Comment Decentralized source control centralized (Score 1) 137
So we moved from centralized source control (CVS, SVN) to decentralized source control such as Git and then we centralize all of repositories in the world on one server...
So we moved from centralized source control (CVS, SVN) to decentralized source control such as Git and then we centralize all of repositories in the world on one server...
Better download Tor while you still can/may.
This is why we should avoid (near)monopolies such as Paypal (and Mastercard, Visa, Apple, Facebook, Google....). We should decentralize, for example by using Bitcoin.
Not sure how security firms conclude nation states must be behind some complex malware. It could also be a corporation. It could also be a criminal gang. It could also be some lone programmer or group of programmers doing this in their own time in order to sell the software or their services to criminals or governments. Most software is not made by governments (actually, can't think of any software) and whenever they try, they usually fail.
Not very long ago a website called Wikileaks had quite some trouble receiving funds because Paypal, Visa and Mastercard refused to cooperate.
As I understand it Tor is between you and some other place on the public internet. I2P is not made to go out to the internet. It's more like Tor without exit and only hidden sites, like a secret internet on top of the public internet.
As the IPv4 jar is running empty and more and more people are trading IP-addresses around the world, this problem will become bigger. Anyway, IP-adresses were never meant to determine which language you speak.
Oh, and we should move to IPv6.
I'm not saying there are no hack attempts coming from Chinese IP-addresses, but the proof that this is "state operated hacking" is thin or non-existent. I wonder why all the headlines always talk about China. Is there no problem with cybercriminals from Russia, Ukraine, or even from the USA? Doesn't all economic espionage go both ways? This China bashing looks like a media campaign to create a new big bad cyber enemy to distract from actual problems (like lack of NOAA funding), to get new privacy-destroying legislation to "secure the homeland" passed, to get funding for NSA, to get good deals for government contractors. Maybe I'm just paranoid...
Meanwhile the US government spends billions of tax money to employ the smartest hackers they can find. If they all would be employed to create secure software, secure networks, find and fix leaks in existing software, there would be no hacking problem. But somehow this is not a priority. If only one NSA guy was employed at NOAA to make sure their web servers are patched and hardened, this would not have happened. There will always people trying to hack your systems, no matter how hard you scream it's unfair.
From the article:
The impact of the hack was real: Scientists at Atmospheric and Environmental Research in Lexington, Massachusetts were unable to send a preliminary report about weather patterns to traders and investors earlier this year.
So some traders did not bring an umbrella and got wet walking from their BMW to their office? Why can't they look out of the window like everybody else?
I was thinking exactly this (except that I was thinking about "citizens", not "US citizens").
But really, why not stop complaining about China hacking US systems (usually with no evidence) and start getting to asses risks and fix your leaky systems. If billions of dollars poured into the NSA to eavesdrop on people were instead used for finding and fixing vulnerabilities, the USA would be a lot safer.
Have you heard the US government say: "Yes, we spy on the whole internet including American civilians, including government leaders of friendly nations. Yes, we know it's against our own laws. Yes, we also engage in economic espionage."? I guess I missed that statement from Obama. Of course any government would deny any uncovered secret operation.
Also, have you thought about the scenario, that the Chinese government is actually NOT involved in this? Have you considered that all these reports from all these self-proclaimed security researchers, might be inaccurate or just wrong? Have you read these reports (I mean actual report, not the summaries in the press)? Would this report hold up in court as prove? And would the US government care whether it was wrong or inaccurate? Or would it benefit some (domestic) political agenda? Just asking questions. You should try it too.
These aren't rogue groups. They operate with the full support of the Chinese government.
Source?
I don't think you get it. This has nothing to do with your phone. It's the phone network that keeps track of where you are. Your phone does not need GPS. It just needs to be on. Now it seems that other people, besides your network operator, are able to query the network for your location by just knowing your phone number. And those people are not necessarily your friends.
Yes, my telco is supposed to know. But they should be the *only* ones to know. And it seems this is not the case. Far from it.
Actually, how do you get ss7 network access?
The optimum committee has no members. -- Norman Augustine