America already suffers enough from incompetent leaders. Another learning moment. Many interesting thoughts, indeed. However, lacking a sufficient amount of expertise and knowledge I ll refrain from commenting on much of it e. economy, sociology. My widely agreeing with the relevant aspects of yours summary is very sad, too. My vote goes to Kid Rock. It comes down to the observation that most developers haven t even a proper understanding of their field and profession, and I do not even mean that technically.
We live in a highly complex world and abstraction and knowledge encapsulation are a major and frighteningly often not understood part of our profession. We do not need to know the registers of some controller and the involved mechanism. A driver does that for us; it abstracts and encapsulates knowledge. So, say, an OS developer can simply do things like write those bytes to the disk.
But he himself also abstracts and encapsulates knowledge, allowing application developers to not need to know how en detail the file system works; he can simply say OS, write those bytes to file a b c. And so on and so forth. Similarly an application developer needs not to know the innards of, say, aes. We humans are, well, human.
Which is very much different from processors. Plus, usually we developers work for other humans who do not even care about anything wrt. The accountant, the architect, the railway controller, they just want something done and important they express that something in their language and based on their thinking. As a consequence we are to be interpreters and transformer and doubly so.
First, we need to transform the clients task description into something we can work with; we need to translate it from his to our world. And then we need to transform our design of the solution into something the machine can digest and work with. So, our work starts on a very abstract and human level, often with a task described in another language and thought frame and ends with registers, addresses, and cpu ops. An added problem is the fact that phase 1 client sw people may or may not be verifiable.
While most would probably argue that it s quite simple for the client to see whether what he got is what he wanted, things often aren t that simple in reality. Example what client wants often changes during dialog as he learns about things he didn t know or think of. Other example No, client can not simply see what he gets as actually he usually just sees the effects of the software and not the mechanics.
Phase 2 seems to not even exist in many developers heads or is solved by a compiler linker run not puking and the software not evidently crashing. However, as many unpleasant cases and even desasters should have tought us, it s far more complex. In fact, I d submit that verifying that the code we produced actually corresponds to the often non existing specification is a major part of the task. Not having verified that the software works is but meaningless stuttering.
As for economical, social, or political aspects of what you wrote my belly largely agrees but I feel unqualified on much of it. Some factors, however, seem strikingly clear. One is the progressed very far stupidization of the people and the functionalizing them into obedient and mindless consumers and work bots who happily carry the fruits of their labour to some gadget shop to buy plunder and who seem to be quite content to enjoy some utterly meaningless freedoms. Another factor is the painfully evident rule of the 0.
1 who mercilessly abuse, plunder, and enslave anything and everything to get what they want which usually is simply more. One final remark as you happened to address it, too, albeit from another angle bloat. I fully agree with you and add that bloat as well as eternally bug ridden software in ever new versions are not considered as problems but rather as assets and desirables and even foundations by quite many in the 0. After all, both the corporations and the deep state insofar as there is a difference win.
I have never understood that in a country like the US where the right to protect your physical security with guns is even enshrined in the 2nd Amendment, so few care about their digital rights and security. And that is the point, the software industry needs to move from being artisanal to engineering. Now here s something we all can agree to. We all would like to see formal methods and formal verification resulting in fully tested and specified, standardised parts.
The only question is how we can possibly achieve that all while making it economically viable in the context of an industry that like most others is nothing but a race to the bottom. Personally, I don t think it s gonna happen until a 9 11-like cascaded infrastructure failure hits millions, causes unspeakable damage, sends a couple of big-wig tech CEO s to jail and has opportunistic politicians outbidding each other to come up with the most draconian piece of legislation to please their gullible electorate.
He can simply say encrypt those bytes using key xyz. And which still carries a major risk of turning the entire industry into a very closed bigcorp and government controlled environment. We ll let Thoth himself be the judge of that. When a guitarist can no longer perform on stage before he has become a technical virtuoso, then very few will remain. When guitars themselves can no longer be played until they have been formally vetted and certified for a particular purpose, few models will remain.
It s no different in software development. In one of my earlier post I explicitly acknowledged the mess we are in today and for the reasons you mention. Funnily you repeatedly ignore the festering abscess I mention. Whilst I concur with your thesis, I completely disagree with your absolutist view, your relentless bashing of those who at least try to mitigate the situation with whatever little means they have, as well as your utter disregard for the average Jane and Joe and the non-state actors they are up against.
So if my understanding is correct you are running a successful SMB that is selling highly secure software and services. May I then inquire into which commercially available products and services we are talking about. That makes you just another expensive hired gun. And no, a one-man company iqoption paga custom work for 3rd parties doesn t count.
And just how much of all of that is F OSS. Clive the software industry needs to move from being artisanal to engineering. you Now here s something we all can agree to. That is not what your posts to me suggest. When a guitarist can no longer perform on stage. a Why the switching to completely different images. Let s stay in the software field. Again I want higher standards and responsibility for certain sensitive areas not for any and all software. In fact, I would even be fine if hobbyists continued to fumble with their OS or ssl.
