I was joking, but I can tell you, since E16 stopped being a thing that people cared about, E17 was either not viable or not ever included in any Debian Stable release. Maybe things have changed in Wheezy. I don't think so.
Now that you called me out, I call bunk on the GP's whole story though, I just checked and Debian Stable still today does not package Enlightenment 0.17x, it's only available in Jessie (testing) and Sid (unstable). MouseTheLuckyDog either tried compiling from source and missed some (important but not mandatory) dependencies, or used third-party packages that were not good enough, given his poor experience. The software is actually very good. (says the Gnome Shell user)
They always seemed to get it packaged right in Unstable, sometimes even in Testing, but for some reason that never seemed to successfully "trickle down" to a stable release. I don't know why. You can (honestly) have Enlightenment 17 even with Debian Lenny, it just requires some careful attention to the packages you provide it when compiling (or use elive, which is actually built out of Lenny/Wheezy.) Maybe they will do better in the final release of Jessie.
That says something about the concept of allowing any person to "call it" deciding when the quality of all software is good enough for a stable release once every two years, more than it says anything bad about Enlightenment developers or Debian policy. Thanatermesis (the steward of Elive) seems to get it right, but his work does not filter back into Debian Stable because they have more serious things to concern with than the proper configuration and packaging of Enlightenment, apparently.
You really are at fault here, how can you expect the Leading Edge windowmanager to have a viable release at all, for the Two Years Ago is New Enough debian stable?
When I learned to use Enlightenment, the first step was./autogen.sh
So, what you're saying is the only way to use Bitcoin anonymously is to play with the big boys, be a part of great big drug cartels who participate in coin tumblers to obfuscate the inputs and outputs of their coins, who don't submit their identity to exchanges... don't trade your coin for cash, buy a kilo of coke on sheep place and then sell the coke for cash when you need cash.
At least I think that's what you're saying?
I think it's perfectly easy to use bitcoin (and completely illegal?) to (tax-defer) income, so long as you have the stomach to weather the changes in bitcoin prices, your clients are willing to pay you in bitcoin, and they don't report you to anti money-laundering or fincen. Assume the worst, 100% of your income is in BTC and you can't find a person who will buy your coins for cash to make you liquid (in the sense where you can go to a store and buy what you need without tripping the banks IRS-audit sensors) or a store that will sell you the things you need for bitcoins...
Snap, I think if I take this idea any further I'm going to wind up on a list, or they're going to raid me and put my clients on a list, or charge me with conspiracy or something.
You obviously clicked through a few of the posts on that blog, so how did you miss the part where they're accusing people in the administration of having resumes with totally falsified information? And the Human Resources department of "taking care of it" read: promoting those accused to even higher-up positions.
Apparently the Human Resources dept have as much admitted they are aware of the falsifications and yet, they do nothing. As others have pointed out, nothing is posted other than information that was already public.
When I called Verizon customer service to see if they could send me a log of my text messages, I was informed it would cost me $50 and a letter from my lawyer to their Law Enforcement Response Team (LERT). I am glad to see that just anyone could get that information without any lawyer, $50, or even proving who they are.
Is this facility still available for paying customers of Verizon Wireless, to view their own text message history without the need for a team of lawyers?
I've just tried it on my account, it looks like it is available to the person who is paying my bill but not to myself (the Account Member gets basically no special privileges other than using the phone and viewing aggregate usage statistics to avoid going over the account limits.)
It would have been nice if Verizon had advised me of this service, rather than stonewalling me and telling me to get a lawyer
It's not a civil rights violation because it's not the government doing it to you. It's not action against any protected class (the poor are not protected).
I agree with you, but if "not convenient" leads to 90% attrition rate on your subscriber funnel (political speech, not commercial) then it negates the usefulness of the service.
They are not blocking connections to port 80 anyway, but hypothetically if they were, I disagree with your position. It's undue burden. I agree with another commenter who said they really don't want you to speak, they want you to pay them to consume the media that others publish.
OK sure. Take a random sample of 100 people on the street and see how many make it back to your webpage when you tell them to visit "spire dot net colon 9000"
Impediments such as this placed in the way of free speech are in fact prior restraint on free speech. I suppose you think it's OK to have mandatory voter IDs too?
