That's interesting, my mail client stores a copy of IMAP mailboxes locally, and my backups contain all of that content. I can scroll back through the archive and restore messages individually or en masse. Some of the benefits of using Apple Mail and having Time Machine set up. Yes, I'm smug. That's another benefit of being a Mac user.
I'll tell you why: because the hardware still makes an image of the body, before processing it. It's still potentially a real image. It's then manipulated by known software algorithms to determine suspicious areas. That software can be tested against various items until a low likelihood of recognition is achieved.
That's why software "dumbing down" of the images is pointless, and why software detection of suspicious areas on the body is stupid.
I helped oversee the installation of a repeater for the Nextel service about 7 years ago. (I ran the RF cabling and we hired a radio company to install the device and antennas.) My understanding is that it takes a portion of the frequency spectrum used by the cell tower and amplifies it locally, shifted up or down. It does the same for a local corresponding frequency block, shifting it and amplifying it toward the tower.
This places the repeater coverage in a frequency range outside of that of the tower, and means that there's no chance of feedback on the tower's frequencies. Phones are always searching for the strongest frequency, so those that enter the repeater area may settle on the repeater's frequency range if it's stronger, and as they leave the repeater range, they simply continue searching for the strongest available frequency.
This method may be specific to the iDen protocol, but it may be useful for GSM as well.
Of course, the device installation had to be surveyed by Nextel and was installed by one of their partners, a local company that apparently happened to also maintain Nextel's cell sites. The shifted frequency range had to be within Nextel's licensed spectrum for the geographic region, and also not step on any nearby Nextel towers or repeaters. They also helped by providing a dead-accurate map showing the location of the nearest towers, along with information on their power and direction.
But this is all assuming that no weakness is found in the randomness of the keys or the encryption algorithm itself. In other words, assuming that the Chinese haven't stumbled on a method of breaking SHA hashes or RC4.
(And my assumption that the NSA has a way around it still stands. I'm not convinced they would allow the world to have 128-bit encryption in exported software unless they had a way to crack it.)
BTW, the Chinese supercomputer is actually composed of "Nvidia Tesla M2050 general purpose GPUs" along with Xeon CPUs, so it seems to be quite suited for the job.
Actually, iOS maps is a stretch at this point. The app has barely changed since the initial release of the iPhone, and it's missing a ton of features at this point.
How long would it take to brute-force a 128-bit key using modern hardware such as the Tianhe-1A, which has peak performance of 4.701 petaflops? What about using a bot network?
Is it theoretically possible to derive the server's private key from a session key? How about from multiple session keys?
I also expect that there are still MD5 certificates in use out there, and possibly even on.mil sites.
And of course, the possibility that SSL might be vulnerable to an attack if the attacker has a plaintext, and HTTP contains known plaintext such as "GET / HTTP/1.1".
You're missing the point. Everyone's browsers by default DID TRUST the Chinese root CA during the time of this "traffic rerouting". The Chinese were in a position at that time to create automated signed certificates, and there would not have been any certificate warning in the browser. If they did this, it should be possible to trace, if the military sites keep an archive of all network traffic, as they would be able to see a change to the SSL certificates (facing the server) take place almost all at once.
(For those who may not know what I'm saying, a MITM attack would require the attacker to impersonate the server to the client, and impersonate the client to the server. For existing SSL connections, new encryption keys would have to be created and the negotiation process would start over between the attacker and the client, and between the attacker and the server.)
As far as how long it would take to brute-force a key, do you have any first-handknowledge of this? Are you an expert in this field? It's my assumption that the US Federal government is now able to decrypt 128-bit RC4 in a "reasonable" amount of time, which is why they relaxed the export restriction on 128-bit encryption from the US.
I've seen the numbers comparing 40-bit and 128-bit RC4, for instance, but I can't seem to find information regarding the amount of computing power that was needed to brute-force a 40-bit key in 1.5 days. Also, even if it's statistically unlikely that the key will be guessed within 100 years, that doesn't make it impossible, just unlikely.
