I hate to say it but Covad used verizon for their network backbone. This is why covard can take up to 6 months for installation. Its verizon fucking with everyone. Either way your screwed.
Ah, but Verizon uses Verizon for everything. At least with Speakeasy/Covad I don't have to deal with Verizon technical support or Verizon customer support, both of which I have found entirely inadequate. I think with Covad, Verizon is only in charge of the actual DSL wire itself and nothing else, and there are so many other places that problems can arise (in fact, I don't think any of the numerous problems I had with Verizon DSL had to do with the wire itself). The other factors make a huge difference in quality of service.
If that's what it takes to stay in business, I hope that Covad raises their prices. I would gladly pay almost double what I am now for my Speakeasy service without a second thought considering my only other option is Verizon DSL (which I had previously and which was absolutely the worst customer service experience of my life). Please charge more, Covad - your service actually works (unlike Verizon which was frequently down for weeks on end).
This is exactly what ticked me off about Kozmo. They actually had something (their service) that I would have paid a premium for and yet they still attempted to undercut tradional stores that sold the same products. If they had just charged I little more I could still rent videos in my underwear. So once again, please charge more Covad - Speakeasy is lightyears ahead of Verizon in terms of quality and I will pay a very large premium for that. Besides, I write my DSL off on my taxes anyway so it's not a big deal.
Flash appears to be working on Linux now. I've viewed a few flash enabled (read infested) pages now and Mozilla hasn't crashed yet. Of course, this happened with the last few milestones as well - I would try flash out with them, it wouldn't crash right away, so I decided to keep flash around, but then a few minutes later it would crash on another flash enabled page. I'm optimistic about this milestone, though, because it looks like the focus was on fixing bugs and some of the flash pages which used to crash Mozilla no longer do.
Nah, it was Speakeasy. I didn't mention the name because I almost never have problems with them, their customer service is excellent, and they were very fast to fix things this morning. Three hours of downtime for the past year is pretty frickin good.
If there is one place where you don't want to be faking a demo it's in a court of law. If this doesn't show Microsoft's hubris, I don't know what does.
When I woke up today my DSL connection wasn't working. My first reaction was to think of what could possibly have happened to cause it to go down and after about a few seconds I thought "oh crap, Code Red did succeed in grinding the internet to a halt." I was about to be very angry at Microsoft for ruining the net for those of us who don't even use IIS until I tried my dial-up connection and it worked fine. So it was just a local DSL issue (which is fixed now - thankfully, as I was beginning to go through withdrawal).
There is a FAQ on Trade Secret Basics at nolo.com. In particular, look at the question titled
"What rights does the owner of a trade secret have?" I am not a lawyer, but I think it would be reasonable to assume that the SirCam virus would be covered by the line that talks about "people who learn about a trade secret by accident or mistake" (these people are not allowed to divulge the trade secret). So, I am playing it safe with files sent to me as the result of SirCam and just deleting them.
Things to do with Konqueror that you can't do with the others, at least in Linux:
4. Add bookmarks to specific folders/submenus.
Mozilla does this rather nicely, actually. I think this feature was added in one of the more recent milestones, so I can see why you might have thought it wasn't there. Mozilla is quite nice these days (and 0.9.3 just branched - woohoo!) - not to say that Konqueror isn't, of course.
The first two things you mention are as harmless as the original poster said already, and additionally they're already possible to do now! By doing the same things people do to get their site to be in the first 10 hits.
I don't think there there is another means presently known to redirect the user directly from the list of results within a search engine before the user ever actually clicks on any of the results. Maybe you misunderstood what I wrote or I wasn't clear in what I meant - or maybe I'm misunderstanding you now. How can you go about redirecting users from the page within the search engine that shows the first few results without using this Javascript exploit?
