Nowadays there is such thing as "trackerless torrents". No idea how it works, but it works. A while ago I tried to download some torrent, but the single listed tracker in the.torrent was down. Nevertheless soon the download started, like magic:-) And once one peer was found, many more followed quickly thanks to peer exchange.
BT has in a way been replaced several times already. The protocol from 10 years ago has evolved a lot (will the original BT client even be able to handle to current torrents?), with additions like peer exchange, DHT, magnet links and encryption. The idea behind BT is brilliant and simple, and as such will always live on. It solved most if not all problems from the original P2P protocols: the P2P issue itself (too many downloaders on a single peer), disappearing peers (now you have more than one - download will continue from other peers), and overall download speed. The protocol was found to have some problems itself, most notably the centralised tracker, which is also solved now. The problems that remain are the finding of content, for that there is still no solution to the current centralised databases (aka "torrent sites"), and longevity of the content: as soon as the last seeder stops seeding, the file is lost from the network.
And on top of it, it's not owned by a single for-profit organisation like Napster or LimeWire. When that company goes out of business, the protocol is out, and something new is needed. BT will live long I think. It's an open and free protocol, allowing for it to evolve and have people add features to it. There is no "single point of failure" - by design.
When a company gets taken over by another company, I suppose existing contracts signed by the swallowed-up company remain in force. Otherwise that'd be a very easy way to get out of a contract: set up shell company, have shell company buy up your original company and become the company again, existing contracts void? Don't think so. A patent licensing deal is a kind of contract as well.
Easy to prevent: transfer ownership of patent to a shell company. Company ownership is tradable, and with that all company assets (including patents etc).
Besides that, especially for many tech companies patents are a major part of the company's overall value. Having the patent lose value when a company shuts, makes it effectively worthless as asset that can be used as collateral, or in case of bankruptcy a way to get money back to investors - which means investors have a much greater risk when investing in such a company.
So far the only really troublesome patents that I know of are software patents, and (closely related) business process patents. The problem is: they patent an idea, not an invention. Think of the paper clip: that was a great invention, and as such rightfully patented by the inventor. But the general idea of "holding sheets of paper together" that's not patentable - yet software patents do just that, patent broad ideas. That's bad.
Issues also exist with medical patents, but that's for other reasons: patents on medicines keep prices high until the patent runs out (which is usually far less than the total 20 years of the patent as many compounds are patented well before they are registered medication) - though arguably this is to give medical companies a sufficient return on investment, and medicine development is simply very expensive, largely due to the extensive and lengthy testing required.
Though overall I agree with you, patents are there for a very good reason, and the current terms on patents are basically still very reasonable. This in contrast to copyright of course where the term is way too long to be reasonable...
Did granny ever become involved in MySpace? Don't think so.
When/if Facebook is replaced by something else, granny will move as well. The whole net population has changed over the last decade or two - in MySpace's heyday granny wasn't online yet, and the youngsters were still by themselves. That part has changed a lot.
Most likely they will just continue posting those compromising photos in/b/ or so... at least it's usually not going to stay online forever.
It may be me... but I don't recall MySpace as a real networking site, which offered personal messaging and so like Facebook does. I've always seen it more as a successor of sites like geocities, where everyone could set up their own web page. I've also never seen MySpace getting anything near the popularity Facebook has now.
Though Facebook is not a place to set up your own web site but a place to send messages to (groups of) other people - they call it "friends" - and to form special interest-related groups.
The whole working of social networks promotes monopolies.
Back in the days we were all chatting on ICQ, and newcomers went to ICQ because everyone else was on there already.
Later MS replaced it with MSN - same effect.
Online auction: e-bay. There is no other. Why use e-bay? Because everyone else uses it, so that's where your buyers are if you want to sell something, and that's where all the offers are found if you want to buy something. There are local alternatives (geographical location matters for that kind of sites - they're an exception in that matter) - but at least some if not all of them have been swallowed up by e-bay (such as the popular Dutch trading site marktplaats.nl).
