Spock and Data are pikers compared to Kim Kinnison, and the ones who've gained "godlike power" all leave the series.
Sisko's "power" is hearing voices in his head, but even that makes him a step above the average man.
But isn't that the point? From Gilgamesh to Robin Hood to Dartagnan to Michael Knight, western literature is about heroes. It always has been, and the best of it still continues to be.
and if you really need steganography (which, I'll admit, is rare)
Needing steganography is rare in the US today, because if somebody asks for your encryption keys you can tell them to fuck off.
However, that is not the case everywhere. You can be jailed for more than contempt of court in the UK for not handing over your keys, and in some countries merely having what it suspected to be encrypted files is grounds for suspicion. It could get you killed in, say, China, if you piss off the right people.
Of course, terrorists may use steganography to hide their intentions as well; but then, they've also been using envelopes instead of postcards, and nobody of consequence has proposed doing away with those either.
As for me, I shall give up my unencumbered crypto when they pry it from my cold, dead fingers, wife and son or no wife and son. They need their liberty more than they need me.
Re:You know, that's really insulting.
on
Morals and Layoffs
·
· Score: 2
At the second job, the owners called us all to a meeting one friday afternoon (payday) and announced that they couldn't pay us because we had run out of money. Two weeks earlier they had called us to a meeting to tell us the company was just fine and they didn't want to hear anyone say otherwise and we weren't going to go out of business any time soon.
Had they fired half of you two weeks earlier, the rest might still be working there today.
As for your subject line; good, it was supposed to be insulting. There are a lot of good people out there, perhaps you're one of them. But I'm sure you know damn well that there are a tremendous number of slugs, and they're the ones bitching the most when they lose their jobs. The rest of us don't bitch, we go find another job.
My father worked the same job for 20 years at a time. I have yet to have a job that lasted more than 2.5 years.
Then accept the level of pay your father did for that job, and they'll be able to keep you for 20 years too.
You can't have both the level of pay modern tech workers expect AND the level of job security our parents had. It's got to be one or the other, and I prefer to make my high salary and possibly miss a couple thousand in income every few years than to make $30k every year.
If it really concerns you, don't spend $10k a year of your salary. Put it in the bank, and live on it if you lose your job.
Oh; and every morning when I get up, I ought to be thanking whatever power or powers run this universe that I wasn't stuck in my first corporate job for 20 years. Think back to your first; do you really wish you'd been there the rest of your life?
Employers do expect two to four weeks notice when an employee quits. It's generally not enforced by contract, but by a general agreement about what is "right", and the certainty that if you just walk out you won't get a good recommendation.
It's illegal to tell someone who's calling to check on a past employee whether or not he gave notice.
You can say when he worked there, what his title was, and answer the question "would you hire him again, given the opportunity" with "yes" or "no".
Anything else will wind you up in court.
Since there are a million reasons why you might not want to rehire someone, the fact that the old employer says "no" isn't that big a deal, and hardly anybody checks references anyway.
So unless you're walking around with a resume full of recommendation LETTERS, and don't want your last employer to be conspicuous in his absence, the only reasons to give two weeks' notice are moral and ethical.
Which, of course, are the most important reasons to do anything.
Only because it's not you
on
Morals and Layoffs
·
· Score: 4, Interesting
We're all berating companies that are losing money, because the executives lay people off instead of cutting their own salaries.
But I wonder; if you were making less money, which would you get rid of first; cable TV and convenience foods, or the kid that gets $20 to mow your lawn?
Either way, you're putting somebody out of work. How dare you choose not to spend that money.
So some evil executive chooses to cut 1,000 employees who are getting paid $60,000 apiece instead of cutting his $10 million salary by 20%. Never mind that 20% of his salary saves the company $2 million, and firing those 1,000 people saves the company $60 million in salaries alone, not counting the other expenses involved in having a 200 watt heater taking up a few square meters of real estate, no, he's being short-sighted and evil.
If you get laid off, you are out a $60,000 salary, and have to find a new job. It won't be impossible, because prospective employers will understand that you got laid off through no fault of your own.
