Now of course, unlike a newspaper, a website does not get paid for the advertisements up front. So I cannot see this as anything other then stealing. We can argue the technicalities to death here, but the EFFECT is that the website was denied revenue from their ads, while the ISP gained ad revenue for themselves. Your question of compensation is interesting, but how could one gauge what that potential compensation could have been? Assume the individual would have clicked all the replaced ads on the page and then multiply for punitive damages?
IIRC, pay-per-click advertising is not the only online ad business model out there.
I concurr that this will hurt those websites who use pay-per-click systems in a purely financial sense, but ONLY if the ads that the ISP is injecting REPLACE those already on the page. Simply inserting more ads would, in my opinion (and IANAL, by the way), only hurt the authors/owners of the sites with regard to brand confusion / defamation etc, and even then, only if the injected material is sufficiently random in selection that such contradictory adverts would make it onto the page. This MAY allow for suits against the injectors from this POV, but how do they go about identifying what ads were injected into their pages, when it can't be detected at their servers end?
If the pay-per-click ads were REPLACED, on the other hand, then yes, there COULD be potential for a loss of income suit.
Non-pay-per-click advertising, though, would not have any scope for a loss of income suit as, if the model is that the website author/owner gets paid based on the number of times the ad was served, they won't notice any drop in revenue as their ad provider's ads are still being served (regardless of whether the injectors replace or simply add to them), despite the client end possibly not getting them.
At this point, however, I should clarify that I am a layman with regard to online advertising as it is something I've never used (either as a webmaster, or as a consumer). I see the ads (and yes... the volume on many sites can be infuriating, but I have enough software running on my PC that I can't be @r$s#d to add to it with ad-blockers. I run a pop-up blocker, but the ads that don't pop up, I've trained myself to ignore over the years!), but I don't click on them. If I want to buy something online... well... I'll look at the website of a retailer (either traditional brick-and-mortar or online only) that I've come to know and trust (usually by means of word-of-mouth / visiting their stores, etc), and when I can't find anything suitable on sites such as those, there's tried and tested [Insert your search engine of choice] to fall back on.
Doesn't the Constitution have any meaning whatever any more?
In answer to your question, yes it does have meaning, but not to these folks.
This may come as a shock to you, but the US Constitution does not have to be adhered to by austrian researchers, or their ministry of defence who are supporting them in this feasability study.
...presumably secure method and of the two, destruction would presumably be the most reliable.
Call me cynical, but dontcha think it just may have been the cheapest option? We ARE, after all, discussing a govt organisation, albeit at state, rather than federal level...
Correct me if I'm wrong (and I have little doubt that some bright soul probably will, in light of what time I'm writing this!), but...
Whilst it may appear on the surface that IIS is becoming more restrictive in it's options, this is largely because they are now giving admins the option of configuring their webservers via text file a-la Apache (albeit via a somewhat more easily-legible and logically structured XML file) and, in light of the fact that many of the seriously advanced options that it provides are only likely to be used by the kind of folks who would prefer a text-based config interface, they have removed these options from the GUI.
My hunch is that this is for 3 main reasons:
1) To de-clutter the existing GUI (which, lets face it, had started to look more than a little cramped... How many tabs on that damn "properties" window if you have all the available modules installed?).
2) To ensure none of these advanced options are not switched on by accident.
3) Significantly easier standardisation of deployment configurations (author your XML file once, then just copy it onto all the boxes and restart the IIS services... Job done WITHOUT having to spend hours mucking about with checkboxes)
So sure, it may be "just for that" that there is less defacement of later versions of IIS, but if so, my hunch is that this is only because the average admin will be affected by a reduction in the feature-set (that exists purely on the surface), whereas the more experienced IIS admins know these options exist (and hence are less likely to f#@k 'em up!). It's not often I'm led to feeling that Microsoft deserves a pat on the back for learning from (although, I have little doubt that various Apache admins out there will call it "stealing"!)an idea found within one of their competitors and, not only accepting that it has it's advantages over their prior implementations, but also for developing that concept such that it's more logically laid-out and, thereby, easier to use and screw up!
That having been said, I'm a total amateur with regard to webserver admin, and the existence of the XML file I refer to above is gleaned from... well, I read it somewhere, but can't remember exactly where! The word "Metabase" springs to mind, but I can't recall if this is what MSFT call this XML file, or if that was the name of the source of what I was reading...