And of course Facebook: yes I'm using it, recently fairly active, and the reason to use it is because everyone else is there as well.
You don't use a social network that has no members - there is no network without a critical mass of members. And as soon as that mass has been found, the network attracts more and more members, and competition doesn't stand a chance for that very reason. Even if something technically better comes along, nobody switches because nobody else switches and the new network remains empty. This new Google network will also suffer from that, though I think it stands a chance as it has the Google brand behind it, and that's a pretty powerful one.
He is 13yo. Having a paper route may well fall under illegal child labour. At such an age children shouldn't have to, let alone be expected to, take up paid jobs to begin with.
It would be great to have a sandbox option to run such software. I'd also be curious what's on a found USB key. And wondering what that.exe would be doing.
Best solution may be if software run from an external and thus untrusted source (like a USB key) would be automatically sandboxed, and running into its own environment, separated from the rest of the OS. If it tries to do anything bad, just kill it, finish. Then we can satisfy our natural curiousity, while still being protected from anything nasty that may be done.
This could also be a solution to make autorun useful AND safe.
Well six, seven years ago when I built it up, stored procedures didn't exist in MySQL. I believe it's possible now but not sure whether Debian stable has that version included. That's already a major reason.
Secondly most queries are done through a library call, not by sending the actual SQL command. Like db.query(db, fields, where, options,...). There is nothing more fancy in it than reading information, no calculations or whatever - simply not needed. Really the most basic use of a db.
The difference with using an out-of-the-box secure system is that at least you know that only what you explicitly open, is open. Nothing else. And the next step is of course to make sure that you do not open anything any more than you intend to.
I don't agree with your analogy, as physical and digital security are too different. Not many houses can stand a SEAL attack, yet it is perfectly possible to connect a computer to the Internet with zero vulnerabilities (think OpenBSD).
Secondly, after a few decades of research that is still ongoing, there are plenty of known practices that make it easy to quite thoroughly secure a server. These issues include (list from memory, mainly related to recent attacks where this was the exact vulnerability):
ssl set up to log in without password,
SQL injection prevention (just escaping the input prevents most if not all of them - many libraries do this out of the box for you),
set a session cookie after log-in, and use it,
not storing passwords as plaintext but as (salted) hash - a preventative measure for in case you do get hacked,
separate databases, and giving the web-facing script a separate user in the database with minimum permissions - so in case the server does get hacked the attacker still can not see much,
a port-forwarding firewall letting through only traffic to the ports you need.
That's what I can think of, from the top of my hat. All of them are easy to implement - and when implemented will prevent most attacks from happening. Sure you won't be immune to zero-day attacks on your web server software, or other services. But it limits the attack vectors a lot already.
Not following such "best practice" standards I would call negligence.
Now I readily admit that my own server is also not configured perfectly, there is a bit of "security through obscurity" too of course. Yet I have a software-firewall blocking all but whitelisted ports, my SQL queries are sent to the database through a library that does the escaping and so for me, preventing SQL injection attacks automatically. No-one else has ssl access, so no way you can social engineer the password from me. Oh yeah and I don't need to store any personal details of visitors there, that also helps.
Most of these attacks appear to be SQL injection related. And that is easy to prevent: the MySQLdb module for Python is doing that for you already. That only leaves tests like type checking ("I expect an integer value - let's see if this string can be converted to integer"), and value checking ("this string should be no more than 20 characters", "this should be a positive integer, not larger than 100").
And indeed there will always be lots of soft targets - yet companies that take user's personal details must not be a soft target. High-profile web sites should also know that they will be a target of hackers (the higher the profile, the bigger the lulz for a successful attack after all), and as such have also no excuse to be a soft target. Yet it is several of those that have been proven to be pretty soft targets.
That's how it works in such cases: comply or get fined again. And again. And again. Having to pay that amount time and again does get expensive. This fine is not a one-off fine like you get for running a red light.
