Say you are in a situation where you can't connect your laptop to a network, but you can find the MAC address for a computer that is connected to that same network.
1) Disconnect the computer that is connected; 2) Change your laptop MAC (I assume you are all using some variant of GNU/Linux, but whichever, you can find information http://www.irongeek.com/i.php?page=security/changemac which will get you started, there is also a tool available for Ubuntu (and I guess other *nix) which can randomise your MAC, choice a MAC based on a specific company etc.) 3) Connect your laptop to the network in place of the other computer.
Did I mention profit? I never did, but all I wanted to do was not be forced to use Windows and MSIE. (Of course, disconnect your laptop before reconnecting the other computer, having two machines with the same MAC could cause problems.)
So, even if you have a case of having to register your MAC before connecting to the network (which is the case in many places), because it is so easy to spoof MAC's, I don't think that you can even reliably connect MAC addresses to a computer (at least in the cases where geeks are around), let alone an IP address to a computer.
Basically, the only way that one should be trying to identify individuals is by using username/password, and even that is potentially problematic. (At my old Uni, to connect to the Wireless network you had to use your network login/password, it then didn't matter which computer you were using. Though in that case, I think the software only worked for MS Windows, the Mac and *nix software for the protocol wasn't up to scratch.)
Data crossing electronically only? I'm not about to visit the USA, so they aren't going to get my not-shiny, not-new laptop or camera (no portable music player).
Screw 'em.
Encryption is especially going to work when the data is only crossing electronically. They can keep it as long as they want, and it won't do them any harm.
Remember folks, if there is just one person (you) or two person's who share an alternative safe means of correspondence, then TrueCrypt works well. Otherwise, GNU Privacy Guard or similar systems work just as well (assuming that everyone involved knows how to use them).
He makes good points about Mozilla, and Flash and stuff. But that doesn't mean we want to use MS trash. If it is 100% free, and patent free as well (does MS support extend to releasing all relevant patents for anyone to use, or whatever how you say it?), then sure use it if you want.
Personally, I don't know why the Mozilla folks don't run with XUL some more.
Personally though, I have Flash and Java turned off by default, I'm not about to have Silverlight (or Moonlight) enabled by default.
Just make the deterrent/punishment the same as accessing someone's paper mail without permission.
Sure, in some cases you have to pretend "to be that person to break into their account", in which case you might throw a bit of "fraud" at them as well, but in most cases, accessing snail mail and accessing physical mail are similar enough.
If you are reading something over someone's shoulder, they can tell you to piss off, cover it up or whatever. The difference is actually going to the mail box (whether it be physical or electronic) and accessing what is in it.
Oh yeah, I guess it might be slightly harder to prove that someone has accessed the electronic box (because they don't have to open any envelopes), but considering you should be treating email as you would post cards anyway... (That is, anyone between you and the destination can read it, unless you take measures to encrypt it or something.)
----- Disclaimer, I don't believe the state should exist. However, my opinions expressed above are given on the condition that my belief is suspended for the time being.
I don't know what percentage of people on Slashdot are atheists or not, and I don't really care (it would change all the time anyway, as people stop posting, and other people start posting).
However, to say that you can bad mouth god (a being for which there is no material evidence, only faith), but not "Darwin, Alan Turing, Stephen Hawking, evolution, time travel, the big bang" etc. is just wrong.
You can, it is just that people who actually follow the scientific method, and/or are materialists and thus try and have evidence for what they say or believe in, will jump on you if you say something stupid.
Take evolution for example, only idiots and ignorant people say that evolution doesn't exist, because there is so much evidence for it.
I don't know why you mentioned time travel, I don't have an opinion as to if it is possible one way or the other, because I don't have enough evidence. I have "gut feelings", but they aren't worth much.
The "big bang", what bad shit could you say about that? It was a bad thing? It didn't happen? The first is irrelevant, and the second requires evidence.
I didn't know the meaning of the word "mendacity", so I looked it up. The tendency to lie? You think that people on Slashdot lie about these things? So I assume you mean that saying that evolution is a fact is a lie... Well, if you are that delusional...
Oh yeah, did I mention that religion sucks and is a farce?
Religion causes more problems then it solves. Suck on it.
(To the mods: Karma bonus not initiated, no need to mod down. But if you do, you should mod down the parent for their comment as well.)