OK... So what you essentially want is to have the authors tell you, not only which attack vectors are responsible for the various defacements, but also which discrete piece of software is responsible for it?
You specifically cite the Storm Botnet, a distributed malware system comprising so many rapidly-changing elements that to specifically identify it would likely be a difficult task at the very least, a waste of valuable (and finite) resources, and potentially impossible to achieve reliably.
I propose an alternative... Attack your requirement for information from the opposite angle...
There have been numerous analyses of Storm and how it works. I'm fairly certain that at least one of these will include a list of the attack vectors it's known to use. This may not enable you to get exact numbers on which defacements are Storm-related, but at least it will give you the numbers (and hence proportion) of attacks that aren't Storm-related.
The above having been said, I would hazard a guess that any mention of Storm is pretty irrelevant as, judging by the Attack Reaason table, there is no "Economic Gain" category, the only viable category to use in classifying Storm. Let's face it, Storm isn't about Revenge, Patriotism, Politics, Technical Challenge, Fun, or even "One-Upmanship"... It's about building, controlling and utilising the largest possible distributed malware installation system with the aim of selling the use of blocks of it to the highest bidder for money. As you can no doubt see, the only relevant category for this, out of those available, would be "Not Available".
This leads me to believe that the figures are for defacements in the traditional definition, namely modifying the "look and feel" of the site in question, not in modifying what's going on under the hood in terms of spreading malware. If my hunch is correct, then the excuse that Storm was written to deliberately ignore IIS (and I can't exactly recall if it was ALL versions of IIS, or just 6.0) is, whilst a piece of anecdotal evidence to support the theory that those who would do harm to the online infrastructure would be more prolific in their attacks on non-Windows/IIS machines, entirely irrelevant to the current discussion.
Also, looking at the "Reasons" table, the only reasons that could be related to the installed OS or Web-Server are "As a Challenge" (where the attacker is deliberately targeting an attack vector in a specific combination of the above (and/or any applications running on top) for the purpose of proving their "technical flair and ability"), or "Revenge against the website" (but only where that revenge is targeted at their choice of software combination, rather than content). All in all, I think that the statistics are useful, as they do merely list successful defacements, and are biased only by the distribution of the install base, rather than any bias in the attacks themselves.
Of course, I could be wrong, and the authors may have just lumped all the automated, Storm-type attacks under one of the other, entirely irrelevant, "Attack Reasons". Would have been useful if they had given a clear statement somewhere on the site as to what the definition of a "defacement" is, and whether it would include Storm (and its derivatives / competitors).
And before anybody decides it would be worth modding me down or flaming me with accusations of being a Microsoft Fanboi, please be advised that, while I DO use Microsoft products, I am very much pro FOSS. As a matter of fact, as soon as I can find the time to do the research to find a version of Linux (or *BSD) that will recognise my wireless USB Device (let alone allow me to configure it), I will be migrating my home PC to a dual-boot Linux (or *BSD)/XP box (with the XP retained for legacy apps, home-working, media-centre applications and, mainly, because dumping that much money on a piece of software and not continuing to use it in spite of it's flaws just feels so damn wrong!).
I may have completely misunderstood this, but it is my POV that using FOSS, doesn't automatically make you FOSS...
Google write a LOT of custom code... Is ALL of the source-code to this available? When you purchase one of their "Appliances", do you get the source-code to their custom code thrown in with it?
Your guess as to my age was correct, late 20s is accurate. And yes, I've heard the phrase "times change", which is interchangeable with the "Times are Different" that you quote.
That having been said, I have former schoolmates that I keep in touch with who have children around the age-group of the OPs sister, and know they wouldn't know what a cookie is, let alone how to check them.
This is, however, no reflection on their knowledge (or lack thereof), it is merely a recognition of the terrible state of IT education back when I was in school / college, which is only now starting to (slowly) improve.
Back when I was in school, IT lessons were a bit of MS Word and MS Excel, if your teacher was above the IT learning curve, there MAY have been a little MS Publisher / Serif PagePlus thrown in, and most maths teachers would happily leave you mucking about with LOGO for an hour or so while they grabbed a coffee in the teachers lounge and expect that to cover their requirement for including an element of ICT in the curriculum.
