2603 posts • joined 22 Jun 2009
So, no hope for the middle lanes then. On a side note, I find it amazing the number of people ready to fire up their fav blog to vehemently defend their perceived right to not let their wheels touch the left lane (that they insist is the "slow lane"; apparently it's forbidden to drive there above 50mph in their twisted world). It's a deadly shame to be seen on the "slow" lane. You must absolutely avoid it a all cost. Even if the road is otherwise completely empty you must stay on the center lane or be seen as "slow"; perhaps "they" will even think you're lacking in the manly appendage department.
And these people are not even all driving beemers!
@ Graham Marsden
I agree with you completely. On the other hand, most people don't stop to have a nap at a service area. They never did, and never will. They grab a coffee and think it'll keep them awake 'till the end of their journey (it rarely does). We're talking about the same kind of people who ignore the red Xs completely because they lost 5 minutes once. These people only realise that they can't keep awake after they've begun snoring. In that case it is better to stop at once rather than sleep-driving another 50 miles for a service area.
Or are you advocating that people who actually fall asleep on the wheel should carry on driving at all cost untill they find a service area (or die trying?).
There's illegal-grade stupid, and then there's 10-dead-in-a-gruesome-accident stupid. Putting them on the same level as you do is bordering on dangerous. Of course I don't dispute that if you feel drowsy you should have a nap somewhere "legal", preferably before you even began your journey.
Re: @ElReg!comments!Pierre - Genuine reason.
"If someone is feeling sleepy, they should pull off at the next junction or service area and stop and get some sleep."
I totally agree. On the other hand, the real world called. They said "people who feel sleepy just drink a coffee and think it'll pass". Unfortunate undoubtedly, but hey, who am I to argue against facts?
"Doing it on the Hard Shoulder is not only illegal, but stupid because[...]"
Sleeping on the wheel at 130 km/h is also illegal and stupid but it still happens all the time. I'd prefer if it happened at 0km/h on the hard shoulder instead. It's still illegal but a tiny tiny bit less stupid. I sincerely hope no-one needs me to explain why.
Re: Genuine reason.
Honestly, speaking about legit reasons, "felt like taking a nap" strikes me as the typical illegal-but-somewhat-legit one. I hope the guy got off with a slap on the wrist. I agree that you SHOULD not hit the road when you're too drowsy to drive, but given the choice I'd rather drive on a highway where people stop on the hard shoulder to take a nap than on one where they do not stop to take a nap.
It happens all too often that the car you're about to pass drifts in your lane only to promptly go back as the driver wakes up. If you think it's stressful in a car, try it on a motorcycle (before the bikers among you ask, yes I do know where the gas throttle is. But I'm a law-abiding citizen, I wouldn't want to break the speed limit).
Re: Risky Business
I was playing with the thought myself and I came to the conclusion that the actual services being unmasked did not matter (after all you could just set up your own hidden service and unmask that; which is most probably what they did).
My opinion (and I'm wrong at least as often as every other guy on the net) is that it's either
-a technical liability (whoever you unmask, you're still "bypassing technical measures yadda yadda yadda", HACKER YOU, thanks RIAA/MPAA/DOD/whoever)
-or gov. agencies using the same techniques who don't want them publicly demonstrated as it would make it easier to implement a workaround
(-or both of the above of course)
Re: What you're accused of...
What you're accused of... is the same as what others have been prosecuted of.
You seem to be very confused about how TOR works. You are probably referring to the case of the Autrian exit node operator from a few weeks ago; it is not even distantly related to what is discussed here.
As a primer, what happend in Austria was that someone accessed child pornography material on the web (possibly a police honeypot) through TOR; in a nutshell they sent an encrypted request to a nearby node, which forwarded it to another node with an added layer of encryption, and another, and another, and finally to the Autrian exit node which forwarded the request -in clear- to the honeypot, making it look like the request originated from the Austrian exit node. There was no tracking involved, someone just wrote down the IP adress on a post-it and sent a request to the corresponding ISP.
Here we are talking about "hidden services" in TOR parlance, which are servers accessible only through the TOR network, no "regular" unencrypted internet involved. The methods discussed are not aimed at examining content but at associating a "real-world" IP with a TOR node ID; possibly because it is serving illegal content, possibly to bring as many nodes as possible offline to disrupt the network, possibly in a bid to compromise or otherwise take over as many nodes as possible for whatever reason ("circle" infiltration, plain regular fishing trip, ...), possibly just to map the network and add TOR node operators to the watchlist.
Re: Do you really think you can hide?
So the reason for tracking isn't the content?
Not necessarily. These days anyone using encryption in a way or another goes on the NSA's "interest" list, regardless of the content they receive or send. Some people use TOR just to avoid being tracked while browsing for legal but perhaps embarrassing content; others use is just for the heck of it. Others use it because they think it is important to keep such networks alive just in case something goes horribly wrong with the 'tarwebs regulation (à la Great Firewall of China). And probably many many more reasons.
