I don't mind them as long as they are asked by someone with a psychology degree (or maybe other credentials that show an ability to interpret the results) and the results are kept private. I've seen two things in recent years that disturb me greatly, however.
The first was my experience at a technical college. The first day of class, we all took a personality test, given by a corporate psychologist with a B.A. in psych. We were not warned in any way that the results would not be private. Thus, on the first day of class, the entire class was presented with a psychological profile of their fellow classmates, on the basis of an examination with questionable accuracy and administered by a person with questionable credentials. I believe this information was also provided to the instructors and various business associates of the examiner. I can't believe that's legal!
The second was a company that actually posted the results of the HR personality exam in a public place within the building. I suppose it's possible that you could opt-out from being listed, but even still, it's a disturbing trend.
People put far too much emphasis on the results of these sorts of tests. They also try to simplify personalities to the point where the description is almost meaningless. Certainly, most people who administer the tests are completely unqualified of interpreting anomalies in the results, such as when a person suffers from a multiple personality disorder. What would such a result mean to an employer? Is the employer allowed to discriminate on the basis of a mental illness that may or may not impact job performance?
Personality tests seem to be a new tool for HR these days. But I'd certainly challenge many of their "findings" as being totally subjective guesswork. There definitely needs to be legal guidelines as to how these tests are administered, and what analysis can be done with the data. After all, people's careers can be decided on the basis of such exams.
Hackers are not under any obligation to disclose anything. I'm not aware of any law that either forces them to disclose a vulnerability that they have discovered, or any due process that must be followed to do so. I'm also not aware that writing or distributing proof-of-concept code is illegal. Judging by the number of large software vendors either in court (IBM, SCO) or deliberately misinterpreting existing legal documentation (Microsoft and Novell attack the GPL), the law is clearly the only deciding factor in how business will be done in the IT industry.
Therefore, throw your morals and principals out the window. This is laissez-faire economics at it's best. Mud-slinging, sabotage, legal wrangling, death threats and more await as we determine just who has the best software. If these vendors are truly interested in some good-faith reporting from the people who are discovering the vulnerabilities, maybe a show of good faith on their part might be nice. There's absolutely no incentive to do anything in a reasonable or "nice" way, when dragging a hated vendor's name through the mud is both legal and cool.
There's a few things I can think of that would improve matters and reach a common ground where truly malicious software is written only by a few bad apples:
Laws governing EULAs would reduce the weasel words that we click through blindly as we install software. Many EULAs that I've read actually have a clause that's different for the country of Ireland, as their so-called "lemon law" also applies to software. The EULA as it is written for the United States waives too many consumer rights to be valid in Ireland. Having clear guidelines for what rights you can waive by agreeing to a software EULA is vital.
Vendor incentives for disclosing information in accordance with their company policy. When RSA was released to the 'net community at large, there was a sizable reward for proving the ability to crack it. If vendors offered some kind of financial incentive to disclose bugs through their normal process, many people would opt for the immediate cash rather than going for the jugular.
Establish criminal and civil liability for writing bad software. Everything goes to a civil court these days, so it's often a battle of who has the better lawyer (mostly because there's no good laws governing EULAs...). What is the software provider's responsibility? Establish industry guidelines for QA testing for off-the-shelf software. Throw some people in jail for writing malicious software. Any company that misrepresents its software for the purpose of taking control of someone's machine should be subject to criminal liability. I don't want to hire a lawyer and roll the dice on a lawsuit. I want the police to press charges and the DA to prosecute, all without my involvement (unless I get to testify).
Just to be perfectly clear: I am condoning the MOAB and any other MOxB. I've used too much bad software and seen too many vendors be held utterly unaccountable for their pre-meditated actions against the consumer. Lobby groups funded by these large vendors continue to erode consumer rights. If this is not how business is to be done, perhaps the industry leaders should set a better example.
Yeah, I'm still waiting on my 64k Apple IIe linux distro that will fit on a 128k single sided floppy.
That's not as far-fetched as it sounds. The ELKS project will run on an 8086 PC, and the kernel is only 36k. You even have room for sh, cp and rm (You can use the -i switch to emulate ls) on that 128k floppy. The bad news is that you'll need to port the boot code to the IIe yourself.
It's mostly for developers right now (hey, it's even in the correct Slashdot category!).
Personally, I think Japan is building a gigantic supercomputer out of PS3s;) When Linux got onto PS2, the most common usage for them were clusters. Here's a picture. I can only imagine what a rack full of PS3s can do. Of course, like the PS2, the PS3 is subject to restrictions. From the PS3 EULA:
The PS3 system may contain technology that is subject to certain restrictions under the U.S. Export Administration Regulations, and may not be exported or re-exported to U.S. embargoed destinations. In addition, the PS3 system may not be exported or re-exported to persons and entities prohibited by the U.S. Export Administration Regulations.
Have to make sure those Albanians aren't cracking RSA or some such thing.
I can't imagine my laptop being the only source of my "valuable data". Admittedly, it's a bit of work, but I'm constantly synchronizing files back and forth between desktop and laptop. So I did a quick Google search to see how many cases of laptops containing valuable data there were. This article has some fun anecdotes about dropping laptops.
Seriously, though, there's some kind of marketing idea that dropping laptops is a huge problem. Apple's solution was one of the biggest gimmicks I've ever heard of. Do people constantly drop their cell phones, Blackberrys, PDAs, etc.? Do they not back up the "valuable data" to another location in case it's stolen?
