You should be perfectly safe, as a dumb NAT firewall won't be sending your PC any traffic that it didn't originate. The only possible vectors would be: a) if its connection tracking code gets confused and lets in traffic which it thinks is associated with another connection but really isn't, b) bugs in the NAT firewall device (pretty much the same thing), or c) an attacker gets very lucky with spoofing connections that happen to be in the NAT table (tremendously unlikely).
All up, the chances of anything getting through are pretty much negligible.
The caveat is that stuff on your PC may be making connections without your knowing; and in particular, some programs may use UPnP to open a listening port for incoming traffic. This shouldn't be an issue with an out-of-the-box install.
This is of course assuming the common NAT device setup, where you have your modem/router which gets a public IP address and then NATs all outbound traffic. Inbound traffic will hit the router and not go any further unless the user has explicitly set up forwarding rules on it.
Pretty much everyone with broadband in Australia will be behind such a device, as this is the kind of device most every ISP recommends or sells. Not sure what the norm is elsewhere in the world.
That's true, but it brings us back to Jezza's point -- anything that's too inconvenient is pretty much worthless. Maybe if you're doing something really illegal like child porn you might consistently go to the effort to hide it, but are you seriously going to reboot your machine off of a USB drive every single time you want to listen to a downloaded mp3 or watch a downloaded movie, etc? And then immediately reboot back to your "legitimate" drive the moment you're done? Every single time?
No way. Either you're going to end up getting lazy and leaving the device attached to your PC (after all, what are the odds of you being raided tonight?) so it's not such a hassle, or you're going to end up never using your PC for anything because there's nothing useful on it. So even in the unlikely event that your secret drive is hidden away when the cops come a knockin', it's gonna look pretty suspicious when they take a look at your drive and see that you never actually use it for anything. Especially if they do some further investigation and determine that your computer is actually on pretty regularly, yet the evidence on the HDD suggests you barely use the computer at all.
But yes, there are ways and means of making sure that you don't get caught, but for them to be effective you have to be very diligent about covering your tracks and never leaving your secret drive (or whatever) out of its hiding place for any longer than is strictly necessary. This goes completely counter to the reason most people download things they're not meant to in the first place -- convenience. Also remember that you don't have the luxury of knowing when the police are going to turn up at your door, or even IF they're going to turn up -- so you have to have a procedure that you follow 100% of the time.
As Jezza said, it's way easier just to buy everything you want.
Except there will be evidence of this -- presumably you need to attach it to your computer to use it, and therefore there will be information about it being connected to your computer. There'll be information so the OS can recognise it and mount it where you like to have put (drive letter, mount point, whatever), logs indicating it was connected and disconnected, and so on. These are likely to be present even if you don't specifically ask for it to be mounted at a particular location. Also, you'll leave traces in various places if you're not very careful, e.g. recently opened documents.
Even a very high level inspection of the machine will reveal that you do regularly connect an external drive to it, and that'll give them cause to perform a thorough search of anywhere it's likely you're hiding it. Or more likely, to demand you provide them with the drive, and it had better match the info in the OS about the drive that's connected.
You might be able to get around this by having another "identical" drive (and hope that it's identical enough) with non-incriminating but private/embarrassing things on it (porn stash perhaps, or naked pics of your ex; or even just financial data) so you can reasonably explain why you have it hidden away. However in doing so you're making it perfectly clear that you are savvy enough to keep data you don't want people finding in a hidden place, so if they actually suspect you of something you'll probably find yourself under surveillance.
And all of this is assuming that you don't make mistakes or get lazy after the 1,000th time of carefully tucking it away. After all, if you actually expected to be raided by the police you wouldn't be doing it in the first place.
Uh, everyone? Or do you really believe that you're the only person in the world that would think of doing bad things using a "hidden" computer?
Next you'll be telling me that people who commit fraud use fake names and addresses and the police have no idea and absolutely no way of tracking them down.
Plans that have download limits are very common outside of the USA. Even if you don't have a download limit, you do have a limited pipe, and downloading data through it reduces the amount of bandwidth they have available for themselves. Also, downloading or uploading data may increase the latency on the link, and if they're primarily using it for gaming (as an example) that might matter to them. Also, if you run P2P through their connection their ISP may deliberately degrade their service as a result. So, there are many ways in which using an open access point for internet access can deprive the owner of something valuable.
