Since January 2006, behavior-detection officers have referred about 70,000 people for secondary screening, Maccario said. Of those, about 600 to 700 were arrested on a variety of charges, including possession of drugs, weapons violations and outstanding warrants.
So what they are really saying is that this technique has a 99.9% false positive rate. Nice.
Bruce Sterling has just discovered a web site that has been amusing many of us for years. 10 years in fact.
For those who haven't seen this before, the site documents obnoxious installations of GATSO speed cameras in places where its obvious purpose is revenue generation rather than safety. The result is that someone usually hangs a tire around the camera, fills it with diesel, then adds a flare. Burns quite nicely. Peruse the site though for more creative solutions like chain saws.
WHOIS information
Domain name: speedcam.co.uk
Registrant: James Bancroft
Trading as: James Bancroft
Registrant type: UK Individual
Registrant's address: 11 Belmont Close Rawcliffe York North Yorkshire YO30 5QR GB
Relevant dates: Registered on: 21-Oct-1999 Renewal date: 21-Oct-2009 Last updated: 27-Sep-2007
Registration status: Registered until renewal date.
Name servers: dns.site5.com dns2.site5.com
WHOIS lookup made at 19:26:32 24-Dec-2007
-- This WHOIS information is provided for free by Nominet UK the central registry for.uk domain names. This information and the.uk WHOIS are:
Copyright Nominet UK 1996 - 2007.
You may not access the.uk WHOIS or use any data from it except as permitted by the terms of use available in full at http://www.nominet.org.uk/whois, which includes restrictions on: (A) use of the data for advertising, or its repackaging, recompilation, redistribution or reuse (B) obscuring, removing or hiding any or all of this notice and (C) exceeding query rate or volume limits. The data is provided on an 'as-is' basis and may lag behind the register. Access may be withdrawn or restricted at any time.
I read an article somewhere (I think it was a fark link) where someone broke a CFL, called some agency to see how it should be disposed.
A hazmat cleanup team was dispatched, costing the home owner many thousands of dollars.
Obviously this was an overaction, but I bet we'll hear of many more such incidents.
The folks at nerdvittles.com, an alternative asterisk distro, have weighed in on the subject with a blog post on how good of an idea this was. They provide a very succinct summary of their position in the following:
This clever software should have been reviewed by senior management before it ever saw the light of day. The episode gives all of us a golden opportunity to stop and think about what we're doing and what our fundamental obligations are to those who use our code. Hopefully, Fonality will turn this BOT off... permanently! The problem, of course, is that it's hard to unring a bell. This BOT is already in the wild. Luckily there's a very quick solution in this case. Here's the command that should be added to tomorrow morning's Fonality script: rm -f/var/adm/bin/registry.pl. We'll all sleep better.
The freePBX team has also commented on the issue. In short they want to make it clear that running arbitrary commands sent from the Fonality server is a trixbox/Fonality issue and has nothing to do with freePBX. FreePBX's "phone home" functionality is just a "check for updates" sort of thing.
In the above thread it is mentioned that FreePBX phone's home as well. Instead of splitting hairs over definitions, let me make it perfectly clear what FreePBX does. Most of you are aware of our Online Module Repository that provides easy updates to new versions of FreePBX and its modules (vs. pulling tarballs manually).
Of course if the modules are not digitally signed and verified, then a man in the middle attack is still possible and malicious versions of modules with a little "extra goodness" added could be sent to the pbx for automatic installation.
This is a key point. A cron entry runs a process on the PBX every 24 hours that connects out to trixbox and picks up an arbitrary list of commands. It executes those commands (under whatever authorities it wss installed with) and returns the results. Sure hope their server is up to date on patches. That assumes DNS sent back the right server to begin with and not a spoofed site with a "different" set of commands.
In what universe does this seem like a good idea?
So it's sending back some generic data with no personal information so they can do a best estimate of where they need to be spending their time.
What's the problem here? - LingNoi
While it is pretty trivial for anyone with basic linux knowledge to disable it, the issue is that a) we didnt inform people well and b) we didn't make it easy to turn off. - kerryg
The problem is that they forgot basic civility and politeness. They didn't ask for permission to collect information about my installation. I may chose to participate, I may not. It should be my choice though.
Next, the University attempts to call into question Plaintiffs' pre-litigation discovery efforts to discover copyright infringement over peer-to-peer ("P2P") networks in an effort to convince theCourt to reconsider its grant of Plaintiffs' discovery motion. The Court should reject the University's attempts for two reasons. One, the University has no evidence whatsoever that Plaintiffs acted at all improperly during the course of this litigation. The University's arguments concerning Plaintiffs' discovery and litigation practices are based entirely on allegations and deposition testimony from different cases and amount to nothing more than pure conjecture. Two, the University's attempted challenge to Plaintiffs' discovery and litigation practices is irrelevant to any issues presently before this Court. The evidence submitted regarding what mayhave happened in different cases involving different parties, different facts, different allegations, and different circumstances has no bearing on this case.
Likewise, the University's continued insistence that the subpoena is unduly burdensome and overly broad, despite the fact that Plaintiffs have clarified the scope of information they are seeking, is unavailing. Plaintiffs are seeking only information sufficient to identify the individual(s) associated with the IP addresses listed in the subpoena, information that the University admits it already has. The University's argument that this information is overbroad and that producing this information would be unduly burdensome is specious. Over one hundred different universities around the country have responded to identical subpoenas without raising objections based on burden.
