I realise the US has a different history than most places, but in almost any country you want to name throughout most of the 20th and now 21st centuries, showing some kind of identification on demand by the local authorities is pretty standard stuff. This is also what he is eventually charged with, because not showing your ID (when pretty much everyone carries some form of ID), is indeed suspicious, and does indeed interfere with the officers ability to do his or her job. It all depends on the situation and specifically *how* the guy is asked of course, but I don't see it as unreasonable to be able to produce ID.
The cop probably shouldn't have asked him for ID in this situation because he was already cleared of any wrong-doing at that point. Once he did ask him though, the guy should have either shown it, or claimed not to have it. By choosing instead to stand on an idealistic, technical point of law, he chose to go to jail.
You are arguing two conflicting points. First, you argue that he should have showed his ID to the cop, then you say that the cop shouldn't have asked him in the first place. Police officers are an extension of the executive branch; when they ask you to do something it's the same as the government in general asking it. If they shouldn't ask you to do something, that means they have no right to ask it. If the government has no right to ask you to do something, you don't have to comply if they ask anyway. I understand that police officers are given a lot of leeway to investigate crimes and even to choose who to prosecute, but that extends only to the point that the law allows.
Yea I know, good luck getting everyone on board. I just wish it were possible because even though I don't know who operates these Botnets if I were to find out I would absolutely LOVE to kick them in the nuts.
The obvious solution is to just direct the botnets to recognize the first Reformat Day automatically.
Why is it that all the developers seem to be able to code to a standard API - but they can't even come close to agreement on the way a program is operated? Maybe it's time to create a UI standard for Linux apps?
Probably because there are no universal UI guidelines that fit in every case, and no one knows of the "best" way to design a UI. There are almost certainly better UI models that will be found in the future, and part of open source development is trying to discover those models. Modal dialogs with "Yes, No, Cancel" may not be part of the optimal solution (it's hard to imagine them being the best for any task, really), so exploration into other representations and interaction models is a good thing.
For one thing, modal dialogs are essentially points in the program flow where the user is forced to make a decision. In many cases, the decision can be made automatically or simply removed from the program flow if the correct UI model is used. All the dialogs warning about saving documents before closing programs are probably the worst thing to happen in UIs since their creation. The proper solution is to save and version everything the user does, and never lose work (to the maximum extent possible) when the application is closed or crashes. That requires support from the filesystem and a UI design that emphasizes the versioned nature of files and data. Forcing users to "log on" and "log off" and closing all their applications and opening them up again is another genuine UI mistake that's a holdover from the days when memory was so tiny that overlays were popular and it was simply a necessity of operating a computer. There is no reason that modern operating systems should not present a persistent interface to the user. Hibernation is the closest thing to persistence that's currently available, with suspension a close second, but neither are truly persistent. They still rely on the old model of individually managing each piece of data.
I don't know, I can understand the reason, and I can summarize it like this: Christians aren't going to start murdering innocents if you make fun of them in a comic.
Do you really think Islamic extremists would stop killing people if no one published inflammatory cartoons?
Er, are you intentionally being stupid or are you just trying to raise a laugh? Accessing their website is not the same as accessing their network. And I thought that this forum was for geeks....
First of all, how can you access a networked device without accessing the network it's on? Magic? If the owner of the web server has it in their building, you have to access their network in order to access their web server. If it's colocated, you have to access the network of the colo facility. Neither access is pre-authorized unless being attached to a public network is implicit authorization for the public to connect to it. It's quite similar to having a phone number or living at a street address; nothing prevents anyone from dialing a phone number or mailing a letter to anyone they please, within reason (No DoS attacks allowed, basically). Junk mail and polling are both legal. It's silly that computer networks are treated any differently. If a network is public (which includes operating a wireless router using the publicly available radio spectrum and broadcasting SSIDs outside of the premises), then talking to that network should be just as legal as calling someone or sending them a letter. Whether they respond back or not is entirely up to them. If they have a telephone answering machine, talking to it is not illegal. Why should talking back to a wireless router be illegal?
If you were mislead by the sarcasm, too bad for you.
(a) dishonestly obtains an electronic communications service, and
(b)does so with intent to avoid payment of a charge applicable to the provision of that service,
There is no charge for using a free wireless access point.
A person is guilty of an offence if--
(a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;
He was only trying to access the public Internet, which he is implicitly authorized to use, and not any program or data held in an unauthorized computer.
As I see it, the most straightforward defense is that unsecured access points implicitly authorize their use by broadcasting an SSID and replying to DHCP requests, no access to private data or programs was performed, and without a separate agreement for use a public access point implies free usage, hence there is no charge to avoid. No violation of either statute.
The problem (for owners) is that by default every access point is unsecured, making it no different than a public access point open for free use. There must be some common law by now built around the idea that any web server on the Internet can be accessed without prior authorization simply because it's on a public network. Likewise, access points use the public radio spectrum, so asking if unauthenticated access is possible should be equivalent to an initial connection to a web server. If the web server returns documents without requiring authentication, it's public. Wireless access points go one step further and actively broadcast their existence on public airwaves, and then reply to a single initial request with implicit authorization to use the gateway, ip address, and dns servers they provide.
