It seems like the first dude is worried about what attacks on the infrastructure could do, and he's right. There are already plenty of tools and best practises on securing yourself, more laws would only possibly ease the investigation when a breach happened (which is the reason anyone on the investigative side not making a buck out of it will call for new laws).
Now the scenario on a digital blackwater is not needed due to a lack of laws, rather the problem is that officials will not investigate most cases even when they are in their juristriction and there is a clear trail of evidence. Often somebody can attack you numerous times, and you are on your own. This could be fixed by increasing the workforce.
If you read through that article you should notice that nobodies privacy is invaded.
While I'd like to see hardening on the network layer, I have to say that in the current climate I see a lot more potential for abuse in redesigning consumer networks to validate all the data that's coming in is "appropriate" then redirecting connections clearly containing an infected computer to a page with instructions on how to clean it.
Who will handle the validation rules? Will it accept bit-torrent v2? Will it accept streaming media without DRM? How easy will it be for a malware designer to infect a machine via some website if the attack vector is a flash or java vulnerability after the tcp-stack validates the incoming data? How easy will it be to do it without violating the users privacy and still giving them full access to the internet? How easy will it be for that infected machine to scan the network for computers with samba (or whatever) running and infect it?
All that said, I would still like to see it made legal to hunt down and painfully kill malware authors and spammers. Fix the problem at the source, not the destination.
I'm sure everyone would be queuing for flights to ex russian states!
Not necessarily, for example you could discover a lot of malware that tries to spread because they have outbound traffic to addresses that are not in your routing table. You could also detect traffic to known botnet command nodes, rogue DNS servers etc.
Sure there is also malware you can't detect, but even for some of these you can get trustworthy data, and if not you just don't do anything.
This will be abused. Life is too short to list how and why. Let's just say that people will be knocked off (up?) for expressing something "offensive". Feel free to define that as you wish. The authorities and fanbois will.
Well the current situation is definitely abused... Now the question of course is what kind of a solution is used to treat the problem, but personally I'd like to be notified if I had a contagious desease that I did not know about and could be harmful for me too.
The FBI don't care. We've had cases where somebody has phished hundreds of accounts and we've had clear logs to show how they have been profiting from it financially, but can't manage to get them to do anything. A few years ago we did have a contact there who did something, but he was moved to some other agency...
Not that other countries agencies are any better. We had big trouble with a guy in New Zealand disrupting services, phishing accounts etc. We managed to start an investigation (or so they said) by phone but it took several hours and help from the CERT team in Australia. After a month nothing had happened, and I was there on vacation. I spent a day on the phone trying to find somebody who knew about the case, but even with the reference number they could not do anything. CERT Australia tried for a few days, and finally gave up.
We had a guy in the Netherlands who phished hundreds of accounts, and still nobody down there would pick the ball. Then he and a friend found a hole in a third party system and managed to suck out data for hundreds of (dutch) people. The web frontend was in Germany and the third party application in the US (A lot more US citizens data was also stolen). Dutch police said they won't do anything because the data was abroad. German police said they won't do anything because the guy is in the Netherlands. The FBI said they'll look into it, but never did anything despite us trying to get back to all of them countless times. We found both hackers identities and had the second guy on the phone, admitting everything and promising he'd testify... Still nobody was interested.
You have to work in a big corporation to get the authorities to do anything. They don't care if somebody phishes thousands of accounts unless it's in the news or a corporation they recognize. It's almost as if they want all the script kiddies to be able to practice in peace until they really learn how to cover up their tracks and move to juicier targets if they won't take a case when it's handed to them on a platter with clear logs and a confession. It does work a lot better when the hacker is in the same country as you and you are working with a local law enforcement agency though. I also had good experiences with the Metropolitan Police in the UK.
Why not vote on the third guy then? I mean, your country has to have more than two guys who want the job, right? Or is it somehow forbidden to have a political party that's neither republican nor democrat?