Yeah, I don't see Gmail as being that wonderful actually. I still prefer old "new" Yahoo mail. (That is, the version they introduced after the frames version.)
Now I guess that's a joke, but the "Bible" can refer to either the Jewish Bible (the Torah) (what Christians tend to call the "Old Testament"), or to the Christian Bible (which is both the Jewish Bible and the "New Testament").
Of course, "the" bible is a bit of a silly thing to say of course, because there are a heck of a lot more then just one of them. There are multiple versions of the Christian "New Testament" (incidentally a some Jews get upset with the old/new distinction, I don't know why...), ranging from versions in the "original" Greek, through to translations into Latin, and then various translations into English, all of which introduce changes into "the word of God". (One reason Muslims say that Arabic is the only language of Koran is prevent this problem of translations.) It isn't just translations that introduce changes either, a number of gospels were thrown out of the original Christian bible, and have only in the last hundred years or so started to be rediscovered. And then there are multiple versions of the Torah as well (translations, etc.).
So in reality, when you talk of "the bible" or even the "New Testament", you aren't talking about one thing. (And it sorta makes a mockery of the whole word of god thing. Why should I follow your bible version, when mine very distinctly doesn't include the commandment one about working six days, but actually says three days and then taking the other 4 days off? And even if it is included in your bible, why should I follow it if you don't? Does "give away all your possessions" sound familiar? Or it's easier for a camel to pass through the eye of a needle then a rich man to enter heaven?)
Back onto the original topic of this old scrap paper being put online. Yup, it's a good thing when this old stuff is digitalised, because coping bits is a fuck load easier then coping hard copy. Opening this up to scholars around the world (most of whom would never have had a chance to see it otherwise), means that differences and contradictions between this and the modern versions can be picked up and pointed out.
(And now for a random troll, fuck religion and the horse it rode in on!)
Don't we already have that? Yes, yes we do, it's called TinyMCE and it is licensed under the LGPL and can be included on your form with just a couple of lines in your HTML code. Oh wait, you want native rich text editing? Yeah, like you are really going to get a consistent experience across different browsers...
You know what I want from my web browser? I want it not to freeze when loading large (and/or lots of) images, and I want secure JavaScript, including killing off all JavaScript easily (none of this take over the browser with 50.000 alerts crap). Yeah, I know Opera has that last one, but I want a [i]free[/i] browser as well.
Anything else? Security sounds nice. I personally don't have much of a use for vector graphics as a developer, but I can see how they would be useful for everyone else.
Ummm... Maybe I'm just not very imaginative, but I tend to find that stability and security top my list of what I want nearly every time.
(Though I have to admit, the new address bar in Firefox 3 is nicer then the Firefox 2 bar.)
Yeah, actually there are heaps of people who objected to the fencing off of common land, and now there are heaps of people who object to inheritance. I can't think of any good reasons for inheritance beyond a certain amount, and I fully support the community "inheriting" anything beyond that certain amount.
(In the present shitty system that would amount to what is sometimes called a "death tax", but it isn't a tax, because the dead stop being taxed when they die. Just like the dead stop having rights when they die.)
There have been some discussions of property and inheritance over at RevLeft.com
http://www.revleft.com/vb/inheritance-t34696/index.html (Someone made a really good point in that thread, "There are [no arguments for inheritance]. Anyone who agrees with inheritance should also agree with reperations. After all, the slaves did work hard and their descendants should inherit money from the children whose white anscestors neglected to pay them."
Acid free paper exists. And if you want, you could write on metal sheets (using a variety of languages), being in a water and air tight container (see below), we would expect them to not corrode.
But more to the point, if you take appropriate precautions, you can make things last a long time.
So, if plastic has problems (which I hadn't heard about), don't use it. Use something equally water and air tight that doesn't have those problems.
Come on, I can put 2 GB of plain text on a USB key, and leave it with how to implement the USB standard on paper, put the things in a thick plastic bag, etc.
In the correct environment, it will last for a long long time.
Logging in without having to navigate away from the page when replying would be nice.
So, in the old system, you hit reply, realise you aren't logged in, type in user name and password (or have FireFox auto complete), type your comment and post.
