939 posts • joined 4 Mar 2011
It's sounds like he covered that to be honest. Obviously Netflix puts a different spin on it, but it really says the same thing. "ISPs can do this either by free peering with us at common Internet exchanges," but if that isn't nearby you'll have to pay for the link yourself "or can save even more transit costs by putting our free storage appliances in or near their network." i.e. host their power-hungry servers for free.
It's not too hard to imagine that neither option is very appealing for a small ISP.
So it's a bug in I2P but...
They claim it works on the on a default install with no configuration changes, but as of the last time I used Tails (admittedly several versions back) it didn't even start I2P automatically. I guess it's strictly true that launching a program is not a "configuration change", but if that's their game, it's more than a little dishonest to call this a vulnerability in Tails.
It's possible Tails has changed since I used it, or maybe there's some hook left for I2P that makes this attack work even when the main program isn't running, but I doubt it.
Re: Department of the Obvious....
Didn't they also handle UK's last census? Or was it some other merchant of death I'm thinking of?
Well, if you believe the theory that the scam are intentionally made unbelievable so as the weed out anyone the a lick of common sense right from the start...
Just speculating here, but it seems like the biggest concern for the university lawyers would be the claim that the presenters had actually unmasked illegal hidden services (if I understood the claims correctly). They would open themselves up to libel lawsuits if they reveal that information, and open themselves up to subpoenas if they don't. Publicly claiming that you know who runs Silk Road or <insert popular CP site> is just asking for trouble.
Assuming this is true and all, you can't blame them for setting their sights high, but there are other hidden services hosting things like political rants, legal porn Tor directories, and privacy guides. They could have proved the concept on one of these without risking anyone (guilty or innocent) getting hurt.
Okay, for the most part this is a terrible idea, but does this mean cloud services and such will be able to sue the NSA for lost business?
Re: What worries me about this
Although this hasn't been officially confirmed, it seems likely these are simply P2P file sharers. Due to their collaborative nature, it's really quite easy to track what people are doing on those programs. Of course the anchorites would prefer to leave the impression that pretty much read anything anywhere.
I don't know about the Royal Mail, but the US Postal Service does something similar:
Huh! I never made that connection before. Makes sense though. IIRC the official explanation was the quotes were more natural, but that doesn't explain why they needed to drop support for the old syntax.
Good. I guess.
I still have no plans to use Google+, but I suppose, now I would consider it if I have had a reason or something.
"There is no justification as to why the content of a document can only be displayed properly if the execution of macros is enabled."
I helped out in a computer class for seniors some time ago, and double-clicking (or sometimes just plain clicking) was a challenge for them. Part of the problem was that when it didn't work the first time, their natural inclination was to try hitting the button harder, but of course that just made their precision even worse.
It's not the porn part I'm questioning, it's the revenge. It could be an orgy with creative uses for vegetables, and it still wouldn't be revenge porn unless it's posted for revenge. Unless that element is required, it's just yet another example of a new law being sold for one purpose when it will inevitably be used for something else.
Most crimes require an element of intent. I really doesn't think this is such a hard thing to prove. Was it posted right after a breakup? Probably revenge pron. Was it posted with nasty comments and identifying information? Probably revenge pron. Was it posted on a website explicitly for revenge pron? Probably revenge pron.
While I'm not completely opposed to some type of law on the subject, I think it needs to be focused on the revenge aspect. Suppose A hooks up with B and then posts an intimate picture taken during the encounter with the caption "Hottie I banged last night!". B may well be distressed by that, and A is almost certainly an asshole. But it's not revenge porn. What's missing is any clear evidence of maliciousness.
Some might say that kind of behavior is bad enough it still deserves to be punished, but I think the bar needs to be set higher to avoid catching people who really didn't mean any harm.
To be fair, these are the bitcoins from Silk Road itself. Further bitcoins (although not all of what DPR should have earned) were found on Ulbricht's computer. Those are being held, pending the outcome of his trial.
Re: The Rule Is....
What about the reverse? Starting a company with your significant other? It's not totally clear, but it sounds like that may be what happened here.
Aww, Dogecoin isn't really mentioned in the bill, only in the legislative analysis.
As I understand it that's what Diaspora set out to be. But I've never tried it though, so I don't know how well it accomplishes that goal.
Re: Really, El Reg?
