No, I got it, I was just chiming in chorus with the other folks that were saying, "this tool does not need to be run as root. why does it have such a large attack surface? it's very expensive and widely deployed so why is it that it's always been such crap"
I don't run cpanel myself (I understand it's quite expensive to license) but I have been a customer of cpanel hosts before, I totally get it, it's meant to limit your access while providing you with administrative capabilities that are above the bare minimum access given to public consumers of the services on your server instance. So is LXC, and so is chroot, and for a long time they had expensive holes too that could result in not just privilege escalation, but total system compromise, if they (or their children processes) were exploited, like many other tools that are meant to limit your access and provide access limitations.
Cpanel is meant to give the appearance of root (sometimes even a root shell) without allowing total system compromise. See what I did there?
I was actually fishing for someone to possibly mention another tool like docker.
and yet that's what it seems to be doing here. I heard a lot of folks say that LXC was DOA, because it didn't offer any protection against the classic "escalate chrooted root user to full system access," and I am not an expert but I'd say that has changed, you _can_ give your customers root without giving them root on the host system. Check out http://docker.io/ </shameless>
(I heard there were alternatives to docker too, but I haven't found any other than RTFM and Edit The Damn Configs And Cross Your Fingers. Docker has just entered version 0.3 release and development is moving quickly.)
'Enterprise Resource Planning' honestly doesn't say anything about what it's for or what it does, either. You're on slashdot. If you can't be arsed to goog some TLA's, you're going to have a bad time!
Think "integrated system with all of your business processes in it" like AP, AR, Payroll, Invoicing, etc. You should already know what it stands for if you are in IT.
Could probably pick a better time than 4 minutes after midnight, but I'm unlikely to be upgrading ports late at night (in a jail) at that time.
This takes 90% of the hurt out of upgrading ports. If you're not comfortable that you might want to upgrade ports around midnight, then pick a day, say Sunday, or the 30th, and make that the day. The remaining hurt is taken away by upgrading ports in each jail edging towards _more_ than once every 3 weeks, and away from _less_ than once every 3 quarters of a year.
portmaster -y --clean-distfiles
This also comes in handy, knowing that without doing it before executing portmaster -a, I'm not only going to have to answer any config questions that have changed upfront before examining the list of packages to upgrade, but I'm also going to get prompted to delete old source packages after compiling but before installing each port that has left a stale source package lying around.
That was the worst part, knowing it's going to take small bits of my attention for the whole (N minutes/hours) that are required to compile as many updates as I need, extra time spent not compiling but waiting for my approval to continue. Then I found the man page.
I would speculate that there are thousands of people who have done this type of work on most popular open systems, and some of them most certainly have dozens of machines to keep up to date.
In summary, it's not really different, you're really just moving the location of the curtain to in front, or behind... someone had to build the distribution packages up from source, and that person was not extracting tarballs by hand.
> My boss insists there's some reason to use aptitude but whenever I try to corner him, he tells me about the use case for dist-upgrade without naming dist-upgrade, and can't give other reasons.
Because, in another thread, I explained that FreeBSD pretty much _does_ make you build the packages, and to that extent GP was right, they are not the same. To compare, Debian has lots of ways that are not really different from each other for not building the packages, and you've just told me about apt-build which I did not ever hear of before, as evidence of this. I know about debian/rules, debuild, debootstrap, kernel-package, dpkg-dev, devscripts, but not apt-build. (Thanks!)
In FreeBSD, either you're installing packages from pkg, so you're getting something that's as old as the release... or you're using pkgng, which means you must have built the totality of all of your packages (at present there are no distributions of any pkgng target binaries that I know, due to risk of transmitting something naughty), or you're not using binary packages at all (other than once you've compiled them, since it can't be avoided and happens transparently, even if you do "make install" from within the/usr/ports tree, you get packages in some format)
I don't think most people on Debian are rebuilding their systems using apt-build. Then again I'm not most people. My boss insists there's some reason to use aptitude but whenever I try to corner him, he tells me about the use case for dist-upgrade without naming dist-upgrade, and can't give other reasons.
"apt-get will leave packages in held state" yeah, when there's a dependency that was not previously installed, you have to use dist-upgrade to insist that apt-get installs new packages, step that's not usually part of an upgrade.
I'm going out on a limb and guess that neither of us knew about apt-build.