The system is rigged in such a way that there is no effective third party. Neither of the parties with true power will change this as it means giving away a share of their power. The voters are confused with constant republican v democrat non-issues and believe that any vote for any other party is just a wasted vote.
In essence US democracy has reduced to a republican/democrat alliance that is garenteed power forever, it's a dictatorship with the illusion of free choice.
And until people start voting for the third parties it will stay that way, ironic isn't it? I'm not American, but I see this explanation every time. It's true, if you are liberal and vote for a third party you do risk giving the Republicans a win, and of course the same applies the other way around.
However it's sure the parties who are in power would analyze why they lost, and if they found it was due to an increase in voters supporting third parties it would be sure to make a change in their tactics, and the more people would move to third parties, the more the current parties will be forced to make a change.
While the problem is certainly more exaggerated in the US, it's not unique to you. For example here in Finland the strong parties have been trying to find ways to make it difficult for anyone to start a new party, and to find ways how a party with wide acceptance in some area will benefit from that in another area. Still, occasionally somebody finds a way to break their lock and it definitely makes a difference.
Good to know, as I was planning on giving it a try... I guess I'll wait a bit. Noticed a bit of the same on the javascript exercises, the way the answer is validated is sometimes very strange, and occasionally you have to reload the page to get the answer to be accepted.
I would not be surprised if some chemical also enhanced the enjoyment of a good classical or jazz tune.
This chemical is called a deep understanding of music and appreciation for art. Does that make me a snob? Probably, but I know I don't need any stupid drug to enjoy fine art and good music.
So basically you are saying that techno is bad music only enjoyed either because people are taking drugs, or because dancing to it causes the body to generate adrenaline and endorphine or serotonine. Good music won't cause the body to have any kind of hormonic reaction, rather it can only be understood by smart people such as yourself who have a good understanding of music and appreciation for the finer things in life?;)
So if there are more types of musics being made, how can variation go down? People still make "classical", Jazz, country western and god knows what else. It is not always easy to find but it is there.
Variation can go down because of a change in the medium used to source the "samples". My kid likes to listen to radio stations that I really dislike. To me it sounds like a bad cd because they are playing the same set of songs every time he listens to it... And all the songs are really similar. There is a lot of music being made in other generes and sub-genres and sub-sub-generes, but they'll never get any airtime from commercial media, and so won't be included in a study like this.
With enough dancing, the "drug" is then endorphine and testosterone or oestrogen. (And alcohol is just another drug anyway!)
I would not be surprised if some chemical also enhanced the enjoyment of a good classical or jazz tune. Most of our emotions come from hormones... The main point is that while there are a lot of people taking drugs to enhance the experience they get out of dancing music, it does not mean everyone does, or that it could not be enjoyed without them. The reason you have not enjoyed the music might not be the lack of drugs, rather that you never actually consumed it in the way it was meant to be consumed. Claiming it's because your brain is not fried does not really change that you are making a blanket statement on something you don't fully understand (and I'm not saying you necessarily should).
I'm not even that big of a fan of techno, but given the right DJ and mood, I can definitely enjoy dancing to it for a few hours. I don't really listen to it at home because I consider it to not really be listening music, and also it's as much about sonics and sound pressure as melodies and frequencies meaning I would piss off my neighbors if I did it any justice.
With this logic a lot of ancient tribal music would also fit.
As you already mention, some music is supposed to be listened to while enjoying a beer, but dancing music is not necessarily only meant to be listened to while on drugs, rather as the name would imply while dancing. Like a lot of old tribal music it will numb your head if you are listening to it while having a beer, it just changes when you go to the dance floor and go with it. It's not music to listen to, it's sounds to dance to, though I'm sure it still fits a broad definition of music...
The bigger problem is, that these days a lot of the music meant for listening sounds the same. There's several reasons for that, which I would generally guess boil down to something like the person making the music using the same equipment as others, and also the music being overly produced to both have chord progressions known to appeal to people after a few listens, and to fit in with the previous and next song while played on the radio / club /.... There does not even seem to be that much popular music made these days which is not made with the intention that it will work both played in radio and in a club, kind of like a product designed to fit in to certain requirements rather then art made from a moments inspiration.
