
Eagle scout. Idealist. Drug trafficker? - hansy
http://www.nytimes.com/2014/01/19/business/eagle-scout-idealist-drug-trafficker.html
======
mcescalante
Grr, NYT paywall annoys me sometimes. Saved me some time though, seems like
link bait after reading the first two paragraphs (and leaving).

~~~
PhantomGremlin
I just now read the article with Firefox and NoScript. No NYT paywall for me.

I just now tried with Safari, after turning off JavaScript. No problem viewing
the entire article, including pictures. Of course I reset Safari before
opening the URL, just to make sure there were no existing cookies, etc.

I love the NYT paywall. The only way they could have made it easier to bypass
would have been to include directions on how to disable JavaScript at the top
of every page! BTW this is deliberate. It's not like they're idiots. They
intentionally decided to make the paywall easy to get around.

~~~
phaus
>BTW this is deliberate. It's not like they're idiots. They intentionally
decided to make the paywall easy to get around.

Never attribute to cleverness what can be adequately explained by
incompetence.

~~~
jcc80
They've stated publicly they made it easy to get around.

~~~
phaus
Did they do it on launch, or just after it was widely publicized that
bypassing their paywall is laughably easy?

Edit: Afterwards. I'd be more inclined to believe them if they had said it
from the start.

~~~
jcc80
"This easy trick, known to every college student, led some to deride the Times
as a technological tyro. People in the news industry, however, say the Times
deliberately chose to make the paywall “leaky” so as not to alienate casual
visitors."

[http://paidcontent.org/2013/02/11/new-york-times-plugs-
big-l...](http://paidcontent.org/2013/02/11/new-york-times-plugs-big-leak-in-
paywall/)

"While critics say the gaps highlight flaws in the newspapers' new business
model, the Times says the holes are deliberate and meant to encourage openness
across the Internet."

[http://abcnews.go.com/Technology/paywall-york-times-
readers-...](http://abcnews.go.com/Technology/paywall-york-times-readers-spot-
holes-read-free/story?id=13248395)

Also remember reading a couple quotes by NY Times execs/spokespeople that it
was intentional.

------
kevinmchugh
I'm intrigued by the idea that he had to close his laptop and law enforcement
had to prevent that. Is there a widely available dead-man's switch that, say,
logs the user out when contact is lost? It seems like the privacy-focused
would benefit from such a device. I'm envisioning a USB fob, attached to a
bracelet, that triggers logout when it's disconnected, so by raising your
hands, you've logged out.

~~~
EthanHeilman
> I'm envisioning a USB fob, attached to a bracelet, that triggers logout when
> it's disconnected, so by raising your hands, you've logged out.

This exists, it is called pamusb[1] and it allows you to automatically log in
and log out using a usb stick. It would be simple to add password as well. The
problem is, if your machine is still powered on, they can patch into the PCI
bus and dump your RAM using DMA[2]. Most disk encryption stores the master key
in RAM, so if they can dump your RAM they can decrypt your harddrive. GAME
OVER!

You really want something that cuts power to your laptop so all state is lost.
It's not hard to build such a thing:

1\. Setup your laptop to use full disk encryption,

2\. remove the battery from your laptop,

3\. pull the power cord to "instantly log out".

One could even attach a string from the power cord to the door so that the
laptop loses power if the door is opened. Cold-boot attacks[3], where they
remove your RAM before it loses state, could be a concern, but they would have
to disassemble your laptop very very quickly (within 30 seconds, perhaps
longer if they just threw the laptop into a tub of liquid nitrogen). A counter
measure would be to epoxy your laptop together to prevent quick disassembly
(or use a macbook air those things are impossible to take apart quickly and
the RAM is soldered in place).

It should be standard operating procedure to randomly overwrite all non-OS
data stored RAM when a user logs out. Maybe someone with most experience in
disk encryption can tell me which products do this.

[1]: [http://pamusb.org/](http://pamusb.org/)

[2]:
[http://en.wikipedia.org/wiki/DMA_attack](http://en.wikipedia.org/wiki/DMA_attack)

[3]:
[http://en.wikipedia.org/wiki/Cold_boot_attack](http://en.wikipedia.org/wiki/Cold_boot_attack)

~~~
dia473
[2] is not really an issue: [http://www1.informatik.uni-
erlangen.de/tresor](http://www1.informatik.uni-erlangen.de/tresor)

~~~
EthanHeilman
Tresor is really cool but most disk encryption stores the master key in RAM. *
Even assuming that your master encryption key can't be extracted from RAM,
coldbooting is still a threat.

For instance they get anything in RAM (files being edited, program state,
passwords, emails, web cookies).

Maybe you played a RAM intensive video game that overwrote everything or
perhaps you just finished writing a quicken books entry for your
counterfeiting operation. Do you feel lucky?

* You can patch your kernel so that DM-crypt uses Tresor, so it is possible. I don't know how it handles the inode keys. [http://www1.informatik.uni-erlangen.de/tresor?q=content/read...](http://www1.informatik.uni-erlangen.de/tresor?q=content/readme)

------
cpncrunch
I find it ironic that he was thinking of relocating to Dominica, which seems
to have income tax rates comparable to the USA.

------
scotty79
Awesome story. That could be a base of great Breaking Bad style series.

------
jackgavigan
The last three paragraphs are the most interesting. I wonder how many sellers
and buyers the FBI will be able to identify from following the Bitcoin
blockchain.

------
ansgri
Stopped reading after they equated 'a man who helps drug dealers' with
'sociopath'. There are a lot of reasons a good smart man would want use his
technical skills to help spread narcotics.

There's an essay by Aleister Crowley, 'Cocaine', where he argues that free
drugs (even hard ones) are better for the society as a whole.

~~~
joshuapants
Maybe if you'd decided to keep reading instead of leaping to a self-righteous
conclusion you'd have noticed that they called him a sociopath because of his
attempts to hire hitmen not because he was involved in drug sales

~~~
logn
And then they further argued that he hired hitmen to protect Silk Road which
he thought was changing the world for the better. And that unlike others with
similar websites, he never ran off with the money. If anything, the article
was pretty darn positive for a guy who wanted to kill people.

~~~
tptacek
If there's one reason to keep politics off HN that we should all be able to
agree with, it's to keep us from finding out that people we talk to here
believe it might be justifiable to kill people to protect a website.

~~~
yummyfajitas
I suspect that most of us believe it might be justifiable to kill people to
protect a website.

Do you (or anyone else) oppose having armed guards protecting a data center?
Armed guards protecting a data center means that someone might get killed to
protect a website.

(You can draw other moral distinctions, and I'm not defending this guy in
particular. I'm just pointing out that the _specific argument you are making_
is most likely incorrect.)

~~~
moocowduckquack
Big doors and time-locks are likely to work better. Side-arms to protect
computers is just security theater.

The only reason I can think of to have armed guards at a data center is if the
people working there are at a real risk of armed attack, not the computers.

edit - also if your site security and uptime is dependent on some people with
guns at a datacenter, then you are doing it wrong.

------
justinzollars
We need a better way to close our laptops

------
quantumpotato_
I thought he was at a coffee shop when he was arrested?

