They must have learned from our republicans.

You do realize that most "darknets" are built on a "bust one, bust all" model? Pretty much the only security is that the bad guys aren't in your darknet, they've never reached a popularity where there's any plausible deniability. The only other people likely to be in your darknet are the other members of your terrorist cell or whatever you're part of, it has never offered anything for "normal people" for you to hide in. And darknets have actually been used as honeypots, to make clueless people give away their IP to join a private group which turns out to be a sting. It is pretty much the exact opposite of anonymity, it's joining a conspiracy and you're at the mercy of the stupidity of everyone in it.

TOR is trying for something entirely different, which is to keep everyone at arm's length from each other. I talk to you over TOR, you get busted well tough shit they still can't find me. The users don't know the server, the server doesn't know the users. Of course by adding that glue in between you run the risk of the man in the middle working out who both ends of the connection are, but that's the trade-off. TOR is trying to do something extremely hard, it tries to offer low latency - easy to make timing attacks, arbitrary data sizes - easy to make traffic correlation attacks and interactive access - easy to manipulate services into giving responses, accessible to everyone and presumably with poison nodes in the mix. It's trying to do something so hard that you should probably assume it's not possible, not because they have any special inside access.

I actually did look at trying to do better, it was not entirely unlike Freenet done smarter only with onion routing instead of relying on statistical noise. It wouldn't try to be interactive so you could use mixmaster-style systems to avoid timing attacks and (semi-)fixed data block sizes to avoid many correlation attempts but I never felt I got the bad node issue solved well. TOR picks guard nodes, but it only makes you bet on a few horses instead of many. It was still too easy to isolate one node from the rest of the network and have it only talk to bad nodes, at which point any tricks you can play is moot because they see all your traffic. Even a small fraction of the nodes could do that on a catch-and-release basis and I never found any good countermeasures.

Just show him the South Park episode "Freemium isn't free" and he'll learn all about modern game mechanics, along with a few lessons in economics and marketing. Before you know it he will be pushing his game in the school yard like a pro.

False dichotomy, the test may be inconclusive. /pedantry

From what they've said before they expect you to eventually return to pick up your original batteries on your way home, though they haven't said how long you can keep driving on your loaners. If you don't they'll create some kind of fee to offset the condition between the battery pack you had and the one you got. If you're permanently relocating and make arrangements I'm sure they'll offer some kind of system to choose a battery in roughly the condition you had if you want it to be free or to swap for a brand new one if you want to restore max range at your final destination. Otherwise you could swap a 7 years old/100k miles battery for an almost new one for free, that wouldn't be right.

If your commute involves a battery swap for a Tesla you should really consider changing jobs. I'm guessing it's more about the weekend rush, Friday afternoon lots of cars will be going on long range trips and return Sunday evening, I'm guessing a battery swap pad is a lot more involved than a gas station pump so they won't have very many of them. They did run a test here recently driving a Tesla ~1000 miles and they said it all worked well but there was a lot of waiting, for every 2-3 hours of driving there's was one hour of charging. I know that when we drive to the capital it takes ~7 hours and we have one 30-45 minute stop, if they could swap batteries on at least one stop they'd be down to one hour charging per 4-6 hours of driving which would roughly be the break time we'd want with an ICE car too. But Friday afternoon I'm one of a thousand lemmings trying to get out of the city, it better go fast.

The first amendment only says "Congress shall make no law..." but everybody understands you don't have much freedom of speech if you end up hanging from the nearest tree afterwards. Because the law isn't supposed to shield me from lawful retaliation like a boycott only retaliation that's already illegal you don't need a specific law for that. But everybody realizes that targeted action against those who exercise a particular freedom is trying to encroach on that freedom. Of course the government can just wash their hands and say we weren't the angry mob holding the rope, but it wouldn't be a very good government.