The implication here, since the creators had to know security researchers already had the virus code, is that there is some module the researchers don't know about (which is actually highly probable, anyways, given the fact they wouldn't have unrestricted access to the targeted computers) and the creators wanted to eliminated the evidence. Most likely, that was the module that fulfilled Flame's main purpose, since researchers still aren't sure exactly what it does, which means now they might never know. It also helps that the targeted computers are (most likely) not infected anymore, so people can't even identify if they were ever hit.
A secondary implication is that Flame has fulfilled it's purpose. Again, what that is, no one is exactly sure (espionage, certainly, but you don't create something this advanced without some specific target in mind) and wasn't worth maintaining anymore.
It's probably. I think the main reason however is, that a large portion of people who have been infected don't know it yet, and the people in charge prefer to keep it that way.
I'm from Finland which always does well in these tests, though we don't have any (internationally) praised universities or a lot of anything else remarkable.
I've understood we do well because of how little bad cases we have, rather then how good our top students are. I don't know what's more important on the long run, the top students would certainly come up with more groundbreaking ideas and research, while in theory a higher average could keep national unrest and criminality levels low.
Anyway, my picture from here on the other side of the world is that you have some of the best schools and students, and if somebody is really bright he will have a lot more possibilities there then here. On the other hand I imagine you also have a lot of people who don't get very good quality education, and that if you are a drop out from a bad family nobody will give a lot of effort to help you out.
That is not exactly true. Both are required to show evidence that enough research was made and no evidence of its being harmful has been found. I am not a big fan of corporations, but I am a big fan of accuracy in arguments.
I've understood a company can still decide which research results to publish, so if they make 20 studies on an issue they can pick the 10 that best suit their agenda.
The real underlying problem is that the required tests are often so expensive that only a company who will receive a patent for what they are pushing will be able and motivated to do them. On the other hand the authorities who would need to show something is harmful will do so by analyzing the manufacturers tests which might already be cherry picked to best suit the purpose.
When somebody is trying to sell a herbal medicine or sweetener that has been used naturally for ages they are required to show scientific evidence that it's not harmfull. When monsanto is trying to sell genetically modified seeds a country is required to show scientific evidence that it is harmful.
Basically, make sure none of your time-sensitive loads reach 100% and you're fine.
We did that, and then attackers started to flood us with over 10gbit/s of traffic that just flooded the network link and basically forces us to null route the service.
So don't update firefox? Fork your own enterprise build and release new ones on your own cycle.
For non-technical users this is a good advancement, they will be notified of an insecure application before they get infected. Are you saying they should give it up because some corporation thinks it's ok to run applications that are actively exploited? With that mentality we'd still be running IE6... I understood the active lifecycle of a given exploit is generally pretty short, by the end of the month it will already be mostly replaced by another variant.
No we should not. Programmers and software engineers should only use Vi or Emacs (Notepad if you are forced to use Windows).
Hint: It's useful to justify your arguments, not just disagree with the last poster because it makes you feel elite.
If you're writing anything more taxing than a shell script in a text editor, not only are you incredibly unproductive, you're also probably in denial about many aspects of development because you believe you're 'better' than all the other 'lazy' developers.
IDEs are there to help make development faster and of a higher quality. Using bolt ons to help with testing, style and source control make the IDEs even more powerful. Look it up, you might learn something.
Sorry, next time I promise I'll add sarcasm tags, I honestly thought it was obvious enough...
Hell the more modern IDEs like Eclipse, IntelliJ, and VisualStudio even suggest variable names and hint for proper case. As programmers and software engineers should we not use software tools to do tedious and mundane work for us?
No we should not. Programmers and software engineers should only use Vi or Emacs (Notepad if you are forced to use Windows).
This will hopefully be a few more people that will learn the lesson not to buy imaginary shit.