The traffic of a.mil site could be a high-profile and high-reward target for the Chinese, so it would be worth spending time and resources to decrypt the traffic they may have captured.
That dude['s] life will be absolutely and utterly destroyed for following what he believe[d] to be legal and lawful instructions.
Ignorance of the law or the Constitution is not a valid defense. Sorry, he chose sides, and he's wrong. He needs to suffer the consequences.
The fact is, there are plenty of people who will step into those leadership roles to replace the current crop. If the "drones" see that they will be held accountable for following unjust or illegal orders, they'll start paying more attention to the Constitution rather than blindly following their superior's orders. Otherwise, it will continue, regardless of how Janet Napolitano is vilified.
If the data is sufficiently well encrypted, it can not read that data, although it can record the cyphertext. The fact that China can issue a certificate does not mean that it can read *your* data.
If they used a Man-In-The-Middle attack during the routing change, creating signed certificates using a top-level CA, they won't even need to decrypt anything. In addition, having the cypher text means that they can spend a few months or years using brute-force to decrypt it (or less, now that they have the fastest supercomputer in the world). Once they do, they'll have the keys for those sessions. Using that, they may even be able to derive the server's private key.
At the very least, they have a copy of the data, and they can eventually crack the encryption.
I do agree with you on the Chinese CA, and I plan to remove it from all of my browsers as trusted.
Not sure if that was a joke, but I want to point out that the Amendment protects us from unreasonable search and unreasonable seizure, not just a situation where both are occurring.
If it was a joke, I did smile briefly. But I find it increasingly more difficult to remain jovial about this subject. (And in the previous sentence I changed "harder" to "more difficult" just to make sure nobody could mistake it for adolescent joviality.)
...the TSA is a government agency, but you are electing to travel by air on a private carrier.
This has nothing to do with liberty, as any true Libertarian would tell you.
As a true Libertarian, I can tell you that you're wrong.
Neither I, nor the airline, hired these goons. If I'm flying a on a private carrier, through locally-owned airports (usually owned by the county or city, NEVER owned by the Federal government), the airline should be free to hire their own security force and institute their own procedures. They are not.
It's entirely about liberty. And the TSA is destroying those private airlines' business by making it unpleasant to fly.
Doesn't the Federal government own the majority of Amtrak (only passenger train company left in the US)? Interesting that they're making it hell for the airlines to exist. (The conflict of interest reminds me of the Federal government owning a large stake in General Motors and then causing a huge PR problem for Toyota, their largest competition, almost immediately. And it's not about foreign or domestic: both are manufactured in the US.)
How long until a terrorist targets a train? For that matter, a terrorist wouldn't need to get past security, all they'd have to do is target the airport itself, including the enormous line of people waiting to get through security. This entire fiasco is a waste of money, and it's destroying both our citizens' expectation of privacy and the airline industry at the same time.
I had about 30 domains with GoDaddy, and was very unhappy with their user interface and customer service. I wanted to be able to make mass changes to the domains, such as name servers. I tried a few different ones and settled on gkg.net. It's not the prettiest, but it's inexpensive and reliable, and the website UI is simple (no crazy Ajax, Flash interface, browser requirements, etc). For my highly important business domains, I went with DynDNS, which is slightly more expensive, but has a clean and beautiful site, offers various other services I use, and has a theoretically more reliable infrastructure, since they run DNS and registration for big names. I've been very happy with both. Oh, and I also had a virtual server with GoDaddy, which I switched to Linode, and SSL certificates, which I switched to theSSLstore.com. Extremely happy with those too. And extremely happy to finally be rid of GoDaddy.
That's the point. They save the rest in a bank, making it less expensive for the bank to loan money. Or they invest it in companies that purchase things and pay taxes on those things. Money unspent is not gone from the economy, it's put to work in other ways.
