The salt is generally stored as the first few chars of the hashed password. If the have a password, they almost certainly fave the salt used for it as well
You're assuming a MITM server, the GP you're replying to doesn't realize that you can use a server in the middle, an SSL proxy, and that is how you can sign any cert.
The person you're responding to thinks that having a root CA distributed still means you would have to hack twitters website with your cert in order for your users to trust it, when you and I both know that we don't need to hack twitter, we just need a nice transparent SSL proxy to do it for us.
You are anal, but ANAL for sure and shouldn't be giving out such advice, you don't even understand the situation clearly.
It stopped being fraud when you agreed to the terms of joining the computer network, you know all that paperwork you filled out when you started school there or got a job? Yea, buried in that, you agreed to their rules if your using their network. No fraud committed.
Ignorance on your part is not fraud on their part unless they intentionally deceived you.
Someone who just doesn't bother to read the contract wasn't deceived, they were just stupid, and thats not fraud.
Sounds like you really don't understand CAs either. You install the root CA's public key on computers so that keys signed with it are trusted implicitly. There are 2 typical examples of it. NTActiveDirectory which ALWAYS distribute their own built in root CA to all machines on the network. So if you've used a machine on an active directory network, you've used a machine in this sort of setup. It gets used by ALL SORTS of shit within windows to provide encryption via SSL/TLS without having to buy a cert for EVERY server you own. Hell, I had a contract for a 5 man company that had over 100 certs total due to their requirements (legal and outside their control)
Like wise, the second example for non-windows shops is to use your own self signed certs internally for your mail servers and such that don't need public keys, you distribute the root CA cert to everyone, so they don't get prompted every time about an invalid certificate.
Every network I've been on in the last 10 years has had their own CA.
I assure you that companies like Google, Facebook, Twitter, Microsoft and their relation ALL do the EXACT SAME THING. Well, okay, Microsoft doesn't because they put their root CA into IE by default (they cheat as part of being the author of the software;). You think Google pays Verisign for the thousands of certs it uses internally that the public never sees?
And all that is well and good... right up until you agreed to their logging by joining their network, even in the UK. Once its disclosed, even in the UK, the rules change and there is nothing illegal being done here.
Next time, read all the shit you sign and/or click next next next finish on.
1) They don't, but its useful 2) It doesn't, why are you trying to make this is a political problem? 3) They don't give unrestrained access, they filter, which is part of the reason they do SSL MITM on EVERY SSL CONNECTION. 4) Why do you keep trying to make this about politics, it isn't.
Staff browsing whatever they please has nothing to do with politics and everything to do with someone who's not doing their job and should be fired. Why is it that someone like you always has to come along and try to act like its perfectly acceptable for you to do whatever the fuck you feel like doing on someone else's time and resources?
Use your own fucking network if you want to make a political statement.
Really? Then why is it a built in standard feature of Windows NT domains and ActiveDirectory that not a single person in Europe has ever mentioned turning off, nor can I find anything that indicates its a common question as to HOW to turn it off. And since I'm looking at a K build of Windows right now... with the Domain cert being distributed I know it happens in Europe (K and N builds were the result of EU anti-trust settlements that remove crap like Windows Media Player and other things the EU decided shouldn't be included)
So I call bullshit on your silly little 'we get way more privacy protections than you' bullshit. You might think you get way more protections, doesn't make it actually true when it comes to testing those protections, does it?
Most popular small business server software in the world... and you're claiming one of its standard features is illegal on an entire continent yet I've never heard it ever mentioned... and I deal with said continent...
And lets be realistic, your entire continent is pretty willy nilly about what it picks to have the moral high ground on, you know how Europeans think about Americans most of the time? Yea, thats how the rest of the world feels about Europeans when you guys get that retarded high and mighty 'well in Europe we do it better' shit going on. You do realize pretty much the entire rest of the world has kicked your ass at one time or another, right?
Get off your fucking high horse asshole. Most European countries wouldn't exist if everyone did things like Europe does. You'd all be speaking Japanese or Russian, if not German.