What's not imaginary these days? I don't know about this service as I never heard about it until today, but how is spending 10$ on a movie ticket different from spending 1$ while playing a game online for days? At the end you got an experience from both of them, and that's all you are left with afterwards.
Slashdot Mirror
Now the scenario on a digital blackwater is not needed due to a lack of laws, rather the problem is that officials will not investigate most cases even when they are in their juristriction and there is a clear trail of evidence. Often somebody can attack you numerous times, and you are on your own. This could be fixed by increasing the workforce.
No, but they do need to find find out who the "accident" happened to, and ensure the public knows that nobody is responsible for it.
While I'd like to see hardening on the network layer, I have to say that in the current climate I see a lot more potential for abuse in redesigning consumer networks to validate all the data that's coming in is "appropriate" then redirecting connections clearly containing an infected computer to a page with instructions on how to clean it.
Who will handle the validation rules? Will it accept bit-torrent v2? Will it accept streaming media without DRM? How easy will it be for a malware designer to infect a machine via some website if the attack vector is a flash or java vulnerability after the tcp-stack validates the incoming data? How easy will it be to do it without violating the users privacy and still giving them full access to the internet? How easy will it be for that infected machine to scan the network for computers with samba (or whatever) running and infect it?
All that said, I would still like to see it made legal to hunt down and painfully kill malware authors and spammers. Fix the problem at the source, not the destination.
I'm sure everyone would be queuing for flights to ex russian states!
Sure there is also malware you can't detect, but even for some of these you can get trustworthy data, and if not you just don't do anything.
This will be abused. Life is too short to list how and why. Let's just say that people will be knocked off (up?) for expressing something "offensive". Feel free to define that as you wish. The authorities and fanbois will.
Well the current situation is definitely abused... Now the question of course is what kind of a solution is used to treat the problem, but personally I'd like to be notified if I had a contagious desease that I did not know about and could be harmful for me too.
Here's how one ISP handled it: http://www.net-security.org/article.php?id=1703
Not that other countries agencies are any better. We had big trouble with a guy in New Zealand disrupting services, phishing accounts etc. We managed to start an investigation (or so they said) by phone but it took several hours and help from the CERT team in Australia. After a month nothing had happened, and I was there on vacation. I spent a day on the phone trying to find somebody who knew about the case, but even with the reference number they could not do anything. CERT Australia tried for a few days, and finally gave up.
We had a guy in the Netherlands who phished hundreds of accounts, and still nobody down there would pick the ball. Then he and a friend found a hole in a third party system and managed to suck out data for hundreds of (dutch) people. The web frontend was in Germany and the third party application in the US (A lot more US citizens data was also stolen). Dutch police said they won't do anything because the data was abroad. German police said they won't do anything because the guy is in the Netherlands. The FBI said they'll look into it, but never did anything despite us trying to get back to all of them countless times. We found both hackers identities and had the second guy on the phone, admitting everything and promising he'd testify... Still nobody was interested.
You have to work in a big corporation to get the authorities to do anything. They don't care if somebody phishes thousands of accounts unless it's in the news or a corporation they recognize. It's almost as if they want all the script kiddies to be able to practice in peace until they really learn how to cover up their tracks and move to juicier targets if they won't take a case when it's handed to them on a platter with clear logs and a confession. It does work a lot better when the hacker is in the same country as you and you are working with a local law enforcement agency though. I also had good experiences with the Metropolitan Police in the UK.
And unfortunately it's still the only way you can get the parties to change.
Why not vote on the third guy then? I mean, your country has to have more than two guys who want the job, right? Or is it somehow forbidden to have a political party that's neither republican nor democrat?
The system is rigged in such a way that there is no effective third party. Neither of the parties with true power will change this as it means giving away a share of their power. The voters are confused with constant republican v democrat non-issues and believe that any vote for any other party is just a wasted vote.
In essence US democracy has reduced to a republican/democrat alliance that is garenteed power forever, it's a dictatorship with the illusion of free choice.