There's little excuse at this point to buy a router that doesn't support IPv6. And for existing routers, a simple software upgrade will suffice. There will be some "eWaste", but not nearly as much as you think. In addition, IPv6 is not that big a headache, and there are already resources to learn and implement IPv6. I've had IPv6 in my home and on my server for the past 18 months for free, and my ISP doesn't support IPv6 at all. http://ipv6.he.net/
My guess is that since this root server is designed to operate on MILNET after disconnecting from the Internet, they may have been running a drill to do just that. Also, I highly doubt that this is the only root server on MILNET. I expect that they have multiple sites and plenty of redundant locations, but they only give out the Maryland location for security reasons.
I bought an AT&T Microcell. It's not written in Flash, and doesn't use Flash for management. (In case you're curious, it's managed using the normal AT&T Wireless website, and it communicates with their back-end. The Microcell itself has no interface at all, but no Flash is required to manage or install it.)
And that marketing site is an example of where Flash should never be used. It provides nothing that could not have been done using Web standards (a simple form to gather ZIP code) but was done because the marketing department wanted more whiz-bang effects.
While we're giving examples, T-Mobile's website is another example of overuse and misuse of Flash. Each page (inside the Account areas) uses 10-30 Flash instances, for everything from using a specific font in headings, to displaying a block of text with a static graph. It's a pain to use on any platform, doesn't work at all on iPhone, and makes me want to find another provider.
I have a lot of different kinds of insurance, and I'm not enthusiastic about insurance. As the earlier poster said, "the right tool for the job."
Up until 2005 I believed Apple products were still crap, but I've become a user.I'm much happier dealing with something that simply works rather than the constant crap I had to deal with on PCs, mostly Windows, but Linux isn't all that great on a workstation either.
For me, the right tool for the job is a Mac with OSX on my workstation, iOS on my phone, and CentOS on my server. I've tried LOTS of alternatives.
I thought this place was "News for Nerds". It is not true that "alot" of the internet uses Flash.
A very small percentage of websites use Flash. And as an iPhone user for 2.5 years, I have had trouble with exactly one Flash-based website on my iPhone. I'm very happy that my mobile device isn't saddled with Flash. Adobe's horrible software runs on my Laptop, and constantly eats up processor time, heats up my lap, and drains my battery.
Now that Safari has an extension to block Flash, this is finally coming to an end. (Firefox has had it for a while.)
Flash always was an end-run around Web standards, and is far overused. And since Adobe makes low-quality software as a rule, every client is burdened with their slow, buggy, insecure, sloppy excuse for a virtual machine that could just as easily have been on years of Java experience, or submitted as an open Web language standard. Flash is a fucking abomination, and the sooner it disappears from the Web, the better.
Are we not burdening children with the cost of their own education by borrowing to pay for the government that runs it? At this time, the national debt is $44,000 per person in the US, and I don't see that being paid back within two generations.
To specifically address your quoting of Thomas Jefferson, he advocated education paid and controlled within each county, but specifically not controlled by the federal government. Like the other founders, he desired the federal government to have extremely limited powers. And at this point, the federal control of education is the problem.
The answer is the point of TFA: teachers are not being hired, retained, or paid based on their performance or results as a teacher. The fact that they can't strike is probably good for the parents and students, but the fact that the teachers can't negotiate their own pay and therefore have no incentive to do well, and the fact that it's almost impossible for a school to get rid of a nonfunctioning teacher and replace them with a better one, mean that the level of education is going to continue slipping.
I have first-hand experience with this. In my children's school, there are two first-grade teachers. One teaches her students to read, the other does not. Every student who comes out of the first teacher's class does well in future grades, students of the latter do not. Three of my four children were taught to read by the first teacher. My unlucky child was taught by the other, and he's still struggling. The school knows about, the parents know about it. Nobody can do anything. Both teachers are NEA members and are paid based on their seniority.
Slashdot Mirror
That's interesting, my mail client stores a copy of IMAP mailboxes locally, and my backups contain all of that content. I can scroll back through the archive and restore messages individually or en masse. Some of the benefits of using Apple Mail and having Time Machine set up. Yes, I'm smug. That's another benefit of being a Mac user.
