Haha, I was going to yell at you that I posted the link to the paper first (well, same time anyway), then I realized who you were:-)
I really have just briefly glanced over it at the moment, but it looks interesting. Is there code I can download somewhere? I can't find any on your's or Chris' websites. Also, have you checked out jnode? Similar to Microsoft's singularity, but actually functional (and in java).
If I was offered a browser that was able to contain flash or quicktime 0day, I would switch to it in a heartbeat. For all the security in firefox, 0day still exists, and is used frequently in the environments that I work in. These threats can be mitigated, and we really should be moving towards properly designed software.
What I liked to hear in the speech was that he has many friends and loved ones that he disagrees with, and that is all right. Can you imagine a politician who only surrounds himself with people he completely agrees with 100% on every issue? His pastor has some radical beliefs, and why the hell not? Understanding his perspective gives insight into the dissatisfaction of many Americans. Pastors don't get to where they are by being "politically safe".
And he pretty much shaped the religious aspect of the republican party for the past 28 years. In McCain's defense, he was one of the only republicans that ever attempted to distance himself from Falwell (in the 2000 primaries), but recently has voiced support for him again.
McCain is actually not too bad of a candidate. What irks at me though is that I believe that a large majority of people voting for him will do so because of some perceived international experience, when he has trouble keeping track of who is Shiite and who is Sunni.
The main sealer of the deal for me with Obama though is his understanding of the importance of investing in technology. Nearly all of his plans call for setting up open databases to increase government transparency, and facilitate better and faster communication. None of the other candidates have mentioned anything about investing in out technological infrastructure, and have never mentioned anything about such issues as net neutrality.
I actually saw Richardson's endorsement last Friday in Portland, and the moment I heard his name announced, I realized what a great VP he would be. He was the US ambassador to the UN though many of the middle east conflicts in 1997-1998, and then he became the Secretary of Energy until Clinton left, which would be very useful experience dealing with these oil issues.
Also, does the McCain/Lieberman ticket scare anyone else? First he gets defeated handily by a democrat in his own state, and had to re run as an independent. Then he gives up his seat at the DNC, and his super delegate vote, so he can endorse McCain. Is that something that pleases independents? It is shocking how quickly he turned on his own party (he was Al Gore's running mate in 2000).
Read the article once more. Yes, and employee of Analysis Corp. checked out Obama's and McCain's passport information. Also, Analysis Corp is run by John Brennan. John Brennan also does some consulting for Obama.
Also note that in the article, it notes that the CEO of Stanley, another passport database contractor, is a Clinton supporter. Also irrelevant.
I think the fear is that by the time we get around to having decent PKI for stuff like credit cards etc, quantum computing will bust everything wide open. PKI is the only practical method of identity management these days, and while algorithms in the PKI are being tweaked, they are all pretty much based on the same principals, which quantum computing is a real threat too.
Having spent many of my younger years chasing down children while working at an after school program, I can honestly say that if google has figured out an algorithm for detecting, tracking, and targeting kids they deserve a freaking fields medal.
Does anyone know if there are any advantages to calling internet addiction a "mental illness"? Does that mean doctors get to use more powerful chemicals to treat this. Does it give the label as a mental illness allow the government to step in and save us from ourselves?
Sure, some people play games on the internet as a way to "escape reality", but plenty of other people read books, play golf, or go to the hair salon to deal with stress.
Also citing statistics from the Korean media is not going to help. Fat people had heart attacks while doing an activity that they do for large portions of their day. I have still seen no evidence that this had anything to do with gaming itself. For further bad statistics, see Korean fan death. http://en.wikipedia.org/wiki/Fan_death
Of course you can get addicted to anything that's fun, but I don't see a huge call for making "fun addiction" a mental illness. That tells me that these doctors are either incredibly stupid (which I highly doubt), or they are trying to sell me something, get famous, or gain some sort of political leverage.
Saying that quantum crypto is unbreakable is a bit overstating the facts. The current suggestion is that quantum crypto should replace public key crypto for key exchanges. After the exchange, the data stream would likely just proceed with a typical AES (or whatever symmetric algorithm seems strong at the time) session.