The new system, realise you aren't logged in, hit the login link, get taken to a different page, login, navigate back to the old page, have to find where you wanted to reply, and notice that in the three minutes you spent logging in (some people are on dial up, some people do other things while waiting for pages to load, some people do both), you notice someone else has made the comment you were going to make!
So, how hard can it be to just include a username and password box when you hit reply and aren't logged in?
Maybe if they hadn't have kept all the information they wouldn't need to have that fight in the first place...
I doubt they really care about anything except their image. "Yeah, we are the good guys", if they were really good they would have anonymised the information within days of them recording it.
Remember, information comes in, statistics are collected, raw information disappears. This time Google "won", but next time it might be the CIA or another nasty agency.
"City officials said late Monday that they had made some headway into cracking his pass codes and regaining access to the system."
Yeah, they tried all the single character passwords and are moving onto the two character passwords. Good fucking luck.
Unless they are actually using a program such as John the Ripper, in which case they already have physical access, and why can't they just re-install over the top?
And the article is a bit light on details, he is being charged with *four* counts of "computer tampering", why four, why not one? I suspect they couldn't come up with anything and are just trying to blackmail him to plead guilty. (Yes, cops will try and blackmail you by charging you with more things then you would ever get convicted of, yes I have personal experience of this. I got off, because I wasn't guilty of anything, but I know folks in the same situation who plead guilty to the lesser charge to get three other charges dropped.)
Anyway, as others have said, this is the sort of thing you sometimes dream about. Setting up a time bomb in the system that requires re-setting, or whatever.
But you would have to cover your tracks well, or something like this could happen...
If you have administrative access "hacking" the system is a fuck load easier then if you don't.
Please note, he 'has' (for a given definition of 'has' considering that he's in jail) admin access, he disabled everyone else's admin access and refused to divulge his password.
Now, how do your propose they "hack *his* hack" without the tools he had?
Actually, I use TC all the time without hidden volumes. I have porn in one, pics of the GF in another, passwords in a third, financial in a fourth. Plus a bunch of "random number" files, which I don't actually have a password for (I forgot them, deliberately).
I don't actually have any hidden volumes though, because I have no real need for it. Of course, if I were to ever travel to the US or some other similar country, I would create a couple and dump all my passwords and financial information in them. (Along with all my anarchist literature and bomb making instructions.)
So yeah, I don't have hidden volumes, but I do have TC installed and I use it.
Ability to create and run an encrypted hidden operating system whose existence is impossible to prove (provided that certain guidelines are followed). For more information, see the section Hidden Operating System. (Windows Vista/XP/2008/2003)
Yes it is a good defence against that. Border guards aren't going to have enough time to find your encrypted containers while you are there, and if you have to give up your laptop, or if they take a copy of the HD, then they can't access the information because they don't have the password (and they can't force the password out of you, because you have already re-entered the country (assuming you are a yank)).
Re:Only works if it's default install
on
TrueCrypt 6.0 Released
·
· Score: 5, Informative
Yeah, but Truecrypt has a defence against that. It is called "hidden volumes". Basically, you create a container, use it for porn or financial records (something that you have a legitimate reason to want to hide, from the wife or identities thieves for example), something that you access often. Then you create a hidden volume that is put at the end of that volume, which to access requires a second password.
There is no way of knowing if that second hidden volume exists unless you have both passwords.
If you access the first volume without both passwords, then you can just wipe over whatever information you have stored in the hidden volume.
Actually, the first thing you do is not connect it to a network, but rather take the HD out, connect it to another computer (preferably running some OS that isn't widely used like GNU/Linux) and see what you can find on it. Then wipe it and proceed as you mentioned.
And actually, used machines are worth something. Maybe not to you, but I know folks who didn't have a machine until they got a used one (I don't believe the machines were stolen in this case though).
Slashdot Mirror
Actually, I would and have done that.
Say you are in a situation where you can't connect your laptop to a network, but you can find the MAC address for a computer that is connected to that same network.
1) Disconnect the computer that is connected;
2) Change your laptop MAC (I assume you are all using some variant of GNU/Linux, but whichever, you can find information http://www.irongeek.com/i.php?page=security/changemac which will get you started, there is also a tool available for Ubuntu (and I guess other *nix) which can randomise your MAC, choice a MAC based on a specific company etc.)
3) Connect your laptop to the network in place of the other computer.