And until people start voting for the third parties it will stay that way, ironic isn't it? I'm not American, but I see this explanation every time. It's true, if you are liberal and vote for a third party you do risk giving the Republicans a win, and of course the same applies the other way around.
However it's sure the parties who are in power would analyze why they lost, and if they found it was due to an increase in voters supporting third parties it would be sure to make a change in their tactics, and the more people would move to third parties, the more the current parties will be forced to make a change.
While the problem is certainly more exaggerated in the US, it's not unique to you. For example here in Finland the strong parties have been trying to find ways to make it difficult for anyone to start a new party, and to find ways how a party with wide acceptance in some area will benefit from that in another area. Still, occasionally somebody finds a way to break their lock and it definitely makes a difference.
Good to know, as I was planning on giving it a try... I guess I'll wait a bit. Noticed a bit of the same on the javascript exercises, the way the answer is validated is sometimes very strange, and occasionally you have to reload the page to get the answer to be accepted.
Codeacademy also has a python track now: http://www.codecademy.com/tracks/python
I would not be surprised if some chemical also enhanced the enjoyment of a good classical or jazz tune.
This chemical is called a deep understanding of music and appreciation for art. Does that make me a snob? Probably, but I know I don't need any stupid drug to enjoy fine art and good music.
So basically you are saying that techno is bad music only enjoyed either because people are taking drugs, or because dancing to it causes the body to generate adrenaline and endorphine or serotonine. Good music won't cause the body to have any kind of hormonic reaction, rather it can only be understood by smart people such as yourself who have a good understanding of music and appreciation for the finer things in life? ;)
So if there are more types of musics being made, how can variation go down? People still make "classical", Jazz, country western and god knows what else. It is not always easy to find but it is there.
Variation can go down because of a change in the medium used to source the "samples". My kid likes to listen to radio stations that I really dislike. To me it sounds like a bad cd because they are playing the same set of songs every time he listens to it... And all the songs are really similar. There is a lot of music being made in other generes and sub-genres and sub-sub-generes, but they'll never get any airtime from commercial media, and so won't be included in a study like this.
With enough dancing, the "drug" is then endorphine and testosterone or oestrogen. (And alcohol is just another drug anyway!)
I would not be surprised if some chemical also enhanced the enjoyment of a good classical or jazz tune. Most of our emotions come from hormones... The main point is that while there are a lot of people taking drugs to enhance the experience they get out of dancing music, it does not mean everyone does, or that it could not be enjoyed without them. The reason you have not enjoyed the music might not be the lack of drugs, rather that you never actually consumed it in the way it was meant to be consumed. Claiming it's because your brain is not fried does not really change that you are making a blanket statement on something you don't fully understand (and I'm not saying you necessarily should).
I'm not even that big of a fan of techno, but given the right DJ and mood, I can definitely enjoy dancing to it for a few hours. I don't really listen to it at home because I consider it to not really be listening music, and also it's as much about sonics and sound pressure as melodies and frequencies meaning I would piss off my neighbors if I did it any justice.
With this logic a lot of ancient tribal music would also fit.
As you already mention, some music is supposed to be listened to while enjoying a beer, but dancing music is not necessarily only meant to be listened to while on drugs, rather as the name would imply while dancing. Like a lot of old tribal music it will numb your head if you are listening to it while having a beer, it just changes when you go to the dance floor and go with it. It's not music to listen to, it's sounds to dance to, though I'm sure it still fits a broad definition of music...
The bigger problem is, that these days a lot of the music meant for listening sounds the same. There's several reasons for that, which I would generally guess boil down to something like the person making the music using the same equipment as others, and also the music being overly produced to both have chord progressions known to appeal to people after a few listens, and to fit in with the previous and next song while played on the radio / club / .... There does not even seem to be that much popular music made these days which is not made with the intention that it will work both played in radio and in a club, kind of like a product designed to fit in to certain requirements rather then art made from a moments inspiration.