Quantum crypto can be used for the entire session, but the overhead is enormous.
Also, keep in mind that quantum crypto does not prevent people from intercepting the messages, it just makes sure that when the messages are intercepted, it is detectable.
I am all for coverage of protesters murdering Han shopkeepers, as long as there is also coverage of Chinese police murdering monks. It's all a very fucked up state of affairs, but censoring one side of the violence is disgraceful manipulation. I am hopeful that some day soon, the Chinese government will realize this, and allow their people to come to conclusions on their own. They need to realize that 30% dissent (completely made up number) is not so bad, and allowing free expression only solidifies the patriotism of the remaining 70%. Of course, if dissent gets too high, it means they need to change how their country is structured. Maintaining a media lockout is just too expensive (financially, politically, and morally) in this age of information, and the sooner they realize that, the sooner they can integrate properly with the rest of the world.
If this guy wants to stop criminals before they commit crimes, my suggestion is that they take some money from their obviously over budgeted police force, and invest more into their school system.
Native American tribes have their own land, and can make/enforce their own laws.
I am not sure if other countries you mentioned have similar setups, and of course the deal is not as good as some of the Natives would like it to be, but there is nothing like this in Tibet. China denies that Tibetans even want to be free. Even now they are blocking CNN and Youtube, along with countless other news sources. The goal is not to hide the protests from the Chinese people. The goal seems to be to retain the ability to paint the Tibetans as rebel separatists bent on destroying the Chinese empire.
Fair enough. Maybe the sample of people from the region is a bit skewed, since most of the people I know from the region are around my age (mid 20s), but I have only talked to one person out of the 40 or so people I have discussed this with who does not think that Tibet and Taiwan should have sovereignty. She happened to be an elderly woman from northern china, who had also only been in the US for 3 or so weeks. I also attended a fairly "liberal" university, and most of my friends are on the technical side, so that might further skew my sampling.
Some of these videos that I have seen though, the posts are 12 to 1 in favor of the Chinese military. Those numbers surprise me.
If you want to see something crazy, check out the political spam in the comments of these videos. It is unbelievable the ratio of how many people are calling Tibetans liars and cheering on the Chinese. These are recent posts calling the Dalai Lama a terrorist ringleader. It confuses me that so many people outside the great firewall are posting this stuff.
Anyone want to help me mod these comments down, and rate these videos up?
Ah yes, back in the day that was all cain could do:-) I remember using ftp in windows to bypass the restrictions on the windows explorer, and cracking all my friend's passwords. Fun times had by all.
Cain has actually progressed by ridiculous leaps and bounds since then. It can now parse and decode pretty much any password from any protocol off the network or out of a file. It can also do things like recording voip phone calls, and ssh2 sessions etc. It also has a pretty decent set of wireless cracking tools built in, far more than any wireless cracking tool that I have seen in Linux. It's almost enough to make me switch to windows:-)
Also, as a professional security researcher, I have to ask, who the fuck is Brian Wilson, what the fuck is ChicagoCon, and why the fuck is there a slashdot article about sniffing plain text http traffic in 2008?
Sure, it's fun, got an easy to customize UI, I can do tons of security and network tweaks, and it has a well integrated set of developer tools, but the real reason why I was never able to turn back is the package management. Package management issues were also the core reason I switched from slackware to debian in 2001, debian to gentoo in 2003, and gentoo to ubuntu in 2007.
It is ridiculous to me that even today, tools for Microsoft package management are completely archaic. Microsoft has MSI files, but still the difference in add/remove programs between windows 95 and vista is minimal. Imagine if they allowed users to import catalogues of software, and search for software within the add/remove programs interface (which most distros have been able to do in some sense for 10 years or so). Hell, they could even deal with licence subscriptions right in the interface. It would allow them to better integrate their software with third party vendors, while at the same time making sure effective QA is happening (they could threaten key revocation), and also protecting the users, making sure that all software that gets installed gets downloaded from reliable sources, and does not have the chance to get infected by malicious warez kiddies.