All I want is that there are clear standards that are binding for some usage scenarios and that there is a clear marking. in hospitals, airplanes, etc. The linux hobby group, for instance, could continue but their stuff would lack any professional acceptance and could not be used e. My impetus isn t driving hobbyists away from their favourite toys. It is to keep them out of certain sensitive areas.
your relentless bashing of those who at least try to mitigate the situation with whatever little means they have, as well as your utter disregard for the average Jane and Joe and the non-state actors they are up against. Depends on how you define mitigation. If here, take that lollipop and some aspirine is considered as mitigating aids or lung cancer you are right.
the diplomats whose email routed through tor was collected. As for Jane and Joe and non-state actors stop the bullshitting already. I m tired of your wanton coming up with made up allegations. Don t confuse your ideologically driven subjective perception of me with the reality. Which part of your game was played for decades and just look at the nightmare we re in.
do you fail to understand. OpenBSD has a great and smart team, plenty experience, and the right motivation yet there are 100s of potential vulnerabilities in it. C C java and no formal spec nor verification are two monstrous factors pretty much all of crappy software have in common. How much more obvious do you need it. Does it need to bite your nose or explode your dog for you to recognize it.
And while you talk about social and freedom how about the freedom not to be hacked and eavesdropped. this jogged my memory of the assassin mercenary drug-dealer whose story was linked here last year the name might be Paul Theroux. haven t seen a peep about it in the news in the interim. security is an adaptive system, not unlike other systems, having inputs and outputs, intermediate states, and failure modes.
Dynamics of medieval cities Understanding Society. Cities provide a good illustration of the ontology of the theory of assemblage link this is interesting lambert. Many forms of association, production, logistics, governance, and population processes came together from independent origins and with different causal properties. So one might imagine that unexpected dynamics of change are likely to be found in all urban settings.
This study presents a fascinating contemporary test of a thesis that iqoption paga surely have interested Pirenne almost a century ago did medieval cities develop spatially in ways that reflect a reasonable degree of freedom of choice among residents about where they lived and worked. And the data seem to confirm a yes for this question. Sounds better than Manhattan today. Or London in Sloan Square or Kensington particularly the Grenfell Tower area. Behavioral self-organization underlies the resilience of a coastal ecosystem Proceedings of the National Academy of Sciences.
Our paper provides clear experimental evidence that spatial self-organization profoundly increases the ability of ecosystems to persist in the face of disturbance. That s where the aliens set up their Interstellar Customs and Quarantine Station. Is There a Giant Planet Lurking Beyond Pluto. And I am tired of your name calling, belittlement, twisting of my words, inability to understand comparisons or metaphores, straw man arguments and refusal to give straight answers to perfectly valid questions.
I respect your knowledge and experience as an expert programmer, but I can easily understand why a growing number of visitors of this blog and even our host himself get irritated by your discussion style that ultimately demeans your entire point and even makes some think that you re a government agent. A number of people in the usa, in an apartment like setting are willing to share their individual wifi connectitions from their respective ISPs.
Their is some overlap of wifi signals from separate ISP accounts. The users aren t particuliarly tech savy and probably want to keep it simple stupid. For example, sort-of a mesh wifi network. One idea is to have 1 openwireless. org as the guest network name at various non-overlapping locations 2 in the vicinity of 1 s have neighbors choose SSIDs like bach.
org, stravinsky. org, or pet_name, author, artist, or other. org 3 thus users in an area could pick SSIDs based on signal strength or availability at the time rather than seeing just one openwireless. org SSID 4 it would be nice if people moving around with tablets, laptops, etc.in the area would have a relatively good experience getting their messages, mail, chats and other connectivity.
html 5 hope that eff. org or openwireless. org might consider getting involved in potential litigation if things came to that. Does having multiple ssid names, not just one guest ssid, sound like a reasonable idea. Feedback and other ideas would be appreciated. I know Bruce has written about this before. For example in his book Schneier on Security or in Wired magazine and I am curious what his thinking is now.
Figureitout Thanks for the link above. In a world where individuals in different countries routinely access the web from different open wifi SSIDs at least the surveillance states might have to work harder to collect it all and use it allespecially if VPNs, and tor, are going the way of dinosaurs. Regarding an Apple tor relay, I think it is iqoption paga not to use a TBB relay only; but the MacIntosh running the relay is available for word processing, non-torrified safari, VMs, and so on.
en normalusers may pass through the relay. In addition, regarding scummy, traffic from the four horseman of the apocalypsenot mentioned in the latter above link, may pass through the relay. AFAIK, you can t pick and choose your tor relay traffic easily. Regarding traffic shaping or tor traffic shaping and the like, does anybody have an opinion regarding if tor is a net positive for usa spooks, law enforcement, and the like.
Since presumably they use it, too, of course. For some other countries, because of traffic shaping and tor traffic shaping like issues, perhaps spooks, law enforcement and the like in other countries find tor in a less positive or net negative light. It can t be that hard to detect motion. It s relatively easy to detect movment in a certain range with a tuning fork gyroscope. But there are problems not least because it does not tell you what type of movment it is.
For instance I m sitting in a chair typing this, but because I suffer from muscular skeletal problems I fidgit when sitting down to ease the pain. Thus my phone is moving around in ways not disimilar to some one walking and typing. GPS can detect geographical displacment of more than ten meters or so, but only by integration. Thus the tuning fork gyroscopes are not upto the job of measuring geographical displacment as I mentioned before. The longer the integration the more accurate the measurment.
But that integration needs to be long thus slow to detect a person walking around in small circles outside a bar door etc. But again it takes a while to work out actual parambulation as opposed to other body movment like trying to move your head and sholders around in a noisy environment to find a lower noise null etc. Even if you overlap the info from the tunning fork gyros and GPS you will get both edge and corner cases.
All of which means the detection is going to have both false positives and negatives, or to put it in engeneering parlance it s going to be flaky. And the one thing that kills product in any kind of consumer review is the word flakey or any synonym for it. It triggers some primeval part of the brain and sends people heading for the trees. ab praeceptis, Clive Robinson, Thoth. From ab praeceptis c Moreover, using tor can wake up sleeping dogs, paint a target on your, and generally turn against you.
