Agreed. Its quite a bit different than Slugging [npr.org] that is/was popular in some cities.
These newer programs have apps for ride matching, rating systems, and at least informally set fees. Its a regulation dodge more than anything else.
Definitely - and they're not turnout out to be so successful at dodging the legislation after all. There are other companies that do "real" carpooling though, such as e.g. Avego. They've been getting a lot of attention during the BART strike now, with them offering to actually fly commuters to work by helicopter ( http://bartstrike.com/?page_id=1073 ).
But the prices on Lyft seem to be on the order of $15-20 for a short ride within SF, which is more like taxi prices. At that cost you're hiring a paid driver, not pitching in for gas in a rideshare.
Yeah, absolutely. Lyft, Sidecar, Uber - they're all really taxi companies in disguise, trying to pretend being carpooling services. An example of a real carpooling service is Avego, which connects drivers and riders with each other. The big difference to e.g. Lyft is that the prices are much lower, so the drivers only offset part of their cost rather than making a profit. That way, the service is really for regular commuters rather than for taxis. Drivers save a bit of money (and get to drive in the faster HOV lanes), riders get cheap and easy transportation, congestion levels are reduced, and there are less pollution from cars. Boomberg did an interview with them recently where they explained (among other things) the difference to e.g. Lyft at http://www.bloomberg.com/video/beat-the-bart-strike-with-avego-s-ridesharing-app-sxMdKCAbTbWzaiWyJwBP6w.html .
> So far Google, Yahoo, Microsoft, FB et al had been identified by the Prism disclosure
> They are indentified because they are in the big data business
No. We could identify them because they were mentioned in the powerpoint slides... It doesn't get any more obvious than that.
> How do we get around this issue? There is a huge MitM operating here and that is scary.
How do we get around a man in the middle? SSL. Most of these companies do use proper encryption for their network traffic. That is why NSA needs connections on the inside.
Using the Netflix example, wouldn't some packets going over 3G and others going over wired broadband cause massive problems with packets arriving out of order? There are methods for handling that in TCP of course, but I wonder how effective they would be in as exterme circumstances as we'd be talking about here.
Now I know to stay well clear of anything that has to do with Ciphercloud. I certainly wouldn't have seen the Stack exchange discussion (much less the fact that Ciphercloud feels that cryptanalysis is bad for them) if they didn't do what they did, though. Thanks, Ciphercloud!
You might want to have a look at Duplicati - that's what I ended up using after I spent a while looking into how to do backup securely. It'll handle scheduling, partials (i.e. diffs, if you want), compression, encryption of the result, and finally upload to a whole range of different cloud providers (or a local directory, of course). It's free, and available for Windows, OSX, and Linux.
How can I harden my computer against being used as a node in an ASIO botnet?
ASIO would come in the same way that normal cybercriminals would, so it's a matter of standard common-sense security precautions.
If you're using Windows, keep it up-to-date and use a decent antivirus program - Microsoft's security essentials works fine. Don't click links in emails from strange people. Don't open email attachments from strange people. In terms of software, a good rule, originally by Brian Krebs I believe, is not to install software if you didn't search for that software in the first place (with other words, don't install if it comes to you by email, or if it pops up when you're browsing around generally, etc etc).
In addition to the operating system, a few other pieces of software are fairly important to keep up-to-date: Your internet browser. Adobe flash and reader, if you use those. Java (or better yet, disable Java in the browser completely).
If the numbers are anywhere near right then they should easly recoop their money. Even if they fall short and have only 5000 sudents instead of 7000 then at $1400 each then they will earn 7 million dollars.
I know that it's customary on slashdot not to read the linked articles but you didn't even read the summary, did you? They got four students. Four.
No, that's not the reason. A UPS has to be able to replace the full power provided by the main when in use. A pacemaker only needs to provide a small trigger signal, which is much smaller than the output of the heart itself.
"... which is much smaller than the output of the heart itself."
Kind of like a UPS and an electric power plant then, yes?
... isn't just a matter of hacking a random IT firm as the summary may lead one to believe. The firm in question was a contractor for the government, and was handling a number of important census databases, including personal details about people with "protected identity" (people that live under threat of violence, and the like). Through the hacking, this data was released.
