But if the money is in my possession, doesn't a fair reading of the Constitution mean they have to prove it never belonged to me?
The US Government abandoned any pretext of due process many years ago with the passing of various
asset_forfeiture laws. Now they pretty much seize anything that they can and require you to prove that you obtained it legally and that you used funds that were obtained legally.
Good point. But a quick sip isn't exactly something I depend on, right? That was the real point. If one source of marginally interesting information flow gets ruined, there are plenty of other things to do. My mental well-being doesn't depend on 'consumption' of what Comcast/TWC might control. Maybe I'll just take the kayak down to the river and paddle around for a bit, take the dog for a walk or take the bike out for a spin. Comcast/TWC can DIAF.
So when you go down to the local polling place, assuming that you even vote, do you just pick randomly?
Pattern recognition is an interesting way to put it.
We are predisposed to pattern recognition. Selection also likely accounts for the fortunate ones... whose patterns of recognition proved causal rather than corollary, such as this leaf cures that malady.
Don't forget a healthy sprinkling of confirmation bias on top.
Pearl Harbor Survivor is not a licence(sic) plate HOLDER.
It is a state-issued alternative license plate.
Dude, chill out. He didn't mean a physical license plate retention device, he meant a person who has been issued that license plate. Kinda like when someone holds an office, they don't literally have a bunch of office furniture in their arms.
Sadly, this is not the case. The evidence is that bad actors had this exploit for months: http://arstechnica.com/securit...
One of the two sites cited as evidence have since taken a step back,
Important update (10th April 2014): Original content of this blog entry stated that one of our SeaCat server detected Heartbleed bug attack prior its actual disclosure. EFF correctly pointed out that there are other tools, that can produce the same pattern in the SeaCat server log (see http://blog.erratasec.com/2014... ). I don't have any hard data evidence to support or reject this statement. Since there is a risk that our finding is false positive, I have modified this entry to neutral tone, removing any conclusions. There are real honeypots in the Internet that should provide final evidence when Heartbleed has been broadly exploited for a first time.
While something tells me this exploit is somewhat overblown, what really ticks me off is that this is all the result of delegating memory management to C pointers and basically mmap. As far as I'm concerned, in this day and age, that amounts to spaghetti code and I can't say it endears me to the reliability of openssl.
It has nothing to do with mmap or C pointers per se. The issue is simply bad programming. Someone wrote code that trusted unvalidated user input and they got bit in the ass. Whomever performed the code review should have known better, even if the developer didn't..
And then came the kids, which make watching sports almost impossible anyway, because it isn't purple and doesn't sing or dance. Well, maybe the Ravens.
Did you know that it burns when you snort beer out of your nose? Guess how I just found out? Thanks for that then.
Which is not going to happen because the authors haven't given any reason why anyone should care. We have lots of widely-deployed ciphers which are fast and secure. No one attacks modern cryptographic security systems by breaking the ciphers, they do it by exploiting peripheral flaws in implementation, key management, etc.
A potential patent to deal with just to use it is one more nail in the coffin of this.
Not that I've actually done my own research, but what qualifications do these folks have to state the security of an encryption mechanism? Everybody who finds a new way to twist a message thinks it's secure.
None whatsoever, but that doesn't stop physicists or managers from deluding themselves into thinking that they can do it better. Fortunately they patented whatever method they came up with so no one will want to even go near it as a replacement.
Wouldn't it make more sense to locate these labs in an incredibly isolated area like an island in the middle of the ocean or the Moon? Someplace that CAN be quarantined 100% in the event of a mishap?
Maybe you could put it near the arctic circle and name it Arctic Biosystems.
Do you have any evidence that they are doing it anyway?
He has empirical evidence that supports his claim. That was the whole point of the investigation that the author was doing. When his orders hit the various exchanges at the exact same time, they were all filled. When they hit one exchange before the other, the "later" orders were suddenly unable to be filled.
The summary said she gave them her password. That sounds like permission.
The summary also says that she is now 15, implying that she was younger than that when this happened. At that age she has is a minor and has no legal standing to give them permission, even if she wanted (or was coerced) to. The school district needed to get the parent's permission before taking action and they learned a valuable lesson. The court system worked correctly for once.
When someone in the government violates Constitutional Rights in America, two things happen: First, evidence that comes from that violation is inadmissible in court. Second, the person whose rights have been violated can sue the pants off the government.
The US constitution only protects individuals from actions taken by their government or appointees.
It is more complicated because of a massive fraud on the part of the prosecution to pretend that the information is not based on that violation.
Citation needed. What constitutional violations are you referring to here?
It is also more complicated because juries, as a whole, care less about the government having violated your constitutional rights when you are a criminal.