I feel like if the founding fathers had been born when I was, they would have known that "freedom to listen" on port 80 is just as important as "freedom of speech."
What difference does it make if I'm using a home connection to promote my political ideas? The exceptions listed do nothing to benefit freedom of speech. You pay for home internet, and then they want to ding you again to serve up your ideas on Port 80. Why don't they just give you a NAT'ed address and be done with it forever.
So what? Do you think that DPR knew the difference when he sent the 150kUSD in bitcoins?? Will a jury believe that?
Conspiracy is a crime of intent. If the feds case collapses for some unfathomable reason and all they can get him on is conspiracy to commit murder, then they will have a felony charge that will stick, and he will still go to jail.
Do you know that actual commission of a given crime is not required for ordinary citizens to be convicted of "conspiracy to commit x crime"?
In fact in some cases when it's clear that you have not really committed the crime, you can still be convicted of conspiracy, and it's usually a felony to commit conspiracy to commit a felony. Lawyers convicted of conspiracy can have their bar certifications taken away; I do not know this from personal experience but I have heard it said, and lo, it sounds entirely plausible as truth.
OK, but for plenty of devices, isn't it more true that the actual amount of power delivered is more important?
For instance: I got one of these newfangled bitcoin miners that someone with a similar name to one of the company officials (this is where you get your help, I know right?) says draws about 27w on average. He says it peaks at about 35w and you should make sure your wall-wart budgets close to 40w in case of internal losses that weren't measured.
The wall-wart they send is a 13VDC-6A which is of course 78w, only I bought two and only one power cord from the batch actually works.
I found that my laptop has a power supply that provides 19V-3.42A (65w) and it works fine, anecdotal. I am not an electrician, I am just an amateur physicist who knows P=iv, and I've been advised that the devices are rated for up to 40V but to run with that high of voltage long-term may cause some harm. But 19V should be fine. I've been advised. By someone who talked to the engineer, at least. The bad wall-wart was providing an unstable 17V (I haven't opened it up because I wouldn't know what I was looking at, but I'd assume there's something wrong inside.)
So, explain yourself please, with a car analogy if you want, when I can go between 19V to 13V on some devices with no problems seemingly as long as adequate power is supplied, how can it be that any voltage is low enough for voltage drop to be a serious issue?
Because we saw suspicious girl playing with iPhone, talking to cashier all friendly and she got up 3 times, once while our cards were away, but never went to the bathroom. Realistically it's not enough to get anyone arrested (or even identify the person we saw at the time who looked suspicious)
Girlfriend believes it was a photo taken with iPhone, personally I know that Square readers are given away for free (I have one) and more likely the way it would be done, but I've never tried duplicating a card so that's the limit of our expertise.
It could have also been swiped at Walmart in Watertown, or by the people who run our apartment complex and accept rent by debit card, or by anywhere else (the remaining transactions were all weeks before the frauds) but that night at the restaurant there was a festival on outside, and it's convergence of too many things to make me believe otherwise.
I tend to believe it was at the rental office myself, because my card was not swiped and we paid together that day at the restaurant.
We are guessing that someone took a picture of the front of the card with an Iphone. Nobody has been arrested. We really don't know the answer... the card left her possession only for a minute when the cashier took it to the register. No idea how it was swiped but I would assume someone can print a card if the issuing bank and the numbers are all known.
A friend's debit card number was stolen. We narrowed down the time when it could have happened to one of two places. Both places were some time during the day Friday. The charges happened Saturday (they bought liquor, $80 of McDonalds, gas, some more drinks at a bar, probably 4-7 people packed into a car spent $600 in one night.)
She found the charges Sunday, cancelled the card within 1 hour.
One of the keys that was compromised was a Chinese key. BlueBox Scanner told me that my device was vulnerable to that key until just 1 week ago, when KatKiss patched the second bug. Presumably these roms are equipped to allow some Chinese authority alternatively to Google Play store. I didn't read the advisory, but BlueBox tells me I'm protected now (from a whole 2 security advisories. Don't I just feel safer already?)