Considering that he was already wanted for his involvement in the pirate bay, the hacking was an incredibly stupid thing to do.
While I'm sure there are some here that are into sailing, this question should really be placed at a sailing forum instead. There are plenty of those - I'd suggest that you become a member there, and ask the question there instead.
It also seems to me that a round-the-world trip may be a bit ambitious if you don't even know about the gear (or have tested the boat) yet. Something more limited may be suitable initially.
So if I was there as a tourist, would I get arrested?
Or is somehow putting your island into a video game now sedition or something?
TFA is pretty slim, but I'm having a hard time imagine what law was broken.
TFA is not thin at all. It states that the men were caught with photographs of military installations. I would wager that most countries have laws against photographic military bases, and I'm not surprised that Greece do. This was just a really stupid thing to do.
It must be "apps", as in software for mobile devices. Last year, Microsoft alone had revenue of $ 74 billion. Granted, they do hardware and the like as well, but the 9 billion figure is still ridiculous if were to refer to all software development. Because of this, it is unfortunate that the summary says "software application development", whereas the articles only mentions "application development".
Ok, so there is a one-in-three chance of guessing the correct sequence, yes? Even if the whole operation would be quadrupled, as you said (choose the correct sequence, then again another three times), you will still have a 1-in-81 chance of guessing (3^4). This is by no means enough.
You mention allowing no more than three of four attempts, but this won't really work well either. You can't reliably do it by IP - it is easy for malicious users to jump between IPs (using e.g. botnets or different proxy servers), and if you do it by user account (e.g. ignoring IP, allowing only x number of attempts for the username before locking it down) you will have created the best possible scenario for denial-of-service attacks. Anybody would be able to lock anybody else's account trivially.
I agree that research is a good thing and that sequence-based login is kind of interesting, but the flaws really need to be covered as well. That is critical in any scientific field. As it is now, this method is completely unusable.
A few readers have commented that the system will need to know your unhashed password. This is clearly bad, but there are even worse flaws.
A 30-character password sounds awfully strong (60^30 combinations if upper/lower-case chars and numbers are used). However, from the article: "Authentication requires that you play a round of the game — but this time, your 30-letter sequence is interspersed with other random 30-letter sequences". This means that the number of characters is irrelevant, really. What matters is the number of "30-letter sequences", and since you need to play them all, they will need to be limited. How many? 10 would probably too many to play, but will still only be the equivalent of a single-digit password. This system will be trivial to crack with brute-force guesses.
Even worse, repeated "login attempts" will reveal which sequence is the correct one - simply check which sequence repeats between tries.
Who said anything about Google password? Netvibes have their own account registration process. You can log in with your FB if you have one, but that's all OAuth, so you won't be giving them your credentials in that case either.
You're not going to see the potential of SPDY before we have environments (browsers, CPU and your internet speed) that can take full advantage of it. Only in the most recent version of Firefox did we see SPDY support.
SPDY does not depend at all on CPUs or your "internet speed". It does depend on the browser (with both Firefox and Chrome supprting SPDY now) and, critically, the server. That last is also why the article author did not see much of a speedup - most content providers don't support SPDY yet. Going to non-SPDY servers and believing that it will evaluate SPDY for you is absolutely ridiculous.
... - one of them, for example, is ResearcherID at http://www.researcherid.com/ . None of them have really taken off so far, and there is nothing to say that this one will. I am skeptical.
The title states "India OKs censorship...", but the article "only" states: "A trial court in New Delhi on Friday ordered that summons be served in the criminal case to officials at all 21 companies at their foreign headquarters’ addresses."
As far as I can see, no decisions have been taken, and nobody has been told to start censoring anything. The fact that they are calling in representatives for these IT companies is worrying, certainly, but it does not mean that anything else has been decided.
Slashdot Mirror
Agreed. Its quite a bit different than Slugging [npr.org] that is/was popular in some cities. These newer programs have apps for ride matching, rating systems, and at least informally set fees. Its a regulation dodge more than anything else.
