Forgot your password?

Comment: Re:I guess you missed Kent State? (Score 1) 139

by DarkOx (#48220977) Attached to: Incapacitating Chemical Agents: Coming Soon To Local Law Enforcement?

The counter argument though is the non-lethal weapons lower the hurdle for use of weapons at all. Any cop knows the outcome of using his service pistol against someone is likely that someones death. Most cops being decent people don't WANT to kill people.

Most cops however like all people value their own safety if you give them a tool like a taser and tell them it won't likely cause serious injury they become very likely to use it anytime the situation gets "tense" its the safe way out for them. They won't consider the corner case outcomes where the person has a heart condition or something and it could kill, humans don't think way.

Should someone who is shouting during a political event but otherwise not doing anything violent or injurious to others be subject to taser and pepper spray, those microwave pain ray things etc? I don't think that is the right thing for our society.

Comment: Re:Sorry They're Changing (Score 1) 503

by DarkOx (#48220629) Attached to: FTDI Removes Driver From Windows Update That Bricked Cloned Chips

I think a great deal of this comes from two sources:

Company A creates a design, builds proto types etc. Hires Compnay B ( like a Foxcon to manufacture ) lets company be mange all the parts inventory etc. Essentially they just send orders.

Company B makes the product with genuine parts as speced for some period of time. Company A feels good stuff is being made correctly etc. Gradually company B starts to do more and more runs with the knock off parts growing their margin because they continue to charge A the same for completed units.

Maybe Company B runs likes to A's spec during the day, delivers all of A's orders to spec. At night the knock off the whole damn finished product using fake parts and other cuts and push complete counterfeits out to other channels, knowing A won't get to inspect them for quality.

Comment: Re:Wake up America ... (Score 2) 94

There is was an old joke about digging a canal in South America.

The local Dictator brimming with pride shows a visiting group of foreign dignitaries a gang of workers digging the new canal using pick axe and shovel.

The American industrialist says: why are they using shovels surely you could get a loan against the future revenues to purchase heavy equipment get the project done sooner start collecting tolls right way.

The Dictator replies: Ah but this employees more people.

The visiting economist asks: Would it not be better to have them use spoons.

Comment: Re:Bigger question (Score 2) 168

by DarkOx (#48214461) Attached to: Ask Slashdot: Smarter Disk Space Monitoring In the Age of Cheap Storage?

I don't know; the default 5% might be excessive for really big volumes but keeping at least %1 free seems 'smart' pretty much no matter how many orders of magnitude the typical volume grows to be. The typical file size has grown with volume size. We now have all kinds of large media files we keep on online storage now that previously would have run off to some other sort of media in short order.

The entire port of the reservation is so in the event of calamity the super user retains a little free space to work in; if (s)he is going to be able to be able to shuffle things about they might well need what we nominally think of as quite a bit of space. Those things today might be a 100GB VM image or something on 20TB SAN volume for example.

Comment: Re:Not inherently unreasonable (Score 2) 164

by DarkOx (#48213429) Attached to: Proposed Penalty For UK Hackers Who "Damage National Security": Life

Most crimes have a "Mens rea"

Yes that is why I asked if the requirement was more than negligent. Negligent basically means you formed no intent; specifically you did not for see the particular consequences of your actions or possibly inaction.

Consider this, suppose I buy some candy out of the back of some guys white van in parking lot. I bring it into the kids preschool for snack. All the kids die. I would totally be up for manslaughter. The mens rea would be negligent. I was just being a cheap bastard, did not mean anyone any harm but should have known better.

We might argue similarly about Tilly or Bobby. They should have known better than to be pasting crap from some untrusted website, but... the kitten looked like it had a smile.. yea well.

Comment: Re:Telnet has its place (Score 3, Informative) 60

by DarkOx (#48212967) Attached to: Cisco Fixes Three-Year-Old Telnet Flaw In Security Appliances

Because its not what your customers are really going to use! Better to exercise a real world configuration in the lab. Add 'null' cipher to ssh if you need this and make the command to enable it something obviously out of place for normal operations like:


Comment: Re:The funny about Cisco... (Score 1) 60

by DarkOx (#48212901) Attached to: Cisco Fixes Three-Year-Old Telnet Flaw In Security Appliances

here is nothing wrong with using TELNET on a private network but today we understand that security is better served using SSH for this functionality. However, in some environments, legacy dies hard because TELNET is not really that much of a security risk if you have good control over who accesses your network.