Oh ya, all of this is offtopic:-) We are all throwing comments that will mod us all to offtopic hell (except you AC). Most mods don't really care that much about comments that sit at 2 unless they are pretty offensive though. This is why I ride at +5 and mod down anything that gets in my way:-)
It is my opinion that while we were wasting time and money in Iraq, China became the first country to hit that critical milestone in the cyber race. They were the first nation to have a large, well trained, offensive military network attack unit. Sure, the US has pulled contractors together in the past, and probably run some pretty sophisticated network attack operations, but I doubt those were anything more than one night stands with greatness.
Not that it's bad that they were first to get there. I think the US can catch up eventually, but there are some major economic hurdles we need to get past. In the US (and most countries around the world) it is far more profitable to work in the private sector. Even the NSA has been losing top researchers to RSA, and various private security firms. In some countries, it is more profitable to work in organized crime. China, however, is in a unique position. Even mentioning "network security" over email (in any language) is enough to get you some jail time in china, which is why china does not have nearly as many (I can't name any) private contractors. The only career path for skilled hackers is government or military.
I do know from personal experience that there is an underground in China, but I have never known anyone over the age of 18 that was involved. They always seem to either move away, or disappear by that age. Someone please correct me if I am wrong. Maybe there is a deeper underground that I don't know about, or maybe I just don't hang out with enough old people, but this has been my experience.
You know what? Fuck undercover cops. The idea that my tax dollars go towards tricking people into doing illegal activities annoys me to no end. This website has far more potential for good than bad. Hell, I am a clean looking law biding white male, and I have been arrested and lied to by police. Just last week I had three rifles pointed at me by overzealous police. A friend of mine from Kenya who has never committed a crime in his life gets thrown down on the street with guns pointed at his head about once a month. How the fuck is that fair, or even legal?
I should mention that I live in Portland, Oregon. We have one of the lowest crime rates in the country. Whenever there is a story of a shooting on the news, it is most likely a police officer shooting an unarmed man. A few years back, police tasered a man to death while he was still in his car with his seatbelt on. The excuse that the police gave was that it looked like he was putting drugs in his mouth.
A couple summers ago, in the neighborhood I grew up in (A peaceful lower middle class suburban neighbourhood, I never heard of a crime anywhere in the area the entire 18 years I lived there), a woman called the police saying that her 18 year old son was suicidal, and he needed help. When the police arrived, three officers shot him a total of 8 times in the back. http://blog.oregonlive.com/washingtoncounty/2008/01/previous_stories_and_the_tort.html
These police officers are all back on duty doing their regular routines after murdering all of these people. These are the people that are protecting and serving me. This is why we need services like this.
Just a nitpick, but I trust signed binaries (from a trusted authority) a HELL of a lot more than I trust code compiled from source. It is surprisingly easy to backdoor a piece of code in a way that is extremely hard to detect, even by skilled programmers. For example, input filter intentionally does not validate encoding issues properly. Even with static analysis software that is designed to look for this stuff, it is hard to detect.
On the other hand, a group of programmers on a project would hopefully be doing their best to check the deltas for sketchy code. Their reputation is on the line if they don't, and if they screw up, their key could get revoked, so they would be a bit more careful.
Slashdot Mirror
Haha, I was going to yell at you that I posted the link to the paper first (well, same time anyway), then I realized who you were :-)
I really have just briefly glanced over it at the moment, but it looks interesting. Is there code I can download somewhere? I can't find any on your's or Chris' websites. Also, have you checked out jnode? Similar to Microsoft's singularity, but actually functional (and in java).
