Slashdot Mirror


User: VortexCortex

VortexCortex's activity in the archive.

Stories
0
Comments
5,203
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,203

  1. Re:What about his relative's right to privacy on Man Open Sources His Genetic Data · · Score: 1

    Easily accessible information can and in some cases should still be private information. Just because you're shedding DNA at all times doesn't mean your DNA should be public.

    ??!

    I would counter that "because you're shedding DNA at all times" does mean that if you're in a public place you've publicly left your DNA behind, and that DNA is publicly available. Much like a photograph of you, a fingerprint or business card you left behind, that DNA is not private information.

    By your logic: Just because you litter business cards in public doesn't mean your contact information should be public; Just because you have staring contests in public, doesn't mean that your eye color should be public information.

    The problem is that everyone knows to prevent their contact information from careless exposure or else the information will be public, and that their eye color is not a secret; However, they do not realise that their DNA and fingerprints are already being exposed to the public, and therefore some still consider it a private resource.

    DNA evidence is oft perceived as a smoking gun -- absolute proof that you were at the scene; However, the presence of your DNA as evidence should be considered similar to finding a sock, monogrammed handkerchief, or other personal item that belongs to you. Someone can plant a stolen item much as they can plant the DNA you leave behind.

    Your shouldn't regard your DNA as a secret that only you possess; Instead DNA should be regarded as the easily acquired material that it is (like your business card, or description of your physical traits).

  2. Re:"Running a server" in violation of AUP on Freedom Box Foundation Wants Plug Servers For All · · Score: 1

    "Once everyone is getting them, they will cost $29." -- Eben Moglen

    And then everyone will get to watch their Internet bills double or triple as the ISP discovers that they're "running a server" in violation of the ISP's acceptable use policy and "helpfully" upgrades their service to business class.

    Why haven't they already done this to everyone who is using Skype, or XBox Live / PSN?
    Eg: Skype users with properly configured NAT can become supernodes (read servers) for others behind more restrictive/misconfigured NAT routers & firewalls. When you play Halo, one console is the "server", and all others are "clients".

    Look folks, down at the ISP's level it's all just packets. Up in the application level is where we say "client" or "server"; The distinction is purely arbitrary eg. Is Google running a web server that my browser client connects to, or am I running a web page request and search preferences server that supplies push notifications to the Google advertisement client?

    Care to make classifications based on the amount of up/down I do with Google? Fine: I never watch Youtube videos, but I frequently upload how-to videos to Youtube; When I notify Youtube that a new video is ready Youtube's client compulsively "downloads" my server's video to add to their ridiculous random collection. In this case my browser is the "server" and Youtube's machines are the clients -- They download from me much more than I download from them.

    It's all just packets, if ISPs didn't oversell their bandwidth (more so than Airlines oversell their seating) then we wouldn't need this client/server distinction in Internet service contracts. Also, most consumer connections are asynchronous anyhow, you get much more down than up speed -- It shouldn't matter if you're running a server or not, you can't shove the bits faster that your limit... If my tiny fraction of constant upstream traffic (in comparison to my huge download capacity) is a problem they shouldn't have sold it to me in the first place.

  3. Re:What about his relative's right to privacy on Man Open Sources His Genetic Data · · Score: 1

    Well, you could argue that anyone has the right to do this, but his DNA sequences will also be fairly close to his relatives DNA and you could probably make some assumptions about them and their predilection to certain diseases or whatever.
    I wonder if he asked for his relative's permission?

    If every other person were uploading their DNA sequences...

    His and his relatives' DNA literally pours off of their bodies as they walk about town. They haphazardly shed skin and hair every where they go, and toss disposable saliva laden cups into public waste bins.

    YOUR DNA IS NOT PRIVATE INFORMATION; Neither are your fingerprints or the brand/size/color of your clothes.
    Anyone who wants your DNA only has to wait till you've visited a public place, then clean up after you.
    I only wished that courts would realise this too.