If anyone wants a new law, they should just extend the consumer protection laws to wireless devices and mandate that they ship in a secured state and inform the owner about how to use them properly. By secured, I mean anything as simple as requiring the user to set a particular SSID. Even if the default SSID was "private network" I'm pretty sure the courts would throw out any arguments by freeloaders who used it. Maybe the 802.11b standard should just be extended to include a "private" bit that is set by default. Anything along those lines would be sufficient to make the law much less ambiguous in light of common usage.
Secondly, any unauthorised use of someone's computer equipment, which includes a network, is covered by the Computer Misuse Act. If the owner has not given specific permission as required by this Act, then an offence has been committed.
Damn! I'm never visiting theregister.co.uk or bbc.co.uk again without asking first. Do you have a phone number I can call to request access, or do I need legal permission to access their private computerized phone network before I dial their phone number?
"Mrs. Smith, we found this man outside your house access your home wireless network." And you expect us to believe Mrs. Smith would be fine with this and tell the officers to let the creepy guy parked outside her home continue? Seriously. That's just bullshit and you know it.
So what if it's a businessman in an expensive suit walking through a public park who sits down on a park bench, pulls out a laptop and uses whatever access point is available? It suddenly becomes a much harder "crime" to detect or prosecute. Obviously the real issue is creepy guys parked next to people's houses. This has been frowned upon far longer than wireless routers have been around. Otherwise, how can the lady or the police prove that he's actually using her wireless? He could actually be using the wireless of someone down the street, perhaps a friend who let him use it.
It's no wonder we keep seeing more legislation cracking down on these sorts of activities. It's precisely because people don't accept them, and precisely because they don't know how to protect themselves against them.
Yeah, big brother stepping in to fix apathy and ignorance with stupid laws against smart people when the real problem is routers that ship in an unsecured state by default. It's like shipping microwaves that come without the shielding installed, with a little note in the manual that you should really put the shielding on if you don't want to get in trouble with the FCC or kill all the wireless devices in the vicinity. There are consumer protection laws already, and those are the ones that need to be extended.
Ive always secretly believed that the NSA had this figured out decades ago, and has been quietly gaming the stock markets to fund its expansion. Thats why market volatility has increased dramatically. *Sure* those acres of supercomputer arrays are all doing code-breaking...
Who needs supercomputers when you have inside information from "authorized" illegal wiretaps?
you don't get it: any kind of universal id is open to the same kinds of abuses you could appreciate if it were microsoft or george bush behind the plan. it's the same tension between convenience and privacy/security, regardless of the entity behind the universal id
Big difference number 1: I can see social relationships on myspace. I cannot see the relationships I have to "terrorists" in some government database. Therefore I have much more freedom and knowledge using an open social network.
Big difference number 2: All the watchers will (theoretically) be in the same open database as everyone else. If police officer X arrests A, B, and C and the social network shows that X's old girlfriend has dated A, B, and C, that's much more useful information than the secret government information that A, B, and C joke about terrorism and George Bush on slashdot.
Basically, fully open systems that include everyone allow much more freedom than closed lists run by the executive branch.
It's just not economically feasible to build non-oversubscribed networks. Any of you know how much a card for a Cisco GSR that has just two OC-192 intermediate-reach ports on it is? MSRP is $585,000.
So you're saying the real problem is Cisco? There's no way a 10 gbps piece of hardware should cost that much. When hypertransport and pci-express on a consumer grade motherboard support over 50 gb/s, is Cisco hardware really worth what they charge?
How about starting off by realizing that Evolution and Creation (or "Intelligent Design") are scientific theories and not scientific fact. The biggest problem I see in science today is failing to properly delineate between fact and theory.
Calling creationism a scientific theory is in effect calling fundamentalist Christianity a scientific theory. Calling intelligent design a scientific theory is equivalent to calling magic a scientific theory. Since ID does not even pretend to explain how anything happened (or why, or with repeatable results), it is not a scientific theory. How is one supposed to test ID for truth or falsity? ID begs the question quite fallaciously. Anything humans do is obviously the result of intelligence, and everything natural is also the result of intelligence by ID's definition, so where could one obtain some non-intelligently-designed matter to begin experimenting with in order to disprove ID? Even if science demonstrates that the initial conditions of the universe are sufficient to explain life, ID people will say that some "intelligence" picked those initial conditions and the laws of physics.
Another problem I see specific to the theory of Evolution, is that of people calling it "Darwin's Theory of Evolution". At least here they get the "Theory" part right, but they get it wrong when they attribute it to Darwin. (His theory was that of Natural Selection, which there is a ton of evidence for, and which was used to derive Evolution.)
Darwin's theory of evolution via natural selection gets us from the point of replicating molecules to where we are now. What more do you want?
Take responsibility. Stand up and declare your rights.
Don't weasel out by blaming the other guy.