No, you're wrong. The kernel is in a package and you can upgrade it via apt-get [dist-]upgrade. In FreeBSD and ilk, you have to gather up/usr/src and make buildkernel to get a new kernel. Frequently you will also want make world, which compiles the rest of the base system (think GNU toolchain, but this is definitely not GNU) that are not in packages.
You can't really boot just a kernel without any child processes to positive effect (source?), so Linux is not the "base system" -- GNU/Linux is that. In BSD, that's 'world' and ports is everything not world or kernel.
It's actually more like, but imagine apt-build out on the front of the interface. In the newest FreeBSD pkg-ng, there are no binary packages other than a few that are able to be used for bootstrapping pkg-ng, so you are compelled to build them (with portmaster or manually mucking with makefiles in/usr/ports)
There is a "non-ng" pkg tools set, classic pkg_add pkg_delete pkg_info etc that has many packages that you can download (would it be accurate to say most of ports tree? I don't think so), but they are not generally kept up-to-date outside of releases and probably security updates. You are encouraged to use portmaster or another tool to keep your packages up to date.
The difference (at least in FreeBSD) is that you can't generally have current packages without building them (but all of the atomic guarantees about installing and removing packages you've come to expect from dpkg/apt-get are still there, to my knowledge).
In Debian there is always sid, or Ubuntu (next), where you can keep up to date just by downloading binary packages. I don't know how this dragonfly package system 'dports' compares to that.
Ohh, I just wrote another great reply and destroyed it by pressing Ctrl+Arrow thinking it would bring me to the left of the text entry.
Oh well. To summarize, I think it's more important that we don't have 3) strong evidence that he was the only one in control of the drive, or that he actually knows what's on the drive and has the keys in his possession, and 4) a statement incriminating him, where he states information to the effect that there is evidence on the drive and it's incriminating.
Even when (4), if I was his defense I would continue to argue 5th amendment protection and probably refuse to release the keys ("I Can't"), since the statement could be out of context or false, the statement is not under oath, or proof of anything, and it is not enough to convict alone.
In that case only, he's probably at least in contempt of court.
If it can be shown that he has the keys, I would disagree with your opinion that he's not standing in the way. Even if there are other gatekeepers, and he can't claim sole ownership of the data on the drives (say for defensive purposes, somehow knowing that nobody else could have gained access, or that he has never granted access to help let anyone frame him up good; even as the designer of a well-known ERP system I would not take that bet) he has the power to assist.
Not knowing what's on the drives or if the key had been compromised, based on the rest of the information I would refuse to give up the keys too. What if there's child porn? (Based on the description of the file sharing program logs, I would guess they would find plenty. "I didn't put it there, but based on what you tell me I'm not gonna place any bet that it's not there. Now I'm convinced, I don't know what's on the drives.")
Yes, to say that he is standing in the way is to assume that a) he's the one who encrypted the drive, and b) that he _can_ assist. I think I get it now. Thanks!
OK. Again, after all of this discussion I'm not even sure I agree with the original argument of the judge now. Why should it be a 5th amendment defense when they're not sure you even have the keys to decrypt? I've gone back and read the decision, they have supposed that the drives' encryption tech is "of the sort" that would destroy the information inside if too many failed password attempts are made.
Yes, it would be incriminating if you provided the keys and they found damning evidence against you. Perhaps moreso than if you didn't provide keys, and they still did find them another way that didn't trace back to you. It just seems like shoehorning the 5th amendment in there. "I don't have the keys." "Give us the keys." "I don't have them, but if I did, I would plead the fifth."
NOW THEREFORE IT IS ORDERED that the government’s “Application Under the All Writs Act Requiring Jeffrey Feldman to Assist in the Execution of Previously-Issued Search Warrant” be and hereby is DENIED.
From the last paragraph of the decision, and I am not a lawyer, it sure sounds like he is standing in the way, but the judge is going to allow him to do it because of 5th amendment. They have evidence of what is on the drives, or what should be on the drives, seeing as it was logged as transferred into the mapping that the drives were found connected to, and not found on any of the unencrypted drives. But they don't have an admission that he has the keys and he maintains control over the drives.
That's pretty sloppy. It kind of sounds like the 'mistake' on someone else's computer before you call the cops, if you want it to be found, in order to get them thrown in jail for 30 years. I wonder if they really need this evidence to convict the guy, or if they will do it some other way.
