"My GF got pissed at Comcast because when she decided she didn't need both a landline and a cell (she's on SS and rather poor), the cable price didn't go down so she just dropped Comcast"
Umm...what?
Sounds like she had the triple-play where you get TV, net, and phone for a package price... Something like $50 or $99 a month for the first year.
There are no discounts from a package price. It's a good deal even if you don't use all of it, because it is still cheaper than any two of the three services at the regular price.
If you're paying the regular monthly price for Comcast, the price does indeed go down when you drop services.
Here we go again... if a forensic image can be taken of a supposedly 'secure' drive, you're doing it wrong.
*GOOD* disk encryption will do one or more of:
1) Store the keys in an tamper-resistant system (like a TPM, the drive electronics, or both) 2) zeroize if a brute-force attempt is made or a duress code is entered. 3) provide plausible deniability, such as with Truecrypt.
Depending on how you look at it, either/or is the better option.
Option 1 makes imaging the drive useless, especially if the key is in the drive. Simply trying to read the encrypted drive might cause it to zeroize, depending on how the drive responds to forensics. A drive that self-destructed if it detected an imaging attempt while in the secure state would mean any destruction of evidence was the fault of LE and not the accused. Duress codes are tricky business. On one hand the owner of the drive KNOWS the data is gone. On the other hand, if LE can prove you erased it, you may be charged with obstruction. Depending on what you are up against, that might be better. IMHO it is better if the drive records it was erased. If the cops were to try and plant anything, you could easily prove it was put there after you erased the drive. plausible deniability, is also a slippery slope. If LE starts to believe every drive that appears clean is hiding something, people who decrypt their drives for the police (because they really do have nothing to hide) will still be treated like criminals. People might stop using encryption if cops and judges start to believe encryption=wrongdoing.
If we need some kind of darknet, we don't need to build a mesh network to get it. We can just run some sort of VPN tunnel over existing broadband. Hell, we've already got TOR.
This kind of thing is for where there is no infrastructure.
What would you rather do: tunnel your stuff over fast, reliable broadband, where no one notices (and can't read it if they can, it's encrypted) or stick a BFD on your roof that everyone can see and eavesdrop on. (You'd probably run it in the clear... WPA doesn't support Ad-Hoc, and point-to-point IPSec links kill performance)
"Beloved science fiction and fantasy writer Terry Pratchett has terminal early-onset Alzheimer's. He's determined to have the option of choosing the time and place of his death, rather than enduring the potentially horrific drawn-out death that Alzheimer's sometimes brings. But Britain bans assisted suicide, and Pratchett is campaigning to have the law changed.
THANK YOU FOR YOUR SUGGESTIONS. PLEASE UNDERSTAND HAVE A VERY BUSY SCHEDULE. I'LL GET BACK TO YOU WHEN I FIND THE TIME. BUT REST ASSURED I _WILL_ GET TO YOU.
Here's the exact quote from TFA: "This unauthorized use of our application for malicious activities like spamming/phishing infringes on Skype's intellectual property. We are taking all necessary steps to prevent/defeat nefarious attempts to subvert Skype's experience. Skype takes its users' safety and security seriously and we work tirelessly to ensure each individual has the best possible experience."
Even the PR drone is saying "unauthorized us for malicious activities"... so reverse engineering the protocol isn't the problem, it's what you do with it. And considering it seems to be a Russian effort, I'd worry too.
Ok, seriously, you can base64 encode an entire document in a URL, that URL shorteners will allow linking to something in no way resembles a valid URL, and web browsers are silly enough to render it? It's even an proposed RFC!
On a page is one thing, neat way to inline small images. But as a redirect URL? What domain is it in? Local?
If you wanted to get even more evil about it, you could have base64 encoded hello.jpg and included it directly as image/jpeg.. assuming you could get it under the 255 character string limit for URIs.