I'm not going to pay an extra $600 simply for the extra reliability. Surely there's better advantages to publicize?
I had an ancient computer when I first got on the 'net (8Mhz 8088). It ran DOS, and had all of the wonderful problems associated with running out of "conventional" RAM. I had a modem and some 'net experience gained through shell accounts on some local BBSes. Trying to coax a PPP connection onto that machine was a hack-job. Since DOS wasn't designed as a network-capable OS, pretty much any attempt to route IP packets to the modem required a network stack, 64Kb of conventional memory down the tubes. So much for running DOSLynx or anything that required any sort of RAM.
Novell seems to be involved in a lot of these old-timer stories, and it is here too. It turns out that Novell had a great packet driver available for DOS -- but it was for an IPX network. Someone released an interesting TSR which used the Novell IPX packet driver to transfer TCP/IP. It saved an enormous 40Kb of RAM, allowing all of those apps that wouldn't start before to run. I'm sure that the shortened stack had all kinds of vulnerabilities, but thankfully there just weren't enough people around to exploit them.
The comment is that "based on the way IP addresses are assigned" that he can determine there was no wireless router in use. This suggests to me that there is a process at work that we don't know about, because under normal circumstances, I certainly wouldn't be able to assert such a thing.
Normally, I would expect an ISP to keep logs of physical access to the network (e.g. a DSL modem handshake which records the phone number of the DSL circuit) and allow the logs to be somehow cross-referenced with their DHCP logs. My experience (however, this is with Canadian ISPs) is that it is not easy to obtain a DHCP address from any of the major providers. The modem will need to do some kind of handshake, which sets a flag in a database marking me as authorized, which their custom DHCP server reads to ensure that an IP address is supposed to be assigned. I'm sure this paper trail can verify the IP address that was assigned to my connection, but not to the specific network device that is actually using the connection.
However, there's an easy test that can be performed with the defendant's computer to see what kind of logs are kept. If the plaintiff can successfully tell the difference between the following scenarios from their logs, it goes a long way to establishing the expert's credibility, though the method of doing so is beyond my experience.
Scenario I - Computer connected directly to public Internet
This is really simple. Plug the broadband modem's LAN directly into the defendant's network card. Analyze the output of the logs, showing the assignment of a particular IP to the defendant's network card and verify that it is correct.
Scenario II - Computer connected to WiFi router with cloned MAC address
Most WiFi routers allow you to clone one of your network card's MAC addresses, since many ISPs record a MAC address when you authorize onto their network. Cloning the MAC address is useful, since you don't have to reregister your WiFi router as another PC (most ISPs restrict you to only 1 or 2 dynamic addresses). If you can't clone the MAC address, there is often a place to manually set the address yourself. Enter the MAC address of the defendant's network card into the WiFi router, and connect the LAN from the broadband modem to the WAN port of the WiFi router. Analyze the output of the logs, and show that there is a difference in the output when the IP address is assigned.
My guess is that there won't be any difference; most ISPs rely on the combination of the hardware handshake required to access the physical network and your public facing MAC address to uniquely identify your particular connection and route IP packets to it. The traffic should be identical in both cases: DHCP broadcast to 255.255.255.255 by MAC mm:nn:oo:pp:qq:rr, DHCPOFFER on ww.xx.yy.zz from aa.bb.cc.dd, DHCPACK from ww.xx.yy.zz. There'll also be a cross-reference to the physical access log tying MAC mm:nn:oo:pp:qq:rr to some kind of identifier (phone number, circuit number). If they don't have this entire paper trail, please let me know which ISP they are so that I can switch then claim they didn't provide service.:)
I'm pretty certain that the network hardware shouldn't have any unique fingerprints to tell us which of the two devices actually sent the traffic. If there is a method by which they can somehow determine which of the two devices it is, I'd chase that down. My gut feeling is that such information's reliability would be suspect.
By releasing people back into society who have no hope of ever climbing out of the gutter, we continually increase a class of people who not only can do us harm, but have already proven they will, and who are motivated, by us, to do it ( or something else criminal) again. The motivation is simple: We won't let them do anything else.
How do you determine that someone has no hope? How do you know that the motivation for their crimes is you? You seem to know an awful lot about this person whom you've condemned as unredeemable person. I agree that a pattern of behaviour says a lot, and a person's criminal record should be considered while they are on trial. However, I don't see that justice is improved by assigning a punishment other than the one that fits the crime just because of their past difficulties. 6 armed robbery convictions should have a sentence of 6xa single armed robbery conviction. The fact that the suspect had been involved in 5 prior armed robberies should make the 6th conviction pretty easy. It should also mean that the 6th sentence doesn't have a chance for early parole. It should also mean that it's easy to convince authorities that surveillance of this particular individual when he is freed is a prudent measure. It shouldn't however, carry an automatic life (or death) sentence.
Today, a background check is considered normal in order to get a job. This includes your criminal records, if any. If you have a criminal record, you're not going to get any job for which there is competition (in other words, most of them.) You're a permanent criminal, unredeemable, permanently evil and a bottom-feeder.
