Hopefully these allegations will one day reach a court and your comrades can confront their accusers, state their defence, and then we'll see how it all plays out.
Who else is afraid of facing their accusers? People hiding in embassies....
If you mess with a countries governing institutions and get caught expect consequences. I am not suggesting giving anyone in any jurisdiction a pass here.
As for Russian hacking and your incredulity about how pervasive it is, do yourself a favor and read Muellers speaking indictment released months ago. Interesting reading, especially from a tech/geek perspective. The details of the allegations are highly detailed and highly specific and these people are not master hackers.
https://www.documentcloud.org/...
So US were totally asking for it. Just like those Swedish women.
At some point the recent indictments will become unsealed and we will learn what actual grievances DOJ have with Assange. Though I am betting it has everything to do with Russian election meddling and his possible involvement with that, and nothing at all to do with damaging leaks like Manning materials.
Warms my heart to think that Chelsea Manning is free today to continue to live her life and Assange is where he is right now, stuck in self imposed prison under conditions that are in some circumstances far worse than many OECD prisions. Remember when he tweeted he would turn himself into the US if Manning is given clemancy? A lying, manipulative asshole through and through. And yet people continue to carry water for him.
That was before interfering with US election process was on the table.
Maybe if Assange stuck with the original remit of providing a whistleblower safehaven instead of whatever the fuck he has been doing lately with Roger Stone et al, and limited himself to consensual sexual activity, he wouldn't be in self-imposed prison for 6+ years.
The Specter attack doesn't let bad code map memory from other processes. It merely allows bad code to explore memory with the process it runs in. i.e. dodgy javascript mapping entire memory layout of the browser it is running in but strictly within the bounds of the same process. Still a pretty power attack
A blockchain ledger in an entirely trustless network needs to be replicated on every participating node. This is a massive scalability issue. Imagine a sizable % of worlds economy running on any given crypto coin for 20+ years. The size of that ledger, the size of updates coming through every second would be staggering.
The traditional banking infrastructure is sharded. The ledger representing my personal bank account is not mixed in with ledgers of customers for a bank in other far flung countries. Alot of things need to evolve WRT crypto coins in order for them overcome/sidestep their present, by design, scaling issues, in this respect the OP is correct I believe.
Proponents of coins say this is a feature, not a bug.
Bitcoin is singled out because it is the oldest, most established, and if you naively believe that true value of all coins in circulation = spot price * number of coins, also the most valuable.
Sure other coins solve (or alleviate) some of the more glaring problems with bitcoin, yet other significant structural problems remain with the whole concept. One example: sometimes mediation is actually needed to resolve real disputes becasue we are afterall only human and bad actors are out there. The only way, by design, crypto coins do this is forking blockchains, a la The Dao and ETH/ETC split. Again proponents see this is a feature, not a bug.
Alot of wheel reinventing going on, done in ignorance of what has happened in the past WRT banking and finance. IT innovation in banking and finance is wild west stuff and an honest appraisal of things would be that noone knows what the fuck they are doing
Bitcoin is backed by what people are willing to give for it, not by fiat currency. You can exchange Bitcoin for pizza or for hotel bookings.
Seems all reasonable and logical. Yet bitcoins utility as a currency of exchange of goods and services and severely limited. I'd sooner pay for a pizza with a 5kg rock I have to wheelbarrow around than a bitcoin transaction if the pizza man offered either currency of exchange (rocks vs bitcoins). block generation taking 10 mins, generally having to wait for a couple of blocks to be confident your block isn't going to be discarded due to a fork (the pizza mans problem), and no guarantee your txn will be accepted into the block unless it is sweetened with a fee (my problem)
for all practical purposes what is setting the price of bitcoin right now is substantially a) people wanted to park national currency and b) speculative investment into the believe that bitcoin price will continue to climb. Because of this, the OP's comments have substantial truth to them at least in context of bitcoin. Though recognise the same cannot be said for other currencies, fiat or not.
