Auditing right out of the gate is a bad idea IMO. A better first step is to have a "casual" conversation with your boss to "find out if the records exist". Going into the conversation with the assumption that records do exist and you just don't have them. For all you know everything could be legit and the last guy was hanging on to the licensed copies to sell on e-bay.
Your bosses reaction will give you an idea what kind of battle you are in for. Knowing this will allow you to make a better decision about whether you really want to remove any doubt about the state of licensing and document how much you know about it.
On the wikileaks talk page there is a discussion of exactly how to pull the list, using some censorship client (sorry wikileaks is down or I would provide more details). The takeaway I got was that this is/was the list being used to censor. What is more troubling that this is the official list or that the vendors are using some crap they made up to do the censoring?
Someone posted a link in the last story about this that showed wikileaks becoming unreachable on the 18th... not sure how reliable it is but I'm sure you could find it if you look.
check out kidzui which doesn't use ssl, but does use a whitelist domain model that mostly works.
HTTPS works just fine... and account permissions can be set up to prevent install from or booting to removable media... no need for a new port. If that really wasn't enough you could set up an external proxy (maybe on the AP) that would do the filtering.
With a purely HTTPS based approach the only thing that needs to be done is disable HTTP and bundle it only with the safe CA cert.
> remember my mention of IE supporting a system to put ratings in the headers? Nobody does.
This is perhaps the crucial point. Do enough people care for the market to solve it? If not than passing legislation to force us to have protection they we don't want (and has costs) is just plain wrong. There are plenty of groups (e.g. LDS) that want a safe internet... those who care can subsidies it. With large enough subsidies they will be able to get the content providers on board, whether the users will be interested or not is an open question.
Parental controls are not a good analogy because they are implemented as metadata transmitted in a channel that is typically used to transmit ancillary data.
This would be more akin to not allowing mature content on VHF channels. The biggest difference here is that you are pushing the decision from the content/content metadata into the transmission layer that shouldn't have any knowledge about what content is being transmitted.
except that blocking port 80 in that scenario is superfluous. If "good" sites require ssl and a CA that requires a purity test it is trivial to block "evil" content at the browser. Someone just needs to build a browser that obeys those rules and user permissions need to be set up to prevents the children from modifying the software and/or installing other CA certificates, which would need to be done in any case.
One has to wonder though if google would pass their test and if not how useful their safe internet would be.
From the perspective of an ISV that does anything besides simple web browsing having to worry about regulated port numbers seems like an unnecessary headache. What about ports 25 and 53, would those get regulated also? the effort is useless without them and exposes lots of downstream parties to liability if they do.
Even if you agree with their stated goal, their approach is totally unworkable IMO.
What they are really telling you is that they are storing your password in clear text or reversible encryption and as such can't be trusted with a non-disposable password.
Was "Robert" a genius or just incompetent with connections to the boss? There is a big difference. If he wasn't willing or able to fix what he broke it sounds more like the latter.
That is an easy one. With a sales person you can draw a direct line between the person with a bad attitude and the dollars they are generating. With a developer the value of putting up with the bad attitude is more abstract. The first line manager might understand the value, but as you move up the food chain you get too people that are increasingly less likely to understand the value add.
Most of the development superstars that I've worked with all have their eccentricities... some of which are irritating and some of which aren't. My belief is that most mediocre developers have to get rid of these to stay employed, but the best don't.
If you are building something new and innovative you need them and have to work around their quirks if you want to keep them. There are obviously limits, though it doesn't sound like you are the one that gets to set them. Where those limits are depends on the project and how badly it needs star developers.
The suggestion list is ordered by popularity, there doesn't appear to be a way to compare write-ins to the top 4. I would guess that this was done to make it easier for them to ignore write-in results unless they liked what won that category.
You get a lot more bang for your buck using LVS and custom scripts (if you need them) than you do with F5 boxes.
Re:The lack of tech understanding in popular cultu
on
Daemon
·
· Score: 1
before there was a movie there was a book by Robert Ludlum who was known for technical accuracy and attention to details. Maybe it wouldn't have affected effected revenue of the first movie but it would probably have pissed off Ludlum fans to see a technically sloppy adaptation of his book.
I don't watch the show... but really whats wrong with building a GUI in VB to track IPs. I would rather write an tool that does it correctly than try to teach the average detective how to use traceroute and do IP/AS look-ups based on the results. Sure VB isn't the language I would use but we are talking about a simple automation tool, so whatever your developer happens to know will probably work better than picking the best language for the job.
I think that the cuckoo's egg would fall into the category of a techno-thriller written by someone who understands the tech... and it was a pretty awesome book.
I would assume that their is going to be some return traffic... so this is really just a throughput issue. This is somewhat unavoidable on connections with a high bandwidth delay product.
definitions evolve over time. The words "coupe" and "buggy" originally meant a specific styles of (horse drawn) carriage, but as technology shifted so did the meaning of the words... this isn't any different than that.
The plan is to prove that every alternative (e.g. caps, content mangling) except charging content providers a fee won't work and then demand that they be allowed to do that.
Slashdot Mirror
There is no imminent threat here and no reason that that the school couldn't get LEO involved unless they knew what they were doing was wrong.