  4. Re:Creative Defense on Man Open Sources His Genetic Data · · Score: 1

    You jest, but I really find the practice of using fingerprint and DNA evidence to prove guilt disturbing and flawed.

    Lets say I were going to commit a crime.

    I've seen many people who approximately match my description. It would take very little time for me to follow behind someone and nab their used drink cup and/or a few strands of their hair. After studying their routine I could schedule my crime to leave them with a very weak alibi (or none at all).

    After finishing my dirty deed I could simply plant their DNA & fingerprint evidence and give an anonymous tip in order to put the detectives firmly on their trail. One thing I've learned about cops (My Aunt and Uncle are both detectives) is that once they "like" someone for a crime and have a bit of "hard" evidence, they really try to make the charge stick more so than they try to pursue other suspects (unless contradicting evidence is staring them in the face).

    Found a hair? Hmm, was that a hair that fell directly from someone's body, one that was transplanted after falling from someone's body, or one grown in a lab from someone's stem-cells? Impossible to tell, really**.

    My point is this: Your DNA and Fingerprints ARE ALREADY VERY PUBLIC INFORMATION (unless you wear a full body condom out of the house). Finding your DNA or fingerprints at the scene of a crime is only evidence that you may or may not exist*; DNA and fingerprints should be considered no better evidence than finding fibers of the type of clothes you wear, not as the smoking gun that today's courts treat them.

    To me: The ease of access to virtually anyone's DNA and our recent technological advances have redefined "reasonable doubt" (hell, even the low tech method I described makes DNA that much less credible).

    * we have engineered synthetic life forms with custom designed DNA.

    ** Stem cells can be made from your skin, and Stem cells can be used to produce any of your tissues.

  5. Re:Redundant on On Retirement, Israeli General Takes Credit for Stuxnet Attacks · · Score: 2

    err... learn Hebrew please.

    Meh, I tried... According to Google translate the Hebrew Haaretz translated into English is Haaretz, and Haaretz in English translated into Hebrew is something that looks like: Y7Xi7.

    This is clearly 1337 for "Why Transmit It" (Y TX iT), or possibly "Why, Transmit It!"; Both of which are, IMO, good names for a newspaper.

  6. Re:Disproportionate burden on Microsoft's New Plan For Keeping the Internet Safe · · Score: 3, Interesting

    If you require positive proof of system health then this will penalize every minority operating system or device that does not have the scanning software/certificate available for it yet.

    I get your point, however, I must point out two things:
    1) Zero Day exploits occur frequently.
    2) An infected machine can obviously not be trusted.

    Infected machines especially can not be trusted to scan themselves and report on their state of infection. Suppose you run a completely different machine in order to check the validity of another. Could not the machine doing the scan also be infected? Would not the validation apparatus be required to have a signing key somewhere within it? Would not simply extracting such a key, and forging your own certificates also be an option?

    The only thing reliable about Windows security is that it has been, and will continue to be broken.

    Honestly, MS does not have a good track record when it comes to cryptographically signing the system & software in order to validate that the machine is genuine... WGA certified my Linux machine as "Genuine Microsoft Windows", this is odd to me because I entirely switched to Linux after suffering a WGA false positive (no, my hardware had not been changed / upgraded).

    TFA Assumes that MS can deliver a system capable of detecting insecurities -- Forgive me if I'm sceptical -- If so, would not Windows itself just do this and no longer be vulnerable at all?

    AV: Are there any viruses in this directory?
    Rootkit: Nope, I'm not in this directory.
    AV [to bank]: All clear!
    AV [to user]: Proceed to enter your banking credentials!

    TL;DR: If ( ( Linux || Rootkit ) == false_negative && MS_defective_spyware == false_positive ) { MS_Plan != Secure }

  7. Re:And this is why... on Recent HP Laptops Shipped CPU-Choking Wi-Fi Driver · · Score: 1

    Not a chance. Your custom crap will be replaced with a stock image and it'll be mailed back to you "fixed". When you tell them the problem is still present, they might look at it the second time around.

