i don't get it. i guess you are trying to be funny.
Central Europe. The "Velvet Revolution". Fifteen years ago the people here, including me, were rather idealistic. Then we saw more.
don't be so arrogant.
I prefer calling it "skeptical".
most people in the world can't afford to have your principles.
Most people should be able to afford to call a spade a spade. I did not suggest to refuse such offer. I questioned the stated vs real value of the offer, and the purity of the donor's intentions, based on their track record.
Asking about the motives and questioning the value of public-relations data costs nothing, so it should be affordable even to the poorest. There is nothing wrong on accepting an offer, as long as you are aware about all the strings.
The more data they get the more useless it will become.
Then they start using automated data-mining. Possibly self-learning. Then you get fired from your job, because the cops come to your boss and ask about you, because the computer told them so, because it found a potential clue that you could be a terrorist, based on a statistically significant correlation between such profile and your unusual taste in pizza.
But you are right about one thing - many people will never trust MS no matter what they do - which I think is just plain old shameful since we forgive people who do a lot more graver of sins.
There is a difference between forgiveness and recklessness. Microsoft repeatedly demonstrated significant lack of trustworthiness. And now they are wondering why nobody believes them.
It will take couple more years of sustained effort to clean their act and some more additional time to become at least somehow trusted. By then, with luck, they will be a small company developing flight simulator games for unixes.
The Slashdot majority opinion seems to be that the manufacturer of the tool is not at fault if the tool is used to break the law, as long as the tool has legitimate legal uses.
That's the point. Now imagine the same claim, but backed with a significantly higher financial, lobbying, and PR clout.
Do not give up. Do not fight big battles. And do not fight alone.
You can take a house down with a single bomb. But you can do the same extent of damage as a million of termites, with much lower degree of risk for the participants; it just takes more patience and lacks the audiovisual effects.
There is a potential way. Disk encrypted with AES256, with the password stored in a secure hardware device, unlocked by a PIN with limited number of attempts, and automatically being destroyed when tampering is detected. A small SMD chip can be destroyed with the content of a single small firecracker; melting a disk is much more difficult. By destroying the key storage, the disk becomes worthless. The key destruction unit may be connected to the building security system, destroying the key when a forced entry is detected.
The key can be backed up, optionally splitted in m-of-n way, to allow recovery from accidents. The n parts of the key should be stored off-site, with people in other jurisdictions, who can afford to safely not comply with an official request.
Balancing the risk of data loss with the risk of data compromise is crucial here, and is a subject to the threat model.
You can not use nukes. Once you do, you make it an acceptable way - and your "umbrella" won't stop your *own* *test* probes, so for the SS-27 Topol-M beauties it won't be even a slow-down. Remember you are not the only one with ICBMs anymore. Such infantile sabre-rattling is laughable.
Your empire is still big, but in quiet nights you can hear the termites in its beams. Once the foreign banks start dumping dollars, you're toast.
...but I think in such a technological-dependent society like ours, I think we should keep those who seek to destroy our infrastructure in check by restricting their ability to use technology.
What about picking the correct problem? The problem is not the people attacking the infrastructure: they are the symptom. The problem is the vulnerability of the infrastructure and its brittleness. Screw the attackers - make the system resilient and tough and decentralized enough to turn more or less any kind of attack into a mere nuisance.
I just don't see the merit in letting anarchists run rampant either.
[1] For suitably small values of "well"; it's usually enough to keep the casual wardrivers out, and if nothing else it is a statement that the network is not intended to be open.
Even more impressive is work on a laggy terminal. You type in something, nothing happens on the screen. Couple seconds later, the other side spits out a lot of output, to the amazement of the bystanders. Looks quite like magic, especially when coupled with typing speed of a machine gun.
but what I would do is open your box, get your hd out, mirror it with my other pc, then put it back in. and then you have NO IDEA that I just snaked all your data.
That's what the encrypted filesystem is there for; then you also have to acquire the key.
Other possibility is the ATA password, supported by more modern disks.
You can also query the SMART registers in the disk, and check the power-on counter; if there was a discrepancy, a disk powered up without you knowing about it, check why.
Yet another option is welding the case shut. Won't stop the adversary, but will make tampering obvious and slows him down. You can also use sealing wax instead, if you want more service-friendly option, but a determined adversary will make a negative of the seal from the epoxy and then reseal it again.
I just want to demonstrate that unless your data is with you (USB) or in an isp datacenter, your so-called friends can play havoc.
An USB dongle may get lost or stolen (even easier than a stationary desktop machine). An ISP colocation may be entered by anyone posing as a serviceman, if their security is sufficiently lax (which it way too often is); social engineering is a king here.
You can tear the password out of the serial EEPROM that's on the board. (No more CMOS RAM with battery, usually; the battery is there now only for the RTC chip.) You can also get in if you ground the SDA line from the EEPROM at the right moment; some BIOSes then think the password has zero length. Or you can add a hardware keylogger into the keyboard (or compromise it in other way, beware of wireless keyboards here, or use a pinhole cam, or TEMPEST emissions of the keyboard, or the differences in the sound of individual keys, there are MANY options), and get the password for both the BIOS and the encrypted filesystem.