Web access in schools back then was a joke, in those rare institutions that had it. Networked internet access was beyond the realms of most schools IT departments, where in many cases the Network Administrator was just a random teacher who had this tacked on to his / her job as a secondary (or in many cases tertiary, quaternary, etc...) responsibility. This is, largely, what lead to the success of companies such as Research Machines in the UK, as they put together an impressive range of front-ends onto a windows network of above-average stability to obfuscate the more complicated elements of the administration of the network. Having met a number of their support analysts, they were fairly blunt about the level of knowledge (or lack thereof) of most of their client-base. Having worked with teachers myself, I can well understand their frustrations. (see a couple of my early comments on/. for example anecdotes I encountered in my time working there...)
To put this in perspective, I am not suggesting that this is the fault of the teachers in question. I have been both sides of the fence, starting as a student, then being part of (i.e. 100% of) the IT department in a medium-sized secondary school (for the americans here, read combination Middle / Senior school). Working there opened my eyes to the fact that, back then, IT in schools was very much tacked on as an afterthought, was underfunded, under-resourced, and it was only about 3 months before I quit working there that the government even started to fund a programme of training teachers in how to use the available systems, both to improve their own efficiency, and to incorporate it into their lesson plans in a way that would encourage the students to use more than just basic word-processing and spreadsheet skills.
To sum up... In the UK at the moment, unless you are seriously above the curve when it comes to IT knowledge, or your kids are under 18-24 months old, the ability to effectively monitor / filter / audit the use of your home computer is limited to one option... the age old, tried and tested, nearly 100% reliable Shoulder Surfing (tm).
How do I know my dad wasn't looking at my browsing history / cookies?
Well... this brings me back to an age-old quote, although I can't recall who said it first...
"For every idiot-proof system, there is at least one system-proof idiot!"
My father is VERY DEFINATELY in the latter category. How do I know he wasn't keeping tabs on my computer use? Because it was me who had to monitor HIS use of the PC in the interest of its continued stability.
This is all kinda moot, though, as my age when we got a net-connected PC was 15, more than double the age quoted in the summary.
My guess is that the GP was using angle-brakets around a variable name, i.e. [minority] (Replace the []s with their eqiuvalent wakas) between the word "the" and the word "should" in the bold section of your quote......
IIRC, the "shutdown" command DOES adhere to whatever secutity settings have been laid down in the Local Security Policy (or Group Policies for the larger organisations out there). One of the settings for the local machine that is amongst the configurables here is who can shut the machine down locally, and who can shut it down remotely. The two lists are separate and by default EVERYONE can shut down the machine if logged in locally, but to shut down a machine across the network you'd either need to be explicitly added to the ACL or would need to be in the Domain Admins group (where the machine is a member of a domain).
planting a bush in your front yard that obscures a direct view of your front door
From a security perspective, I would never want one of these as, if someone were at my front door trying to pick the lock, they would be obscured from view. I find living in a neighbourhood where there is the appearance that all the neighbours are nosy is far more effective as a form of security.
Considering all the ways I could step on or wrongly insert a USB connector, it probably would survive and still work. Dunno about you, but I've lost count of the number of people who have asked me to look into why their USB attached peripheral isn't working, only for me to find they've somehow (and the how always remains something of a mystery to me) managed to fold back one or more of the contacts in the USB connector.
Is is just me, or is the use of thinner, almost foil-like, contacts becoming more and more prevalent in a drive (no pun intended) to keep costs, and possibly also weight, down?
Unless external SSDs become really popular How popular do you want the damn things to become? Most ppl I know own at least one such device in the ever-popular "thumb-drive" form-factor...
Restrict your use of the word "like" to no more than five times a day.
Unless you are planning on writing apps front-ending sql data stores... kinda tricky to query certain datatypes without the use of this "forbidden word"!!!
In my experience, the Aussies don't come close to being the spelling zealots entrenched on either side of the Atlantic. To coin a term we shamelessly stole from the French... the australian attitude seems far more "laissez-faire".
Fighting with teachers, eh? That brings back memories...
Not wishing to be seen as disparaging our cousins across the pond I bring this up as your comment called it instantly to mind...
I used to attend an international school in Bavaria, Germany (Hi anyone from MIS between 1989 and 1993) where the students hailed from all over the world (literally). The core language of the school, and that which was used for teaching every non-modern-language class, was English (Not "American English, not British English, just English).