First, a school network is not a public network and it can run any policy it wants
Public has nothing to do with it. Public networks can run any policy they want as well, even public as in government funded ones since those are the only ones that are truly 'public networks'.
Second, regarding danger. The danger is exactly equivalent of the lowest security among the machine(s) that have a copy of the school root certificate (the private key part). If any of them gets compromised and the attacker gets a copy, he can do everything the school does, including interception and manipulation of traffic.
No, it isn't. You utterly fail to understand whats going on here or how SSL and PKI in general works.
The PCs have a copy of the schools PUBLIC CERTIFICATE AUTHORITY KEY installed on them, they DO NOT HAVE THE PRIVATE KEY, and there is no reason any PC should ever hold the root CA private key on a hard disk. I keep mine on USB drives physically disconnected from any computer unless I'm signing a batch of certs. You distribute (and this school did this) the PUBLIC portion of the key, so that when you send data signed with the private key, the public key can be used to verify it came from the holder of the private key. They aren't distributing their own private key, there is no reason why you would think that other than sheer ignorance on the subject, which means you shouldn't have commented at all.
If any PC with the CA cert gets compromised they can... do the exact same thing as anyone with a web browser he tells it to ignore the certificate warning and continue. They can't do anything with a public CA cert other than verify the CA actually signed stuff that claims it was signed by that CA. They can't pretend to be the CA, they would need the private key for impersonating the CA, and thats not what the web browser uses.
The school is merely adding to the existing root certificate store on your PC, which contains the root certificates from companies like Versign and Thawte... you don't see people randomly making certs from Thawte and Verisign, do you? No, because thats not how it works.
Just for the record, you get a copy of this same key, that is being installed, that you think gives the person the ability to impersonate the school... yea, that key is sent to you by the website you're connected to when you connect.
EVERY WEBSITE IN THE WORLD DISTRIBUTES THESE KEYS ARE PART OF EVERY SSL REQUEST. So even if you don't have the key, just visiting a website that is signed by the key will more than likely get you a copy of the key as its part of the 'certificate chain'.
which OS/Web-browser is so insecure that it accepts a root certificate from the network like this?
All of them? Or none of them, depending on your perspective. You can't just install a root cert over the network. It requires machine admin approval, which is implicit if you've joined a NT domain, or requires you to go through a certificate wizard to add the new root cert to your list of root certs.
The organization is having people add the certificate to their trusted root certificate store manually. This is not automated from a website, though it happens automatically to every machine on an NT domain.
Adding the certificate to your root certificate store, then allows your browser to trust these certs. The point is that what is happening here is that the organization is telling you tell your browser to trust the organizations certificates completely. At which point your browser does what you've asked it to do.
The browser is functioning EXACTLY as its supposed to, its just being asked to trust these people when it doesn't by default, thats the point of the entire article.
I've never been in a large organization that didn't use their own root CA cert, and I've certainly made sure it was done everywhere I've worked.
Has nothing to do with pulling a MITM on you. You aren't worth the fucking time and effort, get over yourself, you aren't special, no one cares what you're doing.
Its more likely they just didn't want to spend several thousand dollars making certs for everything that needs an SSL cert because none of the registered root CAs will let you sign your own domain certs... so they can get paid for every fucking cert you use. At one organization I worked with, we shaved off nearly 20k a year by going to our own internal CA.
Yep, we could have MITM any of those people.
Guess what, it would be easier and less suspicious to use a virus rather than a MITM. A MITM takes work, you have to setup the relay to be the actual MITM. Viruses to steal data are point click next a few time, select some options, click finish - with the current level of virus toolkits you can buy.
In theory, (which is false in this case, I'm sure) we would do the best possible, cleanest refining we could, so as to cause the least amount of damage to the planet on the whole. That is, if we were looking beyond ourselves.
The FCC governs radio rules, we're talking about the FAA, which governs airspace.
You were bound by the same laws as this guy for your aircraft to NOT be a drone. Once you break these rules, you become a drone and as such require full certification.
