An FCC ruling? That'd be, like, the governmental agency in charge of communications.
"The ministry of communication is duty-bound to make the use of the Internet
impossible."
- Some dude with a pre-9/11 mindset.
OK, so it was only three weeks before 9/11. And it was some other country. But you have to give him credit for achieving his policy objective, not only in his own country, but in his opponent's country too.
Maybe we should be thankful. Based on precedent, the BSA guy should be put in charge of the Copyright office, or perhaps hired by NSA to... adjust its priorities when it comes to what sort of traffic is worthy of further investigation.
April 2006: Department of Commerce, undersecretary for technology: Robert Cresanti, former VP of public policy at the
Business Software Alliance (BSA).
Now we have a guy who "recalls being unable to tell the good guys from the bad as both armed soldiers and civilians alike would order his family out of their car to search it", and who says one of his best qualifications for the job includes "first-hand brushes with totalitarianism" in charge of Civil Liberties instead.
"Good? Bad? I'm the guy with the gun." - Ash, Army of Darkness (1993)
Anyways, freedom's overrated these days. You know what they do to people in those freedom camps? (Yeah, neither do I, and I'd like to keep it that way!)
There's still time to appoint Jeff Bezos to run USPTO! (I've got a $10 bet riding on it, so please, write your Congressmen today!:)
> I like the way he talks about the liberating power of technology... so long as you don't want to discuss anything that the government doesn't agree with... or want to find out what happened in Tianamen square, or if you want to have unrestricted access to other webpages. But apart from that it does makes people completely free, free as a (caged) bird
Well sure, but liberation.google.com is still just at the invite-only beta stage.
Contestant: I'll take "Hole Truth" for $100, Alex. Trebek: OpenSSH, Falwell, OpenDRM Contestant: What are plugged, ass, and analog? Trebek: Congratulations, all are examples of different types of holes!
> This is all very intriguing, but how exactly could someone exploit this RFID range to make my life worse? I can only think of things that would make it better. Could someone explain less abstractly than "Didn't you read 1984?"
"Ground Beef a L'amerique".
Ingredients:
1 Terrorist.
1 RFID reader.
1 Pringles can.
1 Blasting cap.
1 Pound of boom-boom stuff.
Assemble recipe. Bake in broad daylight on side of road until American tour bus comes by.
> No, computer, I said, "awk single quote left curly print dollar one right curly single quote file dot txt pipe sort pipe uniq dash see greater than a dot out"
Oh yeah?
{ } . ! / & ; ^ # - < > @ \ { } _ SYSTEM HALTED
Left titty, right titty, dot bang slash. Ampersand semicolon, caret pound dash. Less than greater than, at back slash, left titty, right titty, under score crash.
> >...Microsoft will unleash an abundance of next-generation applications that will take everyone by surprise.
> >Anyone aware of "next-generation [stuff]" that was born inside a huge corp and not in a startup? May be it just because in huge corps info is far more likely to leak, than in small startup, but anyway I never expect something "too cool" from big corps: they are too deep inside their bureaucracy and other sh** to innovate.
This latest gambit is amusing - either scare the competition into premature releases of tech (and make 'em burn through their venture capital early), or scare the venture capitalists into not investing in startups in the first place (because Microsoft is already doing the Next Big Thing).
Vietnam War: Anyone who runs is a VC. Kill 'em. Anyone who stands still is a well-disciplined VC. Kill them too.
Software Wars: Anyone who releases - runs out of VC. Burn 'em out. Anyone who doesn't release - doesn't get VC. Starve 'em out. Either way, you get to buy their tech for pennies on the dollar.
> > the recently unearthed Mapusaurus roseae was as large as a T-Rex and may have hunted in packs> > > >
[...] > >
the prehistoric equivalent of a pack of wolves cornering a bison" > >
Yikes - where's this fossilized bison that's 10x as big as a T. Rex?
