== Most proposals for UBI would fund it by dramatically reducing current entitlements. So someone getting a $1500 social security check, would see it reduced to the "universal" $500 or so. That chance of this being politically feasible: 0%. ==
Even if there was enough money to maintain the same average amount, some would get less and some more than now, because the idea is to get rid of detailed bureaucracy.
That is also the problem with making realistic experiments. It is difficult to select 10000 random people and give some of them $1000 more than they got before, and some $1000 less.
Until you actually need those warranties. Then you realize it is only valid if you currently live in the US. You have to pay for shipping and handling out of your own pocket. And if they refuse to pay out, there is not much you can do.
My experience tells me that if my hardware is not running Debian, then at some point there will be no more updates. And hackers is not the only problem, often the hardware just becomes useless.
E.g., I have a perfectly good old WiFI IP phone, but it only works on open networks or networks encrypted with WEP. I have some devices that I would like to use to browse the internet. But they fail on websites with newer certificates.
This is from the Frederiksberg court. It is not final. But most likely the alliance won because the people behind Convert2mp3 did not bother to show up in a Danish court. And they probable also will not appeal. The transcripts from the court is not made public yet as far is I know.
"Secondely the EU cj does not define hate speech, individual countries do"
But does that mean that EU is now demanding that Twitter censors speech that is forbidden in just one EU member state even if it is legal in the other 28 EU states?
So EU are unhappy with Twitter only blocking 38 percent of flagged content. They acknowledge that not all content flagged by users isn't prohibited by law. But how much is that really? Maybe it is 70 percent and then Twitter is blocking "to much".
Who actually decides what should be blocked? Because it is certainly not the European court of Justice or any other court that is reviewing all the tweets.
We are some European citizens that believe that we have the right to seek information without being blocked by some German company hired to oversee some code-of-conduct policy made by bureaucrats supposedly based on some member-state laws that are never tested in courts.
Eventually you can get Linux to boot on UEFI just fine. But it is harder than before.
It used to be that you could just put a DVD in a computer and click OK to install Linux, and that was it.
Now people people ask me for help when Linux installation fails. Usually the installation seem to succeed, but the computer cannot boot. I usually install Boot-Repair on a live USB disk, boot the computer and fix it. Boot-Repair is a nice toot but really, it should not be necessary.
And sometimes it does not work. Early versions of the Intel NUC would fail starting Ubuntu because if expected the executable to be named uefi.exe, not grub.exe. Intel fixed it in a later firmware version. But it is telling that they created something so complex, that not even Intel could get it right.
Except that my VoIP works just fine without any prioritization. Prioritization will just be a way of making sure that just my kind of VoIP will become unusable. And how are they going to determine which traffic is VoIP anyway? Port numbers?
Then again, my downloads through SSH-tunnels will be faster.
There have been other fatal Tesla accidents that was not caused ty autopilot. And plenty of the fatal accidents in average car were not caused by bad driving (i.e., you cannot assume that autopilot would have prevented them).
IANAL, but setting up such a system could not be illegal. At the time you set it up, you cannot know who will be forcing you to unlock. It could be a member of an Armenian gang.
What happens when you are required to unlock is less clear, IMHO.
== “Unlike disclosing passcodes, you are not compelled to speak or say what’s ‘in your mind’ to law enforcement,” Gidari said. “ ‘Put your finger here’ is not testimonial or self-incriminating.” ==
But are you required to warn them about "bad" fingers? And you might not have told you girlfriend which of her finger, will start the self-destruct.
And even if you are required to warn them, if you _do_ believe that your rights are being violated, now they have to prosecute you, and you can argue they had no right in the first place.
The USB gadget support seems to be difficult. But if you get it to work, you could e.g., have several encrypted and unencrypted filesystems on the SD-card.
Give it to someone and let them see a USB flash drive with the unencrypted data, or give them the password to some files.
Or you could have filesystems, where you can write unencrypted, but not read (from e.g. cameras)
In 1992 I traveled through Moscow airport with a pressure cooker with a slide projector inside it (I had trouble keeping my luggage in one suitcase).
When they put it through the airport scanner there was a lot of shouting and they made me take it apart in a corner with concrete walls while three guys was pointing rifles at me.
==
GPL2: >You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License.
Note that if anyone with copyright over the kernel wins such a suit, the rights to use the kernel are lost for all time ("terminated"). ==
That is not what that clause means. For example GPL also says that they not have to accept the license.
What it means, is that they then have distributed the kernel without permission from the GPL. And they could get in trouble for that.