Oh really? I guess I was mistaken. It certainly doesn't do that for every search, or even every name. I wonder how it works then. That does explain why it says "may have been removed" though.
I owe the author an apology. Although I still think the tone was a bit over the top.
Really, El Reg?
Normally I trust the Register to report things in an unbiased way (Except Orlowski, of course) but this is pretty sad. You make it sound like Google is either plastering a giant warning over their localized sites tying to push everyone to .com or have set up some kind of explicit click-through to evade blocked results. Neither is true.
The data protection removal notice only shows up when you do a search for someone who has been "forgotten", such as Mario Costeja-González. This is the same policy they use when search results are removed for other legal reasons, and it seems perfectly reasonable to me. And in this case they don't even disclose any details about the case like they do with copyright claims. Nor is there link to google.com on either the search result page or page explaining how they handle that law, only on the front page.
I just don't see any kind of "wink-wink nudge-nudge use the link for the good stuff" message here.
Re: cant this be solved
That's not a silly question, actually. Apparently it matters in Ontario. But as far as I've heard the US ruling doesn't require this. Obviously I prefer the rule that they always need a warrant, but it does make some sense that a supposed "incidental" search would have to have to stop upon encountering a lock.
Hang on a sec. Attempted to blow up a van he thought was full of explosives? This was another one of those FBi set-ups wasn't it? Why do they even need phone records for this?
Re: The obvious reason...
Why hasn't? It's just another free image host, but it was quite popular already.
Re: Not a feminist
As I understand it, the the campaign really is directed mainly at girls, i.e. female children and adolescents. Slightly confusing since the site features lots of pictures of women, not girls, but I think the idea is "you can do cool stuff like this when you grow up" or something.
The other problem is that even if it's a good idea, the only way to roll out a change in the Bitcoin protocol is to convince a majority of the minors to switch. But since mining is currently dominated by pools...
Re: @Wowfood - Don't quote me on this
I'm inclined to believe he really is that idiotic. The reason I believe it is that I've heard this weird confusion about the "deep web" before. He didn't actually use the words "deep web" but both hidden sites (such as those on Tor) and the vast amount of non-indexed data have been called that. They are not, of course, the same thing, but some people seem to think they are. House of Cards (US version) made practically the same mistake, except this guy took it an extra step by using "The Tor" as a synonym for "the deep web", rather than an example of it.
Re: More likely - 90% of TOR traffic is P2P
It would make more sense, but it's still almost certainly wrong. Tor is really pretty terrible for P2P. It doesn't support UDP which almost all the P2P programs use now. At least if we're talking about file sharing. Other types of peer-to-peer network (such as Bitcoin) might do better on Tor, but it's still hard to believe they make up 90% of it.
I was hoping it was Kali.
Still, it's good news. Maybe those guys from "Windows" who call me about once a month with a virus warning can get honest jobs now.
Re: It was inevitable when you really think about it.
In the same sense that Enron was "not great at accounting".
Re: Just an administrative task
Yes the prosecutors will need to get a conviction and with proof beyond a reasonable doubt they should and will get it. It just means more administrative work to imprison perps - which all of society ends up paying for. As long as the crims go to prison, it doesn't matter.
Trials are such a waste of time, right?
Re: Old Handle No sympathy.
The evidence was found on Spencer's computer, he was tried in a court of law and found guilty by a jury of his peers.
Alright it seems there are two separate charges. He was convicted of possession and acquitted of the more serious distribution charge. Each side wants reverse part of that. Oh, and there was no jury. So you're still wrong. But, I admit, less wrong than I first thought.
Re: mIRCat It's for your own good.
So you would prefer paedos don't get caught?
Oh quit it with that politically correct BS, you know that's not what this is about, and you aren't fooling anyone.
Re: No sympathy.
That Canadian 'civil liberty' groups got involved in trying to help this paedo get his conviction overturned is truly worrying.
I'm more worried that the evidence was NOT excluded, even though the court agreed it was obtained unconstitutionally. Since it's unthinkable that the actual police who made this mistake will be punished, letting him go may be the best way to ensure privacy is taken more seriously in the future.
They obviously just see setting such people free as the means justifying the end.
Uh, no. Protecting privacy is the end. Appealing cases of privacy violation whether the defendant is likable or not is the means. Setting the precedent is the important thing, not the individual case. CCLA regards this as a victory even though they didn't get the defendant off. Though I would imagine they share some of my concern that this outcome reflects a degree of wishy-washiness on the part of the court.