Any time you refrain from a lawful action because of the risk or threat of illegal action is a failure of the system of law IMHO. If I can't walk through a part of the city at night they're failing to keep the street safe. If they can't show this movie at the cinema without the risk of terrorism they're failing to keep the country safe. At least if it's a genuine risk and not chicken little screaming that the sky is falling, I mean you can't expect them to be everywhere and prevent every crime everyone's trying to commit. And I don't want to sell out all my rights in an attempt to make it so either. There could be a price for not caving but there's a price for caving too, the terrorists don't need to take away your freedoms if your too afraid to use them anyway.

Funny, since Linux does everything it can to break a canonical name model with symlinks. In fact, you could mimic a case-insensitive system with 2^n symlinks like /foo/bar/COnFiG -> /foo/bar/config. And the captialization is the cause of errors in mixed environments:

1) Create file on Windows called "Foobar.txt".
2) Copy it to your Linux machine.
3) Rename it to "FooBar.txt"
4) Do lots of work on the text
5) Copy it to your Linux machine
6) Copy the Linux directory back to Windows.

There's now a 50-50 chance that your work just got overwritten by old crap from step 2). Of course you might argue that Windows is the problem here since it wouldn't happen on two Linux systems, but then it wouldn't happen on two Windows systems either. They just don't play nice with each other.

Tag: NOTABUG and WONTFIX. Case aware filesystems so you can have normal names and not like AUTOEXEC.BAT and CONFIG.SYS from the DOS days is great, case sensitive file systems are a really bad idea. Is there any kind of sane situation where you'd like to have two files "Config" and "config" actually coexist that isn't just begging to be confused/abused/exploited? For a marginal performance optimization all POSIX systems have shitty usability. Why am I not surprised? I guess for a server it just doesn't matter, but for the desktop you should file this as a bug against Linux, not Windows and OS X.

I recently moved from hand-written HTML for my personal site to Jekyll, which is the engine that powers GitHub pages. It does exactly what I want from a CMS:

• Cleanly separate content and presentation.
• Provide easy-to-edit templates.
• Allows all of the content to be stored in a VCS.
• Generates entirely static content, so none of its code is in the TCB for the site.

The one thing that it doesn't provide is a comment system, but I'd be quite happy for that to be provided by a separate package if I need one. In particular, it means that even if the comment system is hacked, it won't have access to the source for the site so it's easy to restore.

How is your LAN secured? If it's wired, then I assume that you know about ARP poisoning attacks. If it's wireless, then I assume that your post was intended as a joke.

That's the best way of securing a connection, but it doesn't scale. You need some out-of-band mechanism for distributing the certificate hash. It's trivial for your own site if you're the only user (but even then, the right thing for the browser to do is warn the first time it sees the cert), but it's much harder if you have even a dozen or so clients.

The 'brought to you by' box on that site lists Mozilla, Akamai, Cisco, EFF, and IdenTrust. I don't see Google pushing it. They're not listed as a sponsor.

That said, it is pushing Certificate Transparency, which is something that is largely led by Ben Laurie at Google and is a very good idea (it aims to use a distributed Merkel Tree to let you track what certificates other people are seeing for a site and what certs are offered for a site, so that servers can tell if someone is issuing bad certs and clients can see if they're the only one getting a different cert).

It depends on your adversary model. Encryption without authentication is good protection against passive adversaries, no protection against active adversaries. If someone can get traffic logs, or sits on the same network as you and gets your packets broadcast, then encryption protects you. If they're in control of one of your routers and are willing to modify traffic, then it doesn't.

The thing that's changed recently is that the global passive adversary has been shown to really exist. Various intelligence agencies really are scooping up all traffic and scanning it. Even a self-signed cert makes this hard, because the overhead of sitting in the middle of every SSL negotiation and doing a separate negotiation with the client and server is huge, especially as you can't tell which clients are using certificate pinning and so will spot it.

Every HTTP request I send to Slashdot contains my cookie, which contains my login credentials. When I do this over a public WiFi network, it's trivial for any passive member of the network to sniff it, as it is for any intermediary. Worse, because it uses AJAX stuff in the background, if I briefly connect to a malicious access point by accident, there's a good chance that it will immediately send that AP's proxy my credentials. I've been using this account for a decade or so. I don't want some random person to be able to hijack it so trivially.