Yes, and it also includes your credit record. Funny that you mention societal classes, since discrimination on the basis of credit record is also a class-bias: discrimination against the poor. It turns out the the intersection between the criminal class and the poor is rather large (guess what the most common motivation for being a criminal is). There's a vicious circle here: people with bad credit records don't get a job, and turn to crime to survive. People with criminal records can't get jobs and resort to crime to survive. With any luck, your background check in the future will include a high-quality, full-colour photograph, your last 12 months of searches on all popular search engines, all of your purchases for the last 12 months, your FBI case file, your *AA case file, your ISP firewall logs, and anything else that tickles your fancy. That way, we can be sure that we employ only Caucasian Christian Republicans, who as we all know, are genetically incapable of being poor or criminal.
The connection everyone seems to make is this: once a screw-up, always a screw-up. In the words of your own immortal deity: "Let he who is without sin cast the first stone." For some reason, Christians never seem to live that one. Crime is a product of the society you live in. If you want to rehabilitate the criminals, reform your society instead of demonizing the criminals.
Finally, to quote Mark Twain on the subject: "The only truly American criminal class is Congress."
Now stop putting words in my mouth. The revulsion at the copyright holder is that the playing field is already horribly tilted in their direction, and they want to move it from 80 degrees from horizontal to totally vertical. They already have the right to include DRM with their products, which remove the consumer's legal right to obtain fair use copies of the copyrighted work. DRM didn't work, so now they resort to lawsuits which may or may not have merit.
It so happens that Linux is DRM-agnostic. The OS simply doesn't institute "protections" that prevent it from functioning normally. As a geek, my idea of "functioning normally" involves a great deal of control over my computer. I've had this level of control since I got my first computer, and now the big software companies are trying to take this control away from me. I don't want this control simply to subvert DRM protections. I want it to debug my applications. I want it so I can implement my security plan, not someone else's. I want it so that I can control what hardware I decide to put in the machine, not some being held to some arbitrary marketing idea that "changing 6 or more peripheral devices constitutes installation on a different machine."
Freedom arguments aside (we're clearly polarized in that respect), you show the same ignorance and intolerance of Linux users as pretty much everyone on the planet. Yes, break-the-GPL-and-burn-in hellfire, because I've written GPL code. I understand the purpose of Free Software, and why it needs to be protected. Until you've been there in the Linux trenches, you're just talking out your ass.
It's really not that hard to prove. It should, however, involve subpoenaing ISP records. The MAC address is useless, since it can be faked. However, there is obviously some internal mechanism by which the physical network can detect your presence. If these records didn't exist, no one would ever have to pay their Internet bill, because they could claim the service wasn't provided. Cross-referencing the physical network access logs with firewall logs could establish with considerable certainty that your cable/DSL connection was assigned a specific IP address.
I can see only 2 ways to dispute that you had a particular IP address:
You claim that someone tapped into the line outside the premises without your knowledge. This isn't very likely, since there's some encryption involved too.
You claim that your IP address was being spoofed. This is a little more plausible, though it's unlikely the spoofer is on the same subnet as you or there'd be considerable difficulty accessing the network, and an address collision would likely be recorded in the ISP firewall logs. If the spoofer was on a different subnet, then there would need to be covert routing in place to allow the spoofed address to work properly (not likely). Finally, malware could create a proxy which would allow a 3rd-party to use your computer's IP address. This isn't technically spoofing, and could easily be confirmed or denied by the examination of the hard drive in question.
One of the linked PDFs (the report debunking the expert), they mention that the standard of evidence to prove that the entire file is available from a particular client should be using a firewall to block out all IPs except the one in question, and see if it is still possible to obtain the file. It also mentions the transience of availability; is the file still available in its entirety 10 days after first retrieving it?
"Linux sucks because its present market share is the cause for not having all the main-stream apps that other OS environments enjoy... presently."
Which is what everyone says. That shows that you don't know anything about the present-day Linux desktop. Question: what mainstream app is missing from the business computing desktop environment?
Is it:
Microsoft Outlook?Evolution and Kontact replace Outlook quite handily. Evolution can use the Evolution-Exchange Connector to communicate through Outlook Web Access (which many Enterprises enable anyway) and provide full Outlook functionality in Evolution. Kontact can use full Outlook functionality if configured correctly (not so user-friendly, but still quite possible). In addition, the junk mail filtering is better, using the locally installed SpamAssassin filter.
Microsoft Office?All but the most complex spreadsheets and Word documents can be handled by OpenOffice without any problem. I doubt that the complex ones even pose that much difficulty in migration. Microsoft Access is still used in some minor applications, but it's trivial to import the data to another, better RDBMS. There are several free GUI clients for managing the new database. MySQL has good desktop database solutions. You'd have to use pretty much every proprietary feature in Access to have this be a sticking point.
Internet Explorer?Ah, yes. The basis of the antitrust suit. I admit that if your organization went out of its way to find webapp software that worked only in IE, you might have some migration issues. However, IE6 runs quite well under emulation on recent versions of WINE, so unless that ActiveX component they chose is really screwed up, there's a good chance you can even emulate that. JavaScript migration issues are less of a problem than they used to be (another favourite sticking point) so Firefox will likely work well for a lot of apps that weren't designed to protect Microsoft's monopoly.