Some anti-theft radios have a code, provided with the owner's manual, that you can enter after the radio has lost standby power. Others know what vehicle they are in.
I'm fairly sure what you were trying to say is that in modern vehicles (As in Fords with the Sync system) the electronics are keyed to the VIN, which is provided by the car's computer. If you remove the radio and put it in another vehicle, it will require rekeying, which can only be performed by authorized service centers.
There are strict laws when it comes to car safety. Car manufacturers can NOT knowingly (intentional or otherwise) make it dangerous to service a car, as doing so may affect emergency personnel or the driver/passengers in breakdown situations.
I mean, if you can program a GPU to do it, great. Otherwise, you're probably better sticking with hq2/4x and using a texture map onto a flat surface to get arbitrary scaling.
So how much heat can these little guys produce metabolizing caffeine? Because if it's substantial, you could feed them coffee grounds, and use the heat to power a coffee machine...
Because for that you need apparently need alphabetical $ADJECTIVE.$ANIMAL names, and that kind of went flat with Zoot-suited Zebra in the 26th release.
First of all, don't you realize every time you make a joke about "anal probes" at the airport, you're being not-so-subtly homophobic? Same thing with prison-rape jokes. I'm about as much a fan of those jokes as I am of the acts.
Didn't you read the part where the DHS CERT (a part of US-CERT, which falls under DHS but has nothing to do with the TSA...) told NSS something like, "Um, guys, the patch Siemens released doesn't work, and there are thousands of these devices deployed all over the place, including the power plants in this here city.."
NSS decided to play it safe, they weren't forced to do anything. It's called responsible disclosure, and when Siemens gets their products fixed, it will be released.
But I know your type. You, my familial-basement-dwelling troll, assume coercion and conspiracy is how everything gets done by three-letter agencies. Ironic, considering you love to rant about how those same agencies assume everyone brown is a terrorist.
Bar none, the libertarian, open-source evangelizing, Apple/Microsoft bashing, EFF supporting types are some of the most bigoted, narrow-minded, reactionary, paranoid individuals I've ever met.
You do realize a lot of these cryptographers are borderline psychotic while they are employed by agencies such as the NSA, and eventually progress into genuine mental illness.
From TFA: "Binney, who is six feet three, is a bespectacled sixty-seven-year-old man with wisps of dark hair; he has the quiet, tense air of a preoccupied intellectual. Now retired and suffering gravely from diabetes, which has already claimed his left leg, he agreed recently to speak publicly for the first time about the Drake case."
At that age, if his diabetes is bad enough to have taken his leg, it has probably also afflicted him with dementia. The fact he is making accusations using such vague terms as "twisted" is another clue there's something not quite right upstairs.
Also TFA, it seems like the issue is that the ThinThread is so good it picks up everything of interest including data about Americans. So the NSA decided not to use it, even with filters and anonymizing controls, because those controls could always be turned off. After 9/11, they realized they desperately needed ThinThread, they started using it without any privacy controls. Computers don't discriminate, if ThinThread sees a patten it records it. That doesn't mean that data it gathers has been abused.
First of all, warrants are not needed for pen-registers and other metadata like IP addresses and email sender/recipient data. Never have been.
Second, even though FISA warrants were not always obtained like they should have been, it has been shown every time an American involved in a NSA wiretap, it was because they were communicating with a non-American person of interest. The wiretap was on the foreign national, not the American.
BitTorrent should support a "random assist" mode. Clients (even if idle) announce they want to assist. The tracker selects an active torrent randomly or based on need and returns a peer list.
The client doesn't have the.torrent, so it doesn't know what the files or piece hashes are. It simply requests peers give it random pieces, then shares the pieces it receives with anyone that needs them.
After a random amount of time the client leaves the swarm, and securely deletes the torrent and any data from it.
The reasoning behind this is that you cannot determine if anyone on an infringing torrent had any intent to infringe. It could just be their client assisting the swarm. Even if the peer downloaded every piece of the torrent, it could be their client randomly decided to assist for a long time.
