Except that the QR codes are a replacement for using other, even more vulnerable media, which can hold gigabytes of extra payload.
You have to exchange key data somehow. It doesn't matter what encoding you use as long as everyone can read it and preferably without doing anything potentially unsafe, like mounting unknown filesystems on the most protected node.
Pretty sure I would take a QR code as an acceptable trade off between manually typing in key data for signing and mounting your usb drive (or mine on your system) to get it from you. If it meant I could avoid even mounting my own media, all the better.
You, my cowardly friend, are missing out. It is a cheap plastic toy, which usually must be assembled by snapping together some parts. This toy is placed inside a plastic egg. The plastic egg is then coated with a, somewhat annoyingly thin chocolate shell.
The FDA apparently has their panties in a twist about non-food items that are actually inside food. I generally would call this a sensible restriction in form, but.... it is kind of hard to see how these could suffer the same terrible flaw of some other, more unfortunate ideas in candy/toy crossovers.
I mean just the fact that some drugs are illegal to possess assumes that you were either going to use them or sell them to someone who would (i.e. as opposed to doing science experiments with them, or disposing of them, etc). The law presumes you are going to do something bad with the drugs merely by having them.
Well the main difference in these cases is the quantity and whether or not you have a lawyer. The courts are so drug naieve its not even funny. Just today I was looking at pictures from a local "sophisticated grow op" that got busted. They claimed "potentially $1 million worth". Its BS. You can't grow $1 million dollars worth of pot in a residential home in Boston. Sorry. Just not happening. I don't believe it, not for reasonable values of residential home.
A couple of the local pot activists who saw the photos were guestimating maybe $50k in product; tops.
Thing is, what the cops will do, is weigh the whole plant, roots and all, then multiply that by the very lowest quantity, highest markup prices... and call that the value for their press release. Whereas a person selling it has to pick off the flowers, cut the leaves from them, and dry it. It is nearly 2 weeks harvest to market and hours of labor. He maybe gets $2500-5500 per pound depending on quantity and how he sells it. The police will break it down to $20/gram or about 9000/lbs on a quantity thats just insane. Where each of plant of his crop might produce an ounce of usable product, it will be counted as a pound or more.
I have talked to people, devote a whole room to it in their house...and still have to buy to make it between crops just for themselves. However the law here makes no distinction between selling and growing, and only recently added medical distinctions.
Though its funny, if you can afford a lawyer one way or another, its hardly even a big deal. I have seen people get caught transporting almost 80 lbs of pot across state lines.... the entire court process happened over the phone and he basically paid a lawyer a bunch of money and ended up with a few years of probation and some fines. That was in Arizona too.... the private prison state. Good thing he was a citizen.
I think that; right there; is a big part of the problem: They don't have any intertest in teaching science, just teaching explanations.
I think back to my own science classes, and we didn't just sit there listening to lectures about how things worked. It was about why we think we they work the way they seem to. It was about the "plumb pudding" model of the atom, and why the bohr model was better, and why the bohr model turned out to not really cut it...etc.
Creationism has a place as an "alternate" to evolution when it becomes a full fledged theory and makes useful predicitons that can be tested; not when the explanation makes sense to somebody.
Explanations are not science, not until they do just that....make predictions which can be tested. "God did it" means nothing until you can tell me what "God did it" predicts that is different from other theories in a way that could be tested with the right conditions.
Do you have any idea how many things that are technically not legal to sell here that get through?
Have you ever bought "kinder joy" or any of the other similar chocolate candies that contain a plastic egg inside the chocolate? My wife enjoys them, so I get them for her when I see them. I know many shops I can buy them at, all over the area....yet, they are not legal products for sale in the US due to.... FDA regulations.
Hell, people have been buying mail order pot seeds and drugs and....you think customs is going to be a barrier to this?
So what exactly is so special here that means this time is going to be different?
Not only is it not new, I remember almost 10 years ago now, somebody had demonstrated that he could slam the bus in such a way as to generate radio signals that he could pick up on a nearby reciever.
There was even a slashdot story about it back then, but damned if I can find anything on it now. Pretty sure it was only a one way channel but, depending on the circumstances, that could be enough.
The reality of air gaps is that key signing ceremonies take place with several people packed in the room, while CDs are passed back and forth and put in the machine holding the CSRs, the software and signed certs.
So because people often conduct their air gapped business in a flawed manner, air gaps are useless? Sorry, I don't follow.
Wouldn't it be better to....embrace the power of AND?
Have an air gap AND pre-compute QR codes or some other encoding that doesn't require the loading of potentially insecure media in order to verify/sign keys?
or
Use two machines, one for loading/verifying keys, with a serial line to a second box, setup to only allow file transfers in over the serial line.... transfer file... log on to console... sign.
Preferably (to limit possibilities for data exfiltration) have the serial cable be one-way only and use QR or similar to get signed keys back out.
