On one hand, their anger is understandable. Even when your business is to reveal secrets, you need to also keep some secrets (ask any reporter with an anonymous source). It sounds hypocritical, but it really isn't. You can argue all you want about whether some military secrets endanger national security or the safety of civilians, but it should be clear that, for example, evidence of military or political wrong-doing is in the public interest, while access information to private computers or bank accounts is not (even if the person is guilty of wrong-doing). And on another level, a journalist publishing information given him by a confidential source is fulfilling his journalistic duty, while a journalist publishing information the source told him not to publish (which may possibly identify the source) is breaching trust.
On the other hand, taking this to court is completely fucking retarded. It kills any remaining relations with the newspaper, harms their relations with the other papers, hurts public opinion (because of the appearance of hypocrisy), draws public attention to the very matter they wanted to keep confidential (Streisand effect), and has no chance of stopping the damage.
Also, as the article says, what the hell was the point of publishing the passphrase in the first place?
If you want any sort of guarantee for the confidentiality and integrity of your data, you do the same thing over tor that you would have to do without it: Never initiate any non-SSL or non-certified connection, configure your browser not to transmit any identifying data (user agent, referer, cookies) and for heaven's sake do not run any scripts or plugins.
Without these precautions, all that tor does is expose your information to unknown spies (the exit node) in addition to known spies (your ISP, the carriers, various national governments, advertisers, etc.). With them, tor will ensure that in addition to data integrity and secrecy, you'll be immune to traffic analysis, so that neither the server nor any intermediate node can deduce your physical location, nor can any non-exit node identify the server.
This is the reason torproject.org has lots of warnings about how to properly use tor - used in the wrong way, it can be completely ineffective or harmful.
The ethics of paying for a device suspected to be stolen aside, buying a system and not wiping it is practically criminal negligence. Even if everything about the purchase is completely legitimate, it may have been equipped with all sorts of surveillance software by its previous owners, whether deliberately or through malware infections.
If they're making more in order to keep selling them at the promotion price, then it sounds as though they're still making a profit at that price. Why would they stop?
(Unless this whole thing was just a marketing ploy to stimulate demand.)
Getting rid of time zones would require the entire world population to vastly revise their understanding of time. That is not the kind of solution that caters to stupid people.
The concept of local time is too ingrained in language and culture to be replaced in every-day usage. It's hard enough to convince many Americans to join the twentieth century and adopt the metric system; and you want people to cope with the idea of "midday" meaning 0700 in New York, 0400 in Los Angeles and 2200 in Sydney? This would at most work in military or international business contexts.
When you compare the interface, the tablet is smoother and more robust than a Windows PC (if less suited for anything resembling typing. I mean, people always say this is the computer your grandmother could go online with. My grandmother has bad eyesight and her only QWERTZ experience is with a mechanical typewriter; she's not going to cope with keys that can't be felt.)
The Windows PC is open to be wiped and set up with any operating system (or number of operating systems) without even having to learn the meaning of "jailbreaking". The PC ultimately wins.
In what way does "a simple product mere mortals want to use" conflict with opening them to the people who know how to use them the way they want to?
Take Ubuntu. It is ridiculously simple to install and use, and still simplifies its interface with every release. It even gets a lot of criticism for that from its power users. Yet I keep using it instead of switching to something more "bare-bones" because while I have the shiny colorful desktop that "just works", I can also dig beneath it to modify the system at will.
If Apple's policy is aimed at the benefit of its customers, then why do they have to force their customers to abide by it?
Run an attack against that, take the results (potential salts), now run an attack against all the other MD5 signatures with the found potential salts tacked on until you get matching MD5s. Now the correct salt has been identified
If you know what a salt is, you should also know that using the same salt for different accounts is very very bad.
MD5 should be deprecated, but the collision attack only invalidates signatures; it doesn't help you extract a password from its hash.
Currently there is no feasible non-dictionary attack for that (the preimage attack found in 2009 still has complexity >2^120), and the dictionary attacks are defeated by salt. So in this narrow context, yes.
(Of course, this would end if a somewhat more efficient preimage attack is found. 2^120 is orders of magnitude beyond usefulness, but not many orders...)
Unit tests are slow and they almost always pass. When you're in a rush to release, sometimes you feel lucky. Of course, you're not. That's the whole point of unit tests...
Still no, I would argue. When in doubt, it's better to stop students suing their teacher for disagreeing with them.
If the teacher, and not the student, were the creationist, then it would still be better to first use normal measures. Like getting a classroom debate going (yes, the "debate" is long done in actual science, but reenacting it can be a lesson in what constitutes evidence or how the burden of proof works), or alerting the administration, the school board or the media, in order of escalation.
Teachers should be called on stupidity, but not sued for being wrong. It's not a bad thing to learn early on that people in authority can be idiots.
Slashdot Mirror
On one hand, their anger is understandable. Even when your business is to reveal secrets, you need to also keep some secrets (ask any reporter with an anonymous source). It sounds hypocritical, but it really isn't. You can argue all you want about whether some military secrets endanger national security or the safety of civilians, but it should be clear that, for example, evidence of military or political wrong-doing is in the public interest, while access information to private computers or bank accounts is not (even if the person is guilty of wrong-doing). And on another level, a journalist publishing information given him by a confidential source is fulfilling his journalistic duty, while a journalist publishing information the source told him not to publish (which may possibly identify the source) is breaching trust.
On the other hand, taking this to court is completely fucking retarded. It kills any remaining relations with the newspaper, harms their relations with the other papers, hurts public opinion (because of the appearance of hypocrisy), draws public attention to the very matter they wanted to keep confidential (Streisand effect), and has no chance of stopping the damage.