A beneficial side effect of this is that all swarms will get more peers.
Anonymous might be a bunch of trolls and griefers, and would love to pwn Sony hard, but they've denied responsibility for this and wholesale identity theft just isn't their thing. They typically don't go beyond DDoSing and harassing the people they feel are responsible. They're not carders... but if they did decide to start stealing from millions of people, I hope the FBI/DoJ partyvans all of 'em.
I'm thinking the motivation for this was financial vs. ideological, and organized crime is behind it.
(1) Any app at any time including IOS updates has that information at its disposal, so iFarmville now knows where you spend most of your time and when you are not home. So maybe does any active advertisement ware and those free-but-buy-stuff games your kid is playing.
WRONG. Apps on the phone can NOT get the information in consolidated.db. They can access the location services API, which uses consolidated to assist GPS, but only if you approved them. And there is a off switch for that.
(2) Your phone is PRE-tapped as far as law enforcement is concerned. If I put a GPS anklet on you now "just in case do do something later" would you be fine with that? If I say it also "does iTunes" does it make it retroactively okay?
WRONG. LE needs a warrant for anything on your phone. And if LE wants the locations of the cell towers you've used, along with direct triangulation of your position, they can serve a warrant to your provider.
(3) I can "give you" an app and that app can now tell me how much time you spend shopping and where you shop down to the department of the store (couple meters).
Nifty. If you allowed the app to use Location Services.
(4) God save you if you get divorced or become subject to any legal fishing exiditions.
Your first example shows you have no idea how dirty politics or the legal system works. Every accusation has some basis in fact, because all politicians are kinda dirty. No one is going to try the creeper angle on evidence that flimsy. And if you tried to take that crap into a courtroom, the judge would probably throw his gavel straight at your head. Assuming that steaming pile of 'evidence' was allowed, who do you think the jury will believe as soon as your lawyer points out the Starbucks you frequent is in the same radius, and your receipts prove you were there, not to mention the WiFi hotspot at said Starbucks is the 'proof' in the location log...
As for insurance companies... they are already offering potential policy discounts for 'safe driving'. The catch? a dongle that goes on your car's OBD-II port, recording your speed, acceleration, braking, and how much you drive. You upload the data to your PC, then send it to the insurance company... now that's really being Big Brother, and you still have to opt-in.
"Android.. Android... as opposed to iPhones.. iFrogs" You're already in your parents' basement, right? Time to go to bed, little fanboy, you're getting cranky and paranoid.
What I find sad is how the ACLU is focusing on Michigan, when just about every PD with a computer forensics lab has one of these devices or similar.
Michigan police aren't downloading smartphone contents during routine traffic stops. They aren't even doing it for routine arrests. Only when a search warrant is served that includes the phone.
If you have a passcode on your iPhone, they need to seize the computer you sync it with to enable the UFED to image the phone. They're not going to get that unless they serve a warrant, and if they have that, they have your backups anyway.
Another good reason to have a passcode: Just to be safe, if you get pulled over for any reason, turn your iPhone off. Don't try to wipe it or do anything shady, just turn it off "so it won't interrupt you while you're speaking with the officer." If by some chance your vehicle is searched and the officer turns it on, it will be locked. If the phone is passcode locked, the contents of the phone are not 'in plain sight' even if the phone is.
Slashdot Mirror
"My GF got pissed at Comcast because when she decided she didn't need both a landline and a cell (she's on SS and rather poor), the cable price didn't go down so she just dropped Comcast"
Umm...what?
Sounds like she had the triple-play where you get TV, net, and phone for a package price... Something like $50 or $99 a month for the first year.
There are no discounts from a package price. It's a good deal even if you don't use all of it, because it is still cheaper than any two of the three services at the regular price.
If you're paying the regular monthly price for Comcast, the price does indeed go down when you drop services.