Did I mention profit? I never did, but all I wanted to do was not be forced to use Windows and MSIE. (Of course, disconnect your laptop before reconnecting the other computer, having two machines with the same MAC could cause problems.)
So, even if you have a case of having to register your MAC before connecting to the network (which is the case in many places), because it is so easy to spoof MAC's, I don't think that you can even reliably connect MAC addresses to a computer (at least in the cases where geeks are around), let alone an IP address to a computer.
Basically, the only way that one should be trying to identify individuals is by using username/password, and even that is potentially problematic. (At my old Uni, to connect to the Wireless network you had to use your network login/password, it then didn't matter which computer you were using. Though in that case, I think the software only worked for MS Windows, the Mac and *nix software for the protocol wasn't up to scratch.)
Data crossing electronically only? I'm not about to visit the USA, so they aren't going to get my not-shiny, not-new laptop or camera (no portable music player). Screw 'em.
Encryption is especially going to work when the data is only crossing electronically. They can keep it as long as they want, and it won't do them any harm.
Remember folks, if there is just one person (you) or two person's who share an alternative safe means of correspondence, then TrueCrypt works well. Otherwise, GNU Privacy Guard or similar systems work just as well (assuming that everyone involved knows how to use them).
He makes good points about Mozilla, and Flash and stuff. But that doesn't mean we want to use MS trash. If it is 100% free, and patent free as well (does MS support extend to releasing all relevant patents for anyone to use, or whatever how you say it?), then sure use it if you want.
Personally, I don't know why the Mozilla folks don't run with XUL some more.
Personally though, I have Flash and Java turned off by default, I'm not about to have Silverlight (or Moonlight) enabled by default.
Just make the deterrent/punishment the same as accessing someone's paper mail without permission.
Sure, in some cases you have to pretend "to be that person to break into their account", in which case you might throw a bit of "fraud" at them as well, but in most cases, accessing snail mail and accessing physical mail are similar enough.
If you are reading something over someone's shoulder, they can tell you to piss off, cover it up or whatever. The difference is actually going to the mail box (whether it be physical or electronic) and accessing what is in it.
Oh yeah, I guess it might be slightly harder to prove that someone has accessed the electronic box (because they don't have to open any envelopes), but considering you should be treating email as you would post cards anyway... (That is, anyone between you and the destination can read it, unless you take measures to encrypt it or something.)
-----
Disclaimer, I don't believe the state should exist. However, my opinions expressed above are given on the condition that my belief is suspended for the time being.
Oh is the poor little god bother bothered?
I don't know what percentage of people on Slashdot are atheists or not, and I don't really care (it would change all the time anyway, as people stop posting, and other people start posting).
However, to say that you can bad mouth god (a being for which there is no material evidence, only faith), but not "Darwin, Alan Turing, Stephen Hawking, evolution, time travel, the big bang" etc. is just wrong.
You can, it is just that people who actually follow the scientific method, and/or are materialists and thus try and have evidence for what they say or believe in, will jump on you if you say something stupid.
Take evolution for example, only idiots and ignorant people say that evolution doesn't exist, because there is so much evidence for it.
I don't know why you mentioned time travel, I don't have an opinion as to if it is possible one way or the other, because I don't have enough evidence. I have "gut feelings", but they aren't worth much.
The "big bang", what bad shit could you say about that? It was a bad thing? It didn't happen? The first is irrelevant, and the second requires evidence.
I didn't know the meaning of the word "mendacity", so I looked it up. The tendency to lie? You think that people on Slashdot lie about these things? So I assume you mean that saying that evolution is a fact is a lie... Well, if you are that delusional...
Oh yeah, did I mention that religion sucks and is a farce?
Religion causes more problems then it solves. Suck on it.
(To the mods: Karma bonus not initiated, no need to mod down. But if you do, you should mod down the parent for their comment as well.)
Obviously all Americans suck because it has taken them this long to work out that toxic algae blooms can be caused by Phosphorus.
Oh, and fuck the police coming straight from the underground. Got a problem with a nigga 'cause he's brown.
Yeah, I don't see Gmail as being that wonderful actually. I still prefer old "new" Yahoo mail. (That is, the version they introduced after the frames version.)
