Today's lecture is on dealing with accidental vulnerabilities you accidentally stumbled into while accidentally probing a system that accidentally happens to have a lot of potential interest. You know what I mean.
I read a lot of indignant posts and a few moany warning ones on the subject. The authors of either kinds of post have obviously lost touch with the American Way.
When you find a vulnerability, the first thing to do is to disassociate yourself from it. Wipe your data and close down your account (many posts correctly advised this). Then get two sets of some cheap one-off hardware (second-hand paid-in-cash stuff is best). Use one of those to assess the economic potential of your find as best as you can (or you'll get fleeced later on).
Then you Monetize your find. Quickly, before someone else beats you to it. That's the American Way right there.
Use the second piece of old kit you bought to surf the web. There are certain websites, often in Eastern Europe, on which you will find people who'll use a peculiar form of English but who will be prepared to pay smallish but reasonable amounts for such information. Depending on e.g. whether the flaw leads to credit card data (that's why you ascertained the economic potential of your find first) or advanced military technology (in which case you may be able to get better quotes from buyers in the Middle East or the Far East).
Be aware that there is a certain protocol to be followed when conducting this sort of transaction. Contacting them from home, work, or any other place that can easily be traced to you is a beginner's mistake. Secondly, don't *ever* give out information like your real name, physical address, bank account or credit card to them. They won't do that either, and besides, you'll *really* value your privacy when dealing with them.
Use e.g. an old second-hand laptop and work from an Internet cafe or use a prepaid smart phone with Internet browsing facilities. Don't ever use that hardware for *anything* but completing this one transaction. Wipe, disassemble, smash, and ditch said hardware component-wise as soon as the transaction is completed.
The trick is of course to get the money to where you can spend it. Having it wired into your account will show up and may be a bit difficult to explain. Even when done from a US account (you can negotiate for this but it costs extra). They will pay you in bitcoin or E-gold if you insist, but that too is tricky. Asking for cash in the mail is asking to be fleeced, and likewise a bit conspicuous should they actually do it (amateurs).
I'm leaving the question of arranging secure and discreet transfer as homework. Additional points will be awarded (optionally off the record or against a discreet little cash bonus) for really good solutions. Remember: should government officials come calling at your doorstep you'll automatically fail the course and all traces of your enrollment will mysteriously have vanished. No refunds.
Everyone knows that patents allow one to monitize valuable intellectual property and that NPE's generate wealth by agressively monetizing valuable intellectual property.
What can possibly be wrong with that? Nothing really, so there you go.
So I don't need to see no leftie 'study' that tries to argue that right is wrong and left is right, ok? I have my own truth.
Everybody and his granny knows that when you fill a country with computers and then let them manage actuators (you know: things that control real-world stuff), you introduce real-world vulnerabilities to cyberspace mayhem.
So you'd think that every single government branch in charge of some computer-controlled actuator would take very special care that said actuators can't be accessed by unauthorised people who happen to roam about, right?
Starting with secure routers, credible VPN connections, limited sets of clients that the routers will accept communications from, good and varied passwords (the kind that need to be written down and kept in a safe until it's time to use them), access logs being kept and checked on a regular basis, etc. Just like the physical access control such people get off on. All known stuff.
Add to that a way of ensuring that the government (local, state, federal) has a more or less guaranteed communication backup (e.g. private fiber, special priority circuits in telephone switchboards, or simple packet radio in restricted bands). Then ensure that critical communications like banks have a reasonable level of protections too. Transcribe all that into the telecoms act, make authorities responsible for abiding by those regulations and appoint somebody to check that they do. Costs a bundle but gives you peace of mind.. and (as a nation) insurance against basic attacks.
Except that people don't. That, incidentally, is why Gary McKinnon could stroll into various government systems: they were unprotected. Everyone knew and no-one cared. And guess what: our carefully cost-conscious government does the very same thing with the nation's actuators. Starting with traffic lights and going up all the way to the power grid.
Well people are stupid, lazy and focused on the short term. We know that. That's why we have regulations for so many things.
But Ok,... if we collectively decide (for reasons of cost and convenience) to leave everything wide open, that's what we do.
But here's Panetta who thinks we ought to do the prudent thing, against our natural tendencies. So what happens? Does he settle the issue by having a quiet word in circles of power that generates bi-partisan support for basic communications security?
No. Of course not. People don't want to hear about reasons why anything should be added to their workload or anything should be done in anything but the cheapest, most thoughtless and most slapdash way.
So Panetta needs to drum up public support and he goes to the press with essentially the same story (that ought to be recognised as prudent by every representative anyway) and dresses it up in lurid foam-at-the-mouth war-rethoric. Doom! Pearl Harbour! Enemies are out to get us! The Chines/Russians/Islamists [cross out whichever is not applicable] are coming for us. To Arms!
It makes me so tired. Why can't we just secure our vital communications without raising the specter of war? I don't know whether to laugh or cry.
Average commuting trip length is about 14 miles in rural environments and about 10.3 in urban environments. Now that's short.
With such distances air transport is totally ridiculous, and rail transport is not viable. With one exception: when there are large numbers of trips that run parallel for the main part of the journey.
This is why most of the US is (deliberately or otherwise) impossible to serve by public transport: it's so spread out that you get almost nil overlap, and hence almost nil opportunities for public transport.
Exceptions are big cities (New York (subway), San Fransisco (Bay Area Rapid Transport), Boston) that have a structure that allows public transport to compete.
So: we're committed to cars and we'd better maintain our roads if we want to to use them.
The information that you don't wish to be tracked is useful and ought to be worth something to someone. So sites will need to keep an eye on such visitors, right?
No Panic! No Panic! The Estonians are gaining on us! They're teaching programming at the age of 6.
And I hear that the Chinese now teach programming in kindergarten.
Maybe we've got to bite the bullet and find a way to teach programming in the womb. It's the only way we can maintain our lead, right? And we can give the child-bearers a refresher course too while we're at it.
