I just now read the article with Firefox and NoScript. No NYT paywall for me.
I just now tried with Safari, after turning off JavaScript. No problem viewing the entire article, including pictures. Of course I reset Safari before opening the URL, just to make sure there were no existing cookies, etc.
I love the NYT paywall. The only way they could have made it easier to bypass would have been to include directions on how to disable JavaScript at the top of every page! BTW this is deliberate. It's not like they're idiots. They intentionally decided to make the paywall easy to get around.
Most people if they run into this often enough will just pay the $15/month, for various reasons. For those that don't have any money, simply viewing in incognito mode is sufficient to bypass the paywall.
Of all the things that I spend money on each month, though, the $15 that I send to NYT is easily the one I feel that I get the most value from.
"This easy trick, known to every college student, led some to deride the Times as a technological tyro. People in the news industry, however, say the Times deliberately chose to make the paywall “leaky” so as not to alienate casual visitors."
"While critics say the gaps highlight flaws in the newspapers' new business model, the Times says the holes are deliberate and meant to encourage openness across the Internet."
I'm intrigued by the idea that he had to close his laptop and law enforcement had to prevent that. Is there a widely available dead-man's switch that, say, logs the user out when contact is lost? It seems like the privacy-focused would benefit from such a device. I'm envisioning a USB fob, attached to a bracelet, that triggers logout when it's disconnected, so by raising your hands, you've logged out.
> I'm envisioning a USB fob, attached to a bracelet, that triggers logout when it's disconnected, so by raising your hands, you've logged out.
This exists, it is called pamusb[1] and it allows you to automatically log in and log out using a usb stick. It would be simple to add password as well. The problem is, if your machine is still powered on, they can patch into the PCI bus and dump your RAM using DMA[2]. Most disk encryption stores the master key in RAM, so if they can dump your RAM they can decrypt your harddrive. GAME OVER!
You really want something that cuts power to your laptop so all state is lost. It's not hard to build such a thing:
1. Setup your laptop to use full disk encryption,
2. remove the battery from your laptop,
3. pull the power cord to "instantly log out".
One could even attach a string from the power cord to the door so that the laptop loses power if the door is opened. Cold-boot attacks[3], where they remove your RAM before it loses state, could be a concern, but they would have to disassemble your laptop very very quickly (within 30 seconds, perhaps longer if they just threw the laptop into a tub of liquid nitrogen). A counter measure would be to epoxy your laptop together to prevent quick disassembly (or use a macbook air those things are impossible to take apart quickly and the RAM is soldered in place).
It should be standard operating procedure to randomly overwrite all non-OS data stored RAM when a user logs out. Maybe someone with most experience in disk encryption can tell me which products do this.
I generally prefer the idea of a thermite charge planted on the ram. Cold boot? Try that when the dram goes from 40 to 300 in two seconds.
Then again, encrypting your drive and making sure the encryption key is safe might be slightly more sane than turning your macbook into a puddle of aluminium.
Linux has functionality to wipe encryption keys from memory (and require their re-entry) without unmounting the encrypted filesystem (see "luksSuspend" in the cryptsetup man page). Unfortunately, I don't know of any screen locks that automatically tie into it.
Tresor is really cool but most disk encryption stores the master key in RAM. *
Even assuming that your master encryption key can't be extracted from RAM, coldbooting is still a threat.
For instance they get anything in RAM (files being edited, program state, passwords, emails, web cookies).
Maybe you played a RAM intensive video game that overwrote everything or perhaps you just finished writing a quicken books entry for your counterfeiting operation. Do you feel lucky?
Couldn't that be accomplished with a bluetooth connection from your mobile phone? Maybe not as effective as a bracelet, but it probably could have gotten the job done in this case.
So a friend that worked at DIA says .gov and .mil gear often contains acid in glass surrounding drives and circuits. (Thermite is just in the movies.)
What a security-conscious user really needs is laptop storage that can be quickly destroyed. An SSD would be the easiest to destroy with a strong acid or base (fuming nitric acid will just decap the epoxy). Perhaps someone here knows which would work best.
Didn't even Dell sell servers with a small amount of explosives so that the disk and memory go boom on unauthorized open? (amount comparable to the amount in in airbag -- yes, your airbag has explosives) At least one of the brand names did, as I recall.
The last three paragraphs are the most interesting. I wonder how many sellers and buyers the FBI will be able to identify from following the Bitcoin blockchain.
Stopped reading after they equated 'a man who helps drug dealers' with 'sociopath'. There are a lot of reasons a good smart man would want use his technical skills to help spread narcotics.
There's an essay by Aleister Crowley, 'Cocaine', where he argues that free drugs (even hard ones) are better for the society as a whole.
Maybe if you'd decided to keep reading instead of leaping to a self-righteous conclusion you'd have noticed that they called him a sociopath because of his attempts to hire hitmen not because he was involved in drug sales
And then they further argued that he hired hitmen to protect Silk Road which he thought was changing the world for the better. And that unlike others with similar websites, he never ran off with the money. If anything, the article was pretty darn positive for a guy who wanted to kill people.
If there's one reason to keep politics off HN that we should all be able to agree with, it's to keep us from finding out that people we talk to here believe it might be justifiable to kill people to protect a website.
I suspect that most of us believe it might be justifiable to kill people to protect a website.
Do you (or anyone else) oppose having armed guards protecting a data center? Armed guards protecting a data center means that someone might get killed to protect a website.
(You can draw other moral distinctions, and I'm not defending this guy in particular. I'm just pointing out that the specific argument you are making is most likely incorrect.)
Big doors and time-locks are likely to work better. Side-arms to protect computers is just security theater.
The only reason I can think of to have armed guards at a data center is if the people working there are at a real risk of armed attack, not the computers.
edit - also if your site security and uptime is dependent on some people with guns at a datacenter, then you are doing it wrong.
Thank you. Please substitute in your head the argument reasonable people can infer I intended to make for the argument my words accidentally included. :)
Funny you say that, because that's exactly why I come here -- I want to hear people come out and say the things they're thinking of saying but wouldn't because it would violate some social guideline. I was having a conversation with a libertarian the other day (in fact it actually was a dinner party) and I kept getting the feeling that on certain points he /wanted/ to go to logical extremes (as did I) but didn't, because if we had gone there we'd inevitably end up talking about some pretty heavy stuff, including my country's history and how we mistreated many people. But the reality is that it actually is really hard talking about these things face-to-face (it is, at least to me). Online, where most memory is ephemeral as concerns people's identities on large forums, you don't know my race, religion, creed - you're not going to waste mental power trying to word things so that I don't get offended, you'll just come out and say what you mean. That's really what I want. But even I can't do this in real life (or at least, have significant trouble doing it), so I come here... and other places online to talk about those things. Because, if I'm not talking about these things at the dinner table, then where else would I talk about them if not online?
I'd rather that we just get down and dirty, in an honest and direct manner. We often sacrifice progress on many issues by getting set back by social rules. Let's stop doing that.
The sociopath part was where he simultaneously was a kind, caring, sensitive person, while simultaneously comfortable ordering the execution of somebody, and three of his completely innocent roommates. That part is pretty messed up.