This is pretty much the perfect argument. She owns the computer, but she didn't install or use the software. Who is guilty? Can she prove that this other guy installed it, and will he even admit to it? When it something is essentially shared property it can be very difficult to tie blame to an individual. Probably to the point that any RIAA suit becomes almost impossible to litigate. The "owner" of a computer has almost no meaning when everyone who sits at the keyboard has local admin privileges and a wide open internet connection. Unless you never have guests in your house, the idea that you are solely responsible for or have control over what your computer does is just silly.
My problem with XP Home is that it has disabled the ACLs of the NTFS filesystem. That sucks a lot if you want to run Limited User instead of Administrator. (Oh, yes, I do that and it works fine... a bit more work, but it works)
They only removed the ACL management from the shell (right click, properties, security). Petty, isn't it?
Like you said, cacls (and xcacls, and the API) still work just fine. My guess is that you could write some better scripts using xcacls to secure the machine than would ever be possible or desirable to do with the GUI. Or look up SetSecurityDescriptor on MSDN. It's a pain and a half to write the first time, but it makes automating that kind of stuff much easier and faster for large sets of files (say, entire filesystems being moved from an old domain to a new one with complex group permissions).
No disk is ever RMA'd anywhere. If we have a failure, we get a new replacement disk and send back a sheet of paper saying we destroyed the old one.
See, that's the thing that most companies would have trouble getting away with. I suppose once you're big enough to audit the taxes of the company RMAing your equipment, they don't really mind taking your word that you're destroying the drives and not selling them on the side.
We wipe sensitive data with 7 random overwrites on all disks in storage that may be used again. Working desktop and laptop disks passing out of the organization for donation to schools or charities get the same treatment.
The only obvious thing is sector reassignment. Modern drives keep a spare track or two to reassign bad sectors to. Most of the data is still there in a bad sector, and could probably be reconstructed exactly with a better read head or of course an electron microscope. Still, that's just a tiny fraction of the data on the drive. It depends on how valuable even a tiny bit of data would be. Mandatory encryption will fix that anyway.
Dead disk drives from laptops and desktops are treated just like server disks. Server disks at end of life are never passed out of the organization in working condition. They are software-wiped as above, degaussed in a gigantic noisy machine, disassembled, and the platters removed. Glass platters are broken into little bits and thrown out. Metal platters are beaten up with a hammer and then (I am not kidding) a guy in the office makes sculptures out of them. We have an area with various towering sculptures representing literally thousands of decommissioned disks, some of which are really heavy 8-inch platters made, it appears, of copper. I guess that means we've been doing this for a long time.
I would grind the glass platters (considering even a millimeter of disk still has complete sectors on it) and sand the metal platters down to remove the magnetic medium. Of course, I'm not an expert in data destruction and am more of a CS/math guy than a physicist, so take this with a grain of salt. My guess is that your copper colored disks are really iron oxide; basically just really smooth rust.
For the IRS, it is conceivable that any amount of data stolen would have at least some value. My guess is that social security numbers along with names and addresses are in a whole lot (most?) of your data, so even getting snippets would be slightly valuable. Overall I'd say there's a pretty low chance of losing data via old hard disks with the methods you've described.
It's a simple choice. If you say "tebi", all your geek friends will make fun of you. If you say "tera", people will not be sure whether you mean 1024 * 1024 * 1024 or 1000 * 1000 * 1000 or 1000 * 1000 * 1024.... (Finish iterating yourself -- I've seen then all.) This confusion might get you sued. So, do you want to be cool, or do you want to stay out of courtrooms?
How about 10^12? Scientific notation is useful for being unambiguous.
In practice, if you do the standard wipe, which is usually some variant of all-nulls, all ones, 3 times random, there is -zip- chance that anyone will be able to get at the data that was once on the platter.
While the heads certainly try to stay on center and overwrite the old data, there's always some leakage. With increasing data density, commodity hardware can read the leakage. Even if each overwrite is 90% effective, there's still 1/100000th of the data left on the disk. Disks have grown from 1MB to 1TB in the last 30 years, 10 times that factor. In other words, with commodity hardware it's probably possible to plug a 20-30 year old wiped platter under a modern head and read useful data off of it. I've never tried it, but I certainly wouldn't be surprised if it worked. Future improvements will likely make current disks readable after a few wipes. Once we get to the actual molecular/magnetic domain limits of storage, then I agree that a couple of wipes will erase all the information.
Just encrypt sensitive data. It's more secure, and Moore's law works with you instead of against you. It's faster to encrypt your disks (with faster and faster processors) than to spend time wiping your disk lots of times in expectation of improving technology. Additionally, many disks can't be wiped after the drive is "dead", although the platters or drive electronics can be swapped out at minimal cost to recover the data.
In my experience, when S.M.A.R.T. tells you a drive is dead or dying, its not kidding.
Agreed. I was able to detect early failure on my laptop disk and replace it without fuss. Likewise I have a group of 5 320GB Western Digital drives, all the exact same model (as far as I can tell) and all work fine with similar stats except for one disk which has a few sector replacements and unrecoverable CRC errors. Basically, that drive will probably die before it's replaced with a larger RAID, so I watch it to make sure the numbers aren't getting too high. Once 320GB drives get cheap enough ($50 or so) I'll just buy a spare one to keep around until it dies. Without SMART, I wouldn't have a clue how the drives were doing.