RC aircraft MUST be below 400 feet AGL. RC aircraft MUST remain in line of site of the operator. RC aircraft MUST NOT be operated for ANY commercial purpose.
If you break any of those you MUST have a waiver or a Certificate of Airworthiness for the aircraft (just like all commercial aircraft, including that Cessna some guy you know has) or you are breaking the law.
You were never allowed to fly your glider within 10 miles of controlled airport, and 2 or 5 miles of an uncontrolled airport. Ever.
Your ignorance of these rules does not mean they didn't exist.
FYI: I built and flew my first Gentle Lady (from Carl Goldberg!) when I was 14:)
I've lost line of sight to my aircraft, not a good feeling when you are aware of how much damage EVEN a Gentle Lady could do if it hit someone in the head with that hardwood nose at 20 knots or so that they fly. Light they are, but still significant mass.
Now... however, my aircraft ARE drones (all have ArduPilot or ArduCopters controllers in them now), now when I lose line of sight, I flip a transmitter switch and the aircraft brings itself home via autopilot... it goes into fully autonomous mode and comes home:) Of course, this is exactly what the FAA wants to avoid since that 'flight home' has at times involved flying into the side of a house as it tried to regain altitude for the trip home. That bird was a lost cause anyway, but none the less, one can argue it never would have hit the house had it followed the original rules.
My son was born last year, I already ordered him a Gentle Lady to build, and a Sophisticated Lady for myself (The gentle lady with a T tail and electric motor instead of winch/tow/upstart launch.
The DJI Phantom is a 'toy' that is causing them A LOT of problems with morons who can buy it, fly it, and get in trouble with it. They are in fact specifically mentioned in some FAA reports as they decide on how to deal with these issues.
How do you put a value on my desktop system, which is running Ubuntu Studio and gives me, at no cost other than the download, the equivalent of $10,000 of software for audio, image, and video production, as well as all the office machinery?
You stop lying. Your machine is running a bunch of knock off software thats no where near as good as the 10,000 software your comparing it to, thats why people still pay $10k for the other software. If your Linux knock off software was ACTUALLY 'professional' grade, the professionals would USE IT, not some guy who says 'I don't know anything about music but I have this awesome professional music editing software'.
Seriously, do you not realize how ridiculous you guys sound when you fanboy like this... you just told me how you have software thats as good as someone else's but you have no fucking clue how to use it... how the fuck do you have any idea how GREAT it is?
You don't.
You aren't a professional, and you don't know why the software you have isn't worth $10k and the other software is, and worse still is that you don't even know that you don't know it.
You were never in the market for Maya or Adobe products, you aren't a professional who needs them, thats why you think your free Linux software compares.
Nobody selling commercial software was going to see a penny from your pockets anyway. Its no loss. You guys throw that line out like anyone thinks you were ever going to buy it anyway. You guys lie to yourselves till you believe it.
Stop trying to pretend that your ubuntu box is the same as an actual professionals machine. Its not. It never will be, and the fact that you don't understand why it isn't is why you'll never be a professional to have the opinion in the first place.
To you, 'almost good enough' is great, and thats why you and Linux users will always be 'also rans' and 'has beens'. You're always chasing the better product. The commercial product.
Android is a shining example of someone else doing the work, and everyone else just making shitty copies. Hence why you might find more android devices than iOS, but iOS is still where the money is.
Your in a race with yourself to the bottom of the barrel, you just haven't figured it out yet.
Seriously, if you come here to talk about how this isn't a fundamental bitcoin problem, you deserve to have your noise smacked with newspaper like a dog.
The only 'benefit' bitcoin has is that its unregulated and not as well watched by the government... which means its easy for people to just steal your money and lie about it... I'm sorry, its easy for someone to setup an exchange and let someone else steal the coins from the 'hot wallet', whatever the fuck that is.
Before you open your mouth to defend bitcoin....
THIS WHAT WE'VE BEEN TELLING YOUR STUPID DUMB ASSES ABOUT, NOW SHUT THE FUCK UP, ITS A SHITTY IDEA.