US Juries have no authority to determine whether or not a person's constitutional rights have been violated or not. A judge determines whether any evidence obtained is admissible or not and the jury deliberates based on that decision and the evidence.
It is also more complicated because when they get caught doing something bad enough, cops usually offer a deal where you won't sue and they won't prosecute.
All card terminals in the US need to accept chip & PIN by 2015 because the banks will be mandating it.
The banks are not mandating anything. The credit card networks dictate the conditions by which a merchant or a bank can participate in their system.
One issue that hampers the conversion is the replacement of the card accepting terminals. The US has retailers that have more terminals in a single region than most OECD nations. That's a lot of hardware to replace for merchants who have not been held responsible for anything that happens when they don't.
I wonder how this will impact online payments - how will chip/pin be supported there?
Given most of my CC activity is online, I fathom this is a huge loophole to the new security structure...
The impact will be that the majority of CC fraud will move to online merchants.
âoeIf your mining power is more than a third of the system total, this always works,â says Ittay Eyal, who did the research with colleague Emin Gün Sirer. âoeYou may be able to do it with much less,â Eyal adds.
Eyal proposes a modification to the mining protocol that would ensure that only someone controlling at least a quarter of all mining power could profit from selfish mining, and says the Bitcoin community should also make efforts to limit the power of mining operations.
Wait, what? So right now it takes 1/3 of the mining power for selfish mining to work but Eyal is proposing a change that reduces the power needed? I don't get it.
They are already paid by the end user and by the distributors like Netflix, who pay for their bandwidth usage. What the carriers want is to be paid three times.
Unfortunately stories like this just highlight how little even self-declared tech people know about how the "Internet" works.
If you're going to use a movie reference, there's a much better one out there. The movie Dredd revolved around a new drug called 'Slo-Mo', which caused a time dilation effect in users identical to the effect described in the article.
Slashdot Mirror
But if the money is in my possession, doesn't a fair reading of the Constitution mean they have to prove it never belonged to me?
The US Government abandoned any pretext of due process many years ago with the passing of various asset_forfeiture laws. Now they pretty much seize anything that they can and require you to prove that you obtained it legally and that you used funds that were obtained legally.
Good point. But a quick sip isn't exactly something I depend on, right? That was the real point. If one source of marginally interesting information flow gets ruined, there are plenty of other things to do. My mental well-being doesn't depend on 'consumption' of what Comcast/TWC might control. Maybe I'll just take the kayak down to the river and paddle around for a bit, take the dog for a walk or take the bike out for a spin. Comcast/TWC can DIAF.
So when you go down to the local polling place, assuming that you even vote, do you just pick randomly?
Pattern recognition is an interesting way to put it.
We are predisposed to pattern recognition. Selection also likely accounts for the fortunate ones... whose patterns of recognition proved causal rather than corollary, such as this leaf cures that malady.
Don't forget a healthy sprinkling of confirmation bias on top.
Pearl Harbor Survivor is not a licence(sic) plate HOLDER.
It is a state-issued alternative license plate.
Dude, chill out. He didn't mean a physical license plate retention device, he meant a person who has been issued that license plate. Kinda like when someone holds an office, they don't literally have a bunch of office furniture in their arms.
Sadly, this is not the case. The evidence is that bad actors had this exploit for months: http://arstechnica.com/securit...
One of the two sites cited as evidence have since taken a step back,
Important update (10th April 2014): Original content of this blog entry stated that one of our SeaCat server detected Heartbleed bug attack prior its actual disclosure. EFF correctly pointed out that there are other tools, that can produce the same pattern in the SeaCat server log (see http://blog.erratasec.com/2014... ). I don't have any hard data evidence to support or reject this statement. Since there is a risk that our finding is false positive, I have modified this entry to neutral tone, removing any conclusions. There are real honeypots in the Internet that should provide final evidence when Heartbleed has been broadly exploited for a first time.
While something tells me this exploit is somewhat overblown, what really ticks me off is that this is all the result of delegating memory management to C pointers and basically mmap. As far as I'm concerned, in this day and age, that amounts to spaghetti code and I can't say it endears me to the reliability of openssl.
It has nothing to do with mmap or C pointers per se. The issue is simply bad programming. Someone wrote code that trusted unvalidated user input and they got bit in the ass. Whomever performed the code review should have known better, even if the developer didn't..
I was going to come up with a cure for cancer, but since it might endanger the culture of cancer support groups, I guess I won't.
Do you have an unlimited plan for your cell phone? Do you feel obligated to use it constantly and feel guilty about not using it? Probably not.
Do you have unlimited internet? Do you download large files constantly in order to maximize your usage? Probably not.
Do you go to all-you-can-eat buffets and eat as much as you possibly can and make yourself sick? Probably not.