Yes, but what does it prove if a few of the bombs fail to go off? Are the survivors God's chosen, God's cursed, or just some unlucky bastards who had some really stupid friends?
What if genies, aliens, and fairies all appear right before the bombs go off, ready to grant everyone's wishes, but the bombs go off before anyone can say a word? There are SO many problems with your idea I don't know where to start.
Sadly, I can't find my post when last time space colonization came up, but basically it came down to this: There is no chance in hell of interplanetary, and especially interstelllar colonization. Why? It is so completely impractical.
As impractical as flight? As impractical as modern medicine? It sounds like you think humanity will never, ever think of anything new.
My best guess is that space colonization will wait for advanced nanotechnology. With nanotech we can cheaply (in terms of launch resources and raw materials) bootstrap industries in space and let them grow until they're safe for human occupation. By the time space colonies have been built, nanotech will almost certainly have allowed the human population to grow large enough that there is a natural demand for more room, and people will be willing to move into space.
I support ownership of personal property, but not land or natural resources.
Neat, would you mind if I set up a mining camp in your yard to look for coal, gold, or whatever else I can find? As long as I don't hurt the foundation of your house I should be fine, right?
Similarly, what stops the most ambitious libertarian from just taking everything? If no one owns land, can't everyone strip mine whatever they want, polluting the water supplies in the process?
There are probably some torturous arguments about the possible impact of activities on the future wellbeing of other people that could be used to determine who got to live where or dig where, but I really don't see any way to negotiate the fine points of who gets to drill for oil where, and who can suck all the water out of an aquifer without resorting to building huge fences and laying landmines or something. The only alternatives are enforced rationing, which is socialism; or enforced environmentalism, which is pretty close to what most first world countries have now. You can probably look at China for examples of lack of land and resource ownership. The people obviously don't own the river downstream of the goldmine, so who cares if there's some cyanide in it?
Otherwise, what is to keep some group from buying up an unreasonable amount of land, in effect making slaves out of those who have no means of support?
You pretty much have to resort to socialism to fix that. Big businesses can already push people out of their homes by subverting eminent domain, so it's clearly not impossible. Is there really any difference between big cities and what you describe? Most of the property and buildings are owned by rich individuals or large corporations, but the people living in them are not slaves because there are laws about maintaining clean water, waste disposal, heating, cooling, fire protection, and security if you own property that people live in. The problem which I think you've noticed is that nothing stops a city from becoming entirely filled with slums in order to make room for industry. It is very easy to create large class rifts by malicious property management. I would look at Europe to see how they dealt with that particular problem (only after industrialization, I might add), because they ran out of available land a few hundred years ago.
The rest of your over-excited comments do not warrant too much of a comment because, in case you had not noticed, small numbers of missed terrorists will kill thousands of innocent civilians, whereas a few bad apples in government making a bad arrest (if a particular arrest is found (BY A COURT) to have violated the laws (WRITTEN BY A LEGISLATURE)) will get prosecuted themselves and will either go to jail or need a pardon which carries political penalties for whoever cuts the pardon.
Well, that's the theory anyway. Using the current death toll of 2974, each of the 19 terrorists on 9/11 was responsible for ~156 deaths. In comparison, many notable serial killers have approached that number of murders over their lifespan, and the VA tech shooter was only 1/5th as efficient. In the attacks in Iraq, individual suicide bombers are much less effective. Basically, the idea that terrorists can kill massive numbers of people is mostly a boogie-man argument. Yes, in theory, with the right weapons, and perfect planning, and a major breakdown of normal law enforcement, a terrorist could individually kill perhaps thousands of people. However that hasn't happened in the past, and it's unlikely to happen in the future. It's such a statistically low possibility that the attention it warrants is way overblown. In contrast, the number of people the U.S. has killed in its attempt to bring justice to the masterminds of the 9/11 attack is silly. If the police slaughtered their way through a neighborhood looking for a serial killer, we'd be outraged. When we slaughter our way through a foreign country looking for a few dozen people, somehow it seems justified.
If you're worried about pure numbers, why don't we have a War on Obesity and a War on Traffic Accidents? Both kill many more people than terrorism ever will, and a lot of them are much easier to prevent than terrorism.
Basically, you've fallen for the administration's line that terrorism will Kill You, Your Family, and Your Friends Real Soon Now, so you should be afraid and willing to let them do whatever they want. No matter that we are actually causing MORE terrorism than we're preventing by invading Iraq: The insurgents in Iraq have killed many more people than the 9/11 attacks. I have no statistics, but I wouldn't be surpised if more Iraqis have been killed by the U.S. war than Saddam had killed since the first gulf war. The U.S. is directly responsible for those deaths, so do we need a terrorist watch list for U.S. leaders who kill foreign citizens?
Slashdot Mirror
I realise the US has a different history than most places, but in almost any country you want to name throughout most of the 20th and now 21st centuries, showing some kind of identification on demand by the local authorities is pretty standard stuff. This is also what he is eventually charged with, because not showing your ID (when pretty much everyone carries some form of ID), is indeed suspicious, and does indeed interfere with the officers ability to do his or her job. It all depends on the situation and specifically *how* the guy is asked of course, but I don't see it as unreasonable to be able to produce ID.
