172 posts • joined 20 Oct 2007
Re: On what planet does The Guardian recruit?
I will concede that revenge porn is new
The idea is not: http://en.wikipedia.org/wiki/Nunc_Dimittis_%28short_story%29
... Not that I disagree with the rest
Re: Hold on a second... IMEI Blocking?
Well, it is much easier to protect IMEI against reflashing than the OS image.
Re: Hold on a second... IMEI Blocking?
Exactly. Why force vendors to install software feature that is difficult to use and easy to abuse when you can force operators to keep track of IMEI last used by a customer, and if the customer reports theft to police, add it to public blacklist?
Both the argument and counterargument in this debate are just stupid.
Just a nitpick: it says "Ad Adstra Tabernamque" near the bottom of the kickstarter page.
Even if you where able to get to 160 km altitude by balloon you'd only save 20% in delta-v. 7.8×10³ m/s is quite a lot to gain...
But, hell, that would be something!
I guess it was (semi?)deliberate. But I wish they hadn't done it. It's pain enough to see in reddit comments.
Good for them, and for Yubico
Yubikey is much more convenient to use than traditional TOTP tokens (or google authenticator on the phone) where you have to type in the the code from the token's display. Good publicity for Yubico, too.
Targeted vs. opportunistic
The stance "if you are a target then this technology won't help you" is red herring.
Of course it will not. If you are targeted then (presumably) you know what you are doing, and know how to protect yourself.
The point of technology similar to this is to thwart NSA-style opportunistic eavesdropping rather than CIA-style targeted operations. As long as it works - job done.
OpenWRT has native ipv6 support, as well as support for a number of tunnel brokers, for I don't remember since when. I have ipv6 on my home system with Kamikaze up and running for several years.
Surely a typo?
unduly prejudicing GPNE or confusing the jury.”
Otherwise, I agree with those who pointed out that "patent troll"/"nonpracticing entity" is a distraction. "Real" company using patents to prevent competition is no lesser evil than a troll collecting patent rent.
Thanks Mr. Worstall for spelling the word of reason! Data gathering in the interest of commerce has indeed quite different implications from data gathering in the interest of the state.
But, monopolization of commercial data gathering greatly simplifies state data gathering, and for this reason is dangerous. I share the view that we'd be better off if more of our Net life happened in distributed systems (similar to email) and less - in centralized (similar to Facebook).
is to my experience the best in the class that you describe. I've been using IXUS 80is for several years, recently replaced by Powershot SX280hs. The picture quality is quite good for the size/price, looks very decent on a 30x40 cm print. And especially ixus is quite sturdy.
Anybody remembers SFCave
or its knockoffs? They've been here, like, forever. I remember playing on Palm Tungsten. Admittedly, the ribbon that you had to direct through the tunnel did not flap its wings, though. Sunflat is still alive, though I am not sure that there weren't any earlier versions.
(I want an icon of a man with long grey beard)
I will tele-toast from 2500 km away
Re: It's all about balance of payments
That's right, paying per Gb (or having capped tiers, like I have from my provider) is the way. The consumer should pay fair price for the service. That is capitalism.
By the way, the top tier, 100Mbit symmetric without caps costs under $30/mo where I live. Admittedly, we have multi-story buildings, so providing the last mile is cheaper per user than in the US.
Do they call it free market?
Suppose I am a customer of Comcast's rival, let's call it "YMission". And I pay subscription to Netflix. It means that part of my money goes to help the rival of my provider, who does nothing for me. Why is it legal?
That is not to say, the content providers create the market for the ISPs, making the customers want to have Internet access. If anything, its the ISPs who owe to the Netflixes.
This does not look like capitalism at all.
Not only that
There are not many people in the world who can pull this off
and most of them know each other, I think. Their effort just might be sponsored by an organisation for which some of them work, but I think it's more likely that they decided to do it for fun, to amuse themselves and to recruit like-minded people into their circle.
do you mean that on Windows, you allow some third party application to delete your files without asking your permission?!
An that application is closed source, developed by a Russian company owned by a guy alleged to have ties with Russian secret service? And famous for advocating for compulsory real identity on the Internet?
Please, please, Please let us see the match!
goes to fetch popcorn
Re: I expect to get a zillion downvotes but...
"the NSA probably are after something is flagged it will inevitably end up at the hands of another person who has not been given explicit permission to read your email"
Just as a thought experiment, imagine that NSA establishes an automated system that scans emails, searches for specific signals, and notifies human operators that the people involved are suspect. Without presenting actual emails to the human operators. According to your line of thought, that would be acceptable, no? Human-free system at Google learns something from users' email and make decisions about advertising tactics. Human-free system at NSA learns something from users' email and makes decisions about investigatory tactics. I don't see much difference.
On a second thought,
Bring Ariadne to Spain for a quick holiday, and let her do the job herself!
+1 David Stockman's
because it is:
- reminiscent of a bikini
- is red+white+blue as Union Jack
- has the Vulture logo (and in the right place too!)
If Angela Merkel or any other European leaders are so outraged by the NSA practices, they surely ought to show some gratitude to the person who made evidence of such practices public, and give him political asylum. No?
Because they where not the spooks
In Russia, spooks basically get everything that they want without asking anybody, under the "СОРМ" (SORM) legislation. In this case, the company stood up to a request for data that came from somebody other then spooks, i.e. financial authorities. Nothing to see here, move along!
Re: Reply @Rascak
Accessing yahoo mail via IMAP (and presumably POP) is free, this is how I reach it from Android.
For that matter, you can perfectly access gmail with an IMAP client too.