One thing Bitcoin does do is make it much more practical to run your own bank.
A lot easier to rob too, just grab the one server with the bit coin data on it and walk out the door, far easier than hanging out and breaking into a big heavy safe.
So your problem is that people (and the government) are talking about BitCoin rather than just worshiping it like you do? I mean thats pretty much what you're saying.
I EXPECT the government to be discussing something like this. I EXPECT them to have opinions on both sides, thats GREAT, it means they are doing their fucking job for a change.
Just because they have vocal opinions, doesn't make them wrong any more than it magically makes them right.
Then you just go off into government conspiracy land blah blah blah whatever
So what you're saying is that everyone is supposed to magically learn from this how to defend against the next exchange which does a better job of handling its theft so no one gets any red flags until its too late and they've take ALL of the money rather than just half of it? Is that what you're saying?
This job was sloppy. The next one will be bigger (assuming a collapse doesn't occur this time, which I don't think it will, probably 1 or 2 more first) and probably not show any signs that its happening in advance.
This is a bitcoin issue, you just don't want it to be.
Half a billion dollars worth of bit coins just disappeared, well, was just publicly announced as disappeared.
And there isn't shit that anyone can do about it.
Thats a problem, and its a problem that exists BY DESIGN.
Your currency is one for criminals. There will be a few innocents who could benefit from such a currency outside of the governments watchful eye, but your currency isn't outside the governments watchful eye. They still see everything that happens, and that too is BY DESIGN. They just don't help when something like this happens.
You have your advantages and ideals twisted into ways to commit theft without fear of repercussion and you haven't solved any of the tracking issues really, you're just ignoring them because the bit coin network can magically track all transactions as needed but no one else can syphon that data off for their own correlation...
Seriously dude, open your eyes.
The fact that this happened AT ALL is a direct reflection on the very core design of BitCoin, and its not a bug, its intentional. Short sighted, but intentional.
Its a good experiment to use as a reference in the future, but for fucks sake man, read the writing on the wall.
Yes, they do, you utterly missed the point. You are not anonymous in ANY way using BitCoin, exactly the opposite in fact. The only theory you can follow is that you can create so many fake identities that its impossible to figure out who you are, but again, this is false.
I understand how it can happen, from a technical perspective, but only with effort. Negligence is hard to blame, because negligence of an admin, with the way things are logged now days generally means there is enough of a log between all copies of the servers involved for a site as popular as MtGox to piece together most of what happened and fix it. With reverse proxies/load balancers, application logs, database replication log files and all the like, and all the other bits that go with a cluster setup, you leave enough data laying around unless you actively work on deleting it when its no longer needed.
If someone is typically smart enough to go looking for data that needs to be cleaned up for security purposes, they've usually already made sure proper backup and audit procedures are in place to protect the data that needs to be stored, and they tend to make sure the important data gets stored. There is a pattern to of progression that seems to naturally protect from ignorance in large cluster.
Actually loosing half a billion dollars of someones virtual stash?
Bullshit.
It could happen, but it didn't. Hell, BitCoin has a built in transaction log that the 'network' has to agree on FFS. You know where some of this money went.
Put an iPhone in a faraday cage and the data won't be deleted. No way for the signal from Steven in the sky to tell it to delete the data. Disassemble the device, hot air the flash chips off the phone to you own custom boards... boom, full access to all the data. (Actually, not entirely true for smarter users with encrypted data, but close enough for this discussion, since all 3 of those iPhone users who encrypt their data don't have anything that matters anyway.)
Slashdot Mirror
The salt is generally stored as the first few chars of the hashed password. If the have a password, they almost certainly fave the salt used for it as well
So now giving someone who is unemployed a job ... suddenly becomes discrimination? Thats just fucked up.
You guys are miscommunicating.
You're assuming a MITM server, the GP you're replying to doesn't realize that you can use a server in the middle, an SSL proxy, and that is how you can sign any cert.