Largely agreed, and I think it's an important point.
I will never forget how I tried to install JGR, which is a graphical shell for the statistical package R.
I tried this under Windows XP, and the whole process took 10 seconds and everything worked.
I tried the same thing under Linux and first found that there was no package, my distro didn't include it (for JGR was experimental at that time) so I had to use a tarball.
Downloaded the tarball, did configure and make... and was confronted by a load of errors. First from the configure script (it wanted to see certain dependencies, which is good). I was unable to locate the exact *old* library versions (I was off by one or two MINOR version steps). So I edited the configure scripts to use the slightly-off library. Then I go to the compiler, which threw errors about definitions. Went in and solved that. Then when I finally made it to the linker I got a few additional errors.
It took me 2 whole days to hunt down those very specific version of obscure libraries X,Y and Z that would link. And even then, when everything compiled and gave me an executable, the graphics still wouldn't work.
So I gave up (I couldn't afford to spend any more time on this issue with uncertain results) and continued my work under Windows. If my objective had been to tinker with my system, I would have sen this as a fun challenge. As it happened, I was a bit under pressure to show a GUI for R within the group of people I was working with at that time. I didn't care one iota about why the stuff didn't work, I just needed it to work asap. Throw in the additional fact that most people I worked with were using Windows and the deal was clinched.
This is why it's necessary to keep an API stable: so that anyone who doesn't care about the source or the philosophy can be confident he can install an application and get it to work within minutes without further hassle.
P.S.
Please note that this is in no way to reflect adversely on the JGR package: at that time the Linux version was clearly marked "Experimental", the Windows version having been developed first.
And you actually believe that checking the "Disable it" box will disable this facility? Or that it will not be re-enabled with just about any update?
This, unfortunately, is where the disadvantage of closed-source strikes: you cannot really verify that a device serves you instead of someone else. As soon as you install a binary, or a patch, you hand over control of your device to whoever wrote the code. We all know that. You basically need to trust the one pushing the patches to you.
Now that's not the end of the world. We've all been using proprietary (paid) software for ages and we're not exactly worse off because of that.
Unfortunately Microsoft (like most other corporate entities, from Facebook to Sony to the tobacco industry to our dear trustworthy banks) have shown that they cannot be trusted any further than they are bound by their own (commercial) interests.
And then only to the extent that their actions can be verified by independent means (such as monitoring the Internet traffic they generate). Even now (in the face of objective evidence) Microsoft trots out the denials and the weasel-wording. Imagine what they'd say if someone hadn't stumbled on to their cute little logging practice.
Unfortunately it's not in Microsoft's interest to forego a data-source like this. Far too much consumer information to be mined from this kind of thing. And besides there's the all-time favourite deal-clincher: "others are doing it too".
So there's a universal trend against this "disable it" checkbox having much significance.
My compliments: you went back to the original (scientific) article, rather than the editorial articles everyone quotes from. People tend not to do that on Slashdot.. too much effort I fear.
The article is indeed behind a paywall but one of the authors (Pinto) makes it available from his personal website.
and here is the link to some supplemental material like proofs, algorithm, complexity analysis, and application to a cholera outbreak in Kwazul-Natal to locate the source of the outbreak.
If you read the source (the Groklaw article) you will see that it's far from over yet. SCO is asking the judge to be allowed to keep the litigation alive, despite SCO being in chapter 7.
If anything this sets an awful precedent: as in create a shell company (or bankroll an existing one) have it start litigating, pay the lawyers in a share of the proceeds, sink it in chapter-7 protection when the money runs out, and let the litigation roll on. Especially effective against Open Source.
If you feel this is far-fetched, please read up on the case (e.g. on Groklaw) because this is exactly what happened here but for the judge's assent. And this particular judge has been favouring SCO ever since he inherited the case.
What was that again you said about "good riddance" ???
the large scale impact of plane hijackings that you describe are impossible now.
No it's not. It's just more difficult.
Don't put your faith in locked doors please, not when an ounce of thermite can burn right through that aluminium door in seconds.
And yes, with passengers clued-up about their odds of survival when they sit quietly, it's much more difficult to carry off a hijacking.
Only... if you relax security to the point where people can actually smuggle guns (e.g. plastic ones) onto an aircraft, I think that your calculation changes.
In summary: hijacking an aircraft remains "attractive" in terms of potential payoff, simply because the underlying physics of crashing an aircraft into something have not changed. It has become more difficult, but the situation is like a compressed spring, with the TSA doing the compressing. Release the pressure and it will snap back to its original position.
I'm sorry, but I still think that passenger checks on domestic flights are, by and large, needed.
I fully admit that we could loose the security theatre and do the security checks better than we do now and be a lot less obnoxious about them too. Unfortunately this would take more money because you'd need better qualified people. And alas, that's an investment we, as a society, are unwilling to make.
The girl with the insuline pump is a good example of what's wrong with the current set-up. Those in charge of passenger checking could simply have called her insurance company, doctor, or the hospital, verified that she had such a pump, given her a pat-down and routed her around the scanners. Well qualified, attentive, and more professional security staff would have done so.
I somewhat agree about the scanners. They pick up some things but not others. It would be better to have people who are up to the job of checking *people* rather than their luggage (like e.g. the security staff in Israeli airports).
Only, we both know that TSA security staff aren't very well paid, aren't well trained or well qualified, and aren't terribly motivated, but they *are* expected to follow procedures like robots, and they aren't allowed any initiative at all. Only in that way can you achieve basic quality with a lot of temps who'll be flipping hamburgers one month and screening passengers or delivering pizza's the next. Security staff don't get a lot of job security or many career opportunities, and they don't get paid extra for having qualifications. So they don't get them.
Now why would I be in favour of passenger security checks if guns and explosives are so easy to come by?
Simple: for a terrorist hijacking an aircraft (and optionally crashing it into a building or a stadium) gives a high return in terms of 'terror' for a fairly modest expenditure of personnel and assets. For better or worse, the idea of hijacking has a lot of mindshare, both with the public and with potential terrorists.