There is nothing right with it! SSH is not an overhead concern for any contemporary device. Even if the only people with access to the networks the management services accept connections from all have access you still have a problem. If there have been credentials running around in the clear we don't really know / can't prove who has been using them. Also it leaves the door open for MITM possiblities where content is injected. TACS logs show Bob issued the "write erase" but we can't really say it wasn't Jim using Bob's account in one way or another. Lack of attribution is a problem; even in authorization might not be.

Really there is no real world case where cryptography or authentication make sense without there other. Cryptography might not be encryption of the content; it could be something like a digital signature that just provides continuing authenticity and message integrity. Security: Authentication/Authorization/Availability/Integrity (in no particular order).

Comment: Re:Seriously (Score 3, Insightful) 164

by DarkOx (#48212649) Attached to: Proposed Penalty For UK Hackers Who "Damage National Security": Life

Not really the reporter knows everyone who cares enough to listen to anything holder says already is perfectly aware of the true answer to that question at least in Eric's opinion.

Whistle-blowers are great as long as they are embarrassing my political enemies, in which case I am thrilled to stand up for strong protections and will gladly come up with some elaborate construct to make it morally equivalent something people get whipped up about like civil rights or something. In all other cases I perceive them as threat as a threat to the status quo and my crony buddies; I'am prepared to invent some wild construct to tie it to "national security" because that way everything is "on the table", I don't mind sounding "insane" to anyone actually listening because my buddies will brand anyone listening as "insane".

Comment: Re:Not inherently unreasonable (Score 1) 164

by DarkOx (#48212547) Attached to: Proposed Penalty For UK Hackers Who "Damage National Security": Life

So hypothetically lets say aunt Tilly uses decides to use their online form to post a question to customer service. She is feeling cute and copy pastes an emoticon which her browser software decides to accomplish by inserting an img tag.

The free emoticon side Tilly users happens to be some other attacker's plot to get people to send his Cross site request forgery links for him. Tilly has idea some nasty java script is about turn her cute little links to some smily.gif into the password requests for 50 popular sites.

Under this law, who are the victims, who are the attackers. Is Tilly attacker? victim? both? negligent and does that matter?

Who is the victim {legal entity power co}? the customer service rep? both?

Is national security "threatened" just because a utility was evolved, even though if we even consider the utility itself a victim only a billing / customer interaction system was ever involved in the attack?

This law addresses exactly non of those questions. Now we all know dear sweet aunt Tilly will not be prosecuted. On the other hand the book would be thrown at Biker Tattoo Bobby with all those crazy opinions of his for doing exactly the same thing.

Comment: Re:Don't do the crime (Score 5, Insightful) 164

by DarkOx (#48212189) Attached to: Proposed Penalty For UK Hackers Who "Damage National Security": Life

The problems are its not always getting a shell. What if you violate a websites TOS, is that an unauthorized act?

What does damage national security mean, If I post about how Minister X lied about Y 10 years ago does that erode society's faith in its officials and by extension "threaten national security"?

There are bright lines such as bypassing an authentication mechanism; deliberate insertion of abnormally structured data designed to alter application behavior (injection attacks); that could be defined in laws like this. Its very possible to write laws governing computer access that are both inclusive to allow interpretations to cover changing and new technology and still be specific enough a reasonable people can agree on if a specific act meets the criteria.

Groups like OWASP have done the work; we now have good working definitions and generic criteria for describing attacks and abuse. Its not '92 anymore where public network access was a new thing.

There are two reasons overly broad laws like this are being written both equally scary. 1) The people writing and enacting them remain profoundly ignorant of topics that pretty much effect every aspect of the economy today. 2) They want them overly broad because it makes for a nice blunt instrument to shutdown anything that threatens the status quo.

Comment: Re: Nah, this is just stage 1 (Score 1) 324

by DarkOx (#48204821) Attached to: Hungary To Tax Internet Traffic

The real conceptual problem with it comes down to SS was designed before we had a fiat currency.