Here we go again... if a forensic image can be taken of a supposedly 'secure' drive, you're doing it wrong.
*GOOD* disk encryption will do one or more of:
1) Store the keys in an tamper-resistant system (like a TPM, the drive electronics, or both)
2) zeroize if a brute-force attempt is made or a duress code is entered.
3) provide plausible deniability, such as with Truecrypt.
Depending on how you look at it, either/or is the better option.
Option 1 makes imaging the drive useless, especially if the key is in the drive. Simply trying to read the encrypted drive might cause it to zeroize, depending on how the drive responds to forensics. A drive that self-destructed if it detected an imaging attempt while in the secure state would mean any destruction of evidence was the fault of LE and not the accused.
Duress codes are tricky business. On one hand the owner of the drive KNOWS the data is gone. On the other hand, if LE can prove you erased it, you may be charged with obstruction. Depending on what you are up against, that might be better. IMHO it is better if the drive records it was erased. If the cops were to try and plant anything, you could easily prove it was put there after you erased the drive.
plausible deniability, is also a slippery slope. If LE starts to believe every drive that appears clean is hiding something, people who decrypt their drives for the police (because they really do have nothing to hide) will still be treated like criminals. People might stop using encryption if cops and judges start to believe encryption=wrongdoing.
obligatory, overused misquote. Die in a fire.
Well, IMHO, the integral reflector and mount is a pretty cool, inexpensive idea.
If we need some kind of darknet, we don't need to build a mesh network to get it. We can just run some sort of VPN tunnel over existing broadband. Hell, we've already got TOR.
This kind of thing is for where there is no infrastructure.
What would you rather do: tunnel your stuff over fast, reliable broadband, where no one notices (and can't read it if they can, it's encrypted) or stick a BFD on your roof that everyone can see and eavesdrop on. (You'd probably run it in the clear... WPA doesn't support Ad-Hoc, and point-to-point IPSec links kill performance)
YHT. YHL. HAND.
"Beloved science fiction and fantasy writer Terry Pratchett has terminal early-onset Alzheimer's. He's determined to have the option of choosing the time and place of his death, rather than enduring the potentially horrific drawn-out death that Alzheimer's sometimes brings. But Britain bans assisted suicide, and Pratchett is campaigning to have the law changed.
THANK YOU FOR YOUR SUGGESTIONS. PLEASE UNDERSTAND HAVE A VERY BUSY SCHEDULE. I'LL GET BACK TO YOU WHEN I FIND THE TIME. BUT REST ASSURED I _WILL_ GET TO YOU.
Here's the exact quote from TFA: "This unauthorized use of our application for malicious activities like spamming/phishing infringes on Skype's intellectual property. We are taking all necessary steps to prevent/defeat nefarious attempts to subvert Skype's experience. Skype takes its users' safety and security seriously and we work tirelessly to ensure each individual has the best possible experience."
Even the PR drone is saying "unauthorized us for malicious activities"... so reverse engineering the protocol isn't the problem, it's what you do with it. And considering it seems to be a Russian effort, I'd worry too.
Ok, seriously, you can base64 encode an entire document in a URL, that URL shorteners will allow linking to something in no way resembles a valid URL, and web browsers are silly enough to render it? It's even an proposed RFC!
On a page is one thing, neat way to inline small images. But as a redirect URL? What domain is it in? Local?
If you wanted to get even more evil about it, you could have base64 encoded hello.jpg and included it directly as image/jpeg.. assuming you could get it under the 255 character string limit for URIs.
I'm pretty sure I see a huge, gaping hole here.
Stop spreading FUD.
Some anti-theft radios have a code, provided with the owner's manual, that you can enter after the radio has lost standby power. Others know what vehicle they are in.
I'm fairly sure what you were trying to say is that in modern vehicles (As in Fords with the Sync system) the electronics are keyed to the VIN, which is provided by the car's computer. If you remove the radio and put it in another vehicle, it will require rekeying, which can only be performed by authorized service centers.