Thanks for your professional and skeptical opinions regarding tor. This may be the fly in the ointment regarding using tor. From Thoth Now that China and Russia have mandated that VPN and such surveillance circumvention tools including TOR as illegal, this will spread even further and the whole World would be affected which would include the once open and libre European countries and US which would likely follow suite.
Show me the code. Well, knock me over with a feather. in the UK is much much worse than I do expect. It is rather spooky that the dire privacy and personal security crisis dealt by Amber Rudd, Theresea May et. Amber Rudd argued that real people don t need or use end-to-end encryption. This is rather distorted. tyr Don t think I d really want that feature, the occasional lockups from false positives would lead me to want another phone.
I certainly fail to understand WHY software written by corporations is better That s not the argument, it s a pretty simple one, we live in a world run by money whether you like it or not. 1 Most people do their best work during normal working hours earning a paycheck to eat live2 Not having funds for basic necessities in technical industries, we need tools that cost will result in worse quality or even shutting down. Some of the bullying suicide encouragement comes to mind.
How to make E2EE chat apps relevant in the face of Governmwnt crackdowns. not the brightest bulb Yeah, it s also how people can behave when you can do say things w o anyone knowing it s you. Micro payment probably with some P2P setup Wechat style Bitcoins Altcoins transaction forwarding. Business communicator including corporate B2B messaging. Let s put aside high assurance stuff like data diodes and go with medium assurance first.
Mass Incident Response messaging system. 2FA over E2EE chat. One example is E2EE-OTP messaging. Subscription based notification and news agreggatiom over E2EE chat. Accounts reset code and links over E2EE chat. These are some ideas. It might seem yucky but this is the better way to keep E2EE chat being relied upon to prevent wreckless legislatures from destroying it. Chuck L Apparently the vulnerability has been fixed on the 2017 version of the device, but owners of earlier ones should heed this advice.
Amazon Echo can be turned into a spying device, security researchers reveal AndroidGuys. in order to successfully hack the speaker, a hacker would need to have physical access to it. So you might want to lock your Amazon Echo away when your computer wiz cousin comes over for a visit. the attack can be carried out by removing the Echo s rubber base to reveal 18 debug pads which can be used to easily debug the device.
US lawmakers are trying to fix the security nightmare that is the internet of things Business Insider David L. It s not fixable. For starters, manufacturers go out of business and there is no one to continue to be responsible for the device. And notice the article insisting we must submit to having spying devices. I m going to continue to buy stupid devices. From there, hackers would be able to boot directly into the firmware by attaching an SD card or install malware without leaving any actual physical traces.
In fact, given the tone of this article, enterprising readers with attics should stock up on non-IoT-infested devices anything that runs off electricity is expected to be chipped someday for their own use and perhaps future sale. Or you could figure out how to turn your entire home into a Faraday cage and engineer carveouts for select devices. Trump s new Air Force One planes could come from bankrupt Russian airline Guardian. From a JG4 link, I think. Jeremey Scahill and Alfred McCoy talk about empire.
McCoy argues that the 2003 invasion of Iraq was the beginning of the end of United States empire. McCoy is not some chicken little. He is a serious academic. And he has guts. Arundhati Roy s, 13 May 2003, address at Harlem s Riverside Church, which was delivered soon after President Bush landed on the aircraft carrier and announced all hostilities were over in Iraq. is called Instant-Mix Imperial Democracy, Buy One Get One Free. You might want to read it or listen to it.
uk v39 n15 andrew-bacevich the-greatest-person-then-living Today that problem has undergone a new twist. Trump has by and large handed the national security apparatus over to the generals. Now wearing three stars but still an active-duty army officer, McMaster occupies the post of national security adviser. Career military officers, active and retired, fill numerous positions on the National Security Council staff.
The defence secretary is a former four-star general. So, too, is the secretary of homeland security. Truman, I imagine, wouldn t have approved; it s possible MacArthur would feel vindicated. The rest of us watch with a mixture of curiosity and trepidation. Now another general is chief of staff at the white house. book_review Now another general is chief of staff at the white house.
should be Now the general who is chief of staff at the white house used to be secretary of homeland security. Sums it up and I enjoyed programming. programming is a delightful pastime in which you debug for hours only to discover the real problem is you can t read, and you can t count. catnip nerevarine direlog July 16, 2017. It is easy to expose users secret web habits, say researchers BBC. The pair obtained huge amounts of information about the browsing habits of three million German citizens from companies that gather clickstreams.
Via browser extensions. Perhaps Mr Page should do a Google search to refresh his memory. Empire is a machine, driven by greed, conflict of interest, amorality and hubris, that crushes bodies and souls to make money and power. it needs an update in light of adaptive system theory. Empire is an adaptive system, driven by positive and negative feedback terms, that crushes anything required to maximize entropy.
unfortunately it will crush your throat with Orwell s boot if that increases the entropic satisfaction of the insiders. it also crushes any rules that hinder maximization of entropy. Concurrency, Integrity, Availability pick any two. There should be a side-channel attack on Intel s Management Engine using a near-field antenna on the CPU package, and or memory and or data and address lines. The signals at the antenna are demodulated and fed to an artificial neural network, which uses feedback to recognize the difference between normal operation and subverted operation.
not so long ago, I posted this comment. Far from a working system, but perhaps a useful and reusable concept. html Rabbit ears are back. Antenna sales back on the rise as millennials are shocked to discover broadcast TV is FREE Daily Mail. UPDATED Siedle, Raimondo Critic, to be Awarded 48M in SEC Record Whistleblower Case GoLocalProv. Private equity sleaze. Steep fees call into question bitcoin s promise for the underbanked America Banker.