Never mind that. T-Rex hunted in packs? Where's the pack big enough to hold a T-Rex and one of these megabiso- oh, never mind, I see the pack.
> It is absolutely not refutable that change is occuring. What is refuta ble is whether or not it is because of a natural cycle, or because of man-made change. > >But the thing is, it does not matter what the cause is. If the cycle continues it will certainly, without a doubt, lead to the death of us as a civilization, whether we were the cause or not. > >Hence the concern. It doesn't matter if we are the root cause or not, we're the only species on the planet with the capability to reduce and possibly reverse the cycle.
Boy, am I glad you weren't gloabl emperor in the 70s when "it was absolutely not refutable" that the problem was global cooling, and not warming.
That's the indelicate way of saying that it bloody well does matter what the cause is, because unless you understand the cause, you're likely to apply the wrong solution, because the correct solution to "natural" global cooling in the 70s would have been to ignite every coal seam on fire in order to dump as much CO2 into the atmosphere as possible to keep things warm.
> They want to prosecute child porn offenders? Fine. Put it in the text of the law. Retain the data, but make it unusable in court except for child porn cases.
Nice in theory. Government doesn't work that way in practice.
Whenever a controversial law is proposed, and its supporters,
when confronted with an egregious abuse it would permit, use a
phrase along the lines of 'Perhaps in theory, but the law would
never be applied in that way' - they're lying. They intend to
use the law that way as early and as often as possible.
>... is the need for a license to run a mail server in a personal environment. Don't most ISPs in the western world have similar government imposed retention and intrusion legislation that they have to abide by? I see old emails delivered to courts from ISPs on a regular basis in the press US and European press. > >
Maybe somebody could clarify US and UK law for me.
UK: Alpha test site. It's a "Voluntary Code of Practice on Data Retention", for values of "voluntary" approaching the sort of statements like "the income tax system relies on voluntary compliance".
China: Beta test site. The Cisco router controversy, the Google censorship controversy, the Yahoo/journalist controversy -- notice how all the toys get tried out in China first? And now, 2-month mandatory storage, and keyword filtering (based, presumably, on Bayesian guesstimates of email subject matter), on topics like "network security" or "information security". If Google can figure out what you're talking about for gmail.com, imagine what governments can do.
USSA: Production site. Data retention is indefinite. ISP never has to lift a finger or pay a dime. No Such Agency exists that would ever do such a thing, but if it did, it would probably measure its computing and storage power in acres, rather than yottabytes.
> So I decided to create my own guild, which would be GLBT friendly.' Sometimes singing, other times slogging her way through WOW's exacting echelons to a formidable level 60, Andrews had big endgame plans for her developing guild--until January 12, 2006, that is, when a note from publisher Blizzard blinkered everything."
Sometimes singing? Andrews? Her?
"Stop that! Stop that! You're not going into a song while I'm here. Now listen, lass. In twenty levels, you're getting married to a girl whose Tauren father pwns the biggest tracts of open land in all of Kalimdor!"
> more than a dozen users reported that Boot Camp successfully partitioned their hard drive and allowed them to install a working version of Windows, but then would no longer allow them to switch back.
> Bundled in with this patch is a change to the behaviour of embedded controls in IE6 on Windows XP, due to the Eolas patent issue. This means that things like Flash navigation or Java widgets might not work without being clicked first to activate. TechWeb have a good article with a summary of the changes, along with some links elswhere. > >This won't affect IE6 on Windows 2000, and it's worth noting that things like Flash will work just fine in Firefox, Mozilla or Opera on Windows too.
So for the first time in history, IE's more secure out of the box than Firefox and Opera?
"Microsoft: Where information security is the 521,000,001st priority."
> Imagine a color flag. Its encrypted by an organization. When that flag arrives in the email, your user agent puts up a color flag or icon or whatever, big enough to be noticed, next to the email.
Imagine a compromised machine. When the user runs the email client and a (legitimate) "special" Subject: line has been fetched recently, the rootkit takes a screen grab and crops out the pixels where the flag is supposed to be (we go the extra mile because the user might have selected the color of the flag as part of a two-factor authentication scheme).