Cops give pat-downs and body searches only with a warrant or probable cause. It's a world of difference, Constitutionally speaking.
I'll tell you why: because the hardware still makes an image of the body, before processing it. It's still potentially a real image. It's then manipulated by known software algorithms to determine suspicious areas. That software can be tested against various items until a low likelihood of recognition is achieved.
That's why software "dumbing down" of the images is pointless, and why software detection of suspicious areas on the body is stupid.
I helped oversee the installation of a repeater for the Nextel service about 7 years ago. (I ran the RF cabling and we hired a radio company to install the device and antennas.) My understanding is that it takes a portion of the frequency spectrum used by the cell tower and amplifies it locally, shifted up or down. It does the same for a local corresponding frequency block, shifting it and amplifying it toward the tower.
This places the repeater coverage in a frequency range outside of that of the tower, and means that there's no chance of feedback on the tower's frequencies. Phones are always searching for the strongest frequency, so those that enter the repeater area may settle on the repeater's frequency range if it's stronger, and as they leave the repeater range, they simply continue searching for the strongest available frequency.
This method may be specific to the iDen protocol, but it may be useful for GSM as well.
Of course, the device installation had to be surveyed by Nextel and was installed by one of their partners, a local company that apparently happened to also maintain Nextel's cell sites. The shifted frequency range had to be within Nextel's licensed spectrum for the geographic region, and also not step on any nearby Nextel towers or repeaters. They also helped by providing a dead-accurate map showing the location of the nearest towers, along with information on their power and direction.
Limited to 10 AT&T lines, 2 concurrent.
On the anti-matter side of the universe, they just call it "matter".
But this is all assuming that no weakness is found in the randomness of the keys or the encryption algorithm itself. In other words, assuming that the Chinese haven't stumbled on a method of breaking SHA hashes or RC4.
(And my assumption that the NSA has a way around it still stands. I'm not convinced they would allow the world to have 128-bit encryption in exported software unless they had a way to crack it.)
BTW, the Chinese supercomputer is actually composed of "Nvidia Tesla M2050 general purpose GPUs" along with Xeon CPUs, so it seems to be quite suited for the job.
Actually, iOS maps is a stretch at this point. The app has barely changed since the initial release of the iPhone, and it's missing a ton of features at this point.
Well, then my question wasn't rhetorical.
How long would it take to brute-force a 128-bit key using modern hardware such as the Tianhe-1A, which has peak performance of 4.701 petaflops? What about using a bot network?
Is it theoretically possible to derive the server's private key from a session key? How about from multiple session keys?
I also expect that there are still MD5 certificates in use out there, and possibly even on .mil sites.
And of course, the possibility that SSL might be vulnerable to an attack if the attacker has a plaintext, and HTTP contains known plaintext such as "GET / HTTP/1.1".
You're missing the point. Everyone's browsers by default DID TRUST the Chinese root CA during the time of this "traffic rerouting". The Chinese were in a position at that time to create automated signed certificates, and there would not have been any certificate warning in the browser. If they did this, it should be possible to trace, if the military sites keep an archive of all network traffic, as they would be able to see a change to the SSL certificates (facing the server) take place almost all at once.
(For those who may not know what I'm saying, a MITM attack would require the attacker to impersonate the server to the client, and impersonate the client to the server. For existing SSL connections, new encryption keys would have to be created and the negotiation process would start over between the attacker and the client, and between the attacker and the server.)
As far as how long it would take to brute-force a key, do you have any first-handknowledge of this? Are you an expert in this field? It's my assumption that the US Federal government is now able to decrypt 128-bit RC4 in a "reasonable" amount of time, which is why they relaxed the export restriction on 128-bit encryption from the US.