Besides there is wisdom in complying to the law, especially when you already have been told you're breaking it.
The most impressive thing is how many people are happy to open their wallet for something they don't even know what it is. Reading the description and reviews would imho the least thing to do when deciding whether or not to buy an app.
When the app is doing what it's description says (even if it says "this isn't doing anything at all" and it actually doesn't do anything at all) then it's not a scam, it's as simple as that. You're not being scammed as no promises have been broken.
Yes of course I know, I was being simplistic as in "army costs something like a trillion a year, which is roughly the current budget deficit". If you were to really disband the army sure you would have extra cost in the short term.
The point is just that armies and war cost a lot of money. Really a lot. And they just don't contribute (much) to the overall economy as an army is mainly about destruction (the "broken window fallacy").
I wouldn't be surprised if disbanding the army (and navy and airforce) would solve (most of) the US budget deficit... it's not just because that most countries are smarter than trying to occupy some faraway country. It's just too damn expensive!
I recall a story on/. even about spraying foam on the tents to save energy, particularly in hot areas like Afghanistan and Iraq (and cold in the Afghan winter when you have to heat the place).
The rest of the world may have it easier, as individuals can do it individually. When I save on energy, I see it in the next bill, clear incentive. When a soldier saves energy, well it may mean extra effort. And this problem can be seen for most companies as well: individuals don't have a (financial) incentive, no reward for saving energy. It has to be the company that top-down enforces new habits, and some companies do, as it can help their profit. But many are too big to actually care enough, or to actually enforce such regulations.
For the US army it's definitely worse, as it has a virtually unlimited budget (they can always ask the government for more, and if recent history is anything to go by, get it). There is no financial gain for them, at all. The only reason for them to do it is that it's so hard to get the fuel where it has to be, and running out may be deadly for the people on the front line.
In traditional wars it's even not as much of an issue, as the supply lines tend to be behind the front lines, and thus firmly in your own hands. Insurgents are something new, something traditional armies just can't handle well. Supply lines suddenly run through enemy terrain, and are always in danger of being cut off. Resources become scarce, and oops maybe we should do something about it and use less of them.
I've never been to the US, I'd love to see the place, but this whole flying nonsense is keeping me away from it. Having go through a watered-down version that's in place in the rest of the world (though EU is following the US closely) is bad enough. No interest to visit the source of that.
That said, and I'm too lazy to look up numbers, but "traditional" airline hijackings were very uncommon already in the years before 9/11. I recall some 20-30 years ago it was quite regularly on the news that an airplane had been hijacked. After that, well it just stopped happening. Until 9/11 that is, of course.
And since then... my memory may fail me but I do not recall a single case of (successful) hijacking.
When talking games, yes, then you need every last bit of performance out of what you can get (though if you go that way, your app will suck on lower-specced models). Then those optimisations may come in handy.
However I don't see why a Facebook app would be limited by available hardware as basically all it does is send and receive messages, and display them in a nice way. No need for fancy animations or so. Network speed will be your limiting factor.
Hacking iOS and hacking the PS3 is quite different from developing end-user apps for it.
They both require coding skills, and knowledge about software - yet when creating an app you're supposed to follow the guidelines, add a nice looking UI to it, etc. I see coding as a tool, no more. A tool to get something done. Building an app with nice UI means you need some UI skills. Building an app that hacks the underlying OS means you have crypto and system analyses skills.
I'm writing an app for Android myself, but I don't know much about the technicalities of Android under the hood, nor do I see much of a need for anyone to deeply understand the OS. Google has nicely abstracted that for me through their API kit. No need to know how memory is allocated exactly, or how and when an app is closed automatically (other than knowing it may happen).
I'd more expect this guy to end up in the computer security field.
But as you say, the pay is probably good. Very good. It has to be for someone with such skills.
There is a big difference between skill set needed to be a coder, and to be a manager. Many great managers will make a poor coder, and the other way around. Even if said manager is managing a software project.
