Those edits get reverted by the article's owner within minutes.
What may have happened: Those edits get reverted by an editor who is acting like he is the article's owner within minutes.
What did happen: Those edits get reverted by another editor within minutes.
-- Dear Slashdotter:
The proper place to complain about other editor's on-wiki behavior is almost always either in a private conversation with them or to do it on-wiki, either on the editor's talk page, the article's talk page, or in one of the project ("Wikipedia:...") pages created for this purpose. Slashdot is not the proper place.
That may be true of Russia, but from what I hear, it's not true for North Korea and frequently not true for China or Iraq.
For reasons that have to do with money rather than government censorship, many web sites are only available to people in certain countries or who have certain ISPs.
My congressional rep is a pretty far right "We gotta stop the terr'rists" type.
The Bill-of-rights-defending Tea Party may be staunchly law-and-order but they are even more staunchly individual-rights and (except for abortion, gay sex, and maybe drug use) they are strongly in favor of individual rights and privacy, especially rights like "peaceably assemble" and the right to communicate without being snooped on wholesale.
It's the more moderate law-and-order "we gotta stop the terr'rists (because saying so helps me win elections)" - types that are going to be harder to convince.
And the police are going to take your word for it????
On a more serious note, sometimes the police are more interested in how you react to being asked if you can search than what they might find if you consent to a search.
If you are asked to search, here's my best guess of the common outcomes:
* Consent, with attitude of "what have I got to hide." Result: Police will think you either have nothing to hide or don't know that you do AND that you are police-friendly. If they find something they will be more likely to believe you really didn't know about it. * Consent, but without the friendly attitude. Result: The police know that you are a "compliant citizen" and will likely consent to a search if you have nothing to hide that you are aware of OR that they think you won't find what they hid OR that they think they can get the results of a search tossed out of court later. * No consent, "because my lawyer told me not to." Result: The police know you have legal representation and that you've probably had legal issues in the past and/or anticipate legal issues in the future. On the record, they will treat you with respect but will get a warrant if they think they can. Off the record, the individual police who were there will be watching you and if the department has a good rumor mill, the whole dept. will. * No consent, hiding behind "you can't do that, it's my rights, blah blah blah." Result: The police will think you are either a non-dangerous civil-libertarian or someone who might try to harm the government. Depending on circumstances they will either bust down the door or just keep an eye on you. They will try to get a warrant if they think they will succeed. * No consent, and a violent reaction like spitting on a cop that gives them cause to arrest you. Result: You will be arrested and as a result may have legal grounds to search. If so, they will search. If not, they will try for a warrant if they think they can get one.
Tomorrow I will be sending you the 1GB sample data-sets of the output of the pseudo-random-number generators you are investigating.
[the next day the NSA observes an ftp connection with several 1GB file transfers that appear to contain random data, but which really contain contraband data that has been encrypted and padded in a way to make it look at least as random as a typical 1970s-era random-number-generator, along with a few files with real output of known random-number-generators]
If the file transfers don't go through then I complain to my ISP. If they tell me I have to buy a commercial account, I play ball, and if it still doesn't go through I complain. If they investigate, I show them that my colleague and I really am investigating random numbers but I leave out the part about our side business of aiding the local rebels or whatever it is we are actually doing covertly.
As far as the NSA knows, Random Joe is some computer-illiterate old guy whose WiFi is unsecured, and Random Bob is some proxy server in Eastern Europe.
What they don't know but would love to find out before they accidentally raid Random Joe's house and give him a heart attack is that Jimmy Porn-buyer is some guy with a directional antenna borrowing Joe's WiFi from half a mile away just for the day, and Random Willie is some guy in Africa selling "internet sex slaves" for virtual currency.
I predict that some countries will agree to route all traffic - or at least all traffic that appears to e encrypted, i.e. https, ssh, etc. - through VPNs or similar tunnels that use directly-exchanged, self-signed public keys, ensuring that no "intermediate country" will be able to snoop or at least making it extremely expensive for them to do so.
Yes, this will increase cost, and yes, this will mean some intermediate countries will refuse to carry such traffic forcing the traffic through longer, slower, or more expensive routes, but it will allow participating countries to tell their citizens "your data won't be intercepted except in the sending and receiving countries."
Such a guarantee may also be a relatively cheap way of complying with existing data-privacy laws.
The mainstream media may not be playing this up, but I'm sure it's being heard in governments, corporate boardrooms, and consumer-advocate organizations world-wide.