Now for the damage potential it doesn't matter much whether you're talking about an international or a domestic flight. So you need checks on domestic flights too, or your basic terry will switch from international to domestic.
Now you seem to suggest the following policy: only check passengers with a foreign passport. To state it like that is to refute it because there is nothing holy about US id's: they can be forged or stolen, like any others. The fact that the local terries haven't yet attempted a highjacking is hopeful. Perhaps it's something that's psychologically impossible for them to do (I would certainly like to think so), but how certain are we? So far we've decided we need to check everyone.
And yes, airport lobbies are one of those places where you will find a lot of people and not enough security to prevent you from wheeling in a whacking big bomb in your suitcase.
There are one or two things that argue against it though. First: the potential number of casualties is limited by the blast radius of your bomb. It may be up to a hundred or more, but you have no chance of netting thousands. With a hijacked aircraft, you have. Second: people won't perceive the threat in the same way as with an aircraft being hijacked. A bomb explosion is over very quickly, and people have no time to feel helpless. My guess is that this is one of the things that gives highjackings such mindshare on *our* part. And if it has *our* mindshare, it's attractive for a terrorist.
And yes, from a pure cost-benefit point of view money spent on increasing traffic safety will probably give you higher returns. But unfortunately we're not talking about a situation where we're up against blind chance. We're in a game-theoretic situation where we must deal with people who are deranged and/or malicious and who are seeking the best cost/benefit form of attack. Leaving an opening you can fly an airliner through simply won't do.
In technical terms: the question isn't: "Is the expected value of m
While Timothy McVeigh's 1995 bombing of the Alfred P. Murrah Federal Building in Oklahoma City was unusual in its lethality, it was unfortunately far from the only plot hatched by extremists on the right. The Southern Poverty Law Center documents 75 plots, of varying degrees of operational advancement, between July 1995 and June 2009 and an additional 22 from 2009 through November 2011.
Alleged plot to blow up bridge foiled
5 held in bomb plot on Ohio bridge
A study by the Institute for Homeland Security Solutions, a research consortium in North Carolina, found that from 1999-2009, in the United States there were 17 al Qaeda-inspired plots undertaken, 20 plots initiated by white supremacists and 17 by violent anti-government militants. Recent attacks include the 2009 shooting of a guard at the U.S. Holocaust Memorial Museum and the murder by "sovereign citizens" in 2010 of two Arkansas police officers at a traffic stop. In January 2011, a bomb laced with rat poison was found in a backpack along the route of a Martin Luther King Jr. parade in Spokane, Washington.
I hope that people, especially in the US, take the opportunity to actually think this through. But I'm not very optimistic.
With this sort of gadgets, the issue of control becomes even more important than for external gadgets like phones, ipads, net-enabled dishwashers and other appliances.
The reason is that you can't really remove the stuff, it knows where you are and who you are, you can't easily control what it tells the world about you, and you can't easily ignore the inputs it provides. In other words, it provides a very direct window into your physical presence that you may or may not have control over. You can be very certain however that you won't be able to control it with your mind. It will transfer data and commands using radio waves.
Now the question is: will this gadget do what you want, or will it do what somebody else wants. Like e.g. Apple, Google, or Microsoft? Since the gadget will communicate using radio waves (which you can't perceive unless with a special piece of equipment) people outside your body will actually be in as good a position to control the device as you are. If not better.
The essence of how this device will act, depends on its programming. Now, do you see companies falling over each other to make that device Open Source? No? Well, then the device will be closed-source, and your level of control has just taken a backseat to that of whoever built and programmed (or services) the thing.
If that doesn't sound serious to you yet, consider where the money leads. What will make companies that build such stuff more money: giving users who wear this stuff full control, or keeping full control and selling bits and parts of that to whoever pays most (users, commercial entities, security firms, employers, advertising agencies, and all levels of government, from federal agencies to city administrations). My guess is the latter. If only because use of these gadgets as security badges will hinge on the wearer *not* having full control over it.
It doesn't take much imagination to understand that such gadgets present enormous opportunities for abuse.
I believe that this level of integration calls for new legislation. For example privacy and control being enshrined in human rights laws (as the EU are likely to adopt) and/or the constitution. Plain unadorned US law (with its emphasis on protection of whoever can make money off something) I feel is a recipe for abuse with this stuff.
Now I suddenly understand the strategic importance of ACTA. If they'd signed ACTA, we'd nail 'em when they tried to sell their cheap knockoffs to the Chinese, the Russians, the North-Koreans, the Pakistani, the Venezuelans, the Cubans, the Jemenites, the Hamaz guerilla's, and... .
The only people who might be surprised at this finding are the ones who really don't think.
People who seriously seem to believe that the vast array of consumer electronics and consumer service subscriptions that make it easy to spend money is in any way neutral "technology".
Of course all these products were developed by for-profit companies. Such companies have, broadly speaking two criteria for new products they want to see developed: (1) people must want it, (2) it must make them money.
And now, after 20 years of R&D and product development by such companies there are some people who are actually surprised that said products aren't geared towards helping them being spendthrifty???
What's the big problem with speed cameras? I don't see it.
Speed cameras register speeding offenses, nothing else. Whether, and to what extent, that's met by fines is determined by local politics (which everyone of us has a say in).
I can understand people who get a ticket don't like the camera, but that can't be a reason not to install them, can it?
As I see it, all those posts that wax eloquent about beating short yellow are barking up the wrong tree. It's easy enough to set the cameras so that they only register serious speeding offenses. It's just a matter of getting local politics to set reasonable criteria.
The essence of the problem seems to be that people simply distrust their local government to set a reasonable policy for those cameras. And isn't that a far more serious problem than mere cameras?