Now I guess that's a joke, but the "Bible" can refer to either the Jewish Bible (the Torah) (what Christians tend to call the "Old Testament"), or to the Christian Bible (which is both the Jewish Bible and the "New Testament").
Of course, "the" bible is a bit of a silly thing to say of course, because there are a heck of a lot more then just one of them. There are multiple versions of the Christian "New Testament" (incidentally a some Jews get upset with the old/new distinction, I don't know why...), ranging from versions in the "original" Greek, through to translations into Latin, and then various translations into English, all of which introduce changes into "the word of God". (One reason Muslims say that Arabic is the only language of Koran is prevent this problem of translations.) It isn't just translations that introduce changes either, a number of gospels were thrown out of the original Christian bible, and have only in the last hundred years or so started to be rediscovered. And then there are multiple versions of the Torah as well (translations, etc.).
So in reality, when you talk of "the bible" or even the "New Testament", you aren't talking about one thing. (And it sorta makes a mockery of the whole word of god thing. Why should I follow your bible version, when mine very distinctly doesn't include the commandment one about working six days, but actually says three days and then taking the other 4 days off? And even if it is included in your bible, why should I follow it if you don't? Does "give away all your possessions" sound familiar? Or it's easier for a camel to pass through the eye of a needle then a rich man to enter heaven?)
Back onto the original topic of this old scrap paper being put online. Yup, it's a good thing when this old stuff is digitalised, because coping bits is a fuck load easier then coping hard copy. Opening this up to scholars around the world (most of whom would never have had a chance to see it otherwise), means that differences and contradictions between this and the modern versions can be picked up and pointed out.
(And now for a random troll, fuck religion and the horse it rode in on!)
Oh, did I mention I run NoScript? And I apologise for the BB code, I haven't done any HTML stuff today, but I have posted on RevLeft.
Don't we already have that? Yes, yes we do, it's called TinyMCE and it is licensed under the LGPL and can be included on your form with just a couple of lines in your HTML code.
Oh wait, you want native rich text editing? Yeah, like you are really going to get a consistent experience across different browsers...
You know what I want from my web browser? I want it not to freeze when loading large (and/or lots of) images, and I want secure JavaScript, including killing off all JavaScript easily (none of this take over the browser with 50.000 alerts crap). Yeah, I know Opera has that last one, but I want a [i]free[/i] browser as well.
Anything else? Security sounds nice. I personally don't have much of a use for vector graphics as a developer, but I can see how they would be useful for everyone else.
Ummm... Maybe I'm just not very imaginative, but I tend to find that stability and security top my list of what I want nearly every time.
(Though I have to admit, the new address bar in Firefox 3 is nicer then the Firefox 2 bar.)
Yeah, actually there are heaps of people who objected to the fencing off of common land, and now there are heaps of people who object to inheritance. I can't think of any good reasons for inheritance beyond a certain amount, and I fully support the community "inheriting" anything beyond that certain amount.
(In the present shitty system that would amount to what is sometimes called a "death tax", but it isn't a tax, because the dead stop being taxed when they die. Just like the dead stop having rights when they die.)
There have been some discussions of property and inheritance over at RevLeft.com
http://www.revleft.com/vb/inheritance-t34696/index.html
(Someone made a really good point in that thread, "There are [no arguments for inheritance]. Anyone who agrees with inheritance should also agree with reperations. After all, the slaves did work hard and their descendants should inherit money from the children whose white anscestors neglected to pay them."
http://www.revleft.com/vb/emergence-hereditary-upper-t46268/index.html
http://www.revleft.com/vb/defending-usage-conception-t51371/index.html
Acid free paper exists. And if you want, you could write on metal sheets (using a variety of languages), being in a water and air tight container (see below), we would expect them to not corrode.
But more to the point, if you take appropriate precautions, you can make things last a long time.
So, if plastic has problems (which I hadn't heard about), don't use it. Use something equally water and air tight that doesn't have those problems.
And I never said the thing would last forever.
Given enough time, heat death of the universe.
If you didn't use it.
Come on, I can put 2 GB of plain text on a USB key, and leave it with how to implement the USB standard on paper, put the things in a thick plastic bag, etc.
In the correct environment, it will last for a long long time.
(Of course, I haven't read the article.)
Logging in without having to navigate away from the page when replying would be nice.