Our Famously Free Press. The Hacking Wars Are Going to Get Much Worse NYT. It s only a matter of time before a state s response to a cyberattack escalates into full-blown military conflict. And if I were looking for the mother of all self-licking ice cream cones, cyber, where attacks have attribution problems that are purported to be solved only by intelligence community technocrats working in secret, would be my ideal candidate.
Not that I m foily. Dumbo is a well-choosed name, in my humble opinion, for a tool that manipulates cameras and microphones. There is nothing surprising on this software, I would say, that requires SYSTEM privileges to work. That should be useful reading how handle it. all I noticed some of our respected bloggers I am guilty as well have dogmatic thinking on some issues. Dogmatic individuals hold confidently to their beliefs, even when experts disagree and evidence contradicts them.
Using Tech Tools to Do Data Reporting NYT. Oh, and video. I guess that s why the Times could axe 27 reporters and gut the copy desk; they re going to do everything with data. The idiot behind the idea is the NYT CEO who previoulsy was the Director General of the UK s BBC, where he decimated news and journalism to the point it was easy for the Rupert Murdoch runts to use it as a significant advantage in their desire to destroy the BBC and other UK broadcasters.
I would be unsuprised to find he was on the take from News International Fox etc in some way either directly now or on a promise for future lucrative benifit. But as you might know I ve been warning about his behaviour for some time now. Let s just say his stupidity perfidy is less becoming less covert these days. Slime Mold With Mustard August 3, 2017 2 24 PM.
Slime Mold With Mustard So does that mean wannacry was created by the USA IC. That would be mind boggling to me. Why shoot yourself in the foot instead of just patching the vulnerabilities before releasing it. I am never visiting def-con or the USA if that s how researchers are treated there. Slime Mold With Mustard. This is how the US Govt says Thank You to whitehat security researchers for stopping malware infection.
They depot, detain and coerce the target. The best way to do security research is not to do with a real name or a real identity and to use pseudo-nonymity which doesn t exist anyway. Maybe the best choice of action after discovering a means to stop a malware is to keep low and protect oneself. Honestly, the current climate is simply not conducive for publishing free and open security research due to the uncertainty of what might follow later on. It is best to figure something out and stay quiet.
The US and 5Eyes ICs are seemingly behind many strains ans types of malwares and who knows what you said might have a chance of being true. the original quote was a work of art, after it included greed, hubris, amorality and fear. Empire is a machine driven by feedback to crush everything in the path to entropy maximization doesn t have quite the same resonance.
eventually, the feedback terms destroy the machine, but not before it has maximized your entropy. the resulting high-entropy environment is a lot less nurturing than what went before. the afternoon news dump. html The Bezzle Billionaire investor Marks, who called the dotcom bubble, says bitcoin is a pyramid scheme CNBC. In my view, digital currencies are nothing but an unfounded fad or perhaps even a pyramid schemebased on a willingness to ascribe value to something that has little or none beyond what people will pay for it, Marks wrote in the investor letter Wednesday.
Two competing theories of value, there. The Bezzle A photo taken by VICE of a recent arrest in Brooklyn appears to indicate law enforcement has done more than come to terms with the existence of Uber and may in fact be using the company s logo as a disguise for undercover work Vice. The Bezzle Facebook shuts down AI after it invents its own creepy language Daily Dot.
This headline is the idea that propagated, but the lead is buried, and it s not a technical issue. Concentration This handful of companies Apple, Microsoft, Amazon, Facebook is writing the operating system for the new economy, said Brad Slingerlend, lead portfolio manager of Janus Henderson s global technology fund. The bigger companies are both able to collect data and use that data to build into adjacent businesses The New York Times. Regarding travelling to the 5Eyes territories, it is high on my black list of nations to travel to these days and they should well be high on the black list of any sane security researcher unless they are willing to gamble on not being kidnapped by these countries Govt and become one of the missing population.
Another contribution Moon of Alabama MoonofA. selectedwisdom propornot honorably lists my website as Ru propaganda. Big Brother Is Watching You Watch In China, internet censors are accidentally helping revive an invented Martian language Quartz. Request to add my Twitter account to your tool. intelwire gmfus 7 56 AM Aug 3, 2017 Class Warfare Infinite Peepshow Logic. The print version also includes The Mother of all Swipes by Marie Hicks. A working-class woman from East London invented computer dating more than half a century ago.
News of the Wired We have unrealistic expectations of a tech-driven future utopia Recode. I find the Jackpot perfectly plausible. SlimeMouldfurloin, Thoth. The UK Guardian Newspaper that Bruce used to wrote opinion pieces for, has a piece about Markus Huttchins, who was arrested by the FBI at the airport. Marcus is not saying anything and has claimed 5th amendment rights, let us hope he did it correctly because he had no representation according to the article and is due back in court today.
However the FBI are known to go overboard with foreigners who are briefly in the country remember the Russian researcher who revealed that Adobe app encryption was compleate crap. In essence the FBI MO is grab, scream, deny, blackmail and export the latter two to prevent the person from suing the FBI for damages etc. The FBI he wrote or is involved with the Kronos malware. A point that non US citizens should note, is that as far as we know the researcher Marcus Huttchins has not committed any crime, anywhere, let alone in the US.
On the assumption he did write some code that did get incorporated into Kronos. Firstly the code may not be exploit code ie attack vector or payload. Secondly malware writters are not exactly unknown for stealing every bit of code they can from other places. Even the US Israeli IC s do this, as have corporations like Sony and many many more. Likewise a very large number of everyday code cutters cut-n-pastes from any place they can find on the Internet.