Prove that a snapshot of all the content being transmitted through TOR right now isn't mainly comprised of compromising material and I'll fight your corner with you. You won't do that though will you.
No I won't, because I don't have the technical ability to take a snapshot of all the content transmitted through TOR, because even if I could take the snapshot I would not have the technical ability to decrypt it, and also because I could not possibly care less.
That's the problem. Innocent until proven guilty only works if you can't be proved guilty. Right now you don't have an alibi for anything that might be found to be incriminating. It's a fair cop. Accusations have been made but you're not throwing up any arguments to discredit them are you?
What The Almighty Fucking Fuck are your talking about? What am I accused of that I don't have an alibi for?
> if there is an easily 'sploitable flaw
My understanding is that it's no easily exploitable flaw but a long-known design weakness which originates from the fact it uses TCP-IP, and hence each node knows the IP adress of its "adjacent" nodes in the chain. With enough time and control over enough nodes, you can slowly home in on anyone who is continuously on the network (that would be most hidden services) "just" by recouping hops. The counter-measures such as forced latency etc are only partially effective. I think there may be a way to force the traffic through other nodes under your control which would speed up things considerably (there is for sure a way to _avoid_ routing the same packets through several nodes that you control).
Re: Do you really think you can hide?
"I don't use TOR because I don't download illegal content and don't need to look at "CP" Isn't that the basic assumption behind the reason for anyone using it?"
Daily Mail logic spotted. You have curtains on your windows and a lock on the bog's door, hence you have a meth lab in your bedroom and you rape kids in the john everyday.
"Sure, the stuff within the network is encrypted"
That doesn't prevent tracking, which is the issue discussed here. The content is not a concern.
"as soon as you convert that picture/mp3/data back into some form of recognisable file format to view it once it's left the exit node then it becomes fair game doesn't it?"
That's wrong on soooo many levels!
-The exit node is the one far away from you, not the one sending you the content directly. That would be the entry node.
-The entry node has your IP but doesn't send you the content in clear form, the final decryption step is performed on the target machine (i.e. your machine).
-In the context of hidden services (which is what is discussed here), there is no exit node. Everything originates from, and stays on the TOR network. As a corollary, everything is ecrypted at all times. Which is not the concern here anyway, we're talking tracking not content.
Re: So not just insecure to the Chinese..
To be fair my installs still state that TOR is experimental, not fully tested and DO NOT RELY ON IT FOR STRONG ANONYMITY. At each startup.
So, nothing to complain about really. Both the implementation and the design benefit from disclosure of this kind of vulnerabilities.
Of course there's the unavoidable fact that anyone with fat enough pipes and enough servers*, given enough time, will eventually be able to home in on you. That's true for anything that relies on wired, machine-to-machine networks; TOR only makes it much harder than on a centralized network. The only way to get around that would be a broadcast model, with machines listening to the whole of the traffic but only being able to read what they have the decryption key for (a bit like how crypto mail works on Usenet). Really doing it by radio broadcast would be safer than Usenet though. And usable for synchronous activity such as web browsing.
* they can be virtual ones, hence the "handful of powerful servers" cited here: probably used to host thousands of virtual ones.
Re: good data is valuable
I had deleted my post as it made me look like a pontificating prick, but it's in accordance with what you say so I'll retrieve from the "Withdrawn" bin:
"Yes, vague words are meaningless
Data is worth exactly what you can sell it for; much as anything else really. There's no reason to treat it differently. Processing does not intrinsiquely add value to it; it may be useful to discard the valueless bits though. But only if the analysis is done properly; though, the analysis is what has value, and more specifically the _quality_ of the analysis.
A piece of white stone you find in the ground is virtually valueless; it becomes very valuable once it has been identified as a diamond by an expert; unless said expert is my 5-yo nephew.
Same for collected email adresses for example (a string with an @ in it). They have not much intrinsic value unless they are verified to be real adresses; ie they have a valid TLD; more importantly, they don't bounce. Even more importantly, they are not one-time discardable adresses (firstname.lastname@example.org is more valuable than email@example.com, presumably). Value increases as the person behind the adress can be shown to be responsive to marketting to that adress (firstname.lastname@example.org is unlikely to buy CHEAP C1AL!5; in fact the email will probably not get through the filters and the PA. email@example.com may be a more valuable adress in this case -well, not anymore but you get the point). So, the value is not in the data itself, same as it isn't in the ore itself or in this white stone my nephew found in the rocks. The value is in recognizing what you can or cannot do with the data, and then doing it."
40 per cent have turned down sex with their partner in favour of playing on their smartphone.