The person you're responding to thinks that having a root CA distributed still means you would have to hack twitters website with your cert in order for your users to trust it, when you and I both know that we don't need to hack twitter, we just need a nice transparent SSL proxy to do it for us.
You are anal, but ANAL for sure and shouldn't be giving out such advice, you don't even understand the situation clearly.
It stopped being fraud when you agreed to the terms of joining the computer network, you know all that paperwork you filled out when you started school there or got a job? Yea, buried in that, you agreed to their rules if your using their network. No fraud committed.
Ignorance on your part is not fraud on their part unless they intentionally deceived you.
Someone who just doesn't bother to read the contract wasn't deceived, they were just stupid, and thats not fraud.
Sounds like you really don't understand CAs either. You install the root CA's public key on computers so that keys signed with it are trusted implicitly. There are 2 typical examples of it. NTActiveDirectory which ALWAYS distribute their own built in root CA to all machines on the network. So if you've used a machine on an active directory network, you've used a machine in this sort of setup. It gets used by ALL SORTS of shit within windows to provide encryption via SSL/TLS without having to buy a cert for EVERY server you own. Hell, I had a contract for a 5 man company that had over 100 certs total due to their requirements (legal and outside their control)
Like wise, the second example for non-windows shops is to use your own self signed certs internally for your mail servers and such that don't need public keys, you distribute the root CA cert to everyone, so they don't get prompted every time about an invalid certificate.
Every network I've been on in the last 10 years has had their own CA.
I assure you that companies like Google, Facebook, Twitter, Microsoft and their relation ALL do the EXACT SAME THING. Well, okay, Microsoft doesn't because they put their root CA into IE by default (they cheat as part of being the author of the software ;). You think Google pays Verisign for the thousands of certs it uses internally that the public never sees?
Its not a political problem no matter how hard you try to turn it into one.
And all that is well and good ... right up until you agreed to their logging by joining their network, even in the UK. Once its disclosed, even in the UK, the rules change and there is nothing illegal being done here.
Next time, read all the shit you sign and/or click next next next finish on.
1) They don't, but its useful
2) It doesn't, why are you trying to make this is a political problem?
3) They don't give unrestrained access, they filter, which is part of the reason they do SSL MITM on EVERY SSL CONNECTION.
4) Why do you keep trying to make this about politics, it isn't.
Staff browsing whatever they please has nothing to do with politics and everything to do with someone who's not doing their job and should be fired. Why is it that someone like you always has to come along and try to act like its perfectly acceptable for you to do whatever the fuck you feel like doing on someone else's time and resources?
Use your own fucking network if you want to make a political statement.
Really? Then why is it a built in standard feature of Windows NT domains and ActiveDirectory that not a single person in Europe has ever mentioned turning off, nor can I find anything that indicates its a common question as to HOW to turn it off. And since I'm looking at a K build of Windows right now ... with the Domain cert being distributed I know it happens in Europe (K and N builds were the result of EU anti-trust settlements that remove crap like Windows Media Player and other things the EU decided shouldn't be included)
So I call bullshit on your silly little 'we get way more privacy protections than you' bullshit. You might think you get way more protections, doesn't make it actually true when it comes to testing those protections, does it?
Most popular small business server software in the world ... and you're claiming one of its standard features is illegal on an entire continent yet I've never heard it ever mentioned ... and I deal with said continent ...
And lets be realistic, your entire continent is pretty willy nilly about what it picks to have the moral high ground on, you know how Europeans think about Americans most of the time? Yea, thats how the rest of the world feels about Europeans when you guys get that retarded high and mighty 'well in Europe we do it better' shit going on. You do realize pretty much the entire rest of the world has kicked your ass at one time or another, right?
Get off your fucking high horse asshole. Most European countries wouldn't exist if everyone did things like Europe does. You'd all be speaking Japanese or Russian, if not German.
First, a school network is not a public network and it can run any policy it wants
Public has nothing to do with it. Public networks can run any policy they want as well, even public as in government funded ones since those are the only ones that are truly 'public networks'.
