Re: In that case, I would like to register the name localhost
I would like to clarify this was only a joke. Some people are actually doing this, or something very similar: https://news.ycombinator.com/item?id=12198026
46 posts • joined 27 Apr 2015
I would like to register the dotless domain localhost, after my new company LocalHost, LLC. We plan to offer complementary MySQL hosting; in fact we will accept any user credentials you choose to submit, just to show you how generous we are.
I've heard about Open Government and all. Obama made it his core platform. His governance was precisely the opposite. As opposed to what Hillary says at the moment, what she has actually done in the past suggests she will not follow through with most of this, except for the part about loosening visa restrictions.
Maybe their concern is copyright violation. After all, it appears their accountants traditionally have just copied numbers from one spreadsheet into another before working with them, completely disregarding the hard work that went into the creation of those numbers. A good accountant creates new figures which aren't shamelessly derived from someone else's work.
The fact that it's international, that other national governments are involved in regulating (or preventing regulation), that banks are not necessarily trustworthy just because they're banks, and because there is an expectation that there will be a government rescue in the event of serious situation.
The usual first reaction I've seen in the last several incidents has been to demand a US government agency compensate banks for their losses, so it's clear they're focused on political solutions rather than technical solutions.
If Oracle takes the position that Google's use of their API's is invalid, then it calls into question why Oracle's HTTP client sends the same HTTP headers and sequencing as every other browser maker, without obtaining their permission to do so. I can take a wireshark result of what Oracle Java sends and what Chrome sends over the wire, and there are *multiple lines* of copied code on each request, duplicated seemingly verbatim. It's like their code is designed to steal intellectual property in an automated fashion, thousands of times a day. Not only that, but they copy the IP packet header structure implemented in literally thousands of other devices. And on and on.
That's not exactly true. For a single character, the guesser has a probability distribution over roughly 100 symbols. There are many more words in the English language, so the probability distribution is over a much larger set. It's certainly smaller that the set of permutations of all characters that make up the word, but it's bigger than a single character, by a lot. The human brain is better at remembering words than single characters, so why not leverage that? It's only a problem if you limit the length of passwords to a small number of characters (which some systems stupidly do) or you use a password quality check that only takes into account simple things like number and type of characters typed.
I think the point they're making here is that there are so many out-of-band ways of circumventing passwords now (due to the difficulty in remembering them), that fewer hackers are going to bother with brute-forcing hashes from a table dump, when they can just request your credit history and marketing report and use those to answer your "security questions".
Also, Bruce Schneier pointed out that if a hacker gains access to an account, they'll use it immediately for bad things, so the 90 day window doesn't help limit the damage, either.
The issue is that OpenJDK would have eventually replaced their proprietary VM given time, had they not taken steps to improve their behavior. The monetization of Java was always on the enterprise end (support and app servers). Trying to monetize client installs was a bad approach, especially with capable alternatives.
If only there was a way to connect networks together so applications on one network could share information with applications on another network. Since this is a novel problem no one has encountered before, the UK should set up a committee to examine the problem and develop a solution. That committee should be composed of experts in the field, such as James Cameron and Teresa May.
The no-fly list in the US did not require a criminal act in order to prevent boarding of a plane. If you made a similar case for all public transportation, you could severely restrict a person's movement in a country like the UK, without any commission of an actual crime. The government has to choose which they want: secret state-enemy lists, or access to analytics on all citizens private data. Having both is an Egypt-style dictatorship waiting to happen.
Their wireline business seems more costly because they transfer liabilities to the wireline side of their business via some creative accounting. LTE data speeds cannot be supported over copper backhaul. The wireline side of the business is required to make the wireless side function. What Verizon is trying to get rid of is POTS and other subscriber access facilities, because they compete with their wireless business. It isn't that wireline isn't profitable, its just that their profit is split between the two and they would rather just give everyone an LTE modem and charge $15 per GB for data while they squat on half their allocated spectrum.
Verizon stated up front that their rollout of broadband in the US is done. The only thing FCC has to decide is whether they will allow other providers to serve the market Verizon abandoned after getting their grant money.
Why is this not an attack on open-source licenses like GPL? The sentence plainly states that GPL licenses aren't legal. The author of the article said that interpretation is nonsense, but doesn't explain why. A plain reading of the sentence says that, unless it has been lifted out of context.