I can vividly remember getting more than a little irate when I was marked wrong for my spellings of "colour" and "honour" in a spelling test. I mentioned this to the teacher, whose response was that I had spelled them wrong as neither word should contain a "u".
Needless to say, I disagreed (and IIRC was quite vocal about this). As a result of my complaint, she walked over and placed a copy of Websters on my desk and asked me to show her therein the entries for the words, spelled the way I wrote them.
I recall her being seriously unimpressed when I brushed the book from the desk and said I'd show them to her in a "Real" dictionary, retrieving my copy of the "Pocket Edition" (God knows who has pockets that big!?!) of the Oxford English Dictionary from my bag at the back of the room!
Even in the face of this evidence, she was unwilling to accept that my spellings of the words should be accepted as she was a teacher of English and had been for years and therefore must be right. The headteacher (an Australian) disagreed with her.
Luckily these feuds didn't last long as within two weeks I was moved up a grade when they discovered that their assessment of the american "grade" equivalents of british school "class" levels was a little pessimistic. The teacher in my new class was a Brit, who was happy to accept any valid spellings. His only condition was that the student be consistent (i.e. always used either british or american spellings, not a mix of both).
Please cite evidence of ISPs common carrier status... it has been hotly debated on/. on numerous occasions, but I have yet to see any evidence confirming CC status!
I used to work with a local cadet unit. Our cadets were a fairly even mix of males and females who were aged 13 - 20.
Whilst working with them I had my eyes opened to just how seriously lacking drug education in schools is here in the UK.
In schools, the drugs education basically consists of about an hour to an hour and a half during which a teacher, not usually from any particular subject area, who had absolutely no experience or training in the subject of substance abuse would hand out a couple of sheets of A4 photocopes to each student, then would read them... "Drugs are bad" would be repeated ad nauseum (kinda like that character in South Park with the glove-puppet)... thus endeth the lesson. (please note, I'm talking a decade ago, things MAY have changed, but I doubt it!)
When working with the cadets, we had the regional RAF drugs awareness officer come in and give a lecture to the cadets (and the dozen or so parents who considered it their responsibility to educate themselves on the sort of things their children may be exposed to).
The approach was COMPLETELY different:
1) He never once used the killer phrase "Drugs are bad"
2) He handed out actual examples of each drug discussed (sealed in plexiglass, before anyone gets excited) so those present would recognise the drugs in question
3) He stated the positive effects of each drug / class of drug, rather than just the negatives
4) He quoted the types of sentence that those found with each drug was subject to at the time, both for posession and distribution
5) He encouraged the asking of questions (something the school teachers are unable to do, as they don't have the answers)
6) He encouraged those present to share any experiences they had had either personally, or with friends / relatives
7) At the end of the presentation, he basically shrugged and said "well folks... there are the facts. It's up to you to make your own minds up what you want to do."
The important differences:
A) Even though the cadets were of school age (mostly), he adressed them as young adults. He presented the information, rather than preaching it
B) Those present were encouraged to participate in the learning process, asking questions and sharing experiences
C) Alcohol, Caffeine, Tobacco and prescription medication were also included in the subject matter
After the first couple of drugs were mentioned, cadets would start chipping in with the local street prices for each drug as it was discussed. All bar ONE of the parents who attended thought the lecture was delivered in the right way. The one who had a problem with the delivery was only displeased because he DIDN'T, at ANY point, say "drugs are bad" or try to persuade those present not to take drugs.
The above being said... I'm sure some will mod me as off-topic, but I feel there is a point to be made here that does draw a paralell between the "war on drugs" and the Bot Roasts (Is it just me, or did the FBI miss the opportunity for additional funding by not naming it the "war on malware").
Computer education in schools needs a thorough overhaul if we are going to beat the malware problem.
Whilst to many of us this will hardly be a surprise, consider the differences shown above in substance abuse awareness education and cast your minds back (those who actually had computer classes in school during the era since magazines were first distributed with coverdisks) to the education you've received in using a computer.
I've been a student, and I've been on the other side of the fence as support staff in a school. IT classes in the schools I have experienced were not taught by a teacher with any real specialist training or background. Usually, they were maths teachers with a few spare slots in their schedule, usually due to them not being qualified to teach the higher level classes (GCSEs and up).
Thanks for that... funniest comment I've seen on here in a LOOOOONG time.