Second, regarding danger. The danger is exactly equivalent of the lowest security among the machine(s) that have a copy of the school root certificate (the private key part). If any of them gets compromised and the attacker gets a copy, he can do everything the school does, including interception and manipulation of traffic.
No, it isn't. You utterly fail to understand whats going on here or how SSL and PKI in general works.
The PCs have a copy of the schools PUBLIC CERTIFICATE AUTHORITY KEY installed on them, they DO NOT HAVE THE PRIVATE KEY, and there is no reason any PC should ever hold the root CA private key on a hard disk. I keep mine on USB drives physically disconnected from any computer unless I'm signing a batch of certs. You distribute (and this school did this) the PUBLIC portion of the key, so that when you send data signed with the private key, the public key can be used to verify it came from the holder of the private key. They aren't distributing their own private key, there is no reason why you would think that other than sheer ignorance on the subject, which means you shouldn't have commented at all.
If any PC with the CA cert gets compromised they can ... do the exact same thing as anyone with a web browser he tells it to ignore the certificate warning and continue. They can't do anything with a public CA cert other than verify the CA actually signed stuff that claims it was signed by that CA. They can't pretend to be the CA, they would need the private key for impersonating the CA, and thats not what the web browser uses.
The school is merely adding to the existing root certificate store on your PC, which contains the root certificates from companies like Versign and Thawte ... you don't see people randomly making certs from Thawte and Verisign, do you? No, because thats not how it works.
Just for the record, you get a copy of this same key, that is being installed, that you think gives the person the ability to impersonate the school ... yea, that key is sent to you by the website you're connected to when you connect.
EVERY WEBSITE IN THE WORLD DISTRIBUTES THESE KEYS ARE PART OF EVERY SSL REQUEST. So even if you don't have the key, just visiting a website that is signed by the key will more than likely get you a copy of the key as its part of the 'certificate chain'.
which OS/Web-browser is so insecure that it accepts a root certificate from the network like this?
All of them? Or none of them, depending on your perspective. You can't just install a root cert over the network. It requires machine admin approval, which is implicit if you've joined a NT domain, or requires you to go through a certificate wizard to add the new root cert to your list of root certs.
The organization is having people add the certificate to their trusted root certificate store manually. This is not automated from a website, though it happens automatically to every machine on an NT domain.
Adding the certificate to your root certificate store, then allows your browser to trust these certs. The point is that what is happening here is that the organization is telling you tell your browser to trust the organizations certificates completely. At which point your browser does what you've asked it to do.
The browser is functioning EXACTLY as its supposed to, its just being asked to trust these people when it doesn't by default, thats the point of the entire article.
I've never been in a large organization that didn't use their own root CA cert, and I've certainly made sure it was done everywhere I've worked.
Has nothing to do with pulling a MITM on you. You aren't worth the fucking time and effort, get over yourself, you aren't special, no one cares what you're doing.
Its more likely they just didn't want to spend several thousand dollars making certs for everything that needs an SSL cert because none of the registered root CAs will let you sign your own domain certs ... so they can get paid for every fucking cert you use. At one organization I worked with, we shaved off nearly 20k a year by going to our own internal CA.
Yep, we could have MITM any of those people.
Guess what, it would be easier and less suspicious to use a virus rather than a MITM. A MITM takes work, you have to setup the relay to be the actual MITM. Viruses to steal data are point click next a few time, select some options, click finish - with the current level of virus toolkits you can buy.
So, back to my original point.
In theory, (which is false in this case, I'm sure) we would do the best possible, cleanest refining we could, so as to cause the least amount of damage to the planet on the whole. That is, if we were looking beyond ourselves.
We aren't, and we won't.
I would say Tim Cook is doing an excellent job of maximizing profit.
He may be doing a lot of other, more noble things as well, but its all causing his company to maximize its profit.
Is he noble, or just good at what he does and picking 'the right way' to give people what they want?
No, you were never a drone pilot.
You were an RC aircraft pilot.
The FCC governs radio rules, we're talking about the FAA, which governs airspace.