How the things that I listed differ from the things listed by the original poster are that the original poster considered the most nefarious possibility of redirection to be an annoyance (in the same way that porn sites flood you with annoying popups [from what I've heard]) whereas I suggested that a much worse use of redirection would be to deceive the user. The key is that the user thinks he is still on Lycos when he is not and this opens up a whole can of worms. Perhaps you consider this "harmless" because you think people who don't look up at the URL location of each web page they visit are stupid, but when you click on the "Search" button of your favorite search engine how many times do you look up at the location to see that the results are indeed from where you expect?
The third possibility you mention is not likely at all to work as people don't have to login to use a search engine.
Lycos does have web based email, which quite a few people use, and I think they have some other services that require registration as well. I would wager (based on Bayes' theorom) that people using Lycos for searching are more likely to have Lycos webmail accounts than the average internet user.
JavaScript is a relatively harmless language. While it could do something dramatic redirect the user to a porn site or display something obnoxious on the screen, I doubt that it would do anything like delete user's harddrives or give h@x0rs access to user's computers.
Redirection could be used for more than just annoying purposes. The thought can comes to my mind right away is that it could be used for deceptive purposes:
Users could be automatically whisked away to one of the results without seeing any of the other results in the list. So as long as you can get your page in the top ten results for a particular keyword, you can force the user to choose your page.
Users are (understandably) expecting a Lycos page, so if the Javascript were to redirect the user to a page that masqueraded as a search-results page the user would be likely to assume that the page was legitimate and not biased. As an example, the "Church" of Scientology could use this bug to redirect users to an apparent Lycos results page for a search on "scientology" and they could change all of the results to be pro-scientology. Worse yet, they could change the links to anti-scientology sites to copies of the original sites which have been changed to something along the lines of "We've changed our minds. We were wrong. Scientology is not evil. All hail L Ron."
For users of other Lycos services, such as Lycos mail, the user could be redirected to an imposter Lycos page which would ask for a username and password. Users would be much less likely to be suspicious because they were expecting a Lycos page.
We were using the sense of random that they had an even distribution.
Ah, so there's the problem. You specifically said in your first post (and I quote):
Any mathematically random data cannot be compressed.
That would certainly indicate that you were talking about the mathematical definition of "random" (which doesn't require "an even distribution"). I guess the Slashdot title and description didn't help matters - I don't know why they used the colloquial meaning of "random" in a context where it means something different (the mathematical context).
Anyway, my original post was in response to the assertion that you can't compress "a string of random numbers". If the string were an unknown sequence of uniformly distributed random variables, then that makes sense, but that wasn't stated.
Huh? For the sequence to be random, each subsequent outcome must have an equal probability of occurring. That is, each subsequent digit must have an equal likelihood of being a zero or a one.
No, that's called a uniform distribution. It's a sufficient, but not necessary condition of randomness. There are plenty of other random distributions.
Of or relating to a type of circumstance or event that is described by a probability distribution.
And then take a look at this list of probability distributions. You will see that your "definition" of random actually only describes the uniform distribution and that there are plenty of other ways for a variable to be random.
here's a simple test... try to compress the "random" string of numbers; if you can compress a string of random numbers, it isn't
I don't think that's correct. Consider an irrational number whose digits after the decimal point each have a 9/10 probability of being a 0 and a 1/10 probability of being a 1. Here are some examples that satisfy this:
This is definitely random (you have no way of knowing whether the next digit will be a 0 or a 1), but it is also definitely compressable (each such number should be compressable to about 1/10th of the original size).
Now, I'm not saying that PI can be compressed in this manner, but if any digit did happen to appear more than another it could be compressed while still being random. A simple Huffman coding should suffice for such cases.
Remember how the Internet started? Funny, I don't remember there being any venture capitalists swarming around DARPA. It was all too technical, too esoteric, and too geeky for them.
A few years ago, some of the VCs got the idea that this Internet thing was actually a "Good Idea" and they embraced it. They embraced it with vigor and enthusiasm.