Kinda offtopic, but kinda related to the above... what's the best thing to use to get an overspray of Co--Erm--"High sugar vegetable-extract based soft drink" off of a flat screen???
Note to self... be sure to swallow the caffeine source BEFORE reading the next comment in future!
Slashdot Mirror
I concurr that this will hurt those websites who use pay-per-click systems in a purely financial sense, but ONLY if the ads that the ISP is injecting REPLACE those already on the page. Simply inserting more ads would, in my opinion (and IANAL, by the way), only hurt the authors/owners of the sites with regard to brand confusion / defamation etc, and even then, only if the injected material is sufficiently random in selection that such contradictory adverts would make it onto the page. This MAY allow for suits against the injectors from this POV, but how do they go about identifying what ads were injected into their pages, when it can't be detected at their servers end?
If the pay-per-click ads were REPLACED, on the other hand, then yes, there COULD be potential for a loss of income suit.
Non-pay-per-click advertising, though, would not have any scope for a loss of income suit as, if the model is that the website author/owner gets paid based on the number of times the ad was served, they won't notice any drop in revenue as their ad provider's ads are still being served (regardless of whether the injectors replace or simply add to them), despite the client end possibly not getting them.
At this point, however, I should clarify that I am a layman with regard to online advertising as it is something I've never used (either as a webmaster, or as a consumer). I see the ads (and yes... the volume on many sites can be infuriating, but I have enough software running on my PC that I can't be @r$s#d to add to it with ad-blockers. I run a pop-up blocker, but the ads that don't pop up, I've trained myself to ignore over the years!), but I don't click on them. If I want to buy something online... well... I'll look at the website of a retailer (either traditional brick-and-mortar or online only) that I've come to know and trust (usually by means of word-of-mouth / visiting their stores, etc), and when I can't find anything suitable on sites such as those, there's tried and tested [Insert your search engine of choice] to fall back on.
That's mailbox store, NOT mailbox... One mailbox store can hold many mailboxes!
This may come as a shock to you, but the US Constitution does not have to be adhered to by austrian researchers, or their ministry of defence who are supporting them in this feasability study.
Correct me if I'm wrong (and I have little doubt that some bright soul probably will, in light of what time I'm writing this!), but...
Whilst it may appear on the surface that IIS is becoming more restrictive in it's options, this is largely because they are now giving admins the option of configuring their webservers via text file a-la Apache (albeit via a somewhat more easily-legible and logically structured XML file) and, in light of the fact that many of the seriously advanced options that it provides are only likely to be used by the kind of folks who would prefer a text-based config interface, they have removed these options from the GUI.
My hunch is that this is for 3 main reasons:
1) To de-clutter the existing GUI (which, lets face it, had started to look more than a little cramped... How many tabs on that damn "properties" window if you have all the available modules installed?).
2) To ensure none of these advanced options are not switched on by accident.
3) Significantly easier standardisation of deployment configurations (author your XML file once, then just copy it onto all the boxes and restart the IIS services... Job done WITHOUT having to spend hours mucking about with checkboxes)
So sure, it may be "just for that" that there is less defacement of later versions of IIS, but if so, my hunch is that this is only because the average admin will be affected by a reduction in the feature-set (that exists purely on the surface), whereas the more experienced IIS admins know these options exist (and hence are less likely to f#@k 'em up!). It's not often I'm led to feeling that Microsoft deserves a pat on the back for learning from (although, I have little doubt that various Apache admins out there will call it "stealing"!)an idea found within one of their competitors and, not only accepting that it has it's advantages over their prior implementations, but also for developing that concept such that it's more logically laid-out and, thereby, easier to use and screw up!
That having been said, I'm a total amateur with regard to webserver admin, and the existence of the XML file I refer to above is gleaned from... well, I read it somewhere, but can't remember exactly where! The word "Metabase" springs to mind, but I can't recall if this is what MSFT call this XML file, or if that was the name of the source of what I was reading...
OK... So what you essentially want is to have the authors tell you, not only which attack vectors are responsible for the various defacements, but also which discrete piece of software is responsible for it?
You specifically cite the Storm Botnet, a distributed malware system comprising so many rapidly-changing elements that to specifically identify it would likely be a difficult task at the very least, a waste of valuable (and finite) resources, and potentially impossible to achieve reliably.