Well, the list goes on. Custom-written software (could work well under emulation unless designed specifically to thwart WINE), IP Telephony (Skype has a Linux client), and so on. My point is that any business that's interested could switch today if they wanted. There's no missing killer app (unless you're trying to make excuses). The roadblocks to migrating entirely to Linux on the business desktop are all artificially created by Microsoft to protect their monopoly. The most difficult part is convincing your users that it's a good choice. They've been brainwashed by years of Microsoft marketing, and believe pretty much every word that comes out of Steve's and Bill's mouths blindly. Many organisations will encounter significant resistance during training as belligerent, brain-washed Microsoft junkies demand that things go back to the way they were. That's unfortunate, because I can finally say after almost 15 years of using Linux, that using a Linux desktop is a joy, not an arduous task that requires command-line hacking to accomplish everything it can do.
Everyone has missed this: How do you prove that the hard drive hasn't been in another computer prior to the defendant's? I assure you, all of the copyrighted works on my machine that were deleted were deleted by the person who owned the HDD before me. I lent my hard drive to a friend so that he could back up the one in his machine that was dying. I bought one from e-bay, and I can't contact the seller any more. I had my machine in for repairs and they had to re-image it. There's a bunch of legitimate reasons that someone else had access to my hard drive that don't involve any kind of malware or hacking, and none of them are my responsibility.
Unfortunately, IPTV is being used to discriminate already. There are many complaints of IPTV service being provided only to wealthy neighbourhoods, citing cost barriers to entry for the service in poorer, outlying neighbourhoods. So, now all I have to do is buy IPTV, and the side-effect is that my other 'net traffic is prioritized ahead of that guy who not only can't afford IPTV, but doesn't even have it available for him.
IPTV is clearly a loophole to avoid true 'net-neutrality.
Read the earlier discussion about AT&T being involved in unjust fiber rollouts here
There are people claiming that they received e-mail stating that it was a malicious attack. I'm guessing that it's just some pranksters jumping on the bandwagon, but who knows. Others are claiming that Firefox 2 had a scripting vulnerability which led to this problem.
The most interesting thing about this quote is that it started page 2 of the article. Page 1 seemed to take an informative tone, but it mostly tasted like Pablum. Talk about not rocking the boat. Don't want people accidentally reading something about "civil liberties" and thinking it applies to them.
mandelbr0t
Projects go over budget, get extended, fire their entire team, hire more expensive consultants and extended again? Examples? This sounds like a company looking to embrace Open Source, not some Web 2.0 thing. Hmmm. Actually, it was a company that embraced Microsoft. And they did that because they got tired of Sun. I'll admit that there's some truth to many of the points you brought up, but I stand by my corruption argument. And, in a strange way, you've proven the "geeks don't know business" argument.
Try being a little cynical for a few minutes, and stay with me. The issue in this particular case was not how quickly the project could be done; in fact, there didn't appear to be much interest in creating a working project at all. The reason for this is simple: a project manager 4 years ago made a prediction about cost and timeline. There is also no possible way he could be wrong; the company committed to the cost and timeline when the prediction was made. And the project manager's MBA trumps my experience. It also turns out that this was a security project; cutting corners on such a project would be detrimental to the company. Again, we're not talking technical details. The actual security of the project is secondary to the appearance of security. The possible timeline of the project is secondary to what the project manager determines the timeline actually is.
It turns out that geeks can get rich in this scenario too. IMO, you'd have to be unethical to play along though. Effectively, you are being given money to delay the project or come up with reasons why it's infeasible in its current form. Personally, I prefer being given money to make technology work instead of making up stories. Of course, after a project has been managed this way for 4 years, you don't have to try very hard to find reasons that it's infeasible in it's current form. Unfortunately, only the project manager gets to decide when the project actually gets axed. Development on such a project is miserable; you get punished for writing good code. Maybe some people can put up with that, but I can't.
More than just making the ad-spam more interesting, it is wonderful to feed to your Bayesian filter. Now you can actually train your filter to tell the difference between the advertising/newsletters that come from their company and have a hope in hell of containing information interesting to you, and the stuff that comes from their "affiliates".
I'm not really bothered by a search engine customizing advertising and other content based on my search preferences. Mind you, I haven't used the word "llama" in a search yet, so I could be a bit biassed.:)
Web 2.0 looks to me to be the same as the.COM bubble. There's a bunch of hyped technologies, a bunch of consulting companies monopolizing the HR, a bunch of VC firms with slush funds to melt, and very few people that actually understand any of it. I don't see any changes to marketing or project hype; a presentation to my 2004 technical college class sounded like it was written by c.2000.COM gurus. All in all, it seems to me that the Web 2.0 bubble is based on the same psychology as.COM: "Anybody who understands the technology is too dumb to understand the business".
Let me try and expound on that last statement a bit; it is based on personal experience, not some knee-jerk reaction. I got hired as a consultant about 9 months before the.COM bubble burst. I knew a crap-load about CGI and server-side scripting and HTML and Unix and Apache and so on. They seemed to pay me well, until I took into account the down-time between contracts. Moving out of the IT industry didn't seem to be an option as long as I was in the recruiters' databases. On the bright side, I'm not so dumb about the business any more. The business is effectively this: "I don't know how to implement X, but I know how to bully some techie dweeb into implementing it for me for a tenth of what it's worth."
All of the latest marketing and hype for Web 2.0 seems to have this same negative attitude about tech. dweebs. Geeks become slaves, IPOs go through the roof (but you can't afford the shares on a geek's salary) and companies sell vapourware. Projects go over budget, get extended, fire their entire team, hire more expensive consultants and extended again. The last contract I was at was still suffering from this crap. The product had been in development for 4 years by 2-3 people full-time, and I could still write a better version in 6 months by myself.
