I look forwards to reading the "who, me?" story on this one.
101 posts • joined 14 Jun 2013
The Electronic Privacy Information Center (EPIC) has more information here: https://epic.org/amicus/cfaa/van-buren/
The FBI charged Van Buren with honest-services fraud and felony computer fraud. A jury convicted him on both counts. On appeal to the Eleventh Circuit, Van Buren argued, among other things, that the jury instructions were incorrect and that there was insufficient evidence to support his convictions. The Eleventh Circuit reversed and remanded the honest-services conviction because of an error in the jury instructions, but affirmed the computer-fraud conviction. The court determined that it was bound by its prior ruling in United States v. Rodriquez, where the court held that a Social Security Administration employee who accessed the personal information of seventeen individuals in an agency database for personal reasons “exceed[ed] authorized access” under the CFAA.
Van Buren petitioned for review in the U.S. Supreme Court, arguing that the Eleventh Circuit’s decision deepens a circuit split over the interpretation of “exceeds authorized access.” The Court granted review on the question
Whether a person who is authorized to access information on a computer for certain purposes violates Section 1030(a)(2) of the Computer Fraud and Abuse Act if he accesses the same information for an improper purpose.
End quote --------------------
Note that he was also convicted of "honest services fraud". The "reversed and remanded" means that it got sent back to the original court for a retrial. That retrial will probably also result in a conviction.
That is the kind of thing that happens when you don't have the locked-down version management stuff in place. Given the risks its a sensible trade-off. Merely blaming the user for not testing it is like blaming a Tesla driver for not paying attention to the road when on autopilot. Yes in *theory* they should, but in practice they very predictably don't.
Home Internet ISPs will carry on providing router/firewall/Wifi boxes so that Grandma can connect to the Internet as securely as she does now. IPv6 doesn't make a difference there.
Small businesses will do likewise.
Anyone above that level will be hiring people to look after their IT.
Repeat after me: NAT IS NOT A FIREWALL.
If you want a firewall in IPv6 you can have one. In practice NAT and firewall functionality have such big overlaps that NAT boxes generally include firewall settings too, but creating an IPv6 firewall with default settings that resemble IPv4 NAT is a trivial job (basically, block all incoming connections but allow all outgoing).
Run level 3 means that all networking and "user space" processes (web server, time daemon, login daemon etc) have started, but X Windows has not. A user can now log in at the terminal or via SSH (or probably TCP, given the obvious age).
At a guess the failed processes are part of a log writer, so probably /var is full, since that is where the logs go. It depends on the distribution, but probably /var is just part of the root file system. There should be a log rotation and expiry job run by cron once a day which deletes anything older than a week. At a guess, this hasn't been running.
Between Intel's on-going security issues, the high core-count of AMD parts and their superior single core performance I had already decided to make my next upgrade an AMD one, despite having opted for Intel for the last couple of decades. There is no question which is the better CPU at present.
The article says "Then there’s the fact that some ISPs just don’t see it impacting their bottom line and so can’t be bothered."
Its actually worse than that.
One of the things you want in a business is a barrier to entry for would-be competitors, the higher the better. If there is no barrier to entry then competition will drive prices down to the point where you can barely make any money (as any Uber driver will tell you). Having a barrier to entry lets you raise prices to just below the point where competitors would find it profitable to buy in.
Exhaustion of IPv4 addresses makes it difficult to start up a new ISP; you can't just request a few nice big /16 blocks to get you started, you have to go out and buy a /8 here and a /8 there. Meanwhile existing ISPs are sitting pretty with their existing pools of IPv4 addresses. In fact the secondary market makes those an appreciating asset, something else that businesses like to have.
If IPv6 becomes widespread then this barrier to entry disappears and the existing pools of IPv4 become worthless. So it is in the ISPs interests to delay this evil day for as long as possible.
I used to work in a related area where high accuracy, uptime and reliability are critical. Anything done on the live system had to be rehearsed on the test system first. It had to be done according to a written procedure which had been reviewed and approved beforehand. Part of the review was a risk assessment (i.e. ask "what could possibly go wrong?"). There also had to be a reversion procedure (i.e. "We screwed up; put it back the way it was").
We did have occasional outages, including one particularly embarrassing incident where "Do routine thing" was next to "Shut down the system" on a menu. But they were rare, and both management and engineering took justifiable pride in that.
One thing we would *NEVER* do is blame the engineer holding the mouse (short of actual malice). If they made a mistake, its because the system upstream of them enabled that mistake and set them up to fail. You don't shoot the engineer, you fix the system.
Why does the BBC need a ".onion" service?
TOR routes your packets through its "onion" layers to obfuscate your location, but when those packets reach an onion "exit router" they are put out on the normal Internet. So someone in Elbonia who needs to hide the fact that they are accessing the BBC can use TOR to go to bbc.co.uk, and the Elbonian Secret Service will be non the wiser.
