>In an evolution-type case, the AAAS scientist could tell the judge "So far as the evidence
points to, evolution is the best explanation as to how complex life forms on Earth came to be".
...and be instantly shot down by the opposing side's lawyer:
FundieLawyer: You say the best explanation, but is it the only explanation? AAAS Expert: No, merely the one most supported by current data. FundieLawyer: What about my client's proposition that it's turtles-all-the-way-down?
AAAS Expert: That theory does not appear to be supported by evidence.
FundieLawyer: But if evidence were to be found, it would then be a theory supported by evidence, no?
AAAS Expert: Yes, it would be, if someone looked over the edge of the earth and saw a giant turtle.
FundieLawyer: So you admit it! You admit not only that evolution isn't the only possible explanation, but because my client has a sworn deposition saying that he teaches Turtle Theory on the basis of a paper by a Dr. Xyzzy Fromitz, and Dr. Xyzzy's paper clearly states that he's seen a giant turtle, upon whose back the earth rides! The prosecution rests!
Impartial scientific experts are a good thing.
Better, would be a course in epistemology and philosophy of science for any law student or judge who would rule in a case in which science mattered.
Since you can't do that during a case, you'd have to make it part of the standards for becoming a lawyer or judge in the first place.
> Complex carbon molecules have been found for ages in space.
Yup. Same-old-same-old.
Wanna impress me? Gimme some insanely-long-baseline-interferometry capable of getting a spectrum from a planetary body and show me a big pile of diatomic oxygen.
Until then, it's good research, but it doesn't change the big picture (the building blocks of life are everywhere) we've been aware of for a long time.
> Sure, it could
snoop every email, even from users who are not covered in the warrant, but that's the same situation with a phone
tap. Back in the old old days, when phone calls were transmited over circuits, it would be possible to tap just one
particular circuit, but that's long gone. Everything is packets now, and if you put a phone tap on an ATM phone
switch, if the tap is configured "incorrectly" it could also tap arbitrary phone traffic.
What the botched ATM phone tap can't do - and which Car^H^H^HBarney^H^H^H^H^H^HDCS-1000 can - is log all the traffic for future analysis.
If you "botch" the ATM switch tap, you still need humans to go through the data you illegally gathered. If you "botch" the filter parameters with DCS-1000, you just file the disk away for long-term storage.
>I personally think that everyone (not just the FBI) should have the power to tap any communication line at any
time.
Actually, that's not as laughable as it seems. While I'd prefer "no tapping", a world in which "everyone could tap" would at least be a level playing field. Sure, the marketroids could snoop on you, but you could snoop right back and publish lists of the offending IPs.
As currently configured (120M removable storage), DCS-1000 isn't a major threat. Swap that 120M removable storage for a 60G IDE drive, and you've got something much more interesting.
>>Many companies' only goal is to patent "technologies" and ideas. > >Okay. You say 'many'. Name ten companies for which this is the case.
I can't name ten. But I can name one. RMBS.
Even Intel themselves are distancing themselves from RAMBUS - they wanted a technology company, not a bunch of lawyers.
Sadly (for INTC, RMBS, and the rest of the computing world), RDRAM is a dog that just won't bark. RMBS is doing what it feels it has to in order to survive - sue the fsck out of everyone in sight because it has no source of revenue other than the royalties it can extort with its legions of landsharks.
Sadly for RMBS (and wonderfully for the rest of us), DRAM pricing has dropped to the point where DDR SDRAM can be sold at about the same price as regular SDRAM. The recent production increase of RDRAM from Toshiba is a last-ditch attempt for high-cost [R|S]DRAM producers to break even. But RMBS is one legal decision away from oblivion.
Anyone got a source for a quote I seem to recall (but can't find) about an Intel guy saying something to the effect "we wanted a technology company, not an IP company"?
>60 some years ago, a bunch of people fell asleep at the board, and millions of people died. I don't
think this is about MP3z or oppressive government, I just think they're scared shitless about it
happening again.
So are a lot of people, which is why we're opposing the German government's boneheaded move.
> But two of the three things you listed (bomb-making schematics and the formulas for drugs) have
the real possiblity of killing the participent, or others around the participent.