If the $10 million a year executive refuses to lay you off, however, the shareholders will fire HIM, he'll be out $10 million a year, and it'll be hard for him to find a new job right away because he'll have a reputation for not being willing to follow the will of the people who OWN THE BUSINESS.
So how about instead of griping and bitching about the horrible evil executives trying to fire 1,000 people so they don't have to bankrupt out from under 30,000, and instead concentrate on how you can start putting in a whole day's work for a whole day's pay, instead of being on Slashdot on the company's nickel (yep, I'm guilty too), or printing your resume on the company's laser printers, or taking paper clips home, or stealing coffee filters from the breakroom, or otherwise contributing to the fact that the salary of an employee in this country today is a FRACTION of what it costs to have that employee.
Under this act, he could have gotten life in jail for this, had they decided to go after him for federal violations instead of Oregon state.
Is that really the kind of power we want to hand to Ashcroft right now? Do we want some kid with brown skin and Muslim parents to get life in jail because he defaces a web page in protest of some government excess?
Or would we rather he get the kind of punishment he'd get if he'd defaced a meatspace billboard instead of a computer one?
(Sorry for the comment, but the lameness filter wouldn't let me just post the link. Taco, you gotta get rid of that piece of shit, it's not even slowing the trolls down but it's inconveniencing me about every third time I post. I've blown off several posts because it was too goddamn much trouble to figure out what the filter wanted this time.)
I mean, right now "only government and large industry" can build the The Bomb. Wouldn't life be better if everybody had it?
Everybody can build The Bomb now. Everywhere except a couple of countries, it's perfectly legal to build a plutonium or uranium bomb, but even in the US you can build a neptunium bomb perfectly legally, and it will work peachy keen. Not as efficiently as plutonium or uranium, but I defy the victims to tell the difference.
Do Indian tribes have to abide by the Hague Convention or the Berne treaty or whatever that copyright protection treaty is?
Depends on the tribe. Each tribe has a treaty with the US, defining (among other things) how US law affects them.
Some have stupid treaties, and are essentially US territories with little autonomy.
Others, like the Chickasaws for instance, have treaties that fully preserve their sovereignity, and are essentially another country inside the US, subject to US law only if their tribal legislature votes to be subject to it.
We have been looking for safe havens and if we put Indian reservations on the Internet that sounds like it might fit the bill?
Some tribes have thought about this. And some already have ISPs.
The Chickasaws had one (I know, I built it), but they sold it. However, to the best of my knowledge it still exists on tribal land, and is owned by a Chickasaw, so it is probably still not subject to US law.
Relying on host features to prevent denial of service attacks is pointless
Relying on ANY single point of security is pointless.
ISPs need to pull their finger out, and start doing filters that prevent source address spoofing.
Nobody said they didn't. I did when I ran an ISP.
But until the laws of every country in the world mandate this, upon penalty of death, it's not going to happen.
Instead of convincing 200 countries to make a change, don't you think it'd be more productive to try to convince a handful of people to make a change that increases security somewhat on 95% of the PCs connected to the Internet? Especially IN ADDITION to convincing ISPs to do their jobs?
And, once again, the lameness filter blocks useful information from being posted, while down in level -1 the trolls continue unabated.
I spent fifteen minutes one day trying to figure out how to get the lameness filter to accept my post, and eventually just blew it off and didn't post.
I'd send Taco a bill for my time, if I wasn't worried he'd send me one for all the emails I've sent bitching about the moderation system.:-)
The scientific community must recognize the harms these rules pose and provide guidance about how to improve the anticircumvention rules.
No; the scientific community must completely abandon the field in the United States, and let us become a backwater third-world country in that particular field, with all the research that isn't done by the NSA being done in other countries.
Ideally, a good percentage of the scientists would leave the country, but I wouldn't advocate that personally.
When the US feels like rejoining the world in this field, our government will. In the meantime, all the information will be open to hackers, and it'll be just like a William Gibson novel.
This is the same as win9x, macos, win2000 with users who run as administrator, and linux with users who run as root!