Oh, and by the way, Matt, you seem not to even know what the case is about. They are not trying to overturn a conviction. The state is trying to overturn an acquittal.
Re: Pound sign
It's also somewhat strange because in the US (and I assume Canada) the symbol is practically never called pound except on a telephone keypad. I'm trying to recall I've I ever actually seen it used to refer to the unit of weight. Maybe like once?
Re: Um, what?
Sending them to a "random" address as you say doesn't prove much, but sending them to something like 1USGovBitcoinDumpSayNo2DrugsSk3lMp would also be a valid method. Not that I can think of any reason they would really want to do that.
Reminds me of when I read that a maintenance menu could be accessed on soda vending machines by pressing--I think it was--the 1st, 3rd, 2nd and 4th drink selection buttons in that order. Not much of a security risk on that one, but it really worked on some of the older machines I tried it with.
Nope, I just checked (Wikipedia) and it showed Guy Fawkes, not Snowden.
Re: Depends what you mean by 'code'
Exactly. I think almost everyone would benefit from a little experience with scripting or macro type programing. Obviously most people will not be developing full fledged applications, much less working on OS kernels. But any time you find yourself thinking "I just wish I could tell the computer to..." chances are you can, using a script or macro. Especially if what you want to tell it is to do some repetitive task on a bunch of different files/lines/whatever.
OK, so I read the whitepaper or whatchamacallit, and some of the technical aspects went over my head, but I couldn't help but come away with the impression that the whole thing is very speculative, whereas Bitcoin was surprisingly solid right from the original published idea. This plan is definitely intriguing, but they've left out some key parts.
For instance they start out talking about a "trusted dealer", which if I understand right is the entity who wants their data backed up. But this kind of central authority clearly won't work in something intended to replace Bitcoin. They address this by saying that role will be filled by the network itself, which must mean, as this article says, that users would be able to nominate data to be stored, but details about how this would work were sorely lacking.
Also, in my opinion, to be useful, there needs to be some built in method of actually retrieving the data. It's all very well that it can be proved your business records are safely backed up, but when your office burns down you need to be able to actually get them back! It sounds like they're saying you would have to manually arrange this on the side, which is hardly convenient.
I as I understand proof of work (POW) would be replaced by proof of retrievability (POR). In other words you would mine coins by proving you currently have the data.
Worst Case Scenario
Someone in the metafilter thread linked to from comments on the previous article suggested a particularly grim possibility: That some fatal flaw has been discovered that renders existing TC volumes vulnerable. The developers therefore want to warn people to stop using it, but at the same time they don't dare point out the exact flaw since that would guarantee it gets exploited sooner rather than later.
That would somewhat explain their strange behavior, although if true I would have expected an ever stronger warning. In any case seems unlikely. It's not like TrueCrypt is based on some exotic poorly understood cypher, it uses AES, plus a couple other options. And the details of how it uses them are public and reasonably straightforward. So unless one of these well known cyphers is broken and the TC Team were the first people to notice, it's hard to imagine what kind of bug would be that catastrophic.
The constitution: A trivial legal matter.
There are some valid criticisms here (such at the platoon as barrier problem), but the green light thing is silly. All they're doing is emulating what human drivers typically do. In my experience people only very rarely actually start moving the instant the light changes. They might do it if they're in a big hurry or they want to get ahead of everyone else so the can change lanes. But normally attention starts wander and they could easily take a second to react to the green light.
Does the word BLOAT mean anything to you Mozilla?
Re: Bar Transport
True. You'd have to be drunk to trust Google with your life.
Shockwave still exists? Huh. I was under the impression it had essentially been rolled into flash. Why make to plug-ins that do almost the same thing?
You don't wanna LOSE your ass, do you?
Re: It would appear
No need for C4, just short the lithium battery.
Re: About http://xkcd.com/936
It's reasonably good advice. I think he underestimated the entropy of Tr0ub4dor&3 somewhat. And 1000 guesses per second scenario is kind of strange. But the basic point stand.
- Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
- 14 antivirus apps found to have security problems
- Feature Scotland's BIG question: Will independence cost me my broadband?
- Apple winks at parents: C'mon, get your kid a tweaked Macbook Pro
- FTC to mobile carriers: If you could stop text scammers being jerks that'd be just great