There is a warrant. It's in discovery. We are beyond warrants. The court has already subpoena'ed the data, so there's no "show me your warrant" defense. The only defense that's available is "the data does not belong to me / it was never in my control." Which is a viable defense in many cases also thanks to the mechanics of public key cryptography, even if prosecution shows that you created the data, you can be under contract to destroy it once it's encrypted and submitted, if the data does not rightfully belong to you.
Maybe I'm not completely clear on the context of the article. It doesn't even seem like a 4th amendment issue when you explain it that way. More like "don't do what donny don't do" -- how can you speak if you have no mouth?
I think that in this case the condition is that the judge does not see compelling evidence that the data and keys belong to the defendant. That way he cannot be seen as obstructing discovery, since "anyone" could be the owner of that data, and there's onus on the prosecution to prove that defendant is the keeper. It's not that he's refusing to help. It's that we have no proof that he is in any position to help.
If I misread the summary and comments (haha articles) then feel free to correct me. If it was a bank ledger, you could not claim to the IRS it was confidential data protected by fifth amendment rights, and thus excluded from discovery. It's these encryption keys that you put in the way, and if you don't produce them, and there's compelling evidence that it should be in your power (or that if it's not, then you must have destroyed the keys to prevent access, at the time knowing that it was admissible evidence you were destroying), then you will be held in contempt of court.
Awesome argument. I have heard this too. Although if you do consider the use of the dog a search, it might save some property damage, assuming they find the drugs and didn't have to tear your car apart because of the dog's help (and then they don't permanently impound your car for being involved with a drug bust.)
However, I don't see how it can be beneficial for anyone to argue that the use of scent-detecting dogs is not a search, or how it can even be doubted when and if the dog does uncover something substantive in a search. And if the dog "finds" something as a false positive... they then tear your car apart, and nothing of use to the authorities (nothing incriminating anyway) is found, then...
Well, your argument holds water, but now your property's actually been destroyed, and you still got searched.
Yes, perfect. Although I am having a harder and harder time imagining a scenario where the government can realistically prove that you have something in the way of evidence, but they don't know exactly what it is (and they need your help to read it.)
I agree and I am not a lawyer, however, I can see the argument that discovery is not testimony and I think I have it laid out approximately right. I am the IRS. I am investigating you for tax fraud. It's not illegal search for me to compel your bank statements (and not just because I'm asking the bank, rather than simply asking you to incriminate yourself. If it's known that you keep a ledger of your business dealings that could contain incriminating information, that can be compelled as well. Destroying it or refusing to provide it would be obstruction.)
The argument I've heard is that, when information is at rest, it's not considered testimony for the information to be read (but some other form of discovery). Therefore if it can be shown that you're in a position to decrypt the drive, and the drive is admitted in discovery and you refuse to facilitate discovery, you are standing in the way of the discovery and can be held in contempt of court.
If it has not been shown that the drive can be decrypted with information you have, or could reasonably be expected to have (say, it can be shown by inductive reasoning that the drive contains the log of your activities), or if for example the ownership of the keys or the drive and the encrypted data is in question, it's not reasonable to compel you to decrypt it under penalty of contempt. It hasn't even been shown that it's in your power to facilitate the discovery.
You can be similarly compelled to provide paper documentation, even if it was sent through the mail. It's not testimony. It's facilitating (or obstructing) discovery.
It reads differently to me. They do not know that he can decrypt the data (he could have destroyed the passphrase, or it was destroyed when left in the hands of an automated system and he was incarcerated), and compelling him to do so would be a) demanding that he prove that he could decrypt them, a "fact" about him that is not already known to be true (and could be incriminating.)
The last sentence in the summary reads like nonsense to me and does not seem to contribute anything.
They cannot compel you to do something they don't already know that you have the ability to do, and if it turns out later that they can decrypt the drive without your help, the fact that you were able to decrypt it would be the incriminating part (apparently) as much as whatever they had actually found on the drive. Even if they know there is illicit stuff on the drive (somehow) without having decrypted it, they do not know you have control over it (unless this was proven some other way.)
It's like those cops that ask, "do you have any illegal drugs on you" -- if you show them, you waived your right to be protected from unreasonable search and seizure. They did not violate it. You did. Has your fifth amendment right been violated? They could have asked the dog, and he would tell them, but putting dogs on you without probable cause is almost certainly illegal search violation. If you are threatened with contempt if you do not decrypt the drive, even when they haven't proven that you even can, it's much the same situation.