Nowadays there is such thing as "trackerless torrents". No idea how it works, but it works. A while ago I tried to download some torrent, but the single listed tracker in the .torrent was down. Nevertheless soon the download started, like magic :-) And once one peer was found, many more followed quickly thanks to peer exchange.
BT has in a way been replaced several times already. The protocol from 10 years ago has evolved a lot (will the original BT client even be able to handle to current torrents?), with additions like peer exchange, DHT, magnet links and encryption. The idea behind BT is brilliant and simple, and as such will always live on. It solved most if not all problems from the original P2P protocols: the P2P issue itself (too many downloaders on a single peer), disappearing peers (now you have more than one - download will continue from other peers), and overall download speed. The protocol was found to have some problems itself, most notably the centralised tracker, which is also solved now. The problems that remain are the finding of content, for that there is still no solution to the current centralised databases (aka "torrent sites"), and longevity of the content: as soon as the last seeder stops seeding, the file is lost from the network.
And on top of it, it's not owned by a single for-profit organisation like Napster or LimeWire. When that company goes out of business, the protocol is out, and something new is needed. BT will live long I think. It's an open and free protocol, allowing for it to evolve and have people add features to it. There is no "single point of failure" - by design.
When a company gets taken over by another company, I suppose existing contracts signed by the swallowed-up company remain in force. Otherwise that'd be a very easy way to get out of a contract: set up shell company, have shell company buy up your original company and become the company again, existing contracts void? Don't think so. A patent licensing deal is a kind of contract as well.
Easy to prevent: transfer ownership of patent to a shell company. Company ownership is tradable, and with that all company assets (including patents etc).
Besides that, especially for many tech companies patents are a major part of the company's overall value. Having the patent lose value when a company shuts, makes it effectively worthless as asset that can be used as collateral, or in case of bankruptcy a way to get money back to investors - which means investors have a much greater risk when investing in such a company.
So far the only really troublesome patents that I know of are software patents, and (closely related) business process patents. The problem is: they patent an idea, not an invention. Think of the paper clip: that was a great invention, and as such rightfully patented by the inventor. But the general idea of "holding sheets of paper together" that's not patentable - yet software patents do just that, patent broad ideas. That's bad.
Issues also exist with medical patents, but that's for other reasons: patents on medicines keep prices high until the patent runs out (which is usually far less than the total 20 years of the patent as many compounds are patented well before they are registered medication) - though arguably this is to give medical companies a sufficient return on investment, and medicine development is simply very expensive, largely due to the extensive and lengthy testing required.
Though overall I agree with you, patents are there for a very good reason, and the current terms on patents are basically still very reasonable. This in contrast to copyright of course where the term is way too long to be reasonable...
Did granny ever become involved in MySpace? Don't think so.
When/if Facebook is replaced by something else, granny will move as well. The whole net population has changed over the last decade or two - in MySpace's heyday granny wasn't online yet, and the youngsters were still by themselves. That part has changed a lot.
Most likely they will just continue posting those compromising photos in /b/ or so... at least it's usually not going to stay online forever.
It may be me... but I don't recall MySpace as a real networking site, which offered personal messaging and so like Facebook does. I've always seen it more as a successor of sites like geocities, where everyone could set up their own web page. I've also never seen MySpace getting anything near the popularity Facebook has now.
Though Facebook is not a place to set up your own web site but a place to send messages to (groups of) other people - they call it "friends" - and to form special interest-related groups.
The whole working of social networks promotes monopolies.
Back in the days we were all chatting on ICQ, and newcomers went to ICQ because everyone else was on there already.
Later MS replaced it with MSN - same effect.
Online auction: e-bay. There is no other. Why use e-bay? Because everyone else uses it, so that's where your buyers are if you want to sell something, and that's where all the offers are found if you want to buy something. There are local alternatives (geographical location matters for that kind of sites - they're an exception in that matter) - but at least some if not all of them have been swallowed up by e-bay (such as the popular Dutch trading site marktplaats.nl).