These old organizations -- Equifax was founded in 1899 and hasn't changed much since inception -- must die, to be replaced by solutions that (and I shudder to say this) are blockchain-based.
About as insightful as the apper guy. Blockchain magic fixes everything. Also since when did the age of a company was a good predictor of an internal cowboy culture?
Slack has 5 million daily active users -- 1.5 million of whom pay to use the service -- and had $150 million in annual recurring revenue as of Jan. 31.
So they book up 150m in revenue yearly. Their operating expenses are probably around 30m or so I;d guess so profit around 100m. Valuation is then x90 of profit. For what is essentially IRC/chat : a highly fungable service where the 5 million eyeballs pairs you have ($1800 per eyeball pair) are far from captured/entrenched and can flip to something else with minimal barrier. Sounds like a bad price to me.
Dammit, the guardian article is old too. So all that is one the table at this moment is comment from lawyer of accuser, who doesn't mince words. There is nothing I can find that contradicts this position.
His Swedish accuser, through her lawyer, decried the decision. “It is a scandal that a suspected rapist can escape justice and thereby avoid the courts,” the lawyer, Elisabeth Fritz, said in a statement to news agencies. “My client is shocked.”
There is this tho which is really interesting. https://www.theguardian.com/me.... Content of this I agree strongly suggests there was no significant change in allegations leveled inspite of the R word being thrown around in the media over recent events so I need to retract my prior comments about this and revisit my thinking on this.
Thats a 6 1/2 year old article. Yes back then the allegations were sexual misconduct. My understanding is that allegations have now evolved to one allegation of rape.
Really it is hard to hell which narrative is the accurate one. Maybe one day he'll eventually make it to Ecuador live to a ripe old age and idly watch the world turn and we'll never be the wiser as to what alternative narrative was real. More likely at some point something will come to a head and he will end up in custody sometime in the near future. Being holed up in the embassy for 7 years, by his choice, I am sure he has contemplated these competing narratives and constantly reassessed their probability curves more times than everyone else on the planet combined and has consistently arrived at the position that the best place for himself is to stay within the embassy for now.
Not ridiculous if there is a real case to be answered here. Statements from the prosecutor and from lawyer of the victim strongly suggest there is a case to be tested. Their sentiments about the allegation seem clear and sincere
Consider a hypothetical just for a moment: Assange did commit rape and he knows he did it and he is using the pretext of being CIA backop'ed as an excuse to avoid standing trial for rape. Setting aside any attempt to measure probability of him being blackoped vs probability of him being a rapist and trying to avoid his day of reckoning, his current conduct is consistent with either possibility.
As for being blackoped. Maybe that was a legitimate concern at the beginning of all this, I dunno. But right now, given all the scrutiny and attention that this has generated and the likely amount of blowback such an action now risks causing it really stretches credibility that this is still a possibility. Even now there is talk of filing charges for wikileaks activity and it now appears to be running through some judicial preparation so it will receive proper judicial oversight and people commenting on this are saying it is not possible to construct charges that are likely to hold up. No clock and dagger spystuff here, it's all in the open and sentiment seems quite pessimistic that anything will come of it.
As for being a rapist. The counter argument highlighting dithering by his accusers is weak sauce. Rapes and sexual assaults do fail to goto trial because the pressure and scrutiny and stress of a court case for victims reliving those events, or having to deal with criticism of people defending the accused, of which there has been a significant amount of that in this instance.
I am generally very cool with disruption and specifically with Uber/Lyft etc disrupting taxi services.
One issue I lock onto with taxi services pretty much around the world is that many governments aggressively constrained issuing of taxi licences/medallians etc (name varies from jurisdiction to jurisdiction) and essentially turned licences into rapidly appreciating ponzi currency. The Uber/Lyft model shows that this was unnecessary. This is a mess governments created because they saw easy money from it and now they should clean up.