That the access point isn't secured doesn't indicate that they are granting permission to others to use it: they may simply not know that it's possible for others to use it. I agree that this presents a problem, because it is not unreasonable to think someone would be making their AP available as a public service, and there isn't any established means of identifying if an open AP is open because the owner wants people to use it, or because they simply didn't know you have to secure it. Personally, I think the law should explicitly declare that an unsecured access point is an invitation to others to use it, and any vendor shipping wireless products should make them "secure by default", even if the security is only a well-known default password. Even better, the wireless specs should be updated so beacon broadcasts include a flag saying "yes, this is a public access point, you're welcome to use it" which is disabled by default. That way, if you encounter an AP broadcasting that flag, you can legally use it under the assumption that it is in fact intended for public access.
Or you need to be able to hijack the target's DNS.
Or you need to be able to MITM in the update servers... the fact they use Akamai helps here (as it means you'd have to MITM a hell of a lot of servers), but also perhaps hinders (there's a lot more different networks, and surely some are poorly secured).
explain why the data center was overrun by a squad of ninjas
CEO: Wait. Let me get this straight. Our website was offline -- costing us forty zillion dollars per nanosecond -- because the data centre was overrun by ninjas?
CIO: Yes, that's exactly right, sir. You see-
CEO: (interrupting) So with the 200 billion dollar budget we allocated you -- and which you spent every last cent of, might I add -- you somehow forgot to provide adequate physical security for the facility?
CIO: Well, no sir, we had 24/7 security -- both humans and robots -- biometric scanners, 14 inch reinforced steel and concrete walls in 7 concentric rings, blast-proof doors, a five factor authentication sys-
CEO: (interrupting again) So then, what you're saying, Mr Fancy Pants CIO, is that you misspent a two hundred million dollar budget on ineffective security measures for our most important computing facility?
CIO: Well, no not really sir, the security of the facility is second to none - there has never been a breach of even the first layer of security in the last 7 years, not even the Ru-
CEO: (interrupting, shouting, spraying the CIO with saliva) SO HOW DO YOU EXPLAIN OUR WEBSITE BEING DOWN FOR OVER 8 HOURS DUE TO THE PHYSICAL SECURITY HAVING BEING BREACHED?
CIO: Well sir, it's like this. Ninjas are awesome. Like, really freaking awesome.
CEO: (the anger immediately leaves his face as he regains his composure) Oh. I see. You're right, ninjas are really freaking awesome. Nothing could have prevented this. Good job.
What kind of indication are you looking for? How do you identify a "real" email address, as opposed to an unreal one?
If your automatic replies are never successfully delivered, then what's the point of having your system generate them?
Unless your auto reply script is only responding to certain emails that clearly do have a reply address which will be read by the spammer, odds are very good you're spamming people yourself.
Point being that you'd be getting attacked by spambots even if there were absolutely no open proxies at all on the internet. There's a lot of malicious people out there, and even more people that think spamming forums to try to make a bit of money isn't malicious in the first place, and they don't need tor or anything else.
Ever noticed an obvious security vulnerability in a site or application and reported it, only to have them get all hostile and blame you for it? Happens all the time, and it's the same mentality as you're displaying: find someone to blame, regardless of how illogical that may be. So long as you can vent on someone, right? Why not blame my ISP for providing me with a server I can do whatever I want with (so long as its legal)? Why not blame your ISP for letting you put a web forum up that isn't sufficiently protected from spambots? That makes about as much sense.
Anyway, you should be glad people are using tor relays: at least with tor there's plenty of easy to obtain lists of exactly what nodes are part of the network in a format that's easy to parse, so if you find tor relays to be a problem you can set up scripts to automatically block access to your forum from tor relays (or just block posting from those IPs). Good luck doing that with the myriad of other vectors for "abuse" of your forums.
If it weren't tor relays it'd be zombiefied boxes, other compromised web servers, hacked accounts, or just people in countries out of your legal system's jurisdiction who don't give a fuck about spam posts to your shitty forum.
Fuck, slashdot has a massive audience and specifically allows any random dude to post to it -- yet there's a notable absence of spambot postings. (Unless you count twitter.)
The only thing making life hell for forum admins is their incompetence, or the incompetence of the people who wrote the buggy flaw-filled software they've decided to use.