I'm reading every month about some new vulnerability that enables hackers to get your WPA keys in cleartext with some kind of rainbow tables or government/corporate database, spoof your AP, and convince your phone to join their internets (boom, MITM executed.) I think it would be a lot easier to drive by a few times a week to case the joint and prepare to get the hack ready, then just push out some bogus updates to root your phone after a few successful network privilege escalations, now they have all your saved passwords and are transmitting your GPS coordinates back to base, over the air, 24/7.
That is much easier than to "sneak into your house, gas you, and erase your memory Lacuna Inc. style" -- we're talking about real attacks that can compromise your data without your knowledge.
NSA news demonstrates that advanced persistent threats are real and they need not be discovered or be public to be effective at compromising "security systems." I appreciate what you're saying, "your data just is not that interesting" but if your target was PirateAt40 or Edward Snowden, you'd take the cheap, safe option, and not the option that involves potentially being caught breaking and entering with chloroform, a heavy wrench, and other "sophisticated hacking equipment." That is assuming you weren't just going for the full-blown Colombian Necktie.
Amazing that so many people trusted "First Pirate Savings and Trust" with 700,000 of anything, be they pennies or $17-coins or $1-coins or $12-valued or whatever. They are certainly worth more now than they were. If he started returning the money today, it's arguable that he would have made a great deal for all of his customers by forcing them to hold onto the coins for a longer amount of time until the market rate had gone sufficiently high to make it worthwhile cashing out.
"First Pirate Savings and Trust" -- a name you know, a name you can believe in.
I know I kicked myself after every single time I cashed out bitcoins and afterwords the value went up by 6x or more.
I cannot confirm that he is in custody, but I heard "they got him". Reading this article I am starting to doubt it. There is little doubt for anyone who knows the Pirate Savings and Trust (that's what it was called first) that it is a scam, a lot of people lost their money and this is almost certainly not a big stunt for Bitcoin publicity. (heh)
For people in China, it probably was, until this news!
There are two separate keys that were compromised, if I understand the output of the scanner correctly. KatKiss ROM for Transformer TF-101 has been patched for both since Version 220 or 221. I haven't tried V223b yet because it purports to change a bunch of defaults for performance reasons that I don't want to have to change back again every time I re-flash (but it's out).
Incidentally the source is not available at this time! EOS4 git repos went down when the TeamEOS broke up, I don't know for sure but http://git.teameos.org/ is a cgit with at least web reader access to help tell which repos have changes from AOSP, but they are not available for cloning. Bummer.
I am sure timduru could use some help from anyone with the source, or with a lot of patience to read the individual repo commit ids from EOS4 cgit while it's still up, and check AOSP to see if they are present somewhere in history or divergent. (I've talked to him. It's a big job. I'm sure he could use the help, just not sure how to provide it best.)
I get my OS from these guys. But yeah, I would not be downloading apps from android marketplaces in China.
Isn't the point of this vulnerability that someone who has a public wireless AP that you're using or other MITM vector (such as NSA) can update your apps and give you bad code as if it came from the real market / real app developer, and bypass the signature protections?
It would be some hella trick to prevent the original app dev from then overwriting their bad code with a fresh copy of the latest version, but then it was getting on the phone in the first place that was supposed to be difficult... I think it would be trivial to know what app your target uses, know that an update is coming down the pipe, intercept it, and push out your own malicious update in its place, as long as they stay on your network.
Would someone with more knowledge tell us? Is the connection to the market protected by SSL in a way that would stop this for non market users? Would gaining access to the developer account really be a part of this exploit? (If Google patches their server to not accept the compromised keys, does that stop the bad updates at the source?)
This seems like it could be a really neat problem to explore in more depth. Not for black-hat purposes of course, just educational.
Slashdot Mirror
I was joking, but I can tell you, since E16 stopped being a thing that people cared about, E17 was either not viable or not ever included in any Debian Stable release. Maybe things have changed in Wheezy. I don't think so.