But my problem specifically with Uber is that they are amoral arseholes and arseholes to pretty much anyone if it furthers their perceived interests. And hypocrites. Their attempt to use court system to regulate the formation of a drivers union is anti-libertarian. Like many libertarian endeavours they pay lip-service to core libertarian principals only when it suits them and then happily apply judicial/regulatory mechanisms when it suits. There is no real unifying principal at work other than do whatever it takes to get the things we want.
Further, what they want goes way beyond merely disrupting taxi services, their end game is to monopolise all private transportation and given their corporate culture no good can come from this end game.
I do own a company. It is a small operation but I have a couple of fulltime staff and all the trimmings. In prior roles I led teams of dozens of engineers. It is possible to operate ethically and profitably. One perk is fierce client and staff loyalty.
I for one am glad to see the wheels starting fall off this libertarian corporate experiment. It's heartening to see signs of failure in an institution whose core principals are deeply entrenched in base human behaviours such as bullying, hypocrisy and total indifference to adverse impacts to others (including it's own people).
Similarly, not my preferred music yet I do recognise and occasionally enjoy related genres like bluegrass, and americana. Country though, bleah. Johnny Cash, although considered 'country' really is cross genre with heavy rockabilly & blues feel and other styles intermixed too. Looking at most highly considered examples of country, like Willie Nelson and Dolly Parton, easily walk past their music with exception of maybe one or two tunes.
My first and only blue chip job, I was fairly junior just a few years into career yet I firmly established as able to deliver and innovate and provide tech that opened up alot of new rev for them, but always been rubbish at asserting and negotiation. Some freshly minted grads came in, barely could compile a hello world, and I found out they started on 20% more than me. Was so angry about it and acted out of character driven by the emotion of indignation. Kicked up about it, threatened to quit, quit and then shortly later sub contracted back to them at a ruthlessly high rate and tripled my income : arrangement didn't last long but I got my pound of flesh. That and other experiences since, when I eventually moved into management roles, hiring and managing staff etc, have helped me realise it is complex. You can't just tell someone find another job or be more assertive or whatever, it's not easy flicking a switch and becoming a different person: pretending to be an alpha when you are far from that. Fears and insecurities that come into play the power dynamic is heavily against the employee.
"not only weak, but broken" seems premature. The attack here involves manipulating two obtuse file formats to yield altered files with a shared hash, different to original unaltered hashes. Definitely weakened and yeah you are probably right this is the final toll for SHA-1 and from here things are likely to get worse quickly. I'll be mindful of this when I think about the various places where I use SHA-1 and start thinking about switching in other things. But I am failing to see how this right now translates into a practical vector for the various places where I encounter SHA-1. A more serious vector would be the capacity to create any desired hash with something significantly more efficient than a brute force compute. i.e. can anyone easily yield output the same as this without knowing the input?"
Umm, that is an uncited claim in the summary. Nothing of the sort is stated in any of the links. The summary links to a paper that provides more details of the attack. Very heavy and technical though a few inital takeaways from it is that implementations only take a few days to run on gear they have so does seem safe to assume that SHA-1 collisions are pretty much pwned.
Someone checked in PDFs that demonstrate the first engineered SHA-1 collision and this broke SVN. PDFs in question took 6500+ cpu years + 110 GPU years to generate. "In the wild" is a bit panicky & excessive.
What does this actually means in terms of integrity of repos and other things that rely on SHA-1? Does it merely break repos or does it facilitate injection attack vectors - how important is secure hashing in the guts of repos? What precisely is being secured? SHA-1 has been deprecated for SSL certs already so you shouldn't be using certs with SHA1 sigs anymore. Myself, keep an eye on how this develops and start thinking about using SHA-2 but won't be replaing git or existing usage of SHA1 for password hashing anytime soon.
Slashdot Mirror
Da Comrade!!!
Hopefully these allegations will one day reach a court and your comrades can confront their accusers, state their defence, and then we'll see how it all plays out.
Who else is afraid of facing their accusers? People hiding in embassies....
If you mess with a countries governing institutions and get caught expect consequences. I am not suggesting giving anyone in any jurisdiction a pass here.
