In theory, only one end needs to authenticate the other.
In practice, the website depends on the client to do a good job of this. So if you're running MS Windows, the Tunisan government can put a trusted root certificate in your computer with the endorsement of Microsoft. So even running https everywhere will not save Facebook from Microsoft.
Try it yourself. If you have access to a Windows machine, visit http://bit.ly/eWYRbA in IE then check your personal cert store for Agence Nationale de Certification Electronique.
If you think this is a big deal, retweet it or spread the word in other ways. I'm at a loss to explain why people aren't realizing the magnitude of this.
Of course, what's even better is that it's a CODE SIGNING cert.;-) Now that's what I call pwned!
This would be exceptionally awesome if they can overcome the real and NIMBY hurdles.
If it really is as simple as a solar-heated aquarium with a gas pump nozzle on the side, I imagine most people would love to have one in their backyard.
Perhaps in sunny areas the existing roof area of single-family homes would be sufficient to provide for the occupant's driving.
But those organisms do need other nutrients, so the "no feedstock" bit can't be true.
Yeah, but not necessarily enough to qualify as "feedstock". E.g., compare the bulk sugar feedstock required to power small children compared to the trace elements in the Wonder bread and Flintstones vitamins which supply them with all other nutritional requirements.
Plus, the bacterial soup may be pretty good at recycling that stuff in a closed system.
Imagine that - a business standing up for the privacy of their customers. Privacy as a product differentiator. Sad that it takes a whole country behind it for it to happen.
In other news, Facebook makes a business out of selling your personal info. Americans are excluded from investing their money there, too: http://read.bi/eY0BJt
Think maybe this plan of not putting the citizen first isn't working out so great? You know, in the end the citizen is the guy with the money after all.
The public may soon find out that their favorite celebrity, politician or employer doesn't feel responsible to contribute financially to the commonwealth at the expense of privacy.
Switzerland has great banks. In fact, there's at least one whole country where everybody puts there money there. There's no reason in the world not to put money in them. Having money in a Swiss bank is not a crime and it doesn't imply you're a criminal or a tax cheat. For example, maybe people are spooked by the circus surrounding US banks or something.
The static from the US IRS got so bad that Swiss banks simply closed all accounts of "American persons". They completely kicked Americans out of their customer base. I find that pretty darn disappointing that my country is acting so obnoxiously that I personally can't do business on equal footing with the rest of the modern world.
How many years did verification set back Iran's nuclear program?
Or are you saying the world should be happy with accurately verifying the rate at which Iran develops a full scale indigenous uranium enrichment capacity?
Are you seriously suggesting that now, after 30 years of hoping, some sort of democratic or political change inside Iran is likely to change their nuclear program?
If you read TFNYTA, it says specifically this lab helped to do it. If you followed the links, you'd see a slide presentation of the lab doing a security assessment of Siemens SCADA system like those used in Iran for enrichment and slides describing attacks on SCADA systems.
Jason Wright transitioned away from OpenBSD IPsec development to work on SCADA security at this lab.
Jason Wright, the OpenBSD developer funded by NETSEC to work on IPsec (and allegedly put in backdoors for the FBI) went to work at the DHS cyber security lab that the NYT is saying helped do Stuxnet http://nyti.ms/grd51Xhttp://bit.ly/feB9ZV
Jason Wright is a cyber security researcher at the Idaho National Laboratory working with SCADA and Process Control system vendors to secure critical infrastructure assets. He is also a semi-retired OpenBSD developer (also known as a "slacker") responsible for many device drivers and layer 2 pieces of kernel code.
I am not making this up.
I'll have to put it in a blog post this evening. See homepage link.
Neutral in whether or not the basic facts of the article are correct "astrology claims X or does not claim X", without regard to the merits of the claims of astrology.
For example, one of the articles quotes an astronomy instructor saying "Astronomers have known about this since about 130 B.C.". I think it's safe to say that in 130 BC there were no astronomers that were not also astrologers. It was one and the same.
So it's incorrect to say that astrologers were not aware of the precession of the equinoxes, they knew about it many centuries before the principles of modern scientific thought were even formulated.
People getting tattoos are another story of course.
People are today using the term "astronomer" when it suits their argument and "astrologer" when the wish to ridicule it. Double standards and cherry-picking is not the mark of solid scientific or logical reasoning.
If "neutral discussion" means accepting Astrology on par with Science in a discussion
But I didn't say that. I didn't say anything comparing astrology and science.