And as a user of paid pro Google Apps I can tell you, they are impossible to get to respond on the phone or by e-mail! Especially in an outage.
I understand. "All of your users' are without service. The power is out. They're calling now." There is literally nothing you can do for me after you pick up the phone. Your time is much better spent getting the service back up for everyone affected.
But when something goes wrong with a public-facing Google Docs form and it's not fixing itself, or what else you depend on Google for that they'll need to support, I guess I'd say mediocre responsiveness and it's not just a matter of being able to get through to someone on a channel, but being able to get the message through to "that guy" who knows how to fix your exact problem. "We escalated that." Thanks, Google!
I have to admit I haven't read the article and I don't know why they want to be able to e-mail Google. Amazon must be the only internet business in Germany.
I actually did go ahead and read the article, and I got the idea, so maybe I'm slashdot's (editors') target audience more than you.
I think your proposed headline states too much. What's not clear to me from reading is, does the driver running in an Android system get usurped to make a Wayland display happen, or does the Wayland display take over as part of init such that Android is no longer the running system (other than the driver needed to bootstrap Wayland on this crappy hardware)
I don't think that "on all Android phones" fits in anywhere
I also don't think it's going to make it easier to run "any Linux distribution" on Android hardware. Lack of supporting Xorg is one of the things that makes me take Android less seriously (and at the same time, it makes it a ton more usable for me, since I spend less time figuring out drivers and command line switches, and more time pressing the button on the bottom right to switch between running apps.)
It's not exactly 'doing nothing' -- the network needs miners to operate. Nobody would know who has bitcoins without the constant efforts of the network to keep them up-to-date. So, you can have one person mining, and everybody pays him for his valuable work, or you let the network attack the mining problem together and it's more resilient, while spreading out the wealth.
The bitcoins have to come from somewhere, they have to get into peoples' hands somehow initially. Would you prefer they are all pre-mined, given to a foundation and the foundation hands them out to the traditional bankers we have already, just for standing there scanning checks, recording transactions... or as you say just 'doing nothing'?
Slashdot Mirror
No, I got it, I was just chiming in chorus with the other folks that were saying, "this tool does not need to be run as root. why does it have such a large attack surface? it's very expensive and widely deployed so why is it that it's always been such crap"
I don't run cpanel myself (I understand it's quite expensive to license) but I have been a customer of cpanel hosts before, I totally get it, it's meant to limit your access while providing you with administrative capabilities that are above the bare minimum access given to public consumers of the services on your server instance. So is LXC, and so is chroot, and for a long time they had expensive holes too that could result in not just privilege escalation, but total system compromise, if they (or their children processes) were exploited, like many other tools that are meant to limit your access and provide access limitations.
Cpanel is meant to give the appearance of root (sometimes even a root shell) without allowing total system compromise. See what I did there?
I was actually fishing for someone to possibly mention another tool like docker.
> since you clearly cannot give them root access.
and yet that's what it seems to be doing here. I heard a lot of folks say that LXC was DOA, because it didn't offer any protection against the classic "escalate chrooted root user to full system access," and I am not an expert but I'd say that has changed, you _can_ give your customers root without giving them root on the host system. Check out http://docker.io/ </shameless>
(I heard there were alternatives to docker too, but I haven't found any other than RTFM and Edit The Damn Configs And Cross Your Fingers. Docker has just entered version 0.3 release and development is moving quickly.)
'Enterprise Resource Planning' honestly doesn't say anything about what it's for or what it does, either. You're on slashdot. If you can't be arsed to goog some TLA's, you're going to have a bad time!
Think "integrated system with all of your business processes in it" like AP, AR, Payroll, Invoicing, etc. You should already know what it stands for if you are in IT.
I know that it's verbodten but I do this in my personal crontab:
4 0 * * * sudo portsnap cron update && sudo ezjail-admin update -P
Could probably pick a better time than 4 minutes after midnight, but I'm unlikely to be upgrading ports late at night (in a jail) at that time.
This takes 90% of the hurt out of upgrading ports. If you're not comfortable that you might want to upgrade ports around midnight, then pick a day, say Sunday, or the 30th, and make that the day. The remaining hurt is taken away by upgrading ports in each jail edging towards _more_ than once every 3 weeks, and away from _less_ than once every 3 quarters of a year.
portmaster -y --clean-distfiles
This also comes in handy, knowing that without doing it before executing portmaster -a, I'm not only going to have to answer any config questions that have changed upfront before examining the list of packages to upgrade, but I'm also going to get prompted to delete old source packages after compiling but before installing each port that has left a stale source package lying around.
