Where does the headline say they shut down Tor? THe only way you could come to that conclusion with this headline is by reading that the Feds used a narcotics store to shut down the Tor network. Otherwise it clearly reads that the feds shut down a narcotics store that uses Tor. This is more a case of bad reading comprehension than poor editing.
Really? Do you know the difference between a direct object and a preposition in a sentence? As worded the direct object in the sentence is Tor. What was meant was that the Feds shut down a narcotics store. What was said was that the Feds shut down Tor. The only reading comprehension fail is yours.
I think it's a pretty big leap from a "forensics team" to "officers in the department worked in their spare time, during breaks to try and crack the puzzle".
A properly trained questioned documents examiner would find this sort of task trivial. The most common and best approach is with an
ESDA, which can reveal indented writing several pages deep. Lacking that the examiner would use oblique lighting and digital photography but again it should only take a very limited amount of time to recover the writing with the proper equipment.
I applaud their efforts and I'm glad they recovered the author's work. I just bristle a bit at this being presented as a professional forensic examination. It wasn't. It was something to do besides the crossword.
What's distinctly wrong about it? Consider, your state attorney general may bring an action against a company doing, say, illegal dumping. The attorney general isn't representing himself, he's representing the interests of all of the people in the state. In fact, the full title of these actions are frequently "the People of the State of X v. EvilCorp." Is that distinctly wrong, even though the attorney general didn't knock on your door and get you to sign on? Or is it somehow different and only distinctly wrong when the government's not involved?
The situation here is different in one of two ways. First, if this is a criminal action then I as an individual do not have an action to bring to the court. Second, if this is a civil action then it does not preclude me from bringing my own civil action against the company if I feel I have been harmed.
I think what people are claiming is wrong with the way class action suits are handled is that, by default, if you do not take opt-out then you waive your right to bring a suit to the court in the future. Unfortunately the only other way would be to have it be opt-in, in which case there will always be people who are missed/overlooked in the notification process. Personally I would prefer the second method but I don't get to decide such things. Unless it is a significant fault with a possible large settlement, I always choose to opt-out of the class action suit and reserve my right to file my own claim at a future date. The payout for these piddly suits make them not worth participating.
Spimming/spamming me; robocalling me, even calling me unsolicited, are not ways to get me to vote for you, no matter the party.
I agree. It's bad enough that they thoughtfully excluded themselves from the do-not-call legislation. Anyone with any sense of decency would still check the list and abide by the wishes of those who have chosen to add their numbers. On the other hand, if they had any sense of decency, they probably wouldn't be in politics in this day and age anyway.
I'm actually surprised nobody has taken this "showroom" concept to the OBVIOUS next level: a storefront with no backroom inventory, that solicits single sample floor models from various online retailers, and for a set monthly fee, puts a QR code Sticker on each floor model. Maybe even going so far as to team up with Amazon or somebody similar to provide the small manufacturer single-point-of-distribution services.
Unfortunately I think this would be interpreted as establishing a point of presence in that state. Now the internet retailer is likely to have to collect sales taxes, etc. Major disincentive there.
Two laptops were stolen, an iPad, a power brick, a safe (complete with several years worth of taxes, my birth certificate, and old copies of my driver's license),
I guess nobody mentioned that you're supposed to bolt the safe something solid like the floor.
What is the security risk? All Gawker gets is whether you were authenticated or not. They don't get access to your account or any of the nonsense FUD being spread around.
Well, you could start with this study for example.
I have my phone set to autowipe itself after 10 wrong passcode attempts. Does this avoid that auto deletion? Because someone doing it by hand would trigger that and the phone would theoretically wipe itself. (Not tested, but it will start to make dire warnings about wiping the device after several failures.)