Also, as the article says, what the hell was the point of publishing the passphrase in the first place?
- That we turn ourselves invisible and take over the world?
- EXACTLY
Wonder what kinda privacy issues this will lead to, magneto's helmet anyone ?
Tinfoil hats have been around for ages. We're ready.
If you want any sort of guarantee for the confidentiality and integrity of your data, you do the same thing over tor that you would have to do without it: Never initiate any non-SSL or non-certified connection, configure your browser not to transmit any identifying data (user agent, referer, cookies) and for heaven's sake do not run any scripts or plugins.
Without these precautions, all that tor does is expose your information to unknown spies (the exit node) in addition to known spies (your ISP, the carriers, various national governments, advertisers, etc.). With them, tor will ensure that in addition to data integrity and secrecy, you'll be immune to traffic analysis, so that neither the server nor any intermediate node can deduce your physical location, nor can any non-exit node identify the server.
This is the reason torproject.org has lots of warnings about how to properly use tor - used in the wrong way, it can be completely ineffective or harmful.
Realistically this is the end of the line for the case.
Realistically, this is also the year for Linux on the desktop.
The ethics of paying for a device suspected to be stolen aside, buying a system and not wiping it is practically criminal negligence. Even if everything about the purchase is completely legitimate, it may have been equipped with all sorts of surveillance software by its previous owners, whether deliberately or through malware infections.
If they're making more in order to keep selling them at the promotion price, then it sounds as though they're still making a profit at that price. Why would they stop?
(Unless this whole thing was just a marketing ploy to stimulate demand.)
When the CD was developed, did we slice files into 1.3MB pieces, put them on virtual 3.5'' floppy images, and then burn the images on the CD?
That's not the bot's fault. Blame Hallam-Baker. :P
Getting rid of time zones would require the entire world population to vastly revise their understanding of time. That is not the kind of solution that caters to stupid people.
The concept of local time is too ingrained in language and culture to be replaced in every-day usage. It's hard enough to convince many Americans to join the twentieth century and adopt the metric system; and you want people to cope with the idea of "midday" meaning 0700 in New York, 0400 in Los Angeles and 2200 in Sydney? This would at most work in military or international business contexts.
Misspellings, typographical differences (hyphens), and that is not even taking into account domain names can contain numbers.
You can't buy them all. But the owners of the .xxx registry are making a tidy sum off the gullibility of celebrities, so it's all good.
When you compare the interface, the tablet is smoother and more robust than a Windows PC (if less suited for anything resembling typing. I mean, people always say this is the computer your grandmother could go online with. My grandmother has bad eyesight and her only QWERTZ experience is with a mechanical typewriter; she's not going to cope with keys that can't be felt.)
The Windows PC is open to be wiped and set up with any operating system (or number of operating systems) without even having to learn the meaning of "jailbreaking". The PC ultimately wins.
Appear to be the perfect conversation topic. That's awesome.
In what way does "a simple product mere mortals want to use" conflict with opening them to the people who know how to use them the way they want to?
Take Ubuntu. It is ridiculously simple to install and use, and still simplifies its interface with every release. It even gets a lot of criticism for that from its power users. Yet I keep using it instead of switching to something more "bare-bones" because while I have the shiny colorful desktop that "just works", I can also dig beneath it to modify the system at will.
If Apple's policy is aimed at the benefit of its customers, then why do they have to force their customers to abide by it?
Ouch, I'm getting this pain in the diodes all down my left side.
run by a touchscreen tablet powered by Windows XP
Pretty brave of these Libyan rebels to rely on Windows in a battlefield.
Run an attack against that, take the results (potential salts), now run an attack against all the other MD5 signatures with the found potential salts tacked on until you get matching MD5s.
Now the correct salt has been identified
If you know what a salt is, you should also know that using the same salt for different accounts is very very bad.
MD5 should be deprecated, but the collision attack only invalidates signatures; it doesn't help you extract a password from its hash.
Currently there is no feasible non-dictionary attack for that (the preimage attack found in 2009 still has complexity >2^120), and the dictionary attacks are defeated by salt. So in this narrow context, yes.
(Of course, this would end if a somewhat more efficient preimage attack is found. 2^120 is orders of magnitude beyond usefulness, but not many orders...)
Unit tests are slow and they almost always pass. When you're in a rush to release, sometimes you feel lucky.
Of course, you're not. That's the whole point of unit tests...
I wish I'd gotten that far; I'm still not even halfway through the gcc source. :P
Better watch out for those mindworms.
Still no, I would argue. When in doubt, it's better to stop students suing their teacher for disagreeing with them.
If the teacher, and not the student, were the creationist, then it would still be better to first use normal measures. Like getting a classroom debate going (yes, the "debate" is long done in actual science, but reenacting it can be a lesson in what constitutes evidence or how the burden of proof works), or alerting the administration, the school board or the media, in order of escalation.
Teachers should be called on stupidity, but not sued for being wrong. It's not a bad thing to learn early on that people in authority can be idiots.
If they did use DNS filtering, we'd be laughing at them because it is ridiculously ineffective.
(So is this, of course. Using a proxy is no more difficult than switching your DNS server, if not less.)
Even on an X11 desktop, a lot of window managers capture the Ctrl+C and Ctrl+V keys for copy-pasting when you are not inside a terminal emulator.
(The obvious trouble with that is that there are multiple clip-boards, and Shift+Ins and Ctrl+V will not paste the same thing.)