Those users choose to run as root. With XP, ActiveX controls on a web page will be able to run as root, without any knowledge of the user. Contents of emails will be able to run as root.
Thirdly, adding raw sockets is a very common add-on to windows and linux just to do these kinds of DoS attacks.
Yes, but you have to get enough access to add it on. With XP, you won't, anymore. It'll be a whole hell of a lot easier to do. As for Linux, the fact that you think it's an add-on speaks volumes as to whether you know what you're talking about.
It's up to the operating system to be able to *handle* badly formed data, not other OSes to protect it from it!
Name one operating system that can "handle" a massive distributed denial of service attack. I'm sure the entire industry is awaiting your answer with baited breath. What OS is on the other end means nothing when 10 pounds of shit is being rammed into a five-pound sack.
Steve's objection isn't to raw socket support. Raw socket support is available in every mature OS in existence that has TCP/IP support.
Steve's objection is to taking something that previously required priviledged access, and thus required a major break in security to get on machines you don't own, and making it suddenly available to unprivileged processes BY DEFAULT, making every Windows XP machine suddenly a hell of a lot easier to use as a DDoS platform, without breaking the security first.
Steve's second objection, and the one I was using as a case in point, is the fact that Microsoft doesn't just not understand the problem, they made it abundantly clear that they don't CARE whether or not it's a problem, because Marketing wants the feature, and Security is at best a tertiary consideration.
1) Cut them off entirely, forcing them to call in. (I used this approach with hacked boxes myself, when I ran an ISP. It's very effective.)
2) When they call in, let them back on, but block port 80 BOTH directions, and email them the patches.
3) When they say they've installed the patches, scan them to see if they're still vulnerable. If not, re-open port 80.
There are some logistical problems with this (step 2 requires router changes, and networks that aren't designed to accomodate a change like this might not have the CPU cycles available on their routers for these kind of rules), but they are solveable.
You'd have proof that you sent them the patches, and proof that they received them (they're gone from the mail spool), so you could prove in court if necessary that they didn't work with you to fix their problem. It seems sound, but if there are any other holes please let me know.
He said "fix the problem", not "bandaid the current exploits".
The problem is that security is nothing resembling a priority to Microsoft. Security is something to be added after the fact, by people who know little about designing a secure OS, in response to complaints. And at that, only if the complaints come from big customers.
Jon, there's a reason why something like this never happened in the heyday of hijacking, back in the 1970s; we had all the terrorist groups infiltrated, and half the Middle Eastern leaders on the CIA's payroll.
More Elint and Sigint won't fix this; getting rid of the stupid rules that all but prevent dealing with the folks with the information, and funding the Operations folks to get more Humint into the field, is what will solve this, assuming America doesn't decide to get out of the business of funding the other side in all these regional conflicts.
All the encryption in the world does you no good if the guy on the other end of the wire is forwarding them off to Langley in exchange for booze and hookers, and conversely all the laws against encryption in the world do you no good if the bad guys aren't saying "next week we blow up America real good, comrade" in their emails.
Keeping everybody's encryption keys on file just makes it easier to spy on the law-abiding, not the criminals.
I wonder what those 72% of people will say when the other 28% of us are in jail for refusing to give up our crypto keys, and they need their servers fixed or their ISP connections troubleshot, and all us geeks are unavailable.
Slashdot Mirror
Of course it is. A lot of great Space Opera is.
Spock and Data are pikers compared to Kim Kinnison, and the ones who've gained "godlike power" all leave the series.
Sisko's "power" is hearing voices in his head, but even that makes him a step above the average man.
But isn't that the point? From Gilgamesh to Robin Hood to Dartagnan to Michael Knight, western literature is about heroes. It always has been, and the best of it still continues to be.
and if you really need steganography (which, I'll admit, is rare)
Needing steganography is rare in the US today, because if somebody asks for your encryption keys you can tell them to fuck off.
