The problem with speeding is not simply that you are over some magic number, its a question of risk, risk to yourself, risk to your property, other people, and their property.
However, thats a difficult thing to put a number on. It comes down to conditions that you state, how many people are around (3 am driving is totally different from noon in the city. not so much in very rural places. How can you seriously say "55 MPH, thats all thats safe on this road at any time,"
So since you can't come up with some measure that takes into account driver skill, car condition, road condition, etc and have it be simple enough for drivers to follow and police to enforce... well since thats hard we have chosen a different way.
We did some studies based nearly solely on the worst case scenario of accident, and said "more than 30 is too much for places with lots of people" and defined those areas by residency.
Then we left it up to the whims of countys and states to set specific limits in specific areas, based mostly on their desire to take in income from tickets. Which means speed limits are chronically lower than they could be, low enough to keep people speeding enough that they can ticket people and bring in revenue.
Have you met anyone who really thinks speed limits are "set right"?
Hell, I live in a town where they ban overnight parking, and the chief of police goes around telling lies about how they need to ban overnight parking so ambulances can get down the smaller roads at night.... (never mind that there is already ordinance on the books requiring parked cars to maintain a 10' lane for traffic). Why? well that became quite evident when they raised the ticket from $15 to $25.
We even did an FOIA request for a list of tickets issued in the past year... if our street is even twice that of average, we are talking about 10's of thousands of tickets a year, for one offence, in one town. At $25 a pop, which can climb to nearly $100 with late fees within a couple of months (and for some reason online bill payment refuses to send them payments).
Well... I can't be the only one who sees some conflict of interest here. Can we say backdoor anti-progressive tax? (the tax disproportionately effects renters over home owners who own the driveways and as such are nearly garaunteed a spot... and yes, I have personally seen homeowners who rent rooms in this town and don't let their tennants use the driveway... even though the homeowner has 1 car and a 2 car garage!)
Oh thats the another thing, some people really do just suck.
Actually, the more I talk to people about it, the less I find people actually say that. In fact, most people that I talk to seem to be of the opinion that they agree that this stuff is silly security theater. They agree that its overkill.
However, everyone that I talk to seems resigned to believing that the masses are stupid, and the theater seems to mean so much to everyone else (everyone except them and I of course) that we are essentially stuck with the current situation, and there is little point in complaining about it.
Funny, but I can't help but think that that attitude and people actually believing that this makes people reasonably safer have the same effect. I have really yet to meet anyone who really believes all the hype.
Maybe its just the people that I actually associate with? I wont deny that the people I socialize with might not be a representative sample of people who travel via air in the US.
Agreed. I have even posted on the TSA blog occasionally in the comments about this: We absolutely need to consider that in the economics of airplane safety, it is not the decrease in supply of soft targets that has been thwarting terrorism, its actually the utter lack of demand for blowing up planes, airport terminals, etc.
There just are not that many people out there with the real desire (you know, as in enough motivation to build bombs and do test runs, not just say "hey what if we....") and real ability to pull it off. In fact, when you look at the number of deaths "pre-post 9/11" (so including all of the deaths on 9/11), the chances of death in a terrorist attack on an airplane, even when reduced to just the risk to fairly frequent air travellers, is so small, that you couldn't justify a single cent of the new "security" spending on it.
Which is why they never talk of the real risk, only the "worst case scenarios" which are so astronomically unlikely, that I would bet dollars to donuts that the money would be better spent, and help more people, if it were spent on preventing deaths from heart attack on flights.
The type of attack used on 9/11 is not the move of a power, its the move of the weak. Its a move of desperation by a small group looking to make big headlines the only way they can. It was in their power to plan 1 of these attacks and execute it.
The simple fact is, on 9/11 an ant happened to find himself in the right place and gave us a bite on the face. Maybe its just me, but I think forgetting about your day job to go around trying to eradicate the world of ants is an overreaction.
In the words of coaches all over the world, your not the first person to take a hit, go take a lap and stop whining about it.
Check that out, notice the name, and that the person is from Tufts University. I was working there when it was the new internal tool that this same networking group in question wrote.
Yup yup. And I have to say, Tufts Networking group is full of people who really know their stuff. Though students, even ones who know they are doing something wrong, aren't that smart about their dealings.
I still chuckle thinking back to the day that a student that had been a pain before and managed to weasel by with narry a slap on the wrist decided to start spamming... though one of the main email servers. The network group went as far as to send one of their engineers out to the physical site to verify that the machine doing the spamming was the same MAC...
she showed up and called Campus police for access to the office, and the Student showed up while she was waiting. She said she needed to verify some information, checked it out, at which point the police showed up, she explained the situation, and the officer dragged the student off.
