"This is achieved by manipulating and replaying cryptographic handshake messages." so that means that the mac address has been spoofed to make the AP think that he is always talking to the same mac address.
If I'm plugged into the router directly then i should be good because it eliminates the wifi handshake. So even though other devices on the wifi network could be affected, the node that is plugged in is safe against this?
So if i use my wired in node as an ssh tunnel out to the "internets" to tunnel all traffic from my wifi connected nodes then this mitigates the issue till updates come through?
That's a feasible option on laptops running macOS or Linux, but not for Android clients. Running a SSH VPN (tunneling all traffic) requires root and has a severe performance penalty (which you will notice on your battery). You'd notice it on the laptops as well, but I guess that matters less.
Funny enough, OpenBSD didn't impleemnt WPA(2) for a while. Instead, they were forcing their users to use IPsec and OpenSSH instead.
Debian repos and inherently Ubuntu's repos also have wpa_supplicant 2.4, we will see if they update to 2.6 or release a patch. Probably patch before 2.6.
It would be nice if there was a rule which package repos and distros would adhere to. The rule would adapt, such as all the packages that have had a security issues, will always be required to be updated to the latest versions in the next release or sooner. As vulnerabilities are discovered, the list of packages would grow and hopefully would prevent some future attacks. Obviously it's not full proof but every little bit counts.
There has always been a rule for bug-fix and security updates:
Apply the minimum necessary change to solve the problem.
This means cherry-picking the mainline patches where possible, or back-porting them where modification is required for them to apply (and work as intended) on older releases.
Especially with older versions it often isn't possible to update to a later upstream release because that depends on later versions of other packages. The dependencies can rapidly multiply to affect tens or even hundreds of packages.
Ubuntu patches were prepared and released within 4 hours of the security team being aware of the vulnerability. Same goes for Debian.
OpenVPN doesn't require root. You can use your own server or find a trusted commercial provider. I recommend airvpn, https://airvpn.org/?referred_by=287899
I had my home wifi configured like that for few years. AP without any security wired into network that was firewalled such that it only allowed ICMPv6 and OpenVPN. Sadly this worked ten years ago, but is completely unusable for various IoT-ish devices (for me, Wii was the device that made me to switch to WPA2-PSK)
Edit: also at that time this was at least subjectively significantly easier to setup than wpa_supplicant ;)
When "the bitcoin" starting gaining momentum, i thought that "bitcoin" and the public distributed ledger was an exercise to see if the psychology of people has evolved to reduce the dependence on institutions and find out if inequality is because of these institutions or the 1%. However as we are finding out, the same problems are arising but with new technology. The ones with money to risk are playing the game and the public distributed ledger and bitcoin is yet to show us anything different other than the status quo. Who gives a shit if it's decentralized and "transparent" if the problems that a lot of people touted bitcoin/blockchain would "solve" are just replicated. Kinda like who cares if there are many choices, if you don't have the capital to exercise those choices. I am beginning to think that bitcoin is just another channel to speculate on that promises anonymity but fails badly at it. Maybe it's pre-packaging as an antidote to pre-bitcoin financial structure was empty. I don't see how the average world citizen is able to invest with these prices, therefore aiding mobility. I thought wrong... but sure wish i bought it when it was $20 :)
On the last point about investing with "these prices" ... remember bitcoins are divisable into many decimal places. So you can "invest" $20 if that's all you've got, and you get an equitable amount (per current market conditions)
I still don't understand the volatility argument. Bitcoin is up 10X since spring 2016.... that volatility is not a problem! You just have to not care about the %30 up down in the middle.
The price is growing i agree. Volatility relating to security and assurance. Not being able to trust exchanges, having to trust the developers because majority of the people will not read the code for many reasons and lack of regulation. The fact that there is nothing to stop a bunch of people getting together and attempt to control the network. Which probably already has happened. These factors add up to volatility.
In what ways does Bitcoin recreate the status quo problems of (1) the central bank being able to print arbitrary amounts of money, and (2) all individual-to-individual payments subject to censorship by a very small number of third-parties?
