And so why was Al-Marri held for 5 years as an "enemy combatant"? 1. He was a legal US Resident, though not a citizen of the US. 2. He was captured in the US by a traffic cop 3. He was charged in a US court with fraud before being transferred to military custody.
Or are you saying that your unattributed list is an "OR" function, that is, if you fail any one of the tests you can be held? In which case, your number 5 is the scariest one of the lot.
And yet, the Government of the US, lead by the President of the US, fought a battle all the way to the Supreme Court of the US, arguing that they had the right to detain US citizens indefinitely without recourse to the courts simply because they called the citizen a name - "Terrorist" and "enemy combatant".
So, if a Police official steps up to you, and says "I think you are a Terrorist and an Enemy Combatant; please give me your encryption keys to prove your innocence", your refusal means indefinite detention in a military detention facility, subject to military interrogation methods which include those which we ourselves have called war crimes: http://www.washingtonpost.com/wp-dyn/content/article/2007/11/02/AR2007110201170.html
I think most of the people in this thread don't remember well what they first did on computers. For me, it wasn't creating things from scratch; that's too hard when you don't have the foggiest idea what you're doing. That would be like saying you learn music by starting out with a blank sheet of staff paper and an idea for a symphony.
I believe that most programmers started out modifying something existing - for me, it was University of Texas Super Star Trek and Crowther's Adventure. Before that, it was Lunar Lander on my TI SR-71 programmable calculator. It was easy (once you found the code) to change it, modify it, and see instant results in a sophisticated environment. For others, it might have been typing in BASIC games on their Apple II or C64, and modifying them to make them work differently.
Once you have the background as to how programs work, it becomes so much easier to realize a program that you conceive and implement yourself.
Or, you find that you really couldn't care less about doing this kind of work.
Modding an existing, interesting game - two thumbs up.
OK, so a compromised machine was pointing to the server.
That somehow gives them the right to go rummage through that server uninvited, reading and analyzing what they found and publishing it? Now, I know the vigilante in all of us wants to say "yes", but it's not clear to me that the law permits that kind of activity. And I stand by my statement that, if I did it, I'd end up a very unhappy puppy.
Let's imagine that I find some Symantec product on my machine that I didn't install, and I find a server address in the code. Does that give me the right to go pillage Symantec's machine and publish information about what I'd found?
OK, so Symantec "recently stumbled upon a server hosting...".
What, was it placed on their doorstep one night, and they didn't notice it when they went outside to get the morning paper?
So, they wrote a crawler that intrusively scanned servers that they didn't have permission to access, opening and analyzing files that they didn't have permission to read, then published what they found?
And the penalty if I did that is, what, 5 years in federal PMITA prison?
My laserjet 6p is a remarkable personal laser printer. It keeps the fuser powered off until you need it, then can start a page within seconds. The LaserJet 4 era couldn't do that - they either kept the fuser hot (burning energy) forever, or took minutes to warm it back up.
And I haven't had to refill the cartridge in over a year.
I looked into this one afternoon (oh, the things that Google thinks it knows about me!) just to figure out how big of a threat it is.
The stories I found said that, basically, the human body is excellent at absorbing explosions. Your sewn-in explosives, unless much, much bigger than otherwise needed, would mostly be muffled. Now, that's not saying that you couldn't take down a plane with sufficient internal explosives (I carry around 30 more pounds of fat than I need, and no one looks at me for a second; that's a lot of potential C-4 storage space), simply that it would be easier if you could remove the explosives before detonating them.
"Keistering" is one simple, low-tech approach to this, though I don't know how the volume of explosive one could carry compares with the volume necessary. Using a two-stage explosion, with the first stage ripping the mule open and the second stage then exploding outside the body is a far more sophisticated approach which is also possible.
There are dozens of approaches to this "problem" from the terrorist's perspective, none of which have an answer in the current security handbook. Various terrorist cells WILL realize that they'll be far more successful by giving their jihadist a premade suppository or implant that can securely and reliably be both carried to the US and detonated (rather than by having them trying to create and package bombs ala the "underwear bomber").
