Watching all Tor endpoints and coordinating the traffic between them is an O(N^2) problem. Not a problem for a targeted attack, not so easy for attacking everybody, unless not many people use it. So people who bittorrent through Tor are, ironically, doing a public service.
You can publish your PKI cert in DNSSEC. This forces an attacker not only to get a CA to sign their fake cert, but also to subvert the DNSSEC hierarchy. The cert protects the integrity and confidentiality of the communication. So in fact DNSSEC can play a role in that, and result in a system that's harder to subvert.
Furthermore, the NSA hasn't entirely subverted that model of trust. It is not _as_ trustworthy as people thought, but systematically snooping on https traffic with faked certs is still something that's not practical—you can do a targeted snoop, but the wider you cast the net, the more likely it is that your attack will be noticed. So yes, subverting the PKI is a risk, but no, it doesn't mean the PKI, or DNSSEC, is useless.
Drafts aren't draft standards. They are drafts of documents that might someday become standards. Drafts that start with draft-ietf are drafts that have the consensus of some IETF working group to work on them, and are therefore somewhat closer to becoming standards. But they still aren't standards, and many of them die on the vine.
What PHB's document is is an individual submission. It's not got any kind of consensus yet. Not shocking, since the first version was published this morning. It's possible that it might be adopted by a working group, or be the basis for forming a new working group. Just as likely, several competing drafts that say similar things but differ on some key points will also be published, and there will be discussion about which one to work on, if any, or about combining the work. Eventually some document might reach a point where there is consensus to publish it, and then it would be a standard.
It's a messy and sometimes frustrating process, but by virtue of being a completely open process, it's hard to subvert it without leaving tracks, which is a big win for this particular subject.
This topic has generated a huge amount of interest in the IETF, and we're going to try to have a session on the topic in Vancouver, and also hopefully a presentation to the entire IETF in the meeting plenary. None of that is cast in concrete yet, because we have to get people to agree to come, and for that matter to come up with something to say. But it is something a lot of us would like to see happen, and it's being seriously worked on by the leadership.
Depends on their goal. The underwear bomber made a shitload of money for the pornoscanner companies. The shoe bomber slowed down security checkpoints. The liquid explosive fraud created a huge hassle and is now making a lot of money for concessions at airports. The amount of economic damage these attacks have caused is absolutely massive! A suitcase bomb at the TSA screening area doesn't have an easy and economically damaging countermeasure, so there's not much point. That attack was tried once. Aside from a temporary dip in the stock market in Russia, it was ineffective—no massively expensive security measures have been instituted in response.
The incentives in that case would be in the wrong place, which is why that practice was discontinued. Unfortunately, now the incentives are in a different wrong place. The TSA is not rewarded for being pleasant and minimally intrusive, so they aren't.
Furthermore, what the hell are they talking about anyway? Are they not aware of the TSA Secure Flight program? The no fly lists? Etc? You can't get anywhere near a commercial flight without the TSA knowing everything including your shoe size.
My main concern here is not that it's too late—if it's useful, I'd like to be able to use it. But based on Oracle's history with Java, I'm really reluctant to place my eggs in this basket. I'd rather use something that isn't going to give me licensing whiplash two years down the road when the marketing strategy shifts again.
It's not the case that there is no logic. Rather, the logic just doesn't have to do with protecting kids from porn. It has to do with getting votes. But the public is developing a resistance to this tactic, and good for them for doing so. The only check on lying politicians is a skeptical and informed electorate.
Isn't calling the police while brown some kind of violation of the criminal code? Seriously, it's not surprising that Trayvon didn't think of doing that, even if it might have resulted in a better outcome. It might also have resulted in him being tazed to death.
Actually, you have it exactly wrong. Intelligence agents collect real information from real organizations that might or might not engage in attacks. Intelligence machinery violates peoples' privacy indiscriminately. I'm not a big fan of institutionalized lying either, and secret agents sometimes act as agents provocateurs, which is reprehensible. But they also do tend to do a pretty good job of learning about upcoming attacks before they happen, and stopping them.
So I don't think you can claim that we shouldn't care when their lives are put at risk. Which is precisely why some lying shit in a political position in the government shouldn't ever use the excuse "agents' lives may be at risk" as a pretext for a search that has nothing to do with that.
Because people don't take you as seriously if you express yourself poorly. Complain about it all you want, but if you want to be taken seriously, take expressing yourself seriously.
If the pretext of "agents lives are at risk" is used when no agents' lives are at risk, people will stop accepting this as an excuse, and then it won't be possible to use it as a reason for a search even when there is a real risk. It's crying wolf.