Definitely - and they're not turnout out to be so successful at dodging the legislation after all. There are other companies that do "real" carpooling though, such as e.g. Avego. They've been getting a lot of attention during the BART strike now, with them offering to actually fly commuters to work by helicopter ( http://bartstrike.com/?page_id=1073 ).
But the prices on Lyft seem to be on the order of $15-20 for a short ride within SF, which is more like taxi prices. At that cost you're hiring a paid driver, not pitching in for gas in a rideshare.
Yeah, absolutely. Lyft, Sidecar, Uber - they're all really taxi companies in disguise, trying to pretend being carpooling services.
An example of a real carpooling service is Avego, which connects drivers and riders with each other. The big difference to e.g. Lyft is that the prices are much lower, so the drivers only offset part of their cost rather than making a profit. That way, the service is really for regular commuters rather than for taxis. Drivers save a bit of money (and get to drive in the faster HOV lanes), riders get cheap and easy transportation, congestion levels are reduced, and there are less pollution from cars. Boomberg did an interview with them recently where they explained (among other things) the difference to e.g. Lyft at http://www.bloomberg.com/video/beat-the-bart-strike-with-avego-s-ridesharing-app-sxMdKCAbTbWzaiWyJwBP6w.html .
Ooh, yes. Good old Windows ME. It did wonders in convincing people to ditch Windows!
> So far Google, Yahoo, Microsoft, FB et al had been identified by the Prism disclosure > They are indentified because they are in the big data business No. We could identify them because they were mentioned in the powerpoint slides... It doesn't get any more obvious than that.
> How do we get around this issue? There is a huge MitM operating here and that is scary. How do we get around a man in the middle? SSL. Most of these companies do use proper encryption for their network traffic. That is why NSA needs connections on the inside.
Using the Netflix example, wouldn't some packets going over 3G and others going over wired broadband cause massive problems with packets arriving out of order? There are methods for handling that in TCP of course, but I wonder how effective they would be in as exterme circumstances as we'd be talking about here.
Now I know to stay well clear of anything that has to do with Ciphercloud. I certainly wouldn't have seen the Stack exchange discussion (much less the fact that Ciphercloud feels that cryptanalysis is bad for them) if they didn't do what they did, though. Thanks, Ciphercloud!
You might want to have a look at Duplicati - that's what I ended up using after I spent a while looking into how to do backup securely. It'll handle scheduling, partials (i.e. diffs, if you want), compression, encryption of the result, and finally upload to a whole range of different cloud providers (or a local directory, of course). It's free, and available for Windows, OSX, and Linux.
How can I harden my computer against being used as a node in an ASIO botnet?
ASIO would come in the same way that normal cybercriminals would, so it's a matter of standard common-sense security precautions.
If you're using Windows, keep it up-to-date and use a decent antivirus program - Microsoft's security essentials works fine. Don't click links in emails from strange people. Don't open email attachments from strange people. In terms of software, a good rule, originally by Brian Krebs I believe, is not to install software if you didn't search for that software in the first place (with other words, don't install if it comes to you by email, or if it pops up when you're browsing around generally, etc etc).
In addition to the operating system, a few other pieces of software are fairly important to keep up-to-date: Your internet browser. Adobe flash and reader, if you use those. Java (or better yet, disable Java in the browser completely).
If the numbers are anywhere near right then they should easly recoop their money. Even if they fall short and have only 5000 sudents instead of 7000 then at $1400 each then they will earn 7 million dollars.
I know that it's customary on slashdot not to read the linked articles but you didn't even read the summary, did you? They got four students. Four.
No, that's not the reason. A UPS has to be able to replace the full power provided by the main when in use. A pacemaker only needs to provide a small trigger signal, which is much smaller than the output of the heart itself.
"... which is much smaller than the output of the heart itself."
Kind of like a UPS and an electric power plant then, yes?
... isn't just a matter of hacking a random IT firm as the summary may lead one to believe. The firm in question was a contractor for the government, and was handling a number of important census databases, including personal details about people with "protected identity" (people that live under threat of violence, and the like). Through the hacking, this data was released.