I agree that it's stupid, but you do make an interesting point when you mention things that actually matter. Consider something like tor. I run a node because it may, just maybe, be important to someone who's actually using it for something that matters. 99.999% of the traffic going through it is stupid, of course -- I've even received a notification from the MPAA about someone downloading a movie via bittorrent using tor.
And of course, a Google search for my tor hostname (it has a dedicated IP with an unambiguous rDNS entry) shows tor is often used to anonymize probes for vulnerabilities in websites so spambots can submit spam to forums. And then there's the porn.
But all of this provides a lot of noise that makes looking at tor traffic rather uninteresting, and perhaps makes it more likely that people using it for Serious Business will actually be able to do so without being detected. So perhaps there is some value in it. If everybody was well-behaved and only used tor if they had a serious reason to need to remain anonymous, you can bet a lot more people with an exit node would be snooping on the traffic just to see what juicy information they could stumble across.
Not only that but there will be a Debian GNU/Hurd if Hurd ever becomes usable, as well as NetBSD and FreeBSD kernels. So specifying that you're using Debian with a Linux kernel isn't actually redundant. See: http://www.debian.org/ports/index
There's a lot of studies that indicate having a conversation even on a hands-free device is very distracting to the driver, even moreso than having a conversation with someone sitting next to you. Handling a phone obviously doesn't help, but as you've noticed merely having a conversation has a significant effect on concentration.
Well, he is the editor in chief of an online magazine that reviews pirated games, so what do you expect?
Joking aside, remember that the post you replied to is an unofficial translation. Presumably the phrase Ihr könnt uns mal does mean something similar to the English "fuck off", but there may be subtler nuances that make it much less offensive or improper.
Here's a few automatic translations:
You can do us times
You can do us sometimes
You can us once
An online dictionary doesn't know what "könnt" is (though I could take a guess based on the sound of it).
The others have the expected meaning. Ihr - you. uns - us. mal has a few related definitions:
Mal [n] (time, clip) an instance or single occasion for some event.
mal [r] (once, one_time, in_one_case) on one occasion.
mal [r] (once, formerly, at_one_time, erst, erstwhile) at a previous time.
Anyway, of course they're trolling Atari - that's what you're supposed to do when you receive "legal" threats that have no basis in reality. The goal is to see if you can get even more outrageous behaviour out of them. Just make sure you're right before you start, though!
why do you think that someone should retain the sole rights to an image (which is simply an expression of an idea), and therefore to an idea?
I'd be more inclined to suggest people should be able to retain sole rights to the expression of an idea, but not to the idea itself. Ideas are easy to come up with. I have lots of ideas for really awesome games I'd love to play some day. Turning those ideas into playable games that actually do the idea justice is an altogether different matter.
So, the Oblivion artists worked from an idea to create a fantasy styled environment, and turned that simple idea into a lot of textures and 3D models. The programmers created (or licensed?) a 3D engine that could turn those 3D models and textures into 2D images for display on a computer screen. All of that took a lot of work and skill.
The Limbo of the Lost "developers" fired up Oblivion and other games, found locations they liked the look of, and took a screenshot. While their idea was to create a game and they went out and found artwork that suited the theme, it's this appropriation of a particular physical manifestation of the idea that causes the problem.
Now personally, I don't think there's anything especially wrong with this approach to creating games; creating art is a time consuming process, and encouraging re-use is a good idea.
What I do have a problem with is people doing this without the consent of the holder of the copyright on the borrowed material. If the creators of Limbo didn't have the resources to create their own art, then they should have contacted the publishers of various games to see if it was okay for them to use their art in their no-budget production. Maybe they wouldn't have been able to use graphics from big titles like Oblivion, but I'm sure there's plenty of smaller development houses that would've been happy to let them use their atwork in exchange for a cent for each sale in royalties, or just a mention in the credits.
Done the right way, this is a non-issue. Passing the work of as your own isn't the right way to go about it.
Slashdot Mirror
You should be perfectly safe, as a dumb NAT firewall won't be sending your PC any traffic that it didn't originate. The only possible vectors would be: a) if its connection tracking code gets confused and lets in traffic which it thinks is associated with another connection but really isn't, b) bugs in the NAT firewall device (pretty much the same thing), or c) an attacker gets very lucky with spoofing connections that happen to be in the NAT table (tremendously unlikely).