I've seen the numbers comparing 40-bit and 128-bit RC4, for instance, but I can't seem to find information regarding the amount of computing power that was needed to brute-force a 40-bit key in 1.5 days. Also, even if it's statistically unlikely that the key will be guessed within 100 years, that doesn't make it impossible, just unlikely.
The traffic of a .mil site could be a high-profile and high-reward target for the Chinese, so it would be worth spending time and resources to decrypt the traffic they may have captured.
That dude['s] life will be absolutely and utterly destroyed for following what he believe[d] to be legal and lawful instructions.
Ignorance of the law or the Constitution is not a valid defense. Sorry, he chose sides, and he's wrong. He needs to suffer the consequences.
The fact is, there are plenty of people who will step into those leadership roles to replace the current crop. If the "drones" see that they will be held accountable for following unjust or illegal orders, they'll start paying more attention to the Constitution rather than blindly following their superior's orders. Otherwise, it will continue, regardless of how Janet Napolitano is vilified.
If the data is sufficiently well encrypted, it can not read that data, although it can record the cyphertext. The fact that China can issue a certificate does not mean that it can read *your* data.
If they used a Man-In-The-Middle attack during the routing change, creating signed certificates using a top-level CA, they won't even need to decrypt anything. In addition, having the cypher text means that they can spend a few months or years using brute-force to decrypt it (or less, now that they have the fastest supercomputer in the world). Once they do, they'll have the keys for those sessions. Using that, they may even be able to derive the server's private key.
At the very least, they have a copy of the data, and they can eventually crack the encryption.
I do agree with you on the Chinese CA, and I plan to remove it from all of my browsers as trusted.
Not sure if that was a joke, but I want to point out that the Amendment protects us from unreasonable search and unreasonable seizure, not just a situation where both are occurring.
If it was a joke, I did smile briefly. But I find it increasingly more difficult to remain jovial about this subject. (And in the previous sentence I changed "harder" to "more difficult" just to make sure nobody could mistake it for adolescent joviality.)
...the TSA is a government agency, but you are electing to travel by air on a private carrier.
This has nothing to do with liberty, as any true Libertarian would tell you.
As a true Libertarian, I can tell you that you're wrong.
Neither I, nor the airline, hired these goons. If I'm flying a on a private carrier, through locally-owned airports (usually owned by the county or city, NEVER owned by the Federal government), the airline should be free to hire their own security force and institute their own procedures. They are not.
It's entirely about liberty. And the TSA is destroying those private airlines' business by making it unpleasant to fly.
Doesn't the Federal government own the majority of Amtrak (only passenger train company left in the US)? Interesting that they're making it hell for the airlines to exist. (The conflict of interest reminds me of the Federal government owning a large stake in General Motors and then causing a huge PR problem for Toyota, their largest competition, almost immediately. And it's not about foreign or domestic: both are manufactured in the US.)
How long until a terrorist targets a train? For that matter, a terrorist wouldn't need to get past security, all they'd have to do is target the airport itself, including the enormous line of people waiting to get through security. This entire fiasco is a waste of money, and it's destroying both our citizens' expectation of privacy and the airline industry at the same time.
I had about 30 domains with GoDaddy, and was very unhappy with their user interface and customer service. I wanted to be able to make mass changes to the domains, such as name servers. I tried a few different ones and settled on gkg.net. It's not the prettiest, but it's inexpensive and reliable, and the website UI is simple (no crazy Ajax, Flash interface, browser requirements, etc). For my highly important business domains, I went with DynDNS, which is slightly more expensive, but has a clean and beautiful site, offers various other services I use, and has a theoretically more reliable infrastructure, since they run DNS and registration for big names. I've been very happy with both.
Oh, and I also had a virtual server with GoDaddy, which I switched to Linode, and SSL certificates, which I switched to theSSLstore.com. Extremely happy with those too. And extremely happy to finally be rid of GoDaddy.
0.3 + 0.3 = 0.6, which rounds to 1. So yes.
That's the point. They save the rest in a bank, making it less expensive for the bank to loan money. Or they invest it in companies that purchase things and pay taxes on those things. Money unspent is not gone from the economy, it's put to work in other ways.
