Domain: colesmyer.com.au
Stories and comments across the archive that link to colesmyer.com.au.
Comments · 10
-
Re:"Free Trade" my arseWell at least that kills the Aussie companies are inherently good argument.
-
Ford vs Northwest
Of course, this comes on the back of the Northwest scandal. I'm excited by the trend this may set, but only from an intellectual, idealistic point of view. If I put my pragmatic hat on I can't help thinking that Ford (and other companies who follow suit) will have an alterior motive. Why would they spend so much money on their employees when a much more cost effective way to make them happy would be to give them a $1000 bonus or pay rise or something traditional?
Anyway, here's hoping that Fords moves are simply a new employee loyalty / morale scheme and not something more nefarious.
email me or not.
-
DoS like stealing cars
A lot of people discussing this issue seem to think that arbitrary blaming of those servers that were used for the DoS attacks is a fair and reasonable thing.
Well, I have to say that while I agree in principle that if people are going to run insecure servers then they are responsible for actions on the server if they get hacked, I think that in practice it doesn't really hold up when compared to similar situations.
For example, take the case of a stolen car. The owner of the car drives it into his driveway and locks all the doors before going inside. As far as he is concerned it is as secure as he can make it. However, what he doesn't know is that if he'd spent 2-3 hours each day scanning the security forums he would have found that there was a new LockBuster (tm) available that would make breaking into his car a snap. So, while the driver isn't looking a bunch of thieves sneak up and break into his car using the LockBuster (tm) and take it for a joy ride. At the same time, 10,000 other thieves are using LockBuster (tm) to steal cars and they've all headed out onto the freeway. Consequently the freeway gets jammed - I mean really jammed. No traffic can get on or off the freeway for 4 hours. Once the traffic has cleared the thieves return the stolen cars to the driveway, just in time for the owners of the cars to come out of their houses and drive to work.
In this case, who would consider blaming the owners of the cars for the traffic jam? After all, the owners thought their cars were secure - they locked the doors. They just didn't have the time to spend updating their cars with all the latest security enhancements to stop LockBuster (tm) from allowing people to break in.
Ok, so I know that stealing a car and jamming a freeway isn't really the same thing as using a hacked server for a DoS, but I think people have to recognise that not every company or server owner has the resources to devote to security that they might like. Having said that, I do agree that server owners on the internet do have some obligation to do routine things like filtering packets with snuff source addresses etc. Maybe someone should set up a Server Owners web site where new server operators can do a quick checklist on the really important and neighbourly security features they need to check on their configuration (e.g. here are the important things to check, here is how to check and fix them on your system) and not just for Linux machines, there should be help for lots of platforms / configurations, including NT, Unix derivatives etc. There are lots of sites out there that deal with security issues, but I don't know of any that have a simple checklist that can be run through which has the most common things that need checking on servers.
So, stop putting all the blame on those people that don't have the resources (or the computer savviness) to keep up with security. Be part of the solution by making it easy for them to check their servers and fix them if they are deficient. Don't just point them to bugtraq or something similar - not everyone can scour a multitude of sites each day for possible bugs. Especially if they are setting up a new server and wouldn't know where to start.
email me or not
-
Home Theatre DVD Players Cash In
The whole argument by the MPAA seems to be that computer users want to pirate the content of their DVDs by using DeCSS. Umm. Excuse me? If I want to pirate a DVD it's going to cost me a whole lot more to go out, buy a DVD writer, buy a blank DVD, borrow the DVD from the video store and make a copy. Much easier just to wander down to K-Mart or (insert your local bulk store here) and buy a brand new DVD movie off the shelf with all the nice wrapping and free posters etc. and sleep with an easy conscience.
I can see how my argument may fail within a few years, when blank DVDs are being rolled out at $1 each and writers can be picked up for a couple of hundred. But by then this whole argument will be over anyway and there will be some new technology to squabble over.
The only argument for keeping CSS a secret appears to be to make sure that those companies who actually purchased a licence to decrypt CSS in their players aren't seen to have wasted their money. That seems to be a joke, anyway. If I want to go out and buy a reasonable quality DVD player for my home theatre it would set me back about $800 (I'm in Australia, BTW). Ok, so I realise I'm buying hardware and software there (including paying for the licence to have the CSS decryption software in the machine), but that seems fairly pricy for a glorified CD player that I wouldn't pay more than $150 for without the software component. I mean, the physical mechanism hasn't changed that much. CD shaped object still goes into the machine, gets spun up to speed and gets read by a laser on the end of a focussing arm. Big deal. So, let's be generous and say that the added technology above and beyond that of a normal CD player costs about $50 per unit to implement. That means I'm paying about $600 for the added software component that is inside the DVD player, as opposed to a regular CD. Does that seem reasonable to anyone?