That's not because they're 18-30 as you suggest. That's because their partner is a 18-30 male ;-) hence they probably turn down sex several times a day for various reasons, including "I'm on the phone with mum, stupid", "what are you doing I'm washing the dishes", "hush now, the other customers are watching", "you'll get us thrown out of the bus" or "I said no, airplane seats are too uncomfortable". And yes, probably "In a minute dear, I'm this close to breaking my personnal best in Angry Birds". Not that surprising really.
Re: Er, timing?
"From Sweden, you just need the UK plus any original conditions they would have to meet including Australia."
Sweden is not bound by Commonwealth rules, and the UK would not be the extraditing party, so no. That is not recursive. Sweden would not be asking "do you agree with extradition" but "Is there anything you want with him before we send him away", which are very different questions.
Re: Er, timing?
>The UK has "next right of trial" on St. Julian for skiping bail. So once the Swedes are done with him he goes back to the UK for that
Word of the street is, the US has a sealed injunction waiting that far predates the bail-jumping. If that's true, IANAL but I think it has precedence as the charges would be both pre-dating the bail-jumping AND more serious. Otherwise the bail-jump may have been a clever tactic from the white-haired one to be prosecuted for something -anything- outside of the US... but again, given the possibility of the sealed injunction, that's a pretty huge chance to take.
> civil law trials from the persons putting up the money for the bond
Yeah, I would not count on that. Anyway that would not prevent extradition. Chronology.
Re: Operation Winkle
Just to be the devil's advocate, such comments here present are most probably more illegal in the UK than anything Assange may or may not have done in Sweden. Under current
antiterror laws the very act of posting such calls to/threats of arson (on El Reg or elsewhere) carries a bigger penalty than what Assange may risk if he's charged in Sweden. So... ready to pack, chaps?
Just to, you know, put things in perspective.
Re: Er, timing?
"For the Swedes to extradite him onwards to the US, they must first get the same permissions from the UK as if he were here, so again the question, why on earth would "they" need to do it via Sweden when all the same legal hurdles are in place plus Sweden's?"
To deport him from the UK you'd need Australia's permission. He's a Commonwealth citizen, you see.
From Sweden you just need the UK (good lapdog) and Sweden of course (the very country that serves as a NSA foothold for EU surveillance... what are the chances of them saying no?).
Re: Er, timing?
"1) It's not unusual. In Swedish law, you get charged in Sweden, not in the UK"
He's currently not charged for anything anywhere. Extradition without charge is incredibly uncommon, actually a cursory check failed to bring up any precedent -appart of course for the infamous "extraordinary rendition" process - so it may well be a world first.
"Sweden is irrelevant, he's on the run for breach of bail, he's going to a nice prison in Kent as soon as he comes out of the embassy"
But did't he breach bail to avoid deportation? (I'll help you, the answer to this one is "yes". He was comfy in a mansion belonging to one of his friends, why would he leave it?). Your circular reasonning is not going to help you
" It's all irrelevant, because you twist your conspiracy theories to suit any contingency. Literally anything you could consider unusual or "opens the door for"."
Not twisting anything. If he is charged (in Sweden or anywhere else) he'll undergo trial there before anything else happens (extradition to the US for example). I he goes to Sweden and is not charged, he can be deported to the US right away. So making him come over to Sweden without charge litterally "opens the way" to its immediate extradition to the US. That is how it works. It does not, however, "open the door" to the end of the world, as your fiendish misquotation tries to infer I meant.
Re: Er, timing?
"Failing to understand Swedish legal process I see?"
The legal process in Sweden is what it is. If they want an interview with a judge before filing charges, fine. Deporting someone -especially a non-national- so that they can have it, is entirely different. It engages more than just Sweden. Even the US had to charge McKinnon to try and get him out of the UK (without presenting evidence, but that's another problem; they still charged him).
Sweden can have the legal process they want. It doesn't mean that the other countries should go out of their way, trample international rules and possibly Human Rights to accomodate it. If the Sweden legal system insists that you must deport a foreign citizen without charges (for a possible offence that carries a max penalty _lower_ than what you'd risk if you were seriously speeding on a highway), then perhaps they need to slightly alter their legal process and allow the initial interview to be carried out abroad.
Re: Er, timing?
"Extraditing from here would have just required the UK's permission."
Nope. He's from the CounterWeight Continent, see, and there's this usually-convenient-but-not-in-this-case thing called "Commonwealth"; means that Australia has veto right on the extradition -from the UK. But not from Sweden, as Sweden is not bound to Commonwealth rules.
I also find it a bit odd that extradition was granted without any charge being filed. That's highly unusual, and indeed it opens the way for the "oh, our bad, we won't charge you here in Sweden that was all a sorry mistake. But since you're here would you please board that NSA plane, pretty please with waterboarding on top?" strategy he's suspecting. I say, extradition without charges should not be granted. Then you see if the charges stick.