And of course Facebook: yes I'm using it, recently fairly active, and the reason to use it is because everyone else is there as well.
You don't use a social network that has no members - there is no network without a critical mass of members. And as soon as that mass has been found, the network attracts more and more members, and competition doesn't stand a chance for that very reason. Even if something technically better comes along, nobody switches because nobody else switches and the new network remains empty. This new Google network will also suffer from that, though I think it stands a chance as it has the Google brand behind it, and that's a pretty powerful one.
He is 13yo. Having a paper route may well fall under illegal child labour. At such an age children shouldn't have to, let alone be expected to, take up paid jobs to begin with.
Which is why the OS should do so automatically, in case software is run from an untrusted source.
It would be great to have a sandbox option to run such software. I'd also be curious what's on a found USB key. And wondering what that .exe would be doing.
Best solution may be if software run from an external and thus untrusted source (like a USB key) would be automatically sandboxed, and running into its own environment, separated from the rest of the OS. If it tries to do anything bad, just kill it, finish. Then we can satisfy our natural curiousity, while still being protected from anything nasty that may be done.
This could also be a solution to make autorun useful AND safe.
Well six, seven years ago when I built it up, stored procedures didn't exist in MySQL. I believe it's possible now but not sure whether Debian stable has that version included. That's already a major reason.
Secondly most queries are done through a library call, not by sending the actual SQL command. Like db.query(db, fields, where, options, ...). There is nothing more fancy in it than reading information, no calculations or whatever - simply not needed. Really the most basic use of a db.
The difference with using an out-of-the-box secure system is that at least you know that only what you explicitly open, is open. Nothing else. And the next step is of course to make sure that you do not open anything any more than you intend to.
I don't agree with your analogy, as physical and digital security are too different. Not many houses can stand a SEAL attack, yet it is perfectly possible to connect a computer to the Internet with zero vulnerabilities (think OpenBSD).
Secondly, after a few decades of research that is still ongoing, there are plenty of known practices that make it easy to quite thoroughly secure a server. These issues include (list from memory, mainly related to recent attacks where this was the exact vulnerability):
That's what I can think of, from the top of my hat. All of them are easy to implement - and when implemented will prevent most attacks from happening. Sure you won't be immune to zero-day attacks on your web server software, or other services. But it limits the attack vectors a lot already.
Not following such "best practice" standards I would call negligence.
Now I readily admit that my own server is also not configured perfectly, there is a bit of "security through obscurity" too of course. Yet I have a software-firewall blocking all but whitelisted ports, my SQL queries are sent to the database through a library that does the escaping and so for me, preventing SQL injection attacks automatically. No-one else has ssl access, so no way you can social engineer the password from me. Oh yeah and I don't need to store any personal details of visitors there, that also helps.
Most of these attacks appear to be SQL injection related. And that is easy to prevent: the MySQLdb module for Python is doing that for you already. That only leaves tests like type checking ("I expect an integer value - let's see if this string can be converted to integer"), and value checking ("this string should be no more than 20 characters", "this should be a positive integer, not larger than 100").
And indeed there will always be lots of soft targets - yet companies that take user's personal details must not be a soft target. High-profile web sites should also know that they will be a target of hackers (the higher the profile, the bigger the lulz for a successful attack after all), and as such have also no excuse to be a soft target. Yet it is several of those that have been proven to be pretty soft targets.
TFA mentions a next fine was due on 1 July.
That's how it works in such cases: comply or get fined again. And again. And again. Having to pay that amount time and again does get expensive. This fine is not a one-off fine like you get for running a red light.
Besides there is wisdom in complying to the law, especially when you already have been told you're breaking it.
The most impressive thing is how many people are happy to open their wallet for something they don't even know what it is. Reading the description and reviews would imho the least thing to do when deciding whether or not to buy an app.
