Who says the people grabbing the card numbers are the ones who eventually use them? The guys controlling the virus probably just sell them en masse to someone else.
What's your point? They're still criminals. Arresting either the people who write the trojan, or the people controlling the trojan, or the people
using the credit card numbers is still better than doing nothing.
So honest question for all you rocket scientists out there: Why are heaters needed? Which parts of
the spacecraft (electronics?) need to be above a certain temperature to operate? Is it possible to
let the lander "freeze" and then revive it, or if not what components are sensitive to this?
A better check is hash and file size, since it is more difficult for two files of the same size to have the same hash by chance. Especially using compression due to images or videos of the same dimensions reducing to different sizes.
This isn't much good either, since most JPEG decompressors will ignore stuff appended to the file.
A better check is to do some sort of fuzzy matching on the actual image. I guess the reason that
law enforcement don't do this is because it's slower than doing "find / -type f | xargs md5sum | grep <badchecksums>".
Well, you compare two quite different things (throughput & latency), but I'll bite: You should be able to do 10-100,000 messages per second with Red Hat MRG. If you can't, then
there's something wrong with your set up.
Remember that AMQP was initially designed and written by JP Morgan to replace their existing
proprietary infrastructure (IBM MQSeries-based IIRC). JP Morgan understand the
performance concerns.
I've got an enta.net account through UKFSN which
is also truly unlimited. For the really unlimited part of this service, I pay
extra - £30 / month - which is approximately twice what most users would pay for
their limited service.
The ASA are an industry body. They pretend to be independent of the
advertisers, but are completely funded by them. (The whole arrangement
is rather odd, as you can see from here).
Anyhow, don't expect the ASA to make any
major industry-defying decisions any time
soon.
Meanwhile I'm on a really unlimited tariff through UKFSN / enta.net, whom
I wholeheartedly endorse. Of course
I pay a bit more for this - £30/month which is approximately double what most
people are paying. But I can grab as much data as I like and they don't throttle
it at all. I've proven this fact on many occasions.
unlimited just dosen't exist here as companys have to bring all the data across from the us etc for the most part.
I wonder if what they are saying is true, or just an excuse. Providers such as Google (ie. YouTube)
don't generally ship everything from a single location in California. They have massive
colocated facilities around the world, so most of your YouTube videos and much other content
will be coming from Australia.
If you are a development shop, then if OSS creeps into your product (due to a careless (and thoughtless) developer copy-pasting code, for instance) then the legal ramifications may be grave.
Why do you think this problem is unique to OSS? What if one of your developers has access to a Microsoft
source license and starts copying and pasting code from there. Do you think the "legal ramifications"
of that action would be more or less serious?
Compared to using an LGPL library, this could leave you open to huge liabilities.
If you don't control what your developers are up to, and have frequent, in-depth code reviews, then
you're asking for trouble, OSS or not.
Yes but remember, the west is doing it in the name of "protecting freedom and fighting terror," whereas the Chinese are doing it in the name of suppressing their citizens.
The Chinese government promotes it as part of a policy called "Harmonious Society", the idea I suppose
being that no one should rock the boat. If you're cynical you might say that this means no one
should overthrow incumbent leaders or power structures.
They don't say they forgot because there's usually other evidence that they know the key.
For example, timestamps on the encrypted file, unencrypted corroborating data in a swapfile, or evidence
that the machine was switched on at some recent point in time.
By the way, everyone gets it wrong, but RIPA does not require that you reveal your key. It
requires that you make the data available in "intelligible form". You can read the details
here.
I really do hope this drives people to make encryption ubiquitous. All of the egregious US programs have failed to make the public use crypto, but this seems to be well publicized enough that it might make a large chunk of people install and use good crypto.
The problem is that we fucked this up in the early 90s. HTTPS is a non-starter -- it's far too hard to set up, requires that you pay for each encrypted site,
needs a separate IP for each site (so doesn't work with shared hosting), and requires the user to do something special and non-intuitive to visit the encrypted site.