* SSH users should verify the identity of their systems when they first connect.... * We have SSH Honeypots that help us track, understand and respond to SSH attack.
You should have user honeypots. Once in a while present a fake certificate. If the user ignore the wrong fingerprint and type in the correct password, reset the account password.
I am not angry. Just slightly annoyed sometimes. Not alle software projects and distribution packages are created equal. Some are more impressive than others.
It is overkill to switch to another distribution because of something that can be handled with an apt-get remove.
I totally understand why people bother making functionality, I do not need. And I like it, because it means that next time I need something it is probably already there.
What I do not like is that I am being forced (well, pressured, it *is* free software after all) to pay (with computer ressources) for something that I do not need.
Well, if you are the third AP owner in your neighborhood that has a network name Linksys or Home Network, you should not get into trouble.
If you named you network Logan Airport because you wanted to gain access to passengers computers, you would be breakting the law in most countries.
If you named you network Logan Airport because you were curious to find out how many would connect to it, well I am not a lawyer, but I would say you were on thin ice.
The problem with faked DHCP-servers is not so much that it can take advantage of bash vulnerabilities, most clients should now be updated and not use Bash. It is worse that they can give you bad DNS-servers. That means that the attacker can then do a MITM attack on every single connection, you make. Encryption helps, but not everything is encrypted, and many user would accept a fake SSL certificate.
If you are worried about fake DHCP servers you should configure your DHCP client to use fixed DNS servers (I use http://censurfridns.dk/). You would still be vulnerable to fake accesspoints and fake DHCP-servers that also gave you a fake gateway, but not to bad DNS-servers. Unfortunately many networks rely on using DNS to implement captive portals for login and advertizing, so you cannot do it for all networks.
The hotels usually do print the name of their network on flyers, signs etc. But an attacker does not have to make up fake names, he can just use the legit name.
At an airport you might see:
- Airport Net - Airport Net - HP_Printer.
Where "Airport Net" is the legit offices name, that the airport uses. An attacker then names his AP also "Airport Net".
Then you see:
- Airport Net - Airport Net - Airport Net - HP_Printer.
There is no way to know that one of the "Airport Net" AP's are not run by the airport.
And even worse. If the attacker takes an AP e.g. a cafe and name it "Airport Net", there is a good chance that someone will automatically connect to it because they used an AP by that name in the airport.
Actually my client does not connect automatically. Not that i should be a problem, except that it would keep connectiong to networks that I cannot use.
I am telling you that if I stay in a hotel, and I see a network named eg Free_Hotelname_network, then I connect to it and if it works I use it, even though for all I know that network could be running from the laptop of the guy in a room down the hall.
But I should not have care about that. It should not be necessary to trust every DHCP-server I use.
In the same way that I also visit a lot of webservers, that I do not necessarily trust. My browser should not execute insecure bash-scripts.
what pulsed solves is not very important problems, for me at least. But it introduces strange problems, besides eating CPU-cycles and RAM.
For example, I resently spent some time debugging why icedove occasinally froze. It turned out that it was trying to play a sound, but that went wrong because the user starting icedove was not the same as the user starting the desktop even though both were in the audio group.
It should be possible to make pulse work in system mode, but I could not get it to work well. But deinstalling pulseaudio and just using ALSA works perfectly.
In for example an airport you have no way of knowing if it really is the airport that provided the network, you are using.
Even if it is a real airport network, most airport wireless networks are open and unencrypted, so anyone could run their own DHCP server on the network.
In many airport lounges you could just go to the accesspoint and move a few cables to use your own hardware router.
And why should you have to trust airport networks, or networks in cafes, trains, bars, etc?
I think it is reasonable to expect DHCP to be safe.
USB and 128 MByte RAM make many interesting things possible.
With OpenWrt there currently is an annoying problem with VLAN tagging, but there is a patch: https://dev.openwrt.org/ticket... making its way into trunk.
It is already almost impossible to find a microwave that do not have a digital clock.
I do not need more clocks in my kitchen, especially not stupid clocks that need to be set for DST and after power failures. And a clock that shows the wrong time is just as annoying as ads.
Slashdot Mirror
==
Most proposals for UBI would fund it by dramatically reducing current entitlements. So someone getting a $1500 social security check, would see it reduced to the "universal" $500 or so. That chance of this being politically feasible: 0%.
==
Even if there was enough money to maintain the same average amount, some would get less and some more than now, because the idea is to get rid of detailed bureaucracy.