There are strict laws when it comes to car safety. Car manufacturers can NOT knowingly (intentional or otherwise) make it dangerous to service a car, as doing so may affect emergency personnel or the driver/passengers in breakdown situations.
Not only that, MS provides free, excellent AV in the form of MS Security Essentials.
I mean, if you can program a GPU to do it, great. Otherwise, you're probably better sticking with hq2/4x and using a texture map onto a flat surface to get arbitrary scaling.
So how much heat can these little guys produce metabolizing caffeine? Because if it's substantial, you could feed them coffee grounds, and use the heat to power a coffee machine...
Because for that you need apparently need alphabetical $ADJECTIVE.$ANIMAL names, and that kind of went flat with Zoot-suited Zebra in the 26th release.
... in Python 3.0, which also bears no resemblance to 2.x.
Idiot.
First of all, don't you realize every time you make a joke about "anal probes" at the airport, you're being not-so-subtly homophobic? Same thing with prison-rape jokes. I'm about as much a fan of those jokes as I am of the acts.
Didn't you read the part where the DHS CERT (a part of US-CERT, which falls under DHS but has nothing to do with the TSA...) told NSS something like, "Um, guys, the patch Siemens released doesn't work, and there are thousands of these devices deployed all over the place, including the power plants in this here city.."
NSS decided to play it safe, they weren't forced to do anything. It's called responsible disclosure, and when Siemens gets their products fixed, it will be released.
But I know your type. You, my familial-basement-dwelling troll, assume coercion and conspiracy is how everything gets done by three-letter agencies. Ironic, considering you love to rant about how those same agencies assume everyone brown is a terrorist.
Bar none, the libertarian, open-source evangelizing, Apple/Microsoft bashing, EFF supporting types are some of the most bigoted, narrow-minded, reactionary, paranoid individuals I've ever met.
More like A Beautiful Mind
You do realize a lot of these cryptographers are borderline psychotic while they are employed by agencies such as the NSA, and eventually progress into genuine mental illness.
From TFA:
"Binney, who is six feet three, is a bespectacled sixty-seven-year-old man with wisps of dark hair; he has the quiet, tense air of a preoccupied intellectual. Now retired and suffering gravely from diabetes, which has already claimed his left leg, he agreed recently to speak publicly for the first time about the Drake case."
At that age, if his diabetes is bad enough to have taken his leg, it has probably also afflicted him with dementia. The fact he is making accusations using such vague terms as "twisted" is another clue there's something not quite right upstairs.
Also TFA, it seems like the issue is that the ThinThread is so good it picks up everything of interest including data about Americans. So the NSA decided not to use it, even with filters and anonymizing controls, because those controls could always be turned off. After 9/11, they realized they desperately needed ThinThread, they started using it without any privacy controls. Computers don't discriminate, if ThinThread sees a patten it records it. That doesn't mean that data it gathers has been abused.
First of all, warrants are not needed for pen-registers and other metadata like IP addresses and email sender/recipient data. Never have been.
Second, even though FISA warrants were not always obtained like they should have been, it has been shown every time an American involved in a NSA wiretap, it was because they were communicating with a non-American person of interest. The wiretap was on the foreign national, not the American.
BitTorrent should support a "random assist" mode. Clients (even if idle) announce they want to assist. The tracker selects an active torrent randomly or based on need and returns a peer list.
The client doesn't have the .torrent, so it doesn't know what the files or piece hashes are. It simply requests peers give it random pieces, then shares the pieces it receives with anyone that needs them.
After a random amount of time the client leaves the swarm, and securely deletes the torrent and any data from it.
The reasoning behind this is that you cannot determine if anyone on an infringing torrent had any intent to infringe. It could just be their client assisting the swarm. Even if the peer downloaded every piece of the torrent, it could be their client randomly decided to assist for a long time.