This, I think, shows that their position is consistant over time. They have known for years that these issues would crop up, and they took steps to verify the info end to end, in person.
Your friend is a jerk. Plain and simple. Maybe you think being a jerk is cool. how about we examine why his is a jerk.
"I have no sympathy that a bunch of irresponsible pervs got baited into a trap because of their gullibility, lack of foresight, lack of restraint, and general idiocy. Nobody forced them to do anything, all the 'victims' did was set themselves up for failure and embarrassment."
See the problem right there "baited into a trap". Thats what makes this so wrong. Why does your friend need to "bait" people? Pervs? Who the hell are you to judge them? Oh, they have some sexual preferences you don't appreciate... so fucking what. Who appointed you the high and mighty judge of whats perverted?
The simple fact is, when he posted a fake ad, he LIED. Didn't your mother ever explain to you why its wrong to lie? Why its wrong to MISLEAD people?
Seriously! So what, some people are lonely. Some people want to meet someone, want to get laid. Hope to find someone who shares their particular tastes. I have to imagine someone so callous can't be much more than 20. You know, a lot of people find it to be a very lonely and isolating world once you get out of school and have been working a couple of years.
Good job your friend there did, shaming people for looking to meet someone new. People often feel more free in such a context to talk about things, personal things. Your friend should be real proud of himself for taking advantage of that and outing these people. Shame on them for having preferences or desires. Shame on them for wanting to meet someone with the same desires.
Your friends actions and your attitude make me sick.
As a sysadmin myself, I will assume he is an exempt employee, as you are. As a sysadmin, I will assume he gets oncall rotations and has to fight fires. The line between "my time" and "company time" is a very blurry one in our world.
Sure he may have been at the office when he viewed porn, but as a laptop it may have been at home. It may have been during "work hours" but how many "work hours" were supposed to be "his time"? When the definition of an exempt employee is one who is allowed to determine when he accomplishes work rather than being given certain tasks to do during certain hours (or thats how I understand it)
In the end, I think the standard of "no harm no foul" is the right play. What only happened for his eyes or the eyes of consenting adults is their buisness so long as its happening wasn't causing a problem. He should have been more careful (epesciailly as a sysadmin), but in the end, viewing some porn didn't harm you any.
If anything, I would question why you wasted any time snooping around? With new hardware the first task is to re-image the thing. When my company issued me the laptop I am typing on now (talk to me about slashdotting at work when I am still pounding out project deliverables for a 9 am meeting at 5 am), I never even booted the OS that came on it... first thing that happened was a re-image.
The rest of the network relies on me and my PC, I have to be sure of whats on it. First thing I do with a machine is a wipe, last thing I do when I leave it behind is a wipe. I do both myself.
A person that I know very well does this sort of forensics, and since he is currently working on a very high profile case (which has not resolved yet), I am going to be careful here, but these issues are very very real.
I have seen him going back and forth with the lawyers simply because they were having trouble understanding the data he was giving them and seriously expecting he could tell a lot more from the data than he really could.
They wanted to know information about websites and how much time a user of the computer spent on each site etc. Of course, the data left behind is cookies and caches and history.... how do you differenciate between a popup for "alt.com" and spending three hours there when the log shows 3 entries for the site over the course of the three hours because...its logging history of what sites you visited, not what transactions you performed.
Never mind differenciating between user access and automated program access etc.
Some of their techniques are very good, imaging pristine hard drives, indexing them, etc. Tools that log what you do so you can build a report. Using virtual machines to actually "run" a persons desktop to experience the users experience, then blow it away and run it again from a pristine copy of the image. etc.
However in the end, the OS and Apps are not setup to do this sort of logging. There is still a fair amount of black are art and interpretation there.
Oh yah, and some lawyers are real pricks when they don't understand things too.
How do we know that the majority of attackers are determined but dumb?
What numbers are we talking about? do thei rnumbers, even of the dumb ones, even begin to look like they might reach the point where their effect could even be statistically signifigant?
I say doubtful. This is yet another waste of our tax dollars. And they complain about social security and welfare. If we want to stop giving handouts, how about we stop supporting this silly addiction to paying for security theater?
Worst.... any other response widens their support.
Its one thing to stand up and raise a fist, and say "You damned infidels!". Its another thing to blow up a building. The difference is, if you can make us flinch, if you can make us move...well... now youe not one man in the caves with your fist in the air.... you are someone who made one of the greatest nations ever, move.
The bigger the response, the more credibility they have, the more support they have, the more we see them as a threat, the more we spend.
As I wrote in the TSA security blog:
If terrorists decide to blow up the lines of people waiting to go through airport security checkpoints, will they put checkpoints in front of the checkpoints?