Lectures are extremely inefficient. Just use the same textbooks as 30+ years ago. Pre-university mathematics hasn't changed that much
Lectures are an efficient ways of learning something. Especially Mathematics. Most of the time (immersing yourself in some subject matter that exemplifies some part of Mathematics can be much more effective, but it takes more time and effort too). Besides, there is good reason why textbooks haven't changed: the subject matter has largely remained the same. Only people change (and their background knowledge and attitude).
What I see with Mathematics is that it just takes too much intellectual strength and concentration for 95% of the population to master under their own steam. Even if you gave them twenty years, they'd get absolutely nowhere. People in general simply haven't the smarts, the talent, and the perseverance it takes to discover Mathematics on their own.
This has a reason: Mathematics takes an effort to learn (unless you are lucky enough to be very gifted at it, which 99.9% of humanity is not). It's the mental equivalent of rock-climbing. It's not easy. However, just like rock-climbing, it's so much easier to climb up *after* someone than to climb in the lead.
Just consider the route you take: if you climb up after someone, you're guaranteed that the path up will lead you somewhere. Climb lead, and suddenly that's not a given anymore: you will need to *search* for the path. Apart from that there is the small matter of the rope that your lead climber can let down to you... to help you over the tricky bits. You need a lot less strength, stamina, and knowledge to climb up after someone than to climb lead.
And that's why there are lectures. During a lecture, someone who has studied e.g. Mathematics guides you up, and drops you a rope. If you follow the lecture, you get to enjoy the view and (hopefully) enough understanding of what this particular part of the landscape looks like in order to apply the techniques you just learned to new problems. But no matter how good the teacher, you will have to expend the effort to hoist yourself up to the level of the subject matter. There is no "royal" way to learning.
Mathematics (even high-school Mathematics) is the product of more than two thousand years of struggle and groping by the best minds of their generation. Don't be surprised if you're not smart enough to hoist it all aboard without effort, and don't be disappointed if the stuff that's causing you trouble to learn is almost no different (apart from choice of subject matter) from the stuff that caused your grandfather trouble to learn. And unless humanity does something drastic to its brains, your grandchildren will have precisely the same trouble learning the same stuff as you do. That's not failure, that's normal.
This is because there is nothing that separates any of us from the level the Middle Ages, except for a mountain of accumulated knowledge and skills (e.g. the Scientific Method). Knowledge and skills that we learned about in school, through books, and nowadays through multimedia.
Soviet-era Mathematics shone for the same reason that Soviet-era ballet and musicians were such superb performers: it demanded (and got) extremely levels of dedication. Such focus actually *hurts*, so people in general don't do it (people aren't masochists). The people who do tend to do so either because e.g. it's their only clear ticket out of abject poverty (contemporary China or India), or their only chance to improve a life that would otherwise be without perspective life (the Soviet Union again).
If anything the US is lagging because people have it so good and because society as a whole values easy short-term results rather than hard-won long-term ones.
I believe that there is something about the fabric of US society that makes it more natural and attractive to join a gang and to goof off than to go to school, study, a
I have long been frustrated by anti-social elements who blithely refuse to shut their goshdarn trap in the library (public or university), the silence centre in airports, silence compartments in trains, near the "focus cublicles" at the office, the theatre, the opera, concerts, etc..
Then there are those boorish churls who insist on loud-mouthing at meetings when they have not been given the floor or when their speaking time is up.
This technological stop on irritating, boorish, anti-social yapping is exactly what I suspect many people have been waiting for. Highly recommended!
Since your software seems to be quite expensive, why not bind it to a hardware key (for small accounts)?
For big accounts you may want to spare your client the hassle of local hardware keys (or you might even find yourself loosing sales), but you may still be able to negotiate some form of DRM that's palatable to them (e.g. floating licenses or a server hardware key or (if you trust your client) even a simple agreement not to spread the goods plus a demonstration that the software contains hidden keys that make it traceable).
Harware keys aren't that hard to bind in: you can sprinkle your code with function calls to the library that comes with the hardware key.
Well, yeah okay, but neither does it mean they weren't being harassed. Filming a person can certainly be harassment, and often is. Whether or not the film operator was on public property is germane, but is also not an absolute defense: a person can harass another person, when the first person on public property films the second person on private property.
Well, as I see it the party feeling harassed would have to convince a court that in this specific instance operating a camera from the public road constitutes harassment of the sort that overrides the camera operator's first amendment's rights to shoot the video. And that's no easy task.
If and when the video is published there may be a conflict between the first amendment rights of the one who publishes the video and the copyrights and expectation of privacy on part of the ones that are visible in it. But redress is only possible after the fact. What I don't see is how this feeling of harassment on part of those hunters can be construed as a justification to shoot down a drone over a public road.
To get a judgement against a hunter, you would have to give legally valid and compelling evidence that an individual hunter intentionally shot the helicopter. That certainly seems likely, but a valid defense would be "Your honor, there was a pigeon in that general direction. The helicopter was an unfortunate secondary target, but I didn't put the helicopter there."
Yes and no. For a case of the authorities against those hunters you'd need to provide compelling evidence, which seems to be lacking ("heard a shot from the woodline"). For a civil case (a suit for damages) I thought you'd just need to show "preponderance of evidence", and that shouldn't be hard.
Besides, as I see it those hunters had an obligation to see to it that they didn't hit anything beyond the boundaries of their hunting grounds. Even if we give them the benefit of the doubt regards their intentions (which I don't) it seems that they failed in their duty to ensure that they hit no "extraneous" targets. So I really see no excuse there.
My final point is that this Slashdot discussion is based on this article, and this article is plainly propaganda. That's fair enough, but we need to keep the propaganda context in mind.
Quite so. However, although I admit I didn't fact-check the article, the details provided (name of the activists, locale, time, presence of the local law enforcement officers, the video footage from the drone, mention of refusal of the other party to comment, mention of pressing charges for damages, mention of presence of legal counsel of the opposing party (!), and the careful formulation of "was hovering over U.S. 601 when he heard a shot come from the wood line. The shot sounded to him that it was of small caliber.") make it very specific in its claims and easy to check. Whoever wrote this clearly distinguishes between what his observations were and what his conclusions are.