However, that is not the case everywhere. You can be jailed for more than contempt of court in the UK for not handing over your keys, and in some countries merely having what it suspected to be encrypted files is grounds for suspicion. It could get you killed in, say, China, if you piss off the right people.
Of course, terrorists may use steganography to hide their intentions as well; but then, they've also been using envelopes instead of postcards, and nobody of consequence has proposed doing away with those either.
As for me, I shall give up my unencumbered crypto when they pry it from my cold, dead fingers, wife and son or no wife and son. They need their liberty more than they need me.
At the second job, the owners called us all to a meeting one friday afternoon (payday) and announced that they couldn't pay us because we had run out of money. Two weeks earlier they had called us to a meeting to tell us the company was just fine and they didn't want to hear anyone say otherwise and we weren't going to go out of business any time soon.
Had they fired half of you two weeks earlier, the rest might still be working there today.
As for your subject line; good, it was supposed to be insulting. There are a lot of good people out there, perhaps you're one of them. But I'm sure you know damn well that there are a tremendous number of slugs, and they're the ones bitching the most when they lose their jobs. The rest of us don't bitch, we go find another job.
My father worked the same job for 20 years at a time. I have yet to have a job that lasted more than 2.5 years.
Then accept the level of pay your father did for that job, and they'll be able to keep you for 20 years too.
You can't have both the level of pay modern tech workers expect AND the level of job security our parents had. It's got to be one or the other, and I prefer to make my high salary and possibly miss a couple thousand in income every few years than to make $30k every year.
If it really concerns you, don't spend $10k a year of your salary. Put it in the bank, and live on it if you lose your job.
Oh; and every morning when I get up, I ought to be thanking whatever power or powers run this universe that I wasn't stuck in my first corporate job for 20 years. Think back to your first; do you really wish you'd been there the rest of your life?
I thought we weren't supposed to use strcat anymore, because it's subject to buffer overflows?
Employers do expect two to four weeks notice when an employee quits. It's generally not enforced by contract, but by a general agreement about what is "right", and the certainty that if you just walk out you won't get a good recommendation.
It's illegal to tell someone who's calling to check on a past employee whether or not he gave notice.
You can say when he worked there, what his title was, and answer the question "would you hire him again, given the opportunity" with "yes" or "no".
Anything else will wind you up in court.
Since there are a million reasons why you might not want to rehire someone, the fact that the old employer says "no" isn't that big a deal, and hardly anybody checks references anyway.
So unless you're walking around with a resume full of recommendation LETTERS, and don't want your last employer to be conspicuous in his absence, the only reasons to give two weeks' notice are moral and ethical.
Which, of course, are the most important reasons to do anything.
We're all berating companies that are losing money, because the executives lay people off instead of cutting their own salaries.
But I wonder; if you were making less money, which would you get rid of first; cable TV and convenience foods, or the kid that gets $20 to mow your lawn?
Either way, you're putting somebody out of work. How dare you choose not to spend that money.
So some evil executive chooses to cut 1,000 employees who are getting paid $60,000 apiece instead of cutting his $10 million salary by 20%. Never mind that 20% of his salary saves the company $2 million, and firing those 1,000 people saves the company $60 million in salaries alone, not counting the other expenses involved in having a 200 watt heater taking up a few square meters of real estate, no, he's being short-sighted and evil.
If you get laid off, you are out a $60,000 salary, and have to find a new job. It won't be impossible, because prospective employers will understand that you got laid off through no fault of your own.
If the $10 million a year executive refuses to lay you off, however, the shareholders will fire HIM, he'll be out $10 million a year, and it'll be hard for him to find a new job right away because he'll have a reputation for not being willing to follow the will of the people who OWN THE BUSINESS.
So how about instead of griping and bitching about the horrible evil executives trying to fire 1,000 people so they don't have to bankrupt out from under 30,000, and instead concentrate on how you can start putting in a whole day's work for a whole day's pay, instead of being on Slashdot on the company's nickel (yep, I'm guilty too), or printing your resume on the company's laser printers, or taking paper clips home, or stealing coffee filters from the breakroom, or otherwise contributing to the fact that the salary of an employee in this country today is a FRACTION of what it costs to have that employee.