On the other hand, if I want to go out and buy a DVD player for my computer, it only costs about $450 for a good quality unit, which usually comes bundled with a Windows DVD player. Ok, so a regular CD-ROM for my PC will set me back about $100 (I'm being generous there!). So, as in the home theatre player mentioned earlier, let's add in $50 towards the modified hardware within the unit, and that leaves me with $300 towards the software that I run on the computer to read the DVD. Err. That's $300 (50%) less than I'm paying for my home theatre DVD player software. Paying that much for software I'm never going to use (if I use an unsupported OS like Linux etc) seems a bit harsh - especially when I'm then told I can't write my own software to do the playing on my OS.
Even without the software issues, though, it's amazing that they have to wonder why people want to watch their DVDs on their computers? Heck, even if I go out and buy a TV out card and pipe the DVD from my PC into my big screen TV for home theatre, I'm still going to come out $200 ahead!
So, to sum up, it seems that the only reason for having CSS licences isn't to protect artistic content, but to protect those companies who are producing DVD players for the home theatre market.
It's interesting to note that the VHS copy protection scheme that is used these days (developed by Disney, I beleive - correct me if I'm wrong) is so insanely easy to bypass it's not funny. However, it never really becomes an issue because computer users aren't involved. I don't recall a big fuss being made about all the VHS copy protection breaker-box schematics that were thrown about when it came out. I even saw some of them in respectable electronics magazines.
Email me or not.
-
The be all and end all...I'm not advocating Linux as the be all and end all (even though I think it's nifty), but when talking virii we should consider the reason they are so prolific.
How do most virii work? The big headliner virii always seem to be written to exploit certain flaws or features in software. The reason that these flaws can be taken advantage of seems to be twofold:
- Binary distributions (a la anything on Windows) prevent scrutiny from outside sources
- Proprietry software vendors don't like to tell people that there software is buggy until someone else discovers the bug (in the form of a virus)
So, I'm not going to argue for or against Linux per se, but I think open source software really does defeat the above points most of the time.
The other point that has been raised by many others in this discussion is the intrinsic multiuser aspect of Linux. The fact that a multiuser environment is all but mandatory with Linux makes people follow rules for access and priveleges on a system, which is great for stopping virii from propogating via priveleged access. Sure, Windows (among others) may provide the ability to function semi-multiuser but it's not nearly as enforced as on Linux, which means people can get lazy and run everything under a priveleged account. So Linux isn't necessarily better at being secure (don't hit me hehehe), but it is better at training people to be more secure. I'm sure if programmers and users of Windows based systems had enforced access/security in a multiuser system then Windows security holes would be patched much quicker, especially in the application layer. Programmers simply wouldn't be able to assume that their programs had complete access to the system - they would have to write checks into their code to make sure of it, and users would have to enable access for programs that required priveleged access. That might take a little bit longer for users to install/run programs, but it's much better than the current "double-click suck it and see" method where you've got NFI how to restrict what a single program can access on your system.
--------------------------------------------------
email .torq -
The be all and end all...I'm not advocating Linux as the be all and end all (even though I think it's nifty), but when talking virii we should consider the reason they are so prolific.
How do most virii work? The big headliner virii always seem to be written to exploit certain flaws or features in software. The reason that these flaws can be taken advantage of seems to be twofold:
- Binary distributions (a la anything on Windows) prevent scrutiny from outside sources
- Proprietry software vendors don't like to tell people that there software is buggy until someone else discovers the bug (in the form of a virus)
So, I'm not going to argue for or against Linux per se, but I think open source software really does defeat the above points most of the time.
The other point that has been raised by many others in this discussion is the intrinsic multiuser aspect of Linux. The fact that a multiuser environment is all but mandatory with Linux makes people follow rules for access and priveleges on a system, which is great for stopping virii from propogating via priveleged access. Sure, Windows (among others) may provide the ability to function semi-multiuser but it's not nearly as enforced as on Linux, which means people can get lazy and run everything under a priveleged account. So Linux isn't necessarily better at being secure (don't hit me hehehe), but it is better at training people to be more secure. I'm sure if programmers and users of Windows based systems had enforced access/security in a multiuser system then Windows security holes would be patched much quicker, especially in the applicaiton layer. Programmers simply wouldn't be able to assume that their programs had complete access to the system - they would have to write checks into their code to make sure of it, and users would have to enable access for programs that required priveleged access. That might take a little bit longer for users to install/run programs, but it's much better than the current "double-click suck it and see" method where you've got NFI how to restrict what a single program can access on your system.
--------------------------------------------------
email .torq -
Supervision VS Censorship
There is a lot of hypocrisy evident in the arguments of many of those who agree with censorship of any kind.
I agree that we need to regulate and supervise the information that children have access to. However, I am totally against the idea that we have the right to apply censorship of information. Despite being morally repugnant, it is ridiculous to suppose that we, as individuals, have the ability to hide information from the inherently inquisitive minds of our children. If the government tries to hide information, it's called a coverup - how is hiding information from our children any different? And like all government coverups, the truth will emerge eventually, but chances are we won't be around when our children discover it.
We do have a responsibility to guide our children through their formative years, lending our knowledge and wisdom to the many new discoveries they experience. However, this shouldn't become the completely overwhelming dominance of thought and action that is becoming increasingly prevalent in todays society. I believe that it is important to respond to a child's questioning of the world around them with sincerity and understanding - we were all young once, too, remember - not with the sledgehammer style hard-and-fast censorship of information many children are faced with. We should discuss topics, not make them a social taboo.