Even if you assume that all flying related deaths are terrorism (which we know is a gross overestimate), it is STILL safer than driving a car. Cardiovascular disease is still the number 1 killer in the US.
First they will secure the airports, then they will secure the trains, and the busses, then the cities, the neighborhoods. How many checkpoints will we pass through before we realize what we are losing?
Woefully inadequet? When exactly was the last time a US plane was hijacked? When was the last one brought down? What is the signifigance of the impact of the dead from airplane crashes due to terrorist action in relation to say, traffic accidents?
It looks to me like airoort security is FAR tighter than it ever needed to be. The simple fact is, there just isn't that much of a call for keeping bombs off planes . Its more a demand problem really. There are plenty of planes to blow up, not shortage at all, just a very low demand for blowing them up. So low that it doesn't happen still, even with the lax and weak security theater going on at the "checkpoints"
Its a non-issue. Seriously, spend more time worrying about your cholesterol and keeping your driving skills sharp, those are far bigger dangers to you.
actually, I was thinking more fun would be to get you rhands on the chemicals that are used to train dogs to smell for drugs. A few tiny sprays of "Ode de Cocaine" should keep them busy for a while.
> Sure, terrorists could never get it all off themselves, but then neither could > anyone else.
Are you sure?
Actually I think the terrorist has the best chance. So they adopt clean room style techniques to separate production of explosives from packaging them. Produce the explosives, produce the other componenats. seal them in a plastic layer... hand off to a clean person at the door who takes it to a clean room, tosses it in a tub to be washed, and leaves it to the next guy who has never been to a room full of explosives with all clean clothes to sew it into a bag or other operation.
They can even do test runs where they just test moving something innocuous that they bag up and try to fly with and see if it picks up residue. As long as it looks like a false positive, they get their information.
I don't really think any number of technological measures will ever stop a determined attacker who can choose his methods and his time.
Lol I agree. Of course then you have to ask, do you want to be involved in their foreplay? Do you want to know the end play on that one? Personally, I am all about the trust. If I was worried that my girl was spying on me, Girlfriend 2.0 would be junked and development on 3.0 would be commencing. However, I know some people who seem to...like that. Sometimes in a lucid moment they even admit "well if it wasn't for the drama I would be bored" watch it... the "victems" of drama often cause as much as they get.
But I must disagree. Marriage is not till death. Divorce was legalized over 50 years ago, even voluntary divorce for just no reason at all. Where have you been? Under a rock? Are you next going to give us a lesson on how to determine what the minimum dowery we should expect based on our social status is? (I have told my girlfriend she is screwed, her fammily has no land for her, and I have my own household already so I am not settling for less than a 2 fam house near boston if I am going to take a bride)
I am a liberal one and I disagree. I see liberalism or religiosity as orthogonal to the issue. I would say that the engineer mindset is one that is adaptable to many realms.
I think it comes down to fundamental assumptions. I disagree on a fundamental level with a lot of terrorists. However, I have to say, if I believed some of the core things they believe, I would support the actions they take.
Its a matter of putting a mind to a problem. My fundamental assumptions are that people should be allowed to determine their own destiny, there is no god, nonconsensual violence is wrong unless used as a last resort in response to the threat of violence. etc.
However, if I saw myself as a member of a minority group, whose sworn enemy was the entire current "world order". Then I can totally see myself approaching this as an engineering problem, and well... the solution of "how do you fight" looks like terrorism.
So I guess what I am saying is, I can totally see the link, not a matter so much of people perverted by science, but scientific and engineering thought patterns, derailed and corrupted by religion. Frankly, extremeism is the logical conclusion to some of the basic assumptions of religion.... and I see engineers as people who are more likely to follow something to its logical conclusion than others who are happier with vague contradictions.
A tor hidden service server generally tries to limit its exposure bu choosing a couple of gateway nodes that it prefers for first hops. As long as the NSA doesn't control any your gateways, and at least one of them is up, their servers will never directly contact yours on a request.
Though, they can probably get you down to your prefered gateways... and if they really care, can almost certainly either compromise that gateway or shim in a sniffer at a point where traffic to and from one or more of those gateways is likely to pass.
Though, if the NSA is after you, AND enough so that they are willing to make moves that might give away what their real capabilities are, then you may be fairly fucked anyway. Time to go move to a cave in afghanistan.
however, http://eqt5g4fuenphqinx.onion/, if its a real onion address, refers to a pointer in their directory, to a service descriptor thats signed by the key thats complimentary to eqt5g4fuenphqinx
So essentially, nobody can serve up that site except the original author, or someone who stole the key, or otherwise figured the key out. Essentially, it is vulnerable in exactly the same ways that SSL is vulnerable.