The implication here, since the creators had to know security researchers already had the virus code, is that there is some module the researchers don't know about (which is actually highly probable, anyways, given the fact they wouldn't have unrestricted access to the targeted computers) and the creators wanted to eliminated the evidence. Most likely, that was the module that fulfilled Flame's main purpose, since researchers still aren't sure exactly what it does, which means now they might never know. It also helps that the targeted computers are (most likely) not infected anymore, so people can't even identify if they were ever hit.
A secondary implication is that Flame has fulfilled it's purpose. Again, what that is, no one is exactly sure (espionage, certainly, but you don't create something this advanced without some specific target in mind) and wasn't worth maintaining anymore.
It's probably. I think the main reason however is, that a large portion of people who have been infected don't know it yet, and the people in charge prefer to keep it that way.
I'm from Finland which always does well in these tests, though we don't have any (internationally) praised universities or a lot of anything else remarkable.
I've understood we do well because of how little bad cases we have, rather then how good our top students are. I don't know what's more important on the long run, the top students would certainly come up with more groundbreaking ideas and research, while in theory a higher average could keep national unrest and criminality levels low.
Anyway, my picture from here on the other side of the world is that you have some of the best schools and students, and if somebody is really bright he will have a lot more possibilities there then here. On the other hand I imagine you also have a lot of people who don't get very good quality education, and that if you are a drop out from a bad family nobody will give a lot of effort to help you out.
That is not exactly true. Both are required to show evidence that enough research was made and no evidence of its being harmful has been found. I am not a big fan of corporations, but I am a big fan of accuracy in arguments.
I've understood a company can still decide which research results to publish, so if they make 20 studies on an issue they can pick the 10 that best suit their agenda.
The real underlying problem is that the required tests are often so expensive that only a company who will receive a patent for what they are pushing will be able and motivated to do them. On the other hand the authorities who would need to show something is harmful will do so by analyzing the manufacturers tests which might already be cherry picked to best suit the purpose.
When somebody is trying to sell a herbal medicine or sweetener that has been used naturally for ages they are required to show scientific evidence that it's not harmfull. When monsanto is trying to sell genetically modified seeds a country is required to show scientific evidence that it is harmful.
Something does not compute?
Basically, make sure none of your time-sensitive loads reach 100% and you're fine.
We did that, and then attackers started to flood us with over 10gbit/s of traffic that just flooded the network link and basically forces us to null route the service.
So don't update firefox? Fork your own enterprise build and release new ones on your own cycle.
For non-technical users this is a good advancement, they will be notified of an insecure application before they get infected. Are you saying they should give it up because some corporation thinks it's ok to run applications that are actively exploited? With that mentality we'd still be running IE6... I understood the active lifecycle of a given exploit is generally pretty short, by the end of the month it will already be mostly replaced by another variant.
No we should not. Programmers and software engineers should only use Vi or Emacs (Notepad if you are forced to use Windows).
Hint: It's useful to justify your arguments, not just disagree with the last poster because it makes you feel elite. If you're writing anything more taxing than a shell script in a text editor, not only are you incredibly unproductive, you're also probably in denial about many aspects of development because you believe you're 'better' than all the other 'lazy' developers. IDEs are there to help make development faster and of a higher quality. Using bolt ons to help with testing, style and source control make the IDEs even more powerful. Look it up, you might learn something.
Sorry, next time I promise I'll add sarcasm tags, I honestly thought it was obvious enough...
Hell the more modern IDEs like Eclipse, IntelliJ, and VisualStudio even suggest variable names and hint for proper case. As programmers and software engineers should we not use software tools to do tedious and mundane work for us?
No we should not. Programmers and software engineers should only use Vi or Emacs (Notepad if you are forced to use Windows).
Good move, khan academy is really nice, but could use a lot of improvements on general usability.
This will hopefully be a few more people that will learn the lesson not to buy imaginary shit.
What's not imaginary these days? I don't know about this service as I never heard about it until today, but how is spending 10$ on a movie ticket different from spending 1$ while playing a game online for days? At the end you got an experience from both of them, and that's all you are left with afterwards.