I just pointed out that there are some basic facts in the article wrong and the annual burn-astrology-in-effigy routine is looking really old and worn out by now.
you clearly lump science into the same category as 'something that requires belief'
Nowhere did I say anything about science or its "underlying principles", much less that it required belief to function. I suggest you read what I said again:
science media sets up this same straw man every year so their believers
What I said implies the existence of a science media and it has people who consider themselves as believers in it. I stand behind that and I think you should admit to it too. As evidence I submit the knee-jerk reactions to my comments by people lecturing me on critical thinking who are apparently unable to comprehend what I was saying even though I warned them about it with emphasis!
That's the behavior of people acting according their emotional beliefs not objectively applying scientific principles.
That's a great response, but has nothing at all to do with the point I was making which proves my point perfectly.
Whenever the subject of astrology comes up, people like you reflexively shut down your critical thinking processes and start regurgitating this stuff about how great science is relative to it.
You really really want me to be arguing in support of astrology, don't you? Perhaps you imagine yourself some great defender of science by condemning astrology on Slashdot.
It's lame and predictable, like some Hollywood film where the plot resurrects the Nazis so the hero can have a politically correct enemy to beat up on.
Come on, science has bigger enemies to deal with these days, like groupthink, publication selection bias, and politically-allocated funding. Time to move past the astrology thing.
The real fraud here is the way the science media sets up this same straw man every year so their believers can break their arms patting themselves on the back feeling superior to "those stupid pseudoscientific wannabees who believe in astrology".
The reality is that, as TFA hints at, western astrology hasn't been based on stars for thousands of years....approximately since the constellations were when they were assigned. It's based on equinoxes. Open any book on astrology that goes deeper than sun-sign horoscopes and you'll find a thorough treatment of this topic in one of the first few chapters. But most of you enjoy dumping on stuff you haven't read much about.
I regret that I have to say this but note that I have not expressed an opinion on the merits of astrology in this post. If you reply as if I had, you're only proving your inability to participate in neutral discussion.
I agree with you, my wifi password is also very long and randomly generated.
But I'm not the one you need to convince, it's every individual who chooses a wifi password who is in the set of those we might consider "at risk", said risk being possibly overstated. Whatever that means.:-)
In any case, published experience strongly suggests that many wifi installations have passwords which don't hold up long against 400K trials/sec.
Of course, for granting access to some guy in the parking lot with any guessable password the administrator is a fool. But I am reminded of the Far Side cartoon with the scientists observing a bunch of clowns and asking "Yes, they're all fools gentlemen. But the question remains: what kind of fools are they?"
I, too, see the irony in the "dual-use" nature of technology in general, but I do have a perspective different than one thing you said though:
Here, the general concept is that most useful tools can also be abused for malicious purposes.
I've been to a bunch of hacker cons in the last couple of years and met a bunch of people in the infosec community. There are a lot of people using password guessing and other security auditing tools.
My impression is that, by far, the biggest users of these tools are organizations auditing their own security or contracting with outside parties to do so. Security auditing tools is a burgeoning industry and professional pentesters are in high demand. There are still a lot of black-tshirt-wearing hackers at the cons these days but if you talk to them most of them are in industry or government:-).
It's simply not correct to equate password-cracking tools with malicious purposes.
The great majority of passwords don't have anywhere close to the entropy of "eight random characters drawn from the 96 character printable ASCII repertoire". Probably a great many passwords can be successfully guessed in a reasonable amount of time at 400K trials per second.
here are the results from the last Defcon 18 contest.
I tend to think of someone's use of EC2 as public info, only a "whois" away.
Security researchers like to use EC2 because it's cheap, and it's hard to block network scans from since it shares a netblock with other mission-critical stuff like, say, Twitter.
It's likely that industry journalists would have made a big deal about Wikileaks using it had they not pointed it out themselves.
I still can't tell if this is a keyword placement-piece for EC2 or if somebody really does think this is novel research. ISTR hearing there is an upcoming BlackHat presentation (and that BlackHat was owned by a media company too).
Amazon ought to be extremely careful about playing politics with its ToS and safe harbor provisions.
Amazon doesn't know what the computations taking place on the CPUs/GPUs they lease are doing.
They could be searching for oil deposits, searching for radio signals from ET, recovering lost keys for a legitimate owner, for law enforcement, or for bad guys. They could be doing several of those things simultaneously and it would take very time consuming, deep, by-hand expert research to try to figure it out and you'd still never be sure you understand what all the numbers mean.
Amazon probably doesn't even know when someone installs a web server or a database on an EC2 node. They certainly don't know whether or not it's used to host material leaked from govt sources legitimately into the public domain or who and who isn't a journalist.
That doesn't seem to stop them from selectively applying their ToS at the request of the likes of Sen. Lieberman.
Slashdot Mirror
Right, because Facebook would never let anyone know who your friends were.
In theory, only one end needs to authenticate the other.