No, I don't expect people to be that considerate. I wish however they would. Or better yet, realize that A) big cars are no safer, and b) big cars do not increase the size of your cock and stop buying them alltogether. Most people who "need them" or "enjoy having them" would find they do just fine without the huge monstrocity if they didn't have it.
I just think using a large van as you rprimary means of personal transportation, unless you really do use all the space most of the time, is well... damned inconsiderate.
Your right.... I decided a while back that I didn't want kids. Went out and found a girlfriend who feels the same way. Its rather nice actually. So I have grown up, I just don't intend on bringing anyone else up.
Even so... my parents were married with kids, and never needed a fucking truck or SUV and spent that much in groceries going back to when I can remember understanding them talking about such things in the 80s. In fact, for quite a while of their married with kids term, my father drove a tiny hatchback.
In any case, I have grown up...and I see no problem with this large cars when someone needs them. I just think that they should not be getting in the habbit of using them as their primary vehicle.
And given that the vast majority of driving that the vast majority of people seem to do is driving alone or with a single passenger in the car... it makes a lot more sense to move to motorcycles. They are also smaller, can park 3 in a normal parking space, can even carry your groceries home....
I think it makes a lot of sense for me to have a motorcycle for the warm months, and a car for when I need to carry larger items, more passengers, or there is snow on the ground. I have yet to find a need for a car bigger than my jetta.
Honestly, I think its disgusting that people drive around using SUVs, Minivans, and four by fours as their normal commuting vehicle when 90% of the time its just them.
Such a waste. Not to mention road hazard. Those vehicles do far more damage to anything they hit than a motorcycle or smaller car. They are a menace to everyone around them.
Only reason I havn't yet done all that is, well... I did a google search on it and there is lots of chatter, even discussions here on slashdot, about comcast interfereing with SSH traffic.
You know, I am also a comcast subscriber. I have all but taken the last steps (sniffers on both ends and then wading through a few meg of traffic) to prove they are screwing with my ssh connections too. I pay for unlimited high speed access, and yet... they kill my ssh sessions all the time.
In fact, I can reliably see ssh sessions last for a while in text mode, and then die within seconds of using a port forward to throw back vnc from my workstation at work. Text mode ones die too, but they last longer.
The kicker though, if I move ssh to another port, I can work for hours.
I have a workaround, but you know, I kinda feel like I am getting screwed as a consumer. I am seriously considering just going back to speakeasy because I always felt I could at least trust them to deliver the service I am paying for.
Honestly once I decide who to replace them with, I plan to utterly boycott comcast, cable etc. However I guess if the fcc is investigating for this, my grievence isn't too far removed. Should I be capturing sniffer logs and contacting the FCC?
I really hope this happens to lots and lots of people. I really hope just fuckloads of people lose access to what they paid for. If I believed in any gods, I would pray to them for this.
I hope it causes such a stink, that the US congress has to step in and hold hearings. I hope this becomes such a public relations nightmare that DRM dissapears so thoroughly that it becomes nothing more than a footnote in books on the histories of bad ideas.
I can think fo nothing better than seeing the conspirators who put together this crap being drug out before congressional panels and skewered for their antisocial machinations.
do a whois.... do like 10 similarly named domains....
contact the squatter who registers them with interest, tell them you had meant to register but they seem to have beat you to it. Try to negotiate...hem and haw...then after 31 days.... just stop talking to them.
Please report to central maintenance. Your humor filter is defective.
Tho is domain squatting really a "petty crime"? I agree... it is petty to squat on a domain, as it is petty to jay walk, or spit on the sidewalk etc.
However, is it really so petty when it is systematic? Is it really so petty when it is repeated over and over to the point of the denial of others of their fair use of publically accessable services?
Surely it is petty to fill water bottles from park drinking fountains and turn around and sell the full bottles. Is it still petty when you have expanded the operation such that your organization has people at 90% of the fountains, constanatly filling water so that all the thirsty people who don't want to pay your extortionist prices need to stand in long lines and wait for their water? How about when you have taken all of the public fountains, and nobody can even get their water?
We are not talking about petty crime here, we are talking about organized crime.
I think you hit the nail right between the eyes.
The problem with speeding is not simply that you are over some magic number, its a question of risk, risk to yourself, risk to your property, other people, and their property.
However, thats a difficult thing to put a number on. It comes down to conditions that you state, how many people are around (3 am driving is totally different from noon in the city. not so much in very rural places. How can you seriously say "55 MPH, thats all thats safe on this road at any time,"
So since you can't come up with some measure that takes into account driver skill, car condition, road condition, etc and have it be simple enough for drivers to follow and police to enforce... well since thats hard we have chosen a different way.