Us standing in line to have our naughty bits examined by some pervert in another room won't have a damned bit of impact on such an attack.
Regardless of the health issues, why should I be electronically strip-searched when the next terrorist is going to shove explosives up his ass and remove/detonate them during flight?
What invasion of privacy is going to happen after that event?
So Google, who probably knows your name, your IP address, your Email address, all of your friends and family, all of the search terms you've ever used under any alias, and by pwning your wireless at home knows your street address and your MAC address, now knows your credit card number.
Generally, don't cause trouble, and don't make a scene. ( Sec. 103.9 No person may operate any ultralight vehicle in a manner that creates a hazard to other persons or property.)
Specifically, not allowed to fly in most controlled airspace, not allowed to fly over congested areas (i.e. don't fly where people can see you), can't fly at night, can't fly in instrument conditions.
So, a great sport device, but not so great for commuting.
The other critical item - apply the brakes and DON'T LET UP.
1. Engine vacuum is a necessity to modern power brake systems.
2. There is a vacuum reservoir in the brake system that allows a couple of brake applications even if vacuum is disrupted.
3. With the throttle fully open, there is little to no engine vacuum available
4. If the car is accelerating uncontrollably, and you pump the brakes, you're going to die.
Try it - I have on my Ford Explorer and my wife's Acura. The next time you're on the freeway onramp with no one in front of you, floor the throttle, wait a second or two, then pump the brakes a few times. On the first application, you'll feel the brakes start to slow the car. After the second or third pump, brake effort will rise dramatically, and you probably won't be able to slow the car./frank
As a USA-ian, even I have had excellent interaction with the Canadian health system due to an unfortunate but minor accident a few years ago.
Given the lack of wisdom in Washington DC these days, the political power of the AMA, the AARP, the various Lawyers groups and the insurance industry, I can't imagine how a functional, usable equivalent could possibly get instituted here without screwing up healthcare (and killing people) for a decade.
All laws would be re-upped with a simple bill that says "All laws expiring this year are re-authorized".
If you insisted on more detail, you'd get ""All laws expiring this year, as listed in Appendix A, are re-authorized".
You would have to require an individual, roll-call vote of each law. In which case, an "Omnibus" law would be passed that contains the text of all the laws expiring this year, and only one vote would be required for all time.
It's just not clear to me how you generally apply a "sunset" clause to all laws.
The fact that you had such an arrogant ass working for you is indeed a management failure.
Yours.
A programmer that "refuses to listen to any pre-written architecture, refuses to listen to QA, and thinks that he can just produce code in complete isolation from the rest of the team" should be fired. Plain and simple.
If you had the authority to do so and didn't, then you are the management failure. If you didn't have the authority, and didn't request his firing from the person who had the authority, then you are the management failure. If you didn't have the authority, did request his firing from the person who had the authority and was told "no", then the management failure is the person who said "no".
In the security world, there's always a tradeoff between the cost of the security, the cost to an attacker to break the security, and the value of the thing being protected.
In the military world, there are many secrets which need to be (are seen as needing to be) kept for many years. For these, an encryption that takes a year and $10M to break may not be good enough, because after a year and $10M, an enemy might have information worth more than that. For my bank account, encryption that takes a year and $10M to break is more than sufficient, because the value to an attacker is approximately $47.32, plus the overdraft fees that they can stick me with.
There is no current concern for the average person, unless you're dealing in nuclear secrets or are protecting a politicians date book. Given a choice in the future, moving to a larger RSA key size is prudent change, but that's about it.
AES-256 uses a 256 bit key. It may have a weaker than expected key schedule for using that key, as Schneier has opined (do I know what that means? Not a chance), but it's certainly 256 bits long.
I completely believe that you can show images that show a gun, a knife, a bomb strapped to someones hip, leg, lower back, belly, etc.