As for Russian hacking and your incredulity about how pervasive it is, do yourself a favor and read Muellers speaking indictment released months ago. Interesting reading, especially from a tech/geek perspective. The details of the allegations are highly detailed and highly specific and these people are not master hackers. https://www.documentcloud.org/...
So US were totally asking for it. Just like those Swedish women.
At some point the recent indictments will become unsealed and we will learn what actual grievances DOJ have with Assange. Though I am betting it has everything to do with Russian election meddling and his possible involvement with that, and nothing at all to do with damaging leaks like Manning materials.
Warms my heart to think that Chelsea Manning is free today to continue to live her life and Assange is where he is right now, stuck in self imposed prison under conditions that are in some circumstances far worse than many OECD prisions. Remember when he tweeted he would turn himself into the US if Manning is given clemancy? A lying, manipulative asshole through and through. And yet people continue to carry water for him.
That was before interfering with US election process was on the table. Maybe if Assange stuck with the original remit of providing a whistleblower safehaven instead of whatever the fuck he has been doing lately with Roger Stone et al, and limited himself to consensual sexual activity, he wouldn't be in self-imposed prison for 6+ years.
I don't believe this is correct.
The Specter attack doesn't let bad code map memory from other processes. It merely allows bad code to explore memory with the process it runs in. i.e. dodgy javascript mapping entire memory layout of the browser it is running in but strictly within the bounds of the same process. Still a pretty power attack
Maybe the OP meant unsharded. Not centralised.
A blockchain ledger in an entirely trustless network needs to be replicated on every participating node. This is a massive scalability issue. Imagine a sizable % of worlds economy running on any given crypto coin for 20+ years. The size of that ledger, the size of updates coming through every second would be staggering.
The traditional banking infrastructure is sharded. The ledger representing my personal bank account is not mixed in with ledgers of customers for a bank in other far flung countries. Alot of things need to evolve WRT crypto coins in order for them overcome/sidestep their present, by design, scaling issues, in this respect the OP is correct I believe.
The coin ecosystems currently is reminiscent of the wildcat banking era
Proponents of coins say this is a feature, not a bug.
Bitcoin is singled out because it is the oldest, most established, and if you naively believe that true value of all coins in circulation = spot price * number of coins, also the most valuable.
Sure other coins solve (or alleviate) some of the more glaring problems with bitcoin, yet other significant structural problems remain with the whole concept. One example: sometimes mediation is actually needed to resolve real disputes becasue we are afterall only human and bad actors are out there. The only way, by design, crypto coins do this is forking blockchains, a la The Dao and ETH/ETC split. Again proponents see this is a feature, not a bug.
Alot of wheel reinventing going on, done in ignorance of what has happened in the past WRT banking and finance. IT innovation in banking and finance is wild west stuff and an honest appraisal of things would be that noone knows what the fuck they are doing
I often pay the pizza man in Gold bullion. Though my preferred method of exchange is tulip bulbs.
Bitcoin is backed by what people are willing to give for it, not by fiat currency. You can exchange Bitcoin for pizza or for hotel bookings.
Seems all reasonable and logical. Yet bitcoins utility as a currency of exchange of goods and services and severely limited. I'd sooner pay for a pizza with a 5kg rock I have to wheelbarrow around than a bitcoin transaction if the pizza man offered either currency of exchange (rocks vs bitcoins). block generation taking 10 mins, generally having to wait for a couple of blocks to be confident your block isn't going to be discarded due to a fork (the pizza mans problem), and no guarantee your txn will be accepted into the block unless it is sweetened with a fee (my problem)
for all practical purposes what is setting the price of bitcoin right now is substantially a) people wanted to park national currency and b) speculative investment into the believe that bitcoin price will continue to climb. Because of this, the OP's comments have substantial truth to them at least in context of bitcoin. Though recognise the same cannot be said for other currencies, fiat or not.
Google play movies and TV has had this tech since 2013. So more imitative then innovative.
These old organizations -- Equifax was founded in 1899 and hasn't changed much since inception -- must die, to be replaced by solutions that (and I shudder to say this) are blockchain-based.