Moreover it's not the default for web servers, even though most web servers nowadays are free software written by and for the technocratic elite.
I won't even start on the problem of email - it took me (a serious techie) half a day to set up encryption for my email, and after one year was up
I let it lapse because I don't think I'd sent a single encrypted email in that time, and it was going to take another hour or two to renew the certificate.
This story rings true. I worked for a company during the dot-com
boom and just after which requested an allocation from
RIPE (the European equivalent of
ARIN). I was the designated & trained "LIR" (I think that was
the term?).
We received 8,192 IP addresses. We actually had them authorized to us
in blocks of 256 addresses, and each time we needed another 256 we had
to go back to RIPE and justify the expansion. However it is my understanding that the full 8,192
addresses were reserved for us.
We ended up using 3 x 256 addresses, but after a later downturn in the fortunes of
the company, even many of those went unused.
I left the company many many years ago. However I notice the company that acquired
it is still using those 3 x 256 addresses, and the original 8,192 are still
reserved at RIPE. The IP addresses are even registered to the name of a director
who was ousted when the company was taken over, at a street address that the company hasn't occupied
for many years.
Yes the article is FUD... My provider uses BT ADSL and also supplies IPv6 if you ask for it.
The fact is that BT ADSL just supplies a pipe to the ISP (implemented originally using Frame Relay but
with the 21CN project as a tunnel over IP) and it's up to the ISP to implement IPv4, IPv6, Chaosnet, carrier pigeon or whatever they want.
You should probably tell that to the astronauts who circled the moon in the Apollo command module...
Or any of the scientists involved with the orbiters on this page.
Well you can certainly say that, but you're talking nonsense. Perl is a powerful
functional language which just does some stuff extremely elegantly. I normally
program in OCaml but go back to Perl from time to time, and in fact today I
realized how amazingly easy it is to write a command line program with integrated
help and manual page, all in a single script. No other language does it that
well.
can prevent ISPs from placing their own adverts into webpages.
Exactly - this is what Google is interested in. If ISPs start replacing Google adverts in web pages with their
own (or worse, the AdWords adverts in Google search results), then Google will lose huge amounts of
revenue.
Luckily, but only by chance, Google's self-interest in this case is aligned with ours.
I'm still not sure I understand why naked short selling is so bad. Perhaps a mild case of plain fraud.
To put it in car analogy terms, let's say I'm a BMW dealership. You walk in and want to buy a particular
model of BMW. I don't have it in the showroom right now, but I'm confident I can get it in two weeks, so I
take your money.
Two weeks comes around and I haven't been able to source the particular model you wanted.
Now I can give you the money back, and say, sorry, but it didn't work out. And that seems fair
enough to me -- a bit unfortunate for you because you didn't get your car, but as long as I
was looking for it, it's not fraud. If I really didn't ever intend to source the model you wanted,
then it's more like fraud. If I did it to a lot of people, word would get around.
Still, at no point in this did you think you owned a BMW. You might have said you had one
on order, and been very excited about that, but if your friend had said "oh you own a BMW, let me
see it", then it's plain there isn't one sitting in your garage.
Slashdot Mirror
Yet another reason why Firefox's stupid warnings on self-signed certificates are wrong.
Another reason why HTTPS is a stupid standard.
We need viable encryption of all traffic, now.
Rich.
Who says the people grabbing the card numbers are the ones who eventually use them? The guys controlling the virus probably just sell them en masse to someone else.
What's your point? They're still criminals. Arresting either the people who write the trojan, or the people controlling the trojan, or the people using the credit card numbers is still better than doing nothing.
Rich.
So honest question for all you rocket scientists out there: Why are heaters needed? Which parts of the spacecraft (electronics?) need to be above a certain temperature to operate? Is it possible to let the lander "freeze" and then revive it, or if not what components are sensitive to this?
Rich.