The cop probably shouldn't have asked him for ID in this situation because he was already cleared of any wrong-doing at that point. Once he did ask him though, the guy should have either shown it, or claimed not to have it. By choosing instead to stand on an idealistic, technical point of law, he chose to go to jail.
You are arguing two conflicting points. First, you argue that he should have showed his ID to the cop, then you say that the cop shouldn't have asked him in the first place. Police officers are an extension of the executive branch; when they ask you to do something it's the same as the government in general asking it. If they shouldn't ask you to do something, that means they have no right to ask it. If the government has no right to ask you to do something, you don't have to comply if they ask anyway. I understand that police officers are given a lot of leeway to investigate crimes and even to choose who to prosecute, but that extends only to the point that the law allows.
If you're separated by a few million or billion miles of vacuum in a sealed biosphere/spaceship, biological warfare has a little less impact on you.
That says nothing about nanotech, however. Ultimately, the only way for diverse life to survive is to spread as far as technology allows it.
Yea I know, good luck getting everyone on board. I just wish it were possible because even though I don't know who operates these Botnets if I were to find out I would absolutely LOVE to kick them in the nuts.
The obvious solution is to just direct the botnets to recognize the first Reformat Day automatically.
Why is it that all the developers seem to be able to code to a standard API - but they can't even come close to agreement on the way a program is operated? Maybe it's time to create a UI standard for Linux apps?
Probably because there are no universal UI guidelines that fit in every case, and no one knows of the "best" way to design a UI. There are almost certainly better UI models that will be found in the future, and part of open source development is trying to discover those models. Modal dialogs with "Yes, No, Cancel" may not be part of the optimal solution (it's hard to imagine them being the best for any task, really), so exploration into other representations and interaction models is a good thing.
For one thing, modal dialogs are essentially points in the program flow where the user is forced to make a decision. In many cases, the decision can be made automatically or simply removed from the program flow if the correct UI model is used. All the dialogs warning about saving documents before closing programs are probably the worst thing to happen in UIs since their creation. The proper solution is to save and version everything the user does, and never lose work (to the maximum extent possible) when the application is closed or crashes. That requires support from the filesystem and a UI design that emphasizes the versioned nature of files and data. Forcing users to "log on" and "log off" and closing all their applications and opening them up again is another genuine UI mistake that's a holdover from the days when memory was so tiny that overlays were popular and it was simply a necessity of operating a computer. There is no reason that modern operating systems should not present a persistent interface to the user. Hibernation is the closest thing to persistence that's currently available, with suspension a close second, but neither are truly persistent. They still rely on the old model of individually managing each piece of data.
I don't know, I can understand the reason, and I can summarize it like this: Christians aren't going to start murdering innocents if you make fun of them in a comic.
Do you really think Islamic extremists would stop killing people if no one published inflammatory cartoons?
Er, are you intentionally being stupid or are you just trying to raise a laugh? Accessing their website is not the same as accessing their network. And I thought that this forum was for geeks....
First of all, how can you access a networked device without accessing the network it's on? Magic? If the owner of the web server has it in their building, you have to access their network in order to access their web server. If it's colocated, you have to access the network of the colo facility. Neither access is pre-authorized unless being attached to a public network is implicit authorization for the public to connect to it. It's quite similar to having a phone number or living at a street address; nothing prevents anyone from dialing a phone number or mailing a letter to anyone they please, within reason (No DoS attacks allowed, basically). Junk mail and polling are both legal. It's silly that computer networks are treated any differently. If a network is public (which includes operating a wireless router using the publicly available radio spectrum and broadcasting SSIDs outside of the premises), then talking to that network should be just as legal as calling someone or sending them a letter. Whether they respond back or not is entirely up to them. If they have a telephone answering machine, talking to it is not illegal. Why should talking back to a wireless router be illegal?
If you were mislead by the sarcasm, too bad for you.
- (a) dishonestly obtains an electronic communications service, and
- (b)does so with intent to avoid payment of a charge applicable to the provision of that service,
There is no charge for using a free wireless access point.A person is guilty of an offence if--
He was only trying to access the public Internet, which he is implicitly authorized to use, and not any program or data held in an unauthorized computer.
As I see it, the most straightforward defense is that unsecured access points implicitly authorize their use by broadcasting an SSID and replying to DHCP requests, no access to private data or programs was performed, and without a separate agreement for use a public access point implies free usage, hence there is no charge to avoid. No violation of either statute.
The problem (for owners) is that by default every access point is unsecured, making it no different than a public access point open for free use. There must be some common law by now built around the idea that any web server on the Internet can be accessed without prior authorization simply because it's on a public network. Likewise, access points use the public radio spectrum, so asking if unauthenticated access is possible should be equivalent to an initial connection to a web server. If the web server returns documents without requiring authentication, it's public. Wireless access points go one step further and actively broadcast their existence on public airwaves, and then reply to a single initial request with implicit authorization to use the gateway, ip address, and dns servers they provide.