Now that you called me out, I call bunk on the GP's whole story though, I just checked and Debian Stable still today does not package Enlightenment 0.17x, it's only available in Jessie (testing) and Sid (unstable). MouseTheLuckyDog either tried compiling from source and missed some (important but not mandatory) dependencies, or used third-party packages that were not good enough, given his poor experience. The software is actually very good. (says the Gnome Shell user)
They always seemed to get it packaged right in Unstable, sometimes even in Testing, but for some reason that never seemed to successfully "trickle down" to a stable release. I don't know why. You can (honestly) have Enlightenment 17 even with Debian Lenny, it just requires some careful attention to the packages you provide it when compiling (or use elive, which is actually built out of Lenny/Wheezy.) Maybe they will do better in the final release of Jessie.
That says something about the concept of allowing any person to "call it" deciding when the quality of all software is good enough for a stable release once every two years, more than it says anything bad about Enlightenment developers or Debian policy. Thanatermesis (the steward of Elive) seems to get it right, but his work does not filter back into Debian Stable because they have more serious things to concern with than the proper configuration and packaging of Enlightenment, apparently.
You really are at fault here, how can you expect the Leading Edge windowmanager to have a viable release at all, for the Two Years Ago is New Enough debian stable?
When I learned to use Enlightenment, the first step was ./autogen.sh
Go back to KDE :)
Why? They already have the largest actual wallet of real bitcoins in their possession. What reason would they have to undermine that?
So, what you're saying is the only way to use Bitcoin anonymously is to play with the big boys, be a part of great big drug cartels who participate in coin tumblers to obfuscate the inputs and outputs of their coins, who don't submit their identity to exchanges... don't trade your coin for cash, buy a kilo of coke on sheep place and then sell the coke for cash when you need cash.
At least I think that's what you're saying?
I think it's perfectly easy to use bitcoin (and completely illegal?) to (tax-defer) income, so long as you have the stomach to weather the changes in bitcoin prices, your clients are willing to pay you in bitcoin, and they don't report you to anti money-laundering or fincen. Assume the worst, 100% of your income is in BTC and you can't find a person who will buy your coins for cash to make you liquid (in the sense where you can go to a store and buy what you need without tripping the banks IRS-audit sensors) or a store that will sell you the things you need for bitcoins...
Snap, I think if I take this idea any further I'm going to wind up on a list, or they're going to raid me and put my clients on a list, or charge me with conspiracy or something.
You obviously clicked through a few of the posts on that blog, so how did you miss the part where they're accusing people in the administration of having resumes with totally falsified information? And the Human Resources department of "taking care of it" read: promoting those accused to even higher-up positions.
Apparently the Human Resources dept have as much admitted they are aware of the falsifications and yet, they do nothing. As others have pointed out, nothing is posted other than information that was already public.
I think I've heard this one... it ends like "the third time, make up three envelopes..."
Pretty sure I remember a joke from my Quantum professor about that, involving an easily memorable statement of the digits in Pi out to 15 digits.
Ah, yes... here it is:
How I need a drink, alcoholic of course after the heavy lectures involving quantum mechanics.
3.14159265358989
When I called Verizon customer service to see if they could send me a log of my text messages, I was informed it would cost me $50 and a letter from my lawyer to their Law Enforcement Response Team (LERT). I am glad to see that just anyone could get that information without any lawyer, $50, or even proving who they are.
Is this facility still available for paying customers of Verizon Wireless, to view their own text message history without the need for a team of lawyers?
I've just tried it on my account, it looks like it is available to the person who is paying my bill but not to myself (the Account Member gets basically no special privileges other than using the phone and viewing aggregate usage statistics to avoid going over the account limits.)
It would have been nice if Verizon had advised me of this service, rather than stonewalling me and telling me to get a lawyer
It's not a civil rights violation because it's not the government doing it to you. It's not action against any protected class (the poor are not protected).
I agree with you, but if "not convenient" leads to 90% attrition rate on your subscriber funnel (political speech, not commercial) then it negates the usefulness of the service.
They are not blocking connections to port 80 anyway, but hypothetically if they were, I disagree with your position. It's undue burden. I agree with another commenter who said they really don't want you to speak, they want you to pay them to consume the media that others publish.
