Create an Account
username: password:
 
  MemeStreams Logo

It's always easy to manipulate people's feelings. - Laura Bush

search

Decius
Picture of Decius
Decius's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Decius's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
   Sci-Fi/Fantasy Films
  Music
   Electronic Music
Business
  Finance & Accounting
  Tech Industry
  Telecom Industry
  Management
  Markets & Investing
Games
Health and Wellness
Home and Garden
  Parenting
Miscellaneous
  Humor
  MemeStreams
Current Events
  War on Terrorism
Recreation
  Cars and Trucks
  Travel
Local Information
  United States
   SF Bay Area
    SF Bay Area News
Science
  Biology
  History
  Math
  Nano Tech
  Physics
Society
  Economics
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
Sports
Technology
  Computer Security
  Macintosh
  Spam
  High Tech Developments

support us

Get MemeStreams Stuff!


 
"I don't think the report is true, but these crises work for those who want to make fights between people." Kulam Dastagir, 28, a bird seller in Afghanistan

Errata Security: Versign's Bad Response to the MD5-SSL Crisis
Topic: Miscellaneous 1:02 pm EST, Jan  9, 2009

I previously commented on Verisign's incredulity at the fact that the researchers who produced a phoney SSL certificate didn't put them in the loop prior to public disclosure of their research.

It appears this incredulity has produced a bit of a debate. I'm linking Rob Graham who weighed in the subject:

The researchers behaved perfectly and responsibly. Their worry about being suppressed was justified, and their secrecy was an appropriate response. The very fact that Versign could quickly fix the problem in a day, but malicious hackers would need at least a month to replicate the feat, means that notifying Verisign ahead of time wasn't needed.

He links to a post from Alexander Sotirov who also took issue with Verisign's position:

In a recent post on his company blog, Verisign's vice president of marketing Tim Callan commented on the disclosure of our MD5 collision attack:

VeriSign did not receive any of [the] information ahead of the actual presentation, rendering it impossible for us to begin work on mitigating this issue prior to this morning.

I feel that this statement is inaccurate. Not only did we contact Verisign before our presentation to let them know about our research, we also strongly advised them to stop using MD5 as soon as possible and were given a chance to review their mitigation plans.

Callan responded in the thread on his blog.

Here are the facts as I understand them.

- The "trusted intermediary" was under a strict NDA with you and didn't feel it could reveal anything that was actually actionable or useful. Your NDA prevented the intermediary from telling us what would be announced, by whom, or when.

- You didn't invite us to view the presentation in person or on the webcast. Had VeriSign not discovered by other means that this presentation was coming, we may not have had the opportunity to hear what you had to say until after the fact.

- In addition to Microsoft and Mozilla, at a bare minimum you briefed The Washington Post, Wired Magazine, CNET, and IDG News Service prior to your announcement. You also briefed one or more active security bloggers. Based on the reports from these people, it appears that you obtained promises from them not to share with us either.

- You stood on stage in front of a room full of people and explained that you had actively sought to prevent us from finding out. You had a slide thanking the lawyers who helped you prevent us from finding out.

- VeriSign acquired the RapidSSL product line as part of its acquisition of GeoTrust in September of 2006. That's when we began our process of learnin... [ Read More (0.2k in body) ]

Errata Security: Versign's Bad Response to the MD5-SSL Crisis


BK Offers Facebook 'Sacrifice'
Topic: Miscellaneous 11:27 am EST, Jan  9, 2009

The app rewards people with a coupon for BK's signature burger when they cull 10 friends. Each time a friend is excommunicated, the application sends a notification to the banished party via Facebook's news feed explaining that the user's love for the unlucky soul is less than his or her zeal for the Whopper.

Wow!

BK Offers Facebook 'Sacrifice'


GT VentureLab: It's the Execution, not the Idea that Matters
Topic: Technology 8:37 am EST, Jan  9, 2009

Frank Herbert, author of Dune, told ... how he had once been approached by a friend who claimed he (the friend) had a killer idea for a SF story, and offered to tell it to Herbert. In return, Herbert had to agree that if he used the idea in a story, he'd split the money from the story with this fellow. Herbert's response was that ideas were a dime a dozen; he had more story ideas than he could ever write in a lifetime. The hard part was the writing, not the ideas.