And let s be honest the FBI have a bad iqoption paga of trying to prosecute foreigners to points way way beyond that they would do to US citizens because as far as they are concerned there are no downsides to doing so. Because few US citizens will care about foreigners in trouble so no newsworthy protests, and if they can not find anything that will work in a court they keep threatening you will die in prison then do a deal to get the person out of the country never to be alowed back to fight for their rights etc.
It s an age old process that any criminal defence lawyer will tell you about, it s called Rights Stripping. We ve seen it with the witholding of evidence such thst the DoJ can claim that a person Has no standing and the court kicks the case out. Oh and as has been shown the FBI are not above a little manufacturing of crime, which most would call Deliberate Entrapment or worse. Likewise as has been discussed here often the cyber legislation is realy realy badly written and of such wide scope to the point you could be convicted reading the screen of an unattended computer like an ATM or advertising hording facing onto a public walkway.
So we will have to see how this plays out. But as I ve said befor my name has been associated with a DMCA takedown, thus as far as I m now concerned the US is off of my travel itinerary even for flight changes. GRSecurity sue Linux Personality for defamation. Bruce Perens seen as a Linux Personality by many made various comments on his blog about GRSecurity and the method they have decided to use to protect their IP from certain well known software houses.
GRSecurity has decided that enough is enough and that Bruce Perens should stop presenting factual misrepresentation and thus defamation and restriction of trade as protected speech. At the heart of this is the GPLv2 terms and conditions. Which is going to get a mauling in the defemation case irrespective of what others would hope. Put simply if you put any example or other source code up on the internet some one is going to borrow it usually without credit or payment etc etc.
Which means this case is going to make this case interesting to a lot of people. Also it brings another case into court that will probably end up effecting how free speech is seen in future. Rather more than did the SCO-v-Linux case 2. It will also almost certainly effect how published sample, for education and POC source code is seen which has unfortunatly become an increasing mainstay of how code cutters maintain productivity levels.
Which means many corporates are goingvto take a close interest 2. Contrary to what some may think this is rather more than a nuisance case, it has real IP issues at heart and could become a real slugging match. In essence GRSecurity and many others do not hold Linus and his behaviour with regards Linux Kernel code very highly 1. Therefore GRSecurity have developed quite a large amount of IP with regards the Kernel and the toolchain used to build it, which they have assembled into patches.
Whilst Linus in his usual foolish way spouts of short invective at GRSecurity which is seen by most as Linus s way Bruce Perens is usually a lot more circumspect. However Bruce has made statments about the GPLv2 he has presented as fact, which he appears to be not qualified to say Thus GRSecurity s claim. 1 In fact Linus s competence with regards to security has been called into question in the past over the random generator and he had to grudgingly backdown.
2 I wonder if Microsoft will give financial assistance as they did to SCO some years back. Auz claims major terrorist plot foiled. In todays news is that Australia has foiled a sophisticated aircraft bombing attack by a Islamic State linked terrorist using parts imported from Turkey. Apparently the suspects having received the parts did not procead with the plan. Which appears lucky because inteligence and raids did not happen till after the original planed dates. There are a bunch of other odd statments as well.
Is it just me or have other peopke noticed that many of these supposedly foiled plots occur in the 5eyes nations implementing the most draconian privacy invasion yet seen. FBI style create a terrorist entrapment. It s interesting to see Turkey being fingered, they would have been on the US 5h1t list for MSM sound bites like North Korea, Iran, China and currently Russia if they had not scored bonus pixie points by shooting down a Russian aircraft involved with supporting the Syrian Regime case of my enemies enemy.
Oh international politics is a fun game. Cause and effect. this has a little more resonance, but I miss the greed, hubris, amorality and fear. Empire is an unstoppable machine driven by entropy maximization to crush everything in its path. I forgot yesterday to tie adaptive systems back to OODA. the problem with all of these systems, including the FBI which is an empire within empirethe sickcare-financial cartel, and scammers is a that they are adaptive systems, at least until they fail to adapt to new environmental conditions, b the feedback mechanisms cause these systems to optimize revenue, c the the systems have hidden feedback terms and paths to enrich the insiders.
we have touched on how these systems use active disinformation campaigns to enhance achievement of ab and c. the military-industrial complex is a fine example, where overselling the cold war and the missile gap led to billions of dollars of private profits, back when a billion here and a billion there was real money. I assume that people much smarter than I am already have applied these concepts to computer security. If not, this is a ripe area. I ve mentioned before that living systems are adaptive with different timescales of adaptation for genetics, epigenetics, enzyme-substrate feedback, and reflex, which is even faster than intelligence.
what OODA doesn t capture is the adaptation step, where the feedback terms matrices and or tensors are set up and adjusted over time. in biology, that is variously called evolution, where death is the sculptor of life, and training, where the features of the environment are internalized. some or most of the matrix terms are preset, which can be called instinct. for example, children born into poverty and violence have an epigenetic predisposition to violence, which is quite healthy from an estimation theory point of view.
another nice example of adaptation is innoculation against viruses. the concept carries over more or less cleanly from biology to computer security. we can think of OODA as being a set of matrices or tensors, that sequentially project orthogonal basis terms principal factors out of the appropriate data sets. It s also quite common for malware research example like Proof of Concept POC code to get circulated and copied.
empires do these steps automatically, but adaptive computer security systems have to use a mix of experience and prediction. the observations are some kind of sensor inputs, which could include the side-channels, network traffic, etc. the orientation step generally includes some knowledge of the past, so as to be able to make sense of the observations and the information projected out of the sensor data. the decide-act steps should apply some cost benefit and estimation theory to the state generated by the previous two matrix or tensor multiplications.