I doubt this tool will trigger the autowipe. For the iOS device they are using
DFU mode
to access the device which bypasses pretty much everything. They are loading some custom code into the device and then executing it to get the passcode. See Jonathan Zdziarski's book on iPhone Forensics for details on how to do this without corrupting a defendant's system in the process. Fortunately apple provides a small, secondary amount of storage that you can load some code into and execute without touching the primary storage. I chose not to link to Zdziarski's book because at this point it is mostly out of date.
If the manufacturers (Apple and Google) were truly interested in patching these "undisclosed" vulnerabilities, they could purchase this software and run it on test/dev devices to see how it's done.
I think the confusion here is probably what is meant by "undisclosed". The "vulnerability" that is being used is undisclosed to the phone owners, not the manufacturers. The manufacturers already know about it and were likely told to leave it alone. It may have even been put there by them in the first place.
What really needs to happen is for someone else to get one of the devices, determine what the vulnerability is, and either create an active exploit or use it as the basis of a jailbreak. This would either force the manufacturer's hand and get the vulnerability closed or give us a jailbreak that remains unpatched for an extended period of time.
To what degree do developers of iOS applications have any obligation whatsoever to fill this form out and return it? What happens if you simply give them the same response given in
Arkell v. Pressdram?
Hopefully the jailbreaking community will only use one exploit at a time so that when Apple patches the first, they can use the next and so on. What I would like to know is whether there are multiple groups working on this, and if so, do they communicate their exploits so that no more than one is revealed to Apple at a time?
I wonder if Starbucks has statistics about the consumption of decaf?
I would expect so since some time ago they stopped brewing pots of decaf coffee after noon local time. I would hole that this decision was based on some hard data. It didn't make sense to me though. I prefer decaf later in the day so I can hopefully get to sleep at night.
but what the drug companies are really hoping for is that a layperson will be convinced they have X (even if their regular doctor tells them they don't)
But then they didn't need it and the number of people who need the drug remains unchanged.
I think you're missing the point. The defense attorney's would have asked for proof that the devices had been calibrated. And the falsely filled-out paperwork would have been turned over, showing just that. You're saying that the defense attorney's should have asked for proof that the documentation wasn't fraudulent. Which would have been... what? Paperwork from a non-existing third party auditor? That's why the cases are in question.
What I suspect you will see is that defense attorneys will not stipulate the calibration forms for a while. They will call the officer into court to testify, under oath, that the calibration was done. With any luck that happened in at least some of these cases and the prosecutors can hang perjury charges on the individuals responsible.
Reread the bit about spread over 4 Continents... remember time zones?
While I agree with the rest of your comment, I don't think this plays into it. Time zone differences are the same challenge regardless of whether the individuals are in offices on those four continents or working from home.
Better yet, get rid of the ridiculous idea of "data plans" in the first place. Charge users a certain per-megabyte fee on their bill for the data they use and offer them the option to pre-purchase data per-gigabyte at a discount.
But they would lose money from that over the current scheme. With the current tiered plan, they get everyone to pay for 3Gb per month, whether they use it or not. AT&T offers two tiers for smartphones: 300Mb and 3Gb. If I had to guess I would say that most smartphone owner use just over 300Mb per month. This allows AT&T to use FUD and the threat "per Mb" overage charges to get people to buy 3Gb of capacity. Will they use that capacity? Unlikely, but it nets AT&T an additional $10 per subscriber. What they want to get rid of are the people who actually use close to their capacity. Even worse are those darn "unlimited" users who don't have to pay to go over 3Gb. It looks like AT&T is trying to find a way, short of just eliminating the grandfathered plans, to migrate those users their current plans without losing them.
Slashdot Mirror
Where does the headline say they shut down Tor? THe only way you could come to that conclusion with this headline is by reading that the Feds used a narcotics store to shut down the Tor network. Otherwise it clearly reads that the feds shut down a narcotics store that uses Tor. This is more a case of bad reading comprehension than poor editing.