Herbert might as well have been talking about technology. Don't get me wrong. Ideas are important. Research is critical to advancing our society. But when it comes to commercialization, it is only a small part of the puzzle.

GT VentureLab: It's the Execution, not the Idea that Matters


FT.com / Asia-Pacific - Financial blogger arrested in South Korea
Topic: Miscellaneous 10:18 pm EST, Jan  8, 2009

South Korea said on Thursday it had arrested an elusive blogger accused of undermining the country’s financial markets with his doom-mongering, ending a case that has illustrated government unease with the growing influence of online ­gossip in the world’s most-wired economy.

I am disappointed to hear that South Korea is no longer a free country. I mean that in all seriousness.

FT.com / Asia-Pacific - Financial blogger arrested in South Korea


Merrill Lynch on how fucked things are
Topic: Miscellaneous 3:45 pm EST, Jan  8, 2009

Fully 35% of a person’s FICO score boils down to one’s history of making
payments on time. The average FICO score today now is down to 690 after the
borrowing spree of the past seven years. Yet to obtain a plain-vanilla 30-year
fixed rate mortgage, the minimum score is 760. For a 15-year HELOC, it is 740.
And, for a three-year auto loan, the minimum FICO is 720. This is a primary
reason why the credit cycle is not about to be revived. It is not that standards are too tough as much as the unprecedented borrowing binge over the past seven years has left the household sector, at the margin, with a credit profile that is too risky for the banking community to justify to their shareholders.

Merrill Lynch on how fucked things are


Oakland Turns Violent Over Shooting - NYTimes.com
Topic: Current Events 2:19 pm EST, Jan  8, 2009

Protesters angry over a deadly New Year’s Day shooting of a young black man by a transit police officer erupted into violence in downtown Oakland on Wednesday night while investigators struggled to determine what prompted the officer to fire his gun into the unarmed man’s back.

Riots begin in Oakland. More here. 105 arrests. I agree with this:

But UC Berkeley Boalt Hall Law School professor Franklin Zimring, a criminal justice expert, said "absolutely conclusive" videos of the shooting have convinced him there's no possible justification for Mehserle's actions.

"It's accident versus intention, but justification is off the table."

Whether Mehserle meant to draw his Taser but accidentally drew his firearm, or whether he meant to draw his sidearm but didn't mean to fire it, it looks like involuntary manslaughter, Zimring said.

In the absence of a statement from Mehserle, the proper thing to do is to charge the case based on the evidence at hand and then hear his side of the story later, Zimring said.

Anyone who was not a police officer would be in custody already.

Oakland Turns Violent Over Shooting - NYTimes.com


Karl Rove’s Factually Challenged Housing Revisionism | The Big Picture
Topic: Miscellaneous 1:08 pm EST, Jan  8, 2009

As the saying goes, you are entitled to your own opinion, but not your own facts. The instant historical revisionism by Karl Rove in today’s WSJ — mythmaking writ large — contains an egregious combination of false statements, crucial omissions and misleading assertions.

As recently as 6 months ago this sort of self-delusion that has been the hallmark of Conservative thinking in the past years was extremely frustrating, because they were in power. Its been a constant pattern: telling themselves that Iraq had WMDs or that FISA doesn't constrain the power of the President or that the EFF is "in it for the money" or that the UN and the Geneva conventions are irrelevant or that Brown was doing a good job running FEMA... They do it by lying to themselves, over and over and over again until their believe their own bullshit and are comfortable with what they've done.