To be fair to the VCs, there may have been other reasons why they didn't show an interest in the internet earlier - in particular, red-tape. If I remember correctly, I don't think that the internet was allowed to be used for commercial purposes before the early 1990's. This is what Al Gore was instrumental in changing in the early 1990's (and what I think he was referring to in his infamous quote which was taken as a claim to his having invented the internet).
If he's running any old binary sent to him, why not have one of your friends send a gift in reply? All it needs to do is grab the IP and timestamp, then email those details to you. Forward that to the police who can get location data from the ISP.
Why not bypass the ISP (and the accompanying red-tape) entirely? If the laptop is using a modem to connect to the net, send the thief a binary which would cause the modem to call your home or work number and immediately play a sound clip that you can identify. When you receive a call that plays the sound clip, look on your caller ID and then use a reverse directory to map the phone number to a physical address.
If the laptop is using ethernet to connect... well, that's a bit tougher. I'm not sure how to track it without the assistance of the ISP it in that case.
OK, so you've shown that if a friend emails you a suspicious.exe, you create a phony account with no permissions then run it from that account. This is also possible in Win2K and Windows XP. So what's your point?
So why doesn't Outlook do this automatically? Seriously - Outlook could set up a dummy user account at installation time and whenever an attachment is to be executed it could use the previously created dummy user to execute it. To all the posters who wrote that setting up a dummy user to execute attachments is too hard for most users, too cumbersome, or too inconvenient, what's the problem if this is built into Outlook and transparent to the user?
I noticed this yesterday in my logs as well as some other strange requests that looked like somebody trying to break in.
Say, here's an idea... machines which request URLs like this have already been cracked and may still be vulnerable to the hole that the worm exploits (or does the worm patch this hole after exploiting it?). Somebody could take control of the cracked machines in the same way that the worm did and once inside introduce an antidote that eliminates the worm and patches the vulnerability. This could even be set up as a cgi script so that these cracked machines can be automatically cured.
It's a nice thought, but probably not worth the effort. Somebody would be bound to get upset by this good samaritan hacking and sue. It would also be too tempting to have the IIS "patch" that the antidote delivers be Apache (and OpenBSD for the ambitious).
Now doesn't this mean that if you do write a software based CD player that gracefully does error correction you will then be in violation of DMCA?
I think that the DMCA requires that for a circumvention device to be illegal its primary purpose must be circumvention. There already exists a lot of software out there, such as
cdparanoia,
which was written to interpolate out the errors on CDs and I believe that their primary use has been to do this on normal (i.e., not brain-damaged) CDs. I doubt that the DMCA would make such software illegal as it serves a legitimate purpose in its primary use.
This raises an interesting point, though - wouldn't the music labels intentionally introducing errors onto CDs actually encourage copying? If I purchased a CD with errors on it I would use something like cdparanoia to correct the errors and then save the results on a CD-R as the results would be more resistant to actual errors that arise from scratches and physical jostling while playing in the future (this assumes that I liked the music enough to do this - my first inclination would be to return it for a refund). I would not have needed to make the copy had the CD been normal because the error correction capabilities would have not been degraded already.
Disclaimer: I am not a lawyer and the above should not be taken as legal advice.
And I'll tell you one thing -- ain't no way in hell my mom's gonna go looking on discussion forums for a scanner driver! The blueberry iMac was hard enough for her to learn how to use already.
You should have gotten her the tangerine iMac - everybody knows that tangerine is more user friendly than blueberry.
Possibility #1 Perhaps the same reason that they wrote a version of IE for Solaris - they want to be able to say that their software has "cross platform" support. This was originallly done with IE because quite a few companies listed a standardized client across all their computers as their main reason for not switching from Netscape to IE. Microsoft wrote a Solaris version of IE so that they could convince the PHBs at these companies that they provided cross platform support (as if Solaris and the Macintosh are the only platforms besides Windows), but last I heard IE on Solaris is a joke (big surprise).
I would expect the same thing to happen with Mono. Microsoft could say "if you want to use.Net you can use any platform, but if you want it to be 'optimized' (i.e., to work in a non-crippled manner) use Windows."