there was a good article yesterday at NakedCapitalism about how the scammers operate and how they are constantly probing for cognitive flaws. of the machine. in a computer, it is parameters, addresses, algorithms, etc. that are altered in response to environmental inputs. if the system is designed for security and robust function, the CPU resources could be throttled to processes that are not critical.
submachines could be reset to known states. in robotics, the act step generally would use actuators to change the position, velocity, etc. Bitcoin split is a flop so far Reuters Li. What Einstein s Brain Tells Us About Intelligence, According to the Scientist Who Studied It Inc David L. Leaked Photos Link Corbyn To Known International Terrorist Waterford Whisper News PlutoniumKun. Russia Sanctions and The Coming Crackdown on Americans Ron Paul Institute.
How the CIA Came to Doubt the Official Story of JFK s Murder Politico David L. Thoth, Slime Mold With Mustard, furloin. Without questioning the less than friendly disposition of the USG towards security researchers, what I understand from the article is that Marcus Hutchins was arrested on conspiracy 18 USC 371CFAA 18 USC 1030 and ECPA 18 USC 2511-2512 related charges for his alleged involvement in the creation of the Kronos banking malware, not for his work on WannaCry.
the cyber legislation is realy realy badly written and of such wide scope to the point you could be convicted reading the screen of an unattended computer like an ATM. Despite eight amendments, its core remains untouched and all attempts to modify it like Aaron s Law went exactly nowhere. In practice, it means that any security researcher who for whatever reason has provoked the ire of either the US IC or a corporate entity can be arrested at any time when entering the US, either on real or bogus charges, and that it is thus not in their best interest to even consider attending conferences like Black Hat or Defcon.
In its current form it is overly broad and can easily be used to jail any minor offender or even legitimate security researcher for decades, or, as in the case of Aaron Swartz, prosecute them into suicide. The Software and Information Industry Association SIIAcounting among its members Oracle, IBM, Red Hat and Google, is one of the strongest opponents to any change.
Especially those with something to hide. The NSA knows what you did last summer. The way I read the indictment, it s less about GPLv2 than it is about defamation, i. The 1986 CFAA is an amendment to the Comprehensive Crime Control Act of 1984, predates the internet and was a direct result of the cult movie War Games. making false statements with the intent to hurt GRSecurity. After FARC disarmament, Colombia is delivered entirely to paramilitary branches of ruthless corporations failed evolution.
This is an obvious attempt to silence Perens, whom I personally think is correct about the heart of the matter and has also explicitly stated in his posts that he is not a lawyer, merely a technologist with an interest in IP related matters. Which makes GRSecurity s argument rather moot. I do kinda like the statement of their lawyers No court of law has ever established that a statement implying a false assertion of fact is constitutionally protected speech, and we intend to hold Mr Perens accountable to the fullest extent permitted by law.
This is factually incorrect and would put entities like Fox News or current POTUS in a world of legal troubles. Addendum to GRSecurity. In the US, lying is protected speech, as per the 2012 SCOTUS ruling in United States v. It would appear GRSecurity s lawyers somehow must have missed that. GRSecurity Strategic Lawsuit Against Public Participation August 4, 2017 8 18 AM. People here are confusing copyright with defamation.
This is a defamation lawsuit, not a copyright infringement lawsuit. The only thing that will be litigated is whether Mr. Perens has a right to express his opinion. If expressing an opinion about a legal matter was defamation, then all complaints in lawsuits would be defamation too. The complaint in this lawsuit just can t win. So, you will not learn whether Grsecurity had a right to do what they are doing from this suit.
This suit will only determine that Mr. That is a copyright matter and just can t be litigated in a defamation lawsuit. Perens had a right to make his statement. This is obviously a matter for the SLAPP law, which prevents deep-pockets entities from bringing spurious defamation lawsuits just to keep someone from expressing their opinion publicly. This sort of case is literally why the SLAPP law was made. Peren s legal expenses. Note that Perens is using a world-class law firm that can handle any sort of issue, and a lead attorney who wrote a book about Open Source licensing.
In contrast, Open Source Security Inc. is using a one-man law firm and all of their online reviews are about their patent filings. It sounds like Mr. Patent Attorney might have been naive to file this case, and his customer ill-advised. Open Source Security Inc. joins the list of litigious turkeys. From Wikipedia The typical SLAPP plaintiff does not normally expect to win the lawsuit. The plaintiff s goals are accomplished if the defendant succumbs to fear, intimidation, mounting legal costs or simple exhaustion and abandons the criticism.
Thus, it s obvious that Peren s law firm will make a SLAPP filing next, which will mean a swift conclusion to the case, and Open Source Security, Inc. will end up having to pay all of Mr. In some cases, repeated frivolous litigation against a defendant may raise the cost of directors and officers liability insurance for that party, interfering with an organization s ability to operate. A SLAPP is often preceded by a legal threat. 2 A SLAPP may also intimidate others from participating in the debate.
Let s just sit down and think about that for a moment. grsecurity s defense, if I got that right, pretty much comes down to the gpl can t and doesn t make claims into the future. That s pretty weird. grsecurity has a clause that says that customers who distribute payed for grsec. stuff to others will not get any more patchsets future. A rather weird position and a rather questionable one because, once a customer is blocked it s not future but current reality. What really made me LOL is this grsec.
puts their stuff under gpl, too. In other words We see a case of gpl infighting. I remember well when many years ago perens was a major force in getting printer manufacturers to create linux drivers, too, or to at least provide the necessary information for linux people to write those drivers. So, perens formertimes did good things for foss.