If I was offered a browser that was able to contain flash or quicktime 0day, I would switch to it in a heartbeat. For all the security in firefox, 0day still exists, and is used frequently in the environments that I work in. These threats can be mitigated, and we really should be moving towards properly designed software.
link to the paper:
http://www.cs.uiuc.edu/homes/kingst/Research_files/grier08.pdf
What I liked to hear in the speech was that he has many friends and loved ones that he disagrees with, and that is all right. Can you imagine a politician who only surrounds himself with people he completely agrees with 100% on every issue? His pastor has some radical beliefs, and why the hell not? Understanding his perspective gives insight into the dissatisfaction of many Americans. Pastors don't get to where they are by being "politically safe".
Also note that Falwell blamed the ACLU, abortionists, pagans, feminists, gays, and lesbians for 9/11
http://youtube.com/watch?v=H-CAcdta_8I
And he pretty much shaped the religious aspect of the republican party for the past 28 years. In McCain's defense, he was one of the only republicans that ever attempted to distance himself from Falwell (in the 2000 primaries), but recently has voiced support for him again.
yikes, sorry for the lack of sources (tired)
http://www.nydailynews.com/news/politics/2008/03/18/2008-03-18_john_mccain_in_shiitesunni_snafu_during_.html
http://www.barackobama.com/issues/technology/
http://en.wikipedia.org/wiki/Bill_richardson
http://en.wikipedia.org/wiki/Joe_Lieberman
McCain is actually not too bad of a candidate. What irks at me though is that I believe that a large majority of people voting for him will do so because of some perceived international experience, when he has trouble keeping track of who is Shiite and who is Sunni.
The main sealer of the deal for me with Obama though is his understanding of the importance of investing in technology. Nearly all of his plans call for setting up open databases to increase government transparency, and facilitate better and faster communication. None of the other candidates have mentioned anything about investing in out technological infrastructure, and have never mentioned anything about such issues as net neutrality.
I actually saw Richardson's endorsement last Friday in Portland, and the moment I heard his name announced, I realized what a great VP he would be. He was the US ambassador to the UN though many of the middle east conflicts in 1997-1998, and then he became the Secretary of Energy until Clinton left, which would be very useful experience dealing with these oil issues.
Also, does the McCain/Lieberman ticket scare anyone else? First he gets defeated handily by a democrat in his own state, and had to re run as an independent. Then he gives up his seat at the DNC, and his super delegate vote, so he can endorse McCain. Is that something that pleases independents? It is shocking how quickly he turned on his own party (he was Al Gore's running mate in 2000).
I assume you are talking about http://www.cnn.com/2008/POLITICS/03/22/passport.files/ ?
Read the article once more. Yes, and employee of Analysis Corp. checked out Obama's and McCain's passport information. Also, Analysis Corp is run by John Brennan. John Brennan also does some consulting for Obama.
Also note that in the article, it notes that the CEO of Stanley, another passport database contractor, is a Clinton supporter. Also irrelevant.
Remember, it was Obama that called for the investigation into this matter.
http://blogs.usatoday.com/onpolitics/2008/03/nbc-obamas-pass.html
I think the fear is that by the time we get around to having decent PKI for stuff like credit cards etc, quantum computing will bust everything wide open. PKI is the only practical method of identity management these days, and while algorithms in the PKI are being tweaked, they are all pretty much based on the same principals, which quantum computing is a real threat too.
Having spent many of my younger years chasing down children while working at an after school program, I can honestly say that if google has figured out an algorithm for detecting, tracking, and targeting kids they deserve a freaking fields medal.
X = {a,b,c}
secure(X) = secure(a) ^ secure(b) ^ secure(c)
Does anyone know if there are any advantages to calling internet addiction a "mental illness"? Does that mean doctors get to use more powerful chemicals to treat this. Does it give the label as a mental illness allow the government to step in and save us from ourselves?
Sure, some people play games on the internet as a way to "escape reality", but plenty of other people read books, play golf, or go to the hair salon to deal with stress.
Also citing statistics from the Korean media is not going to help. Fat people had heart attacks while doing an activity that they do for large portions of their day. I have still seen no evidence that this had anything to do with gaming itself. For further bad statistics, see Korean fan death. http://en.wikipedia.org/wiki/Fan_death
Of course you can get addicted to anything that's fun, but I don't see a huge call for making "fun addiction" a mental illness. That tells me that these doctors are either incredibly stupid (which I highly doubt), or they are trying to sell me something, get famous, or gain some sort of political leverage.