Possibility #2 Microsoft is planning on charging for the use of its services which are delivered over.Net. Linux does hold a very big chunk of the server market. Having.Net on Linux would allow Microsoft to collect a toll on the users who connect to Linux servers.
Possibility #3 It would also allow them to gain a foothold on a platform where they have no leveraging power at all today. If Linux, Java, or anything else lives up to its promise of make the OS irrelevant, Microsoft will be one step ahead because they will already control the necessary services which sit on top of the OS.
What to do when the schools have all the computers they need (unlikely, but let's be optimistic for a second)? Donate them to schools/people in developing countries where people can't afford even the $400 PCs floating around today (this would be most people in the world). I can't think of a better way to sow the seeds for the development of a massive army of Linux hackers destined to propel Linux to total world domination than to grab this massive market that Microsoft doesn't care about and where the people have a much stronger work ethic (and would therefore be willing to hack) than most in the US.
Mono is the word for `Monkey' in Spanish. We like monkeys.
Although, this is a very clever name considering Microsoft has recently taken to calling the GPL a virus. Now we can say "you misunderstood - it's not a viruses, it's about monkeys."
Slashdot Mirror
Ah, but Verizon uses Verizon for everything. At least with Speakeasy/Covad I don't have to deal with Verizon technical support or Verizon customer support, both of which I have found entirely inadequate. I think with Covad, Verizon is only in charge of the actual DSL wire itself and nothing else, and there are so many other places that problems can arise (in fact, I don't think any of the numerous problems I had with Verizon DSL had to do with the wire itself). The other factors make a huge difference in quality of service.
This is exactly what ticked me off about Kozmo. They actually had something (their service) that I would have paid a premium for and yet they still attempted to undercut tradional stores that sold the same products. If they had just charged I little more I could still rent videos in my underwear. So once again, please charge more Covad - Speakeasy is lightyears ahead of Verizon in terms of quality and I will pay a very large premium for that. Besides, I write my DSL off on my taxes anyway so it's not a big deal.
It looks like somebody has beaten you to it.
Flash appears to be working on Linux now. I've viewed a few flash enabled (read infested) pages now and Mozilla hasn't crashed yet. Of course, this happened with the last few milestones as well - I would try flash out with them, it wouldn't crash right away, so I decided to keep flash around, but then a few minutes later it would crash on another flash enabled page. I'm optimistic about this milestone, though, because it looks like the focus was on fixing bugs and some of the flash pages which used to crash Mozilla no longer do.
Nah, it was Speakeasy. I didn't mention the name because I almost never have problems with them, their customer service is excellent, and they were very fast to fix things this morning. Three hours of downtime for the past year is pretty frickin good.
Yes! In fact, they did it multiple times!
If there is one place where you don't want to be faking a demo it's in a court of law. If this doesn't show Microsoft's hubris, I don't know what does.
When I woke up today my DSL connection wasn't working. My first reaction was to think of what could possibly have happened to cause it to go down and after about a few seconds I thought "oh crap, Code Red did succeed in grinding the internet to a halt." I was about to be very angry at Microsoft for ruining the net for those of us who don't even use IIS until I tried my dial-up connection and it worked fine. So it was just a local DSL issue (which is fixed now - thankfully, as I was beginning to go through withdrawal).
There is a FAQ on Trade Secret Basics at nolo.com. In particular, look at the question titled "What rights does the owner of a trade secret have?" I am not a lawyer, but I think it would be reasonable to assume that the SirCam virus would be covered by the line that talks about "people who learn about a trade secret by accident or mistake" (these people are not allowed to divulge the trade secret). So, I am playing it safe with files sent to me as the result of SirCam and just deleting them.
4. Add bookmarks to specific folders/submenus.
Mozilla does this rather nicely, actually. I think this feature was added in one of the more recent milestones, so I can see why you might have thought it wasn't there. Mozilla is quite nice these days (and 0.9.3 just branched - woohoo!) - not to say that Konqueror isn't, of course.