In the US we required these requests to go to a court also. However, what the surveillance service (NSA) did was request a wiretap on "Verizon", and made it essentially open-ended, to which the court agreed, saying that simply named a telecommunications company you want to tap is specific enough. They then automated the process of siphoning off records from the telco, arguing that it wasn't actually "collected" until someone typed something into a search box (meanwhile conducting neighbor analysis on the data in an unattended fashion). So when you say "warrant", and "specific person or IP address", you shouldn't be surprised when the person is "Mr. British Telecom" and the IP address is actually a set of subnet masks that cover the entire country.
If it was this quick to fix, chances were it was an old user account that had never been removed, or some other abuse of misconfiguration of permissions/accounts. I also think it's highly unlikely it just pertains to T-Mobile customers, but given that the news originated from T-Mobile, who for liability reasons cannot discuss any other parties.
If this were the first incident like this that I had read about recently, I would have given the LE's the benefit of the doubt. However, I read story after story about LE's going after kids who develop an interest in no-go topics such as chemistry, electronics, or rocketry. Last story I read was about a kid who was nearly killed by police because he had an amateur chemistry lab. The problem is that nearly any technology is dual-use in the sense that it can be used to injure people. It takes someone who understands what they're looking at to know the difference. Citizens over the past few years have been encouraged to "contact the authorities" if they see stuff that is suspicious. The implication is that the authorities who respond will have a better understanding of the threat. That simply isn't true when it comes to stuff like this, which is why see-something-say-something snitch campaigns result in these wild overreactions.
Actual terrorists use remote detonators. They don't put a giant LED clock on it like a James Bond thing from the 1960's. It's conceivable that they would want to confiscate it. What I don't understand was the reason he was arrested. And don't tell me they are keeping the reason for his arrest a secret to protect his privacy. They freaking sent out a letter to all the parents about the incident.
I frankly don't see how the FCC can execute its mission of analyzing the market impact of mergers (I.e., like the TW Comcast one) without knowing this information. The FCC should know this stuff already, at least for those companies which have requested big mergers of their broadband businesses. And if the FCC technically doesn't, the FCC board members, which are all lobbyists/CEOs of major telecoms, certainly do.
Actually what it does is ensure that the government is the only entity which can receive/triage information about vulnerabilities, which is the whole point. It takes self-defense out of the hands of people and makes it a national security policy issue. Why pay the market rate for vulnerability research when you can make the entire existing market illegal and make yourself the market? Then, when new vulnerabilities are discovered; you get exclusive access to all of them before the general public is aware of them. If your focus is to gain leverage on domestic industry, then it's a smart move. If your focus is national defense, then probably not, because nation states always find a way around export controls.
In a cyber war, like other forms of mutually assured destruction, it turns out the side that loses the most is the side with the most to lose. In IT, that's definitely the US. I'm not surprised at all that this happened. What surprised me, and what continues to surprise me, is that the President and Congress can't recognize the huge conflict of interest the NSA has when it comes to assisting with defense against malware. Any time NSA discovers a vulnerability in critical infrastructure, they face a choice: expose it to the developer and let it get fixed, or keep it a secret and hope you can exploit it against a future adversary. The choice is almost always the later, because they don't get rewarded for hacks NOT happening. The USG has intentionally crippled its own defenses, and is working hard on crippling defenses of private companies, through efforts like the new "cybersecurity" bill. This is the logical, natural result.
This is, I believe l, the most pressing problem with so-called cyberwarfare. States that are involved in it think it merely causes financial damage (I.e., lost productivity), and so routinely conduct attacks without the self reflection they would use prior to actual bombing or othet kinds of military offense. Network attacks are no longer no-harm-no-foul. IoT means network attacks have the potential to actually hurt or kill people if the designer of the malware mistakes a pacemaker or vehicle guidance system for a desktop PC and kills it over the wire. I worry that cyberwarfare, as it is called, will start an actual very deadly war entirely by accident.
In fact, you don't even need to be using a Google service, have a Google account, or be using the Google Chrome browser. Many browsers today implement a "safe browsing" feature where they use remote metrics to figure out whether a site is a malware site prior to visiting it. Guess whose checking service those browsers send their usage data to?
I did some testing and we verified that Google is using built-in browser "safe browsing" features in Firefox for user fingerprinting.
Their whole business is a vertical stack. The whole thing revolves around funneling business into Windows and Office. All of It lives or dies together. This is as much about risk management as long-term strategy; the platform lock-in might otherwise be the coffin their business is buried in.
Biting the hand that feeds IT © 1998–2019