The other point I find noteworthy in that case is that bruce perens in a way embodies what the gpl opponents frequently and rightly assert, namely that first the gpl comes all friendly and honeymoon but once you are in the trap they show their dictatorial face. Correction NSA knows what you ll do next summer, and which 0. Have an open mind. 0005 star resort you ll reside in after detention. Truth of the matter is they have the technology.
I m sick and tired of all these closed-minded people that label facts as Conspiracy theory. Conspiracy, my ankle. A tale of crypto implementation woe. As many readers here know. Never write your own crpto. Have a read of the following to see why. GRSecurity Strategic Lawsuit Against Public Participation, Clive. This is obviously a matter for the SLAPP law. California Code of Civil Procedure 425. 16 provides excellent and inexpensive means to kill this thing dead in the water, especially because their lawyer s seem s to be about as clueless as a Thomson s gazelle asking a pack of lions for directions.
It would indeed be the obvious strategy for the defense to pursue since the case has apparently been filed in San Francisco. GRSecurity s statement that their agreement only applies to future patches is a not even thinly disguised legal trick to work around GPLv2 s Section 6, and which every judge worth his salt would acknowledge as such even if the suit were about copy infringement, and which it is not.
The recent Neymar transfer to PSG comes to mind, and which is a similar piece of legal but immoral high tech to work around La Liga and UEFA fair play rules. NSA knows what you ll do next summer, and which 0. org which ignorant user near you do you want to rob today. Currently a huge thing in Belgium that has Romanian, Bulgarian and Polish burglar gangs working overtime.
Disclaimer I have no idea what undisclosed evidence the FBI has on Marcus Hutchins MalwareTechand I m not speaking from deep experience here, so I m aware I may be drawing some naïve conclusions. In contrast, it seems that they have little to hold against Marcus himself. Reading the indictment it appears that the US government is making some specific and detailed charges against the unnamed co-defendant.
They assert that he wrote and updated Kronos, but they don t reveal any evidence for those assertions. The grand jury must have been given something to substantiate the charge, but the indictment gives no hint of what this was. This is in contrast to the allegations that the co-defendant took some very specific and provable actions. Writing at the Volokh Conspiracy, Orin Kerr takes apart what those charges mean and in a lawyerly way casts a lot of doubt on whether someone who writes a software tool is culpable for actions taken by someone who bought that tool.
But that analysis kinda pre-supposes that Marcus did actually write some portion of Kronos, which I don t currently see any evidence for. That request seems a 100 legal, b totally consistent with being a researcher fascinated with taking apart malware, which is what Marcus has said in various interviews, and c to make no sense for someone who was actually a developer behind Kronos. The clearest link between Marcus and Kronos that anyone has come across is this July 13, 2014 Twitter post where he asks for a sample.
I ve read people saying but maybe he was laying a trail of disinformation and that just sounds like an implausible movie plot. For comparison, here s a post on Kronos from IBM s Security Intelligence blog two days earlier than Marcus s request that acknowledges that researchers working for IBM s Trusteer counter-fraud team are also seeking a sample of Kronos. Assuming the latter for the moment, it s possible that the identification of Marcus as the creator of Kronos was provided by this other defendant.
As others have noted, the fact that the co-defendant s name has been redacted suggests either that the FBI does not have the defendant in custody, or that the defendant has decided to provide details to investigators. Returning to my disclaimer, we don t know whether investigators have more compelling evidence that points directly to Marcus. Maybe they can demonstrate that Marcus authored Kronos or some part of it. It s certainly plausible that this defendant, who allegedly marketed and sold Kronos, had his own reasons to falsely name a security researcher as the creator.
If so, then the case is in the realm of Orin Kerr s arguments about culpability for authoring a software tool. But at this point it s entirely plausible that the indictment is based on some wild assumptions. You should remember Terry Pratchett s observation on that. If that turns out to be true, it raises important questions about the freedom of security researchers to do their jobs without laying themselves open to serious criminal charges.
The problem with having an open mind is, people will insist on coming along and filling it with all sorts of rubbish. That s about what the GPLv2 might or might not say after appropriate consideration. But is not what the case is about. GRSecurity is claiming that Bruce Perens has made non factual statments, and included GRSecurity in them in a way that has caused them quantifiable harm. As for it being a SLAPP I d wait and see what Bruce Peren s legal representitive does, then what the judge has to say.
Bruce Peren s has frequently been seen as the reasonable moderate voice but in this case he has behaved at varience to that. The judge may decide the case has merit in which case an anti-SLAPP motion if made will have failed. That alone should make peoples eyebrows raise. Especially when other companies are clearly breaching GPLv2 and GRSecurity is being harmed by this.
As for the future argument it is novel and actually reasonable. Put simply it says that anyone who pays GRSecurity for their work so far has certain rights, but those rights do not extend to furure work from GRSecurity. It s a bit like a farmer saying you can buy my crops this year and give them away if you wish, but that does not entitle you to my future crops or to give them away.
Bong-Smoking Primitive Monkey-Brained Spook August 4, 2017 1 26 PM. The good news is it s now closed. I once had an open mind. Problem is it s full of all sorts of rubbish. Content-based restrictions on speech are generally presumed to be invalid, although there are exceptions to that rule for certain categories of speech, e. defamation, fraud, and obscenity. Makes total sense. Whereas plaintiff can indeed claim legally cognizable harmthe mitigating factor unless proven otherwise is the absence of intent to defraud or secure moneys.