I like how safari, after what I can only assume is a period of 5 minutes, crashes and then goes home crying.
Saying that quantum crypto is unbreakable is a bit overstating the facts. The current suggestion is that quantum crypto should replace public key crypto for key exchanges. After the exchange, the data stream would likely just proceed with a typical AES (or whatever symmetric algorithm seems strong at the time) session.
Quantum crypto can be used for the entire session, but the overhead is enormous.
Also, keep in mind that quantum crypto does not prevent people from intercepting the messages, it just makes sure that when the messages are intercepted, it is detectable.
I am all for coverage of protesters murdering Han shopkeepers, as long as there is also coverage of Chinese police murdering monks. It's all a very fucked up state of affairs, but censoring one side of the violence is disgraceful manipulation. I am hopeful that some day soon, the Chinese government will realize this, and allow their people to come to conclusions on their own. They need to realize that 30% dissent (completely made up number) is not so bad, and allowing free expression only solidifies the patriotism of the remaining 70%. Of course, if dissent gets too high, it means they need to change how their country is structured. Maintaining a media lockout is just too expensive (financially, politically, and morally) in this age of information, and the sooner they realize that, the sooner they can integrate properly with the rest of the world.
If this guy wants to stop criminals before they commit crimes, my suggestion is that they take some money from their obviously over budgeted police force, and invest more into their school system.
Tribal sovereignty.
http://en.wikipedia.org/wiki/Tribal_sovereignty_in_the_United_States
Native American tribes have their own land, and can make/enforce their own laws.
I am not sure if other countries you mentioned have similar setups, and of course the deal is not as good as some of the Natives would like it to be, but there is nothing like this in Tibet. China denies that Tibetans even want to be free. Even now they are blocking CNN and Youtube, along with countless other news sources. The goal is not to hide the protests from the Chinese people. The goal seems to be to retain the ability to paint the Tibetans as rebel separatists bent on destroying the Chinese empire.
Fair enough. Maybe the sample of people from the region is a bit skewed, since most of the people I know from the region are around my age (mid 20s), but I have only talked to one person out of the 40 or so people I have discussed this with who does not think that Tibet and Taiwan should have sovereignty. She happened to be an elderly woman from northern china, who had also only been in the US for 3 or so weeks. I also attended a fairly "liberal" university, and most of my friends are on the technical side, so that might further skew my sampling.
Some of these videos that I have seen though, the posts are 12 to 1 in favor of the Chinese military. Those numbers surprise me.
If you want to see something crazy, check out the political spam in the comments of these videos. It is unbelievable the ratio of how many people are calling Tibetans liars and cheering on the Chinese. These are recent posts calling the Dalai Lama a terrorist ringleader. It confuses me that so many people outside the great firewall are posting this stuff.
Anyone want to help me mod these comments down, and rate these videos up?
Ah yes, back in the day that was all cain could do :-) I remember using ftp in windows to bypass the restrictions on the windows explorer, and cracking all my friend's passwords. Fun times had by all.
:-)
Cain has actually progressed by ridiculous leaps and bounds since then. It can now parse and decode pretty much any password from any protocol off the network or out of a file. It can also do things like recording voip phone calls, and ssh2 sessions etc. It also has a pretty decent set of wireless cracking tools built in, far more than any wireless cracking tool that I have seen in Linux. It's almost enough to make me switch to windows
Also, as a professional security researcher, I have to ask, who the fuck is Brian Wilson, what the fuck is ChicagoCon, and why the fuck is there a slashdot article about sniffing plain text http traffic in 2008?
Sure, it's fun, got an easy to customize UI, I can do tons of security and network tweaks, and it has a well integrated set of developer tools, but the real reason why I was never able to turn back is the package management. Package management issues were also the core reason I switched from slackware to debian in 2001, debian to gentoo in 2003, and gentoo to ubuntu in 2007.