You were bound by the same laws as this guy for your aircraft to NOT be a drone. Once you break these rules, you become a drone and as such require full certification.
RC aircraft MUST be below 400 feet AGL.
RC aircraft MUST remain in line of site of the operator.
RC aircraft MUST NOT be operated for ANY commercial purpose.
If you break any of those you MUST have a waiver or a Certificate of Airworthiness for the aircraft (just like all commercial aircraft, including that Cessna some guy you know has) or you are breaking the law.
You were never allowed to fly your glider within 10 miles of controlled airport, and 2 or 5 miles of an uncontrolled airport. Ever.
Your ignorance of these rules does not mean they didn't exist.
FYI: I built and flew my first Gentle Lady (from Carl Goldberg!) when I was 14 :)
I've lost line of sight to my aircraft, not a good feeling when you are aware of how much damage EVEN a Gentle Lady could do if it hit someone in the head with that hardwood nose at 20 knots or so that they fly. Light they are, but still significant mass.
Now ... however, my aircraft ARE drones (all have ArduPilot or ArduCopters controllers in them now), now when I lose line of sight, I flip a transmitter switch and the aircraft brings itself home via autopilot ... it goes into fully autonomous mode and comes home :) Of course, this is exactly what the FAA wants to avoid since that 'flight home' has at times involved flying into the side of a house as it tried to regain altitude for the trip home. That bird was a lost cause anyway, but none the less, one can argue it never would have hit the house had it followed the original rules.
My son was born last year, I already ordered him a Gentle Lady to build, and a Sophisticated Lady for myself (The gentle lady with a T tail and electric motor instead of winch/tow/upstart launch.
Yes!
The DJI Phantom is a 'toy' that is causing them A LOT of problems with morons who can buy it, fly it, and get in trouble with it. They are in fact specifically mentioned in some FAA reports as they decide on how to deal with these issues.
How do you put a value on my desktop system, which is running Ubuntu Studio and gives me, at no cost other than the download, the equivalent of $10,000 of software for audio, image, and video production, as well as all the office machinery?
You stop lying. Your machine is running a bunch of knock off software thats no where near as good as the 10,000 software your comparing it to, thats why people still pay $10k for the other software. If your Linux knock off software was ACTUALLY 'professional' grade, the professionals would USE IT, not some guy who says 'I don't know anything about music but I have this awesome professional music editing software'.
Seriously, do you not realize how ridiculous you guys sound when you fanboy like this ... you just told me how you have software thats as good as someone else's but you have no fucking clue how to use it ... how the fuck do you have any idea how GREAT it is?
You don't.
You aren't a professional, and you don't know why the software you have isn't worth $10k and the other software is, and worse still is that you don't even know that you don't know it.
You were never in the market for Maya or Adobe products, you aren't a professional who needs them, thats why you think your free Linux software compares.
Nobody selling commercial software was going to see a penny from your pockets anyway. Its no loss. You guys throw that line out like anyone thinks you were ever going to buy it anyway. You guys lie to yourselves till you believe it.
Stop trying to pretend that your ubuntu box is the same as an actual professionals machine. Its not. It never will be, and the fact that you don't understand why it isn't is why you'll never be a professional to have the opinion in the first place.
To you, 'almost good enough' is great, and thats why you and Linux users will always be 'also rans' and 'has beens'. You're always chasing the better product. The commercial product.
Android is a shining example of someone else doing the work, and everyone else just making shitty copies. Hence why you might find more android devices than iOS, but iOS is still where the money is.
Your in a race with yourself to the bottom of the barrel, you just haven't figured it out yet.
rocks ... doesn't it.
This is what you wanted right?
Seriously, if you come here to talk about how this isn't a fundamental bitcoin problem, you deserve to have your noise smacked with newspaper like a dog.
The only 'benefit' bitcoin has is that its unregulated and not as well watched by the government ... which means its easy for people to just steal your money and lie about it ... I'm sorry, its easy for someone to setup an exchange and let someone else steal the coins from the 'hot wallet', whatever the fuck that is.