Really? Do you know the difference between a direct object and a preposition in a sentence? As worded the direct object in the sentence is Tor. What was meant was that the Feds shut down a narcotics store. What was said was that the Feds shut down Tor. The only reading comprehension fail is yours.
Sure. I live in Texas.
Cool
I own several guns.
That was assumed from the previous statement. In fact I thought it was mandatory.
I applaud their efforts and I'm glad they recovered the author's work. I just bristle a bit at this being presented as a professional forensic examination. It wasn't. It was something to do besides the crossword.
If the employer has any sense of ethics you will be fine.
Based on the original question, I think we already have the answer to this one, don't we?
What's distinctly wrong about it? Consider, your state attorney general may bring an action against a company doing, say, illegal dumping. The attorney general isn't representing himself, he's representing the interests of all of the people in the state. In fact, the full title of these actions are frequently "the People of the State of X v. EvilCorp." Is that distinctly wrong, even though the attorney general didn't knock on your door and get you to sign on? Or is it somehow different and only distinctly wrong when the government's not involved?
The situation here is different in one of two ways. First, if this is a criminal action then I as an individual do not have an action to bring to the court. Second, if this is a civil action then it does not preclude me from bringing my own civil action against the company if I feel I have been harmed.
I think what people are claiming is wrong with the way class action suits are handled is that, by default, if you do not take opt-out then you waive your right to bring a suit to the court in the future. Unfortunately the only other way would be to have it be opt-in, in which case there will always be people who are missed/overlooked in the notification process. Personally I would prefer the second method but I don't get to decide such things. Unless it is a significant fault with a possible large settlement, I always choose to opt-out of the class action suit and reserve my right to file my own claim at a future date. The payout for these piddly suits make them not worth participating.
Harumpf. Wake me when a computer can win at Mao.
Spimming/spamming me; robocalling me, even calling me unsolicited, are not ways to get me to vote for you, no matter the party.
I agree. It's bad enough that they thoughtfully excluded themselves from the do-not-call legislation. Anyone with any sense of decency would still check the list and abide by the wishes of those who have chosen to add their numbers. On the other hand, if they had any sense of decency, they probably wouldn't be in politics in this day and age anyway.
I'm actually surprised nobody has taken this "showroom" concept to the OBVIOUS next level: a storefront with no backroom inventory, that solicits single sample floor models from various online retailers, and for a set monthly fee, puts a QR code Sticker on each floor model. Maybe even going so far as to team up with Amazon or somebody similar to provide the small manufacturer single-point-of-distribution services.
Unfortunately I think this would be interpreted as establishing a point of presence in that state. Now the internet retailer is likely to have to collect sales taxes, etc. Major disincentive there.
Two laptops were stolen, an iPad, a power brick, a safe (complete with several years worth of taxes, my birth certificate, and old copies of my driver's license),
I guess nobody mentioned that you're supposed to bolt the safe something solid like the floor.
What is the security risk? All Gawker gets is whether you were authenticated or not. They don't get access to your account or any of the nonsense FUD being spread around.
Well, you could start with this study for example.
I have my phone set to autowipe itself after 10 wrong passcode attempts. Does this avoid that auto deletion? Because someone doing it by hand would trigger that and the phone would theoretically wipe itself. (Not tested, but it will start to make dire warnings about wiping the device after several failures.)
I doubt this tool will trigger the autowipe. For the iOS device they are using DFU mode to access the device which bypasses pretty much everything. They are loading some custom code into the device and then executing it to get the passcode. See Jonathan Zdziarski's book on iPhone Forensics for details on how to do this without corrupting a defendant's system in the process. Fortunately apple provides a small, secondary amount of storage that you can load some code into and execute without touching the primary storage. I chose not to link to Zdziarski's book because at this point it is mostly out of date.
If the manufacturers (Apple and Google) were truly interested in patching these "undisclosed" vulnerabilities, they could purchase this software and run it on test/dev devices to see how it's done.