The fact that plaintiff has to resort to a quite novel argument that may or may not stand in court in itself shows that the heart of the matter is very much open for debate, thus lacks any standing to be called a factual lieeven more so because Perens explicitly said that he was not a lawyer and his assertion merely an opinion, not a proven fact. Whether or not GPLv2 applies isn t the issue, it is whether or not Bruce Perens had the right to voice his opinion and whether or not he told factual and deliberate lies with the intent to harm GRSecurity.
Whilst I am not denying that GRSecurity has been treated in an outrageous way both by Linus and others that have made significant profits on their back, this brutal attempt to hit back at Perens is not gonna get them sympathy anywhere. If I were them, I d drop the case, hire another lawyer and sue the Linux Foundation over their interpretation of GPLv2 as applicable to their IMO quite valuable kernel security patches. Meanwhile, it is indeed a SLAPP. Only when, and if proven right over the heart of the matter will they have any legal standing to bring on a defamation suit against anyone still claiming the contrary.
I wonder what happens if Turkey gets pissed off with NATO and EU and flips side to fully and openly ally with Russia and China. If I were GRSecurityI d drop the case, hire another lawyer and sue the Linux Foundation over their interpretation of GPLv2 as applicable to their IMO quite valuable kernel security patches. The Linux Foundation would be correct in that assessment, given that GRSecurity has licensed their patches under GPLv2.
Will steganography go the same way as encryption and be unlawfully outlawed by war mongering greedy politicos who have no care about mathematics. It also puts them on both sides of the Turks. The Turks didn t seem too pleased with the interlocks of weapons systems so decided to buy Russian air defence system. 0 that should not have been a surprise. Considering all the noisy rhetoric about Reconquista 2. You can see the same effects in North Korea.
MacArthur was fired for his desire to nuke the north in 1953 and they have iqoption paga operating under the assumption it is the USAs long term plans for them. The trouble with conspiracy theory is they usually turn out to be real. Snowden being the latest confirmation. Not a week goes by that some crooked bank swindle is exposed to view. I had high hopes for my cellphoney cure. I m surprised no one has noticed that the Rus now have a warm water port on the Med coast.
I find my cynicism and sense of humour the way to compensate for the rubbish I ve been peddled over the years. Apoplexy might be a result of taking things too seriously. The existence of a Russian naval facility in the Syrian port of Tartus طرطوس seems to have come up repeatedlyeven in mass mediaover the past couple of years now. Re Firefox Send. The best way to implement a self-destruct file transfer or data transfer is to use a tamper resistant secure hardware with a reliable timestamp bit as per usual, this is a lot of overheads and lots to trust anyway.
What s with your formatting, man. Are you using Edlin to compose your posts. I can t copy them properly, either. Quite an interesting creature. Are you gonna tell me or do I have to analyze it in a hex editor. They say there is no smoke without fire. Labeling is an easy way out for those who can t engage in an intellectual discussion. Usually in the context of some kind of obscure armed conflict nearby and reasons for Russian involvement in same.
Really fascinating read. So perhaps this creature came to earth on meteor or some other mode of transportation I don t know what to make of it except that there exists several paths of evolution. Creaturehuh. This was the strangest for me Why is ctenophore pronounced ten-o-for or teen-o-for. You and me both. You should have used the Phoenician alphabet instead of the Arabic one.
Reason They d probably love to but unlike encryption it s in the nature of steganography that it s hard to detect. To make it worse one could transmit encrypted data. Keep in mind that good encryption creates data material that is indistinguishable from random. random noising the whole carrier as opposed to only the part containing sg.
content it would be extremely hard for a prosecutor to win his case in court. So the Bong is not realy a bong but an industrial grade incinerator. Which means we woukd have to call you. Mind Incinerating primate savant MIPS. Bong-Smoking Primitive Monkey-Brained Spook MIPS equipped August 5, 2017 3 45 AM. Two levels of indirection better than one itchy foot covering. I ll use MIPS equipped when I say something particularly savantish like our friend of late horn equipped did.
Turkey has indirectly allied it s self with China by alowing ISIS oil to be shipped through Turkey. As China and Russia have much warmer relations these days than they have done in the past, it may be a case of My friends friend. However they did as far as we know shoot down a Russian military iqoption paga that was engaged in actions in Syria possibly against the Kurds, which the current Turkish leadership hates, so there is a puzzel to contemplate. Yes but for less obvious reasons.
You have to start by differentiating codes and ciphers. Properly applied e. It s the latter that tend to use mathmatics in their use not the former. Further codes are not one to one in their mapping or sizes which is why they are much more broadly usefull and are found in both compression, and error correction. One use of codes is in One Time Phrases. These saw use during WWII with the BBC transmitting Now for some messages for our friends.
The enemy hears the messages but can not ascribe meaning to them. Further to reduce the chance of analysis you always send the same number of messages each time thus there are meaningless phrases transmitted as well. You pick a harmless set of phrases more or less at random such as The cat sat on the matThe dog chased it s tail, The frog hoppedThe bird sang etc to these you give one off meanings such as Attack target Ameet at point x etc.
The advantage as far as the authorities are concerned is that they can use such a banning law to imprisson people they do not like. Because of the duality of logic, if they can not prove a message is hidden in a text, you can not prove there is not a message hidden in the text. The difference is that the phrases have to sound natural within the rest of the letter or phone call.
Coments:25.02.2020 : 09:32 Samutaur:
Bis zu iqoption paga Tage ohne CGM-Kopplung, bis zu 5 Tage iqoption paga CGM. Micro-Delivery Technologie, Basal-IQ Technologie.
28.02.2020 : 14:32 Vunris:
Ampamp Fenster der Konsole.