Certainly I'm not advocating a hands-off approach to child development. There must be supervision and nurturing of the growing process. Unfortunately our society seems to be focused more on ensuring children stick to the narrow middle path of conformity, rather than encouraging exploration in new avenues of both lifestyle and education. The problem with this is that when children discover something new, which doesn't conform to the view of society presented by their parents they are totally unprepared to deal with it. Thus, children are forced to come to their own conclusions with how to deal with those experiences. Some of those conclusions will ultimately lead to socially unacceptable behaviour.
The solution for the problem of "socially unacceptable" behaviour seems to point towards more freedom, not less. The more freedom we enjoy, the better we are able to seek advice from our peers. The more freedom children enjoy, the better they are able to seek advice from parents and all of those who have experienced the same new discoveries that children encounter every day. Let's bring development out of the closet and really start passing on the knowledge and wisdom we have learnt through the years, rather than imposing oppressive censorship on information. That is the best way we can truly help our children through the wonderful process of growing up.
If you think you want to reply, do so here. -
A brave new world...
...is a long way off.
With the way things are going /. stories of the next century will probably have heated debates between the merits of Intel's Eye-tanium visual processing chip (VPC) and AMD's Athlete-on physical performance chip (PPC).
We'll be able to measure our implants with benchmarking tools based on "biomarks" or "meatstones". How many tasks can I run on my new Motorola Cortex VX cranium board before I start to slow down? Does that support the Spinal (tm) bus, or the ever popular Centrally Enhanced Nervous System ?.
More importantly, will the NVidia TrueBruise technology be able to simulate real bump-mapped damage on my body when I play Quake 15? Or should I go for the 3Dfx Vindaloo which is supported by Microsoft's Direct Death API?
You never know, /. may even fix my registration so I can actually login and stop being an AC!
Email ME!
Views expressed are mine and not necessarily those of my employer. -
Educated can of worms
This issue, like so many others related to the internet or the exchange of information, is like a can of worms.
The authorities have noticed the can has been opened and are trying with all their might to stuff the worms back in the can and seal the lid.
Maybe what they should be doing is trying to educate those worms and help them to acheive better lives - then the authorities wouldn't have to worry about what the worms were saying to each other in unintelligible wormese (aka using strong encryption). By making the worms happier, everyone can live in a more secure environment, including the powers that be. After all, if you eliminate the fear of the things that might be hidden behind encryption you eliminate the fear of the the encryption itself.
I think it's a bit like being stuck in a lift with two other people who are speaking a different language - while you are there you might feel a bit insecure because they might be talking about you (chances are they're not, though!). As soon as you leave the lift, though, the insecurity goes away. Imagine how insecure the FBI must feel if they are looking at strongly encrypted, unintelligble information all the time! Time to get off the lift, guys!
Nicholas
The views expressed are my own and not those of my employer -
Perceived value of personal data
Most personal data collection has a price attached to it. For the consumer/customer/pleb it is usually fairly innocuous, useless information and they don't attach much value to it. However, the companies that collect and use the information find it extremely useful, and hence valuable. They wouldn't invest money in collecting it otherwise!
Those companies that collect and resell the information are making enormous amounts of money. But what are they selling? YOUR information! The information that all of us casually give away because we perceive it to be worthless.
For example, say I visit the supermarket each week and purchase a load of groceries. I might purchase pasta sauce every week, along with some spaghetti. I use my loyalty card at the checkout to get a 2% discount on my purchase. From that information, the supermarket chain has now collected information that identifies me as a pasta lover. That information might seem trivial to me - after all, what do I care if I now get a letter from Dolmio each month encouraging me to try their brand of pasta sauce - but to the marketing company that collected the information from the supermarket and sold it on, that information is a gold mine! They are really making money for nothing. They aren't selling a product. They're not even selling a service. They are selling my information, because I don't make enough fuss about it.
This relates in the same way to iD's idea of capturing information from a PC running their software. We might think it's trivial, but they obviously don't. They obviously think it's important enough to hire a programmer to write code in their software to get the information, and to have resources on one of their servers collecting and storing the information as it comes in. If they think it's that important it has to be worth something to them.
My argument is that if they think it's important, we should be thinking of it in the same way. If a company wants to use my personal data, wether it comes from my PC or if I fill out a form and give it to them, I think I should be given something in return. After all, that personal data has value attached to it - iD certainly seem to think so. If I am giving them something of value, then a transaction is taking place and I am entitled to demand a price for it. Some might argue that we get better games out of it and that it's a small price to pay. But I'd like the choice - either iD pays me what I want, or they don't get my value information. That's how all other transactions are governed.
In the end, I think it comes down to the fact that information is not seen by the average person as a valuable commodity. Companies have been gathering information for commercial purposes for a long time - they see it as being valuable; it's about time we all woke up and saw it the same way.
Email flames etc to me
The views expressed are my own and not those of my employer