We did some studies based nearly solely on the worst case scenario of accident, and said "more than 30 is too much for places with lots of people" and defined those areas by residency.
Then we left it up to the whims of countys and states to set specific limits in specific areas, based mostly on their desire to take in income from tickets. Which means speed limits are chronically lower than they could be, low enough to keep people speeding enough that they can ticket people and bring in revenue.
Have you met anyone who really thinks speed limits are "set right"?
Hell, I live in a town where they ban overnight parking, and the chief of police goes around telling lies about how they need to ban overnight parking so ambulances can get down the smaller roads at night.... (never mind that there is already ordinance on the books requiring parked cars to maintain a 10' lane for traffic). Why? well that became quite evident when they raised the ticket from $15 to $25.
We even did an FOIA request for a list of tickets issued in the past year... if our street is even twice that of average, we are talking about 10's of thousands of tickets a year, for one offence, in one town. At $25 a pop, which can climb to nearly $100 with late fees within a couple of months (and for some reason online bill payment refuses to send them payments).
Well... I can't be the only one who sees some conflict of interest here. Can we say backdoor anti-progressive tax? (the tax disproportionately effects renters over home owners who own the driveways and as such are nearly garaunteed a spot... and yes, I have personally seen homeowners who rent rooms in this town and don't let their tennants use the driveway... even though the homeowner has 1 car and a 2 car garage!)
Oh thats the another thing, some people really do just suck.
-Steve
Actually, the more I talk to people about it, the less I find people actually say that. In fact, most people that I talk to seem to be of the opinion that they agree that this stuff is silly security theater. They agree that its overkill.
However, everyone that I talk to seems resigned to believing that the masses are stupid, and the theater seems to mean so much to everyone else (everyone except them and I of course) that we are essentially stuck with the current situation, and there is little point in complaining about it.
Funny, but I can't help but think that that attitude and people actually believing that this makes people reasonably safer have the same effect. I have really yet to meet anyone who really believes all the hype.
Maybe its just the people that I actually associate with? I wont deny that the people I socialize with might not be a representative sample of people who travel via air in the US.
Also, Schneier has written a few great articles on how people evaluate risk in Cryptogram a few months back. here: http://www.schneier.com/blog/archives/2006/11/perceived_risk_2.html
-Steve
Agreed. I have even posted on the TSA blog occasionally in the comments about this: We absolutely need to consider that in the economics of airplane safety, it is not the decrease in supply of soft targets that has been thwarting terrorism, its actually the utter lack of demand for blowing up planes, airport terminals, etc.
There just are not that many people out there with the real desire (you know, as in enough motivation to build bombs and do test runs, not just say "hey what if we....") and real ability to pull it off. In fact, when you look at the number of deaths "pre-post 9/11" (so including all of the deaths on 9/11), the chances of death in a terrorist attack on an airplane, even when reduced to just the risk to fairly frequent air travellers, is so small, that you couldn't justify a single cent of the new "security" spending on it.
Which is why they never talk of the real risk, only the "worst case scenarios" which are so astronomically unlikely, that I would bet dollars to donuts that the money would be better spent, and help more people, if it were spent on preventing deaths from heart attack on flights.
The type of attack used on 9/11 is not the move of a power, its the move of the weak. Its a move of desperation by a small group looking to make big headlines the only way they can. It was in their power to plan 1 of these attacks and execute it.
The simple fact is, on 9/11 an ant happened to find himself in the right place and gave us a bite on the face. Maybe its just me, but I think forgetting about your day job to go around trying to eradicate the world of ants is an overreaction.
In the words of coaches all over the world, your not the first person to take a hit, go take a lap and stop whining about it.
Um, I think you are far underestimating Tufts Networking group. In fact, I know that you are, since I happen to know they are pretty top notch.
http://portal.acm.org/citation.cfm?id=1047561
Check that out, notice the name, and that the person is from Tufts University. I was working there when it was the new internal tool that this same networking group in question wrote.
-Steve
Yup yup. And I have to say, Tufts Networking group is full of people who really know their stuff. Though students, even ones who know they are doing something wrong, aren't that smart about their dealings.
I still chuckle thinking back to the day that a student that had been a pain before and managed to weasel by with narry a slap on the wrist decided to start spamming... though one of the main email servers. The network group went as far as to send one of their engineers out to the physical site to verify that the machine doing the spamming was the same MAC...
she showed up and called Campus police for access to the office, and the Student showed up while she was waiting. She said she needed to verify some information, checked it out, at which point the police showed up, she explained the situation, and the officer dragged the student off.