Re: re . Poopy
It is not only an offense in France to insult a public official*, but also to insult anyone who is in charge of delivering a public service. That's pretty wide and includes teachers and postmen for example. It is however very unlikely that "poopy head" would be considered an insult in France; it's closer to a proposition actually. I would give example of what would be considered an insult in France, but even the individual bits would probably be so nasty as to crash El Reg's british server -and all the british routers on their way.
*It's contempt actually, not insult, that is an offence, but close enough.
Good to see that Serious Crime is taken Seriously
I expect a swift drastic reduction of all serious crimes across the UK. That, or a reduction in the Dreaded School Map Dodgers and Fly Tippers gang that is putting our lives at risk everyday. Not to forget Parking Ticket Evaders. Apocalypse averted, then. Pheww!
And all that only at the cost of a tiny bit of generalized comprehensive spying on your every move. Bargain!
Re: Adobe Flash?
Seriously, can someone rip the sound from soundcloud and post it somewhere in a standard-compliant format?
First it complained that my RaspBian install doesn't have flash. Fair enough (and by that I mean "utterly idiotic but rather common").
So I try today from a computer that does have Flash installed. Oops, my browser is "not supported by Soundcloud" apparently, and "please download one of our supported browsers: Chrome | Firefox | Safari | Internet Explorer".
It's beginning to be ridiculous, back to the eighties and the infamous "please install IE6 to view this site" but I must admit that Midori is not a very commn browser so maybe it can't play sound the exact way Soundcloud wants, and hey, OK, why not since it's Let's Be Stupid day apparently, I'll try from a computer that has one of the 4 supported browsers.
Ah. Doesn't work either; I suspect Soundcloud doesn't like this version of IE (no idea why: too old, too new, not the right default font or perhaps it's just that bit of salad on my teeth: it still gives the same "NOT SUPPORTED" error message).
EDIT Apparently xxxterm works. Why it didn't want to talk to Midori is anyone's guess...
Re: spot on
US Homeland security is the worst offender I've ever seen. One week from crossing the border to mailbox choked full of spam (20 meg limit; I don't know how long it took to reach, I only checked after 1 week...). That's the only time I gave them a "real" addy; now the get the spam one when they insist on getting one.
Re: Disposable passwords for disposable accounts
Yup, same here; except that I have not one but 2 "spam" email accounts, one for accounts of utterly no interest whatsoever (youtube etc), and one for accounts of a tiny little bit more interest (mostly electronics hardware sellers; some other online shopping).
> without bothering with a wind tunnel
I have access to Nature, so I checked for you. You were right, they did not use a wind tunnel, so I just did in their stead*. Turns out that the fossil doesn't land very stylishly. It also seems to be quite clumsy in mid-air manoeuvres. So you're right, this article is rubbish.
*Using a piece of basalt to model the fossil, as it comes from the Yixian Formation.
for some definition of paedophile...
Given the sentence:
Some of the people who start by accessing indecent images online go on to abuse children directly. So the operation is not only about catching people who have already offended – it is about influencing potential offenders before they cross that line.
it is likely that a non-negligible percentage of the cuffed "suspects" did little more than clicking a malicious mislabeled link on 4chan (or somewhere equivalent). I prticularly like the bit about catching people before they cross the line, it has a delicious Minority Report to it. But pumping up the stats is good for the bill...
Re: @Charles Manning
"Anyone out there: Do you use APL"
For the works that were APL's strength we now use python (sometimes in association with R) here. In a neighbouring team they use SPSS for historical reasons (and because it's expensive and unpractical so it must be good, right?). In a former life I worked with physicists who used mostly MatLab (tried it, didn't like it: slow, bad ressource management, lacks flexibility; superb graphing capabilities though). It's been decades since I last saw APL mentionned, and it was on a handwritten presentation slide.
"Well, that's just, like, your opinion, man."
"If you manage to write a ping program that crashes the machine, you have no business being a programmer anyway."
In a world of unlimited ressource that's true; however when you use up the tiny amount of remaining system ressources with a ping machine, the system can become very unstable, and not necessarily because of _your_ code. My point was more that small shit like that is supposed to be run together with a lot of other similar small shit, not all of which will be well-coded; and that the "no matter if it's shit because it's small" mentality is not advisable.
Real concern but rubbish assumptions
Most people I know choose their apps first by comparing the list of permissions asked; only after that do they compare looks etc. Litterally all the people I know who own an Android device has at least once refused to install an app because it asked for unreasonnable permissions.
So, the concern is real, and it is a pain in the nads that you can't handpick permissions that you grant (well, without getting your hands dirty under the hood at least). But the assumption that it results in people not paying attention to security is -in my limited experience- rubbish.