Tape never died, it was just rewinding
Re: TCP/IP has been multi-path from the git-go.
@jake, err, no it hadn't
Sure enough, IP has always been, and is now, multipath. TCP session, however, is defined by the quadruple of source and destination layer3 addresses, and source and destination (layer4) ports. For a host with multiple interfaces that means one TCP session can use only one interface (at least, the incoming packets can only arrive on one interface). What they are talking about here is having different packets with different pairs of source and desitnation addresses belong to a single TCP session. Standard published in January 2013: http://tools.ietf.org/html/rfc6824
Social network != "Social network"
Someone on reddit makes a good point:
A lot of people commenting are confused by how New York Times is using the term "social network." They're not talking about Facebook, Myspace, etc. They're talking about the NSA secretly building graphsyour real-life social network without warrants: everyone you talk to, do business with, etc.
Re: Two part PIN?
Or, you could just use chip and pin.
Compromised terminal can show on screen that it's charging $10, but in fact charge $100. The only way is to build a mini display and keypad into the card.
Re: satisfied customer
Depends on who you prefer to be watching you - NSA or FSB. For non-Russian citizens, it might be sensible to prefer FSB. But keep in mind that here you don't have even the token judicial oversight of the FISA court - they just take what they want without asking anybody.
Re: sudo echo $'The Register on Pi-Lite' > /dev/ttyAMA0
When you use shell redirection, the file is opened by the shell process, that runs under the original userid. Sudo launches the command under root userid, and if it opened the file it would be able to, but it does not, it just uses stdout that was already opened by the shell. If it could.
If the command worked, it means that the file was writeable for the original userid, and running without sudo would also work. So, sudo is either unnecessary, or does not help.
sudo echo $'The Register on Pi-Lite' > /dev/ttyAMA0
will not work.
Exactly why it won't is left as an exercise to the writer.
Having a secure OS is not enough. These days, many exploits are very high level: XSS and suchlike. They never leave the browser, so the OS has no chance do deploy its defences.
Qubes mentioned in this thread tries to address this problem by sanboxing multiple instances of the browser in separate VMs.
Double speak alert
Putin said "He must stop his work aimed at harming our American partners" ("Он должен прекратить свою работу, направленную на то, чтобы наносить ущерб нашим американским партнерам"). He did not say about it being "harmful to the US" as the author of this piece interpreted it. Putin't "American partners" are not necessary the "US, the Country".
Putin probably still feels that he belongs to the "intelligence community", and perceives the US secret service establishment as his partners, so it makes sense.
Re: Brain bleach required
... or put a warning on it
"Not Safe For Any Environment"
Asymmetric crpyto is used for authentication (to verify the site you're going to isn't spoofed), but the session keys are negotiated by a Diffie-Hellman key exchange
When you do PK authentication you can establish the session key "for free" as a side effect. I guess this is usually done because it somewhat simplifies the handshake.
Re: Pulse dialling?
Where I live, last time I checked, you had to personally visit the office of the phone company and write a paper request to have DTMF enabled on your home line. So, I had to configure my SIP ATA to use pulse dialling.
Speaking of vintage tech, years before that, I was rather thrilled when I had an opportunity to connect a 386 PC running SCO UNIX to the telegraph network with a specialized adapter, and could login and enter commands from a real electromechanical telegraph terminal. At 50 baud!
Arguably, encrypting data on a NAS is pointless.
Encrypting an Android device is mostly useless too.
Encrypting all data on a device makes sense if that device spends most of the time turned off. Such as a thumb drive, for instance. When "they" get the device, it does not contain the decryption key, so your data is safe. Ditto a laptop with FDE if you turn it off while not in use.
Encrypting data on a NAS device only helps against burglary, while the most probable attack is to take over the running device. While it is running, the decryption key is in its memory, and all data is accessible. Ditto Android device in your pocket that has dark screen, but running CPU. Encrypting it may be useful to comply with some stupid corporate policy, but does very little to protect the data from leakage.
What makes sense is to keep select sensitive bits encrypted, such as to keep passwords in a "crypto wallet". In such applications, the decryption key and decrypted data only stays in memory for a few minutes after you've entered the password, and is safely encrypted for the most of the lifetime of the device that carries it.
Mechanism for emergency mission abort?
Could it be useful to be able to destruct the balloon when it flies outside of the desired area, on command from the ground (if you have an upstream radio channel), or automatically by analysing the GPS data? Would have saved the payload on the last test flight.
@trevor and all interested should take a look at yubico's products. They are primarily designed to work with LastPass-alikes, but can be used without relying on a third-party cloud service. They are rather open (implement standards, most of the accompanying software is open source), which, to some degree, can solve the trust issue. I use their token to log into my machines locally, using challenge-response mode and open source PAM module.
I am not affiliated with them, just an enthusiastic user.
Re: What's the big deal?
Admittedly, one might call it "going out of the way", especially since it is not yet implemented.
Some Internet cafes in Ohio where running a side business of gambling.
New state legislation would make such side business unrewarding (without affecting the main business).
Some Internet cafes will become unprofitable without said side business and have to close.
So what? Why are we discussing this, again?
Internet access permission?
Why would a launcher need it? I think I pass.
- JLaw, Kate Upton exposed in celeb nude pics hack
- Google flushes out users of old browsers by serving up CLUNKY, AGED version of search
- GCHQ protesters stick it to British spooks ... by drinking urine
- China: You, Microsoft. Office-Windows 'compatibility'. You have 20 days to explain
- Something for the Weekend, Sir? If you think 3D printing is just firing blanks, just you wait