This, I think, shows that their position is consistant over time. They have known for years that these issues would crop up, and they took steps to verify the info end to end, in person.
-Steve
Your friend is a jerk. Plain and simple. Maybe you think being a jerk is cool. how about we examine why his is a jerk.
"I have no sympathy that a bunch of irresponsible pervs got baited into a trap because of their gullibility, lack of foresight, lack of restraint, and general idiocy. Nobody forced them to do anything, all the 'victims' did was set themselves up for failure and embarrassment."
See the problem right there "baited into a trap". Thats what makes this so wrong. Why does your friend need to "bait" people? Pervs? Who the hell are you to judge them? Oh, they have some sexual preferences you don't appreciate... so fucking what. Who appointed you the high and mighty judge of whats perverted?
The simple fact is, when he posted a fake ad, he LIED. Didn't your mother ever explain to you why its wrong to lie? Why its wrong to MISLEAD people?
Seriously! So what, some people are lonely. Some people want to meet someone, want to get laid. Hope to find someone who shares their particular tastes. I have to imagine someone so callous can't be much more than 20. You know, a lot of people find it to be a very lonely and isolating world once you get out of school and have been working a couple of years.
Good job your friend there did, shaming people for looking to meet someone new. People often feel more free in such a context to talk about things, personal things. Your friend should be real proud of himself for taking advantage of that and outing these people. Shame on them for having preferences or desires. Shame on them for wanting to meet someone with the same desires.
Your friends actions and your attitude make me sick.
-Steve
I say no.
As a sysadmin myself, I will assume he is an exempt employee, as you are. As a sysadmin, I will assume he gets oncall rotations and has to fight fires. The line between "my time" and "company time" is a very blurry one in our world.
Sure he may have been at the office when he viewed porn, but as a laptop it may have been at home. It may have been during "work hours" but how many "work hours" were supposed to be "his time"? When the definition of an exempt employee is one who is allowed to determine when he accomplishes work rather than being given certain tasks to do during certain hours (or thats how I understand it)
In the end, I think the standard of "no harm no foul" is the right play. What only happened for his eyes or the eyes of consenting adults is their buisness so long as its happening wasn't causing a problem. He should have been more careful (epesciailly as a sysadmin), but in the end, viewing some porn didn't harm you any.
If anything, I would question why you wasted any time snooping around? With new hardware the first task is to re-image the thing. When my company issued me the laptop I am typing on now (talk to me about slashdotting at work when I am still pounding out project deliverables for a 9 am meeting at 5 am), I never even booted the OS that came on it... first thing that happened was a re-image.
The rest of the network relies on me and my PC, I have to be sure of whats on it. First thing I do with a machine is a wipe, last thing I do when I leave it behind is a wipe. I do both myself.
-Steve
A person that I know very well does this sort of forensics, and since he is currently working on a very high profile case (which has not resolved yet), I am going to be careful here, but these issues are very very real.
I have seen him going back and forth with the lawyers simply because they were having trouble understanding the data he was giving them and seriously expecting he could tell a lot more from the data than he really could.
They wanted to know information about websites and how much time a user of the computer spent on each site etc. Of course, the data left behind is cookies and caches and history.... how do you differenciate between a popup for "alt.com" and spending three hours there when the log shows 3 entries for the site over the course of the three hours because...its logging history of what sites you visited, not what transactions you performed.
Never mind differenciating between user access and automated program access etc.
Some of their techniques are very good, imaging pristine hard drives, indexing them, etc. Tools that log what you do so you can build a report. Using virtual machines to actually "run" a persons desktop to experience the users experience, then blow it away and run it again from a pristine copy of the image. etc.
However in the end, the OS and Apps are not setup to do this sort of logging. There is still a fair amount of black are art and interpretation there.
Oh yah, and some lawyers are real pricks when they don't understand things too.
-Steve
How do we know that the majority of attackers are determined but dumb?
What numbers are we talking about? do thei rnumbers, even of the dumb ones, even begin to look like they might reach the point where their effect could even be statistically signifigant?
I say doubtful. This is yet another waste of our tax dollars. And they complain about social security and welfare. If we want to stop giving handouts, how about we stop supporting this silly addiction to paying for security theater?
-Steve
Worst.... any other response widens their support.
Its one thing to stand up and raise a fist, and say "You damned infidels!". Its another thing to blow up a building. The difference is, if you can make us flinch, if you can make us move...well... now youe not one man in the caves with your fist in the air.... you are someone who made one of the greatest nations ever, move.
The bigger the response, the more credibility they have, the more support they have, the more we see them as a threat, the more we spend.