Frustratingly, it is actually possible for released information to endanger agents' lives. By using this as a pretext for searches when there's no real basis for thinking an agent's life is being endangered, it is they who endanger agents' lives, not the people whose data they search on that basis.
What are we to believe when, likely soon, they claim that some piece of data they "found" in Miranda's possession actually endangers someone's life? That the data actually endangers anyone? That it was actually on one of Miranda's drives? How would we know? This is a farce.
Yeah, that worked out really well. Maybe you don't remember—the fallout was a long time ago. A lot of farms were affected. And that was a really mild incident—much less severe than the Fukushima event. A TMI-level accident at VY would suck, and would probably put a lot of Vermont farmers out of business, but wouldn't permanently ruin the state's agriculture. A Fukushima-level event would mean I'd have to move, permanently, and a lot of local farms would just be gone, for long enough that the owners would be bankrupt and off the land. It's easy to pretend this is a minor thing, but it's not: the Vermont brand is a really big deal, and a meltdown at VY would end that.
No argument on the carbon tax, but I really doubt anybody in Vermont is adding cows to make money on methane. What methane digesters are more likely to do is to make dairy farming more profitable, which could certainly result in more cows, but is more likely to result in the same number of cows, and a more comfortable farmer. There is so much excess manure being produced in various animal husbandry industries that methane digesters can't help but be a win. You've read about towns being inundated in pig manure because of a dam collapse, right? Farm workers dying because they fell into the pig sewage vat? If that pig manure had gone into a digester, that never would have happened—the solid output of the digester is pretty innocuous compared to what goes in.
Being a vegetarian, I'm not thrilled with the idea of putting more money in the pockets of pig farmers, but if it encourages them to do something useful with what is now a toxic waste product, it's just good sense to encourage them to do it.
Is sunshine really so scarce in the winter in Germany? In Vermont, we generated a ton of power this past winter. Germany is a bit further north, but it's not north of the Arctic circle or anything. I would assume that the panels are angled higher, and that the day is a bit shorter, but I suspect they still generate quite a bit of solar in the winter.
Slashdot Mirror
You can have end-to-end security any time you want. The problem is, most people don't know to want it.
Watching all Tor endpoints and coordinating the traffic between them is an O(N^2) problem. Not a problem for a targeted attack, not so easy for attacking everybody, unless not many people use it. So people who bittorrent through Tor are, ironically, doing a public service.
You can publish your PKI cert in DNSSEC. This forces an attacker not only to get a CA to sign their fake cert, but also to subvert the DNSSEC hierarchy. The cert protects the integrity and confidentiality of the communication. So in fact DNSSEC can play a role in that, and result in a system that's harder to subvert.
Furthermore, the NSA hasn't entirely subverted that model of trust. It is not _as_ trustworthy as people thought, but systematically snooping on https traffic with faked certs is still something that's not practical—you can do a targeted snoop, but the wider you cast the net, the more likely it is that your attack will be noticed. So yes, subverting the PKI is a risk, but no, it doesn't mean the PKI, or DNSSEC, is useless.
Private IETF list? Do tell!
Drafts aren't draft standards. They are drafts of documents that might someday become standards. Drafts that start with draft-ietf are drafts that have the consensus of some IETF working group to work on them, and are therefore somewhat closer to becoming standards. But they still aren't standards, and many of them die on the vine.
What PHB's document is is an individual submission. It's not got any kind of consensus yet. Not shocking, since the first version was published this morning. It's possible that it might be adopted by a working group, or be the basis for forming a new working group. Just as likely, several competing drafts that say similar things but differ on some key points will also be published, and there will be discussion about which one to work on, if any, or about combining the work. Eventually some document might reach a point where there is consensus to publish it, and then it would be a standard.
It's a messy and sometimes frustrating process, but by virtue of being a completely open process, it's hard to subvert it without leaving tracks, which is a big win for this particular subject.
This topic has generated a huge amount of interest in the IETF, and we're going to try to have a session on the topic in Vancouver, and also hopefully a presentation to the entire IETF in the meeting plenary. None of that is cast in concrete yet, because we have to get people to agree to come, and for that matter to come up with something to say. But it is something a lot of us would like to see happen, and it's being seriously worked on by the leadership.
Depends on their goal. The underwear bomber made a shitload of money for the pornoscanner companies. The shoe bomber slowed down security checkpoints. The liquid explosive fraud created a huge hassle and is now making a lot of money for concessions at airports. The amount of economic damage these attacks have caused is absolutely massive! A suitcase bomb at the TSA screening area doesn't have an easy and economically damaging countermeasure, so there's not much point. That attack was tried once. Aside from a temporary dip in the stock market in Russia, it was ineffective—no massively expensive security measures have been instituted in response.