To support your post, werdna, I call everyone's attention once again to Randal Schwartz' felony conviction.
Under this act, he could have gotten life in jail for this, had they decided to go after him for federal violations instead of Oregon state.
Is that really the kind of power we want to hand to Ashcroft right now? Do we want some kid with brown skin and Muslim parents to get life in jail because he defaces a web page in protest of some government excess?
Or would we rather he get the kind of punishment he'd get if he'd defaced a meatspace billboard instead of a computer one?
"They claim it is Palm compatible, but it won't run palm apps - so what 'Palm compatible' means is anyone's guess."
That probably just means it'll fit the average human palm.
Really? How do you know this "fact"?
Read a book and learn something.
(Sorry for the comment, but the lameness filter wouldn't let me just post the link. Taco, you gotta get rid of that piece of shit, it's not even slowing the trolls down but it's inconveniencing me about every third time I post. I've blown off several posts because it was too goddamn much trouble to figure out what the filter wanted this time.)
Bruce, I think you've made a grevious error here; I have no such position as you're berating.
I think it's futile to outlaw building nukes.
I'm a card-carrying NRA member and own several firearms.
Firearms? Well, another Open Source evangelist talks way too much about that, to our detriment, IMO, so I'll stay mum.
I'm on his mailing list, and agree with him on every salient point.
I should add; every country that has ever attempted to explode a nuclear device has succeeded on the first try.
If you think this is true, try building one.
:-)
I did start one. All that happened to me was that I was told I couldn't enter it into the science fair.
Instead of whining, I threw together a stupid model of a dam and pirated a page of text from the Brittanica.
So I didn't get very far, but then I didn't have any fissionables, either.
What if everybody had The Bomb?
I mean, right now "only government and large industry" can build the The Bomb. Wouldn't life be better if everybody had it?
Everybody can build The Bomb now. Everywhere except a couple of countries, it's perfectly legal to build a plutonium or uranium bomb, but even in the US you can build a neptunium bomb perfectly legally, and it will work peachy keen. Not as efficiently as plutonium or uranium, but I defy the victims to tell the difference.
99.99% uptime...
If an OS could only promise that much uptime, I wouldn't let it in my data center.
Do Indian tribes have to abide by the Hague Convention or the Berne treaty or whatever that copyright protection treaty is?
Depends on the tribe. Each tribe has a treaty with the US, defining (among other things) how US law affects them.
Some have stupid treaties, and are essentially US territories with little autonomy.
Others, like the Chickasaws for instance, have treaties that fully preserve their sovereignity, and are essentially another country inside the US, subject to US law only if their tribal legislature votes to be subject to it.
We have been looking for safe havens and if we put Indian reservations on the Internet that sounds like it might fit the bill?
Some tribes have thought about this. And some already have ISPs.
The Chickasaws had one (I know, I built it), but they sold it. However, to the best of my knowledge it still exists on tribal land, and is owned by a Chickasaw, so it is probably still not subject to US law.
Relying on host features to prevent denial of service attacks is pointless
Relying on ANY single point of security is pointless.
ISPs need to pull their finger out, and start doing filters that prevent source address spoofing.
Nobody said they didn't. I did when I ran an ISP.
But until the laws of every country in the world mandate this, upon penalty of death, it's not going to happen.
Instead of convincing 200 countries to make a change, don't you think it'd be more productive to try to convince a handful of people to make a change that increases security somewhat on 95% of the PCs connected to the Internet? Especially IN ADDITION to convincing ISPs to do their jobs?
And, once again, the lameness filter blocks useful information from being posted, while down in level -1 the trolls continue unabated.
:-)
I spent fifteen minutes one day trying to figure out how to get the lameness filter to accept my post, and eventually just blew it off and didn't post.
I'd send Taco a bill for my time, if I wasn't worried he'd send me one for all the emails I've sent bitching about the moderation system.
The scientific community must recognize the harms these rules pose and provide guidance about how to improve the anticircumvention rules.