Can you show an image where someone has a shiv in the crack of their ass, flexible explosives in an armpit or groin crease or around the genitals (which are "blurred" by the machine)?
How much explosive is needed to bring down a plane? How much can comfortably be carried in a vagina or anus? How much can comfortably be carried in a surgically implanted pouch in the abdomen?
Like all security theatre, providers of technology can show all kinds of great solutions. However, in the real world, they will only stop the stupid. Anyone who wants to attack an airliner after this insanely expensive and intrusive technology is deployed will still be able to.
The only response that I'm aware of that has, IMHO, been reasonable as a response to 9/11 and following attacks is armoring the cockpit door. Air marshals, invasive security searches, no-fly lists, etc., appear to all be ineffective.
Even today, if a terrorist stands up in a plan and holds up an empty box with wires sticking out and says "I have a bomb!", everyone in the plane has to assume that he has a bomb. Now, if he does that in my plane, I plan on falling back on my college training (way too many hours playing folf) and launching my laptop at his head while I charge, but that's just me.
Slashdot Mirror
Which doesn't change the facts of the Wired article at all...either submission forms work, or they don't. It's an easy question.
Attacking the source of a factual article is a bit...unseemly.
And so why was Al-Marri held for 5 years as an "enemy combatant"?
1. He was a legal US Resident, though not a citizen of the US.
2. He was captured in the US by a traffic cop
3. He was charged in a US court with fraud before being transferred to military custody.
Or are you saying that your unattributed list is an "OR" function, that is, if you fail any one of the tests you can be held? In which case, your number 5 is the scariest one of the lot.
And yet, the Government of the US, lead by the President of the US, fought a battle all the way to the Supreme Court of the US, arguing that they had the right to detain US citizens indefinitely without recourse to the courts simply because they called the citizen a name - "Terrorist" and "enemy combatant".
And the courts of the US haven't yet issued a ruling that this is against our precious constitution. Nor has our president, running on a platform of change, spoken out against this travesty:
http://en.wikipedia.org/wiki/Jos%C3%A9_Padilla_(prisoner)
http://www.foxnews.com/story/0,2933,506265,00.html
So, if a Police official steps up to you, and says "I think you are a Terrorist and an Enemy Combatant; please give me your encryption keys to prove your innocence", your refusal means indefinite detention in a military detention facility, subject to military interrogation methods which include those which we ourselves have called war crimes:
http://www.washingtonpost.com/wp-dyn/content/article/2007/11/02/AR2007110201170.html
A piece of paper protects no rights.
I, as a customer, can be as demanding as I want.
I expect my government to be very demanding of the suppliers it uses.
The supplier is free to choose not to do business with a demanding customer.
Is it so hard to understand?
OK, it was a TI SR-56 calculator, when I lusted after a TI-59.
I thought SR-71 sounded suspicious.
This.
I think most of the people in this thread don't remember well what they first did on computers. For me, it wasn't creating things from scratch; that's too hard when you don't have the foggiest idea what you're doing. That would be like saying you learn music by starting out with a blank sheet of staff paper and an idea for a symphony.
I believe that most programmers started out modifying something existing - for me, it was University of Texas Super Star Trek and Crowther's Adventure. Before that, it was Lunar Lander on my TI SR-71 programmable calculator. It was easy (once you found the code) to change it, modify it, and see instant results in a sophisticated environment. For others, it might have been typing in BASIC games on their Apple II or C64, and modifying them to make them work differently.
Once you have the background as to how programs work, it becomes so much easier to realize a program that you conceive and implement yourself.
Or, you find that you really couldn't care less about doing this kind of work.
Modding an existing, interesting game - two thumbs up.
OK, so a compromised machine was pointing to the server.
That somehow gives them the right to go rummage through that server uninvited, reading and analyzing what they found and publishing it? Now, I know the vigilante in all of us wants to say "yes", but it's not clear to me that the law permits that kind of activity. And I stand by my statement that, if I did it, I'd end up a very unhappy puppy.