It is ridiculous to me that even today, tools for Microsoft package management are completely archaic. Microsoft has MSI files, but still the difference in add/remove programs between windows 95 and vista is minimal. Imagine if they allowed users to import catalogues of software, and search for software within the add/remove programs interface (which most distros have been able to do in some sense for 10 years or so). Hell, they could even deal with licence subscriptions right in the interface. It would allow them to better integrate their software with third party vendors, while at the same time making sure effective QA is happening (they could threaten key revocation), and also protecting the users, making sure that all software that gets installed gets downloaded from reliable sources, and does not have the chance to get infected by malicious warez kiddies.
Oh ya, all of this is offtopic :-) We are all throwing comments that will mod us all to offtopic hell (except you AC). Most mods don't really care that much about comments that sit at 2 unless they are pretty offensive though. This is why I ride at +5 and mod down anything that gets in my way :-)
Seriously now, did I just get a troll mod point for mentioning the word "lulz"?
geez.. some people.
It is my opinion that while we were wasting time and money in Iraq, China became the first country to hit that critical milestone in the cyber race. They were the first nation to have a large, well trained, offensive military network attack unit. Sure, the US has pulled contractors together in the past, and probably run some pretty sophisticated network attack operations, but I doubt those were anything more than one night stands with greatness.
Not that it's bad that they were first to get there. I think the US can catch up eventually, but there are some major economic hurdles we need to get past. In the US (and most countries around the world) it is far more profitable to work in the private sector. Even the NSA has been losing top researchers to RSA, and various private security firms. In some countries, it is more profitable to work in organized crime. China, however, is in a unique position. Even mentioning "network security" over email (in any language) is enough to get you some jail time in china, which is why china does not have nearly as many (I can't name any) private contractors. The only career path for skilled hackers is government or military.
I do know from personal experience that there is an underground in China, but I have never known anyone over the age of 18 that was involved. They always seem to either move away, or disappear by that age. Someone please correct me if I am wrong. Maybe there is a deeper underground that I don't know about, or maybe I just don't hang out with enough old people, but this has been my experience.
You must have forgotten to put on your lulz hat this morning :-p
You know what? Fuck undercover cops. The idea that my tax dollars go towards tricking people into doing illegal activities annoys me to no end. This website has far more potential for good than bad. Hell, I am a clean looking law biding white male, and I have been arrested and lied to by police. Just last week I had three rifles pointed at me by overzealous police. A friend of mine from Kenya who has never committed a crime in his life gets thrown down on the street with guns pointed at his head about once a month. How the fuck is that fair, or even legal?
I should mention that I live in Portland, Oregon. We have one of the lowest crime rates in the country. Whenever there is a story of a shooting on the news, it is most likely a police officer shooting an unarmed man. A few years back, police tasered a man to death while he was still in his car with his seatbelt on. The excuse that the police gave was that it looked like he was putting drugs in his mouth.
A couple summers ago, in the neighborhood I grew up in (A peaceful lower middle class suburban neighbourhood, I never heard of a crime anywhere in the area the entire 18 years I lived there), a woman called the police saying that her 18 year old son was suicidal, and he needed help. When the police arrived, three officers shot him a total of 8 times in the back.
http://blog.oregonlive.com/washingtoncounty/2008/01/previous_stories_and_the_tort.html
These police officers are all back on duty doing their regular routines after murdering all of these people. These are the people that are protecting and serving me. This is why we need services like this.
Just a nitpick, but I trust signed binaries (from a trusted authority) a HELL of a lot more than I trust code compiled from source. It is surprisingly easy to backdoor a piece of code in a way that is extremely hard to detect, even by skilled programmers. For example, input filter intentionally does not validate encoding issues properly. Even with static analysis software that is designed to look for this stuff, it is hard to detect.
On the other hand, a group of programmers on a project would hopefully be doing their best to check the deltas for sketchy code. Their reputation is on the line if they don't, and if they screw up, their key could get revoked, so they would be a bit more careful.