There is nothing in the protocol that will prevent anyone from hoarding or buying large amounts of bitcoin because they already have the capital to begin with. Therefore you can think of those people as similar to institutions or the 1%. So bitcoin is just another investment mechanism. That's all. No panacea here, just an over-hyped new technology that helps create profit for the ones who already have money. One that currently is only available to people who have enough resources to risk. The panacea that "bitcoin" was touted as across the web and forums galore, is just utter bs. I see a world of many private blockchain implementations but nothing that solves these censorship and printing money issues you speak of. Since according to popular theory when you print money your currency get devalued, but bitcoin also goes down when a gov say we don't like it or someone decides to start cashing in at a large scale or overhype of an issue or underhype of another. The end result is the same, less value.
But here are your answers:
1) You live and take advantage of many things you might take for granted in a society that has a certain framework that must be maintained by service providers and it is maintained implicitly by the hordes of people on earth, when greed occurs or kinks in the system happen, printing money or not printing money are just tools to deal with issues.
2) Last time i bought something on craigslist, ebay, alibaba, amazon or from Sandy down the street i don't remember any censorship. I could be mistaken though. Maybe i did not think about something. I would like to see an example of this payment censorship you say largely affected your personal life.
Now definitely if you are trying to buy armored tanks, automatic weapons, drugs, women, censored dildos, yeah i could definitely see censorship. I just don't try to buy those things. :)
Don't get mad now, my sense of humor is an acquired taste :)
The %1 has preferential, essentially exclusive access to high risk, high reward investments, namely startups and hedge funds... but bitcoin and ethereum etc give regular people access to such invesmtents that accredited investors would previously had exclusive access to. This enables the %99 to invest in a way they couldn't before.
There are a lot of people who got rich because they got into bitcoin early... well, here's the secret-- it's still early. Very early.
Bitcoin solves the censorship issue-- nobody can stop you from transacting your bitcoin. It's not perfectly private, but things like z.cash and other technologies are enabling the anonymous own and control of bitcoin.
Printing money is a form of theft. People will pay for services they want. There's no problem for Amazon or Walmart or any of hundreds of service providers getting people to pay for their services. They don't have the ability to just print money to pay themselves (and give to the well connected-- it's ironic you call this a tool when we have seen $10T in new money issuance since 2008 that has mostly gone to politically connected %1 to enrich themselves at our expense.)
Censorship happens all the time-- government prevents you from buying insurance under Obamacare, for example. (literally, obamacare plans have no underwriting and thus are not insurance) that's a whole category of goods that are moral yet illegal to sell, and you are forced to buy an inferior product to replace it that doesn't deliver on the same promise.
Further, censorship is present in the form of border controls-- there were reports of agents stopping people on jetways as they were boarding jets to search to see if they were taking gold out of the country. From 1915-1975 approximately it was illegal to own gold in the USA and smuggling was occurring.... that's literal financial censorship and it ended not that long ago. There are a great deal of controls on USD movement, FINCEN wants to track your assets internationally, and ultimately restrict what you can move and when... that's censorship.
The 1% also has access to bitcoin. I would love to see the yearly incomes of people who invest in bitcoin and than we shall see about this "bitcoin is for everyone" rhetoric. Actually in fact, i would love to see a lot more transparency about the people who do invest in bitcoin, so the bitcoin story can be developed supported by more facts. So that way we will know who the interested parties are which will tell us lots about it.
The censorship issues you describe are describing people that already have money, so i don't know how these people don't follow in the above category. It sounds like these people don't want to pay any gov tax, well those are the kind of people that should stop using any of the services that society pays for using tax. They wouldn't go very far if that was to happen would they. I don't feel bad for them. If gov tax is such a big issue, why even live in society, money surely came to your pocket from society in the first place, you had to make it somehow, whether legally or illegally. So you definitely benefited. Essentially you are stealing from everyone in society when you are attempting to avoid tax or tariffs when moving your money out of the country. How much money do you really need man? The people that are investing in bitcoin are not living on a dollar a day.