A better check is hash and file size, since it is more difficult for two files of the same size to have the same hash by chance. Especially using compression due to images or videos of the same dimensions reducing to different sizes.
This isn't much good either, since most JPEG decompressors will ignore stuff appended to the file. A better check is to do some sort of fuzzy matching on the actual image. I guess the reason that law enforcement don't do this is because it's slower than doing "find / -type f | xargs md5sum | grep <badchecksums>".
Rich.
Well, you compare two quite different things (throughput & latency), but I'll bite: You should be able to do 10-100,000 messages per second with Red Hat MRG. If you can't, then there's something wrong with your set up.
Remember that AMQP was initially designed and written by JP Morgan to replace their existing proprietary infrastructure (IBM MQSeries-based IIRC). JP Morgan understand the performance concerns.
Rich.
Checking cars/people at the border helps a bit, but the good operations have a tunnel under the border.
So what? Just because you've got prohibition in your country doesn't make it right.
I've got an enta.net account through UKFSN which is also truly unlimited. For the really unlimited part of this service, I pay extra - £30 / month - which is approximately twice what most users would pay for their limited service.
Also UKFSN donate some of their profits to free software projects, which is nice.
Rich.
Double Standards anyone?
The ASA are an industry body. They pretend to be independent of the advertisers, but are completely funded by them. (The whole arrangement is rather odd, as you can see from here).
Anyhow, don't expect the ASA to make any major industry-defying decisions any time soon.
Meanwhile I'm on a really unlimited tariff through UKFSN / enta.net, whom I wholeheartedly endorse. Of course I pay a bit more for this - £30/month which is approximately double what most people are paying. But I can grab as much data as I like and they don't throttle it at all. I've proven this fact on many occasions.
Rich.
For those of us who see a 6-12 hour difference in the number of daylight hours it can make a real difference.
Wow, I didn't know that changing the clocks would actually affect the rotation of the earth.
Rich.
unlimited just dosen't exist here as companys have to bring all the data across from the us etc for the most part.
I wonder if what they are saying is true, or just an excuse. Providers such as Google (ie. YouTube) don't generally ship everything from a single location in California. They have massive colocated facilities around the world, so most of your YouTube videos and much other content will be coming from Australia.
Rich.
If you are a development shop, then if OSS creeps into your product (due to a careless (and thoughtless) developer copy-pasting code, for instance) then the legal ramifications may be grave.
Why do you think this problem is unique to OSS? What if one of your developers has access to a Microsoft source license and starts copying and pasting code from there. Do you think the "legal ramifications" of that action would be more or less serious?
Compared to using an LGPL library, this could leave you open to huge liabilities.
If you don't control what your developers are up to, and have frequent, in-depth code reviews, then you're asking for trouble, OSS or not.
Rich.
Yes but remember, the west is doing it in the name of "protecting freedom and fighting terror," whereas the Chinese are doing it in the name of suppressing their citizens.
The Chinese government promotes it as part of a policy called "Harmonious Society", the idea I suppose being that no one should rock the boat. If you're cynical you might say that this means no one should overthrow incumbent leaders or power structures.
Rich.
They don't say they forgot because there's usually other evidence that they know the key.
For example, timestamps on the encrypted file, unencrypted corroborating data in a swapfile, or evidence that the machine was switched on at some recent point in time.
By the way, everyone gets it wrong, but RIPA does not require that you reveal your key. It requires that you make the data available in "intelligible form". You can read the details here.
Rich.
I really do hope this drives people to make encryption ubiquitous. All of the egregious US programs have failed to make the public use crypto, but this seems to be well publicized enough that it might make a large chunk of people install and use good crypto.
The problem is that we fucked this up in the early 90s. HTTPS is a non-starter -- it's far too hard to set up, requires that you pay for each encrypted site, needs a separate IP for each site (so doesn't work with shared hosting), and requires the user to do something special and non-intuitive to visit the encrypted site. Moreover it's not the default for web servers, even though most web servers nowadays are free software written by and for the technocratic elite.