That was the worst part, knowing it's going to take small bits of my attention for the whole (N minutes/hours) that are required to compile as many updates as I need, extra time spent not compiling but waiting for my approval to continue. Then I found the man page.
I would speculate that there are thousands of people who have done this type of work on most popular open systems, and some of them most certainly have dozens of machines to keep up to date.
In summary, it's not really different, you're really just moving the location of the curtain to in front, or behind... someone had to build the distribution packages up from source, and that person was not extracting tarballs by hand.
> My boss insists there's some reason to use aptitude but whenever I try to corner him, he tells me about the use case for dist-upgrade without naming dist-upgrade, and can't give other reasons.
Because, in another thread, I explained that FreeBSD pretty much _does_ make you build the packages, and to that extent GP was right, they are not the same. To compare, Debian has lots of ways that are not really different from each other for not building the packages, and you've just told me about apt-build which I did not ever hear of before, as evidence of this. I know about debian/rules, debuild, debootstrap, kernel-package, dpkg-dev, devscripts, but not apt-build. (Thanks!)
In FreeBSD, either you're installing packages from pkg, so you're getting something that's as old as the release... or you're using pkgng, which means you must have built the totality of all of your packages (at present there are no distributions of any pkgng target binaries that I know, due to risk of transmitting something naughty), or you're not using binary packages at all (other than once you've compiled them, since it can't be avoided and happens transparently, even if you do "make install" from within the /usr/ports tree, you get packages in some format)
I don't think most people on Debian are rebuilding their systems using apt-build. Then again I'm not most people. My boss insists there's some reason to use aptitude but whenever I try to corner him, he tells me about the use case for dist-upgrade without naming dist-upgrade, and can't give other reasons.
"apt-get will leave packages in held state"
yeah, when there's a dependency that was not previously installed, you have to use dist-upgrade to insist that apt-get installs new packages, step that's not usually part of an upgrade.
I'm going out on a limb and guess that neither of us knew about apt-build.
No, you're wrong. The kernel is in a package and you can upgrade it via apt-get [dist-]upgrade. In FreeBSD and ilk, you have to gather up /usr/src and make buildkernel to get a new kernel. Frequently you will also want make world, which compiles the rest of the base system (think GNU toolchain, but this is definitely not GNU) that are not in packages.
You can't really boot just a kernel without any child processes to positive effect (source?), so Linux is not the "base system" -- GNU/Linux is that. In BSD, that's 'world' and ports is everything not world or kernel.
It's actually more like, but imagine apt-build out on the front of the interface. In the newest FreeBSD pkg-ng, there are no binary packages other than a few that are able to be used for bootstrapping pkg-ng, so you are compelled to build them (with portmaster or manually mucking with makefiles in /usr/ports)
There is a "non-ng" pkg tools set, classic pkg_add pkg_delete pkg_info etc that has many packages that you can download (would it be accurate to say most of ports tree? I don't think so), but they are not generally kept up-to-date outside of releases and probably security updates. You are encouraged to use portmaster or another tool to keep your packages up to date.
The difference (at least in FreeBSD) is that you can't generally have current packages without building them (but all of the atomic guarantees about installing and removing packages you've come to expect from dpkg/apt-get are still there, to my knowledge).
In Debian there is always sid, or Ubuntu (next), where you can keep up to date just by downloading binary packages. I don't know how this dragonfly package system 'dports' compares to that.
Ohh, I just wrote another great reply and destroyed it by pressing Ctrl+Arrow thinking it would bring me to the left of the text entry.
Oh well. To summarize, I think it's more important that we don't have 3) strong evidence that he was the only one in control of the drive, or that he actually knows what's on the drive and has the keys in his possession, and 4) a statement incriminating him, where he states information to the effect that there is evidence on the drive and it's incriminating.
Even when (4), if I was his defense I would continue to argue 5th amendment protection and probably refuse to release the keys ("I Can't"), since the statement could be out of context or false, the statement is not under oath, or proof of anything, and it is not enough to convict alone.
In that case only, he's probably at least in contempt of court.