Last but not least, the presence of law enforcement officers and a lawyer said to be acting on behalf of the plantation would make it extremely foolish to try and fudge the facts on part of those activists.
For those reasons, even though this article is clearly written to serve the activist's purpose, I feel justified in believing that the facts mentioned are materially correct.
And yes, of course the issue of discharging a firearm towards a highway is solely between the hunters and the authorities, but destruction of property isn't. That's why that activist can bring charges against those hunters.
Slashdot Mirror
I read a lot of indignant posts and a few moany warning ones on the subject. The authors of either kinds of post have obviously lost touch with the American Way.
When you find a vulnerability, the first thing to do is to disassociate yourself from it. Wipe your data and close down your account (many posts correctly advised this). Then get two sets of some cheap one-off hardware (second-hand paid-in-cash stuff is best). Use one of those to assess the economic potential of your find as best as you can (or you'll get fleeced later on).
Then you Monetize your find. Quickly, before someone else beats you to it. That's the American Way right there.
Use the second piece of old kit you bought to surf the web. There are certain websites, often in Eastern Europe, on which you will find people who'll use a peculiar form of English but who will be prepared to pay smallish but reasonable amounts for such information. Depending on e.g. whether the flaw leads to credit card data (that's why you ascertained the economic potential of your find first) or advanced military technology (in which case you may be able to get better quotes from buyers in the Middle East or the Far East).
Be aware that there is a certain protocol to be followed when conducting this sort of transaction. Contacting them from home, work, or any other place that can easily be traced to you is a beginner's mistake. Secondly, don't *ever* give out information like your real name, physical address, bank account or credit card to them. They won't do that either, and besides, you'll *really* value your privacy when dealing with them.
Use e.g. an old second-hand laptop and work from an Internet cafe or use a prepaid smart phone with Internet browsing facilities. Don't ever use that hardware for *anything* but completing this one transaction. Wipe, disassemble, smash, and ditch said hardware component-wise as soon as the transaction is completed.
The trick is of course to get the money to where you can spend it. Having it wired into your account will show up and may be a bit difficult to explain. Even when done from a US account (you can negotiate for this but it costs extra). They will pay you in bitcoin or E-gold if you insist, but that too is tricky. Asking for cash in the mail is asking to be fleeced, and likewise a bit conspicuous should they actually do it (amateurs).
I'm leaving the question of arranging secure and discreet transfer as homework. Additional points will be awarded (optionally off the record or against a discreet little cash bonus) for really good solutions. Remember: should government officials come calling at your doorstep you'll automatically fail the course and all traces of your enrollment will mysteriously have vanished. No refunds.
Everyone knows that patents allow one to monitize valuable intellectual property and that NPE's generate wealth by agressively monetizing valuable intellectual property.
What can possibly be wrong with that? Nothing really, so there you go.
So I don't need to see no leftie 'study' that tries to argue that right is wrong and left is right, ok? I have my own truth.
Everybody and his granny knows that when you fill a country with computers and then let them manage actuators (you know: things that control real-world stuff), you introduce real-world vulnerabilities to cyberspace mayhem.
So you'd think that every single government branch in charge of some computer-controlled actuator would take very special care that said actuators can't be accessed by unauthorised people who happen to roam about, right?
Starting with secure routers, credible VPN connections, limited sets of clients that the routers will accept communications from, good and varied passwords (the kind that need to be written down and kept in a safe until it's time to use them), access logs being kept and checked on a regular basis, etc. Just like the physical access control such people get off on. All known stuff.
Add to that a way of ensuring that the government (local, state, federal) has a more or less guaranteed communication backup (e.g. private fiber, special priority circuits in telephone switchboards, or simple packet radio in restricted bands). Then ensure that critical communications like banks have a reasonable level of protections too. Transcribe all that into the telecoms act, make authorities responsible for abiding by those regulations and appoint somebody to check that they do. Costs a bundle but gives you peace of mind .. and (as a nation) insurance against basic attacks.
Except that people don't. That, incidentally, is why Gary McKinnon could stroll into various government systems: they were unprotected. Everyone knew and no-one cared. And guess what: our carefully cost-conscious government does the very same thing with the nation's actuators. Starting with traffic lights and going up all the way to the power grid.
Well people are stupid, lazy and focused on the short term. We know that. That's why we have regulations for so many things.
But Ok, ... if we collectively decide (for reasons of cost and convenience) to leave everything wide open, that's what we do.
But here's Panetta who thinks we ought to do the prudent thing, against our natural tendencies. So what happens? Does he settle the issue by having a quiet word in circles of power that generates bi-partisan support for basic communications security?
No. Of course not. People don't want to hear about reasons why anything should be added to their workload or anything should be done in anything but the cheapest, most thoughtless and most slapdash way.
So Panetta needs to drum up public support and he goes to the press with essentially the same story (that ought to be recognised as prudent by every representative anyway) and dresses it up in lurid foam-at-the-mouth war-rethoric. Doom! Pearl Harbour! Enemies are out to get us! The Chines/Russians/Islamists [cross out whichever is not applicable] are coming for us. To Arms!
It makes me so tired. Why can't we just secure our vital communications without raising the specter of war? I don't know whether to laugh or cry.
For those who don't know why, look at this link http://www.fhwa.dot.gov/policy/ohim/hs06/htm/nt5.htm
Average commuting trip length is about 14 miles in rural environments and about 10.3 in urban environments. Now that's short.
With such distances air transport is totally ridiculous, and rail transport is not viable. With one exception: when there are large numbers of trips that run parallel for the main part of the journey.
This is why most of the US is (deliberately or otherwise) impossible to serve by public transport: it's so spread out that you get almost nil overlap, and hence almost nil opportunities for public transport.
Exceptions are big cities (New York (subway), San Fransisco (Bay Area Rapid Transport), Boston) that have a structure that allows public transport to compete.