If anyone wants a new law, they should just extend the consumer protection laws to wireless devices and mandate that they ship in a secured state and inform the owner about how to use them properly. By secured, I mean anything as simple as requiring the user to set a particular SSID. Even if the default SSID was "private network" I'm pretty sure the courts would throw out any arguments by freeloaders who used it. Maybe the 802.11b standard should just be extended to include a "private" bit that is set by default. Anything along those lines would be sufficient to make the law much less ambiguous in light of common usage.
Secondly, any unauthorised use of someone's computer equipment, which includes a network, is covered by the Computer Misuse Act. If the owner has not given specific permission as required by this Act, then an offence has been committed.
Damn! I'm never visiting theregister.co.uk or bbc.co.uk again without asking first. Do you have a phone number I can call to request access, or do I need legal permission to access their private computerized phone network before I dial their phone number?
"Mrs. Smith, we found this man outside your house access your home wireless network." And you expect us to believe Mrs. Smith would be fine with this and tell the officers to let the creepy guy parked outside her home continue? Seriously. That's just bullshit and you know it.
So what if it's a businessman in an expensive suit walking through a public park who sits down on a park bench, pulls out a laptop and uses whatever access point is available? It suddenly becomes a much harder "crime" to detect or prosecute. Obviously the real issue is creepy guys parked next to people's houses. This has been frowned upon far longer than wireless routers have been around. Otherwise, how can the lady or the police prove that he's actually using her wireless? He could actually be using the wireless of someone down the street, perhaps a friend who let him use it.
It's no wonder we keep seeing more legislation cracking down on these sorts of activities. It's precisely because people don't accept them, and precisely because they don't know how to protect themselves against them.
Yeah, big brother stepping in to fix apathy and ignorance with stupid laws against smart people when the real problem is routers that ship in an unsecured state by default. It's like shipping microwaves that come without the shielding installed, with a little note in the manual that you should really put the shielding on if you don't want to get in trouble with the FCC or kill all the wireless devices in the vicinity. There are consumer protection laws already, and those are the ones that need to be extended.
Ive always secretly believed that the NSA had this figured out decades ago, and has been quietly gaming the stock markets to fund its expansion. Thats why market volatility has increased dramatically. *Sure* those acres of supercomputer arrays are all doing code-breaking...
Who needs supercomputers when you have inside information from "authorized" illegal wiretaps?
you don't get it: any kind of universal id is open to the same kinds of abuses you could appreciate if it were microsoft or george bush behind the plan. it's the same tension between convenience and privacy/security, regardless of the entity behind the universal id
Big difference number 1: I can see social relationships on myspace. I cannot see the relationships I have to "terrorists" in some government database. Therefore I have much more freedom and knowledge using an open social network.
Big difference number 2: All the watchers will (theoretically) be in the same open database as everyone else. If police officer X arrests A, B, and C and the social network shows that X's old girlfriend has dated A, B, and C, that's much more useful information than the secret government information that A, B, and C joke about terrorism and George Bush on slashdot.
Basically, fully open systems that include everyone allow much more freedom than closed lists run by the executive branch.
It's just not economically feasible to build non-oversubscribed networks. Any of you know how much a card for a Cisco GSR that has just two OC-192 intermediate-reach ports on it is? MSRP is $585,000.
So you're saying the real problem is Cisco? There's no way a 10 gbps piece of hardware should cost that much. When hypertransport and pci-express on a consumer grade motherboard support over 50 gb/s, is Cisco hardware really worth what they charge?
How about starting off by realizing that Evolution and Creation (or "Intelligent Design") are scientific theories and not scientific fact. The biggest problem I see in science today is failing to properly delineate between fact and theory.
Calling creationism a scientific theory is in effect calling fundamentalist Christianity a scientific theory. Calling intelligent design a scientific theory is equivalent to calling magic a scientific theory. Since ID does not even pretend to explain how anything happened (or why, or with repeatable results), it is not a scientific theory. How is one supposed to test ID for truth or falsity? ID begs the question quite fallaciously. Anything humans do is obviously the result of intelligence, and everything natural is also the result of intelligence by ID's definition, so where could one obtain some non-intelligently-designed matter to begin experimenting with in order to disprove ID? Even if science demonstrates that the initial conditions of the universe are sufficient to explain life, ID people will say that some "intelligence" picked those initial conditions and the laws of physics.
Another problem I see specific to the theory of Evolution, is that of people calling it "Darwin's Theory of Evolution". At least here they get the "Theory" part right, but they get it wrong when they attribute it to Darwin. (His theory was that of Natural Selection, which there is a ton of evidence for, and which was used to derive Evolution.)
Darwin's theory of evolution via natural selection gets us from the point of replicating molecules to where we are now. What more do you want?
Take responsibility. Stand up and declare your rights.
Don't weasel out by blaming the other guy.