I propose an alternative... Attack your requirement for information from the opposite angle...
There have been numerous analyses of Storm and how it works. I'm fairly certain that at least one of these will include a list of the attack vectors it's known to use. This may not enable you to get exact numbers on which defacements are Storm-related, but at least it will give you the numbers (and hence proportion) of attacks that aren't Storm-related.
The above having been said, I would hazard a guess that any mention of Storm is pretty irrelevant as, judging by the Attack Reaason table, there is no "Economic Gain" category, the only viable category to use in classifying Storm. Let's face it, Storm isn't about Revenge, Patriotism, Politics, Technical Challenge, Fun, or even "One-Upmanship"... It's about building, controlling and utilising the largest possible distributed malware installation system with the aim of selling the use of blocks of it to the highest bidder for money. As you can no doubt see, the only relevant category for this, out of those available, would be "Not Available".
This leads me to believe that the figures are for defacements in the traditional definition, namely modifying the "look and feel" of the site in question, not in modifying what's going on under the hood in terms of spreading malware. If my hunch is correct, then the excuse that Storm was written to deliberately ignore IIS (and I can't exactly recall if it was ALL versions of IIS, or just 6.0) is, whilst a piece of anecdotal evidence to support the theory that those who would do harm to the online infrastructure would be more prolific in their attacks on non-Windows/IIS machines, entirely irrelevant to the current discussion.
Also, looking at the "Reasons" table, the only reasons that could be related to the installed OS or Web-Server are "As a Challenge" (where the attacker is deliberately targeting an attack vector in a specific combination of the above (and/or any applications running on top) for the purpose of proving their "technical flair and ability"), or "Revenge against the website" (but only where that revenge is targeted at their choice of software combination, rather than content). All in all, I think that the statistics are useful, as they do merely list successful defacements, and are biased only by the distribution of the install base, rather than any bias in the attacks themselves.
Of course, I could be wrong, and the authors may have just lumped all the automated, Storm-type attacks under one of the other, entirely irrelevant, "Attack Reasons". Would have been useful if they had given a clear statement somewhere on the site as to what the definition of a "defacement" is, and whether it would include Storm (and its derivatives / competitors).
And before anybody decides it would be worth modding me down or flaming me with accusations of being a Microsoft Fanboi, please be advised that, while I DO use Microsoft products, I am very much pro FOSS. As a matter of fact, as soon as I can find the time to do the research to find a version of Linux (or *BSD) that will recognise my wireless USB Device (let alone allow me to configure it), I will be migrating my home PC to a dual-boot Linux (or *BSD)/XP box (with the XP retained for legacy apps, home-working, media-centre applications and, mainly, because dumping that much money on a piece of software and not continuing to use it in spite of it's flaws just feels so damn wrong!).
I may have completely misunderstood this, but it is my POV that using FOSS, doesn't automatically make you FOSS...
Google write a LOT of custom code... Is ALL of the source-code to this available? When you purchase one of their "Appliances", do you get the source-code to their custom code thrown in with it?
Your guess as to my age was correct, late 20s is accurate. And yes, I've heard the phrase "times change", which is interchangeable with the "Times are Different" that you quote.
/. for example anecdotes I encountered in my time working there...)
That having been said, I have former schoolmates that I keep in touch with who have children around the age-group of the OPs sister, and know they wouldn't know what a cookie is, let alone how to check them.
This is, however, no reflection on their knowledge (or lack thereof), it is merely a recognition of the terrible state of IT education back when I was in school / college, which is only now starting to (slowly) improve.
Back when I was in school, IT lessons were a bit of MS Word and MS Excel, if your teacher was above the IT learning curve, there MAY have been a little MS Publisher / Serif PagePlus thrown in, and most maths teachers would happily leave you mucking about with LOGO for an hour or so while they grabbed a coffee in the teachers lounge and expect that to cover their requirement for including an element of ICT in the curriculum.