A beneficial side effect of this is that all swarms will get more peers.
I like the overlay scrollbars.
I just don't like Unity, mostly because I can't put it at the bottom of the screen.
I guess Canonical doesn't want to get sued by Apple.
log out
select your account
select "Ubuntu Classic" from the session menu at the bottom,
log back in.
Problem Solved.
Anonymous might be a bunch of trolls and griefers, and would love to pwn Sony hard, but they've denied responsibility for this and wholesale identity theft just isn't their thing. They typically don't go beyond DDoSing and harassing the people they feel are responsible. They're not carders... but if they did decide to start stealing from millions of people, I hope the FBI/DoJ partyvans all of 'em.
I'm thinking the motivation for this was financial vs. ideological, and organized crime is behind it.
(1) Any app at any time including IOS updates has that information at its disposal, so iFarmville now knows where you spend most of your time and when you are not home. So maybe does any active advertisement ware and those free-but-buy-stuff games your kid is playing.
WRONG. Apps on the phone can NOT get the information in consolidated.db. They can access the location services API, which uses consolidated to assist GPS, but only if you approved them. And there is a off switch for that.
(2) Your phone is PRE-tapped as far as law enforcement is concerned. If I put a GPS anklet on you now "just in case do do something later" would you be fine with that? If I say it also "does iTunes" does it make it retroactively okay?
WRONG. LE needs a warrant for anything on your phone. And if LE wants the locations of the cell towers you've used, along with direct triangulation of your position, they can serve a warrant to your provider.
(3) I can "give you" an app and that app can now tell me how much time you spend shopping and where you shop down to the department of the store (couple meters).
Nifty. If you allowed the app to use Location Services.
(4) God save you if you get divorced or become subject to any legal fishing exiditions.
Your first example shows you have no idea how dirty politics or the legal system works. Every accusation has some basis in fact, because all politicians are kinda dirty. No one is going to try the creeper angle on evidence that flimsy. And if you tried to take that crap into a courtroom, the judge would probably throw his gavel straight at your head. Assuming that steaming pile of 'evidence' was allowed, who do you think the jury will believe as soon as your lawyer points out the Starbucks you frequent is in the same radius, and your receipts prove you were there, not to mention the WiFi hotspot at said Starbucks is the 'proof' in the location log...
As for insurance companies... they are already offering potential policy discounts for 'safe driving'. The catch? a dongle that goes on your car's OBD-II port, recording your speed, acceleration, braking, and how much you drive. You upload the data to your PC, then send it to the insurance company... now that's really being Big Brother, and you still have to opt-in.
"Android.. Android... as opposed to iPhones.. iFrogs" You're already in your parents' basement, right? Time to go to bed, little fanboy, you're getting cranky and paranoid.
What I find sad is how the ACLU is focusing on Michigan, when just about every PD with a computer forensics lab has one of these devices or similar.
Michigan police aren't downloading smartphone contents during routine traffic stops. They aren't even doing it for routine arrests. Only when a search warrant is served that includes the phone.
If you have a passcode on your iPhone, they need to seize the computer you sync it with to enable the UFED to image the phone. They're not going to get that unless they serve a warrant, and if they have that, they have your backups anyway.
Another good reason to have a passcode: Just to be safe, if you get pulled over for any reason, turn your iPhone off. Don't try to wipe it or do anything shady, just turn it off "so it won't interrupt you while you're speaking with the officer." If by some chance your vehicle is searched and the officer turns it on, it will be locked. If the phone is passcode locked, the contents of the phone are not 'in plain sight' even if the phone is.
Your phone records the location data. Apple never sees the data. Therefore, Apple (as an entity) does not track you.
OTOH, Google does get location data w/ UDIDs from Android phones on a regular basis.
Only 45 MPH? I'd be afraid to take that out on the highway.
Take any image, resize it to 25x25, and I can tell you without a doubt if the people in it are having sex.