Bitcoin is not for everyone and it does not make it easier for wealth to be distributed or aids upward mobility unless you count the early adopters which a lot of them just so happen to be insiders in the first place. Similar to insider traders.
Borders aren't going anywhere for a while. The real question is if these people have this money that are scared that it might be taxed or prevented from going out of the country. How did they make it in the first place?
The points you bring up have to do with people which do not want to support the society in which they live. They want to take more of the pie and bitcoin is an avenue for that at a larger scale than before.
I'm not looking for moral high ground here, but i just don't see how it benefits the regular population.
Ladies and gentleman, time to buy, it has been noted that suddenly bitcoin will solve the US health insurance problem. Right...
Smuggling will always occur before and after bitcoin.
It's really none of your business who owns bitcoin. This surveillance society we are in isn't keeping the %1 in check. bitcoin is a reaction to that, as well as to the fiat fractional reserve banking system.
People are happy to pay for internet service. If government was delivering value, then people would be happy to pay for it... alas, most of your tax money goes to blowing up brown people and paying off political allies than actually providing any services.
I always love the "if you aren't robbed as much as I think you should, you are stealing from me" argument.
Everyone who buys bitcoin today is an early adopter. We have not crossed the chasm. but we are getting close.
How people make their money is none of your business. And you legitimately cannot move large amounts of money outside the country without being spied upon. It's not a question of the source of the funds, but the government trying to control the flow of resources out of the jurisdiction as a result of their terrible management of the economy. That's what exchange controls are all about. Delaying the collapse of a hyper inflationary currency.
Yeah, you think people wanting to avoid theft are greedy, you're wrong.
You're not even responding to the healthcare point, misrepresentation isn't impressive.
Really sounds like you have a major axe grind, but I gotta tell you, buddy, so long as you go around thinking other people are your property to enslave you're going to have a bad time.
Bitcoin is liberating us from authoritarians like you.
Oh now the government is stealing from you. I think it's time to open the faraday cage and come out. Everything is everyones business, now i am the oppressor because i ask questions and don't drink your bitcoin kool aid. right... We need more people like you liberating us from the phantom forces of evil, i award you the golden cross of the bitcoin nation, mission accomplished. I didn't respond to the healthcare point because it's a bullshit attempt at an anchor which has no basis.
For the record, i have no axe to grind, i could care less because i am not involved in trading bitcoin. Just want to understand it better and clear the smoke a bit.
(1) Bitcoin Cash, Bitcoin Gold, etc. Effectively "printing money". Perhaps not entirely arbitrary, as it's limited to the number of bitcoins in existence in the "main" chain at the time of the fork, but good enough.
(2) There are a very small number of third parties that control the vast majority of hashing power
Majority of managers do not want people that see through their bs. After all they need to manage. Someone who sees through their bs is not as pliable as an inexperienced hire. They want the naivety because it is exploitable just like ignorance. Remember most managers are trying to move up and if you pose a risk, they won’t have that. This is also part of the reason why there exist so many collaboration tools. If we placed collaboration above competition just maybe the company would be a better place to work. Instead of this competitive minefield where everyone is just looking for the next opportunity to step up at the expense of others and at the expense of collaboration.
These types are the easiest to game though. Just tell them what they want to hear, and deliver something occasionally. Then you're considered to be a star. Rinse, repeat.
Of course privilege affords you a cushion for many things, not only taking risks. That happens in any environment since "money" correlates to a safety net which could translate into the ability to take time to work on what you want. Some countries which have more supporting social systems also support more risk taking, because if the risk taking doesn't work out, the social system will support you to your next career change or re-education programs will let you shift to another field you are interested in. It is much easier in these countries to stop working in your current field and shift to another field. Since education is payed by the state. In the US the divide between the risk takers and the stable situation agents can't only be associated with wealthy support network(family). Since peoples values and levels of what comfort is can vary dramatically. So dvts example actually illustrates this quite strongly. People from a third world country have put up with different levels of poverty or non-access to comforts, so what they consider risks or comforts are different than what people in first world countries consider risks and comforts. The other thing is that people that live with more risks and are brought up in risky environments are more comfortable with taking risks. Success in an immigration story is dependent on many factors, hard work and a lot of luck.
