> probably until the kingdom gets destroyed even

Well as long as the kingdom exists, there will be a king who will want such a memorial for himself and will want to not be the one to set the precedent of allowing the king's burial chambers being desecrated. So this is to be expected, at the very least.

Very true but I don't see that implication here. I agree that its possible someone could misinterpret it that way but it doesn't appear that there is any attempt to mislead people here, either by the authors or the summarizers. It all reads pretty clearly to me, and pretty clearly doesn't address small scale/targeted use that would be neigh impossible to detect.

Now if I was a betting man, and you asked me, do I think the NSA might refer to this result in attempts to deflect criticism, I would bet that they will. So far they have shown to be decently expert at deflection and misdirection when it comes to making public statements; and very fond of making ever so slightly overqualified statements about what they are NOT doing.

This is true but, it also is a case where what works in one place may or may not work the same (or be implemented similarly) elsewhere. I have seen these exact same lanes turn into a nightmare. Not because they put traffic in the way but because they retained the left and right lanes, and just occasionally, turn the left lane into a turn only lane....so everyone who was traveling in that lane suddenly has to move over.....and few things slow drivers down like a lane merge.

> So my question is, without having man in the middled all the sessions, or had the decryption keys.
> How are these researchers making this statement?

How do you know they didn't? Notice the keywords "large-scale". Their detector is likely some sort of honeypot in fact, from the article:

To detect Heartbleed scanning, we extended the Broâ(TM)s SSL/TLS
analyzer to recognize Heartbeat messages [25,57]. Note that this
approach parses the full TLS protocol data stream, including the
TLS record layer which remains unencrypted throughout the ses-
sion, and thus achieves an accuracy significantly better than that
provided by simple byte pattern matching. We have released our
Bro modifications along with our detection script via the Bro git
repository

So I would assume they had keys and possibly were using a honeypot....a few paragraphs below that, they talk about getting full traces from a honeypot.

Right in the summary: "This provides strong evidence that at least for those time periods, no attacker with prior knowledge of Heartbleed conducted widespread scanning looking for vulnerable servers. "

So you are correct about what it doesn't prove, but, its also not really claimed to prove that either. Not even a little bit. What this does, is suggest strongly (not prove) that no criminal gangs (yes, yes, the NSA) were aware of it, or if they were, were not aware of it long enough to exploit it meaningfully.

If the vulnerability were available, if even one person bought it, they would have to use it. What I mean is, if you know this vulnerability can be bought (because you bought it) you know that its out there and its only a matter of time before it gets noticed and fixed.

The only person who has any reason to not use it or use it in a discriminating fashion, is someone who discovered it independently and wants to get maximum use out of it. Someone like the NSA.

This, in no way, proves that nobody knew about it. What I think it does prove is, whoever may have known about it, wasn't selling it and wasn't a memeber of one of the for-profit gangs. That is all.

So your idea....for him....is to make a game that conforms to your personal sensibilities. Interesting.

> Surely there is a whole market just waiting for a good FPS that doesn't rely on murdering people?

I find this quite unlikely. Don't get me wrong, there is plenty of fun to be had in games without simulated violence and a few games do come to mind, but, I doubt there are that many people so put off by a little simulated violence that it consitutes a large market that are "waiting".

Perhaps you should stop waiting, and start working on games for this market and prove it exists?

That would make sense to me. Often times when you run into something that seems simple but nobody does it, turns out you missed something in your assessment about either how well it works or how much work is involved or even that it doesn't work.

It reminds me of one of the things I noticed in my own profession as a sysadmin. Generally, if I toss relevant facts into google, and it doesn't pop up that somebody else had the same problem, then I likely missed something right there in the documentation. Turns out to be the case more often than I ran into something truly novel.

It is hard to get past the feeling that "if it was that easy someone else would be doing it", and usually, its true....but sometimes it isn't and the only way you will know is to try. That is why research and development exist....to give it a try..... you know....before putting it in production.

Course, if this was a bunch of sysadmins the bet would be more implicit, and if phrased properly and explicitly might be "I bet our production environments stability that this is going to work...."