So: we're committed to cars and we'd better maintain our roads if we want to to use them.
... don't let any Australians have your data. You don't know where it'll go.
The information that you don't wish to be tracked is useful and ought to be worth something to someone. So sites will need to keep an eye on such visitors, right?
And I hear that the Chinese now teach programming in kindergarten.
Maybe we've got to bite the bullet and find a way to teach programming in the womb. It's the only way we can maintain our lead, right? And we can give the child-bearers a refresher course too while we're at it.
I will never forget how I tried to install JGR, which is a graphical shell for the statistical package R.
I tried this under Windows XP, and the whole process took 10 seconds and everything worked.
I tried the same thing under Linux and first found that there was no package, my distro didn't include it (for JGR was experimental at that time) so I had to use a tarball. Downloaded the tarball, did configure and make ... and was confronted by a load of errors. First from the configure script (it wanted to see certain dependencies, which is good). I was unable to locate the exact *old* library versions (I was off by one or two MINOR version steps). So I edited the configure scripts to use the slightly-off library. Then I go to the compiler, which threw errors about definitions. Went in and solved that. Then when I finally made it to the linker I got a few additional errors.
It took me 2 whole days to hunt down those very specific version of obscure libraries X,Y and Z that would link. And even then, when everything compiled and gave me an executable, the graphics still wouldn't work.
So I gave up (I couldn't afford to spend any more time on this issue with uncertain results) and continued my work under Windows. If my objective had been to tinker with my system, I would have sen this as a fun challenge. As it happened, I was a bit under pressure to show a GUI for R within the group of people I was working with at that time. I didn't care one iota about why the stuff didn't work, I just needed it to work asap. Throw in the additional fact that most people I worked with were using Windows and the deal was clinched.
This is why it's necessary to keep an API stable: so that anyone who doesn't care about the source or the philosophy can be confident he can install an application and get it to work within minutes without further hassle.
P.S.
Please note that this is in no way to reflect adversely on the JGR package: at that time the Linux version was clearly marked "Experimental", the Windows version having been developed first.
This, unfortunately, is where the disadvantage of closed-source strikes: you cannot really verify that a device serves you instead of someone else. As soon as you install a binary, or a patch, you hand over control of your device to whoever wrote the code. We all know that. You basically need to trust the one pushing the patches to you.
Now that's not the end of the world. We've all been using proprietary (paid) software for ages and we're not exactly worse off because of that.
Unfortunately Microsoft (like most other corporate entities, from Facebook to Sony to the tobacco industry to our dear trustworthy banks) have shown that they cannot be trusted any further than they are bound by their own (commercial) interests.
And then only to the extent that their actions can be verified by independent means (such as monitoring the Internet traffic they generate). Even now (in the face of objective evidence) Microsoft trots out the denials and the weasel-wording. Imagine what they'd say if someone hadn't stumbled on to their cute little logging practice.
Unfortunately it's not in Microsoft's interest to forego a data-source like this. Far too much consumer information to be mined from this kind of thing. And besides there's the all-time favourite deal-clincher: "others are doing it too".
So there's a universal trend against this "disable it" checkbox having much significance.
The article is indeed behind a paywall but one of the authors (Pinto) makes it available from his personal website.
Here is the link to the Physical Review Letters article: http://www.pedropinto.org.s3.amazonaws.com/publications/locating_source_diffusion_networks.pdf
and here is the link to some supplemental material like proofs, algorithm, complexity analysis, and application to a cholera outbreak in Kwazul-Natal to locate the source of the outbreak.
If you read the source (the Groklaw article) you will see that it's far from over yet. SCO is asking the judge to be allowed to keep the litigation alive, despite SCO being in chapter 7.
If anything this sets an awful precedent: as in create a shell company (or bankroll an existing one) have it start litigating, pay the lawyers in a share of the proceeds, sink it in chapter-7 protection when the money runs out, and let the litigation roll on. Especially effective against Open Source.
If you feel this is far-fetched, please read up on the case (e.g. on Groklaw) because this is exactly what happened here but for the judge's assent. And this particular judge has been favouring SCO ever since he inherited the case.
What was that again you said about "good riddance" ???
No it's not. It's just more difficult.
Don't put your faith in locked doors please, not when an ounce of thermite can burn right through that aluminium door in seconds.
And yes, with passengers clued-up about their odds of survival when they sit quietly, it's much more difficult to carry off a hijacking.
Only ... if you relax security to the point where people can actually smuggle guns (e.g. plastic ones) onto an aircraft, I think that your calculation changes.
In summary: hijacking an aircraft remains "attractive" in terms of potential payoff, simply because the underlying physics of crashing an aircraft into something have not changed. It has become more difficult, but the situation is like a compressed spring, with the TSA doing the compressing. Release the pressure and it will snap back to its original position.
I fully admit that we could loose the security theatre and do the security checks better than we do now and be a lot less obnoxious about them too. Unfortunately this would take more money because you'd need better qualified people. And alas, that's an investment we, as a society, are unwilling to make.
The girl with the insuline pump is a good example of what's wrong with the current set-up. Those in charge of passenger checking could simply have called her insurance company, doctor, or the hospital, verified that she had such a pump, given her a pat-down and routed her around the scanners. Well qualified, attentive, and more professional security staff would have done so.
I somewhat agree about the scanners. They pick up some things but not others. It would be better to have people who are up to the job of checking *people* rather than their luggage (like e.g. the security staff in Israeli airports).
Only, we both know that TSA security staff aren't very well paid, aren't well trained or well qualified, and aren't terribly motivated, but they *are* expected to follow procedures like robots, and they aren't allowed any initiative at all. Only in that way can you achieve basic quality with a lot of temps who'll be flipping hamburgers one month and screening passengers or delivering pizza's the next. Security staff don't get a lot of job security or many career opportunities, and they don't get paid extra for having qualifications. So they don't get them.
Now why would I be in favour of passenger security checks if guns and explosives are so easy to come by?