If there was an obvious decline in corporate corruption, I'd say that Web 2.0 might not be such a bubble. AJAX and other "dynamic" approaches do offer a better end-user experience. Broadband content is commonplace. Blogging is popular. But the overall negatives vastly outweigh the positives. We need to stop thinking about technology as a short-term investment strategy, and consider the overall societal impact. I'm not in it for the IPOs myself; I hope those that are start to listen to the geeks. "Don't make me angry; you wouldn't like me when I'm angry":P
Riiiight. The US government is going to offer a multi-billion dollar contract of the highest national security importance to a project that's run by one guy......and he's Canadian.
Not that I'd complain about having Canadians managing American national security, but somehow I don't see it happening.
The link to "List of Requirements" should clear this up:
Product uses an approved random number generator specified in FIPS 140-2 Annex C for key generation
Capable of using DoD PKI certs for file encryption on removable storage devices
For FDE, users encryption certificate contained in the DoD CAC shall be used to encrypt the file that contains the system generated full volume encryption key
(among others). As you can see, there's no requirement that a user actually type a password. In many cases, a certificate file will provide the appropriate credentials to unencrypt the data. From a cursory reading, this looks like Real Security(TM) as opposed to the Microsoft variety.
So I actually need to buy a PIN pad for home use now?!
Seriously, we're talking about a solution for a home user. While there are obvious benefits to EPP-based security, I hardly think it's worth the expense for online shopping when the free solutions compromise very little in the way of security. By the way, is the pad Visa/PLUS certified? What about gateway services: who supports your pad? The link you provided didn't work.
Slashdot Mirror
I don't mind them as long as they are asked by someone with a psychology degree (or maybe other credentials that show an ability to interpret the results) and the results are kept private. I've seen two things in recent years that disturb me greatly, however.
The first was my experience at a technical college. The first day of class, we all took a personality test, given by a corporate psychologist with a B.A. in psych. We were not warned in any way that the results would not be private. Thus, on the first day of class, the entire class was presented with a psychological profile of their fellow classmates, on the basis of an examination with questionable accuracy and administered by a person with questionable credentials. I believe this information was also provided to the instructors and various business associates of the examiner. I can't believe that's legal!
The second was a company that actually posted the results of the HR personality exam in a public place within the building. I suppose it's possible that you could opt-out from being listed, but even still, it's a disturbing trend.
People put far too much emphasis on the results of these sorts of tests. They also try to simplify personalities to the point where the description is almost meaningless. Certainly, most people who administer the tests are completely unqualified of interpreting anomalies in the results, such as when a person suffers from a multiple personality disorder. What would such a result mean to an employer? Is the employer allowed to discriminate on the basis of a mental illness that may or may not impact job performance?
Personality tests seem to be a new tool for HR these days. But I'd certainly challenge many of their "findings" as being totally subjective guesswork. There definitely needs to be legal guidelines as to how these tests are administered, and what analysis can be done with the data. After all, people's careers can be decided on the basis of such exams.
mandelbr0t
I get it, but your style leaves something to be desired. I'd write it as:
if (person.getRace() == Race.BLACK || person.getGender() == Gender.FEMALE) { return 0; }
"Black" and "Female" are values for the Race and Gender properties respectively. They don't work well as method names.
mandelbr0t
Hackers are not under any obligation to disclose anything. I'm not aware of any law that either forces them to disclose a vulnerability that they have discovered, or any due process that must be followed to do so. I'm also not aware that writing or distributing proof-of-concept code is illegal. Judging by the number of large software vendors either in court (IBM, SCO) or deliberately misinterpreting existing legal documentation (Microsoft and Novell attack the GPL), the law is clearly the only deciding factor in how business will be done in the IT industry.
Therefore, throw your morals and principals out the window. This is laissez-faire economics at it's best. Mud-slinging, sabotage, legal wrangling, death threats and more await as we determine just who has the best software. If these vendors are truly interested in some good-faith reporting from the people who are discovering the vulnerabilities, maybe a show of good faith on their part might be nice. There's absolutely no incentive to do anything in a reasonable or "nice" way, when dragging a hated vendor's name through the mud is both legal and cool.
There's a few things I can think of that would improve matters and reach a common ground where truly malicious software is written only by a few bad apples:
Just to be perfectly clear: I am condoning the MOAB and any other MOxB. I've used too much bad software and seen too many vendors be held utterly unaccountable for their pre-meditated actions against the consumer. Lobby groups funded by these large vendors continue to erode consumer rights. If this is not how business is to be done, perhaps the industry leaders should set a better example.
mandelbr0tThat's not as far-fetched as it sounds. The ELKS project will run on an 8086 PC, and the kernel is only 36k. You even have room for sh, cp and rm (You can use the -i switch to emulate ls) on that 128k floppy. The bad news is that you'll need to port the boot code to the IIe yourself.
mandelbr0tIt's mostly for developers right now (hey, it's even in the correct Slashdot category!).