I think the confusion here is probably what is meant by "undisclosed". The "vulnerability" that is being used is undisclosed to the phone owners, not the manufacturers. The manufacturers already know about it and were likely told to leave it alone. It may have even been put there by them in the first place.
What really needs to happen is for someone else to get one of the devices, determine what the vulnerability is, and either create an active exploit or use it as the basis of a jailbreak. This would either force the manufacturer's hand and get the vulnerability closed or give us a jailbreak that remains unpatched for an extended period of time.
but his payout appears to be coming from the taxpayers of Boston,
FTFY
To what degree do developers of iOS applications have any obligation whatsoever to fill this form out and return it? What happens if you simply give them the same response given in Arkell v. Pressdram?
...and the NSA is just one tool ...
I have to disagree with you here. The NSA is a whole bunch of tools, not just one.
Hopefully the jailbreaking community will only use one exploit at a time so that when Apple patches the first, they can use the next and so on. What I would like to know is whether there are multiple groups working on this, and if so, do they communicate their exploits so that no more than one is revealed to Apple at a time?
I'll take a guess that it will take less than a year for the total collapse of the music industry due to sales falling to near zero
In other news, VPS and VPN providers located outside of the US have a record year. Low End Box is a good place to start.
I wonder if Starbucks has statistics about the consumption of decaf?
I would expect so since some time ago they stopped brewing pots of decaf coffee after noon local time. I would hole that this decision was based on some hard data. It didn't make sense to me though. I prefer decaf later in the day so I can hopefully get to sleep at night.
but what the drug companies are really hoping for is that a layperson will be convinced they have X (even if their regular doctor tells them they don't)
But then they didn't need it and the number of people who need the drug remains unchanged.
I think you're missing the point. The defense attorney's would have asked for proof that the devices had been calibrated. And the falsely filled-out paperwork would have been turned over, showing just that. You're saying that the defense attorney's should have asked for proof that the documentation wasn't fraudulent. Which would have been ... what? Paperwork from a non-existing third party auditor? That's why the cases are in question.
What I suspect you will see is that defense attorneys will not stipulate the calibration forms for a while. They will call the officer into court to testify, under oath, that the calibration was done. With any luck that happened in at least some of these cases and the prosecutors can hang perjury charges on the individuals responsible.
Why can't you scan people twice at two different angles (a la mugshots)? Then any weapons strapped to the side of the person will be revealed.
Because people are already concerned about the amount of exposure they are getting from one scan, let alone two.
I'm a fan of Jeff Noon's Vurt series:
Vurt
Pollen
Automated Alice
Nymphomation
The best of the bunch is probably Nymphomation, which is a prequel to Vurt that can be read as a stand-alone novel.
+1
I really like Jeff Noon's imagery although it takes a bit of time to wrap your head around it.
"Nova" was also very interesting.
Reread the bit about spread over 4 Continents... remember time zones?
While I agree with the rest of your comment, I don't think this plays into it. Time zone differences are the same challenge regardless of whether the individuals are in offices on those four continents or working from home.
Better yet, get rid of the ridiculous idea of "data plans" in the first place. Charge users a certain per-megabyte fee on their bill for the data they use and offer them the option to pre-purchase data per-gigabyte at a discount.
But they would lose money from that over the current scheme. With the current tiered plan, they get everyone to pay for 3Gb per month, whether they use it or not. AT&T offers two tiers for smartphones: 300Mb and 3Gb. If I had to guess I would say that most smartphone owner use just over 300Mb per month. This allows AT&T to use FUD and the threat "per Mb" overage charges to get people to buy 3Gb of capacity. Will they use that capacity? Unlikely, but it nets AT&T an additional $10 per subscriber. What they want to get rid of are the people who actually use close to their capacity. Even worse are those darn "unlimited" users who don't have to pay to go over 3Gb. It looks like AT&T is trying to find a way, short of just eliminating the grandfathered plans, to migrate those users their current plans without losing them.