That is pretty dangerous. I knew this guy who had some marijuana. People came to his house with guns, took it from him, made him cut off his dread locks, and then he had to pay some guy in a suit to negotiate for him so they wouldn't put him in a cage.
Marijuana is really dangerous. Stay away from that stuff.
When you move to a new city, a GPS is the WORST thing you can use to 'learn' the city. This has been proven by multiple studies. GPS is a shitty way to learn since you don't learn, you just follow directions and don't absorb them or the route you took.
Yes, but its not total. I have actually learned routes that I might not have found if not for GPS, unless I did some serious map study, and even then some wouldn't stand out because they are longer and only better due to traffic (I use waze on my phone, so it accounts for traffic)
That said, there are also great routes it took me on that I didn't learn because I relied on it too much but, they are often again, ones I wouldn't have found on my own.
I think traffic is the biggest win. So far it seems that there are about 4 different sections of my commute that have alternate routes that are better in some traffic conditions. On the whole, there is one main route it takes me down about 70% of the time.... but when traffic is heavy it routes around and manages to get me there in about the same amount of time as a normal day (most of the time).
I fully agree with you. However, I also live int he US and have mostly seen the US "justice" system where they like to take a "take no chances" (and spare no jobs) attitude where arguments like "yes but what if we are wrong and he is violent and tries to make an escape" tend to win out over anything so...sensible.
So, what I would expect, is it actually takes more employees doing more travel and just overall costing more to transport him. However, you are correct, it is possible they could be even more sane than that, but given the option they went for, that seems an even more remote possibility.
Maybe the most likely alternate would be to do it in the Danish embassy so there is cost and job hours to spread around between both countries.
There are no charges yet, unless they they are not being truthful in the claim that he is wanted for questioning. Also seems a fuckton cheaper to come to him, where he is already in prison (presumably interrogators don't need escorts and extra security to be moved)....at least UNTIL he is actually being formally accused of something.
Yah this doesn't make much sense to me. If you want to question someone, why does this require shipping him around? Seems that sort of thing should be reserved at least for people who have actually been charged with something.
> With all the security issues with just signing up, I can't wait to see what happens when credit card > numbers are entered for payments.
At least they don't have to worry so much about security, I have to imagine that the identities of the people signing up for health care through the connector are som eof the least lucrative identities to steal.
I have to imagine that with the other story today about the low prices on identities, the PII, verified home address and credit card info for wal-mart associates doesn't even fetch those prices.
"verified credit cards, home address, and other info on 20,000 walmart employees - $5 obo"
Funny because from the title I thought this might have something to do with Project Rescue: http://projectrescue.com/ "Project Rescue provides physical, emotional and spiritual rescue and holistic restoration to women and children in sexual slavery."
However chances of it being so successfull and chances of "it going up from 20ish cents".....
I mean at the time, there was no way to predict it would gain so much interest, but I was pretty confident that it was a good buy at that price....even if it only ever hit $.50 it was doubling your money so it was easy to see it was a great buy then.
Yup. And the thing is, there really isn't much you can do about this loophole in humanity. Hell a while back (maybe someone has a link to the story) there was an investigation done where someone tracked one of these people down through a scam.
This guy has met a woman online, on a dating site. She told him she ran an international business and needed help doing shipping in the US, next thing you know, packages are arriving at his door and he is accepting them and forwarding them on.... often out of his own pocket!
I could see similar here... Hows this "Hey baby, I wish i could come back to the US soon, but they have totally screwed up my VISA, and I have an ATM card at an American bank and they will kill me in fees if I try to bring the money here, if I send you the card, can you withdraw the money and send it to me? Keep a few hundred for yourself, you will be saving me more than you know"
Insert that after a week or so of online flirting, from a profile of a busty woman, and I bet you could drain several accounts a week.
And especially pays off for anyone who can get it out...especially if they can do it while leaving someone else (or many other people) holding the (empty) bag(s). I still laugh about this one:
two precision operations that involved people in more than two dozen countries acting in close coordination and with surgical precision, thieves stole $45 million from thousands of A.T.M.'s in a matter of hours.
> or is it really likely that almost all normal people feel a certain amount of duress even if it isn't > intended.
Let me give you my, or rather my wife's experience with this on the MBTA here in MA where they have "voluntary" bag swabs. Its voluntary, but if you don't submit you can't get on the train and have to leave the station.
She walked in, they told her she needed a bag swab and she said "No". At this point, my wife, who suffers massive panic attacks, was confronted by an officer screaming that they have a refuser, and was instantly surrounded by police, all talking at her, all telling her to just submit and go through.
She paniced, allowed the swab and went through.
Intimidation is their standard fallback whenever someone doesn't act like a good sheep.
Slashdot Mirror
Except that the QR codes are a replacement for using other, even more vulnerable media, which can hold gigabytes of extra payload.