> they're using professional check-writing equipment plus U.S.-based accomplices to not raise suspicions among
> their victims

Funny I was just posting my little anecdote about these groups on slashdo recently ( http://slashdot.org/comments.p... ), not only does this jive exactly with my limited exposure to these gangs, but, I even got them to try and recruit me to thelp them. Thing is.... this was a room in my house....I have not been a landlord in several years, and this was several years before I stopped so.... this was at least 5-7 years ago.

so while its true, its not new. In fact, I left this detail out of my previous tale but, after recieving the money orders that I knew were fake, I did look over them and attempt to verify that they were fakes, which the claimed issuer was happy to verify for me. That said, had I not known their source, they might have fooled me, they were decent fakes that were professionally printed, even then.

> I find it a bit hard to believe that a guy who is able to get one of the largest black-market enterprises running on
> a server/farm connected to an anonymous/decentralized network isn't smart enough to *not* give it a public IP
> and/or put the equivalent to a home internet router in front of it.

as much as I would like to not believe it, this is one of those cases where, he has to be perfect every time, they have to catch him slipping up once.

I don't know what his stack was, but typically, there are a lot of places information can leak. Including in error messages.

The reality is, no hidden service (that isn't intentionally also a non-hidden one) should have a public IP where it can be reached. The last public endpoint should be its tor node, and the tor node itself should then only contact it via private IPs. It should then also only contact its backend databases by private IPs.

If that means you have to setup backend VPNs for the transport.... then guess what....that means you have to setup backend VPNs for the transport.

Frankly, what this guy did, overall, wasn't all that impressive. He put a bunch of tools together. He didn't develop tor, he just made the obvious leap. Being more willing to take the risk doesn't mean you are the best of the best, it just means you are confident enough to risk a fall on your face.

> Airlines are running into physical space issues. In their quest for ever more seats The airlines are
> beginning to ignore basic human needs. People need to move around. The tighter and more closed
> off you make people feel the more likely they are to get into arguments. This is not only true
> physically, but mentally as well. Arguments lead to fighting.

But as long as there are not so many problems as to damage their bottom line, they can just blame the incidents on the passengers

So really, the best solution for passengers is to not hold back and start swinging until it really stands out that only one airline is having these problems.

In addition to the other comment, you also have to realize two other facts about Kerbal:
it (currently, I believe its eventually planned) only adds re-rentry effects, there is no attempt to model the heat (without mods, there is "deadly re-entry" which I personally like to play with) so you can slam into the atmosphere at pretty much any velocity safely.

This is also good because, Kerbin's atmosphere (which I hope they fix) is rather odd, a little overly thin at the top, and a little overly thick at the bottom, and with a bad drag model (mods fix it, hopefully the base game will before release).

So in the stock game, it is a serious feat to hit the surface with significant speed.

It isn't so much a matter of n-body being too difficult, I don't think it would be that much fun to play. I mean, some people would love it sure but.... the unexpected effects on orbital stability would very likely be fun killing for a lot of the more casual players, which, lets face it.... is what is going to keep them in business.

Sure I would love some more lagrange points or to toss something into a low energy transfer path that has it being tossed from one celstial to another for no extra fuel, but, seriously, it would be a mistake to make a game that took a degree in astrophysics to play. Hell, I might rage quit after a while with n-body.

Also, they would have to totoally redo the solar system since the kerbol system wouldn't be stable off rails under nbody.

Admittedly I am still skeptical it wouldn't be gamed cheaper than actually prioducing the result intended, but I like where you are going with that idea, it reminds me alot of the xkcd commentary on automated spam: http://xkcd.com/810/

That said, I think I have more faith in people's ability to reverse engineer, and lose control of secrets than I do in the ability of a system to regulate. At the current technology level, I really do suspect that any patent system will be more hamper than helper, and giving people incentive to share their ideas is likely no longer necessary, because their consent to sharing is widely irrelevant.

I am normally against increasing the number of cameras around and being under surveillance all the time. That said, I think NYC needs this to finnally start putting nails in the coffin of their stop and frisk program. Finally either one of two things HAS to happen: Either they collect massive amounts of evidence about how they have been stopping random people and trumping up charges, or.... the number of incidents must go down. Either way, its progress.

Already done, a quick simulation clearly shows nothing to worry about, even if it hit the atmosphere straight on it would still be decelerated to a safe velocity before hit hit the gorund and would just bounce.

That is a load off my mind.