As I wrote in the TSA security blog:
If terrorists decide to blow up the lines of people waiting to go through airport security checkpoints, will they put checkpoints in front of the checkpoints?
Even if you assume that all flying related deaths are terrorism (which we know is a gross overestimate), it is STILL safer than driving a car. Cardiovascular disease is still the number 1 killer in the US.
First they will secure the airports, then they will secure the trains, and the busses, then the cities, the neighborhoods. How many checkpoints will we pass through before we realize what we are losing?
-Steve
Woefully inadequet? When exactly was the last time a US plane was hijacked? When was the last one brought down? What is the signifigance of the impact of the dead from airplane crashes due to terrorist action in relation to say, traffic accidents?
It looks to me like airoort security is FAR tighter than it ever needed to be. The simple fact is, there just isn't that much of a call for keeping bombs off planes
. Its more a demand problem really. There are plenty of planes to blow up, not shortage at all, just a very low demand for blowing them up. So low that it doesn't happen still, even with the lax and weak security theater going on at the "checkpoints"
Its a non-issue. Seriously, spend more time worrying about your cholesterol and keeping your driving skills sharp, those are far bigger dangers to you.
-Steve
actually, I was thinking more fun would be to get you rhands on the chemicals that are used to train dogs to smell for drugs. A few tiny sprays of "Ode de Cocaine" should keep them busy for a while.
-Steve
> Sure, terrorists could never get it all off themselves, but then neither could
> anyone else.
Are you sure?
Actually I think the terrorist has the best chance. So they adopt clean room style techniques to separate production of explosives from packaging them. Produce the explosives, produce the other componenats. seal them in a plastic layer... hand off to a clean person at the door who takes it to a clean room, tosses it in a tub to be washed, and leaves it to the next guy who has never been to a room full of explosives with all clean clothes to sew it into a bag or other operation.
They can even do test runs where they just test moving something innocuous that they bag up and try to fly with and see if it picks up residue. As long as it looks like a false positive, they get their information.
I don't really think any number of technological measures will ever stop a determined attacker who can choose his methods and his time.
-Steve
Lol I agree. Of course then you have to ask, do you want to be involved in their foreplay? Do you want to know the end play on that one? Personally, I am all about the trust. If I was worried that my girl was spying on me, Girlfriend 2.0 would be junked and development on 3.0 would be commencing. However, I know some people who seem to...like that. Sometimes in a lucid moment they even admit "well if it wasn't for the drama I would be bored" watch it... the "victems" of drama often cause as much as they get.
But I must disagree. Marriage is not till death. Divorce was legalized over 50 years ago, even voluntary divorce for just no reason at all. Where have you been? Under a rock? Are you next going to give us a lesson on how to determine what the minimum dowery we should expect based on our social status is? (I have told my girlfriend she is screwed, her fammily has no land for her, and I have my own household already so I am not settling for less than a 2 fam house near boston if I am going to take a bride)
-Steve
I am a liberal one and I disagree. I see liberalism or religiosity as orthogonal to the issue. I would say that the engineer mindset is one that is adaptable to many realms.
I think it comes down to fundamental assumptions. I disagree on a fundamental level with a lot of terrorists. However, I have to say, if I believed some of the core things they believe, I would support the actions they take.
Its a matter of putting a mind to a problem. My fundamental assumptions are that people should be allowed to determine their own destiny, there is no god, nonconsensual violence is wrong unless used as a last resort in response to the threat of violence. etc.
However, if I saw myself as a member of a minority group, whose sworn enemy was the entire current "world order". Then I can totally see myself approaching this as an engineering problem, and well... the solution of "how do you fight" looks like terrorism.
So I guess what I am saying is, I can totally see the link, not a matter so much of people perverted by science, but scientific and engineering thought patterns, derailed and corrupted by religion. Frankly, extremeism is the logical conclusion to some of the basic assumptions of religion.... and I see engineers as people who are more likely to follow something to its logical conclusion than others who are happier with vague contradictions.
-Steve
well yes and no.
A tor hidden service server generally tries to limit its exposure bu choosing a couple of gateway nodes that it prefers for first hops. As long as the NSA doesn't control any your gateways, and at least one of them is up, their servers will never directly contact yours on a request.
Though, they can probably get you down to your prefered gateways... and if they really care, can almost certainly either compromise that gateway or shim in a sniffer at a point where traffic to and from one or more of those gateways is likely to pass.
Though, if the NSA is after you, AND enough so that they are willing to make moves that might give away what their real capabilities are, then you may be fairly fucked anyway. Time to go move to a cave in afghanistan.