The incentives in that case would be in the wrong place, which is why that practice was discontinued. Unfortunately, now the incentives are in a different wrong place. The TSA is not rewarded for being pleasant and minimally intrusive, so they aren't.
Furthermore, what the hell are they talking about anyway? Are they not aware of the TSA Secure Flight program? The no fly lists? Etc? You can't get anywhere near a commercial flight without the TSA knowing everything including your shoe size.
In what sense is this FUD? Please, reassure me. I would love to be able to trust that there is nothing to worry about here.
My main concern here is not that it's too late—if it's useful, I'd like to be able to use it. But based on Oracle's history with Java, I'm really reluctant to place my eggs in this basket. I'd rather use something that isn't going to give me licensing whiplash two years down the road when the marketing strategy shifts again.
It's not the case that there is no logic. Rather, the logic just doesn't have to do with protecting kids from porn. It has to do with getting votes. But the public is developing a resistance to this tactic, and good for them for doing so. The only check on lying politicians is a skeptical and informed electorate.
Isn't calling the police while brown some kind of violation of the criminal code? Seriously, it's not surprising that Trayvon didn't think of doing that, even if it might have resulted in a better outcome. It might also have resulted in him being tazed to death.
Actually, you have it exactly wrong. Intelligence agents collect real information from real organizations that might or might not engage in attacks. Intelligence machinery violates peoples' privacy indiscriminately. I'm not a big fan of institutionalized lying either, and secret agents sometimes act as agents provocateurs, which is reprehensible. But they also do tend to do a pretty good job of learning about upcoming attacks before they happen, and stopping them.
So I don't think you can claim that we shouldn't care when their lives are put at risk. Which is precisely why some lying shit in a political position in the government shouldn't ever use the excuse "agents' lives may be at risk" as a pretext for a search that has nothing to do with that.
Because people don't take you as seriously if you express yourself poorly. Complain about it all you want, but if you want to be taken seriously, take expressing yourself seriously.
If the pretext of "agents lives are at risk" is used when no agents' lives are at risk, people will stop accepting this as an excuse, and then it won't be possible to use it as a reason for a search even when there is a real risk. It's crying wolf.
Frustratingly, it is actually possible for released information to endanger agents' lives. By using this as a pretext for searches when there's no real basis for thinking an agent's life is being endangered, it is they who endanger agents' lives, not the people whose data they search on that basis.
What are we to believe when, likely soon, they claim that some piece of data they "found" in Miranda's possession actually endangers someone's life? That the data actually endangers anyone? That it was actually on one of Miranda's drives? How would we know? This is a farce.
That's unfortunate, but not deeply surprising. I assume you mean they aren't properly maintaining their generators?
Roughly 120.
Word. It's really frustrating to watch.
Yeah, that worked out really well. Maybe you don't remember—the fallout was a long time ago. A lot of farms were affected. And that was a really mild incident—much less severe than the Fukushima event. A TMI-level accident at VY would suck, and would probably put a lot of Vermont farmers out of business, but wouldn't permanently ruin the state's agriculture. A Fukushima-level event would mean I'd have to move, permanently, and a lot of local farms would just be gone, for long enough that the owners would be bankrupt and off the land. It's easy to pretend this is a minor thing, but it's not: the Vermont brand is a really big deal, and a meltdown at VY would end that.
That article doesn't say what you seem to think it says.
No, our power consumption isn't going up, so there's no need to dam more rivers.
The carbon tax has to be on imported products as well.
No argument on the carbon tax, but I really doubt anybody in Vermont is adding cows to make money on methane. What methane digesters are more likely to do is to make dairy farming more profitable, which could certainly result in more cows, but is more likely to result in the same number of cows, and a more comfortable farmer. There is so much excess manure being produced in various animal husbandry industries that methane digesters can't help but be a win. You've read about towns being inundated in pig manure because of a dam collapse, right? Farm workers dying because they fell into the pig sewage vat? If that pig manure had gone into a digester, that never would have happened—the solid output of the digester is pretty innocuous compared to what goes in.
Being a vegetarian, I'm not thrilled with the idea of putting more money in the pockets of pig farmers, but if it encourages them to do something useful with what is now a toxic waste product, it's just good sense to encourage them to do it.
Is sunshine really so scarce in the winter in Germany? In Vermont, we generated a ton of power this past winter. Germany is a bit further north, but it's not north of the Arctic circle or anything. I would assume that the panels are angled higher, and that the day is a bit shorter, but I suspect they still generate quite a bit of solar in the winter.