I won't even start on the problem of email - it took me (a serious techie) half a day to set up encryption for my email, and after one year was up I let it lapse because I don't think I'd sent a single encrypted email in that time, and it was going to take another hour or two to renew the certificate.
We screwed this one up I'm afraid.
Rich.
Ah who cares ... 212.57.32.0 - 212.57.63.255.
Rich.
This story rings true. I worked for a company during the dot-com boom and just after which requested an allocation from RIPE (the European equivalent of ARIN). I was the designated & trained "LIR" (I think that was the term?).
We received 8,192 IP addresses. We actually had them authorized to us in blocks of 256 addresses, and each time we needed another 256 we had to go back to RIPE and justify the expansion. However it is my understanding that the full 8,192 addresses were reserved for us.
We ended up using 3 x 256 addresses, but after a later downturn in the fortunes of the company, even many of those went unused.
I left the company many many years ago. However I notice the company that acquired it is still using those 3 x 256 addresses, and the original 8,192 are still reserved at RIPE. The IP addresses are even registered to the name of a director who was ousted when the company was taken over, at a street address that the company hasn't occupied for many years.
Rich.
Right. People ride trains at train speeds. And riding in planes are done at plane speeds. It's all totally different, see?
You should try the trains in Britain - you're lucky if they get past walking speed. (At least it wouldn't trigger this idiotic phone-block system ...)
Rich.
Yeah, like my parents, or just about anyone who isn't an internet engineer.
Sorry, but NAT/firewall is convenient for them and effortless to set up.
Before you say, I use IPv6 for some stuff at home and I was an internet engineer.
Rich.
Yes the article is FUD ... My provider uses BT ADSL and also supplies IPv6 if you ask for it.
The fact is that BT ADSL just supplies a pipe to the ISP (implemented originally using Frame Relay but with the 21CN project as a tunnel over IP) and it's up to the ISP to implement IPv4, IPv6, Chaosnet, carrier pigeon or whatever they want.
Rich.
You should probably tell that to the astronauts who circled the moon in the Apollo command module ...
Or any of the scientists involved with the orbiters on this page.
Rich.
Perl is the Basic of the nineties
Well you can certainly say that, but you're talking nonsense. Perl is a powerful functional language which just does some stuff extremely elegantly. I normally program in OCaml but go back to Perl from time to time, and in fact today I realized how amazingly easy it is to write a command line program with integrated help and manual page, all in a single script. No other language does it that well.
Rich.
The person who wrote Obfuscated TCP works for Google.
Rich.
can prevent ISPs from placing their own adverts into webpages.
Exactly - this is what Google is interested in. If ISPs start replacing Google adverts in web pages with their own (or worse, the AdWords adverts in Google search results), then Google will lose huge amounts of revenue. Luckily, but only by chance, Google's self-interest in this case is aligned with ours.
Rich.
I'm still not sure I understand why naked short selling is so bad. Perhaps a mild case of plain fraud.
To put it in car analogy terms, let's say I'm a BMW dealership. You walk in and want to buy a particular model of BMW. I don't have it in the showroom right now, but I'm confident I can get it in two weeks, so I take your money.
Two weeks comes around and I haven't been able to source the particular model you wanted.
Now I can give you the money back, and say, sorry, but it didn't work out. And that seems fair enough to me -- a bit unfortunate for you because you didn't get your car, but as long as I was looking for it, it's not fraud. If I really didn't ever intend to source the model you wanted, then it's more like fraud. If I did it to a lot of people, word would get around.
Still, at no point in this did you think you owned a BMW. You might have said you had one on order, and been very excited about that, but if your friend had said "oh you own a BMW, let me see it", then it's plain there isn't one sitting in your garage.
(Enough of car analogies ...)
Sadly your friend is another victim of the war on drugs.
I wonder what would have happened in the equivalent case where he'd been an alcoholic or a tobacco/coffee addict.
Rich.