Web access in schools back then was a joke, in those rare institutions that had it. Networked internet access was beyond the realms of most schools IT departments, where in many cases the Network Administrator was just a random teacher who had this tacked on to his / her job as a secondary (or in many cases tertiary, quaternary, etc...) responsibility. This is, largely, what lead to the success of companies such as Research Machines in the UK, as they put together an impressive range of front-ends onto a windows network of above-average stability to obfuscate the more complicated elements of the administration of the network. Having met a number of their support analysts, they were fairly blunt about the level of knowledge (or lack thereof) of most of their client-base. Having worked with teachers myself, I can well understand their frustrations. (see a couple of my early comments on
To put this in perspective, I am not suggesting that this is the fault of the teachers in question. I have been both sides of the fence, starting as a student, then being part of (i.e. 100% of) the IT department in a medium-sized secondary school (for the americans here, read combination Middle / Senior school). Working there opened my eyes to the fact that, back then, IT in schools was very much tacked on as an afterthought, was underfunded, under-resourced, and it was only about 3 months before I quit working there that the government even started to fund a programme of training teachers in how to use the available systems, both to improve their own efficiency, and to incorporate it into their lesson plans in a way that would encourage the students to use more than just basic word-processing and spreadsheet skills.
To sum up... In the UK at the moment, unless you are seriously above the curve when it comes to IT knowledge, or your kids are under 18-24 months old, the ability to effectively monitor / filter / audit the use of your home computer is limited to one option... the age old, tried and tested, nearly 100% reliable Shoulder Surfing (tm).
Now why did you have to go and do that... posting my private mobile number here on the intarwebz for all to see... you insensitive clod!
How do I know my dad wasn't looking at my browsing history / cookies?
Well... this brings me back to an age-old quote, although I can't recall who said it first...
"For every idiot-proof system, there is at least one system-proof idiot!"
My father is VERY DEFINATELY in the latter category. How do I know he wasn't keeping tabs on my computer use? Because it was me who had to monitor HIS use of the PC in the interest of its continued stability.
This is all kinda moot, though, as my age when we got a net-connected PC was 15, more than double the age quoted in the summary.
My guess is that the GP was using angle-brakets around a variable name, i.e. [minority] (Replace the []s with their eqiuvalent wakas) between the word "the" and the word "should" in the bold section of your quote......
IIRC, the "shutdown" command DOES adhere to whatever secutity settings have been laid down in the Local Security Policy (or Group Policies for the larger organisations out there). One of the settings for the local machine that is amongst the configurables here is who can shut the machine down locally, and who can shut it down remotely. The two lists are separate and by default EVERYONE can shut down the machine if logged in locally, but to shut down a machine across the network you'd either need to be explicitly added to the ACL or would need to be in the Domain Admins group (where the machine is a member of a domain).
From a security perspective, I would never want one of these as, if someone were at my front door trying to pick the lock, they would be obscured from view. I find living in a neighbourhood where there is the appearance that all the neighbours are nosy is far more effective as a form of security.
Plumbers?
Didn't know Nintendo was part of the USB consortium!?!
Is is just me, or is the use of thinner, almost foil-like, contacts becoming more and more prevalent in a drive (no pun intended) to keep costs, and possibly also weight, down?
Unless you are planning on writing apps front-ending sql data stores... kinda tricky to query certain datatypes without the use of this "forbidden word"!!!
I notice from the quote that "No action may be brought under this title alleging infringement"...(Emphasis mine)
Is it just me, or does this NOT preclude them from bringing actions under DIFFERENT titles within the US Code?
Not that it directly affects me, but I'm sure the UK (if it doesn't already) will have equivalent statutes shortly
Not wishing to be seen as nit-picking here, but the GP said:
Sick Kids AND Africa
NOT
Sick Kids IN Africa.
No disadvantage intended, or implied...
In my experience, the Aussies don't come close to being the spelling zealots entrenched on either side of the Atlantic. To coin a term we shamelessly stole from the French... the australian attitude seems far more "laissez-faire".
Fighting with teachers, eh? That brings back memories...
Not wishing to be seen as disparaging our cousins across the pond I bring this up as your comment called it instantly to mind...
I used to attend an international school in Bavaria, Germany (Hi anyone from MIS between 1989 and 1993) where the students hailed from all over the world (literally). The core language of the school, and that which was used for teaching every non-modern-language class, was English (Not "American English, not British English, just English).
I can vividly remember getting more than a little irate when I was marked wrong for my spellings of "colour" and "honour" in a spelling test. I mentioned this to the teacher, whose response was that I had spelled them wrong as neither word should contain a "u".
Needless to say, I disagreed (and IIRC was quite vocal about this). As a result of my complaint, she walked over and placed a copy of Websters on my desk and asked me to show her therein the entries for the words, spelled the way I wrote them.