If it can be shown that he has the keys, I would disagree with your opinion that he's not standing in the way. Even if there are other gatekeepers, and he can't claim sole ownership of the data on the drives (say for defensive purposes, somehow knowing that nobody else could have gained access, or that he has never granted access to help let anyone frame him up good; even as the designer of a well-known ERP system I would not take that bet) he has the power to assist.
Not knowing what's on the drives or if the key had been compromised, based on the rest of the information I would refuse to give up the keys too. What if there's child porn? (Based on the description of the file sharing program logs, I would guess they would find plenty. "I didn't put it there, but based on what you tell me I'm not gonna place any bet that it's not there. Now I'm convinced, I don't know what's on the drives.")
Yes, to say that he is standing in the way is to assume that a) he's the one who encrypted the drive, and b) that he _can_ assist. I think I get it now. Thanks!
OK. Again, after all of this discussion I'm not even sure I agree with the original argument of the judge now. Why should it be a 5th amendment defense when they're not sure you even have the keys to decrypt? I've gone back and read the decision, they have supposed that the drives' encryption tech is "of the sort" that would destroy the information inside if too many failed password attempts are made.
Yes, it would be incriminating if you provided the keys and they found damning evidence against you. Perhaps moreso than if you didn't provide keys, and they still did find them another way that didn't trace back to you. It just seems like shoehorning the 5th amendment in there. "I don't have the keys." "Give us the keys." "I don't have them, but if I did, I would plead the fifth."
From the last paragraph of the decision, and I am not a lawyer, it sure sounds like he is standing in the way, but the judge is going to allow him to do it because of 5th amendment. They have evidence of what is on the drives, or what should be on the drives, seeing as it was logged as transferred into the mapping that the drives were found connected to, and not found on any of the unencrypted drives. But they don't have an admission that he has the keys and he maintains control over the drives.
That's pretty sloppy. It kind of sounds like the 'mistake' on someone else's computer before you call the cops, if you want it to be found, in order to get them thrown in jail for 30 years. I wonder if they really need this evidence to convict the guy, or if they will do it some other way.
There is a warrant. It's in discovery. We are beyond warrants. The court has already subpoena'ed the data, so there's no "show me your warrant" defense. The only defense that's available is "the data does not belong to me / it was never in my control." Which is a viable defense in many cases also thanks to the mechanics of public key cryptography, even if prosecution shows that you created the data, you can be under contract to destroy it once it's encrypted and submitted, if the data does not rightfully belong to you.
Maybe I'm not completely clear on the context of the article. It doesn't even seem like a 4th amendment issue when you explain it that way. More like "don't do what donny don't do" -- how can you speak if you have no mouth?
I think that in this case the condition is that the judge does not see compelling evidence that the data and keys belong to the defendant. That way he cannot be seen as obstructing discovery, since "anyone" could be the owner of that data, and there's onus on the prosecution to prove that defendant is the keeper. It's not that he's refusing to help. It's that we have no proof that he is in any position to help.
If I misread the summary and comments (haha articles) then feel free to correct me. If it was a bank ledger, you could not claim to the IRS it was confidential data protected by fifth amendment rights, and thus excluded from discovery. It's these encryption keys that you put in the way, and if you don't produce them, and there's compelling evidence that it should be in your power (or that if it's not, then you must have destroyed the keys to prevent access, at the time knowing that it was admissible evidence you were destroying), then you will be held in contempt of court.
Awesome argument. I have heard this too. Although if you do consider the use of the dog a search, it might save some property damage, assuming they find the drugs and didn't have to tear your car apart because of the dog's help (and then they don't permanently impound your car for being involved with a drug bust.)
However, I don't see how it can be beneficial for anyone to argue that the use of scent-detecting dogs is not a search, or how it can even be doubted when and if the dog does uncover something substantive in a search. And if the dog "finds" something as a false positive... they then tear your car apart, and nothing of use to the authorities (nothing incriminating anyway) is found, then ...
Well, your argument holds water, but now your property's actually been destroyed, and you still got searched.
Yes, perfect. Although I am having a harder and harder time imagining a scenario where the government can realistically prove that you have something in the way of evidence, but they don't know exactly what it is (and they need your help to read it.)
I agree and I am not a lawyer, however, I can see the argument that discovery is not testimony and I think I have it laid out approximately right. I am the IRS. I am investigating you for tax fraud. It's not illegal search for me to compel your bank statements (and not just because I'm asking the bank, rather than simply asking you to incriminate yourself. If it's known that you keep a ledger of your business dealings that could contain incriminating information, that can be compelled as well. Destroying it or refusing to provide it would be obstruction.)