Auditing right out of the gate is a bad idea IMO. A better first step is to have a "casual" conversation with your boss to "find out if the records exist". Going into the conversation with the assumption that records do exist and you just don't have them. For all you know everything could be legit and the last guy was hanging on to the licensed copies to sell on e-bay.
Your bosses reaction will give you an idea what kind of battle you are in for. Knowing this will allow you to make a better decision about whether you really want to remove any doubt about the state of licensing and document how much you know about it.
On the wikileaks talk page there is a discussion of exactly how to pull the list, using some censorship client (sorry wikileaks is down or I would provide more details). The takeaway I got was that this is/was the list being used to censor. What is more troubling that this is the official list or that the vendors are using some crap they made up to do the censoring?
Someone posted a link in the last story about this that showed wikileaks becoming unreachable on the 18th... not sure how reliable it is but I'm sure you could find it if you look.
The real question in my mind is do we get a typical EA sequel or a typical Bioware sequel.
check out kidzui which doesn't use ssl, but does use a whitelist domain model that mostly works.
HTTPS works just fine... and account permissions can be set up to prevent install from or booting to removable media... no need for a new port. If that really wasn't enough you could set up an external proxy (maybe on the AP) that would do the filtering.
With a purely HTTPS based approach the only thing that needs to be done is disable HTTP and bundle it only with the safe CA cert.
> remember my mention of IE supporting a system to put ratings in the headers? Nobody does.
This is perhaps the crucial point. Do enough people care for the market to solve it? If not than passing legislation to force us to have protection they we don't want (and has costs) is just plain wrong. There are plenty of groups (e.g. LDS) that want a safe internet... those who care can subsidies it. With large enough subsidies they will be able to get the content providers on board, whether the users will be interested or not is an open question.
Parental controls are not a good analogy because they are implemented as metadata transmitted in a channel that is typically used to transmit ancillary data.
This would be more akin to not allowing mature content on VHF channels. The biggest difference here is that you are pushing the decision from the content/content metadata into the transmission layer that shouldn't have any knowledge about what content is being transmitted.
except that blocking port 80 in that scenario is superfluous. If "good" sites require ssl and a CA that requires a purity test it is trivial to block "evil" content at the browser. Someone just needs to build a browser that obeys those rules and user permissions need to be set up to prevents the children from modifying the software and/or installing other CA certificates, which would need to be done in any case.
One has to wonder though if google would pass their test and if not how useful their safe internet would be.
From the perspective of an ISV that does anything besides simple web browsing having to worry about regulated port numbers seems like an unnecessary headache. What about ports 25 and 53, would those get regulated also? the effort is useless without them and exposes lots of downstream parties to liability if they do. Even if you agree with their stated goal, their approach is totally unworkable IMO.
What they are really telling you is that they are storing your password in clear text or reversible encryption and as such can't be trusted with a non-disposable password.
Does it matter? The link is in the history regardless of what the current version of the page looks like.
Isn't that what tor is for?
This seems like the way to go. Assuming that your website drives revenue somehow, throwing away traffic is not smart.
Was "Robert" a genius or just incompetent with connections to the boss? There is a big difference. If he wasn't willing or able to fix what he broke it sounds more like the latter.
That is an easy one. With a sales person you can draw a direct line between the person with a bad attitude and the dollars they are generating. With a developer the value of putting up with the bad attitude is more abstract. The first line manager might understand the value, but as you move up the food chain you get too people that are increasingly less likely to understand the value add.
If you are building something new and innovative you need them and have to work around their quirks if you want to keep them. There are obviously limits, though it doesn't sound like you are the one that gets to set them. Where those limits are depends on the project and how badly it needs star developers.
The suggestion list is ordered by popularity, there doesn't appear to be a way to compare write-ins to the top 4. I would guess that this was done to make it easier for them to ignore write-in results unless they liked what won that category.
You get a lot more bang for your buck using LVS and custom scripts (if you need them) than you do with F5 boxes.
before there was a movie there was a book by Robert Ludlum who was known for technical accuracy and attention to details. Maybe it wouldn't have affected effected revenue of the first movie but it would probably have pissed off Ludlum fans to see a technically sloppy adaptation of his book.
I don't watch the show... but really whats wrong with building a GUI in VB to track IPs. I would rather write an tool that does it correctly than try to teach the average detective how to use traceroute and do IP/AS look-ups based on the results. Sure VB isn't the language I would use but we are talking about a simple automation tool, so whatever your developer happens to know will probably work better than picking the best language for the job.
I think that the cuckoo's egg would fall into the category of a techno-thriller written by someone who understands the tech... and it was a pretty awesome book.
and interstate commerce
I would assume that their is going to be some return traffic... so this is really just a throughput issue. This is somewhat unavoidable on connections with a high bandwidth delay product.
definitions evolve over time. The words "coupe" and "buggy" originally meant a specific styles of (horse drawn) carriage, but as technology shifted so did the meaning of the words... this isn't any different than that.
The plan is to prove that every alternative (e.g. caps, content mangling) except charging content providers a fee won't work and then demand that they be allowed to do that.