About as insightful as the apper guy. Blockchain magic fixes everything. Also since when did the age of a company was a good predictor of an internal cowboy culture?
Further in the article it says:
Slack has 5 million daily active users -- 1.5 million of whom pay to use the service -- and had $150 million in annual recurring revenue as of Jan. 31.
So they book up 150m in revenue yearly. Their operating expenses are probably around 30m or so I;d guess so profit around 100m. Valuation is then x90 of profit. For what is essentially IRC/chat : a highly fungable service where the 5 million eyeballs pairs you have ($1800 per eyeball pair) are far from captured/entrenched and can flip to something else with minimal barrier. Sounds like a bad price to me.
Dammit, the guardian article is old too. So all that is one the table at this moment is comment from lawyer of accuser, who doesn't mince words. There is nothing I can find that contradicts this position.
I did check. All media outlets are reporting it as a rape investigation.
And here. https://www.nytimes.com/2017/0... we have this:
His Swedish accuser, through her lawyer, decried the decision. “It is a scandal that a suspected rapist can escape justice and thereby avoid the courts,” the lawyer, Elisabeth Fritz, said in a statement to news agencies. “My client is shocked.”
There is this tho which is really interesting. https://www.theguardian.com/me.... Content of this I agree strongly suggests there was no significant change in allegations leveled inspite of the R word being thrown around in the media over recent events so I need to retract my prior comments about this and revisit my thinking on this.
http://www.reuters.com/article/us-wikileaks-assange-charges-idUSTRE6B669H20101207
Thats a 6 1/2 year old article. Yes back then the allegations were sexual misconduct. My understanding is that allegations have now evolved to one allegation of rape.
Really it is hard to hell which narrative is the accurate one. Maybe one day he'll eventually make it to Ecuador live to a ripe old age and idly watch the world turn and we'll never be the wiser as to what alternative narrative was real. More likely at some point something will come to a head and he will end up in custody sometime in the near future. Being holed up in the embassy for 7 years, by his choice, I am sure he has contemplated these competing narratives and constantly reassessed their probability curves more times than everyone else on the planet combined and has consistently arrived at the position that the best place for himself is to stay within the embassy for now.
Not ridiculous if there is a real case to be answered here. Statements from the prosecutor and from lawyer of the victim strongly suggest there is a case to be tested. Their sentiments about the allegation seem clear and sincere
Consider a hypothetical just for a moment: Assange did commit rape and he knows he did it and he is using the pretext of being CIA backop'ed as an excuse to avoid standing trial for rape. Setting aside any attempt to measure probability of him being blackoped vs probability of him being a rapist and trying to avoid his day of reckoning, his current conduct is consistent with either possibility.
As for being blackoped. Maybe that was a legitimate concern at the beginning of all this, I dunno. But right now, given all the scrutiny and attention that this has generated and the likely amount of blowback such an action now risks causing it really stretches credibility that this is still a possibility. Even now there is talk of filing charges for wikileaks activity and it now appears to be running through some judicial preparation so it will receive proper judicial oversight and people commenting on this are saying it is not possible to construct charges that are likely to hold up. No clock and dagger spystuff here, it's all in the open and sentiment seems quite pessimistic that anything will come of it.
As for being a rapist. The counter argument highlighting dithering by his accusers is weak sauce. Rapes and sexual assaults do fail to goto trial because the pressure and scrutiny and stress of a court case for victims reliving those events, or having to deal with criticism of people defending the accused, of which there has been a significant amount of that in this instance.
I am generally very cool with disruption and specifically with Uber/Lyft etc disrupting taxi services.
One issue I lock onto with taxi services pretty much around the world is that many governments aggressively constrained issuing of taxi licences/medallians etc (name varies from jurisdiction to jurisdiction) and essentially turned licences into rapidly appreciating ponzi currency. The Uber/Lyft model shows that this was unnecessary. This is a mess governments created because they saw easy money from it and now they should clean up.