Personally, I think Japan is building a gigantic supercomputer out of PS3s ;) When Linux got onto PS2, the most common usage for them were clusters. Here's a picture. I can only imagine what a rack full of PS3s can do. Of course, like the PS2, the PS3 is subject to restrictions. From the PS3 EULA:
The PS3 system may contain technology that is subject to certain restrictions under the U.S. Export Administration Regulations, and may not be exported or re-exported to U.S. embargoed destinations. In addition, the PS3 system may not be exported or re-exported to persons and entities prohibited by the U.S. Export Administration Regulations.Have to make sure those Albanians aren't cracking RSA or some such thing.
mandelbr0t
I can't imagine my laptop being the only source of my "valuable data". Admittedly, it's a bit of work, but I'm constantly synchronizing files back and forth between desktop and laptop. So I did a quick Google search to see how many cases of laptops containing valuable data there were. This article has some fun anecdotes about dropping laptops.
Seriously, though, there's some kind of marketing idea that dropping laptops is a huge problem. Apple's solution was one of the biggest gimmicks I've ever heard of. Do people constantly drop their cell phones, Blackberrys, PDAs, etc.? Do they not back up the "valuable data" to another location in case it's stolen?
I'm not going to pay an extra $600 simply for the extra reliability. Surely there's better advantages to publicize?
mandelbr0t
I had an ancient computer when I first got on the 'net (8Mhz 8088). It ran DOS, and had all of the wonderful problems associated with running out of "conventional" RAM. I had a modem and some 'net experience gained through shell accounts on some local BBSes. Trying to coax a PPP connection onto that machine was a hack-job. Since DOS wasn't designed as a network-capable OS, pretty much any attempt to route IP packets to the modem required a network stack, 64Kb of conventional memory down the tubes. So much for running DOSLynx or anything that required any sort of RAM.
Novell seems to be involved in a lot of these old-timer stories, and it is here too. It turns out that Novell had a great packet driver available for DOS -- but it was for an IPX network. Someone released an interesting TSR which used the Novell IPX packet driver to transfer TCP/IP. It saved an enormous 40Kb of RAM, allowing all of those apps that wouldn't start before to run. I'm sure that the shortened stack had all kinds of vulnerabilities, but thankfully there just weren't enough people around to exploit them.
mandelbr0t
The comment is that "based on the way IP addresses are assigned" that he can determine there was no wireless router in use. This suggests to me that there is a process at work that we don't know about, because under normal circumstances, I certainly wouldn't be able to assert such a thing.
Normally, I would expect an ISP to keep logs of physical access to the network (e.g. a DSL modem handshake which records the phone number of the DSL circuit) and allow the logs to be somehow cross-referenced with their DHCP logs. My experience (however, this is with Canadian ISPs) is that it is not easy to obtain a DHCP address from any of the major providers. The modem will need to do some kind of handshake, which sets a flag in a database marking me as authorized, which their custom DHCP server reads to ensure that an IP address is supposed to be assigned. I'm sure this paper trail can verify the IP address that was assigned to my connection, but not to the specific network device that is actually using the connection.
However, there's an easy test that can be performed with the defendant's computer to see what kind of logs are kept. If the plaintiff can successfully tell the difference between the following scenarios from their logs, it goes a long way to establishing the expert's credibility, though the method of doing so is beyond my experience.
Scenario I - Computer connected directly to public Internet
This is really simple. Plug the broadband modem's LAN directly into the defendant's network card. Analyze the output of the logs, showing the assignment of a particular IP to the defendant's network card and verify that it is correct.
Scenario II - Computer connected to WiFi router with cloned MAC address
Most WiFi routers allow you to clone one of your network card's MAC addresses, since many ISPs record a MAC address when you authorize onto their network. Cloning the MAC address is useful, since you don't have to reregister your WiFi router as another PC (most ISPs restrict you to only 1 or 2 dynamic addresses). If you can't clone the MAC address, there is often a place to manually set the address yourself. Enter the MAC address of the defendant's network card into the WiFi router, and connect the LAN from the broadband modem to the WAN port of the WiFi router. Analyze the output of the logs, and show that there is a difference in the output when the IP address is assigned.
My guess is that there won't be any difference; most ISPs rely on the combination of the hardware handshake required to access the physical network and your public facing MAC address to uniquely identify your particular connection and route IP packets to it. The traffic should be identical in both cases: DHCP broadcast to 255.255.255.255 by MAC mm:nn:oo:pp:qq:rr, DHCPOFFER on ww.xx.yy.zz from aa.bb.cc.dd, DHCPACK from ww.xx.yy.zz. There'll also be a cross-reference to the physical access log tying MAC mm:nn:oo:pp:qq:rr to some kind of identifier (phone number, circuit number). If they don't have this entire paper trail, please let me know which ISP they are so that I can switch then claim they didn't provide service. :)
I'm pretty certain that the network hardware shouldn't have any unique fingerprints to tell us which of the two devices actually sent the traffic. If there is a method by which they can somehow determine which of the two devices it is, I'd chase that down. My gut feeling is that such information's reliability would be suspect.
mandelbr0t
How do you determine that someone has no hope? How do you know that the motivation for their crimes is you? You seem to know an awful lot about this person whom you've condemned as unredeemable person. I agree that a pattern of behaviour says a lot, and a person's criminal record should be considered while they are on trial. However, I don't see that justice is improved by assigning a punishment other than the one that fits the crime just because of their past difficulties. 6 armed robbery convictions should have a sentence of 6xa single armed robbery conviction. The fact that the suspect had been involved in 5 prior armed robberies should make the 6th conviction pretty easy. It should also mean that the 6th sentence doesn't have a chance for early parole. It should also mean that it's easy to convince authorities that surveillance of this particular individual when he is freed is a prudent measure. It shouldn't however, carry an automatic life (or death) sentence.