I my jurisdiction it is (or was, a decade ago) against the law* for a locksmith to copy keys that are both marked "do not duplicate" and which used blanks available only to locksmiths required the locksmith to go through paperwork to make sure the person requesting the copy was authorized by the lock-owner to do so. This typically involved asking the requester to provide the lock's "number" which presumably the lock owner had but which was not on the key or lock itself.
Up until recent decades, one of the more practical ways to duplicate many security keys was to make a mold and build a key from it, like you saw in 1960s spy movies. Yes, that required physical possession, but it didn't require a locksmith.
-- *I'm not sure if the law has any real teeth, it may be just a "civil fine" or it may just open up the locksmith to civil liability if the key is misused, much like if a bartender serves a drunk person more booze and they drive and kill someone, the bartender can be sued by the victim's family.
Or perhaps al Qaeda made the whole thing up just to see if they can manipulate the movements of our government by taking advantage of info gathering with a campaign of false intel.
The thought of a deliberate leak by terrorists to test American reactions crossed my mind too.
It also crossed my mind that it might have been a real terrorist plot with a deliberate leak, but with a built-in understanding that the plot was to be scrubbed or rescheduled if America took any noticeable counter-measures, such as closing an embassy.
If you have 8 busy processes (or threads, or whatever you call them) and your architecture can give each one a core, AND there aren't other bottlenecks like memory, I/O, etc., then you can utilize those 8 cores pretty well.
But if you have only one or two ready-to-run processes/threads/whatever at a time, OR if there is contention elsewhere, then yeah, it's a waste.
If you cut all the wires in your charging cable except power and ground, will the device still charge?
If so, transparent "USB extenders" that only have power and ground wires would let anyone charge anywhere without data risk (there would still be the risk of malicious over-voltage, but that's a different risk).
If not, then future devices that charge over USB or other data+power cable should be built to charge with a "power-only, all other pins disconnected" cable.
A good proxy server is going to allow your system administrators to decrypt your SSL connection.
Yes and no. Yes, a proxy can do MITM attacks, but no, barring a key compromise, it can't do so undetectably. A computer-savvy employee who is concerned about a MITM attack can do some testing beforehand and on an ongoing basis to assess his risk.
Some things an employee who doesn't 0wn his own box probably cannot check for is a keyboard logger. Employees probably cannot check for other things like hidden cameras and other off-the-computer surveillance.
Before calling the police in a non-urgent situation, ask yourself
"If everyone in my exact situation called the police, a few crimes may be prevented but a lot of lives would be intruded on and a lot of police resources and taxpayer money would be spent. Would it be better for society if, as a rule, the police were called in this exact situation or if, as a rule, they were not?"
This goes not just for bombs but for thinks like someone unfamiliar walking around your neighborhood at 3AM, your kid's friend sporting frequent unexplained bruises, and the guy who who hangs round the local kiddie park without kids in tow.
Each of these "no matter what I do, there's a good chance that I could wind up doing the wrong thing" cases and many others like it require a gut-check and a realistic assessment of the situation before calling the police. Sometimes the "best answer" is to call the cops. Sometimes the "best answer" is to talk to the person acting suspicious or get friends and neighbors together and talk to the person. Sometimes the "best answer" is to do nothing.
Finally, if you do make a well-thought-out decision and it turns out to be wrong - if you DON'T turn in the guy who searches for pressure cookers and he turns out to be a bomber, or if you DO turn him in and as a result the police are busy interviewing the person and can't get to an armed-robber-in-progress call in time to avoid bloodshed, don't feel guilty about your decision.
For un-encrypted communication just flash the lights or display an image using any common one-way protocol.
For encrypted communication, have a camera on the terminal and have the user put his phone up to the terminal and display a picture or pictures that represent an encryption algorithm and a key, then aim the phone's camera at the terminal to receive the encrypted message using any common one-way protocol.
If the goal is to make it impractical for someone WITHOUT the ability to monitor the computer including the CPU "from the inside" they may be on to something.
If I can monitor the system at a level of detail where I understand what each "step" does, then I can just put the pieces together and I'll know what's going on. If I'm a debugger that can monitor the CPU and the rest of the system in a way that isn't visible to the code I'm trying to snoop on, it's pretty much game over, I win.
Here's where it gets interesting:
If two computers are collaborating on a task and I have debugger-access to one but I see the other as a "black box" you could design a system in which the fact that I have perfect knowledge of what is going on in computer A doesn't give me a huge amount of insight into what task the two computers are collaborating on and how they are doing it.