All up, the chances of anything getting through are pretty much negligible.
The caveat is that stuff on your PC may be making connections without your knowing; and in particular, some programs may use UPnP to open a listening port for incoming traffic. This shouldn't be an issue with an out-of-the-box install.
This is of course assuming the common NAT device setup, where you have your modem/router which gets a public IP address and then NATs all outbound traffic. Inbound traffic will hit the router and not go any further unless the user has explicitly set up forwarding rules on it.
Pretty much everyone with broadband in Australia will be behind such a device, as this is the kind of device most every ISP recommends or sells. Not sure what the norm is elsewhere in the world.
Where did you get a digital picture frame for $10?
That's true, but it brings us back to Jezza's point -- anything that's too inconvenient is pretty much worthless. Maybe if you're doing something really illegal like child porn you might consistently go to the effort to hide it, but are you seriously going to reboot your machine off of a USB drive every single time you want to listen to a downloaded mp3 or watch a downloaded movie, etc? And then immediately reboot back to your "legitimate" drive the moment you're done? Every single time?
No way. Either you're going to end up getting lazy and leaving the device attached to your PC (after all, what are the odds of you being raided tonight?) so it's not such a hassle, or you're going to end up never using your PC for anything because there's nothing useful on it. So even in the unlikely event that your secret drive is hidden away when the cops come a knockin', it's gonna look pretty suspicious when they take a look at your drive and see that you never actually use it for anything. Especially if they do some further investigation and determine that your computer is actually on pretty regularly, yet the evidence on the HDD suggests you barely use the computer at all.
But yes, there are ways and means of making sure that you don't get caught, but for them to be effective you have to be very diligent about covering your tracks and never leaving your secret drive (or whatever) out of its hiding place for any longer than is strictly necessary. This goes completely counter to the reason most people download things they're not meant to in the first place -- convenience. Also remember that you don't have the luxury of knowing when the police are going to turn up at your door, or even IF they're going to turn up -- so you have to have a procedure that you follow 100% of the time.
As Jezza said, it's way easier just to buy everything you want.
Except there will be evidence of this -- presumably you need to attach it to your computer to use it, and therefore there will be information about it being connected to your computer. There'll be information so the OS can recognise it and mount it where you like to have put (drive letter, mount point, whatever), logs indicating it was connected and disconnected, and so on. These are likely to be present even if you don't specifically ask for it to be mounted at a particular location. Also, you'll leave traces in various places if you're not very careful, e.g. recently opened documents.
Even a very high level inspection of the machine will reveal that you do regularly connect an external drive to it, and that'll give them cause to perform a thorough search of anywhere it's likely you're hiding it. Or more likely, to demand you provide them with the drive, and it had better match the info in the OS about the drive that's connected.
You might be able to get around this by having another "identical" drive (and hope that it's identical enough) with non-incriminating but private/embarrassing things on it (porn stash perhaps, or naked pics of your ex; or even just financial data) so you can reasonably explain why you have it hidden away. However in doing so you're making it perfectly clear that you are savvy enough to keep data you don't want people finding in a hidden place, so if they actually suspect you of something you'll probably find yourself under surveillance.
And all of this is assuming that you don't make mistakes or get lazy after the 1,000th time of carefully tucking it away. After all, if you actually expected to be raided by the police you wouldn't be doing it in the first place.
Uh, everyone? Or do you really believe that you're the only person in the world that would think of doing bad things using a "hidden" computer?
Next you'll be telling me that people who commit fraud use fake names and addresses and the police have no idea and absolutely no way of tracking them down.
Of course they're not the same: only piracy costs media corporations money. (Terrorism could I suppose, but that's probably covered by insurance.)
Plans that have download limits are very common outside of the USA. Even if you don't have a download limit, you do have a limited pipe, and downloading data through it reduces the amount of bandwidth they have available for themselves. Also, downloading or uploading data may increase the latency on the link, and if they're primarily using it for gaming (as an example) that might matter to them. Also, if you run P2P through their connection their ISP may deliberately degrade their service as a result. So, there are many ways in which using an open access point for internet access can deprive the owner of something valuable.
