Well, which is going to win? Billions of years of sun, or hundreds or thousands of miles of rock?
I suspect the sun will. The core of the Earth is hot too, but the surface isn't. But if you go down just a few miles, the temperature increases so much that humans can't survive without special cooling. The Earth has had a few billion years to find an equilibrium too.
In any event, my only point was that rock isn't a particularly good insulator, that it only seems that way because there's so much of it.
Nice analogy about legal analysis vs. dentistry, except that if you were appropriately trained, you could do your own legal analysis, and probably not your own dentistry...
Of course, I imagine your point is that you're not appropriately trained to do legal analysis, though you may or may not be trained to do dentistry -- but even if you are, it's hard to drill on your own teeth.
I do level 3 (find and fix the tough stuff) tech support for enterprise level software. The skills needed for this are basically systems administrator type stuff along with programming.
When I have to tell people who don't really know computers what I do, I just say `I program computers'. And they go `oh'. It's far easier than trying to explain what I really do.
(And even so, the next thing they tend to say `oh yeah? Well, my computer has this problem...')
No. She's always been friendly (like all my neighbors, not *extra* friendly or anything like that) to me, and so I just deleted them. I thought about telling her, asking if she needed the pictures, but it seemed that the most likely outcome of all of that would be to embarrass her.
And besides, the pictures weren't anything special. She's not ugly, but she's not `Internet beautiful' either. If you're looking for pictures of naked women, the Internet is at your disposal, and you'll find much hotter women than her. Or if you just want `30 something girl next door' types, the Internet can hook you up there too.
Perhaps not, but perhaps two thirds of the second hand electronics that has any sort of storage (memory cards, hard drives, computers) that I've bought did have private information of some sort on it -- file systems, pictures, etc.
A digital camera I bought at a garage sale even had nude pictures of one of my neighbors! And they weren't even deleted -- they were right there. Turned the camera on, poked around, and there they were.
And when the devices are erased, generally all that anybody did was erase all the files, or at best they formatted the drive -- meaning that the data was generally easily recoverable just with some software. Camera cards especially -- scanning them for JPEG signatures is extremely easy to do, and will recover most of the pictures on the card automatically. Just like hard drives, they need to be erased by writing junk to every sector.
In related news, researches have discovered that Gutenberg's printing press has similar flaws. By using modern technology such as photocopiers or cameras, or older technology such as monks and pens (or additional printing presses) criminals can create nearly identical copies of items printed with the press, depriving the original creators of the material of much needed compensation.
Gutenberg did not immediately return calls for comment, however it's theorized that he did not build in an encryption option to his printing press in order to boot comprehension speeds (Simple substitution ciphers were well established at the time of the creation of the printing press, and Gutenburg could have easily applied their techniques in the creation of his press, however it's not entire certain how effective it would have been at preventing piracy. (Somewhat (at most) effective DRM techniques were developed centuries later.))
That said, it's a great resource. Yes, take everything you read with a grain of salt, but you should do with anything you read anywhere.
And 99+% of what's on Wikipedia probably is accurate. There are some things where people don't really agree on what something is, and in some cases the Wikipedia entry there doesn't have a proper NPOV, but for the most part, Wikipedia is factual and accurate. It's not perfect, but it's damn good. The situations where it fails are a very small part of the total.
Does anybody still actually use usenet for anything other than the binary groups?
Yes, thousands of people do.
For example, I see posts from 41,788 unique user@hosts to Big-8 groups for September so far. This does not include alt.* or any regional groups, does not include any binary groups, the feed has already been filtered for obvious spam, and does not include people who only read and did not post during this period.
I think the point is that Asus *was* sloppy about it, and they just happened to get away with it until now. That's the nature of sloppy work -- if it's too sloppy, you don't get away with it, so you improve the quality until you generally can get away with it. Doesn't need to be 100% -- just most of the time.
I'll bet they don't make the same mistake again. (Though of course, they may make similar makes, or may create procedures to help prevent them too. We shall see.)
To expand on that, if I buy a computer, it gets reinstalled. Even if it comes with the OS I want, I still reinstall it, because I want it to be in a known condition -- who knows what they did to it?