No; the scientific community must completely abandon the field in the United States, and let us become a backwater third-world country in that particular field, with all the research that isn't done by the NSA being done in other countries.
Ideally, a good percentage of the scientists would leave the country, but I wouldn't advocate that personally.
When the US feels like rejoining the world in this field, our government will. In the meantime, all the information will be open to hackers, and it'll be just like a William Gibson novel.
This is the same as win9x, macos, win2000 with users who run as administrator, and linux with users who run as root!
Those users choose to run as root. With XP, ActiveX controls on a web page will be able to run as root, without any knowledge of the user. Contents of emails will be able to run as root.
Thirdly, adding raw sockets is a very common add-on to windows and linux just to do these kinds of DoS attacks.
Yes, but you have to get enough access to add it on. With XP, you won't, anymore. It'll be a whole hell of a lot easier to do. As for Linux, the fact that you think it's an add-on speaks volumes as to whether you know what you're talking about.
It's up to the operating system to be able to *handle* badly formed data, not other OSes to protect it from it!
Name one operating system that can "handle" a massive distributed denial of service attack. I'm sure the entire industry is awaiting your answer with baited breath. What OS is on the other end means nothing when 10 pounds of shit is being rammed into a five-pound sack.
Steve's objection isn't to raw socket support. Raw socket support is available in every mature OS in existence that has TCP/IP support.
Steve's objection is to taking something that previously required priviledged access, and thus required a major break in security to get on machines you don't own, and making it suddenly available to unprivileged processes BY DEFAULT, making every Windows XP machine suddenly a hell of a lot easier to use as a DDoS platform, without breaking the security first.
Steve's second objection, and the one I was using as a case in point, is the fact that Microsoft doesn't just not understand the problem, they made it abundantly clear that they don't CARE whether or not it's a problem, because Marketing wants the feature, and Security is at best a tertiary consideration.
I would think this approach would work:
1) Cut them off entirely, forcing them to call in. (I used this approach with hacked boxes myself, when I ran an ISP. It's very effective.)
2) When they call in, let them back on, but block port 80 BOTH directions, and email them the patches.
3) When they say they've installed the patches, scan them to see if they're still vulnerable. If not, re-open port 80.
There are some logistical problems with this (step 2 requires router changes, and networks that aren't designed to accomodate a change like this might not have the CPU cycles available on their routers for these kind of rules), but they are solveable.
You'd have proof that you sent them the patches, and proof that they received them (they're gone from the mail spool), so you could prove in court if necessary that they didn't work with you to fix their problem. It seems sound, but if there are any other holes please let me know.
Road Runner in Central Florida has done the same thing. Don't know if it includes the rest of the country.
:-)
At first I didn't know if they'd blocked just me, to stop the constant flood of email from my auto-notifier
He said "fix the problem", not "bandaid the current exploits".
The problem is that security is nothing resembling a priority to Microsoft. Security is something to be added after the fact, by people who know little about designing a secure OS, in response to complaints. And at that, only if the complaints come from big customers.
case in point.
The word you need to look up is "severability".
Jon, there's a reason why something like this never happened in the heyday of hijacking, back in the 1970s; we had all the terrorist groups infiltrated, and half the Middle Eastern leaders on the CIA's payroll.
More Elint and Sigint won't fix this; getting rid of the stupid rules that all but prevent dealing with the folks with the information, and funding the Operations folks to get more Humint into the field, is what will solve this, assuming America doesn't decide to get out of the business of funding the other side in all these regional conflicts.
All the encryption in the world does you no good if the guy on the other end of the wire is forwarding them off to Langley in exchange for booze and hookers, and conversely all the laws against encryption in the world do you no good if the bad guys aren't saying "next week we blow up America real good, comrade" in their emails.
Keeping everybody's encryption keys on file just makes it easier to spy on the law-abiding, not the criminals.
I wonder what those 72% of people will say when the other 28% of us are in jail for refusing to give up our crypto keys, and they need their servers fixed or their ISP connections troubleshot, and all us geeks are unavailable.