I love how the RIAA argues that what has happened and evidence that has been introduced in other cases similar to this one has no bearing because they are different cases with what may be different circumstances, then turns right around in the next paragraph and cites what has happened in other cases where universities have caved ^b^b^b^b^b responded to their requests without objection as a basis for their arguments.
The party that asked the court to do something generally cannot add new arguments into the reply memorandum. That party may reaffirm its original arguments or try to shoot holes in the opposing party's arguments, but new arguments are generally not allowed. The reason for this is that the opposing party no longer has an opportunity to respond to arguments before the court makes a decision.
There is a way for the second party to file a reply to the new arguments. It is called a surreply and the RIAA has done so as well. This allows them to address the new arguments in case the judge choses to allow the first party's reply. Without that they give the first party an opportunity to enter something uncontested nto the record.
IANAL so I wonder whether it would be better tactics to request and file a surreply just in case, or to use the new arguments issue as a possible basis for appeal later?
2. Should I be upset that this guy needed to use my tax money to hire an outside company to do something when my tax money goes for a goverment IT person making $100K+ that could do it or that the person could have used the theoretical $700 hammer to get the job done?
Because the in-house IT guy probably knows that a nice, clean backup of the drive prior to wiping is his ticket to an early retirement. For the less cynical of you, he is a lot more likely to know that this is a no-no and call someone about the issue.
Sometime I'll also have to write a script to parse the tapelist.log file orkaudio generates, and make a nice little index associating the audio files to the phone number called, and then I'll have a nice history of all my phone conversations.
Just grab and install
OrkWeb/OrkTrack. It's part of the same software suite and handles all of that for you.
The crypto community spoke out strongly against it, and the proposal, despite having a great deal of political muscle behind it, did not fly very far. Another sensible reason for its failure to gain acceptance was that it would have had no chance of success on the international market. Even if domestic use could have been forced through legislation, let's say, no other nation with a clue would pick it up.
As I recall it just sort of came apart when Matt Blaze published a paper entitled "Protocol Failure in the Escrowed Encryption Standard ", documenting a way to bypass the backdoor functionality of the escrowed keys. The encryption of the call still worked, but law enforcement couldn't decrypt the data. With the backdoor welded shut, the government lost interest quickly.
Thats why they need to get multiple data points to make a recommendation. If you rented a lot of the "I'm a Mac Guy" movies and rated them highly, then there is a bigger chance that that is the reason you liked that movie. If you refused to rent, or rated poorly the movie "Rugrats Gone Wild" then you probably aren't a rabid Bruce Willis fan etc. The entire goal of the project is to find films you like without you having to do a mini-review of every movie you have rented/saw.
One of the common approaches to recommender systems is SVD, or
Singular Value Decomposition. SVD tries to isolate "features" in the training set that best represent a particular trait of the data and its value, such as the examples above. You may not have any idea what the feature actually represents, but that is fairly common in machine learning. It is an iterative process. Once you have defined one feature as well as you can, you move on to a new one. There are diminishing returns with this approach though, and identifying too many features can overspecialize your system and yield worse results. If your results are not good enough, you can try a different approach. Once you have tried several approaches that are almost good enough, you can try combining the different results to varying degrees to get a hopefully better result. That is what the leaders have done so far.
Printers, scanners, cameras, and other USB imaging devices are handled entirely in user space, apart from the kernel calls that libusb makes. The skill set for these is separate from the skill set needed for devices that need kernel support.
How many Linux driver project developers does it take to screw in a light bulb?
None. Light bulbs are a userspace problem.
As I understand it, they are also using fast flux DNS to move these nodes around on a regular basis. By the time you track one down, it is no longer a node in the network, just another compromised system.
More people should use it; it does a better job of allowing discussion than most web forums out there, and there's little threat of centralized control over the discussion
As a counter-example, try taking a look at sci.crypt sometime. The signal/noise ratio is sometimes 1/200 due to automated postings through open relays and email to news gateways. They aren't even spam, just automated drivel. All it takes is one asshat to bury an unmoderated group.
p.s. If you're going on usenet, take a big killfile and use it judiciously.
Slashdot Mirror
For those who haven't seen this before, the site documents obnoxious installations of GATSO speed cameras in places where its obvious purpose is revenue generation rather than safety. The result is that someone usually hangs a tire around the camera, fills it with diesel, then adds a flare. Burns quite nicely. Peruse the site though for more creative solutions like chain saws.
WHOIS information
The freePBX team has also commented on the issue. In short they want to make it clear that running arbitrary commands sent from the Fonality server is a trixbox/Fonality issue and has nothing to do with freePBX. FreePBX's "phone home" functionality is just a "check for updates" sort of thing. Of course if the modules are not digitally signed and verified, then a man in the middle attack is still possible and malicious versions of modules with a little "extra goodness" added could be sent to the pbx for automatic installation.
This is a key point. A cron entry runs a process on the PBX every 24 hours that connects out to trixbox and picks up an arbitrary list of commands. It executes those commands (under whatever authorities it wss installed with) and returns the results. Sure hope their server is up to date on patches. That assumes DNS sent back the right server to begin with and not a spoofed site with a "different" set of commands.
In what universe does this seem like a good idea?
The problem is that they forgot basic civility and politeness. They didn't ask for permission to collect information about my installation. I may chose to participate, I may not. It should be my choice though.
IANAL so I wonder whether it would be better tactics to request and file a surreply just in case, or to use the new arguments issue as a possible basis for appeal later?
In other news, 92% of all drivers feel that their driving ability is above average.
None. Light bulbs are a userspace problem.
BTW they are uuencoded on the binary groups also.
p.s. If you're going on usenet, take a big killfile and use it judiciously.