I don't think there there is another means presently known to redirect the user directly from the list of results within a search engine before the user ever actually clicks on any of the results. Maybe you misunderstood what I wrote or I wasn't clear in what I meant - or maybe I'm misunderstanding you now. How can you go about redirecting users from the page within the search engine that shows the first few results without using this Javascript exploit?
How the things that I listed differ from the things listed by the original poster are that the original poster considered the most nefarious possibility of redirection to be an annoyance (in the same way that porn sites flood you with annoying popups [from what I've heard]) whereas I suggested that a much worse use of redirection would be to deceive the user. The key is that the user thinks he is still on Lycos when he is not and this opens up a whole can of worms. Perhaps you consider this "harmless" because you think people who don't look up at the URL location of each web page they visit are stupid, but when you click on the "Search" button of your favorite search engine how many times do you look up at the location to see that the results are indeed from where you expect?
The third possibility you mention is not likely at all to work as people don't have to login to use a search engine.
Lycos does have web based email, which quite a few people use, and I think they have some other services that require registration as well. I would wager (based on Bayes' theorom) that people using Lycos for searching are more likely to have Lycos webmail accounts than the average internet user.
Redirection could be used for more than just annoying purposes. The thought can comes to my mind right away is that it could be used for deceptive purposes:
This guy sounds like he did something similar.
Ah, so there's the problem. You specifically said in your first post (and I quote):
That would certainly indicate that you were talking about the mathematical definition of "random" (which doesn't require "an even distribution"). I guess the Slashdot title and description didn't help matters - I don't know why they used the colloquial meaning of "random" in a context where it means something different (the mathematical context).Anyway, my original post was in response to the assertion that you can't compress "a string of random numbers". If the string were an unknown sequence of uniformly distributed random variables, then that makes sense, but that wasn't stated.
No, that's called a uniform distribution. It's a sufficient, but not necessary condition of randomness. There are plenty of other random distributions.
you are redefining "random".
Not quite. Take at look at the second definition of "random" from dictionary.com (the one that's explicitly labeled as the mathematical definition):
And then take a look at this list of probability distributions. You will see that your "definition" of random actually only describes the uniform distribution and that there are plenty of other ways for a variable to be random.I don't think that's correct. Consider an irrational number whose digits after the decimal point each have a 9/10 probability of being a 0 and a 1/10 probability of being a 1. Here are some examples that satisfy this:
This is definitely random (you have no way of knowing whether the next digit will be a 0 or a 1), but it is also definitely compressable (each such number should be compressable to about 1/10th of the original size).Now, I'm not saying that PI can be compressed in this manner, but if any digit did happen to appear more than another it could be compressed while still being random. A simple Huffman coding should suffice for such cases.
A few years ago, some of the VCs got the idea that this Internet thing was actually a "Good Idea" and they embraced it. They embraced it with vigor and enthusiasm.
To be fair to the VCs, there may have been other reasons why they didn't show an interest in the internet earlier - in particular, red-tape. If I remember correctly, I don't think that the internet was allowed to be used for commercial purposes before the early 1990's. This is what Al Gore was instrumental in changing in the early 1990's (and what I think he was referring to in his infamous quote which was taken as a claim to his having invented the internet).
Why not bypass the ISP (and the accompanying red-tape) entirely? If the laptop is using a modem to connect to the net, send the thief a binary which would cause the modem to call your home or work number and immediately play a sound clip that you can identify. When you receive a call that plays the sound clip, look on your caller ID and then use a reverse directory to map the phone number to a physical address.
If the laptop is using ethernet to connect... well, that's a bit tougher. I'm not sure how to track it without the assistance of the ISP it in that case.