the smartphone is just a tool, how you use it is up to you! nobody is making you use it, but companies spend millions to figure out better ways to psychologically mindfuck you since you have been conceived. to get you to buy things or behave a certain away which leads to them capitalizing on your behavior. this is not new, one movie which describes this is: https://en.wikipedia.org/wiki/The_Century_of_the_Self
the smartphone is simply the delivery mechanism because it is with you at all times, just like social pressure and environment, they all carry messages, but it is up to you to choose to respond and how to respond, one could argue that if you are conditioned like this since birth because of media, by the time you are an "adult" <-- whatever the fuck that means... and high on the legal stimulants and running on the hamster wheel which turns into profit, i doubt you will even notice. but the irony of all this is that it is all optional if you understand it so...
who cares, if you know your shit, you walk in the interview and make them feel stupid, make them feel like you have a monopoly on knowledge, like it oozes out of you and drips to the floor and if they don't lick it off they might miss something, lol, then they would be stupid to pass on you, then they will surely want you on their team. but you can only do that if you really learn or you can bs to a professional level
there are many ways into the castle, some people walk in the front door, some take the back door, some sneak through the side gate and some ride on the shoulders of others..., some fuck the manager or blow the boss, or maybe play golf at the same golf club or are in the same motorcycle club, or fuck the same prostitute and catch each other at the door and have an understanding, or have the same drug dealer
if you are sitting on the sideline keeping score, you might end up hungry while someone eats your bread.
it doesn't matter what color the cat is, as long as it catches mice. but my moms favorite quote was machiavelli's maxim, the end always justifies the means
i guess the question is, if you would be in their shoes? you would read this article and say, damn right!
i still think in a lot of corporate environments, money is definitely being made on the side by the decision makers when it comes time to pick an outsourcing firm, or award a contract to a contracting company, you know, you jack me off and i will jack you off later kinda thing, gotta grease the wheels of the company politics once in a while or else you might get caught not working
> if you walk in the interview and make them feel stupid
... then you won't get hired, because nobody wants to hire an asshole with such poor social skills that they can't talk to someone without talking down to them.
how is showing your mental prowess talking down to "them"?, that is what interviews are for, you probably don't want to work for anyone who can't stand in a room with someone smarter then them, remember everyone is different, you will only feel stupid for a little while or in a state of lacking something, but in some cultures this behavior would be taken as a direct insult, i agree with you there, but hopefully you don't live in those countries, where everything is personal and macho...
"i still think in a lot of corporate environments, money is definitely being made on the side by the decision makers when it comes time to pick an outsourcing firm, or award a contract to a contracting company, you know, you jack me off and i will jack you off later kinda thing, gotta grease the wheels of the company politics once in a while or else you might get caught not working"
I know for a fact that this happens excessively at a very big, well know and well respected company. Huge levels of corruption and under the table payments for outsourcing/contract labor.
well there are so many companies out there, for sure this happens, someone sitting somewhere at a desk thinking... "i'm already making 200k but, i could definitely use a few more grand just to cover what i'm losing on taxes, damn taxes lol"
i’m surprised not a single interest group has hired a company like cambridge analytica to influence popular opinion of bitcoin, or a fake news network to aid in pushing the price higher, not that we would know about it, the big players in bitcoin would benefit from a scheme like this, it would be a small investment for greater returns, i am interested to see if it will ever reach a point where people will feel comfortable with it’s volatilty, but i strive to understand how the control of bitcoin network and its software is not in the hands of who contribute code, are we trusting a few now compared to a few banking institutions, is that the underlying tradeoff?