This is pretty much the perfect argument. She owns the computer, but she didn't install or use the software. Who is guilty? Can she prove that this other guy installed it, and will he even admit to it? When it something is essentially shared property it can be very difficult to tie blame to an individual. Probably to the point that any RIAA suit becomes almost impossible to litigate. The "owner" of a computer has almost no meaning when everyone who sits at the keyboard has local admin privileges and a wide open internet connection. Unless you never have guests in your house, the idea that you are solely responsible for or have control over what your computer does is just silly.
My problem with XP Home is that it has disabled the ACLs of the NTFS filesystem. That sucks a lot if you want to run Limited User instead of Administrator. (Oh, yes, I do that and it works fine... a bit more work, but it works)
They only removed the ACL management from the shell (right click, properties, security). Petty, isn't it?
Like you said, cacls (and xcacls, and the API) still work just fine. My guess is that you could write some better scripts using xcacls to secure the machine than would ever be possible or desirable to do with the GUI. Or look up SetSecurityDescriptor on MSDN. It's a pain and a half to write the first time, but it makes automating that kind of stuff much easier and faster for large sets of files (say, entire filesystems being moved from an old domain to a new one with complex group permissions).
ActiveX is dead. Microsoft doesn't do anything with it, and there certainly isn't an interoperability push for .Net-to-ActiveX.
Use Windows Update much? There's a big chunk of ActiveX for you.
No disk is ever RMA'd anywhere. If we have a failure, we get a new replacement disk and send back a sheet of paper saying we destroyed the old one.
See, that's the thing that most companies would have trouble getting away with. I suppose once you're big enough to audit the taxes of the company RMAing your equipment, they don't really mind taking your word that you're destroying the drives and not selling them on the side.
We wipe sensitive data with 7 random overwrites on all disks in storage that may be used again. Working desktop and laptop disks passing out of the organization for donation to schools or charities get the same treatment.
The only obvious thing is sector reassignment. Modern drives keep a spare track or two to reassign bad sectors to. Most of the data is still there in a bad sector, and could probably be reconstructed exactly with a better read head or of course an electron microscope. Still, that's just a tiny fraction of the data on the drive. It depends on how valuable even a tiny bit of data would be. Mandatory encryption will fix that anyway.
Dead disk drives from laptops and desktops are treated just like server disks. Server disks at end of life are never passed out of the organization in working condition. They are software-wiped as above, degaussed in a gigantic noisy machine, disassembled, and the platters removed. Glass platters are broken into little bits and thrown out. Metal platters are beaten up with a hammer and then (I am not kidding) a guy in the office makes sculptures out of them. We have an area with various towering sculptures representing literally thousands of decommissioned disks, some of which are really heavy 8-inch platters made, it appears, of copper. I guess that means we've been doing this for a long time.
I would grind the glass platters (considering even a millimeter of disk still has complete sectors on it) and sand the metal platters down to remove the magnetic medium. Of course, I'm not an expert in data destruction and am more of a CS/math guy than a physicist, so take this with a grain of salt. My guess is that your copper colored disks are really iron oxide; basically just really smooth rust.
For the IRS, it is conceivable that any amount of data stolen would have at least some value. My guess is that social security numbers along with names and addresses are in a whole lot (most?) of your data, so even getting snippets would be slightly valuable. Overall I'd say there's a pretty low chance of losing data via old hard disks with the methods you've described.
Do you RMA unencrypted disks? How do you wipe sensitive data off the dead ones? There are plenty of reasons to encrypt server drives.
It's a simple choice. If you say "tebi", all your geek friends will make fun of you. If you say "tera", people will not be sure whether you mean 1024 * 1024 * 1024 or 1000 * 1000 * 1000 or 1000 * 1000 * 1024 .... (Finish iterating yourself -- I've seen then all.) This confusion might get you sued. So, do you want to be cool, or do you want to stay out of courtrooms?
How about 10^12? Scientific notation is useful for being unambiguous.
In practice, if you do the standard wipe, which is usually some variant of all-nulls, all ones, 3 times random, there is -zip- chance that anyone will be able to get at the data that was once on the platter.
While the heads certainly try to stay on center and overwrite the old data, there's always some leakage. With increasing data density, commodity hardware can read the leakage. Even if each overwrite is 90% effective, there's still 1/100000th of the data left on the disk. Disks have grown from 1MB to 1TB in the last 30 years, 10 times that factor. In other words, with commodity hardware it's probably possible to plug a 20-30 year old wiped platter under a modern head and read useful data off of it. I've never tried it, but I certainly wouldn't be surprised if it worked. Future improvements will likely make current disks readable after a few wipes. Once we get to the actual molecular/magnetic domain limits of storage, then I agree that a couple of wipes will erase all the information.
Just encrypt sensitive data. It's more secure, and Moore's law works with you instead of against you. It's faster to encrypt your disks (with faster and faster processors) than to spend time wiping your disk lots of times in expectation of improving technology. Additionally, many disks can't be wiped after the drive is "dead", although the platters or drive electronics can be swapped out at minimal cost to recover the data.
In my experience, when S.M.A.R.T. tells you a drive is dead or dying, its not kidding.