    Imaging it to stock before sending it back just eliminates that first step.

    Nah, get a better Brand. I dual booted my new 17 inch x64 dual core laptop w/ win7 & Ubuntu 10.10.
    Copying several hundred gigs of files from my old laptop via external drive enclosure caused the CPU usage to stay at 100% on both cores and overheated the machine.

    On Win7, as a test, I performed the same task, but it would not copy my files quickly (x4 times longer), and only used 20% CPU. I Had to run my multi-threaded PI calculation code as well, to cause the full 100% usage and overheat.

    I sent the laptop back to Toshiba as is. Their tech called me and said he was unable to reproduce the problem in Windows, I instructed him on how to recreate the problem via Linux. Turns out that the fans were not spinning up to full speed on demand -- A BIOS problem (verified by Toshiba's CPU exerciser software, says the tech).

    Machine is back, HD is intact, no warranty voiding (the machine will be wiped just for piece of mind).
    The warranty return form even has a place for multiple OSs... "Your Password, (include one for each operating system installed)"

    I wouldn't buy a computer from a company that voids the hardware warranty if you change the software...
    P.S. I too always make an image of the recovery partition -- Removing the bits of crap-ware takes less time than finding the drivers for Win7 x64 (of course, this is Toshiba, not HP, crap-ware).

  8. Re:I know what caused it on Virus Shuts Down Australian Ambulance Dispatch Service · · Score: 1

    Sorry, I don't agree with that. MSIE may be insecure, but as long as it's updated through WSUS it's definitely more secure than the firefox some random user installed and forgot to update for about 2 years. So unless centrally managed, I agree that other browsers should not be installed. (This goes for any part of software, not only browsers.)

    I agree with the notion that out of date software is bad, but only using MS products is not a solution.

    Windows Server Update Services (WSUS) enables information technology administrators to deploy the latest Microsoft product updates to computers that are running the Windows operating system.

    You see, nearly all Linux Distributions have these things called software repositories and package managers pre-installed (system wide update manager). So, you see, Firefox is automatically updated when the system is updated. (This goes for any part of software, not only browsers.)

    You can add additional repositories if some software isn't in the default repo. You can even use your own repository in order to manage exactly which software/driver updates are pushed out to all machines on your net (and to cache updates so as not to have every machine connecting outside of your net for updates). All software/drivers/etc in the repositories are cryptographically signed and use a common centralised update manager. It's so easy (ssh + two commands to add my local repos), that I even do this at home (cached updates save time & bandwidth for our 9+? machines).

    I tried implementing my own unified auto-update system on Windows, but I couldn't find documentation on how to interface the client with Windows updates, Logitech, HP, Dell, etc. A web scraping system worked for a while to handle all updates of all software (pushed out update scripts), But the websites and update managers all keep changing, so I gave up (on Windows). It's really too bad that in the MS world the vendors don't want to play together in the same repo, and opt instead to each have their own update agent. Glad to be rid of that update mess / security nightmare. Fortunately we use RHEL @ work.

    IMHO, If there is any software on your workstations that ISN'T being centrally updated, you have failed.

  9. Re:Soviet Russia on White House Wants Phone Records Without Oversight · · Score: 1

    In Democratic America, Democracy means Republic!

    (the USA is actually a republic)

  10. Re:*sigh* *sigh* (2 heads are better than one) on White House Wants Phone Records Without Oversight · · Score: 1

    I agree. The president is simply the head of the Armed forces. I never expect him/her to do any sort of ( IP | legal | health care | human rights ) reform -- The president of the USA, much like President Zaphod Beeblebrox, is simply a distraction to keep us from concentrating our attention on where we can actually make such changes (i.e. every other position of government, EXCEPT the presidency).