Whoa, dude, you mean there's filez so 'l33t that I can get blowed up real good just by reading the bomb-making instructions, and get high by reading the drug formulae?
Where's the URL? I gotta get me some of those!
Last time I read about bombs, the textfile just sat there on the screen waiting for me to scroll through it. Nothin' else happened.
Whups, my bad, the Iraqi postscript virus was debunked as an urban legend a long time ago.
But the Lotus Notes backdoor story was true. Export versions of Lotus contained a 64-bit key, 24 bits of which were encrypted with NSA's secret key.
End result: A commercial eavesdropper would have had to break a 64-bit key, but NSA only had to break a 40-bit key.
My original point in defence of idefense.com still stands - idefense.com saying "don't trust products written in naughty countries" (because their core audience can't imagine "products" as meaning anything other than closed-source software purchased from vendors, and therefore don't see the security risks associated with closed-source vendors) or slashdot's perspective of "don't trust closed-source products because they're closed-source" (because our core audience can't imagine the country of origin as being a security risk) - are two sides of the same coin.
>In order to build this working environment, I
had to get hold of WindowMaker, and some libs so that it would compile for Solaris, and then hack the configuration of
the Solaris X graphical login and session handler in such a way that it recognized Windowmaker as existing and was
willing to start Windowmaker for me instead of CDE.
Got a quick write-up on how you did that?
I had to spend a while futzing around with dtlogin and m64config on an Ultra box in order to get it to come up in a video mode my monitor recognized. It appears m64config tells the hardware to generate separate (or composite) sync, which my monitor likes, but dtlogin tells it to use composite (or separate), which the monitor doesn't like. I had to wedge an m64config call into/etc/rc2.d/S99dtlogin and a few other places, which was fugly, fugly, fugly.
It'd be nice if I had an elegant solution... but even if you didn't replace dtlogin, anything that gets me away from CDE would also be pretty cool:)
We know, too, that if a US business buys hardware
or software from such countries as Russia, China and France, there
is a very good chance that they will be infected by bugs or various
kinds.
We know this because we've
already done stuff like this to our adversaries.
Or perhaps you didn't know about the Postscript hack we
snuck into Iraqi HP Laserjets as part of the Gulf War.
Or perhaps you didn't know about the backdoors in Lotus
Bloats that we used to steal European industrial secrets.
Or about the stuff about the French government's stated policy
of using industrial espionage in the late 1980s, to which our
Bloats backdoor was probably a response.
Make no mistake, these guys do have a vested interest,
but they're emphatically not fruitcakes. They know
whereof they speak. This particular threat is very real.
Before you moderate that as "Troll" - ask yourself what's the
difference between:
idefense.com saying to its audience "You know you've
embedded backdoors in stuff you sold to adversaries, now
they can do it to you?"
Rabid/.ers saying "Open source is more secure than
closed-source because it's harder to hide the backdoors".
Hint: None at all.
It's the same risk, just viewed from a different perspective
by a different audience with a different set of shared experiences
and concerns.
(fsckin' Slashdot's on the fritz again, apologies for any multiple posts.)
Amen. And it ain't the folks who want to outlaw crypto.
"The operational details and future targets, in many cases,
are hidden in plain view on the Internet. Only the members of
the terrorist organizations, knowing the hidden signals, are
able to extract the information."
That's not about Johnny Badnote using crypto. That's about Johnny Badnote not being logged like he would be in the UK under RIP.
And from Badnote's point of view, it makes sense - if the "good guys" are targetting users of crypto for surveillance, then the best place to hide something is in plain sight.
After all, if you're a sports fan, are you likely to go
to every Yahoo message board concerning football?
Or just the ones that look like they have lots of active
members and traffic?
From the black hats' perspective, all they have to do is misspell
a few words (e.g. "fotball") and make it look like the message board and file repository is
some lame kid's idea of cool, and nobody innocent will show up.
(Any innocents who do show up will get bored and leave quickly.)
Six months down the road, someone finds that the photos of the
high school "fotball" team are actually the photos of assassination targets,
but by then it's too late.