For billions of years various life forms were taking their genomes, mixing them together and adding bits of innovation, or outright borrowed entire blocks of code (some bacteria are experts at this), and nobody complained.
Then Monsanto lawyers came and started rewriting the history.
You might get away with it for a while or at even forever, but it's no way to operate in a democratic society.
This argument presumes that we live in a democratic society. Which, according to some indices, is not necessarily true.
If you want laws to change there are ways to do that, however difficult.
WAY too difficult, time consuming, and costly. Sure, it is the systemic solution, but I personally am in favor of an evolutionary approach: throw a range of different solutions on a problem, and watch what's the best. Besides, technological solutions to legislative problems take less time; while They need several sessions and tons of paperwork to do even a little change (and the result is uncertain), code can be written by a single person overnight. With finite lifetimes, this is an important factor; a change in the law is worthless for you when you don't live anymore to enjoy it, or are so Alzheimered you don't even remember there are laws at all.
If you do that, they can still go after the listeners.
That is true, however the international jurisdiction differences may pose an advantage here. What about listening to an offshore source, from where licence fees do not apply?
The connection should not be a "hard" indication of infringement, doubtful enough to give even a not too good lawyer a good chance to find a way out.
Even without this, the listeners are more expendable than the producers.
...but it's definitely worth it just to avoid the legal hassle if your a hobbyist.
This brings an interesting question: how to anonymize the stream source, the initial node. How to make impractically difficult to trace down the originator of the stream. Once this is solved, no more paperwork for hobbyists.
Now these tin whiskers aside, this sucks for people who like ot do electronics work at home. The only solder blends that are easy to work with contain lead.
My suggestion is to stockpile the lead-based solder. It's a temporary solution, but will buy some time. (Making your own SnPb alloy and turning it into flux-filled wires is a bit too difficult to propose as a solution, though in the future it will probably be the only way.)
Also, it's necessary to be aware about various gotchas. Some parts are plated with tin-bismuth alloy. When these are soldered with tin-lead solder, a tin-bismuth-lead alloy is formed which has significantly lower melting point, which can lead (no pun intended) to a nasty surprise when a high-power part heats up and desolders.
However the small amount of lead used on PCBs is NOT the problem, and getting rid of it just creats MORE waste by creating electronics that die faster.
This is the likely reason why the manufactures aren't loudly protesting the lead-free future. If a device dies, it enforces an upgrade much better than mere moral obsolescence, which promises some future profit.
Slashdot Mirror
Central Europe. The "Velvet Revolution". Fifteen years ago the people here, including me, were rather idealistic. Then we saw more.
don't be so arrogant.
I prefer calling it "skeptical".
most people in the world can't afford to have your principles.
Most people should be able to afford to call a spade a spade. I did not suggest to refuse such offer. I questioned the stated vs real value of the offer, and the purity of the donor's intentions, based on their track record.
Asking about the motives and questioning the value of public-relations data costs nothing, so it should be affordable even to the poorest. There is nothing wrong on accepting an offer, as long as you are aware about all the strings.
When we were making the revolution here, we hoped for honesty and transparency. We were naive.
but that does not dimish the good things that happen as a result of the cash.
Wondering how big percentage of this sum is not in cash but in the unmanageable crap he peddles as software...
Then they start using automated data-mining. Possibly self-learning. Then you get fired from your job, because the cops come to your boss and ask about you, because the computer told them so, because it found a potential clue that you could be a terrorist, based on a statistically significant correlation between such profile and your unusual taste in pizza.
There is a difference between forgiveness and recklessness. Microsoft repeatedly demonstrated significant lack of trustworthiness. And now they are wondering why nobody believes them.
It will take couple more years of sustained effort to clean their act and some more additional time to become at least somehow trusted. By then, with luck, they will be a small company developing flight simulator games for unixes.
That's the point. Now imagine the same claim, but backed with a significantly higher financial, lobbying, and PR clout.
True.
Do not give up. Do not fight big battles. And do not fight alone.
You can take a house down with a single bomb. But you can do the same extent of damage as a million of termites, with much lower degree of risk for the participants; it just takes more patience and lacks the audiovisual effects.
Because you see you made a mistake, and want others to stop and think and not make the same mistake later?
There is a potential way. Disk encrypted with AES256, with the password stored in a secure hardware device, unlocked by a PIN with limited number of attempts, and automatically being destroyed when tampering is detected. A small SMD chip can be destroyed with the content of a single small firecracker; melting a disk is much more difficult. By destroying the key storage, the disk becomes worthless. The key destruction unit may be connected to the building security system, destroying the key when a forced entry is detected.
The key can be backed up, optionally splitted in m-of-n way, to allow recovery from accidents. The n parts of the key should be stored off-site, with people in other jurisdictions, who can afford to safely not comply with an official request.
Balancing the risk of data loss with the risk of data compromise is crucial here, and is a subject to the threat model.