Let's imagine that I find some Symantec product on my machine that I didn't install, and I find a server address in the code. Does that give me the right to go pillage Symantec's machine and publish information about what I'd found?
OK, so Symantec "recently stumbled upon a server hosting...".
What, was it placed on their doorstep one night, and they didn't notice it when they went outside to get the morning paper?
So, they wrote a crawler that intrusively scanned servers that they didn't have permission to access, opening and analyzing files that they didn't have permission to read, then published what they found?
And the penalty if I did that is, what, 5 years in federal PMITA prison?
There is something wrong in this world.
My laserjet 6p is a remarkable personal laser printer. It keeps the fuser powered off until you need it, then can start a page within seconds. The LaserJet 4 era couldn't do that - they either kept the fuser hot (burning energy) forever, or took minutes to warm it back up.
And I haven't had to refill the cartridge in over a year.
I sense a disturbing lack of acceptance of Mr. Brown's statements.
Are you all so cynical?
I looked into this one afternoon (oh, the things that Google thinks it knows about me!) just to figure out how big of a threat it is.
The stories I found said that, basically, the human body is excellent at absorbing explosions. Your sewn-in explosives, unless much, much bigger than otherwise needed, would mostly be muffled. Now, that's not saying that you couldn't take down a plane with sufficient internal explosives (I carry around 30 more pounds of fat than I need, and no one looks at me for a second; that's a lot of potential C-4 storage space), simply that it would be easier if you could remove the explosives before detonating them.
"Keistering" is one simple, low-tech approach to this, though I don't know how the volume of explosive one could carry compares with the volume necessary. Using a two-stage explosion, with the first stage ripping the mule open and the second stage then exploding outside the body is a far more sophisticated approach which is also possible.
There are dozens of approaches to this "problem" from the terrorist's perspective, none of which have an answer in the current security handbook. Various terrorist cells WILL realize that they'll be far more successful by giving their jihadist a premade suppository or implant that can securely and reliably be both carried to the US and detonated (rather than by having them trying to create and package bombs ala the "underwear bomber").
Us standing in line to have our naughty bits examined by some pervert in another room won't have a damned bit of impact on such an attack.
Great, I only fly coach.
Does this mean that the "inspector" is just going to spit?
Regardless of the health issues, why should I be electronically strip-searched when the next terrorist is going to shove explosives up his ass and remove/detonate them during flight?
What invasion of privacy is going to happen after that event?
Now, I understand that public schools check for head lice, but I really didn't understand that they were checking for PUBIC lice.
I think I'll have to have a talk with my 8-year olds Principal.
So Google, who probably knows your name, your IP address, your Email address, all of your friends and family, all of the search terms you've ever used under any alias, and by pwning your wireless at home knows your street address and your MAC address, now knows your credit card number.
Funny, perhaps, but in a bit of a horrifying way.
That's the CSI belief.
Now, for reality:
http://www.denverpost.com/nationworld/ci_10026634
FAA Part 103 http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr&rgn=div5&view=text&node=14:2.0.1.3.16&idno=14 covers the flight privileges for this device.
Generally, don't cause trouble, and don't make a scene. ( Sec. 103.9 No person may operate any ultralight vehicle in a manner that creates a hazard to other persons or property.)
Specifically, not allowed to fly in most controlled airspace, not allowed to fly over congested areas (i.e. don't fly where people can see you), can't fly at night, can't fly in instrument conditions.
So, a great sport device, but not so great for commuting.
The other critical item - apply the brakes and DON'T LET UP.
1. Engine vacuum is a necessity to modern power brake systems.
2. There is a vacuum reservoir in the brake system that allows a couple of brake applications even if vacuum is disrupted.