Of course, the goal of the CNN article is to convince the sheeple
that the "obvious solution" (namely crank up the intelligence
community's version of Carnivore and have it
sniff every packet that goes in and out of Yahoo, Hotmail,
etc), a cure that's worse than the disease to most of us (myself included) reading this.
On the third hand, if it gets Carnivore out of the FBI's hands
and turns it over to the intelligence community, maybe that's better than leaving it in FBI's hands.
(Paranoid conspiracy theory: The intelligence community is pissed at FBI for intruding onto its turf and is running this sort of article as part of a power grab;-)
>Of course, the reality is that this is prime material for legislatures to begin
convincing the less tech-savvy "common man" that they desperately need
legislation in place to form a Key Escrow so that anyone's keys can be cracked
by the government if they so desire.
Criminals, of course, simply won't obey the law. Duh.
Yep, and when crypto is outlawed, only outlaws will have crypto. Use of crypto will therefore expose one to surveillance because guilt can be presumed.
>details of how extremists hide maps and photographs of
terrorist targets in sports chat rooms, on
pornographic bulletin boards and other popular Web sites.
"Damnit, boss, can't you see I'm working here, it
only looks like I'm jacking off to g0at pr0n!"
- Some guy in Langley
>I am guessing that either they were seriously harrasing people over the net, email
bombs or some DOS attacks, or they were trying to crack someones system. We
need to get the whole story before damning the cops on this one.
Yup. If the kids are as innocent as most/.ers appear to believe (i.e. if the warrant was for the "threats" implicit in the shitlist, and the "threat" was that players on the list would be blown up in the game), a civil suit will likely show by a preponderance of evidence that whoever demanded the warrant was an idjit.
If they were involved in cracking, or if there was evidence to suggest that the "shitlist" was a list of, say, players to be harassed in real life, or have their machines DOSsed, or what-not, then any civil case they launch will fail.
I'm filing this case under "potential outrage", not "confirmed outrage" until I see more evidence.
Then the organization to sue is the one that employed the clueless prosecutor who asked for the warrant, which may well be the organization that employes the equally-clueless judge who signed it.
BFD.
Was the warrant legal? Yes. Were the cops serving the warrant doing the right thing? Yes; it was a signed warrant and they had to serve it.
Go after the fux0rz who got the warrant in the first place, and do it in civil court.
As always, IANAL, and knowing the courts, there's probably some fucked up "catch-22" that says you can't sue the DA's office even for unwarranted (ahem:) arrests. But if there were ever a case where the landsharks oughta be unleashed, this is it.
>Maybe we could just split of a *piece* of the Earth and send it into another orbit.. y'know, as a test before we send the rest of Earth.
Someone already tried that 4.5 billion years ago. That's how the Moon was formed.
(Either that, or someone tried to move the Earth's orbit with a Mars-sized rock to compensate for the Sun changing from protostar to main-sequence body, and screwed up real bad;-)
> And why we continue to use this mistaken nomenclature is beyond me. The associations are
common but the technologies are only superficially related. Javascript has a heinous, disorganized
API, is weakly typed, etc. ECMAScript is a standardization of the base Javascript API and syntax.
Absolutely correct. But the point is that they both blow goats when implemented in email clients. As Beavis and Butthead point out - "You can't polish a turd."
Actually, they both blow goats in web sites too, but that's not relevant to the bit about turd-polishing or lusers who don't know the difference between a web browser and an email client;)
> I don't see why would anyone would want to put decryption on the sound card, I don't think
that many will do an update that: >
A> require them to use dos. >
B> maim their sound card. >
So take DOS out of the picture. Rather than "boot from a floppy and run this utility under DOS", package it up as a Windoze-style.EXE.
The.EXE puts up a window that says "Insert a floppy". It then dumps a floppy image to the floppy, tweaks some registry settings, and tells the luser to reboot.
The floppy comes up, does the DOS magic from a batch file, and tells the user to remove it and reboot. When 'doze comes back up, the registry settings tweaked before say "Your DVD-ROM is now fixed!" and the utility deletes itself.
To me, that'd be a crock - I don't like tools that don't need Windoze demanding them. But if the goal is to make it easy for Joe Luzer, hey, ya gotta do whatcha gotta do.