The .onion domain works the other way round; if you want to offer a web server without giving away your location then you can generate a name in the .onion domain, and the TOR exit router will then route your packets to your secret server. This would be useful for an Elbonian dissident who wants to host a secret bulletin board, but publicly saying "We are the BBC and we offer bbcnewsv2vjtpsuy.onion" defeats the purpose of having a .onion address in the first place.
Company intranets that block NSFW websites (basically meaning all of them) do so using a HTTPS proxy. The browser connects to the proxy instead of the real web site and the proxy masquerades as the site. In order for this to work the browser needs to have a certificate for the proxy, basically telling it that the same certificate is owned by every single web site on the Internet. In-house PCs will have this certificate installed by the IT department, but obviously someone forgot to notify them about the fridge.
So this message is not the result of someone trying to access porn, its probably just from the fridge trying to phone home and getting a certificate error.
Which is actually a Good Thing: the fridge security is configured properly, at least for outgoing HTTPS access.
Trump is referring to a conspiracy theory about a "missing" DNC server containing Hilary Clinton's emails. According to this theory, the FBI deliberately failed to seize this server, and it was subsequently smuggled to the Ukraine by Crowdstrike, who were the company hired by the Democrats to investigate the hack which obtained the original emails. He wanted Zelensky to use his police force to go find this mythical server (presumably in the custody of the Knights Who Say Ni).
See https://www.rollingstone.com/politics/politics-news/what-is-the-crowdstrike-conspiracy-theory-890459/ or just google "crowdstrike conspiracy".
The fact that Zelensky is a professional comedian just adds extra wierdness. He was probably thinking "I could never have invented this in a million years."
What you look at, and for how long, is a big clue about what you like. If your eyes spend more time on something then its a good bet its because you like looking at it. People with weight problems often spend more time looking at food adverts or outlets. And which bits of which other people do your eyes tend to linger on? See this article for more details. https://www.vice.com/en_us/article/bj9ygv/the-eyes-are-the-prize-eye-tracking-technology-is-advertisings-holy-grail
Thanks for the reply. I must admit this was second hand information, so sorry for any errors.
I never meant to suggest that this happened merely because the Watchkeeper wasn't being flown by an officer, more that it wasn't being flown by a pilot. As you point out, the two are not synonymous.
The important difference between Watchkeeper and Air Force drones like Global Hawk is the mentality of the organisation.
In the Air Force, flying is done by Flying Officers, emphasis on Officer. To fly a drone you must be a properly qualified pilot with many hours in the cockpit. Air force drone user interfaces are designed on that assumption; the pilot is controlling the drone second by second, steering it on the correct course and altitude while monitoring airspeed and responding to any unusual situations as pilot in control. The Air Force will not buy a drone which does not require a pilot to fly it.
In the army, operating machinery is done by enlisted men (OK, maybe a few enlisted women as well). Officers have more important things to do. If it is complicated machinery then there may be a two week training course during which time you learn the drill. Hence the Watchkeeper user interface is designed on the assumption that it is going to be operated by someone who doesn't know how to fly, but can press the right buttons. The user enters waypoints on a map using click and drag as instructed by an officer who has decided what needs to be patrolled or surveilled, and the drone handles the aviation part. The Army will not buy a drone which requires a pilot to fly it.
So when something unexpected happens the Watchkeeper operator has no pilot's training to fall back on. Maybe at some point during the 2-week training course the sergeant instructor mentioned what to do if it takes off again after trying to land, but trying to remember exactly what the drill was a year later when it's never happened before is a bit too much to expect. Much easier to decide its gone out of control and hit the kill switch before it reaches somewhere populated.
If you sue them, you have a long court case and no working system.
If you withhold payment, they sue you and refuse to deliver. See above.
If you refuse to work with them again, you run out of contractors because the number of companies in any area of industry capable of taking on a hundred million pound project can be counted on the fingers of one hand.
You know the old saying: if you owe the bank £1,000 you have a problem, but if you owe £1,000,000 the bank has a problem? Its like that with big projects too.
A big project has work needed on both sides: merely writing the requirements and evaluating bids will be a multi-million pound project in itself. Then there is all the planning, adaptation, training, procedures etc. Property must be purchased, building space allocated. Its not just a matter of waiting for the delivery truck to roll up. And of course in the meantime the problems that drove the original procurement are still there and getting worse.
So when the contractor tells you that there is a problem and the budget needs to be increased you have to choose between abandoning all the work done so far and starting over with a new contractor, or else paying the extra. CoD terms make no difference to this. At best you will get a system that sticks to the letter of the contract but is entirely useless. At worst you will get a decade long lawsuit, at the end of which you might get some money. You certainly won't get a system that actually works.
Does the private sector do much better? The likelihood of project delivery on time and on budget decreases with project size, but very few companies are in a position to regularly bet hundreds of millions of pounds on giant projects. Those that do sometimes get it wrong too (the TSB fiasco springs particularly to mind).