Agreed. I was able to detect early failure on my laptop disk and replace it without fuss. Likewise I have a group of 5 320GB Western Digital drives, all the exact same model (as far as I can tell) and all work fine with similar stats except for one disk which has a few sector replacements and unrecoverable CRC errors. Basically, that drive will probably die before it's replaced with a larger RAID, so I watch it to make sure the numbers aren't getting too high. Once 320GB drives get cheap enough ($50 or so) I'll just buy a spare one to keep around until it dies. Without SMART, I wouldn't have a clue how the drives were doing.
Yes, but what does it prove if a few of the bombs fail to go off? Are the survivors God's chosen, God's cursed, or just some unlucky bastards who had some really stupid friends?
What if genies, aliens, and fairies all appear right before the bombs go off, ready to grant everyone's wishes, but the bombs go off before anyone can say a word? There are SO many problems with your idea I don't know where to start.
Sadly, I can't find my post when last time space colonization came up, but basically it came down to this: There is no chance in hell of interplanetary, and especially interstelllar colonization. Why? It is so completely impractical.
As impractical as flight? As impractical as modern medicine? It sounds like you think humanity will never, ever think of anything new.
My best guess is that space colonization will wait for advanced nanotechnology. With nanotech we can cheaply (in terms of launch resources and raw materials) bootstrap industries in space and let them grow until they're safe for human occupation. By the time space colonies have been built, nanotech will almost certainly have allowed the human population to grow large enough that there is a natural demand for more room, and people will be willing to move into space.
I support ownership of personal property, but not land or natural resources.
Neat, would you mind if I set up a mining camp in your yard to look for coal, gold, or whatever else I can find? As long as I don't hurt the foundation of your house I should be fine, right?
Similarly, what stops the most ambitious libertarian from just taking everything? If no one owns land, can't everyone strip mine whatever they want, polluting the water supplies in the process?
There are probably some torturous arguments about the possible impact of activities on the future wellbeing of other people that could be used to determine who got to live where or dig where, but I really don't see any way to negotiate the fine points of who gets to drill for oil where, and who can suck all the water out of an aquifer without resorting to building huge fences and laying landmines or something. The only alternatives are enforced rationing, which is socialism; or enforced environmentalism, which is pretty close to what most first world countries have now. You can probably look at China for examples of lack of land and resource ownership. The people obviously don't own the river downstream of the goldmine, so who cares if there's some cyanide in it?
Otherwise, what is to keep some group from buying up an unreasonable amount of land, in effect making slaves out of those who have no means of support?
You pretty much have to resort to socialism to fix that. Big businesses can already push people out of their homes by subverting eminent domain, so it's clearly not impossible. Is there really any difference between big cities and what you describe? Most of the property and buildings are owned by rich individuals or large corporations, but the people living in them are not slaves because there are laws about maintaining clean water, waste disposal, heating, cooling, fire protection, and security if you own property that people live in. The problem which I think you've noticed is that nothing stops a city from becoming entirely filled with slums in order to make room for industry. It is very easy to create large class rifts by malicious property management. I would look at Europe to see how they dealt with that particular problem (only after industrialization, I might add), because they ran out of available land a few hundred years ago.
The rest of your over-excited comments do not warrant too much of a comment because, in case you had not noticed, small numbers of missed terrorists will kill thousands of innocent civilians, whereas a few bad apples in government making a bad arrest (if a particular arrest is found (BY A COURT) to have violated the laws (WRITTEN BY A LEGISLATURE)) will get prosecuted themselves and will either go to jail or need a pardon which carries political penalties for whoever cuts the pardon.
Well, that's the theory anyway. Using the current death toll of 2974, each of the 19 terrorists on 9/11 was responsible for ~156 deaths. In comparison, many notable serial killers have approached that number of murders over their lifespan, and the VA tech shooter was only 1/5th as efficient. In the attacks in Iraq, individual suicide bombers are much less effective. Basically, the idea that terrorists can kill massive numbers of people is mostly a boogie-man argument. Yes, in theory, with the right weapons, and perfect planning, and a major breakdown of normal law enforcement, a terrorist could individually kill perhaps thousands of people. However that hasn't happened in the past, and it's unlikely to happen in the future. It's such a statistically low possibility that the attention it warrants is way overblown. In contrast, the number of people the U.S. has killed in its attempt to bring justice to the masterminds of the 9/11 attack is silly. If the police slaughtered their way through a neighborhood looking for a serial killer, we'd be outraged. When we slaughter our way through a foreign country looking for a few dozen people, somehow it seems justified.
If you're worried about pure numbers, why don't we have a War on Obesity and a War on Traffic Accidents? Both kill many more people than terrorism ever will, and a lot of them are much easier to prevent than terrorism.
Basically, you've fallen for the administration's line that terrorism will Kill You, Your Family, and Your Friends Real Soon Now, so you should be afraid and willing to let them do whatever they want. No matter that we are actually causing MORE terrorism than we're preventing by invading Iraq: The insurgents in Iraq have killed many more people than the 9/11 attacks. I have no statistics, but I wouldn't be surpised if more Iraqis have been killed by the U.S. war than Saddam had killed since the first gulf war. The U.S. is directly responsible for those deaths, so do we need a terrorist watch list for U.S. leaders who kill foreign citizens?