>I don't think that the DRM is more secure because it is tied to the OS; it is more secure because
it is buried under megabytes of mess.
Good point. I was about to quote from the article - the point that Microsoft has credibility when it comes to "[...] securing music within the boewls of the computer".
(Hey, as if we didn't already know that Microsoft, RIAA, and MPAA were swimming in gallons of their own shit;)
>One ironic part of the internet is that every user thinks that they should have ultimite protection of free speech, and that the Internet should never be censored. [... ]
I've snipped the rest of the standard bullshit from some punk troll who thinks that spam is frea speach.
"Nothing in the Constitution compels us to listen to or view any unwanted communication, whatever its merit....The ancient concept that 'a man's home is his castle' into which 'not even the king may enter' has lost none of its vitality....We therefore categorically reject the argument that a vendor has a right under the Constitution or otherwise to send unwanted material into the home of another. If this prohibition operates to impede the flow of even valid ideas, the answer is that no one has a right to press even 'good' ideas on an unwilling recipient. That we are often 'captives' outside the sanctuary of the home and
subject to objectionable speech and other sound does not mean we must be captives everywhere....The asserted right of a mailer, we repeat, stops at the outer boundary of every person's domain."
- U.S. Supreme Court: ROWAN v. U.S. POST OFFICE DEPT. , 397 U.S. 728
Now FOAD, spammer.
Better yet, GTFOTN (Get The Fuck Off The Net), and then die, spammer.
FundieLawyer: You say the best explanation, but is it the only explanation?
AAAS Expert: No, merely the one most supported by current data.
FundieLawyer: What about my client's proposition that it's turtles-all-the-way-down? AAAS Expert: That theory does not appear to be supported by evidence. FundieLawyer: But if evidence were to be found, it would then be a theory supported by evidence, no? AAAS Expert: Yes, it would be, if someone looked over the edge of the earth and saw a giant turtle. FundieLawyer: So you admit it! You admit not only that evolution isn't the only possible explanation, but because my client has a sworn deposition saying that he teaches Turtle Theory on the basis of a paper by a Dr. Xyzzy Fromitz, and Dr. Xyzzy's paper clearly states that he's seen a giant turtle, upon whose back the earth rides! The prosecution rests!
Impartial scientific experts are a good thing.
Better, would be a course in epistemology and philosophy of science for any law student or judge who would rule in a case in which science mattered.
Since you can't do that during a case, you'd have to make it part of the standards for becoming a lawyer or judge in the first place.
Yup. Same-old-same-old.
Wanna impress me? Gimme some insanely-long-baseline-interferometry capable of getting a spectrum from a planetary body and show me a big pile of diatomic oxygen.
Until then, it's good research, but it doesn't change the big picture (the building blocks of life are everywhere) we've been aware of for a long time.
The frightening thing to me - how the hell does McAfee get the data that makes up the map?
If I were running antivirus software, the last thing I'd want is to have it phoning home to tell some third party that I was infected.
Sounds like a privacy/security nightmare.
What the botched ATM phone tap can't do - and which Car^H^H^HBarney^H^H^H^H^H^HDCS-1000 can - is log all the traffic for future analysis.
If you "botch" the ATM switch tap, you still need humans to go through the data you illegally gathered. If you "botch" the filter parameters with DCS-1000, you just file the disk away for long-term storage.
>I personally think that everyone (not just the FBI) should have the power to tap any communication line at any time.
Actually, that's not as laughable as it seems. While I'd prefer "no tapping", a world in which "everyone could tap" would at least be a level playing field. Sure, the marketroids could snoop on you, but you could snoop right back and publish lists of the offending IPs.
As currently configured (120M removable storage), DCS-1000 isn't a major threat. Swap that 120M removable storage for a 60G IDE drive, and you've got something much more interesting.
>
>Okay. You say 'many'. Name ten companies for which this is the case.
I can't name ten. But I can name one. RMBS.
Even Intel themselves are distancing themselves from RAMBUS - they wanted a technology company, not a bunch of lawyers.
Sadly (for INTC, RMBS, and the rest of the computing world), RDRAM is a dog that just won't bark. RMBS is doing what it feels it has to in order to survive - sue the fsck out of everyone in sight because it has no source of revenue other than the royalties it can extort with its legions of landsharks.