You have to exchange key data somehow. It doesn't matter what encoding you use as long as everyone can read it and preferably without doing anything potentially unsafe, like mounting unknown filesystems on the most protected node.
Pretty sure I would take a QR code as an acceptable trade off between manually typing in key data for signing and mounting your usb drive (or mine on your system) to get it from you. If it meant I could avoid even mounting my own media, all the better.
You, my cowardly friend, are missing out. It is a cheap plastic toy, which usually must be assembled by snapping together some parts. This toy is placed inside a plastic egg. The plastic egg is then coated with a, somewhat annoyingly thin chocolate shell.
The FDA apparently has their panties in a twist about non-food items that are actually inside food. I generally would call this a sensible restriction in form, but.... it is kind of hard to see how these could suffer the same terrible flaw of some other, more unfortunate ideas in candy/toy crossovers.
Well the main difference in these cases is the quantity and whether or not you have a lawyer. The courts are so drug naieve its not even funny. Just today I was looking at pictures from a local "sophisticated grow op" that got busted. They claimed "potentially $1 million worth". Its BS. You can't grow $1 million dollars worth of pot in a residential home in Boston. Sorry. Just not happening. I don't believe it, not for reasonable values of residential home.
A couple of the local pot activists who saw the photos were guestimating maybe $50k in product; tops.
Thing is, what the cops will do, is weigh the whole plant, roots and all, then multiply that by the very lowest quantity, highest markup prices... and call that the value for their press release. Whereas a person selling it has to pick off the flowers, cut the leaves from them, and dry it. It is nearly 2 weeks harvest to market and hours of labor. He maybe gets $2500-5500 per pound depending on quantity and how he sells it. The police will break it down to $20/gram or about 9000/lbs on a quantity thats just insane. Where each of plant of his crop might produce an ounce of usable product, it will be counted as a pound or more.
I have talked to people, devote a whole room to it in their house...and still have to buy to make it between crops just for themselves. However the law here makes no distinction between selling and growing, and only recently added medical distinctions.
Though its funny, if you can afford a lawyer one way or another, its hardly even a big deal. I have seen people get caught transporting almost 80 lbs of pot across state lines.... the entire court process happened over the phone and he basically paid a lawyer a bunch of money and ended up with a few years of probation and some fines. That was in Arizona too.... the private prison state. Good thing he was a citizen.
> "Controlled substance" means a drug, compound, mixture, preparation, or substance included in schedule I, II,
> III, IV, or V. "
However, even stuffed full of recipts there was plenty of empty space, which, apparently also is a controlled substance.
I think that; right there; is a big part of the problem: They don't have any intertest in teaching science, just teaching explanations.
I think back to my own science classes, and we didn't just sit there listening to lectures about how things worked. It was about why we think we they work the way they seem to. It was about the "plumb pudding" model of the atom, and why the bohr model was better, and why the bohr model turned out to not really cut it...etc.
Creationism has a place as an "alternate" to evolution when it becomes a full fledged theory and makes useful predicitons that can be tested; not when the explanation makes sense to somebody.
Explanations are not science, not until they do just that....make predictions which can be tested. "God did it" means nothing until you can tell me what "God did it" predicts that is different from other theories in a way that could be tested with the right conditions.
Until then, all you have is bullshit.
Do you have any idea how many things that are technically not legal to sell here that get through?
Have you ever bought "kinder joy" or any of the other similar chocolate candies that contain a plastic egg inside the chocolate? My wife enjoys them, so I get them for her when I see them. I know many shops I can buy them at, all over the area....yet, they are not legal products for sale in the US due to.... FDA regulations.
Hell, people have been buying mail order pot seeds and drugs and....you think customs is going to be a barrier to this?
So what exactly is so special here that means this time is going to be different?
Not only is it not new, I remember almost 10 years ago now, somebody had demonstrated that he could slam the bus in such a way as to generate radio signals that he could pick up on a nearby reciever.
There was even a slashdot story about it back then, but damned if I can find anything on it now. Pretty sure it was only a one way channel but, depending on the circumstances, that could be enough.
So because people often conduct their air gapped business in a flawed manner, air gaps are useless? Sorry, I don't follow.
Wouldn't it be better to....embrace the power of AND?
Have an air gap AND pre-compute QR codes or some other encoding that doesn't require the loading of potentially insecure media in order to verify/sign keys?
or
Use two machines, one for loading/verifying keys, with a serial line to a second box, setup to only allow file transfers in over the serial line.... transfer file... log on to console... sign.
Preferably (to limit possibilities for data exfiltration) have the serial cable be one-way only and use QR or similar to get signed keys back out.
Bitcoin can be run over tor so you have to block tor too to accomplish that. Of course, tor is made to help users subvert blocking so good luck.