OK sure. Take a random sample of 100 people on the street and see how many make it back to your webpage when you tell them to visit "spire dot net colon 9000"
Impediments such as this placed in the way of free speech are in fact prior restraint on free speech. I suppose you think it's OK to have mandatory voter IDs too?
I feel like if the founding fathers had been born when I was, they would have known that "freedom to listen" on port 80 is just as important as "freedom of speech."
What difference does it make if I'm using a home connection to promote my political ideas? The exceptions listed do nothing to benefit freedom of speech. You pay for home internet, and then they want to ding you again to serve up your ideas on Port 80. Why don't they just give you a NAT'ed address and be done with it forever.
So what? Do you think that DPR knew the difference when he sent the 150kUSD in bitcoins?? Will a jury believe that?
Conspiracy is a crime of intent. If the feds case collapses for some unfathomable reason and all they can get him on is conspiracy to commit murder, then they will have a felony charge that will stick, and he will still go to jail.
Do you know that actual commission of a given crime is not required for ordinary citizens to be convicted of "conspiracy to commit x crime"?
In fact in some cases when it's clear that you have not really committed the crime, you can still be convicted of conspiracy, and it's usually a felony to commit conspiracy to commit a felony. Lawyers convicted of conspiracy can have their bar certifications taken away; I do not know this from personal experience but I have heard it said, and lo, it sounds entirely plausible as truth.
OK, this is the winning car analogy. It's clear to me since I just gassed up my car this morning!
OK, but for plenty of devices, isn't it more true that the actual amount of power delivered is more important?
For instance: I got one of these newfangled bitcoin miners that someone with a similar name to one of the company officials (this is where you get your help, I know right?) says draws about 27w on average. He says it peaks at about 35w and you should make sure your wall-wart budgets close to 40w in case of internal losses that weren't measured.
The wall-wart they send is a 13VDC-6A which is of course 78w, only I bought two and only one power cord from the batch actually works.
I found that my laptop has a power supply that provides 19V-3.42A (65w) and it works fine, anecdotal. I am not an electrician, I am just an amateur physicist who knows P=iv, and I've been advised that the devices are rated for up to 40V but to run with that high of voltage long-term may cause some harm. But 19V should be fine. I've been advised. By someone who talked to the engineer, at least. The bad wall-wart was providing an unstable 17V (I haven't opened it up because I wouldn't know what I was looking at, but I'd assume there's something wrong inside.)
So, explain yourself please, with a car analogy if you want, when I can go between 19V to 13V on some devices with no problems seemingly as long as adequate power is supplied, how can it be that any voltage is low enough for voltage drop to be a serious issue?
Lancaster, Cheektowaga, 716 represent!
Because we saw suspicious girl playing with iPhone, talking to cashier all friendly and she got up 3 times, once while our cards were away, but never went to the bathroom. Realistically it's not enough to get anyone arrested (or even identify the person we saw at the time who looked suspicious)
Girlfriend believes it was a photo taken with iPhone, personally I know that Square readers are given away for free (I have one) and more likely the way it would be done, but I've never tried duplicating a card so that's the limit of our expertise.
It could have also been swiped at Walmart in Watertown, or by the people who run our apartment complex and accept rent by debit card, or by anywhere else (the remaining transactions were all weeks before the frauds) but that night at the restaurant there was a festival on outside, and it's convergence of too many things to make me believe otherwise.
I tend to believe it was at the rental office myself, because my card was not swiped and we paid together that day at the restaurant.
We are guessing that someone took a picture of the front of the card with an Iphone.
Nobody has been arrested. We really don't know the answer... the card left her possession only for a minute when the cashier took it to the register. No idea how it was swiped but I would assume someone can print a card if the issuing bank and the numbers are all known.
A friend's debit card number was stolen. We narrowed down the time when it could have happened to one of two places. Both places were some time during the day Friday. The charges happened Saturday (they bought liquor, $80 of McDonalds, gas, some more drinks at a bar, probably 4-7 people packed into a car spent $600 in one night.)
She found the charges Sunday, cancelled the card within 1 hour.
Worth $5 to someone? Definitely.