Free (open) is no longer free (as in beer) if compliance costs are high.
This alone will drive companies to import only closed-source or BSD-style licenses where they are not obligated to provide the source and as such are less likely to be sued by someone who stumbles upon a violation that they themselves overlooked.
They'll still only put three episodes on each disc, so you have to buy the big box set for $99.99, and then go change the disk every couple of hours during a marathon.
Then I'll still not buy it.
If they want my business, they'll have to give me what I want at a price I'm looking for.
The only reason to "still put three episodes on each disk" is if it is re-mastered in such a way that it really does fill up the disk after less than 4 episodes AND that the benefits of re-mastering (higher definition, etc.) are valuable enough FOR ME to go with the newer format rather than the older, more-devices-can-read-the-disk, format.
Here's an example:
Suppose some 4-part movie series was filmed in 70mm in the 1970s but when the DVDs came out they just made it "DVD quality." That's 4 disks. Then they put it on Blue-Ray.
If they put it on just 2 platters, that adds value to me.
If they remaster it in 1080p and it takes 4 disks, that adds value to me.
If they put it on 3 or 4 platters but add lots of extra stuff, that MIGHT be valuable to me, but if it isn't I will stick with the DVD version because it plays on more devices.
If they just put the same files on Blue-Ray along with maybe some ads, I'm going to say WTF??? and get the DVD version instead.
If your older disks won't work in newer players, you MAY have a consumer-fraud action against the seller of the disk, depending on what country you live.
That's in theory.
In practice, either the company will be nice and let you swap for a newer "compatible" disk so they'll look nice, or if they don't care about looking nice, they'll dare you to sue and their lawyers will squash you and your lawyers like a bug.
Slashdot Mirror
You wrote:
Those edits get reverted by the article's owner within minutes.
What may have happened: Those edits get reverted by an editor who is acting like he is the article's owner within minutes.
What did happen: Those edits get reverted by another editor within minutes.
--
Dear Slashdotter:
The proper place to complain about other editor's on-wiki behavior is almost always either in a private conversation with them or to do it on-wiki, either on the editor's talk page, the article's talk page, or in one of the project ("Wikipedia:...") pages created for this purpose. Slashdot is not the proper place.
That may be true of Russia, but from what I hear, it's not true for North Korea and frequently not true for China or Iraq.
For reasons that have to do with money rather than government censorship, many web sites are only available to people in certain countries or who have certain ISPs.
My congressional rep is a pretty far right "We gotta stop the terr'rists" type.
The Bill-of-rights-defending Tea Party may be staunchly law-and-order but they are even more staunchly individual-rights and (except for abortion, gay sex, and maybe drug use) they are strongly in favor of individual rights and privacy, especially rights like "peaceably assemble" and the right to communicate without being snooped on wholesale.
It's the more moderate law-and-order "we gotta stop the terr'rists (because saying so helps me win elections)" - types that are going to be harder to convince.
And the police are going to take your word for it????
On a more serious note, sometimes the police are more interested in how you react to being asked if you can search than what they might find if you consent to a search.
If you are asked to search, here's my best guess of the common outcomes:
* Consent, with attitude of "what have I got to hide." Result: Police will think you either have nothing to hide or don't know that you do AND that you are police-friendly. If they find something they will be more likely to believe you really didn't know about it.
* Consent, but without the friendly attitude. Result: The police know that you are a "compliant citizen" and will likely consent to a search if you have nothing to hide that you are aware of OR that they think you won't find what they hid OR that they think they can get the results of a search tossed out of court later.
* No consent, "because my lawyer told me not to." Result: The police know you have legal representation and that you've probably had legal issues in the past and/or anticipate legal issues in the future. On the record, they will treat you with respect but will get a warrant if they think they can. Off the record, the individual police who were there will be watching you and if the department has a good rumor mill, the whole dept. will.
* No consent, hiding behind "you can't do that, it's my rights, blah blah blah." Result: The police will think you are either a non-dangerous civil-libertarian or someone who might try to harm the government. Depending on circumstances they will either bust down the door or just keep an eye on you. They will try to get a warrant if they think they will succeed.
* No consent, and a violent reaction like spitting on a cop that gives them cause to arrest you. Result: You will be arrested and as a result may have legal grounds to search. If so, they will search. If not, they will try for a warrant if they think they can get one.
Dear Colleague:
Tomorrow I will be sending you the 1GB sample data-sets of the output of the pseudo-random-number generators you are investigating.