That the access point isn't secured doesn't indicate that they are granting permission to others to use it: they may simply not know that it's possible for others to use it. I agree that this presents a problem, because it is not unreasonable to think someone would be making their AP available as a public service, and there isn't any established means of identifying if an open AP is open because the owner wants people to use it, or because they simply didn't know you have to secure it. Personally, I think the law should explicitly declare that an unsecured access point is an invitation to others to use it, and any vendor shipping wireless products should make them "secure by default", even if the security is only a well-known default password. Even better, the wireless specs should be updated so beacon broadcasts include a flag saying "yes, this is a public access point, you're welcome to use it" which is disabled by default. That way, if you encounter an AP broadcasting that flag, you can legally use it under the assumption that it is in fact intended for public access.
Or you need to be able to hijack the target's DNS.
Or you need to be able to MITM in the update servers... the fact they use Akamai helps here (as it means you'd have to MITM a hell of a lot of servers), but also perhaps hinders (there's a lot more different networks, and surely some are poorly secured).
Actually, it mostly raises the question why Q1 2008 results are on a web page with a date of "October 25, 2007"
Probably because it's referring to the Q1 results of the 2008 fiscal year, which starts in July 2007.
explain why the data center was overrun by a squad of ninjas
CEO: Wait. Let me get this straight. Our website was offline -- costing us forty zillion dollars per nanosecond -- because the data centre was overrun by ninjas?
CIO: Yes, that's exactly right, sir. You see-
CEO: (interrupting) So with the 200 billion dollar budget we allocated you -- and which you spent every last cent of, might I add -- you somehow forgot to provide adequate physical security for the facility?
CIO: Well, no sir, we had 24/7 security -- both humans and robots -- biometric scanners, 14 inch reinforced steel and concrete walls in 7 concentric rings, blast-proof doors, a five factor authentication sys-
CEO: (interrupting again) So then, what you're saying, Mr Fancy Pants CIO, is that you misspent a two hundred million dollar budget on ineffective security measures for our most important computing facility?
CIO: Well, no not really sir, the security of the facility is second to none - there has never been a breach of even the first layer of security in the last 7 years, not even the Ru-
CEO: (interrupting, shouting, spraying the CIO with saliva) SO HOW DO YOU EXPLAIN OUR WEBSITE BEING DOWN FOR OVER 8 HOURS DUE TO THE PHYSICAL SECURITY HAVING BEING BREACHED?
CIO: Well sir, it's like this. Ninjas are awesome. Like, really freaking awesome.
CEO: (the anger immediately leaves his face as he regains his composure) Oh. I see. You're right, ninjas are really freaking awesome. Nothing could have prevented this. Good job.
What kind of indication are you looking for? How do you identify a "real" email address, as opposed to an unreal one?
If your automatic replies are never successfully delivered, then what's the point of having your system generate them?
Unless your auto reply script is only responding to certain emails that clearly do have a reply address which will be read by the spammer, odds are very good you're spamming people yourself.
Flamebait? That was both funny and clever.
(Would you like fries with that?)
Point being that you'd be getting attacked by spambots even if there were absolutely no open proxies at all on the internet. There's a lot of malicious people out there, and even more people that think spamming forums to try to make a bit of money isn't malicious in the first place, and they don't need tor or anything else.
Ever noticed an obvious security vulnerability in a site or application and reported it, only to have them get all hostile and blame you for it? Happens all the time, and it's the same mentality as you're displaying: find someone to blame, regardless of how illogical that may be. So long as you can vent on someone, right? Why not blame my ISP for providing me with a server I can do whatever I want with (so long as its legal)? Why not blame your ISP for letting you put a web forum up that isn't sufficiently protected from spambots? That makes about as much sense.
Anyway, you should be glad people are using tor relays: at least with tor there's plenty of easy to obtain lists of exactly what nodes are part of the network in a format that's easy to parse, so if you find tor relays to be a problem you can set up scripts to automatically block access to your forum from tor relays (or just block posting from those IPs). Good luck doing that with the myriad of other vectors for "abuse" of your forums.
If it weren't tor relays it'd be zombiefied boxes, other compromised web servers, hacked accounts, or just people in countries out of your legal system's jurisdiction who don't give a fuck about spam posts to your shitty forum.
Fuck, slashdot has a massive audience and specifically allows any random dude to post to it -- yet there's a notable absence of spambot postings. (Unless you count twitter.)