If it came with Linux, fine, but it's probably not the distribution I want. And even if it is, it's probably not the most recent version. And even if it is, who knows what's been changed? Easier to just reinstall, then I know it matches that other computer I already have.
Of course, this assumes that there's some way out of the Microsoft tax. If not selling Linux versions means that you have to pay the Microsoft tax, _then_ I do care. Though even if I bought a computer with Windows, and I wanted to use Windows on it, I'd reinstall it in most cases -- for the same reasons.
Note that there is a benefit to having them ship Linux laptops -- it tends to mean that Linux fully supports the laptop. But that's usually the case anyways, and it doesn't really depend on them actually shipping Linux laptops.
It's probably wired into the network, stuffed in a closet or a ceiling somewhere. Perhaps it does have another interface, a wireless one -- but it could be a backdoor without that too. Or perhaps it's not a backdoor at all.
In any event, that they are trying to find it via legal means rather than network means does indeed suggest that they're incompetent. And even if they can't physically find it, they should be able to disable it easily enough.
In real world situations, once random will stop anybody who isn't ready to throw lots of money and time at the problem. Twice random will probably stop most of the rest. Three or four random passes will probably stop the NSA even if they have a million dollar budget to get your data.
Seven pass is just massive overkill, `just in case'. But since it only takes a little longer than twice as long as three overwrites, might as well, just to be _sure_.
Of course, this all assumes that the data is actually being overwritten. If your drive has a sector that was marked bad and remapped, it doesn't matter if your drive is written 1000 times with random data-- if this old sector isn't being rewritten, then it's still there for somebody with the right skills and equipment (who can bypass the remapping) to read.
He probably got the details wrong. More likely is that the disk was erased via (quick) formatting (i.e. write a new FAT and not much else) and then the data was still found to be there with a hex editor.
If it's truly a proper Faraday cage for the frequencies involved, it doesn't matter if the object and the cage are electrically separated or not -- it'll still work. This is a function of Gauss's law.
In this case, either the aluminum foil wasn't thick enough, or the gaps in it were too large. A cell phone is generally pretty sensitive, so even if you reduce the signal by a factor of one million, it may still be able to pick it up.
Of course, at the `types it in' step, it's in plaintext. If the application were to be... altered to save these plaintext passwords somewhere, you'd probably never know.
People reuse passwords, yes. They shouldn't. It's usually best to assume that everybody involved at the company or website you're dealing with has access to your password (and in many cases, they do, either directly or indirectly) and make it unique accordingly.
The problem with talking about people `getting on the Clue Train' is that while the clues are usually obvious in retrospect, they're not always obvious at the time.
No matter what the clue is, somebody knows it, and probably shares it with the paper somehow. The problem is that the newspaper has to filter through 1000 different clues, and pick the ones that will turn out to be `true' and discard the `wrong' ones. And this isn't so easy -- successful executives made the right choices, and failed executives chose poorly. And the problem isn't specific to newspapers.
Unfortunately, there's not just one Clue Train. There's 1000 of them, and you have to pick the right ones. And it's not always easy.
Refusing to give him the key (or tell where it's hidden) should not be `obstructing justice'. You have the right to remain silent. You do not have to say ANYTHING that may incriminate yourself. Of course, if you physically have the key on you, I'm not sure you can prevent them from taking it from you, but they can't force you to give over the combination. (US, of course. Other countries work differently.)
However, there is no such thing as an indestructible safe. If the cops want in bad enough, they WILL get in. They might tear your house up getting the safe out (assuming it's permanently mounted, as it should be) but once they get it out, they WILL get it open. (It would be interesting if some new material was developed that was SO strong that safes made out of it could NOT be opened. But so far, this is not the case.)
However, an encrypted hard drive is a different matter. Properly done, the police should not be able to decrypt it, at least without throwing a ten thousand cpu-years of cracking at it.
Why should it be different? It's not, assuming that the key is a bit of knowledge rather than a physical object that can be taken from you.
Slashdot Mirror
No, I don't.
(And yes, I know what you're referring to.)
I don't think they quite have shots for everything yet ...
Well, which is going to win? Billions of years of sun, or hundreds or thousands of miles of rock?
I suspect the sun will. The core of the Earth is hot too, but the surface isn't. But if you go down just a few miles, the temperature increases so much that humans can't survive without special cooling. The Earth has had a few billion years to find an equilibrium too.