[the next day the NSA observes an ftp connection with several 1GB file transfers that appear to contain random data, but which really contain contraband data that has been encrypted and padded in a way to make it look at least as random as a typical 1970s-era random-number-generator, along with a few files with real output of known random-number-generators]
If the file transfers don't go through then I complain to my ISP. If they tell me I have to buy a commercial account, I play ball, and if it still doesn't go through I complain. If they investigate, I show them that my colleague and I really am investigating random numbers but I leave out the part about our side business of aiding the local rebels or whatever it is we are actually doing covertly.
As far as the NSA knows, Random Joe is some computer-illiterate old guy whose WiFi is unsecured, and Random Bob is some proxy server in Eastern Europe.
What they don't know but would love to find out before they accidentally raid Random Joe's house and give him a heart attack is that Jimmy Porn-buyer is some guy with a directional antenna borrowing Joe's WiFi from half a mile away just for the day, and Random Willie is some guy in Africa selling "internet sex slaves" for virtual currency.
In case you missed it on /. yesterday:
Half of Tor Sites Compromised, Including TORMail
Related:
Biryukov, Alex, Ivan Pustogarov, and Ralf-Philipp Weinmann, Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization, presented at the 2013 IEEE Symposium on Security and Privacy, May 19-22, 2013, San Francisco, California
I predict that some countries will agree to route all traffic - or at least all traffic that appears to e encrypted, i.e. https, ssh, etc. - through VPNs or similar tunnels that use directly-exchanged, self-signed public keys, ensuring that no "intermediate country" will be able to snoop or at least making it extremely expensive for them to do so.
Yes, this will increase cost, and yes, this will mean some intermediate countries will refuse to carry such traffic forcing the traffic through longer, slower, or more expensive routes, but it will allow participating countries to tell their citizens "your data won't be intercepted except in the sending and receiving countries."
Such a guarantee may also be a relatively cheap way of complying with existing data-privacy laws.
The mainstream media may not be playing this up, but I'm sure it's being heard in governments, corporate boardrooms, and consumer-advocate organizations world-wide.
I my jurisdiction it is (or was, a decade ago) against the law* for a locksmith to copy keys that are both marked "do not duplicate" and which used blanks available only to locksmiths required the locksmith to go through paperwork to make sure the person requesting the copy was authorized by the lock-owner to do so. This typically involved asking the requester to provide the lock's "number" which presumably the lock owner had but which was not on the key or lock itself.
Up until recent decades, one of the more practical ways to duplicate many security keys was to make a mold and build a key from it, like you saw in 1960s spy movies. Yes, that required physical possession, but it didn't require a locksmith.
--
*I'm not sure if the law has any real teeth, it may be just a "civil fine" or it may just open up the locksmith to civil liability if the key is misused, much like if a bartender serves a drunk person more booze and they drive and kill someone, the bartender can be sued by the victim's family.
"Find every pedo and kill them slowly"
Mother nature is killing us all slowly. I figure I've got decades, maybe a century, tops, before she finishes the job.
Or perhaps al Qaeda made the whole thing up just to see if they can manipulate the movements of our government by taking advantage of info gathering with a campaign of false intel.
The thought of a deliberate leak by terrorists to test American reactions crossed my mind too.
It also crossed my mind that it might have been a real terrorist plot with a deliberate leak, but with a built-in understanding that the plot was to be scrubbed or rescheduled if America took any noticeable counter-measures, such as closing an embassy.
You get to pick 2 ... on a good day.
If you have 8 busy processes (or threads, or whatever you call them) and your architecture can give each one a core, AND there aren't other bottlenecks like memory, I/O, etc., then you can utilize those 8 cores pretty well.
But if you have only one or two ready-to-run processes/threads/whatever at a time, OR if there is contention elsewhere, then yeah, it's a waste.
What else is new?
If you cut all the wires in your charging cable except power and ground, will the device still charge?
If so, transparent "USB extenders" that only have power and ground wires would let anyone charge anywhere without data risk (there would still be the risk of malicious over-voltage, but that's a different risk).
If not, then future devices that charge over USB or other data+power cable should be built to charge with a "power-only, all other pins disconnected" cable.
A good proxy server is going to allow your system administrators to decrypt your SSL connection.
Yes and no. Yes, a proxy can do MITM attacks, but no, barring a key compromise, it can't do so undetectably. A computer-savvy employee who is concerned about a MITM attack can do some testing beforehand and on an ongoing basis to assess his risk.