If, on the other hand, the rootkit recognizes the client has fetched a (phishy) "special" Subject: recently, the rootkit doesn't take a screen grab where a flag's supposed to be - it displays the previously-snagged flag.
Heck, if you're gonna write a man-in-the-middle attack like this, why not go the rest of the way -- and instead of mucking about with screen grabs and looking at recent SMTP traffic, just include a proxy server with the rootkit:)
> Only if all of the banks and credit card companies use it, only if it is sufficiently standardized, and only if users are smart enough to notice that the message isn't "verified".
> >
The problem is, if most of the users were smart enough to realize that, we wouldn't have phishing because people wouldn't fall for it in the first place. I mean, it isn't exactly hard for users to realize that http://666.43.123.666/bankofamerica/mylogin.php isn't a valid BOA website. If they can't figure that out, why do you think this will be any different?
Exactly. This email is (img src=http://myphishingsite.com/yourbank/verified.gi f)Verified!(/img).
And if you require any sort of verification that's stronger than a.gif, well, it's going to involve the email client executing something with the form of (script language = "exploit.js")
And if you go to two-factor authentication (like Bank of America did with "Sitekey"), you'll just further inconvenience the users on secure systems.
My box: lives behind NAT, and my web browser drops cookies after every session. User experience? Go to bank site, enter ID/pass. Because the cookie no longer exists, it doesn't "recognize" my box. So I have to enter a challenge question (one of 3 variations of "What's your mother's middle name", which means I have to remember three more passwords), and then enter my regular password a second time. I know I'm not being phished, because I see my "SiteKey" challenge image - but if I had been phished, I'd have already given up the keys to the kingdom.
Some Insecure Luser's Box: Is already compromised and is running any one of a zillion keyloggers. Cookie is present, so luser is prompted only for ID, not ID/pass. Luser enters ID, which is picked up by keylogger. Luser is shown their "SiteKey" challenge image - but the author of the keylogger doesn't give a rat's ass if it's correct or not. He logs the password. Luser is pwn3d.
The weakest link in this case isn't the end user, so much as it's the dumbfuck management at BofA who got sold a gallon of snake oil
> The 10-gram microflyer, being developed by a team of researchers lead by Dario Floreano at the Swiss Federal Institute of Technology in Lausanne, has a 36-centimeter (14-inch) wingspan. But it could one day be shrunk to insect size and used for search and rescue.
Hmm. "Search and rescue". Silly Swiss, neutral, impregnably-defended, makers of great chocolate, but they can't even spell "surveillance" right on a grant application! Sheesh.
Slashdot Mirror
OK, so it was only three weeks before 9/11. And it was some other country. But you have to give him credit for achieving his policy objective, not only in his own country, but in his opponent's country too.
> No platform, price, or release date was announced for the game.
Yeah, that's about as open-ended as it gets.
June 2003: Nuala O'Connor Kelly, (former Chief "Privacy" Officer of Doubleclick) appointed to be Chief "Privacy" officer for HomeSec.
February 2005: D. Reed Freeman, (former Gator/Claria Chief "Privacy" Officer) sitting on HomeSec's Data "Privacy" and "Integrity" Advisory Committee.
Maybe we should be thankful. Based on precedent, the BSA guy should be put in charge of the Copyright office, or perhaps hired by NSA to... adjust its priorities when it comes to what sort of traffic is worthy of further investigation.
April 2006: Department of Commerce, undersecretary for technology: Robert Cresanti, former VP of public policy at the Business Software Alliance (BSA).
Now we have a guy who "recalls being unable to tell the good guys from the bad as both armed soldiers and civilians alike would order his family out of their car to search it", and who says one of his best qualifications for the job includes "first-hand brushes with totalitarianism" in charge of Civil Liberties instead.
"Good? Bad? I'm the guy with the gun."