Simple: for a terrorist hijacking an aircraft (and optionally crashing it into a building or a stadium) gives a high return in terms of 'terror' for a fairly modest expenditure of personnel and assets. For better or worse, the idea of hijacking has a lot of mindshare, both with the public and with potential terrorists.
Now for the damage potential it doesn't matter much whether you're talking about an international or a domestic flight. So you need checks on domestic flights too, or your basic terry will switch from international to domestic.
Now you seem to suggest the following policy: only check passengers with a foreign passport. To state it like that is to refute it because there is nothing holy about US id's: they can be forged or stolen, like any others. The fact that the local terries haven't yet attempted a highjacking is hopeful. Perhaps it's something that's psychologically impossible for them to do (I would certainly like to think so), but how certain are we? So far we've decided we need to check everyone.
And yes, airport lobbies are one of those places where you will find a lot of people and not enough security to prevent you from wheeling in a whacking big bomb in your suitcase.
There are one or two things that argue against it though. First: the potential number of casualties is limited by the blast radius of your bomb. It may be up to a hundred or more, but you have no chance of netting thousands. With a hijacked aircraft, you have. Second: people won't perceive the threat in the same way as with an aircraft being hijacked. A bomb explosion is over very quickly, and people have no time to feel helpless. My guess is that this is one of the things that gives highjackings such mindshare on *our* part. And if it has *our* mindshare, it's attractive for a terrorist.
And yes, from a pure cost-benefit point of view money spent on increasing traffic safety will probably give you higher returns. But unfortunately we're not talking about a situation where we're up against blind chance. We're in a game-theoretic situation where we must deal with people who are deranged and/or malicious and who are seeking the best cost/benefit form of attack. Leaving an opening you can fly an airliner through simply won't do.
In technical terms: the question isn't: "Is the expected value of m
http://edition.cnn.com/2012/05/03/opinion/brooks-bridge-homegrown-terrorists/index.html
An excerpt:
While Timothy McVeigh's 1995 bombing of the Alfred P. Murrah Federal Building in Oklahoma City was unusual in its lethality, it was unfortunately far from the only plot hatched by extremists on the right. The Southern Poverty Law Center documents 75 plots, of varying degrees of operational advancement, between July 1995 and June 2009 and an additional 22 from 2009 through November 2011. Alleged plot to blow up bridge foiled 5 held in bomb plot on Ohio bridge
A study by the Institute for Homeland Security Solutions, a research consortium in North Carolina, found that from 1999-2009, in the United States there were 17 al Qaeda-inspired plots undertaken, 20 plots initiated by white supremacists and 17 by violent anti-government militants. Recent attacks include the 2009 shooting of a guard at the U.S. Holocaust Memorial Museum and the murder by "sovereign citizens" in 2010 of two Arkansas police officers at a traffic stop. In January 2011, a bomb laced with rat poison was found in a backpack along the route of a Martin Luther King Jr. parade in Spokane, Washington.
With this sort of gadgets, the issue of control becomes even more important than for external gadgets like phones, ipads, net-enabled dishwashers and other appliances.
The reason is that you can't really remove the stuff, it knows where you are and who you are, you can't easily control what it tells the world about you, and you can't easily ignore the inputs it provides. In other words, it provides a very direct window into your physical presence that you may or may not have control over. You can be very certain however that you won't be able to control it with your mind. It will transfer data and commands using radio waves.
Now the question is: will this gadget do what you want, or will it do what somebody else wants. Like e.g. Apple, Google, or Microsoft? Since the gadget will communicate using radio waves (which you can't perceive unless with a special piece of equipment) people outside your body will actually be in as good a position to control the device as you are. If not better.
The essence of how this device will act, depends on its programming. Now, do you see companies falling over each other to make that device Open Source? No? Well, then the device will be closed-source, and your level of control has just taken a backseat to that of whoever built and programmed (or services) the thing.
If that doesn't sound serious to you yet, consider where the money leads. What will make companies that build such stuff more money: giving users who wear this stuff full control, or keeping full control and selling bits and parts of that to whoever pays most (users, commercial entities, security firms, employers, advertising agencies, and all levels of government, from federal agencies to city administrations). My guess is the latter. If only because use of these gadgets as security badges will hinge on the wearer *not* having full control over it.
It doesn't take much imagination to understand that such gadgets present enormous opportunities for abuse.
I believe that this level of integration calls for new legislation. For example privacy and control being enshrined in human rights laws (as the EU are likely to adopt) and/or the constitution. Plain unadorned US law (with its emphasis on protection of whoever can make money off something) I feel is a recipe for abuse with this stuff.
Now I suddenly understand the strategic importance of ACTA. If they'd signed ACTA, we'd nail 'em when they tried to sell their cheap knockoffs to the Chinese, the Russians, the North-Koreans, the Pakistani, the Venezuelans, the Cubans, the Jemenites, the Hamaz guerilla's, and ... .
People who seriously seem to believe that the vast array of consumer electronics and consumer service subscriptions that make it easy to spend money is in any way neutral "technology".
Of course all these products were developed by for-profit companies. Such companies have, broadly speaking two criteria for new products they want to see developed: (1) people must want it, (2) it must make them money.
And now, after 20 years of R&D and product development by such companies there are some people who are actually surprised that said products aren't geared towards helping them being spendthrifty???
How stupid can you get, really?
Speed cameras register speeding offenses, nothing else. Whether, and to what extent, that's met by fines is determined by local politics (which everyone of us has a say in).
I can understand people who get a ticket don't like the camera, but that can't be a reason not to install them, can it?
As I see it, all those posts that wax eloquent about beating short yellow are barking up the wrong tree. It's easy enough to set the cameras so that they only register serious speeding offenses. It's just a matter of getting local politics to set reasonable criteria.
The essence of the problem seems to be that people simply distrust their local government to set a reasonable policy for those cameras. And isn't that a far more serious problem than mere cameras?