When the app is doing what it's description says (even if it says "this isn't doing anything at all" and it actually doesn't do anything at all) then it's not a scam, it's as simple as that. You're not being scammed as no promises have been broken.
Yes of course I know, I was being simplistic as in "army costs something like a trillion a year, which is roughly the current budget deficit". If you were to really disband the army sure you would have extra cost in the short term.
The point is just that armies and war cost a lot of money. Really a lot. And they just don't contribute (much) to the overall economy as an army is mainly about destruction (the "broken window fallacy").
I wouldn't be surprised if disbanding the army (and navy and airforce) would solve (most of) the US budget deficit... it's not just because that most countries are smarter than trying to occupy some faraway country. It's just too damn expensive!
I recall a story on /. even about spraying foam on the tents to save energy, particularly in hot areas like Afghanistan and Iraq (and cold in the Afghan winter when you have to heat the place).
The rest of the world may have it easier, as individuals can do it individually. When I save on energy, I see it in the next bill, clear incentive. When a soldier saves energy, well it may mean extra effort. And this problem can be seen for most companies as well: individuals don't have a (financial) incentive, no reward for saving energy. It has to be the company that top-down enforces new habits, and some companies do, as it can help their profit. But many are too big to actually care enough, or to actually enforce such regulations.
For the US army it's definitely worse, as it has a virtually unlimited budget (they can always ask the government for more, and if recent history is anything to go by, get it). There is no financial gain for them, at all. The only reason for them to do it is that it's so hard to get the fuel where it has to be, and running out may be deadly for the people on the front line.
In traditional wars it's even not as much of an issue, as the supply lines tend to be behind the front lines, and thus firmly in your own hands. Insurgents are something new, something traditional armies just can't handle well. Supply lines suddenly run through enemy terrain, and are always in danger of being cut off. Resources become scarce, and oops maybe we should do something about it and use less of them.
Once on Facebook, always on Facebook. Or at least on their servers. Those guys are really thorough when it comes to collecting information!
I'm with you.
I've never been to the US, I'd love to see the place, but this whole flying nonsense is keeping me away from it. Having go through a watered-down version that's in place in the rest of the world (though EU is following the US closely) is bad enough. No interest to visit the source of that.
It's a pity, really, that it has to be like that.
The difference being that files don't complain about pat-downs. Even when done regularly. It seems they just don't really care.
That said, and I'm too lazy to look up numbers, but "traditional" airline hijackings were very uncommon already in the years before 9/11. I recall some 20-30 years ago it was quite regularly on the news that an airplane had been hijacked. After that, well it just stopped happening. Until 9/11 that is, of course.
And since then... my memory may fail me but I do not recall a single case of (successful) hijacking.
When talking games, yes, then you need every last bit of performance out of what you can get (though if you go that way, your app will suck on lower-specced models). Then those optimisations may come in handy.
However I don't see why a Facebook app would be limited by available hardware as basically all it does is send and receive messages, and display them in a nice way. No need for fancy animations or so. Network speed will be your limiting factor.
Hacking iOS and hacking the PS3 is quite different from developing end-user apps for it.
They both require coding skills, and knowledge about software - yet when creating an app you're supposed to follow the guidelines, add a nice looking UI to it, etc. I see coding as a tool, no more. A tool to get something done. Building an app with nice UI means you need some UI skills. Building an app that hacks the underlying OS means you have crypto and system analyses skills.
I'm writing an app for Android myself, but I don't know much about the technicalities of Android under the hood, nor do I see much of a need for anyone to deeply understand the OS. Google has nicely abstracted that for me through their API kit. No need to know how memory is allocated exactly, or how and when an app is closed automatically (other than knowing it may happen).
I'd more expect this guy to end up in the computer security field.
But as you say, the pay is probably good. Very good. It has to be for someone with such skills.
There is a big difference between skill set needed to be a coder, and to be a manager. Many great managers will make a poor coder, and the other way around. Even if said manager is managing a software project.