-Steve
however, http://eqt5g4fuenphqinx.onion/, if its a real onion address, refers to a pointer in their directory, to a service descriptor thats signed by the key thats complimentary to eqt5g4fuenphqinx
So essentially, nobody can serve up that site except the original author, or someone who stole the key, or otherwise figured the key out. Essentially, it is vulnerable in exactly the same ways that SSL is vulnerable.
-Steve
No, I don't expect people to be that considerate. I wish however they would. Or better yet, realize that A) big cars are no safer, and b) big cars do not increase the size of your cock and stop buying them alltogether. Most people who "need them" or "enjoy having them" would find they do just fine without the huge monstrocity if they didn't have it.
I just think using a large van as you rprimary means of personal transportation, unless you really do use all the space most of the time, is well... damned inconsiderate.
-Steve
Your right.... I decided a while back that I didn't want kids. Went out and found a girlfriend who feels the same way. Its rather nice actually. So I have grown up, I just don't intend on bringing anyone else up.
Even so... my parents were married with kids, and never needed a fucking truck or SUV and spent that much in groceries going back to when I can remember understanding them talking about such things in the 80s. In fact, for quite a while of their married with kids term, my father drove a tiny hatchback.
In any case, I have grown up...and I see no problem with this large cars when someone needs them. I just think that they should not be getting in the habbit of using them as their primary vehicle.
-Steve
And given that the vast majority of driving that the vast majority of people seem to do is driving alone or with a single passenger in the car... it makes a lot more sense to move to motorcycles. They are also smaller, can park 3 in a normal parking space, can even carry your groceries home....
I think it makes a lot of sense for me to have a motorcycle for the warm months, and a car for when I need to carry larger items, more passengers, or there is snow on the ground. I have yet to find a need for a car bigger than my jetta.
Honestly, I think its disgusting that people drive around using SUVs, Minivans, and four by fours as their normal commuting vehicle when 90% of the time its just them.
Such a waste. Not to mention road hazard. Those vehicles do far more damage to anything they hit than a motorcycle or smaller car. They are a menace to everyone around them.
-Steve
I just sent my complaint to the FCC.
Only reason I havn't yet done all that is, well... I did a google search on it and there is lots of chatter, even discussions here on slashdot, about comcast interfereing with SSH traffic.
Seems to have been a known problem for months.
-Steve
You know, I am also a comcast subscriber. I have all but taken the last steps (sniffers on both ends and then wading through a few meg of traffic) to prove they are screwing with my ssh connections too. I pay for unlimited high speed access, and yet... they kill my ssh sessions all the time.
In fact, I can reliably see ssh sessions last for a while in text mode, and then die within seconds of using a port forward to throw back vnc from my workstation at work. Text mode ones die too, but they last longer.
The kicker though, if I move ssh to another port, I can work for hours.
I have a workaround, but you know, I kinda feel like I am getting screwed as a consumer. I am seriously considering just going back to speakeasy because I always felt I could at least trust them to deliver the service I am paying for.
Honestly once I decide who to replace them with, I plan to utterly boycott comcast, cable etc. However I guess if the fcc is investigating for this, my grievence isn't too far removed. Should I be capturing sniffer logs and contacting the FCC?
-Steve
yup...and all I can say is... GOOD
I really hope this happens to lots and lots of people. I really hope just fuckloads of people lose access to what they paid for. If I believed in any gods, I would pray to them for this.
I hope it causes such a stink, that the US congress has to step in and hold hearings. I hope this becomes such a public relations nightmare that DRM dissapears so thoroughly that it becomes nothing more than a footnote in books on the histories of bad ideas.
I can think fo nothing better than seeing the conspirators who put together this crap being drug out before congressional panels and skewered for their antisocial machinations.
-Steve
better yet...
do a whois.... do like 10 similarly named domains....
contact the squatter who registers them with interest, tell them you had meant to register but they seem to have beat you to it. Try to negotiate...hem and haw...then after 31 days.... just stop talking to them.
-Steve
Please report to central maintenance. Your humor filter is defective.
Tho is domain squatting really a "petty crime"? I agree... it is petty to squat on a domain, as it is petty to jay walk, or spit on the sidewalk etc.
However, is it really so petty when it is systematic? Is it really so petty when it is repeated over and over to the point of the denial of others of their fair use of publically accessable services?
Surely it is petty to fill water bottles from park drinking fountains and turn around and sell the full bottles. Is it still petty when you have expanded the operation such that your organization has people at 90% of the fountains, constanatly filling water so that all the thirsty people who don't want to pay your extortionist prices need to stand in long lines and wait for their water? How about when you have taken all of the public fountains, and nobody can even get their water?
We are not talking about petty crime here, we are talking about organized crime.
-Steve