But my problem specifically with Uber is that they are amoral arseholes and arseholes to pretty much anyone if it furthers their perceived interests. And hypocrites. Their attempt to use court system to regulate the formation of a drivers union is anti-libertarian. Like many libertarian endeavours they pay lip-service to core libertarian principals only when it suits them and then happily apply judicial/regulatory mechanisms when it suits. There is no real unifying principal at work other than do whatever it takes to get the things we want.
Further, what they want goes way beyond merely disrupting taxi services, their end game is to monopolise all private transportation and given their corporate culture no good can come from this end game.
I do own a company. It is a small operation but I have a couple of fulltime staff and all the trimmings. In prior roles I led teams of dozens of engineers. It is possible to operate ethically and profitably. One perk is fierce client and staff loyalty.
I for one am glad to see the wheels starting fall off this libertarian corporate experiment. It's heartening to see signs of failure in an institution whose core principals are deeply entrenched in base human behaviours such as bullying, hypocrisy and total indifference to adverse impacts to others (including it's own people).
Similarly, not my preferred music yet I do recognise and occasionally enjoy related genres like bluegrass, and americana. Country though, bleah. Johnny Cash, although considered 'country' really is cross genre with heavy rockabilly & blues feel and other styles intermixed too. Looking at most highly considered examples of country, like Willie Nelson and Dolly Parton, easily walk past their music with exception of maybe one or two tunes.
Employment negotiation is a complex dynamic.
My first and only blue chip job, I was fairly junior just a few years into career yet I firmly established as able to deliver and innovate and provide tech that opened up alot of new rev for them, but always been rubbish at asserting and negotiation. Some freshly minted grads came in, barely could compile a hello world, and I found out they started on 20% more than me. Was so angry about it and acted out of character driven by the emotion of indignation. Kicked up about it, threatened to quit, quit and then shortly later sub contracted back to them at a ruthlessly high rate and tripled my income : arrangement didn't last long but I got my pound of flesh. That and other experiences since, when I eventually moved into management roles, hiring and managing staff etc, have helped me realise it is complex. You can't just tell someone find another job or be more assertive or whatever, it's not easy flicking a switch and becoming a different person: pretending to be an alpha when you are far from that. Fears and insecurities that come into play the power dynamic is heavily against the employee.
Thanks for the link!
"not only weak, but broken" seems premature. The attack here involves manipulating two obtuse file formats to yield altered files with a shared hash, different to original unaltered hashes. Definitely weakened and yeah you are probably right this is the final toll for SHA-1 and from here things are likely to get worse quickly. I'll be mindful of this when I think about the various places where I use SHA-1 and start thinking about switching in other things. But I am failing to see how this right now translates into a practical vector for the various places where I encounter SHA-1. A more serious vector would be the capacity to create any desired hash with something significantly more efficient than a brute force compute. i.e. can anyone easily yield output the same as this without knowing the input?"
echo -n 'mysecretpw+somesalt'|sha1sum
3cbb35f831b4e9241dd986f66c16e465e2db2a3a -
Umm, that is an uncited claim in the summary. Nothing of the sort is stated in any of the links. The summary links to a paper that provides more details of the attack. Very heavy and technical though a few inital takeaways from it is that implementations only take a few days to run on gear they have so does seem safe to assume that SHA-1 collisions are pretty much pwned.
Someone checked in PDFs that demonstrate the first engineered SHA-1 collision and this broke SVN. PDFs in question took 6500+ cpu years + 110 GPU years to generate. "In the wild" is a bit panicky & excessive.
What does this actually means in terms of integrity of repos and other things that rely on SHA-1? Does it merely break repos or does it facilitate injection attack vectors - how important is secure hashing in the guts of repos? What precisely is being secured? SHA-1 has been deprecated for SSL certs already so you shouldn't be using certs with SHA1 sigs anymore. Myself, keep an eye on how this develops and start thinking about using SHA-2 but won't be replaing git or existing usage of SHA1 for password hashing anytime soon.