When we were on the gold standard government "savings" took real money out of the economy. Because the taxes are levied and the government does not put it back into "nice things" subsidies for education, roads, other services. People must continue to pay for these on their own so they have to stay in the work force, the dollars pulled out make the dollar slightly stronger.

The smaller generation following a boom would usually create deflation, few workers => lower productivity less money moving. Having retirees drawing down the SSTF would have smoothed that money would flow back in and they would have spent it.

Instead we went fiat. So rather than SSTF contributions being that deflationary drag, the government just borrowed creating new inflation. Now that money as its disbursed is just more fuel on the inflationary fires. So it does not go as far, we have to make COLA adjustments and pay it out faster creating a ever widening disconnect between what people pay in and what they typically get out (assuming they live their projected life spans).

So the entire thing is completely unhinged; it would be even worse but for the fact the rest of the economy also plays by one rule now; "the influential make it up as they go along"

Comment: Re:Recognition (Score 1) 150

by DarkOx (#48196831) Attached to: 'Microsoft Lumia' Will Replace the Nokia Brand

Yea but the hatred of Microsoft is more resentment and jealousy than anything else. Sure geeks hate them but nobody else really does. Microsoft like IBM before it represents safety in a confusing market place. Nobody every got fired for buying Microsoft, just like nobody ever got fired for buying IBM before that.

Microsoft has lost the consumer phone space, they have not yet decided they won't try but they know trying to get Teens and college kids to think their phones are 'cool' and or convince homemakers they are easy and safe would mean dislodging incumbents who have invested lots in that messaging already and have largely succeeded and are now seeing those ideas intrenched. Nokia still has come cache there; if they were going down that road they'd pick Nokia.

Microsoft is instead going with their old top down we're gonna force it on you strategy. The business mobile space has tons of companies that still don't have device deployment beyond the sales force, they have large orgs that are fleeing the Blackberry sinking ship. They can land those deals, right now all the policy management and such absolutely sucks for IOS and android; its all half backed and has more holes in it than a Swiss cheese. Microsoft is a brand you sell IT managers on. Its familiar and rule 0 of marketing is familiarity is more important than likability. People will knowingly select a brand they have had negative past experience with over the unknown.

IT manager thinking works like this: durr herp derp Samsung they make TVs; now Microsoft they make IT solutions! derp.

The truth is Windows phone probably can/will score better on their myopic score card spreadsheet too, Microsoft knows how to win the weighted decision matrix game. Which we all should know is a tool managers everywhere use to give a veneer of objectivity to their most subjective a prejudiced decisions. I look forward to the TCO whitepapers streaming from servers in 5 . 4 . 3 . 2 . 1 what relevance do the categories and metrics chosen have to do with anything; well the will have been 'scientifically' chose to make Microsoft look good.

Comment: Re:Government Dictionary (Score 1) 239

by DarkOx (#48195415) Attached to: Facebook To DEA: Stop Using Phony Profiles To Nab Criminals

The trouble is the law isn't the law. Law enforcement is not supposed to break the law. Facebook has a terms of use agreement, your right to access their systems and post anything there exists entirely from your agreement to abide by the terms there. Facebook does not allow pseudonyms and other characterizations of ones identity.

Doing so constitutes violation of the CFAA, the court even held that in US v Drew ( a case about pseudonyms on myspace), although the verdict was vacated because the District court judge believed that while violating the terms of service on a web site could constitute unauthorized access, placing site operators in control of criminality would likely result in the law being over turned for being vague ( does not define the act, other than to say violation of a certain type of contract is a criminal offense ) rather than letting that be tested the government chose not appeal so they could keep their law on the books. Presumably so they can continue to threaten and harass anyone who does anything on line they don't like with it ( remember is really vague ).

Facebook does not belong to them, but they use it anyway in violation of the terms and their own law. If you or I setup dozens of fake Facebook acounts and use it to harass someone you can bet at the very least they would waive the CFAA in our faces to try and get us to plea to something else. Rules don't apply to them though!

If they set up their own site they would be perfectly within their rights to do this kind of pretexting; but then who is going to sign up and start posting on NARKBook?

[Crash programs] fail because they are based on the theory that, with nine women pregnant, you can get a baby a month. -- Wernher von Braun