I recall her being seriously unimpressed when I brushed the book from the desk and said I'd show them to her in a "Real" dictionary, retrieving my copy of the "Pocket Edition" (God knows who has pockets that big!?!) of the Oxford English Dictionary from my bag at the back of the room!
Even in the face of this evidence, she was unwilling to accept that my spellings of the words should be accepted as she was a teacher of English and had been for years and therefore must be right. The headteacher (an Australian) disagreed with her.
Luckily these feuds didn't last long as within two weeks I was moved up a grade when they discovered that their assessment of the american "grade" equivalents of british school "class" levels was a little pessimistic. The teacher in my new class was a Brit, who was happy to accept any valid spellings. His only condition was that the student be consistent (i.e. always used either british or american spellings, not a mix of both).
Here we go again...
/. on numerous occasions, but I have yet to see any evidence confirming CC status!
Please cite evidence of ISPs common carrier status... it has been hotly debated on
Education is the key here, I think...
I used to work with a local cadet unit. Our cadets were a fairly even mix of males and females who were aged 13 - 20.
Whilst working with them I had my eyes opened to just how seriously lacking drug education in schools is here in the UK.
In schools, the drugs education basically consists of about an hour to an hour and a half during which a teacher, not usually from any particular subject area, who had absolutely no experience or training in the subject of substance abuse would hand out a couple of sheets of A4 photocopes to each student, then would read them... "Drugs are bad" would be repeated ad nauseum (kinda like that character in South Park with the glove-puppet)... thus endeth the lesson. (please note, I'm talking a decade ago, things MAY have changed, but I doubt it!)
When working with the cadets, we had the regional RAF drugs awareness officer come in and give a lecture to the cadets (and the dozen or so parents who considered it their responsibility to educate themselves on the sort of things their children may be exposed to).
The approach was COMPLETELY different:
1) He never once used the killer phrase "Drugs are bad"
2) He handed out actual examples of each drug discussed (sealed in plexiglass, before anyone gets excited) so those present would recognise the drugs in question
3) He stated the positive effects of each drug / class of drug, rather than just the negatives
4) He quoted the types of sentence that those found with each drug was subject to at the time, both for posession and distribution
5) He encouraged the asking of questions (something the school teachers are unable to do, as they don't have the answers)
6) He encouraged those present to share any experiences they had had either personally, or with friends / relatives 7) At the end of the presentation, he basically shrugged and said "well folks... there are the facts. It's up to you to make your own minds up what you want to do."
The important differences:
A) Even though the cadets were of school age (mostly), he adressed them as young adults. He presented the information, rather than preaching it
B) Those present were encouraged to participate in the learning process, asking questions and sharing experiences
C) Alcohol, Caffeine, Tobacco and prescription medication were also included in the subject matter
After the first couple of drugs were mentioned, cadets would start chipping in with the local street prices for each drug as it was discussed. All bar ONE of the parents who attended thought the lecture was delivered in the right way. The one who had a problem with the delivery was only displeased because he DIDN'T, at ANY point, say "drugs are bad" or try to persuade those present not to take drugs.
The above being said... I'm sure some will mod me as off-topic, but I feel there is a point to be made here that does draw a paralell between the "war on drugs" and the Bot Roasts (Is it just me, or did the FBI miss the opportunity for additional funding by not naming it the "war on malware").
Computer education in schools needs a thorough overhaul if we are going to beat the malware problem.
Whilst to many of us this will hardly be a surprise, consider the differences shown above in substance abuse awareness education and cast your minds back (those who actually had computer classes in school during the era since magazines were first distributed with coverdisks) to the education you've received in using a computer.
I've been a student, and I've been on the other side of the fence as support staff in a school. IT classes in the schools I have experienced were not taught by a teacher with any real specialist training or background. Usually, they were maths teachers with a few spare slots in their schedule, usually due to them not being qualified to teach the higher level classes (GCSEs and up).
IT lessons would be "Here's how to use MS Word
Thanks for that... funniest comment I've seen on here in a LOOOOONG time.
Kinda offtopic, but kinda related to the above... what's the best thing to use to get an overspray of Co--Erm--"High sugar vegetable-extract based soft drink" off of a flat screen???
Note to self... be sure to swallow the caffeine source BEFORE reading the next comment in future!