Believing your own bullshit has consequences. It had consequences in Iraq, it had consequences in New Orleans, it had consequences for our economy, and it will have consequences domestically and internationally when the civil liberties and Geneva conventions chickens come home to roost. Each step of the way people have been calling Conservatives out on their bullshit, and finally after 8 years enough people have finally caught on that the Republican party is no longer in control of the government. But they still haven't learned their lesson. They still haven't figured it out. They are still lying to themselves. They still don't take what they're doing seriously enough to face it honestly. And what scares me is that they are down, but they are not out. These people cannot be allowed back into power until they realize what was actually at the heart of their demise, and it sure as hell wasn't that they "weren't conservative enough" - another line of bullshit their pundits tell them.

We simply haven't seen enough of the Democrats in recent years to know to what extent they suffer from the same problem. The claim that there is no problem with social security was certainly troubling, as was their unwillingness to give the surge time to work before calling it a failure.

What this country needs more than anything is leaders who are not full of shit. Is that too much to ask?

Karl Rove’s Factually Challenged Housing Revisionism | The Big Picture


Lazyweb: Hard Drive Degaussing
Topic: Miscellaneous 10:00 am EST, Jan  8, 2009

I have some hard drives. I want to throw them out. They have data on them. Some of that data is personal correspondence and some of these hard drives are rather old and I have no idea what is on them, but I'd rather not provide that data to whoever happens to be buying stuff from the local computer recycling center on the off chance its personal. Furthermore, if the government is going to hold that police searches of garbage can be conducted without either a search warrant or any constitutionally required factual predicate than one must assume that all garbage is monitored by the state. Anything less would be a pre-911 mentality. If you are willing to provide the state with warrantless access to your hard drives there is really no point in complaining about 4th amendment issues or warrantless searches at borders, for example. So, I can't just throw these drives out.

Unfortunately, my local computer recycling center makes stern warnings that they are not responsible for data on devices given to them. I don't see why they won't just buy a degauser, but I'm guessing they don't have one, and I'm not going to go out and drop 2 grand on an industrial degauser for my loft.

This puts me in an odd position that I'm sure many of you have also been in:

What do you do with old hard drives? Do they become a permanent part of your electronics junk pile, carried with you everytime you move? Do you know of an inexpensive way to destroy them?


RE: Police fatally wound man at Oakland BART station on NYE
Topic: Society 3:54 pm EST, Jan  7, 2009

Doing some digging, there seems to be a problem with officer involved shootings in Oakland. One officer has killed two unarmed men in 2008, one of whom was shot in the back while running away. That officer is on leave but no charges have been filed. The Oakland police held a public forum on the issue in December, at which they insisted that "It's not because the officers are doing anything wrong." Regardless of whether or not that is true in this case, this latest incident is a match on a tinderbox.

Ironically, this occurs when a movie is being released about Harvey Milk, which may evoke sore memories in that metro area.

Throw in some economic hard times to boot, and you have a real possibility for a riot.

For me, the real source of frustration in incidents like this is that police seem to be given the benefit of the doubt... placed on paid leave during long investigations... whereas some "street thug" (read black teenager) under similarly questionable circumstances would have been arrested and charged with murder before the ink was even dry on the police report. It would be easier to trust the justice system to reach the right conclusion in incidents like this if that system at least gave the appearance of being blind. It does not.

RE: Police fatally wound man at Oakland BART station on NYE


Obama picks RIAA's favorite lawyer for a top Justice post | Politics and Law - CNET News
Topic: Miscellaneous 9:34 am EST, Jan  7, 2009

One of Obama's first tech-related decisions has been to select the Recording Industry Association of America's favorite lawyer to be the third in command at the Justice Department. And Obama's pick as deputy attorney general, the second most senior position, is the lawyer who oversaw the defense of the Copyright Term Extension Act.

Some argue that a lawyer is an objective advocate of his client's interests, which should not be read as his own, but there is a very strong relationship between the leadership of the Democratic party and the upper echelons of the copyright maximalism movement, and these lawyers, along with Joe Biden, are right in the middle of that relationship.

Obama picks RIAA's favorite lawyer for a top Justice post | Politics and Law - CNET News


(Last) Newer << 173 ++ 183 - 184 - 185 - 186 - 187 - 188 - 189 - 190 - 191 ++ 201 >> Older (First)
 
 
Powered By Industrial Memetics
RSS2.0