Before you open your mouth to defend bitcoin ....
THIS WHAT WE'VE BEEN TELLING YOUR STUPID DUMB ASSES ABOUT, NOW SHUT THE FUCK UP, ITS A SHITTY IDEA.
One thing Bitcoin does do is make it much more practical to run your own bank.
A lot easier to rob too, just grab the one server with the bit coin data on it and walk out the door, far easier than hanging out and breaking into a big heavy safe.
So your problem is that people (and the government) are talking about BitCoin rather than just worshiping it like you do? I mean thats pretty much what you're saying.
I EXPECT the government to be discussing something like this. I EXPECT them to have opinions on both sides, thats GREAT, it means they are doing their fucking job for a change.
Just because they have vocal opinions, doesn't make them wrong any more than it magically makes them right.
Then you just go off into government conspiracy land blah blah blah whatever
Its really hard to see how Apple lost when you have FTP as prior art, as just one example of doing it over the Internet.
Really its mind numbing that you can basically add 'on the Internet' and get a patent for something someone ELSE has already done.
They didn't event switched virtual circuits.
So what you're saying is that everyone is supposed to magically learn from this how to defend against the next exchange which does a better job of handling its theft so no one gets any red flags until its too late and they've take ALL of the money rather than just half of it? Is that what you're saying?
This job was sloppy. The next one will be bigger (assuming a collapse doesn't occur this time, which I don't think it will, probably 1 or 2 more first) and probably not show any signs that its happening in advance.
This is a bitcoin issue, you just don't want it to be.
Half a billion dollars worth of bit coins just disappeared, well, was just publicly announced as disappeared.
And there isn't shit that anyone can do about it.
Thats a problem, and its a problem that exists BY DESIGN.
Your currency is one for criminals. There will be a few innocents who could benefit from such a currency outside of the governments watchful eye, but your currency isn't outside the governments watchful eye. They still see everything that happens, and that too is BY DESIGN. They just don't help when something like this happens.
You have your advantages and ideals twisted into ways to commit theft without fear of repercussion and you haven't solved any of the tracking issues really, you're just ignoring them because the bit coin network can magically track all transactions as needed but no one else can syphon that data off for their own correlation ...
Seriously dude, open your eyes.
The fact that this happened AT ALL is a direct reflection on the very core design of BitCoin, and its not a bug, its intentional. Short sighted, but intentional.
Its a good experiment to use as a reference in the future, but for fucks sake man, read the writing on the wall.
Yes, they do, you utterly missed the point. You are not anonymous in ANY way using BitCoin, exactly the opposite in fact. The only theory you can follow is that you can create so many fake identities that its impossible to figure out who you are, but again, this is false.
One really has to wonder how this happens.
I understand how it can happen, from a technical perspective, but only with effort. Negligence is hard to blame, because negligence of an admin, with the way things are logged now days generally means there is enough of a log between all copies of the servers involved for a site as popular as MtGox to piece together most of what happened and fix it. With reverse proxies/load balancers, application logs, database replication log files and all the like, and all the other bits that go with a cluster setup, you leave enough data laying around unless you actively work on deleting it when its no longer needed.
If someone is typically smart enough to go looking for data that needs to be cleaned up for security purposes, they've usually already made sure proper backup and audit procedures are in place to protect the data that needs to be stored, and they tend to make sure the important data gets stored. There is a pattern to of progression that seems to naturally protect from ignorance in large cluster.
Actually loosing half a billion dollars of someones virtual stash?
Bullshit.
It could happen, but it didn't. Hell, BitCoin has a built in transaction log that the 'network' has to agree on FFS. You know where some of this money went.
Put an iPhone in a faraday cage and the data won't be deleted. No way for the signal from Steven in the sky to tell it to delete the data. Disassemble the device, hot air the flash chips off the phone to you own custom boards ... boom, full access to all the data. (Actually, not entirely true for smarter users with encrypted data, but close enough for this discussion, since all 3 of those iPhone users who encrypt their data don't have anything that matters anyway.)