Today, a background check is considered normal in order to get a job. This includes your criminal records, if any. If you have a criminal record, you're not going to get any job for which there is competition (in other words, most of them.) You're a permanent criminal, unredeemable, permanently evil and a bottom-feeder.Yes, and it also includes your credit record. Funny that you mention societal classes, since discrimination on the basis of credit record is also a class-bias: discrimination against the poor. It turns out the the intersection between the criminal class and the poor is rather large (guess what the most common motivation for being a criminal is). There's a vicious circle here: people with bad credit records don't get a job, and turn to crime to survive. People with criminal records can't get jobs and resort to crime to survive. With any luck, your background check in the future will include a high-quality, full-colour photograph, your last 12 months of searches on all popular search engines, all of your purchases for the last 12 months, your FBI case file, your *AA case file, your ISP firewall logs, and anything else that tickles your fancy. That way, we can be sure that we employ only Caucasian Christian Republicans, who as we all know, are genetically incapable of being poor or criminal.
The connection everyone seems to make is this: once a screw-up, always a screw-up. In the words of your own immortal deity: "Let he who is without sin cast the first stone." For some reason, Christians never seem to live that one. Crime is a product of the society you live in. If you want to rehabilitate the criminals, reform your society instead of demonizing the criminals.
Finally, to quote Mark Twain on the subject: "The only truly American criminal class is Congress."
mandelbr0tNow stop putting words in my mouth. The revulsion at the copyright holder is that the playing field is already horribly tilted in their direction, and they want to move it from 80 degrees from horizontal to totally vertical. They already have the right to include DRM with their products, which remove the consumer's legal right to obtain fair use copies of the copyrighted work. DRM didn't work, so now they resort to lawsuits which may or may not have merit.
It so happens that Linux is DRM-agnostic. The OS simply doesn't institute "protections" that prevent it from functioning normally. As a geek, my idea of "functioning normally" involves a great deal of control over my computer. I've had this level of control since I got my first computer, and now the big software companies are trying to take this control away from me. I don't want this control simply to subvert DRM protections. I want it to debug my applications. I want it so I can implement my security plan, not someone else's. I want it so that I can control what hardware I decide to put in the machine, not some being held to some arbitrary marketing idea that "changing 6 or more peripheral devices constitutes installation on a different machine."
Freedom arguments aside (we're clearly polarized in that respect), you show the same ignorance and intolerance of Linux users as pretty much everyone on the planet. Yes, break-the-GPL-and-burn-in hellfire, because I've written GPL code. I understand the purpose of Free Software, and why it needs to be protected. Until you've been there in the Linux trenches, you're just talking out your ass.
mandelbr0t
It's really not that hard to prove. It should, however, involve subpoenaing ISP records. The MAC address is useless, since it can be faked. However, there is obviously some internal mechanism by which the physical network can detect your presence. If these records didn't exist, no one would ever have to pay their Internet bill, because they could claim the service wasn't provided. Cross-referencing the physical network access logs with firewall logs could establish with considerable certainty that your cable/DSL connection was assigned a specific IP address.
I can see only 2 ways to dispute that you had a particular IP address:
mandelbr0t
One of the linked PDFs (the report debunking the expert), they mention that the standard of evidence to prove that the entire file is available from a particular client should be using a firewall to block out all IPs except the one in question, and see if it is still possible to obtain the file. It also mentions the transience of availability; is the file still available in its entirety 10 days after first retrieving it?
mandelbr0t
Which is what everyone says. That shows that you don't know anything about the present-day Linux desktop. Question: what mainstream app is missing from the business computing desktop environment?
Is it:Well, the list goes on. Custom-written software (could work well under emulation unless designed specifically to thwart WINE), IP Telephony (Skype has a Linux client), and so on. My point is that any business that's interested could switch today if they wanted. There's no missing killer app (unless you're trying to make excuses). The roadblocks to migrating entirely to Linux on the business desktop are all artificially created by Microsoft to protect their monopoly. The most difficult part is convincing your users that it's a good choice. They've been brainwashed by years of Microsoft marketing, and believe pretty much every word that comes out of Steve's and Bill's mouths blindly. Many organisations will encounter significant resistance during training as belligerent, brain-washed Microsoft junkies demand that things go back to the way they were. That's unfortunate, because I can finally say after almost 15 years of using Linux, that using a Linux desktop is a joy, not an arduous task that requires command-line hacking to accomplish everything it can do.
Everyone has missed this: How do you prove that the hard drive hasn't been in another computer prior to the defendant's? I assure you, all of the copyrighted works on my machine that were deleted were deleted by the person who owned the HDD before me. I lent my hard drive to a friend so that he could back up the one in his machine that was dying. I bought one from e-bay, and I can't contact the seller any more. I had my machine in for repairs and they had to re-image it. There's a bunch of legitimate reasons that someone else had access to my hard drive that don't involve any kind of malware or hacking, and none of them are my responsibility.
mandelbr0t
Unfortunately, IPTV is being used to discriminate already. There are many complaints of IPTV service being provided only to wealthy neighbourhoods, citing cost barriers to entry for the service in poorer, outlying neighbourhoods. So, now all I have to do is buy IPTV, and the side-effect is that my other 'net traffic is prioritized ahead of that guy who not only can't afford IPTV, but doesn't even have it available for him.