- Ash, Army of Darkness (1993)
Anyways, freedom's overrated these days. You know what they do to people in those freedom camps? (Yeah, neither do I, and I'd like to keep it that way!)
There's still time to appoint Jeff Bezos to run USPTO! (I've got a $10 bet riding on it, so please, write your Congressmen today! :)
Well sure, but liberation.google.com is still just at the invite-only beta stage.
Contestant: I'll take "Hole Truth" for $100, Alex.
Trebek: OpenSSH, Falwell, OpenDRM
Contestant: What are plugged, ass, and analog?
Trebek: Congratulations, all are examples of different types of holes!
This message encrypted with rotsqrt(-1).
"Ground Beef a L'amerique".
Ingredients:
1 Terrorist.
1 RFID reader.
1 Pringles can.
1 Blasting cap.
1 Pound of boom-boom stuff.
Assemble recipe. Bake in broad daylight on side of road until American tour bus comes by.
Oh yeah?
{ } . ! /
& ; ^ # -
< > @ \
{ } _ SYSTEM HALTED
Left titty, right titty, dot bang slash.
Ampersand semicolon, caret pound dash.
Less than greater than, at back slash,
left titty, right titty, under score crash.
* # ! ! (
~ & | )
' " . . DEL
# ^G ! ! working... done.
Star pound bang bang, open-paren.
Tilde and pipe, close-paren.
One quote, two quote, dot dot delete,
pound bell, bang bang, process complete.
- Doktor Dynasoar posting some ASCII poetry, and the thread also includes the immortal Hatless Atlas, which I'm not even going to fantasize about getting past the filters.
If a $900M bill from the IRS doesn't count as getting fucked, I don't know what does.
>
>Anyone aware of "next-generation [stuff]" that was born inside a huge corp and not in a startup? May be it just because in huge corps info is far more likely to leak, than in small startup, but anyway I never expect something "too cool" from big corps: they are too deep inside their bureaucracy and other sh** to innovate.
This latest gambit is amusing - either scare the competition into premature releases of tech (and make 'em burn through their venture capital early), or scare the venture capitalists into not investing in startups in the first place (because Microsoft is already doing the Next Big Thing).
Vietnam War: Anyone who runs is a VC. Kill 'em. Anyone who stands still is a well-disciplined VC. Kill them too.
Software Wars: Anyone who releases - runs out of VC. Burn 'em out. Anyone who doesn't release - doesn't get VC. Starve 'em out. Either way, you get to buy their tech for pennies on the dollar.
> > [...]
> > the prehistoric equivalent of a pack of wolves cornering a bison"
>
> Yikes - where's this fossilized bison that's 10x as big as a T. Rex?
Never mind that. T-Rex hunted in packs? Where's the pack big enough to hold a T-Rex and one of these megabiso- oh, never mind, I see the pack.
(It's the one Chuck Norris is wearing.)
>
>But the thing is, it does not matter what the cause is. If the cycle continues it will certainly, without a doubt, lead to the death of us as a civilization, whether we were the cause or not.
>
>Hence the concern. It doesn't matter if we are the root cause or not, we're the only species on the planet with the capability to reduce and possibly reverse the cycle.
Boy, am I glad you weren't gloabl emperor in the 70s when "it was absolutely not refutable" that the problem was global cooling, and not warming.
That's the indelicate way of saying that it bloody well does matter what the cause is, because unless you understand the cause, you're likely to apply the wrong solution, because the correct solution to "natural" global cooling in the 70s would have been to ignite every coal seam on fire in order to dump as much CO2 into the atmosphere as possible to keep things warm.
Please purchase a subscription to access the content.
>
> No wait... I meant CHINA!
In Soviet Russia, citizens delete emails!
Nice in theory. Government doesn't work that way in practice.
>
> Maybe somebody could clarify US and UK law for me.