That is pretty dangerous. I knew this guy who had some marijuana. People came to his house with guns, took it from him, made him cut off his dread locks, and then he had to pay some guy in a suit to negotiate for him so they wouldn't put him in a cage.
Marijuana is really dangerous. Stay away from that stuff.
Yes, but its not total. I have actually learned routes that I might not have found if not for GPS, unless I did some serious map study, and even then some wouldn't stand out because they are longer and only better due to traffic (I use waze on my phone, so it accounts for traffic)
That said, there are also great routes it took me on that I didn't learn because I relied on it too much but, they are often again, ones I wouldn't have found on my own.
I think traffic is the biggest win. So far it seems that there are about 4 different sections of my commute that have alternate routes that are better in some traffic conditions. On the whole, there is one main route it takes me down about 70% of the time.... but when traffic is heavy it routes around and manages to get me there in about the same amount of time as a normal day (most of the time).
Better that 1000 innocent men be punished than one private prison not show profits this quarter.
I fully agree with you. However, I also live int he US and have mostly seen the US "justice" system where they like to take a "take no chances" (and spare no jobs) attitude where arguments like "yes but what if we are wrong and he is violent and tries to make an escape" tend to win out over anything so...sensible.
So, what I would expect, is it actually takes more employees doing more travel and just overall costing more to transport him. However, you are correct, it is possible they could be even more sane than that, but given the option they went for, that seems an even more remote possibility.
Maybe the most likely alternate would be to do it in the Danish embassy so there is cost and job hours to spread around between both countries.
There are no charges yet, unless they they are not being truthful in the claim that he is wanted for questioning. Also seems a fuckton cheaper to come to him, where he is already in prison (presumably interrogators don't need escorts and extra security to be moved)....at least UNTIL he is actually being formally accused of something.
Yah this doesn't make much sense to me. If you want to question someone, why does this require shipping him around? Seems that sort of thing should be reserved at least for people who have actually been charged with something.
> With all the security issues with just signing up, I can't wait to see what happens when credit card
> numbers are entered for payments.
At least they don't have to worry so much about security, I have to imagine that the identities of the people signing up for health care through the connector are som eof the least lucrative identities to steal.
I have to imagine that with the other story today about the low prices on identities, the PII, verified home address and credit card info for wal-mart associates doesn't even fetch those prices.
"verified credit cards, home address, and other info on 20,000 walmart employees - $5 obo"
Funny because from the title I thought this might have something to do with Project Rescue: http://projectrescue.com/
"Project Rescue provides physical, emotional and spiritual rescue and holistic restoration to women and children in sexual slavery."
Little bit of namespace collision going on there.
> It appears to be a sample of a transmitted sound sample of "Gangnam Style!"
And another opportunity to Rickroll entire communities is lost.
However chances of it being so successfull and chances of "it going up from 20ish cents".....
I mean at the time, there was no way to predict it would gain so much interest, but I was pretty confident that it was a good buy at that price....even if it only ever hit $.50 it was doubling your money so it was easy to see it was a great buy then.
Yup. And the thing is, there really isn't much you can do about this loophole in humanity. Hell a while back (maybe someone has a link to the story) there was an investigation done where someone tracked one of these people down through a scam.
This guy has met a woman online, on a dating site. She told him she ran an international business and needed help doing shipping in the US, next thing you know, packages are arriving at his door and he is accepting them and forwarding them on.... often out of his own pocket!
I could see similar here... Hows this "Hey baby, I wish i could come back to the US soon, but they have totally screwed up my VISA, and I have an ATM card at an American bank and they will kill me in fees if I try to bring the money here, if I send you the card, can you withdraw the money and send it to me? Keep a few hundred for yourself, you will be saving me more than you know"
Insert that after a week or so of online flirting, from a profile of a busty woman, and I bet you could drain several accounts a week.
And especially pays off for anyone who can get it out...especially if they can do it while leaving someone else (or many other people) holding the (empty) bag(s). I still laugh about this one:
http://www.nytimes.com/2013/05/10/nyregion/eight-charged-in-45-million-global-cyber-bank-thefts.html?_r=0
Ahhh but then, how many botnets could you get for 70k-150k?
I advertise a sale on robes and wizard hats.
> or is it really likely that almost all normal people feel a certain amount of duress even if it isn't
> intended.
Let me give you my, or rather my wife's experience with this on the MBTA here in MA where they have "voluntary" bag swabs. Its voluntary, but if you don't submit you can't get on the train and have to leave the station.
She walked in, they told her she needed a bag swab and she said "No". At this point, my wife, who suffers massive panic attacks, was confronted by an officer screaming that they have a refuser, and was instantly surrounded by police, all talking at her, all telling her to just submit and go through.
She paniced, allowed the swab and went through.
Intimidation is their standard fallback whenever someone doesn't act like a good sheep.
Aum's Law?