Considering that he was already wanted for his involvement in the pirate bay, the hacking was an incredibly stupid thing to do.
... is a good offense.
While I'm sure there are some here that are into sailing, this question should really be placed at a sailing forum instead. There are plenty of those - I'd suggest that you become a member there, and ask the question there instead. It also seems to me that a round-the-world trip may be a bit ambitious if you don't even know about the gear (or have tested the boat) yet. Something more limited may be suitable initially.
http://xkcd.com/927/
So if I was there as a tourist, would I get arrested?
Or is somehow putting your island into a video game now sedition or something?
TFA is pretty slim, but I'm having a hard time imagine what law was broken.
TFA is not thin at all. It states that the men were caught with photographs of military installations. I would wager that most countries have laws against photographic military bases, and I'm not surprised that Greece do. This was just a really stupid thing to do.
It must be "apps", as in software for mobile devices. Last year, Microsoft alone had revenue of $ 74 billion. Granted, they do hardware and the like as well, but the 9 billion figure is still ridiculous if were to refer to all software development. Because of this, it is unfortunate that the summary says "software application development", whereas the articles only mentions "application development".
This story made me think of the excellent TED talk by Rob Reid, on copyright math. It's hilarious! http://www.ted.com/talks/rob_reid_the_8_billion_ipod.html
Ok, so there is a one-in-three chance of guessing the correct sequence, yes? Even if the whole operation would be quadrupled, as you said (choose the correct sequence, then again another three times), you will still have a 1-in-81 chance of guessing (3^4). This is by no means enough.
You mention allowing no more than three of four attempts, but this won't really work well either. You can't reliably do it by IP - it is easy for malicious users to jump between IPs (using e.g. botnets or different proxy servers), and if you do it by user account (e.g. ignoring IP, allowing only x number of attempts for the username before locking it down) you will have created the best possible scenario for denial-of-service attacks. Anybody would be able to lock anybody else's account trivially.
I agree that research is a good thing and that sequence-based login is kind of interesting, but the flaws really need to be covered as well. That is critical in any scientific field. As it is now, this method is completely unusable.
A few readers have commented that the system will need to know your unhashed password. This is clearly bad, but there are even worse flaws.
A 30-character password sounds awfully strong (60^30 combinations if upper/lower-case chars and numbers are used). However, from the article: "Authentication requires that you play a round of the game — but this time, your 30-letter sequence is interspersed with other random 30-letter sequences". This means that the number of characters is irrelevant, really. What matters is the number of "30-letter sequences", and since you need to play them all, they will need to be limited. How many? 10 would probably too many to play, but will still only be the equivalent of a single-digit password. This system will be trivial to crack with brute-force guesses.
Even worse, repeated "login attempts" will reveal which sequence is the correct one - simply check which sequence repeats between tries.
Who said anything about Google password? Netvibes have their own account registration process. You can log in with your FB if you have one, but that's all OAuth, so you won't be giving them your credentials in that case either.
You're not going to see the potential of SPDY before we have environments (browsers, CPU and your internet speed) that can take full advantage of it. Only in the most recent version of Firefox did we see SPDY support.
SPDY does not depend at all on CPUs or your "internet speed". It does depend on the browser (with both Firefox and Chrome supprting SPDY now) and, critically, the server. That last is also why the article author did not see much of a speedup - most content providers don't support SPDY yet. Going to non-SPDY servers and believing that it will evaluate SPDY for you is absolutely ridiculous.
... - one of them, for example, is ResearcherID at http://www.researcherid.com/ . None of them have really taken off so far, and there is nothing to say that this one will. I am skeptical.
If you protest you get your way, even when it doesn't make fiscal sense.
Fiscal sense is not the only type of sense worth pursuing.
The title states "India OKs censorship...", but the article "only" states: "A trial court in New Delhi on Friday ordered that summons be served in the criminal case to officials at all 21 companies at their foreign headquarters’ addresses." As far as I can see, no decisions have been taken, and nobody has been told to start censoring anything. The fact that they are calling in representatives for these IT companies is worrying, certainly, but it does not mean that anything else has been decided.