When a big company does have a big project go pear-shaped the public don't generally get to hear about it; its not taxpayer money so its not a scandal. Everyone involved has an incentive to pretend that everything is really fine. So we have very little clue about whether government actually does worse than the rest of the world. Its possible that the UK civil service is comparatively good at project delivery.
No. Stupid as it is, it isn't that bad. Sites that show less than 33% porn are exempt. Not only is pre-moderation not required, but sites like Reddit (where NSFW material is permitted) do not need to implement the age block.
Of course this makes a nonsense of the claim that the ban is to stop children coming across porn *by accident*, but hey ho.
Anyone who knows anything at all about the Internet knows that this will make exactly no difference. It won't stop teenagers because VPNs, and the exclusion of sites like Reddit means it won't stop younger children coming across porn by accident.
The government knows this, and they also know that three months after it goes live we will have a Panorama programme about how ineffective it all is, followed by opposition calls for the Home Secretary to resign. The only way to avoid this happening is to never get around to implementation.
In 6 months there will be some other excuse found.
That's not how its going to work. The planned scheme won't use DNS blocks. You will get to the website, but if it detects that you are in the UK then it will put up the verification wall. If the website fails to put up the verification wall then the operator is liable under UK law (at least, if the UK.Gov know who they are and they ever come within UK jurisdiction).
The method of detecting that you are in the UK is presumably going to be based on IP address, which is why foreign VPNs are the obvious workaround.
Obviously this is speculation, but its quite possible that the second Grand Jury (the "I don't recall" one) is still sealed, so he can't tell anyone about it under US law. However when on the witness stand in the UK he was required to answer all questions fully and honestly. By claiming forgetfulness he could avoid breaking US law. If he was lying about his lack of memory then of course that would be perjury, but in the absence of mind-reading it could not be proved.
This poor guy is being left to dangle in the breeze for management failings. If his employer had properly protected their secret key then it would never have been possible to put it in a public repo.
The policy of hanging a minion who screwed up "pour encourager les autres" is a classic symptom of an immature organizational culture. Its the *system* that screwed up; the minion was just the last link in the causal chain. Hence the correct response is not to hang the minion but to fix the broken system.
Hutchins has been under house arrest "awaiting trial" for 2 years. Federal sentence guidance is complicated, but according to The Guardian he is likely to get 1 year each for the two counts. By an amazing coincidence this is the amount of time he has already served, as in the USA house arrest can be used as imprisonment for non-violent offenders. (Of course you have to pay for your own housing and food: in the USA you get the justice you can afford).
So it seems he has been given a choice between pleading innocent and staying under house arrest for an indeterminate period, or pleading guilty and getting out immediately.
Particularly in the USA any false statement to any federal official is a felony punishable with up to 5 years in prison. So when you talk to any federal official you need to watch your words with great care to make sure that you don't inadvertently commit a serious crime by mistake. This particularly applies when talking to federal law enforcement because they can and do use this to create crimes. Any corporate lawyer who knows that the FBI are going to come and talk to an employee will give them the same briefing and teach them the same weasel words.
"'I don't recall' [...] the exact template that crooks use so they cannot be accused of outright lying."
Honest people (at least, honest ones who have spent a few minutes talking to a lawyer first) also use it to make sure that an innocent failure of memory doesn't become a crime. In America the presumption of innocence only applies in the court room. The rest of the system just assumes that you are guilty.
There are a lot of free VPNs out there, but most of them are pretty scammy (big surprise there). If you are lucky you just get a bunch of adverts injected into your browsing experience. If you are unlucky you get your passwords stolen and malware delivered.
The people most likely to fall for these outfits are:
* Children (wow! think of the children!) because they don't have credit cards or spare money to pay for a reputable VPN.
* Unsophisticated adults who don't know any better.
* Poor people of all ages who don't have the spare money (see above).
So measures that are ostensibly aimed at protecting children will actually put them even more at risk than they are now.
For me the most stunning thing is the required accuracy. The observations were taken at a wavelength of 1.3mm. A telescope works "perfectly" if it is accurate to 1/4 of a wavelength (the Rayleigh Limit, not to be confused with the equally important Ralyleigh Criterion which is about the aperture). So the total error in the system had to be kept down to 0.4mm across the Earth. If I mention that the moon creates tides of up to 1m in solid Earth every day, and one of the telescopes was on a moving ice sheet, you will have some idea of the practical difficulties.
Timing was equally important. 0.3mm is 1 light-picosecond, so clocks accurate to 1ps had to be used to time the incoming signals.
What are you suggesting they should have done with the sheep?
* Knitted themselves some woollies?
* Set them on fire and gathered round to keep warm, just like Grandma did in the Great Patriotic War?
* Eviscerated them and curled up inside the nice warm bodies, like Han Solo and Luke Skywalker (hint: sheep are smaller than taun-tauns).
* Something NSFW to keep their extremities warm?
Biting the hand that feeds IT © 1998–2022