So why doesn't Outlook do this automatically? Seriously - Outlook could set up a dummy user account at installation time and whenever an attachment is to be executed it could use the previously created dummy user to execute it. To all the posters who wrote that setting up a dummy user to execute attachments is too hard for most users, too cumbersome, or too inconvenient, what's the problem if this is built into Outlook and transparent to the user?
I noticed this yesterday in my logs as well as some other strange requests that looked like somebody trying to break in.
Say, here's an idea... machines which request URLs like this have already been cracked and may still be vulnerable to the hole that the worm exploits (or does the worm patch this hole after exploiting it?). Somebody could take control of the cracked machines in the same way that the worm did and once inside introduce an antidote that eliminates the worm and patches the vulnerability. This could even be set up as a cgi script so that these cracked machines can be automatically cured.
It's a nice thought, but probably not worth the effort. Somebody would be bound to get upset by this good samaritan hacking and sue. It would also be too tempting to have the IIS "patch" that the antidote delivers be Apache (and OpenBSD for the ambitious).
I think that the DMCA requires that for a circumvention device to be illegal its primary purpose must be circumvention. There already exists a lot of software out there, such as cdparanoia, which was written to interpolate out the errors on CDs and I believe that their primary use has been to do this on normal (i.e., not brain-damaged) CDs. I doubt that the DMCA would make such software illegal as it serves a legitimate purpose in its primary use.
This raises an interesting point, though - wouldn't the music labels intentionally introducing errors onto CDs actually encourage copying? If I purchased a CD with errors on it I would use something like cdparanoia to correct the errors and then save the results on a CD-R as the results would be more resistant to actual errors that arise from scratches and physical jostling while playing in the future (this assumes that I liked the music enough to do this - my first inclination would be to return it for a refund). I would not have needed to make the copy had the CD been normal because the error correction capabilities would have not been degraded already.
Disclaimer: I am not a lawyer and the above should not be taken as legal advice.
You should have gotten her the tangerine iMac - everybody knows that tangerine is more user friendly than blueberry.
Possibility #1 Perhaps the same reason that they wrote a version of IE for Solaris - they want to be able to say that their software has "cross platform" support. This was originallly done with IE because quite a few companies listed a standardized client across all their computers as their main reason for not switching from Netscape to IE. Microsoft wrote a Solaris version of IE so that they could convince the PHBs at these companies that they provided cross platform support (as if Solaris and the Macintosh are the only platforms besides Windows), but last I heard IE on Solaris is a joke (big surprise).
I would expect the same thing to happen with Mono. Microsoft could say "if you want to use .Net you can use any platform, but if you want it to be 'optimized' (i.e., to work in a non-crippled manner) use Windows."
Possibility #2 Microsoft is planning on charging for the use of its services which are delivered over .Net. Linux does hold a very big chunk of the server market. Having .Net on Linux would allow Microsoft to collect a toll on the users who connect to Linux servers.
Possibility #3 It would also allow them to gain a foothold on a platform where they have no leveraging power at all today. If Linux, Java, or anything else lives up to its promise of make the OS irrelevant, Microsoft will be one step ahead because they will already control the necessary services which sit on top of the OS.
Donate them to schools. The Linux Terminal Server Project for schools, as mentioned in a previous article's comments, seems like it could benefit immensely from this.
What to do when the schools have all the computers they need (unlikely, but let's be optimistic for a second)? Donate them to schools/people in developing countries where people can't afford even the $400 PCs floating around today (this would be most people in the world). I can't think of a better way to sow the seeds for the development of a massive army of Linux hackers destined to propel Linux to total world domination than to grab this massive market that Microsoft doesn't care about and where the people have a much stronger work ethic (and would therefore be willing to hack) than most in the US.
Ugh... I meant to write "it's not about viruses" - there's too much blood in my caffeine stream today.
Mono is the word for `Monkey' in Spanish. We like monkeys.
Although, this is a very clever name considering Microsoft has recently taken to calling the GPL a virus. Now we can say "you misunderstood - it's not a viruses, it's about monkeys."