3. With the throttle fully open, there is little to no engine vacuum available
4. If the car is accelerating uncontrollably, and you pump the brakes, you're going to die.
Try it - I have on my Ford Explorer and my wife's Acura. The next time you're on the freeway onramp with no one in front of you, floor the throttle, wait a second or two, then pump the brakes a few times. On the first application, you'll feel the brakes start to slow the car. After the second or third pump, brake effort will rise dramatically, and you probably won't be able to slow the car. /frank
Single payer works.
...in Canada and certain other countries.
As a USA-ian, even I have had excellent interaction with the Canadian health system due to an unfortunate but minor accident a few years ago.
Given the lack of wisdom in Washington DC these days, the political power of the AMA, the AARP, the various Lawyers groups and the insurance industry, I can't imagine how a functional, usable equivalent could possibly get instituted here without screwing up healthcare (and killing people) for a decade.
All laws would be re-upped with a simple bill that says "All laws expiring this year are re-authorized".
If you insisted on more detail, you'd get ""All laws expiring this year, as listed in Appendix A, are re-authorized".
You would have to require an individual, roll-call vote of each law. In which case, an "Omnibus" law would be passed that contains the text of all the laws expiring this year, and only one vote would be required for all time.
It's just not clear to me how you generally apply a "sunset" clause to all laws.
The fact that you had such an arrogant ass working for you is indeed a management failure.
Yours.
A programmer that "refuses to listen to any pre-written architecture, refuses to listen to QA, and thinks that he can just produce code in complete isolation from the rest of the team" should be fired. Plain and simple.
If you had the authority to do so and didn't, then you are the management failure.
If you didn't have the authority, and didn't request his firing from the person who had the authority, then you are the management failure.
If you didn't have the authority, did request his firing from the person who had the authority and was told "no", then the management failure is the person who said "no".
I got:
"Your browser fingerprint appears to be unique among the 6,335 tested so far."
So, in the last 15 minutes, they appear to have had roughly 1000 new visitors.
Sounds like they're collecting some new information.
In the security world, there's always a tradeoff between the cost of the security, the cost to an attacker to break the security, and the value of the thing being protected.
In the military world, there are many secrets which need to be (are seen as needing to be) kept for many years. For these, an encryption that takes a year and $10M to break may not be good enough, because after a year and $10M, an enemy might have information worth more than that. For my bank account, encryption that takes a year and $10M to break is more than sufficient, because the value to an attacker is approximately $47.32, plus the overdraft fees that they can stick me with.
There is no current concern for the average person, unless you're dealing in nuclear secrets or are protecting a politicians date book. Given a choice in the future, moving to a larger RSA key size is prudent change, but that's about it.
uhh, no.
AES-256 uses a 256 bit key. It may have a weaker than expected key schedule for using that key, as Schneier has opined (do I know what that means? Not a chance), but it's certainly 256 bits long.
I completely believe that you can show images that show a gun, a knife, a bomb strapped to someones hip, leg, lower back, belly, etc.
Can you show an image where someone has a shiv in the crack of their ass, flexible explosives in an armpit or groin crease or around the genitals (which are "blurred" by the machine)?
How much explosive is needed to bring down a plane? How much can comfortably be carried in a vagina or anus? How much can comfortably be carried in a surgically implanted pouch in the abdomen?
Like all security theatre, providers of technology can show all kinds of great solutions. However, in the real world, they will only stop the stupid. Anyone who wants to attack an airliner after this insanely expensive and intrusive technology is deployed will still be able to.
The only response that I'm aware of that has, IMHO, been reasonable as a response to 9/11 and following attacks is armoring the cockpit door. Air marshals, invasive security searches, no-fly lists, etc., appear to all be ineffective.
Even today, if a terrorist stands up in a plan and holds up an empty box with wires sticking out and says "I have a bomb!", everyone in the plane has to assume that he has a bomb. Now, if he does that in my plane, I plan on falling back on my college training (way too many hours playing folf) and launching my laptop at his head while I charge, but that's just me.