  11. Re:Broke a few things so far on Security Patch Breaks VMware Users' Windows Desktops · · Score: 1

    At some point the responsibility shifts from Microsoft to VMWare. Where the responsibility for alerting customers' lies is maybe not clear yet.

    (Was I the only one who read the bold section as such?)

    I'll take full responsibility for notifying you of which customers are lying. IMHO, this should have been the burden of the headline author: "Patch breaks VMware" is misleading -- The headline should read: "VMware Viewer Client Broken by Windows Desktop Security Patch" or simply "Windows update breaks desktop users' software, once again". Patch the client (viewer), or remove the client machine's security patch (not the remote server) in order to regain access.

    It's not like the users' servers went down, just the clients were affected by the Windows security update... Protip: Never ever read the damn Headlines, they are always more sensational than the actual issue at hand.
    --
    There's Lies, Damn Lies, and Slashdot Headlines.

  12. ORLY? on Fox News Brings Video Game Violence Debate To a New Low · · Score: 4, Funny

    Journalism is ... about ... putting ... very large ... individuals ... on ... Fox

    Or at least ... the ... "sensationalist" or "disingenuous" or "frantic" ... "and all-round" ... "fantastic", ... and ... Using pejorative language to remove someone's credibility without actually engaging with them in debate.

    IMHO, I agree with what you said RE: what passes as "journalism" today.

    People ... opposing ... [r]esearch carried out ... biased name-calling.

  13. Re:Incentive structure discourages noninfringing u on MPAA Sues Hotfile for 'Staggering' Copyright Infringement · · Score: 1

    Yes but betamax cassettes don't have the capability to see exactly what you are copying and determine if it should be allowed or not.

    The Betamax VCR by definition must have the capability to see exactly what you are copying. USA TV broadcasts are all copyrighted. Even this post is automatically granted a copyright to me as soon as I press "submit". The Betamax VCR was capable of recording live ( copyrighted ) TV -- the VCR was specifically designed with full knowledge that it would lead to recording of copyrighted content. Yet, because Betamax can also be used to produce/copy your own videos (camcorder + VCR = noninfringing works; Fileshare + my BSD & Creative Commons licensed videogames == noninfringing)

    No technology currently exists to reliably determine if a media is copyright infringing or not. Even a quoted reply to my post would include a portion of my copyrighted post content. Whether or not the quote is an infringement or falls under fair use provisions is up to a court to decide were I to sue. Fortunately, I can issue a DMCA take-down notice to Slashdot If I believe fair use does not apply. I may not sue Slashdot for infringement due your act of unlicensed verbatim duplication of my copyrighted post content under the Safe Harbor provision of the DMCA.

    Even if all "copyright protected" Betamax cassettes or file downloads had a marking that the VCR or computer could detect in order to prevent copying it could be circumvented via Screen-recorder software or Camcorder aimed at the screen.

    Aside from the ridiculously flawed "build a database of known copyrighted works" or other such nonsense, I'd like you to consider two commonly used technologies which may be applied to any arbitrary file transfer system: Transcoding, and Encryption.

    Now, If you understand those three principals (Automatic Copyright, Transcoding, and Encryption) then you must agree: No technology currently exists that can determine if a media contains copyright infringing material with even a minimal degree of certainty.

    There's a reason why DMCA relies on take-down notices in this matter -- That's really the only way to handle this. Note: after the media is removed via DMCA take-down notice, the alleged infringer may request that the media be replaced and accept the burden of liability.

  14. Re:Incentive structure discourages noninfringing u on MPAA Sues Hotfile for 'Staggering' Copyright Infringement · · Score: 5, Informative

    When a bank robber drives to the bank he is going to stick up no one suggests banning driving or suing the road designer; how is this any different?