You can not use nukes. Once you do, you make it an acceptable way - and your "umbrella" won't stop your *own* *test* probes, so for the SS-27 Topol-M beauties it won't be even a slow-down. Remember you are not the only one with ICBMs anymore. Such infantile sabre-rattling is laughable.
Your empire is still big, but in quiet nights you can hear the termites in its beams. Once the foreign banks start dumping dollars, you're toast.
Be careful. Very careful.
What about picking the correct problem? The problem is not the people attacking the infrastructure: they are the symptom. The problem is the vulnerability of the infrastructure and its brittleness. Screw the attackers - make the system resilient and tough and decentralized enough to turn more or less any kind of attack into a mere nuisance.
I just don't see the merit in letting anarchists run rampant either.
Penetration tests for free.
Failing to pass packets? I didn't hear about this failure mode yet. Is it a design fault, or just a device-specific implementation bug?
WPA works well[1], when switched on.
[1] For suitably small values of "well"; it's usually enough to keep the casual wardrivers out, and if nothing else it is a statement that the network is not intended to be open.
Even more impressive is work on a laggy terminal. You type in something, nothing happens on the screen. Couple seconds later, the other side spits out a lot of output, to the amazement of the bystanders. Looks quite like magic, especially when coupled with typing speed of a machine gun.
That's what the encrypted filesystem is there for; then you also have to acquire the key.
Other possibility is the ATA password, supported by more modern disks.
You can also query the SMART registers in the disk, and check the power-on counter; if there was a discrepancy, a disk powered up without you knowing about it, check why.
Yet another option is welding the case shut. Won't stop the adversary, but will make tampering obvious and slows him down. You can also use sealing wax instead, if you want more service-friendly option, but a determined adversary will make a negative of the seal from the epoxy and then reseal it again.
I just want to demonstrate that unless your data is with you (USB) or in an isp datacenter, your so-called friends can play havoc.
An USB dongle may get lost or stolen (even easier than a stationary desktop machine). An ISP colocation may be entered by anyone posing as a serviceman, if their security is sufficiently lax (which it way too often is); social engineering is a king here.
You can tear the password out of the serial EEPROM that's on the board. (No more CMOS RAM with battery, usually; the battery is there now only for the RTC chip.) You can also get in if you ground the SDA line from the EEPROM at the right moment; some BIOSes then think the password has zero length. Or you can add a hardware keylogger into the keyboard (or compromise it in other way, beware of wireless keyboards here, or use a pinhole cam, or TEMPEST emissions of the keyboard, or the differences in the sound of individual keys, there are MANY options), and get the password for both the BIOS and the encrypted filesystem.
For billions of years various life forms were taking their genomes, mixing them together and adding bits of innovation, or outright borrowed entire blocks of code (some bacteria are experts at this), and nobody complained.
Then Monsanto lawyers came and started rewriting the history.
Mother Nature's code was, is, and will be GPL.
Can you counter-sue then, for twice the amount, as a punitive damage for allowing contamination of your crop?
More elegant solution would be to require the creationists to put similar stickers into their Bibles.
Don't think.
If you think, don't write.
If you write, don't sign.
If you sign, don't wonder.
It's sad that the Revolution brought us no real change. Maybe another one should be performed?
This argument presumes that we live in a democratic society. Which, according to some indices, is not necessarily true.
If you want laws to change there are ways to do that, however difficult.
WAY too difficult, time consuming, and costly. Sure, it is the systemic solution, but I personally am in favor of an evolutionary approach: throw a range of different solutions on a problem, and watch what's the best. Besides, technological solutions to legislative problems take less time; while They need several sessions and tons of paperwork to do even a little change (and the result is uncertain), code can be written by a single person overnight. With finite lifetimes, this is an important factor; a change in the law is worthless for you when you don't live anymore to enjoy it, or are so Alzheimered you don't even remember there are laws at all.
That is true, however the international jurisdiction differences may pose an advantage here. What about listening to an offshore source, from where licence fees do not apply?
The connection should not be a "hard" indication of infringement, doubtful enough to give even a not too good lawyer a good chance to find a way out.
Even without this, the listeners are more expendable than the producers.
This brings an interesting question: how to anonymize the stream source, the initial node. How to make impractically difficult to trace down the originator of the stream. Once this is solved, no more paperwork for hobbyists.
Bureaucracy is a form of terrorism.
Making money on their own holes. Even Swiss cheese manufacturers didn't achieve this degree of perfection.
My suggestion is to stockpile the lead-based solder. It's a temporary solution, but will buy some time. (Making your own SnPb alloy and turning it into flux-filled wires is a bit too difficult to propose as a solution, though in the future it will probably be the only way.)
Also, it's necessary to be aware about various gotchas. Some parts are plated with tin-bismuth alloy. When these are soldered with tin-lead solder, a tin-bismuth-lead alloy is formed which has significantly lower melting point, which can lead (no pun intended) to a nasty surprise when a high-power part heats up and desolders.
This is the likely reason why the manufactures aren't loudly protesting the lead-free future. If a device dies, it enforces an upgrade much better than mere moral obsolescence, which promises some future profit.