UK: Alpha test site. It's a "Voluntary Code of Practice on Data Retention", for values of "voluntary" approaching the sort of statements like "the income tax system relies on voluntary compliance".
China: Beta test site. The Cisco router controversy, the Google censorship controversy, the Yahoo/journalist controversy -- notice how all the toys get tried out in China first? And now, 2-month mandatory storage, and keyword filtering (based, presumably, on Bayesian guesstimates of email subject matter), on topics like "network security" or "information security". If Google can figure out what you're talking about for gmail.com, imagine what governments can do.
USSA: Production site. Data retention is indefinite. ISP never has to lift a finger or pay a dime. No Such Agency exists that would ever do such a thing, but if it did, it would probably measure its computing and storage power in acres, rather than yottabytes.
Welcome to Slashdot!
Sometimes singing? Andrews? Her?
"Stop that! Stop that! You're not going into a song while I'm here. Now listen, lass. In twenty levels, you're getting married to a girl whose Tauren father pwns the biggest tracts of open land in all of Kalimdor!"
It overwrote my MBR. It was a really good MBR.
Switch.
"The fourth missing link is..."
In California, CalTech had to go to Soviet Russia, only to be stolen by what was once their own cannon?
"...what a canonical meme!"
- Slashdov Smirnov
>
>This won't affect IE6 on Windows 2000, and it's worth noting that things like Flash will work just fine in Firefox, Mozilla or Opera on Windows too.
So for the first time in history, IE's more secure out of the box than Firefox and Opera?
"Microsoft: Where information security is the 521,000,001st priority."
Imagine a compromised machine. When the user runs the email client and a (legitimate) "special" Subject: line has been fetched recently, the rootkit takes a screen grab and crops out the pixels where the flag is supposed to be (we go the extra mile because the user might have selected the color of the flag as part of a two-factor authentication scheme).
If, on the other hand, the rootkit recognizes the client has fetched a (phishy) "special" Subject: recently, the rootkit doesn't take a screen grab where a flag's supposed to be - it displays the previously-snagged flag.
Heck, if you're gonna write a man-in-the-middle attack like this, why not go the rest of the way -- and instead of mucking about with screen grabs and looking at recent SMTP traffic, just include a proxy server with the rootkit :)
>
> The problem is, if most of the users were smart enough to realize that, we wouldn't have phishing because people wouldn't fall for it in the first place. I mean, it isn't exactly hard for users to realize that http://666.43.123.666/bankofamerica/mylogin.php isn't a valid BOA website. If they can't figure that out, why do you think this will be any different?
Exactly. This email is (img src=http://myphishingsite.com/yourbank/verified.gi f)Verified!(/img).
And if you require any sort of verification that's stronger than a .gif, well, it's going to involve the email client executing something with the form of (script language = "exploit.js")
And if you go to two-factor authentication (like Bank of America did with "Sitekey"), you'll just further inconvenience the users on secure systems.
My box: lives behind NAT, and my web browser drops cookies after every session. User experience? Go to bank site, enter ID/pass. Because the cookie no longer exists, it doesn't "recognize" my box. So I have to enter a challenge question (one of 3 variations of "What's your mother's middle name", which means I have to remember three more passwords), and then enter my regular password a second time. I know I'm not being phished, because I see my "SiteKey" challenge image - but if I had been phished, I'd have already given up the keys to the kingdom.
Some Insecure Luser's Box: Is already compromised and is running any one of a zillion keyloggers. Cookie is present, so luser is prompted only for ID, not ID/pass. Luser enters ID, which is picked up by keylogger. Luser is shown their "SiteKey" challenge image - but the author of the keylogger doesn't give a rat's ass if it's correct or not. He logs the password. Luser is pwn3d.
The weakest link in this case isn't the end user, so much as it's the dumbfuck management at BofA who got sold a gallon of snake oil
Hmm. "Search and rescue". Silly Swiss, neutral, impregnably-defended, makers of great chocolate, but they can't even spell "surveillance" right on a grant application! Sheesh.