    The difference is that the site's incentive structure actively discourages noninfringing use, unlike roads and automobiles whose design generally does not discourage noncriminal use. Copyright has a long-established doctrine of secondary liability. If the maker of a product or service knows that infringement is occurring using the product or service, and the product or service has no substantial noninfringing use, the maker of the product or service is a contributory infringer. If the maker of a product or service profits from infringing use that it has power to prevent, the maker of the product or service is a vicarious infringer.

    Remember when Sony was sued for helping people infringe copyright by selling Betamax VCRs?

    The "Beta can be used to make illegal copies" lawsuit alerted more people that such could be done and Sony sold a bit more units because of this newly publicised use-case.

    Lets not kid ourselves, Betamax cassettes were primarily used to "pirate" TV or other cassettes; Sony knew this hence: double cassette "duplication" models, models with timed recording settings, etc.

    So, Universal sues Sony -- Sony Inc. v Universal Studios:

    The Court's 5-4 ruling to reverse the Ninth Circuit in favor of Sony hinged on the possibility that the technology in question had significant non-infringing uses, and that the plaintiffs were unable to prove otherwise.

    On the question of whether Sony could be described as "contributing" to copyright infringement, the Court stated:

    [There must be] a balance between a copyright holder's legitimate demand for effective - not merely symbolic - protection of the statutory monopoly, and the rights of others freely to engage in substantially unrelated areas of commerce. Accordingly, the sale of copying equipment, like the sale of other articles of commerce, does not constitute contributory infringement if the product is widely used for legitimate, unobjectionable purposes. Indeed, it need merely be capable of substantial noninfringing uses....

    (emphasis mine)

    So, WTF, file sharing services meet the qualification of merely being capable of substantial noninfringing uses.

    It's amazing how X on a Computer or X on the Internet somehow requires a whole new legal precedent rather than just X on a cassette or CD.

    Ignorant judges and jurors are the main cause of my copyright rage today... It's quite simple to understand, yet blows my mind on a regular basis just how ignorant the general public (including courts) are about such things.

    File sharing technology much like Sony, has made available something that could help people infringe copyright; In neither case does the file sharing site or Sony's Betamax cassettes require that the users infringe copyright. If someone does infringe copyright using a file sharing service, Bittorrent search site, or a Betamax cassette then you don't hold the creator of the tools in use responsible.

    Hint: Betamax cassettes, blank CDs, blank DVDs, Flash USB drives, magnetic hard drives, the Internet, file sharing protocols & websites -- All these things havesubstantial noninfringing uses. The DMCA exists, if the MPAA issuing take-down notices and the hosts are not removing the content, they lose safe harbor and may be culpable. Simply charging for a service (or for Betamax cassettes) which can be used to commit copyright infringement, does not imply contributory infringement.

  15. Re:Just for viewing? on Sony Lawyers Expand Dragnet, Targeting Anybody Posting PS3 Hack · · Score: 2

    Sony is going to run into a full Streisand Effect backlash with this new attempt to expunge the net of any trace of the very mention of this hack existing.

    Sony, WTF, Remember the 80's? Remember when Sony was sued for helping people infringe copyright by selling Betamax VCRs?
    Sort of like how the "Beta can be used to make illegal copies" lawsuit alerted more people that such could be done and Sony sold a bit more units because of this newly publicised use-case.

    Sony Inc. v Universal Studios:

    The Court's 5-4 ruling to reverse the Ninth Circuit in favor of Sony hinged on the possibility that the technology in question had significant non-infringing uses, and that the plaintiffs were unable to prove otherwise.

    On the question of whether Sony could be described as "contributing" to copyright infringement, the Court stated:

    [There must be] a balance between a copyright holder's legitimate demand for effective - not merely symbolic - protection of the statutory monopoly, and the rights of others freely to engage in substantially unrelated areas of commerce. Accordingly, the sale of copying equipment, like the sale of other articles of commerce, does not constitute contributory infringement if the product is widely used for legitimate, unobjectionable purposes. Indeed, it need merely be capable of substantial noninfringing uses....