In any event, my only point was that rock isn't a particularly good insulator, that it only seems that way because there's so much of it.
Rock does conduct heat very well. Well, some do. Others not so well, but none of them are what we would call good insulators.
But hundreds or thousands of miles of *anything* will make a very effective insulator. :)
Nice analogy about legal analysis vs. dentistry, except that if you were appropriately trained, you could do your own legal analysis, and probably not your own dentistry ...
Of course, I imagine your point is that you're not appropriately trained to do legal analysis, though you may or may not be trained to do dentistry -- but even if you are, it's hard to drill on your own teeth.
When I have to tell people who don't really know computers what I do, I just say `I program computers'. And they go `oh'. It's far easier than trying to explain what I really do.
(And even so, the next thing they tend to say `oh yeah? Well, my computer has this problem ...')
Indeed, a true visionary.
Is he out of prison yet?
No. She's always been friendly (like all my neighbors, not *extra* friendly or anything like that) to me, and so I just deleted them. I thought about telling her, asking if she needed the pictures, but it seemed that the most likely outcome of all of that would be to embarrass her.
And besides, the pictures weren't anything special. She's not ugly, but she's not `Internet beautiful' either. If you're looking for pictures of naked women, the Internet is at your disposal, and you'll find much hotter women than her. Or if you just want `30 something girl next door' types, the Internet can hook you up there too.
Perhaps not, but perhaps two thirds of the second hand electronics that has any sort of storage (memory cards, hard drives, computers) that I've bought did have private information of some sort on it -- file systems, pictures, etc.
A digital camera I bought at a garage sale even had nude pictures of one of my neighbors! And they weren't even deleted -- they were right there. Turned the camera on, poked around, and there they were.
And when the devices are erased, generally all that anybody did was erase all the files, or at best they formatted the drive -- meaning that the data was generally easily recoverable just with some software. Camera cards especially -- scanning them for JPEG signatures is extremely easy to do, and will recover most of the pictures on the card automatically. Just like hard drives, they need to be erased by writing junk to every sector.
In any event, few people seem to do this.
Sure, that's a nice rule of thumb, one you'll probably not go wrong following, but it's not a rule in general.
In related news, researches have discovered that Gutenberg's printing press has similar flaws. By using modern technology such as photocopiers or cameras, or older technology such as monks and pens (or additional printing presses) criminals can create nearly identical copies of items printed with the press, depriving the original creators of the material of much needed compensation.
Gutenberg did not immediately return calls for comment, however it's theorized that he did not build in an encryption option to his printing press in order to boot comprehension speeds (Simple substitution ciphers were well established at the time of the creation of the printing press, and Gutenburg could have easily applied their techniques in the creation of his press, however it's not entire certain how effective it would have been at preventing piracy. (Somewhat (at most) effective DRM techniques were developed centuries later.))
Wikipedia bashing is in-vogue right now.
That said, it's a great resource. Yes, take everything you read with a grain of salt, but you should do with anything you read anywhere.
And 99+% of what's on Wikipedia probably is accurate. There are some things where people don't really agree on what something is, and in some cases the Wikipedia entry there doesn't have a proper NPOV, but for the most part, Wikipedia is factual and accurate. It's not perfect, but it's damn good. The situations where it fails are a very small part of the total.
Does anybody still actually use usenet for anything other than the binary groups?
Yes, thousands of people do.
For example, I see posts from 41,788 unique user@hosts to Big-8 groups for September so far. This does not include alt.* or any regional groups, does not include any binary groups, the feed has already been filtered for obvious spam, and does not include people who only read and did not post during this period.
I think the point is that Asus *was* sloppy about it, and they just happened to get away with it until now. That's the nature of sloppy work -- if it's too sloppy, you don't get away with it, so you improve the quality until you generally can get away with it. Doesn't need to be 100% -- just most of the time.
I'll bet they don't make the same mistake again. (Though of course, they may make similar makes, or may create procedures to help prevent them too. We shall see.)
It wasn't old-hat when the first 66 MHz dual proc BeBox with 8 MB of RAM running BeOS came out, however.