One of the keys that was compromised was a Chinese key. BlueBox Scanner told me that my device was vulnerable to that key until just 1 week ago, when KatKiss patched the second bug. Presumably these roms are equipped to allow some Chinese authority alternatively to Google Play store. I didn't read the advisory, but BlueBox tells me I'm protected now (from a whole 2 security advisories. Don't I just feel safer already?)
I'm reading every month about some new vulnerability that enables hackers to get your WPA keys in cleartext with some kind of rainbow tables or government/corporate database, spoof your AP, and convince your phone to join their internets (boom, MITM executed.) I think it would be a lot easier to drive by a few times a week to case the joint and prepare to get the hack ready, then just push out some bogus updates to root your phone after a few successful network privilege escalations, now they have all your saved passwords and are transmitting your GPS coordinates back to base, over the air, 24/7.
That is much easier than to "sneak into your house, gas you, and erase your memory Lacuna Inc. style" -- we're talking about real attacks that can compromise your data without your knowledge.
NSA news demonstrates that advanced persistent threats are real and they need not be discovered or be public to be effective at compromising "security systems." I appreciate what you're saying, "your data just is not that interesting" but if your target was PirateAt40 or Edward Snowden, you'd take the cheap, safe option, and not the option that involves potentially being caught breaking and entering with chloroform, a heavy wrench, and other "sophisticated hacking equipment." That is assuming you weren't just going for the full-blown Colombian Necktie.
Amazing that so many people trusted "First Pirate Savings and Trust" with 700,000 of anything, be they pennies or $17-coins or $1-coins or $12-valued or whatever. They are certainly worth more now than they were. If he started returning the money today, it's arguable that he would have made a great deal for all of his customers by forcing them to hold onto the coins for a longer amount of time until the market rate had gone sufficiently high to make it worthwhile cashing out.
"First Pirate Savings and Trust" -- a name you know, a name you can believe in.
I know I kicked myself after every single time I cashed out bitcoins and afterwords the value went up by 6x or more.
I cannot confirm that he is in custody, but I heard "they got him". Reading this article I am starting to doubt it. There is little doubt for anyone who knows the Pirate Savings and Trust (that's what it was called first) that it is a scam, a lot of people lost their money and this is almost certainly not a big stunt for Bitcoin publicity. (heh)
For people in China, it probably was, until this news!
There are two separate keys that were compromised, if I understand the output of the scanner correctly. KatKiss ROM for Transformer TF-101 has been patched for both since Version 220 or 221. I haven't tried V223b yet because it purports to change a bunch of defaults for performance reasons that I don't want to have to change back again every time I re-flash (but it's out).
Incidentally the source is not available at this time! EOS4 git repos went down when the TeamEOS broke up, I don't know for sure but http://git.teameos.org/ is a cgit with at least web reader access to help tell which repos have changes from AOSP, but they are not available for cloning. Bummer.
I am sure timduru could use some help from anyone with the source, or with a lot of patience to read the individual repo commit ids from EOS4 cgit while it's still up, and check AOSP to see if they are present somewhere in history or divergent. (I've talked to him. It's a big job. I'm sure he could use the help, just not sure how to provide it best.)
I get my OS from these guys. But yeah, I would not be downloading apps from android marketplaces in China.
Isn't the point of this vulnerability that someone who has a public wireless AP that you're using or other MITM vector (such as NSA) can update your apps and give you bad code as if it came from the real market / real app developer, and bypass the signature protections?
It would be some hella trick to prevent the original app dev from then overwriting their bad code with a fresh copy of the latest version, but then it was getting on the phone in the first place that was supposed to be difficult... I think it would be trivial to know what app your target uses, know that an update is coming down the pipe, intercept it, and push out your own malicious update in its place, as long as they stay on your network.
Would someone with more knowledge tell us? Is the connection to the market protected by SSL in a way that would stop this for non market users? Would gaining access to the developer account really be a part of this exploit? (If Google patches their server to not accept the compromised keys, does that stop the bad updates at the source?)
This seems like it could be a really neat problem to explore in more depth. Not for black-hat purposes of course, just educational.