That is also the problem with making realistic experiments. It is difficult to select 10000 random people and give some of them $1000 more than they got before, and some $1000 less.
Until you actually need those warranties. Then you realize it is only valid if you currently live in the US. You have to pay for shipping and handling out of your own pocket. And if they refuse to pay out, there is not much you can do.
My experience tells me that if my hardware is not running Debian, then at some point there will be no more updates.
And hackers is not the only problem, often the hardware just becomes useless.
E.g., I have a perfectly good old WiFI IP phone, but it only works on open networks or networks encrypted with WEP.
I have some devices that I would like to use to browse the internet. But they fail on websites with newer certificates.
This is from the Frederiksberg court.
It is not final. But most likely the alliance won because the people behind Convert2mp3 did not bother to show up in a Danish court. And they probable also will not appeal. The transcripts from the court is not made public yet as far is I know.
"Secondely the EU cj does not define hate speech, individual countries do"
But does that mean that EU is now demanding that Twitter censors speech that is forbidden in just one EU member state even if it is legal in the other 28 EU states?
So EU are unhappy with Twitter only blocking 38 percent of flagged content.
They acknowledge that not all content flagged by users isn't prohibited by law.
But how much is that really? Maybe it is 70 percent and then Twitter is blocking "to much".
Who actually decides what should be blocked? Because it is certainly not the European court of Justice or any other court that is reviewing all the tweets.
We are some European citizens that believe that we have the right to seek information without being blocked by some German company hired to oversee some code-of-conduct policy made by bureaucrats supposedly based on some member-state laws that are never tested in courts.
Yes, and Java showed the same thing.
Just because you might know who signed the applet, that does not mean you should let them take over your user account.
Eventually you can get Linux to boot on UEFI just fine. But it is harder than before.
It used to be that you could just put a DVD in a computer and click OK to install Linux, and that was it.
Now people people ask me for help when Linux installation fails. Usually the installation seem to succeed, but the computer cannot boot. I usually install Boot-Repair on a live USB disk, boot the computer and fix it. Boot-Repair is a nice toot but really, it should not be necessary.
And sometimes it does not work. Early versions of the Intel NUC would fail starting Ubuntu because if expected the executable to be named uefi.exe, not grub.exe. Intel fixed it in a later firmware version. But it is telling that they created something so complex, that not even Intel could get it right.
So when every yahoo on your segment fires up BitTorrent your VoIP stops working? No thank you.
Basic prioritization: ... ...
1. Realtime Communications Traffic (VoIP)
2. Remote interactive sessions (RDP/SSH/Games/etc..)
3. Streaming Video
6. Downloads
Except that my VoIP works just fine without any prioritization.
Prioritization will just be a way of making sure that just my kind of VoIP will become unusable.
And how are they going to determine which traffic is VoIP anyway? Port numbers?
Then again, my downloads through SSH-tunnels will be faster.
Yeah. Just the silly warning screens on every startup would turn me off a built-in system.
You are comparing apple and oranges here.
There have been other fatal Tesla accidents that was not caused ty autopilot. And plenty of the fatal accidents in average car were not caused by bad driving (i.e., you cannot assume that autopilot would have prevented them).
IANAL, but setting up such a system could not be illegal. At the time you set it up, you cannot know who will be forcing you to unlock. It could be a member of an Armenian gang.
What happens when you are required to unlock is less clear, IMHO.
==
“Unlike disclosing passcodes, you are not compelled to speak or say what’s ‘in your mind’ to law enforcement,” Gidari said. “ ‘Put your finger here’ is not testimonial or self-incriminating.”
==
But are you required to warn them about "bad" fingers?
And you might not have told you girlfriend which of her finger, will start the self-destruct.
And even if you are required to warn them, if you _do_ believe that your rights are being violated, now they have to prosecute you, and you can argue they had no right in the first place.
The USB gadget support seems to be difficult.
But if you get it to work, you could e.g., have several encrypted and unencrypted filesystems on the SD-card.
Give it to someone and let them see a USB flash drive with the unencrypted data, or give them the password to some files.
Or you could have filesystems, where you can write unencrypted, but not read (from e.g. cameras)
It might not have to be unattended.
In 1992 I traveled through Moscow airport with a pressure cooker with a slide projector inside it (I had trouble keeping my luggage in one suitcase).
When they put it through the airport scanner there was a lot of shouting and they made me take it apart in a corner with concrete walls while three guys was pointing rifles at me.
==
GPL2:
>You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License.