Some things an employee who doesn't 0wn his own box probably cannot check for is a keyboard logger. Employees probably cannot check for other things like hidden cameras and other off-the-computer surveillance.
You CAN be too careful.
Before calling the police in a non-urgent situation, ask yourself
"If everyone in my exact situation called the police, a few crimes may be prevented but a lot of lives would be intruded on and a lot of police resources and taxpayer money would be spent. Would it be better for society if, as a rule, the police were called in this exact situation or if, as a rule, they were not?"
This goes not just for bombs but for thinks like someone unfamiliar walking around your neighborhood at 3AM, your kid's friend sporting frequent unexplained bruises, and the guy who who hangs round the local kiddie park without kids in tow.
Each of these "no matter what I do, there's a good chance that I could wind up doing the wrong thing" cases and many others like it require a gut-check and a realistic assessment of the situation before calling the police. Sometimes the "best answer" is to call the cops. Sometimes the "best answer" is to talk to the person acting suspicious or get friends and neighbors together and talk to the person. Sometimes the "best answer" is to do nothing.
Finally, if you do make a well-thought-out decision and it turns out to be wrong - if you DON'T turn in the guy who searches for pressure cookers and he turns out to be a bomber, or if you DO turn him in and as a result the police are busy interviewing the person and can't get to an armed-robber-in-progress call in time to avoid bloodshed, don't feel guilty about your decision.
For un-encrypted communication just flash the lights or display an image using any common one-way protocol.
For encrypted communication, have a camera on the terminal and have the user put his phone up to the terminal and display a picture or pictures that represent an encryption algorithm and a key, then aim the phone's camera at the terminal to receive the encrypted message using any common one-way protocol.
If the goal is to make it impractical for someone WITHOUT the ability to monitor the computer including the CPU "from the inside" they may be on to something.
If I can monitor the system at a level of detail where I understand what each "step" does, then I can just put the pieces together and I'll know what's going on. If I'm a debugger that can monitor the CPU and the rest of the system in a way that isn't visible to the code I'm trying to snoop on, it's pretty much game over, I win.
Here's where it gets interesting:
If two computers are collaborating on a task and I have debugger-access to one but I see the other as a "black box" you could design a system in which the fact that I have perfect knowledge of what is going on in computer A doesn't give me a huge amount of insight into what task the two computers are collaborating on and how they are doing it.
Free (open) is no longer free (as in beer) if compliance costs are high.
This alone will drive companies to import only closed-source or BSD-style licenses where they are not obligated to provide the source and as such are less likely to be sued by someone who stumbles upon a violation that they themselves overlooked.
OK, how do you say WTF in Russian?
I'm pretty sure if I turn off autorun and autoplay, any auto-run-on-insert code on a CD or DVD will not get executed.
I'm pretty sure there are other ways to get code on a USB to auto-run and I'm not knowledgeable enough about Microsoft Windows to turn them all off.
I'm highly confident if I turn off "autorun" then no software will be executed from a CD or DVD if I pop it into the drive.
With a thumb drive I'm pretty sure that is NOT the case, at least in Microsoft Windows.
They'll still only put three episodes on each disc, so you have to buy the big box set for $99.99, and then go change the disk every couple of hours during a marathon.
Then I'll still not buy it.
If they want my business, they'll have to give me what I want at a price I'm looking for.
The only reason to "still put three episodes on each disk" is if it is re-mastered in such a way that it really does fill up the disk after less than 4 episodes AND that the benefits of re-mastering (higher definition, etc.) are valuable enough FOR ME to go with the newer format rather than the older, more-devices-can-read-the-disk, format.
Here's an example:
Suppose some 4-part movie series was filmed in 70mm in the 1970s but when the DVDs came out they just made it "DVD quality." That's 4 disks. Then they put it on Blue-Ray.
If they put it on just 2 platters, that adds value to me.
If they remaster it in 1080p and it takes 4 disks, that adds value to me.
If they put it on 3 or 4 platters but add lots of extra stuff, that MIGHT be valuable to me, but if it isn't I will stick with the DVD version because it plays on more devices.
If they just put the same files on Blue-Ray along with maybe some ads, I'm going to say WTF??? and get the DVD version instead.
If your older disks won't work in newer players, you MAY have a consumer-fraud action against the seller of the disk, depending on what country you live.
That's in theory.
In practice, either the company will be nice and let you swap for a newer "compatible" disk so they'll look nice, or if they don't care about looking nice, they'll dare you to sue and their lawyers will squash you and your lawyers like a bug.