Sadly for RMBS (and wonderfully for the rest of us), DRAM pricing has dropped to the point where DDR SDRAM can be sold at about the same price as regular SDRAM. The recent production increase of RDRAM from Toshiba is a last-ditch attempt for high-cost [R|S]DRAM producers to break even. But RMBS is one legal decision away from oblivion.
Anyone got a source for a quote I seem to recall (but can't find) about an Intel guy saying something to the effect "we wanted a technology company, not an IP company"?
D00000D! U forgot da Sk1nZ!!!!!!! If 1T duZnt half sk1nz, 1t sUx0rz!!!!
(But apart from that, you just described the design philosophy behind Mozilla to a "T" ;-)
So are a lot of people, which is why we're opposing the German government's boneheaded move.
Whoa, dude, you mean there's filez so 'l33t that I can get blowed up real good just by reading the bomb-making instructions, and get high by reading the drug formulae?
Where's the URL? I gotta get me some of those!
Last time I read about bombs, the textfile just sat there on the screen waiting for me to scroll through it. Nothin' else happened.
"Yeah, but does silk shoot outa yer cat's tits like it does on my goat's"?
But the Lotus Notes backdoor story was true. Export versions of Lotus contained a 64-bit key, 24 bits of which were encrypted with NSA's secret key.
End result: A commercial eavesdropper would have had to break a 64-bit key, but NSA only had to break a 40-bit key.
My original point in defence of idefense.com still stands - idefense.com saying "don't trust products written in naughty countries" (because their core audience can't imagine "products" as meaning anything other than closed-source software purchased from vendors, and therefore don't see the security risks associated with closed-source vendors) or slashdot's perspective of "don't trust closed-source products because they're closed-source" (because our core audience can't imagine the country of origin as being a security risk) - are two sides of the same coin.
Got a quick write-up on how you did that?
I had to spend a while futzing around with dtlogin and m64config on an Ultra box in order to get it to come up in a video mode my monitor recognized. It appears m64config tells the hardware to generate separate (or composite) sync, which my monitor likes, but dtlogin tells it to use composite (or separate), which the monitor doesn't like. I had to wedge an m64config call into /etc/rc2.d/S99dtlogin and a few other places, which was fugly, fugly, fugly.
It'd be nice if I had an elegant solution... but even if you didn't replace dtlogin, anything that gets me away from CDE would also be pretty cool :)
From www.idefense.com:
We know this because we've already done stuff like this to our adversaries.
Or perhaps you didn't know about the Postscript hack we snuck into Iraqi HP Laserjets as part of the Gulf War.
Or perhaps you didn't know about the backdoors in Lotus Bloats that we used to steal European industrial secrets.
Or about the stuff about the French government's stated policy of using industrial espionage in the late 1980s, to which our Bloats backdoor was probably a response.
Make no mistake, these guys do have a vested interest, but they're emphatically not fruitcakes. They know whereof they speak. This particular threat is very real.
Before you moderate that as "Troll" - ask yourself what's the difference between:
- idefense.com saying to its audience "You know you've
embedded backdoors in stuff you sold to adversaries, now
they can do it to you?"
- Rabid
/.ers saying "Open source is more secure than
closed-source because it's harder to hide the backdoors".
Hint: None at all.It's the same risk, just viewed from a different perspective by a different audience with a different set of shared experiences and concerns.
(fsckin' Slashdot's on the fritz again, apologies for any multiple posts.)
Amen. And it ain't the folks who want to outlaw crypto.
That's not about Johnny Badnote using crypto. That's about Johnny Badnote not being logged like he would be in the UK under RIP.
And from Badnote's point of view, it makes sense - if the "good guys" are targetting users of crypto for surveillance, then the best place to hide something is in plain sight.
After all, if you're a sports fan, are you likely to go to every Yahoo message board concerning football? Or just the ones that look like they have lots of active members and traffic?
From the black hats' perspective, all they have to do is misspell a few words (e.g. "fotball") and make it look like the message board and file repository is some lame kid's idea of cool, and nobody innocent will show up. (Any innocents who do show up will get bored and leave quickly.)