In practice, the website depends on the client to do a good job of this. So if you're running MS Windows, the Tunisan government can put a trusted root certificate in your computer with the endorsement of Microsoft. So even running https everywhere will not save Facebook from Microsoft.
Try it yourself. If you have access to a Windows machine, visit http://bit.ly/eWYRbA in IE then check your personal cert store for Agence Nationale de Certification Electronique.
If you think this is a big deal, retweet it or spread the word in other ways. I'm at a loss to explain why people aren't realizing the magnitude of this.
Of course, what's even better is that it's a CODE SIGNING cert. ;-) Now that's what I call pwned!
If it really is as simple as a solar-heated aquarium with a gas pump nozzle on the side, I imagine most people would love to have one in their backyard. Perhaps in sunny areas the existing roof area of single-family homes would be sufficient to provide for the occupant's driving.
Yeah, but not necessarily enough to qualify as "feedstock". E.g., compare the bulk sugar feedstock required to power small children compared to the trace elements in the Wonder bread and Flintstones vitamins which supply them with all other nutritional requirements.
Plus, the bacterial soup may be pretty good at recycling that stuff in a closed system.
Imagine that - a business standing up for the privacy of their customers. Privacy as a product differentiator. Sad that it takes a whole country behind it for it to happen.
In other news, Facebook makes a business out of selling your personal info. Americans are excluded from investing their money there, too: http://read.bi/eY0BJt
Think maybe this plan of not putting the citizen first isn't working out so great? You know, in the end the citizen is the guy with the money after all.
Switzerland has great banks. In fact, there's at least one whole country where everybody puts there money there. There's no reason in the world not to put money in them. Having money in a Swiss bank is not a crime and it doesn't imply you're a criminal or a tax cheat. For example, maybe people are spooked by the circus surrounding US banks or something.
The static from the US IRS got so bad that Swiss banks simply closed all accounts of "American persons". They completely kicked Americans out of their customer base. I find that pretty darn disappointing that my country is acting so obnoxiously that I personally can't do business on equal footing with the rest of the modern world.
How many years did verification set back Iran's nuclear program?
Or are you saying the world should be happy with accurately verifying the rate at which Iran develops a full scale indigenous uranium enrichment capacity?
Are you seriously suggesting that now, after 30 years of hoping, some sort of democratic or political change inside Iran is likely to change their nuclear program?
Apparently Iranians use Windows in their A-bomb factory. Go figure.
What are you saying? That no one could be smart enough to work on multiple operating systems?
No.
If you read TFNYTA, it says specifically this lab helped to do it. If you followed the links, you'd see a slide presentation of the lab doing a security assessment of Siemens SCADA system like those used in Iran for enrichment and slides describing attacks on SCADA systems.
Jason Wright transitioned away from OpenBSD IPsec development to work on SCADA security at this lab.
Jason Wright, the OpenBSD developer funded by NETSEC to work on IPsec (and allegedly put in backdoors for the FBI) went to work at the DHS cyber security lab that the NYT is saying helped do Stuxnet http://nyti.ms/grd51X http://bit.ly/feB9ZV
SecTor 2008 gives his speaker bio http://www.sector.ca/speakers2008.htm
I am not making this up.
I'll have to put it in a blog post this evening. See homepage link.
Neutral in whether or not the basic facts of the article are correct "astrology claims X or does not claim X", without regard to the merits of the claims of astrology.
For example, one of the articles quotes an astronomy instructor saying "Astronomers have known about this since about 130 B.C.". I think it's safe to say that in 130 BC there were no astronomers that were not also astrologers. It was one and the same.
So it's incorrect to say that astrologers were not aware of the precession of the equinoxes, they knew about it many centuries before the principles of modern scientific thought were even formulated.
People getting tattoos are another story of course.
People are today using the term "astronomer" when it suits their argument and "astrologer" when the wish to ridicule it. Double standards and cherry-picking is not the mark of solid scientific or logical reasoning.
But I didn't say that. I didn't say anything comparing astrology and science.
I just pointed out that there are some basic facts in the article wrong and the annual burn-astrology-in-effigy routine is looking really old and worn out by now.
Nowhere did I say anything about science or its "underlying principles", much less that it required belief to function. I suggest you read what I said again:
What I said implies the existence of a science media and it has people who consider themselves as believers in it. I stand behind that and I think you should admit to it too. As evidence I submit the knee-jerk reactions to my comments by people lecturing me on critical thinking who are apparently unable to comprehend what I was saying even though I warned them about it with emphasis!
That's the behavior of people acting according their emotional beliefs not objectively applying scientific principles.
In other words, you're having to much fun rubbing that spot to be bothered with reality, so have some ad hominems on the side.