IPTV is clearly a loophole to avoid true 'net-neutrality.
Read the earlier discussion about AT&T being involved in unjust fiber rollouts here
mandelbr0tThere are people claiming that they received e-mail stating that it was a malicious attack. I'm guessing that it's just some pranksters jumping on the bandwagon, but who knows. Others are claiming that Firefox 2 had a scripting vulnerability which led to this problem.
mandelbr0t
Like secure enough to prevent Microsoft from embedding their agents in the DOJ and overturning the antitrust suit?
Oh wait...
mandelbr0t
The most interesting thing about this quote is that it started page 2 of the article. Page 1 seemed to take an informative tone, but it mostly tasted like Pablum. Talk about not rocking the boat. Don't want people accidentally reading something about "civil liberties" and thinking it applies to them. mandelbr0t
Try being a little cynical for a few minutes, and stay with me. The issue in this particular case was not how quickly the project could be done; in fact, there didn't appear to be much interest in creating a working project at all. The reason for this is simple: a project manager 4 years ago made a prediction about cost and timeline. There is also no possible way he could be wrong; the company committed to the cost and timeline when the prediction was made. And the project manager's MBA trumps my experience. It also turns out that this was a security project; cutting corners on such a project would be detrimental to the company. Again, we're not talking technical details. The actual security of the project is secondary to the appearance of security. The possible timeline of the project is secondary to what the project manager determines the timeline actually is.
It turns out that geeks can get rich in this scenario too. IMO, you'd have to be unethical to play along though. Effectively, you are being given money to delay the project or come up with reasons why it's infeasible in its current form. Personally, I prefer being given money to make technology work instead of making up stories. Of course, after a project has been managed this way for 4 years, you don't have to try very hard to find reasons that it's infeasible in it's current form. Unfortunately, only the project manager gets to decide when the project actually gets axed. Development on such a project is miserable; you get punished for writing good code. Maybe some people can put up with that, but I can't.
mandelbr0t
More than just making the ad-spam more interesting, it is wonderful to feed to your Bayesian filter. Now you can actually train your filter to tell the difference between the advertising/newsletters that come from their company and have a hope in hell of containing information interesting to you, and the stuff that comes from their "affiliates".
:)
I'm not really bothered by a search engine customizing advertising and other content based on my search preferences. Mind you, I haven't used the word "llama" in a search yet, so I could be a bit biassed.
mandelbr0t
If you have to ask...
.COM bubble. There's a bunch of hyped technologies, a bunch of consulting companies monopolizing the HR, a bunch of VC firms with slush funds to melt, and very few people that actually understand any of it. I don't see any changes to marketing or project hype; a presentation to my 2004 technical college class sounded like it was written by c.2000 .COM gurus. All in all, it seems to me that the Web 2.0 bubble is based on the same psychology as .COM: "Anybody who understands the technology is too dumb to understand the business".
.COM bubble burst. I knew a crap-load about CGI and server-side scripting and HTML and Unix and Apache and so on. They seemed to pay me well, until I took into account the down-time between contracts. Moving out of the IT industry didn't seem to be an option as long as I was in the recruiters' databases. On the bright side, I'm not so dumb about the business any more. The business is effectively this: "I don't know how to implement X, but I know how to bully some techie dweeb into implementing it for me for a tenth of what it's worth."
:P
Web 2.0 looks to me to be the same as the
Let me try and expound on that last statement a bit; it is based on personal experience, not some knee-jerk reaction. I got hired as a consultant about 9 months before the
All of the latest marketing and hype for Web 2.0 seems to have this same negative attitude about tech. dweebs. Geeks become slaves, IPOs go through the roof (but you can't afford the shares on a geek's salary) and companies sell vapourware. Projects go over budget, get extended, fire their entire team, hire more expensive consultants and extended again. The last contract I was at was still suffering from this crap. The product had been in development for 4 years by 2-3 people full-time, and I could still write a better version in 6 months by myself.
If there was an obvious decline in corporate corruption, I'd say that Web 2.0 might not be such a bubble. AJAX and other "dynamic" approaches do offer a better end-user experience. Broadband content is commonplace. Blogging is popular. But the overall negatives vastly outweigh the positives. We need to stop thinking about technology as a short-term investment strategy, and consider the overall societal impact. I'm not in it for the IPOs myself; I hope those that are start to listen to the geeks. "Don't make me angry; you wouldn't like me when I'm angry"
mandelbr0t
Riiiight. The US government is going to offer a multi-billion dollar contract of the highest national security importance to a project that's run by one guy... ...and he's Canadian.
Not that I'd complain about having Canadians managing American national security, but somehow I don't see it happening.
mandelbr0t
WTF? Why is there always someone with mod points that thinks the ROT-13/ROT-26 encryption joke is funny? I stopped using ROT-13 15 years ago.
mandelbr0t
(among others). As you can see, there's no requirement that a user actually type a password. In many cases, a certificate file will provide the appropriate credentials to unencrypt the data. From a cursory reading, this looks like Real Security(TM) as opposed to the Microsoft variety.
mandelbr0tSo I actually need to buy a PIN pad for home use now?!
Seriously, we're talking about a solution for a home user. While there are obvious benefits to EPP-based security, I hardly think it's worth the expense for online shopping when the free solutions compromise very little in the way of security. By the way, is the pad Visa/PLUS certified? What about gateway services: who supports your pad? The link you provided didn't work.
mandelbr0t