We have to pass the bill to know what's in it...
The argument I've heard is that, when information is at rest, it's not considered testimony for the information to be read (but some other form of discovery). Therefore if it can be shown that you're in a position to decrypt the drive, and the drive is admitted in discovery and you refuse to facilitate discovery, you are standing in the way of the discovery and can be held in contempt of court.
If it has not been shown that the drive can be decrypted with information you have, or could reasonably be expected to have (say, it can be shown by inductive reasoning that the drive contains the log of your activities), or if for example the ownership of the keys or the drive and the encrypted data is in question, it's not reasonable to compel you to decrypt it under penalty of contempt. It hasn't even been shown that it's in your power to facilitate the discovery.
You can be similarly compelled to provide paper documentation, even if it was sent through the mail. It's not testimony. It's facilitating (or obstructing) discovery.
It reads differently to me. They do not know that he can decrypt the data (he could have destroyed the passphrase, or it was destroyed when left in the hands of an automated system and he was incarcerated), and compelling him to do so would be a) demanding that he prove that he could decrypt them, a "fact" about him that is not already known to be true (and could be incriminating.)
The last sentence in the summary reads like nonsense to me and does not seem to contribute anything.
They cannot compel you to do something they don't already know that you have the ability to do, and if it turns out later that they can decrypt the drive without your help, the fact that you were able to decrypt it would be the incriminating part (apparently) as much as whatever they had actually found on the drive. Even if they know there is illicit stuff on the drive (somehow) without having decrypted it, they do not know you have control over it (unless this was proven some other way.)
It's like those cops that ask, "do you have any illegal drugs on you" -- if you show them, you waived your right to be protected from unreasonable search and seizure. They did not violate it. You did. Has your fifth amendment right been violated? They could have asked the dog, and he would tell them, but putting dogs on you without probable cause is almost certainly illegal search violation. If you are threatened with contempt if you do not decrypt the drive, even when they haven't proven that you even can, it's much the same situation.
And as a user of paid pro Google Apps I can tell you, they are impossible to get to respond on the phone or by e-mail! Especially in an outage.
I understand. "All of your users' are without service. The power is out. They're calling now." There is literally nothing you can do for me after you pick up the phone. Your time is much better spent getting the service back up for everyone affected.
But when something goes wrong with a public-facing Google Docs form and it's not fixing itself, or what else you depend on Google for that they'll need to support, I guess I'd say mediocre responsiveness and it's not just a matter of being able to get through to someone on a channel, but being able to get the message through to "that guy" who knows how to fix your exact problem. "We escalated that." Thanks, Google!
I have to admit I haven't read the article and I don't know why they want to be able to e-mail Google. Amazon must be the only internet business in Germany.
You have to think fast to get the first post. I miss first posts about natalie portman and hot grits. What ever happened to hosts file challenge guy?
I actually did go ahead and read the article, and I got the idea, so maybe I'm slashdot's (editors') target audience more than you.
I think your proposed headline states too much. What's not clear to me from reading is, does the driver running in an Android system get usurped to make a Wayland display happen, or does the Wayland display take over as part of init such that Android is no longer the running system (other than the driver needed to bootstrap Wayland on this crappy hardware)
I don't think that "on all Android phones" fits in anywhere
I also don't think it's going to make it easier to run "any Linux distribution" on Android hardware. Lack of supporting Xorg is one of the things that makes me take Android less seriously (and at the same time, it makes it a ton more usable for me, since I spend less time figuring out drivers and command line switches, and more time pressing the button on the bottom right to switch between running apps.)
You could read the article.
I'm not gonna. Just sayin.
It's not exactly 'doing nothing' -- the network needs miners to operate. Nobody would know who has bitcoins without the constant efforts of the network to keep them up-to-date. So, you can have one person mining, and everybody pays him for his valuable work, or you let the network attack the mining problem together and it's more resilient, while spreading out the wealth.
The bitcoins have to come from somewhere, they have to get into peoples' hands somehow initially. Would you prefer they are all pre-mined, given to a foundation and the foundation hands them out to the traditional bankers we have already, just for standing there scanning checks, recording transactions... or as you say just 'doing nothing'?
Try it and see, will not likely cost you more than a couple dollars in lost mining revenue.