So, in the old system, you hit reply, realise you aren't logged in, type in user name and password (or have FireFox auto complete), type your comment and post.
The new system, realise you aren't logged in, hit the login link, get taken to a different page, login, navigate back to the old page, have to find where you wanted to reply, and notice that in the three minutes you spent logging in (some people are on dial up, some people do other things while waiting for pages to load, some people do both), you notice someone else has made the comment you were going to make!
So, how hard can it be to just include a username and password box when you hit reply and aren't logged in?
Me thinks someone forgot to post the little "Post Anonymously" box. Don't worry, we all do that sometimes.
Maybe if they hadn't have kept all the information they wouldn't need to have that fight in the first place...
I doubt they really care about anything except their image. "Yeah, we are the good guys", if they were really good they would have anonymised the information within days of them recording it.
Remember, information comes in, statistics are collected, raw information disappears. This time Google "won", but next time it might be the CIA or another nasty agency.
"City officials said late Monday that they had made some headway into cracking his pass codes and regaining access to the system."
Yeah, they tried all the single character passwords and are moving onto the two character passwords. Good fucking luck.
Unless they are actually using a program such as John the Ripper, in which case they already have physical access, and why can't they just re-install over the top?
And the article is a bit light on details, he is being charged with *four* counts of "computer tampering", why four, why not one? I suspect they couldn't come up with anything and are just trying to blackmail him to plead guilty. (Yes, cops will try and blackmail you by charging you with more things then you would ever get convicted of, yes I have personal experience of this. I got off, because I wasn't guilty of anything, but I know folks in the same situation who plead guilty to the lesser charge to get three other charges dropped.)
Anyway, as others have said, this is the sort of thing you sometimes dream about. Setting up a time bomb in the system that requires re-setting, or whatever.
But you would have to cover your tracks well, or something like this could happen...
If you have administrative access "hacking" the system is a fuck load easier then if you don't.
Please note, he 'has' (for a given definition of 'has' considering that he's in jail) admin access, he disabled everyone else's admin access and refused to divulge his password.
Now, how do your propose they "hack *his* hack" without the tools he had?
I won't put it in my sig, but my password is "looselipsloselifes". As well, I have no firewall, and I have disabled all security settings.
And a direct connection to the net on an always on broadband connection.
Enjoy!
Oh wait, you wanted my IP address? I'm not that stupid.
Actually, I use TC all the time without hidden volumes. I have porn in one, pics of the GF in another, passwords in a third, financial in a fourth. Plus a bunch of "random number" files, which I don't actually have a password for (I forgot them, deliberately).
I don't actually have any hidden volumes though, because I have no real need for it. Of course, if I were to ever travel to the US or some other similar country, I would create a couple and dump all my passwords and financial information in them. (Along with all my anarchist literature and bomb making instructions.)
So yeah, I don't have hidden volumes, but I do have TC installed and I use it.
From the release notes:
It appears to work just like a hidden volume (also described in this post).
In other words, you worry to much, these guys are really really smart.
Yes it is a good defence against that. Border guards aren't going to have enough time to find your encrypted containers while you are there, and if you have to give up your laptop, or if they take a copy of the HD, then they can't access the information because they don't have the password (and they can't force the password out of you, because you have already re-entered the country (assuming you are a yank)).
And if they do find a container, and force you to give up the password http://it.slashdot.org/comments.pl?sid=606473&cid=24097339 hidden volumes as described in that post.
Yeah, but Truecrypt has a defence against that. It is called "hidden volumes". Basically, you create a container, use it for porn or financial records (something that you have a legitimate reason to want to hide, from the wife or identities thieves for example), something that you access often. Then you create a hidden volume that is put at the end of that volume, which to access requires a second password.
There is no way of knowing if that second hidden volume exists unless you have both passwords.
If you access the first volume without both passwords, then you can just wipe over whatever information you have stored in the hidden volume.
Oh yeah, I love TrueCrypt. It's groovy.
Actually, the first thing you do is not connect it to a network, but rather take the HD out, connect it to another computer (preferably running some OS that isn't widely used like GNU/Linux) and see what you can find on it. Then wipe it and proceed as you mentioned.
And actually, used machines are worth something. Maybe not to you, but I know folks who didn't have a machine until they got a used one (I don't believe the machines were stolen in this case though).