6) Use existence of evil MD5 to get warrant to do a thorough search of the computer
See
http://www.win.tue.nl/hashclash/SoftIntCodeSign/
for an algorithm for creating meaningful files with the same MD5 hash.
There's two major sections of the DMCA that are commonly discussed.
17 USC 1201: There's basically nothing good to be said about this one. This is the anti-circumvention provision, with a few extra goodies like protection for Macrovision's analog copy-protection as well.
17 USC 512: This is what the article is referring to. The story goes that this article trades a takedown provision for safe harbor. Only problem with the story is that the safe harbor already existed in precedent. So what does 512 really do? It provides an effortless takedown procedure, gives ISPs an excuse to boot users off for no reason, gives the claimant in a copyright case what amounts to an automatic temporary restraining order against the ISP, and facilitated discovery of the claimed infringer's identity. The ISPs get a slightly more solid version of the safe harbor they already had (though the xxAAs have been trying to get that part revoked, as with the YouTube wrangling), and the users get... squat.
You want a real copyright act for the digital millennium? Start with "Article 17 of the United States Code is hereby repealed". Then start over from scratch, without making every operation performed by a computer into a technical violation.
Not only did they search the drive without a warrant, but they also got the defendant to confess to putting the files there by questioning him without reading his rights and telling him that he didn't need an attorney. Genius.
Even dumber: Based on the testimony of the guy who originally found the child porn, they could have gone to a magistrate and gotten a warrant. Then there would have been no issue of a warrantless search.
BTW, for those considering the abandoned-property angle -- the court goes into that. It wasn't a legal eviction and the defendant hadn't abandoned his stuff; he merely hadn't removed it all yet.
Are you sure? MD5 is broken. If I were a child porn crusader in law enforcement, I might create matched pairs of images, one legit, one child porn (derived from an existing child porn image), with the same MD5, then put that MD5 in the "evil MD5" database. Then I'd distribute the legit ones (perhaps adult porn, perhaps anime, maybe lolcats, anything appealing to a group I think contains a lot of filthy pedophiles) far and wide. Then if I can do MD5 hashes of suspect's laptops without triggering 4th amendment scrutiny, I can use the "evil" hashes as evidence to search the laptop "for real". This ruling precludes that particular dodge.
So one compromised machine in one public library and it's all out of the bag...
Slashtip: Including a link to a silly gadget is always worth karma. Bashing the US can go either way.
Yes, speakers which are magnetically shielded to prevent affecting CRTs will also likely reject the GSM buzz.
The clock radio would only pick up the GSM buzz if the speaker was on (radio or buzzer); when it's off, no problem.
Or, in other words, a 217Hz signal is amplitude modulated onto the GSM signal. Some electronic devices (like amplifiers) incidentally demodulate the 217 Hz and convert that to sound. 217Hz is well within the human audible range, thus... dutuh, dutuh, dutuh, dutuh, dutzzzzzzzz.....
(since it's a 217 hz square wave you get lots of harmonics as well)
It's not just the iPhone. It's any GSM phone. Google "GSM Buzz". Meet the "GSM Devil", which relies on this interference to tell you you're phone is about to ring. http://shop.mopodmania.net/product.sc?categoryId=1&productId=15
To treat those TOSs as the useless virtual toilet paper they are. While the particular terms of services you'd be breaking might not be so unreasonable, the whole idea that someone can impose an obligation on you for downloading a web page is offensive.
Your application sounds pretty shady on its own, but just tell your boss that and do it anyway. When the web sites you're scraping start feeding you false data (or just 501 errors) and making your company look stupid, you can say you warned them... especially if you did so in writing or at least e-mail.
This would be in his driver's license records?