There's little excuse at this point to buy a router that doesn't support IPv6. And for existing routers, a simple software upgrade will suffice. There will be some "eWaste", but not nearly as much as you think. In addition, IPv6 is not that big a headache, and there are already resources to learn and implement IPv6. I've had IPv6 in my home and on my server for the past 18 months for free, and my ISP doesn't support IPv6 at all. http://ipv6.he.net/
My guess is that since this root server is designed to operate on MILNET after disconnecting from the Internet, they may have been running a drill to do just that. Also, I highly doubt that this is the only root server on MILNET. I expect that they have multiple sites and plenty of redundant locations, but they only give out the Maryland location for security reasons.
I bought an AT&T Microcell. It's not written in Flash, and doesn't use Flash for management. (In case you're curious, it's managed using the normal AT&T Wireless website, and it communicates with their back-end. The Microcell itself has no interface at all, but no Flash is required to manage or install it.)
And that marketing site is an example of where Flash should never be used. It provides nothing that could not have been done using Web standards (a simple form to gather ZIP code) but was done because the marketing department wanted more whiz-bang effects.
While we're giving examples, T-Mobile's website is another example of overuse and misuse of Flash. Each page (inside the Account areas) uses 10-30 Flash instances, for everything from using a specific font in headings, to displaying a block of text with a static graph. It's a pain to use on any platform, doesn't work at all on iPhone, and makes me want to find another provider.
I have a lot of different kinds of insurance, and I'm not enthusiastic about insurance. As the earlier poster said, "the right tool for the job."
Up until 2005 I believed Apple products were still crap, but I've become a user.I'm much happier dealing with something that simply works rather than the constant crap I had to deal with on PCs, mostly Windows, but Linux isn't all that great on a workstation either.
For me, the right tool for the job is a Mac with OSX on my workstation, iOS on my phone, and CentOS on my server. I've tried LOTS of alternatives.
I thought this place was "News for Nerds". It is not true that "alot" of the internet uses Flash.
A very small percentage of websites use Flash. And as an iPhone user for 2.5 years, I have had trouble with exactly one Flash-based website on my iPhone. I'm very happy that my mobile device isn't saddled with Flash. Adobe's horrible software runs on my Laptop, and constantly eats up processor time, heats up my lap, and drains my battery.
Now that Safari has an extension to block Flash, this is finally coming to an end. (Firefox has had it for a while.)
Flash always was an end-run around Web standards, and is far overused. And since Adobe makes low-quality software as a rule, every client is burdened with their slow, buggy, insecure, sloppy excuse for a virtual machine that could just as easily have been on years of Java experience, or submitted as an open Web language standard. Flash is a fucking abomination, and the sooner it disappears from the Web, the better.
Are we not burdening children with the cost of their own education by borrowing to pay for the government that runs it? At this time, the national debt is $44,000 per person in the US, and I don't see that being paid back within two generations.
To specifically address your quoting of Thomas Jefferson, he advocated education paid and controlled within each county, but specifically not controlled by the federal government. Like the other founders, he desired the federal government to have extremely limited powers. And at this point, the federal control of education is the problem.
The answer is the point of TFA: teachers are not being hired, retained, or paid based on their performance or results as a teacher. The fact that they can't strike is probably good for the parents and students, but the fact that the teachers can't negotiate their own pay and therefore have no incentive to do well, and the fact that it's almost impossible for a school to get rid of a nonfunctioning teacher and replace them with a better one, mean that the level of education is going to continue slipping.
I have first-hand experience with this. In my children's school, there are two first-grade teachers. One teaches her students to read, the other does not. Every student who comes out of the first teacher's class does well in future grades, students of the latter do not. Three of my four children were taught to read by the first teacher. My unlucky child was taught by the other, and he's still struggling. The school knows about, the parents know about it. Nobody can do anything. Both teachers are NEA members and are paid based on their seniority.