That's real scientific of you pal.
That's a great response, but has nothing at all to do with the point I was making which proves my point perfectly.
Whenever the subject of astrology comes up, people like you reflexively shut down your critical thinking processes and start regurgitating this stuff about how great science is relative to it.
You really really want me to be arguing in support of astrology, don't you? Perhaps you imagine yourself some great defender of science by condemning astrology on Slashdot.
It's lame and predictable, like some Hollywood film where the plot resurrects the Nazis so the hero can have a politically correct enemy to beat up on.
Come on, science has bigger enemies to deal with these days, like groupthink, publication selection bias, and politically-allocated funding. Time to move past the astrology thing.
The real fraud here is the way the science media sets up this same straw man every year so their believers can break their arms patting themselves on the back feeling superior to "those stupid pseudoscientific wannabees who believe in astrology".
The reality is that, as TFA hints at, western astrology hasn't been based on stars for thousands of years. ...approximately since the constellations were when they were assigned. It's based on equinoxes. Open any book on astrology that goes deeper than sun-sign horoscopes and you'll find a thorough treatment of this topic in one of the first few chapters. But most of you enjoy dumping on stuff you haven't read much about.
I regret that I have to say this but note that I have not expressed an opinion on the merits of astrology in this post. If you reply as if I had, you're only proving your inability to participate in neutral discussion.
I think I re-tweeted it.
But mainly I was objecting to the headline being a factual error that "nobody noticed", or the implication that I was nobody.
Perhaps I really am nobody and I simply need to learn my place.
But rest assured, I won't go quietly. I'll post something sarcastic on Slashdot on the way out.
You have a good argument that, say, for a typical US resident P(killed by a terrorist) << 1e-9?
I noticed yesterday when it was published in another news source.
All of Slashdot noticed today obviously.
Quit acting like nobody noticed or the politicians might start to think they can get away with nobody noticing.
I agree with you, my wifi password is also very long and randomly generated.
But I'm not the one you need to convince, it's every individual who chooses a wifi password who is in the set of those we might consider "at risk", said risk being possibly overstated. Whatever that means. :-)
In any case, published experience strongly suggests that many wifi installations have passwords which don't hold up long against 400K trials/sec.
Of course, for granting access to some guy in the parking lot with any guessable password the administrator is a fool. But I am reminded of the Far Side cartoon with the scientists observing a bunch of clowns and asking "Yes, they're all fools gentlemen. But the question remains: what kind of fools are they?"
Interesting comparison.
I, too, see the irony in the "dual-use" nature of technology in general, but I do have a perspective different than one thing you said though:
I've been to a bunch of hacker cons in the last couple of years and met a bunch of people in the infosec community. There are a lot of people using password guessing and other security auditing tools.
My impression is that, by far, the biggest users of these tools are organizations auditing their own security or contracting with outside parties to do so. Security auditing tools is a burgeoning industry and professional pentesters are in high demand. There are still a lot of black-tshirt-wearing hackers at the cons these days but if you talk to them most of them are in industry or government :-).
It's simply not correct to equate password-cracking tools with malicious purposes.
The great majority of passwords don't have anywhere close to the entropy of "eight random characters drawn from the 96 character printable ASCII repertoire". Probably a great many passwords can be successfully guessed in a reasonable amount of time at 400K trials per second.
here are the results from the last Defcon 18 contest.
That's a very good point.
I tend to think of someone's use of EC2 as public info, only a "whois" away.
Security researchers like to use EC2 because it's cheap, and it's hard to block network scans from since it shares a netblock with other mission-critical stuff like, say, Twitter.
It's likely that industry journalists would have made a big deal about Wikileaks using it had they not pointed it out themselves.
I still can't tell if this is a keyword placement-piece for EC2 or if somebody really does think this is novel research. ISTR hearing there is an upcoming BlackHat presentation (and that BlackHat was owned by a media company too).
Amazon ought to be extremely careful about playing politics with its ToS and safe harbor provisions.
Amazon doesn't know what the computations taking place on the CPUs/GPUs they lease are doing.
They could be searching for oil deposits, searching for radio signals from ET, recovering lost keys for a legitimate owner, for law enforcement, or for bad guys. They could be doing several of those things simultaneously and it would take very time consuming, deep, by-hand expert research to try to figure it out and you'd still never be sure you understand what all the numbers mean.
Amazon probably doesn't even know when someone installs a web server or a database on an EC2 node. They certainly don't know whether or not it's used to host material leaked from govt sources legitimately into the public domain or who and who isn't a journalist.
That doesn't seem to stop them from selectively applying their ToS at the request of the likes of Sen. Lieberman.