Note that if anyone with copyright over the kernel wins such a suit, the rights to use the kernel are lost for all time ("terminated").
==
That is not what that clause means. For example GPL also says that they not have to accept the license.
What it means, is that they then have distributed the kernel without permission from the GPL.
And they could get in trouble for that.
* SSH users should verify the identity of their systems when they first connect. ...
* We have SSH Honeypots that help us track, understand and respond to SSH attack.
You should have user honeypots. Once in a while present a fake certificate. If the user ignore the wrong fingerprint and type in the correct password, reset the account password.
Anyway, they would get your password the first time you did a sudo command.
And when you ssh to the next computer, they get that password too.
I am not angry. Just slightly annoyed sometimes.
Not alle software projects and distribution packages are created equal. Some are more impressive than others.
It is overkill to switch to another distribution because of something that can be handled with an apt-get remove.
I totally understand why people bother making functionality, I do not need. And I like it, because it means that next time I need something it is probably already there.
What I do not like is that I am being forced (well, pressured, it *is* free software after all) to pay (with computer ressources) for something that I do not need.
Well, if you are the third AP owner in your neighborhood that has a network name Linksys or Home Network, you should not get into trouble.
If you named you network Logan Airport because you wanted to gain access to passengers computers, you would be breakting the law in most countries.
If you named you network Logan Airport because you were curious to find out how many would connect to it, well I am not a lawyer, but I would say you were on thin ice.
The problem with faked DHCP-servers is not so much that it can take advantage of bash vulnerabilities, most clients should now be updated and not use Bash. It is worse that they can give you bad DNS-servers. That means that the attacker can then do a MITM attack on every single connection, you make. Encryption helps, but not everything is encrypted, and many user would accept a fake SSL certificate.
If you are worried about fake DHCP servers you should configure your DHCP client to use fixed DNS servers (I use http://censurfridns.dk/). You would still be vulnerable to fake accesspoints and fake DHCP-servers that also gave you a fake gateway, but not to bad DNS-servers.
Unfortunately many networks rely on using DNS to implement captive portals for login and advertizing, so you cannot do it for all networks.
The hotels usually do print the name of their network on flyers, signs etc.
But an attacker does not have to make up fake names, he can just use the legit name.
At an airport you might see:
- Airport Net
- Airport Net
- HP_Printer.
Where "Airport Net" is the legit offices name, that the airport uses.
An attacker then names his AP also "Airport Net".
Then you see:
- Airport Net
- Airport Net
- Airport Net
- HP_Printer.
There is no way to know that one of the "Airport Net" AP's are not run by the airport.
And even worse.
If the attacker takes an AP e.g. a cafe and name it "Airport Net", there is a good chance that someone will automatically connect to it because they used an AP by that name in the airport.
Actually my client does not connect automatically.
Not that i should be a problem, except that it would keep connectiong to networks that I cannot use.
I am telling you that if I stay in a hotel, and I see a network named eg Free_Hotelname_network, then I connect to it and if it works I use it, even though for all I know that network could be running from the laptop of the guy in a room down the hall.
But I should not have care about that. It should not be necessary to trust every DHCP-server I use.
In the same way that I also visit a lot of webservers, that I do not necessarily trust. My browser should not execute insecure bash-scripts.
what pulsed solves is not very important problems, for me at least.
But it introduces strange problems, besides eating CPU-cycles and RAM.
For example, I resently spent some time debugging why icedove occasinally froze. It turned out that it was trying to play a sound, but that went wrong because the user starting icedove was not the same as the user starting the desktop even though both were in the audio group.
It should be possible to make pulse work in system mode, but I could not get it to work well. But deinstalling pulseaudio and just using ALSA works perfectly.
In for example an airport you have no way of knowing if it really is the airport that provided the network, you are using.
Even if it is a real airport network, most airport wireless networks are open and unencrypted, so anyone could run their own DHCP server on the network.
In many airport lounges you could just go to the accesspoint and move a few cables to use your own hardware router.
And why should you have to trust airport networks, or networks in cafes, trains, bars, etc?
I think it is reasonable to expect DHCP to be safe.
USB and 128 MByte RAM make many interesting things possible.
With OpenWrt there currently is an annoying problem with VLAN tagging, but there is a patch: https://dev.openwrt.org/ticket... making its way into trunk.
It is already almost impossible to find a microwave that do not have a digital clock.
I do not need more clocks in my kitchen, especially not stupid clocks that need to be set for DST and after power failures. And a clock that shows the wrong time is just as annoying as ads.