Dude, this is /. You're probably 0 for 3 here.
And then came the kids, which make watching sports almost impossible anyway, because it isn't purple and doesn't sing or dance. Well, maybe the Ravens.
Did you know that it burns when you snort beer out of your nose? Guess how I just found out? Thanks for that then.
The paper doesn't tell you much about cryptography, but it does illustrate the failures of peer review.
That's why you are seeing it in a physics journal and not being presented at EuroCrypt.
Which is not going to happen because the authors haven't given any reason why anyone should care. We have lots of widely-deployed ciphers which are fast and secure. No one attacks modern cryptographic security systems by breaking the ciphers, they do it by exploiting peripheral flaws in implementation, key management, etc.
A potential patent to deal with just to use it is one more nail in the coffin of this.
Not that I've actually done my own research, but what qualifications do these folks have to state the security of an encryption mechanism? Everybody who finds a new way to twist a message thinks it's secure.
None whatsoever, but that doesn't stop physicists or managers from deluding themselves into thinking that they can do it better. Fortunately they patented whatever method they came up with so no one will want to even go near it as a replacement.
Yes, which means either they're being realistic in the sense that basically all forms of cryptography fall into this category,
Please share with us your crack of the one time pad.
I guess if he doesn't make the talk then the hack didn't work!
Wouldn't it make more sense to locate these labs in an incredibly isolated area like an island in the middle of the ocean or the Moon? Someplace that CAN be quarantined 100% in the event of a mishap?
Maybe you could put it near the arctic circle and name it Arctic Biosystems.
Do you have any evidence that they are doing it anyway?
He has empirical evidence that supports his claim. That was the whole point of the investigation that the author was doing. When his orders hit the various exchanges at the exact same time, they were all filled. When they hit one exchange before the other, the "later" orders were suddenly unable to be filled.
The summary said she gave them her password. That sounds like permission.
The summary also says that she is now 15, implying that she was younger than that when this happened. At that age she has is a minor and has no legal standing to give them permission, even if she wanted (or was coerced) to. The school district needed to get the parent's permission before taking action and they learned a valuable lesson. The court system worked correctly for once.
When someone in the government violates Constitutional Rights in America, two things happen: First, evidence that comes from that violation is inadmissible in court. Second, the person whose rights have been violated can sue the pants off the government.
The US constitution only protects individuals from actions taken by their government or appointees.
It is more complicated because of a massive fraud on the part of the prosecution to pretend that the information is not based on that violation.
Citation needed. What constitutional violations are you referring to here?
It is also more complicated because juries, as a whole, care less about the government having violated your constitutional rights when you are a criminal.
US Juries have no authority to determine whether or not a person's constitutional rights have been violated or not. A judge determines whether any evidence obtained is admissible or not and the jury deliberates based on that decision and the evidence.
It is also more complicated because when they get caught doing something bad enough, cops usually offer a deal where you won't sue and they won't prosecute.
Citation needed please.
Another slashblog post by an imbecile. Must be a slow news day.
The banks ARE making moves here.
All card terminals in the US need to accept chip & PIN by 2015 because the banks will be mandating it.
The banks are not mandating anything. The credit card networks dictate the conditions by which a merchant or a bank can participate in their system.
One issue that hampers the conversion is the replacement of the card accepting terminals. The US has retailers that have more terminals in a single region than most OECD nations. That's a lot of hardware to replace for merchants who have not been held responsible for anything that happens when they don't.
I wonder how this will impact online payments - how will chip/pin be supported there? Given most of my CC activity is online, I fathom this is a huge loophole to the new security structure...
The impact will be that the majority of CC fraud will move to online merchants.
âoeIf your mining power is more than a third of the system total, this always works,â says Ittay Eyal, who did the research with colleague Emin Gün Sirer. âoeYou may be able to do it with much less,â Eyal adds.
Eyal proposes a modification to the mining protocol that would ensure that only someone controlling at least a quarter of all mining power could profit from selfish mining, and says the Bitcoin community should also make efforts to limit the power of mining operations.
Wait, what? So right now it takes 1/3 of the mining power for selfish mining to work but Eyal is proposing a change that reduces the power needed? I don't get it.
They are already paid by the end user and by the distributors like Netflix, who pay for their bandwidth usage. What the carriers want is to be paid three times.
Unfortunately stories like this just highlight how little even self-declared tech people know about how the "Internet" works.
Agreed, this is an attempt to copy Fluke's recent multimeter design.
Apparently Fluke doesn't think so.
Like something out of the movie Inception...
If you're going to use a movie reference, there's a much better one out there. The movie Dredd revolved around a new drug called 'Slo-Mo', which caused a time dilation effect in users identical to the effect described in the article.