How do you know they have not? As I understand Cambridge Analytica work rather discretely, so how do you know a piece on Bitcoin by say NYT (or even this!) isn’t funded by them?
it is a possibility, i guess they would pay the journalist or influence his sources, i guess the old adage of who controls context or environment somewhat therefore controls opinion... similar to the sort of things that spy agencies engage in
The open source nature of Bitcoin, makes sure that development can always be forked. We saw this as recently as with the creation of Bitcoin Cash, which forked form Bitcoin to implement bigger blocksizes, and which is not developed by Blockstream. In the end, if you don't read the code, you'll have to trust someone else did, and would raise a fuss about any shady findings.
Maybe the reason why a lot of “web apps” are so complex and huge has something to do with over engineering, developers loving lazyness as a good trait of their craft. Which results in undiscipline, then you add pressures from management to produce faster rather than focus on simpler solutions. I don’t see how these factors would not creep in into any “newweb” platform. Things are complex because of people, not machines. After all we made them so. Unless you have strict standards that are adhered to by lots of parties, i don’t see a way out of complexity, clutter, large size .js downloads. Then you add competition which does not have anything to do with rules, rather it loves breaking them to get a higher margin. That doesn’t really add simplicity to the mix. I happen to like the way the web is going and this “newweb” business sounds like the ever growing .js framework churn. I agree there are problems but definitely not structural enough to warrant a restructure. Then again that is the power of the web, anyone can pursue this.
I visited China for a month and my view is limited, but i do not think the average Chen in China cares about this, just like the average John in America doesn't. They are happy to be able to grow their personal GDP as much as they can. A lot of people there are part of the waves of the population that are provided incentives to relocate from rural areas to urban areas. Censorship is their least concern. They are happy to be able to have access to new products and start businesses and help their kids develop as best they can. Throughout my travels in other countries in Asia, i met a few students which will be going to Chinese universities. One of their reasons was that Chinese universities have bigger budgets for research compared to their respective countries. So that was highly attractive to them in their educational development. From walking around i got the impression that China inflates their GDP by constant construction and tear down and construction again. I am inclined to believe that this happens also in the tech industry. This churn creates jobs, companies in a loop and makes the economy look stronger that it actually is. I also saw many empty apartments and was told about this as well. Imagine how much money China would loose if people would solely use western alternatives of the apps they currently use. This GDP churn they have going there could not be done if your population is using solely western products. I do think there is an economic reason as well. I happen to like WeChat, you can do many things with it. I watched this dude i met there buy a hat from a street vendor and payed her with the app, super easy. The convenience that is baked in that app is awesome. I wish we had something like that in the US.
I lived in China for many years and you are right. Most Chinese people reaction will be "Meh.." and they will move on with their life and just use a VPN if they really really need WhatsApp.
A lot of western people are now probably frantic to get the WeChat addresses of the Chinese people they only had on WhatsApp, so they can ensure their production line or development people are on track.
We need them more than they need us. That is the problem.
I lived in China for 9 years and could never find a working VPN that would last more than a month. So I just didn't bother using anything outside of work. It was ironic that I worked for Microsoft, would use Bing at home, and used Google at work because...I could.
> We need them more than they need us. That is the problem.
Disagree. They still want our business, they will find ways to make it through the disruption. China is not ready to close itself from the rest of the world economically.
Did you ever use Shadowsocks in lieu of a VPN? AFAIK, it suffers no traffic disruption (worked great for me when I connected to either my own US-based house or an AWS server in Japan)
> We need them more than they need us. That is the problem.
Actually the problem is that the west has no higher moral ground than the east. Not a single US person here uses a chinese app or plans to use one. There is a reason for this.
There is no moral high ground period. People who talk about moral high ground are usually just insecure and/or looking to save face.
US people don't use Chinese apps because they are not competitive and solve problems that are China-specific. Heck, its just not US people, but Taiwan people, Hong Kong people, Singapore people, Japanese people, Korean people, Myanmar people, Cambodia people, etc...
If I'm plugged into the router directly then i should be good because it eliminates the wifi handshake. So even though other devices on the wifi network could be affected, the node that is plugged in is safe against this?