If it came with Linux, fine, but it's probably not the distribution I want. And even if it is, it's probably not the most recent version. And even if it is, who knows what's been changed? Easier to just reinstall, then I know it matches that other computer I already have.
Of course, this assumes that there's some way out of the Microsoft tax. If not selling Linux versions means that you have to pay the Microsoft tax, _then_ I do care. Though even if I bought a computer with Windows, and I wanted to use Windows on it, I'd reinstall it in most cases -- for the same reasons.
Note that there is a benefit to having them ship Linux laptops -- it tends to mean that Linux fully supports the laptop. But that's usually the case anyways, and it doesn't really depend on them actually shipping Linux laptops.
What makes you assume it's a wireless device?
The article doesn't say anything like that.
It's probably wired into the network, stuffed in a closet or a ceiling somewhere. Perhaps it does have another interface, a wireless one -- but it could be a backdoor without that too. Or perhaps it's not a backdoor at all.
In any event, that they are trying to find it via legal means rather than network means does indeed suggest that they're incompetent. And even if they can't physically find it, they should be able to disable it easily enough.
Ban DHMO.
In real world situations, once random will stop anybody who isn't ready to throw lots of money and time at the problem. Twice random will probably stop most of the rest. Three or four random passes will probably stop the NSA even if they have a million dollar budget to get your data.
Seven pass is just massive overkill, `just in case'. But since it only takes a little longer than twice as long as three overwrites, might as well, just to be _sure_.
Of course, this all assumes that the data is actually being overwritten. If your drive has a sector that was marked bad and remapped, it doesn't matter if your drive is written 1000 times with random data-- if this old sector isn't being rewritten, then it's still there for somebody with the right skills and equipment (who can bypass the remapping) to read.
He probably got the details wrong. More likely is that the disk was erased via (quick) formatting (i.e. write a new FAT and not much else) and then the data was still found to be there with a hex editor.
If it's truly a proper Faraday cage for the frequencies involved, it doesn't matter if the object and the cage are electrically separated or not -- it'll still work. This is a function of Gauss's law.
In this case, either the aluminum foil wasn't thick enough, or the gaps in it were too large. A cell phone is generally pretty sensitive, so even if you reduce the signal by a factor of one million, it may still be able to pick it up.
Installing your own perl under /usr/local, leaving the system one alone under /usr, that waives your support contract?
Seems unlikely, and if actually true, remarkably stupid.
(However, messing with the perl under /usr, that would be a mistake. It could easily break other things that depended on that specific version ...)
Of course, at the `types it in' step, it's in plaintext. If the application were to be ... altered to save these plaintext passwords somewhere, you'd probably never know.
People reuse passwords, yes. They shouldn't. It's usually best to assume that everybody involved at the company or website you're dealing with has access to your password (and in many cases, they do, either directly or indirectly) and make it unique accordingly.
The problem with talking about people `getting on the Clue Train' is that while the clues are usually obvious in retrospect, they're not always obvious at the time.
No matter what the clue is, somebody knows it, and probably shares it with the paper somehow. The problem is that the newspaper has to filter through 1000 different clues, and pick the ones that will turn out to be `true' and discard the `wrong' ones. And this isn't so easy -- successful executives made the right choices, and failed executives chose poorly. And the problem isn't specific to newspapers.
Unfortunately, there's not just one Clue Train. There's 1000 of them, and you have to pick the right ones. And it's not always easy.
Refusing to give him the key (or tell where it's hidden) should not be `obstructing justice'. You have the right to remain silent. You do not have to say ANYTHING that may incriminate yourself. Of course, if you physically have the key on you, I'm not sure you can prevent them from taking it from you, but they can't force you to give over the combination. (US, of course. Other countries work differently.)
However, there is no such thing as an indestructible safe. If the cops want in bad enough, they WILL get in. They might tear your house up getting the safe out (assuming it's permanently mounted, as it should be) but once they get it out, they WILL get it open. (It would be interesting if some new material was developed that was SO strong that safes made out of it could NOT be opened. But so far, this is not the case.)
However, an encrypted hard drive is a different matter. Properly done, the police should not be able to decrypt it, at least without throwing a ten thousand cpu-years of cracking at it.
Why should it be different? It's not, assuming that the key is a bit of knowledge rather than a physical object that can be taken from you.