Six months down the road, someone finds that the photos of the high school "fotball" team are actually the photos of assassination targets, but by then it's too late.
Of course, the goal of the CNN article is to convince the sheeple that the "obvious solution" (namely crank up the intelligence community's version of Carnivore and have it sniff every packet that goes in and out of Yahoo, Hotmail, etc), a cure that's worse than the disease to most of us (myself included) reading this.
On the third hand, if it gets Carnivore out of the FBI's hands and turns it over to the intelligence community, maybe that's better than leaving it in FBI's hands.
(Paranoid conspiracy theory: The intelligence community is pissed at FBI for intruding onto its turf and is running this sort of article as part of a power grab ;-)
Criminals, of course, simply won't obey the law. Duh.
Yep, and when crypto is outlawed, only outlaws will have crypto. Use of crypto will therefore expose one to surveillance because guilt can be presumed.
"Damnit, boss, can't you see I'm working here, it only looks like I'm jacking off to g0at pr0n!"
- Some guy in Langley
Yup. If the kids are as innocent as most /.ers appear to believe (i.e. if the warrant was for the "threats" implicit in the shitlist, and the "threat" was that players on the list would be blown up in the game), a civil suit will likely show by a preponderance of evidence that whoever demanded the warrant was an idjit.
If they were involved in cracking, or if there was evidence to suggest that the "shitlist" was a list of, say, players to be harassed in real life, or have their machines DOSsed, or what-not, then any civil case they launch will fail.
I'm filing this case under "potential outrage", not "confirmed outrage" until I see more evidence.
Then the organization to sue is the one that employed the clueless prosecutor who asked for the warrant, which may well be the organization that employes the equally-clueless judge who signed it. BFD.
Was the warrant legal? Yes. Were the cops serving the warrant doing the right thing? Yes; it was a signed warrant and they had to serve it.
Go after the fux0rz who got the warrant in the first place, and do it in civil court.
As always, IANAL, and knowing the courts, there's probably some fucked up "catch-22" that says you can't sue the DA's office even for unwarranted (ahem :) arrests. But if there were ever a case where the landsharks oughta be unleashed, this is it.
In a few years, you will be. You already are relying on the safety clue of others who have done similar pranks, and so am I.
That's what it means to be an Engineer.
Someone already tried that 4.5 billion years ago. That's how the Moon was formed.
(Either that, or someone tried to move the Earth's orbit with a Mars-sized rock to compensate for the Sun changing from protostar to main-sequence body, and screwed up real bad ;-)
Absolutely correct. But the point is that they both blow goats when implemented in email clients. As Beavis and Butthead point out - "You can't polish a turd."
Actually, they both blow goats in web sites too, but that's not relevant to the bit about turd-polishing or lusers who don't know the difference between a web browser and an email client ;)
> A> require them to use dos.
> B> maim their sound card.
>
So take DOS out of the picture. Rather than "boot from a floppy and run this utility under DOS", package it up as a Windoze-style .EXE.
The .EXE puts up a window that says "Insert a floppy". It then dumps a floppy image to the floppy, tweaks some registry settings, and tells the luser to reboot.
The floppy comes up, does the DOS magic from a batch file, and tells the user to remove it and reboot. When 'doze comes back up, the registry settings tweaked before say "Your DVD-ROM is now fixed!" and the utility deletes itself.
To me, that'd be a crock - I don't like tools that don't need Windoze demanding them. But if the goal is to make it easy for Joe Luzer, hey, ya gotta do whatcha gotta do.
Good point. I was about to quote from the article - the point that Microsoft has credibility when it comes to "[...] securing music within the boewls of the computer".
(Hey, as if we didn't already know that Microsoft, RIAA, and MPAA were swimming in gallons of their own shit ;)
Now FOAD, spammer.
Better yet, GTFOTN (Get The Fuck Off The Net), and then die, spammer.
Well, they used to. Then they discovered uu.net. *sigh*
Any backhoe operators in VA feelin' bored?
I dunno, but if it is, someone'd better call RIAA and MPAA to let Ms. Rosen and Mr. Valenti know about it :)