The only thing making life hell for forum admins is their incompetence, or the incompetence of the people who wrote the buggy flaw-filled software they've decided to use.
I agree that it's stupid, but you do make an interesting point when you mention things that actually matter. Consider something like tor. I run a node because it may, just maybe, be important to someone who's actually using it for something that matters. 99.999% of the traffic going through it is stupid, of course -- I've even received a notification from the MPAA about someone downloading a movie via bittorrent using tor.
And of course, a Google search for my tor hostname (it has a dedicated IP with an unambiguous rDNS entry) shows tor is often used to anonymize probes for vulnerabilities in websites so spambots can submit spam to forums. And then there's the porn.
But all of this provides a lot of noise that makes looking at tor traffic rather uninteresting, and perhaps makes it more likely that people using it for Serious Business will actually be able to do so without being detected. So perhaps there is some value in it. If everybody was well-behaved and only used tor if they had a serious reason to need to remain anonymous, you can bet a lot more people with an exit node would be snooping on the traffic just to see what juicy information they could stumble across.
I can't recall ever seeing a house that wasn't at least 6 inches tall, either.
Wow, sometimes the sun really DOES shine out of it!
Maybe, but 992 years is an awfully long time to wait to find out.
Not only that but there will be a Debian GNU/Hurd if Hurd ever becomes usable, as well as NetBSD and FreeBSD kernels. So specifying that you're using Debian with a Linux kernel isn't actually redundant. See: http://www.debian.org/ports/index
There's a lot of studies that indicate having a conversation even on a hands-free device is very distracting to the driver, even moreso than having a conversation with someone sitting next to you. Handling a phone obviously doesn't help, but as you've noticed merely having a conversation has a significant effect on concentration.
I wasn't allowed to misbehave in the carYou were allowed to misbehave elsewhere?
Well, he is the editor in chief of an online magazine that reviews pirated games, so what do you expect?
Joking aside, remember that the post you replied to is an unofficial translation. Presumably the phrase Ihr könnt uns mal does mean something similar to the English "fuck off", but there may be subtler nuances that make it much less offensive or improper.
Here's a few automatic translations:
You can do us times You can do us sometimes You can us onceAn online dictionary doesn't know what "könnt" is (though I could take a guess based on the sound of it).
The others have the expected meaning. Ihr - you. uns - us. mal has a few related definitions:
Anyway, of course they're trolling Atari - that's what you're supposed to do when you receive "legal" threats that have no basis in reality. The goal is to see if you can get even more outrageous behaviour out of them. Just make sure you're right before you start, though!
The evidence suggests otherwise. ;)
I'd be more inclined to suggest people should be able to retain sole rights to the expression of an idea, but not to the idea itself. Ideas are easy to come up with. I have lots of ideas for really awesome games I'd love to play some day. Turning those ideas into playable games that actually do the idea justice is an altogether different matter.
So, the Oblivion artists worked from an idea to create a fantasy styled environment, and turned that simple idea into a lot of textures and 3D models. The programmers created (or licensed?) a 3D engine that could turn those 3D models and textures into 2D images for display on a computer screen. All of that took a lot of work and skill.
The Limbo of the Lost "developers" fired up Oblivion and other games, found locations they liked the look of, and took a screenshot. While their idea was to create a game and they went out and found artwork that suited the theme, it's this appropriation of a particular physical manifestation of the idea that causes the problem.
Now personally, I don't think there's anything especially wrong with this approach to creating games; creating art is a time consuming process, and encouraging re-use is a good idea.
What I do have a problem with is people doing this without the consent of the holder of the copyright on the borrowed material. If the creators of Limbo didn't have the resources to create their own art, then they should have contacted the publishers of various games to see if it was okay for them to use their art in their no-budget production. Maybe they wouldn't have been able to use graphics from big titles like Oblivion, but I'm sure there's plenty of smaller development houses that would've been happy to let them use their atwork in exchange for a cent for each sale in royalties, or just a mention in the credits.
Done the right way, this is a non-issue. Passing the work of as your own isn't the right way to go about it.
How about the post title: "Satirically speaking"?
This gives a clue that the post may be a satire of common /. arguments about why piracy is okay.
The thing that makes it really funny though is the fact that it's a copy and paste of this post, only with some skulls added.
Maybe so, but Captain New Zealand says: Do what the judge orders you to do, you idiot.