Lectures are an efficient ways of learning something. Especially Mathematics. Most of the time (immersing yourself in some subject matter that exemplifies some part of Mathematics can be much more effective, but it takes more time and effort too). Besides, there is good reason why textbooks haven't changed: the subject matter has largely remained the same. Only people change (and their background knowledge and attitude).
What I see with Mathematics is that it just takes too much intellectual strength and concentration for 95% of the population to master under their own steam. Even if you gave them twenty years, they'd get absolutely nowhere. People in general simply haven't the smarts, the talent, and the perseverance it takes to discover Mathematics on their own.
This has a reason: Mathematics takes an effort to learn (unless you are lucky enough to be very gifted at it, which 99.9% of humanity is not). It's the mental equivalent of rock-climbing. It's not easy. However, just like rock-climbing, it's so much easier to climb up *after* someone than to climb in the lead.
Just consider the route you take: if you climb up after someone, you're guaranteed that the path up will lead you somewhere. Climb lead, and suddenly that's not a given anymore: you will need to *search* for the path. Apart from that there is the small matter of the rope that your lead climber can let down to you ... to help you over the tricky bits. You need a lot less strength, stamina, and knowledge to climb up after someone than to climb lead.
And that's why there are lectures. During a lecture, someone who has studied e.g. Mathematics guides you up, and drops you a rope. If you follow the lecture, you get to enjoy the view and (hopefully) enough understanding of what this particular part of the landscape looks like in order to apply the techniques you just learned to new problems. But no matter how good the teacher, you will have to expend the effort to hoist yourself up to the level of the subject matter. There is no "royal" way to learning.
Mathematics (even high-school Mathematics) is the product of more than two thousand years of struggle and groping by the best minds of their generation. Don't be surprised if you're not smart enough to hoist it all aboard without effort, and don't be disappointed if the stuff that's causing you trouble to learn is almost no different (apart from choice of subject matter) from the stuff that caused your grandfather trouble to learn. And unless humanity does something drastic to its brains, your grandchildren will have precisely the same trouble learning the same stuff as you do. That's not failure, that's normal.
This is because there is nothing that separates any of us from the level the Middle Ages, except for a mountain of accumulated knowledge and skills (e.g. the Scientific Method). Knowledge and skills that we learned about in school, through books, and nowadays through multimedia.
Soviet-era Mathematics shone for the same reason that Soviet-era ballet and musicians were such superb performers: it demanded (and got) extremely levels of dedication. Such focus actually *hurts*, so people in general don't do it (people aren't masochists). The people who do tend to do so either because e.g. it's their only clear ticket out of abject poverty (contemporary China or India), or their only chance to improve a life that would otherwise be without perspective life (the Soviet Union again).
If anything the US is lagging because people have it so good and because society as a whole values easy short-term results rather than hard-won long-term ones.
I believe that there is something about the fabric of US society that makes it more natural and attractive to join a gang and to goof off than to go to school, study, a
Then there are those boorish churls who insist on loud-mouthing at meetings when they have not been given the floor or when their speaking time is up.
This technological stop on irritating, boorish, anti-social yapping is exactly what I suspect many people have been waiting for. Highly recommended!
And mind you, without concrete examples you'd be painted as yet another Richard Stalman if you sketched any potential adverse effects.
The one thing people have less patience for listening to than actual problems is *potential* problems.
Apple is providing everyone a service by showing the what the consequences are of having a tightly controlled platform.
People don't call Australians "antipodes" for nothing. They get everything upside-down or backwards (or both).
"Never believe anything until it has been officially denied" (the right hon. J. Hacker.)
For big accounts you may want to spare your client the hassle of local hardware keys (or you might even find yourself loosing sales), but you may still be able to negotiate some form of DRM that's palatable to them (e.g. floating licenses or a server hardware key or (if you trust your client) even a simple agreement not to spread the goods plus a demonstration that the software contains hidden keys that make it traceable).
Harware keys aren't that hard to bind in: you can sprinkle your code with function calls to the library that comes with the hardware key.
Well, as I see it the party feeling harassed would have to convince a court that in this specific instance operating a camera from the public road constitutes harassment of the sort that overrides the camera operator's first amendment's rights to shoot the video. And that's no easy task.
If and when the video is published there may be a conflict between the first amendment rights of the one who publishes the video and the copyrights and expectation of privacy on part of the ones that are visible in it. But redress is only possible after the fact. What I don't see is how this feeling of harassment on part of those hunters can be construed as a justification to shoot down a drone over a public road.
Yes and no. For a case of the authorities against those hunters you'd need to provide compelling evidence, which seems to be lacking ("heard a shot from the woodline"). For a civil case (a suit for damages) I thought you'd just need to show "preponderance of evidence", and that shouldn't be hard.
Besides, as I see it those hunters had an obligation to see to it that they didn't hit anything beyond the boundaries of their hunting grounds. Even if we give them the benefit of the doubt regards their intentions (which I don't) it seems that they failed in their duty to ensure that they hit no "extraneous" targets. So I really see no excuse there.
Quite so. However, although I admit I didn't fact-check the article, the details provided (name of the activists, locale, time, presence of the local law enforcement officers, the video footage from the drone, mention of refusal of the other party to comment, mention of pressing charges for damages, mention of presence of legal counsel of the opposing party (!), and the careful formulation of "was hovering over U.S. 601 when he heard a shot come from the wood line. The shot sounded to him that it was of small caliber.") make it very specific in its claims and easy to check. Whoever wrote this clearly distinguishes between what his observations were and what his conclusions are.
Last but not least, the presence of law enforcement officers and a lawyer said to be acting on behalf of the plantation would make it extremely foolish to try and fudge the facts on part of those activists.
For those reasons, even though this article is clearly written to serve the activist's purpose, I feel justified in believing that the facts mentioned are materially correct.
And yes, of course the issue of discharging a firearm towards a highway is solely between the hunters and the authorities, but destruction of property isn't. That's why that activist can bring charges against those hunters.