    So, now the tables have turned. Hotz is assumed to be "contributing to copyright infringement", however the technology in question has significant non-infringing uses -- (See: The US Air Force's PS3 Supercompter) I would dare the plaintiffs to attempt to prove otherwise.

    And what is it about asking for the IP address of those who VIEWED it?

    Anyone with the same info that Hotz has is capable of "contributing to copyright infringement" by way of re-publishing the info as Hotz did. Perhaps one of those folks has redistributed the info, and actually has agreed to the PSN terms -- Perhaps they would be easier to sue because of their voluntarily accepting the TOS's legal neutering.

    Of course Hotz's case doesn't hinge on whether or not what he does has significant non-infringing uses, but If I were Hotz's lawyers I would be sure to make reference to the Betamax case -- Hotz, much like Sony, has made available something that could help people infringe copyright; In neither case does Hotz's how-to video or Sony's Betamax cassettes require that the users infringe copyright. If someone does infringe copyright using Hotz's info or a Betamax cassette then you don't hold the creator of the tools they used responsible.

    For fuck's sake Sony, could you be any more evil and two-faced?

  16. Re:How convient on China Building City For Cloud Computing · · Score: 4, Insightful

    Hey look, I can store all my data on Chinese government owned computing equipment where they can read it at will and...

    ...my encrypted data still won't make a lick of sense to anyone but me!
    "I'd be a fool not to" use encryption.

  17. Re:Screen resolution drives video card performance on Putting Up With Consolitis · · Score: 1

    There's another party to share in the blame game too, OS makers. It's 2011 and we still don't have a truly resolution independent operating system

    Nah, the graphics engines of games don't balk on higeh res displays, they shouldn't, anyhow...

    OS Has nothing to do with it. You can select font sizes for OS texts in XP...

    It's quite simple, you select a resolution, derive an aspect ratio, create a perspective transform, and presto, all 3D games can run at any resolution. Sure, you'll run into performance problems with lower end (including console) hardware that doesn't support newer higher res displays, but that's because the machines have a limited processing power...

    When you're talking 3D, resolution is something that only post processing or per-pixel shaders has to deal with, not the OS; even old games can deal with uber res if they're coded correctly.

  18. Re:Kill most all viruses, invulnerable ones yet li on Oxford University Tests Universal Flu Vaccine · · Score: 1

    So, what you're saying is that if we can eliminate a virus to within five nines of total dead, the 0.001% won't be around to cause havoc... The polio vaccine didn't eradicate polio; in fact, new outbreaks in 3rd world countries have occurred, how long until a mutation renders the current vaccines against polio ineffective?

    100 years? More? Meh, you won't be alive then, what do you care.

    Oh, and Smallpox is totally not a problem anymore.

    Those 2010 outbreaks are surely just flukes. No cause for alarm folks, we've got that whole biology thing understood, constrained and conquered.
    </sarcasm>

    Hint: even your highly esteemed Wikipedia has a list of epidemics. Cholera in 2009? Bubonic Plague in 2008?! WTF!

    You're deluding yourself If you think any thing short of tens of generations of world wide quality health care improvements are going to eradicate some of these diseases.

    Vaccinating only a percentage of the populous? Don't make me laugh. Chances are, the viruses will evolve faster due to our forcing the hand of natural selection... But who cares, at least you're vaccinated, right?

  19. Kill most all viruses, invulnerable ones yet live? on Oxford University Tests Universal Flu Vaccine · · Score: 1, Insightful

    the vaccine targets proteins inside the flu virus that are common across all strains

    Huzza! Resistant Virus strains of the world, UNITE! The time has come for those of us in minority to rise up against our new protein targeting foe! Our cousins, brothers, sisters, mothers and fathers have been killed by these anti-protein wielding vaccinologists!

    Behold the folly of their folly! They ignore us outliers, complacent that we have not the capability to fill the niches left by our lost brethren.

    TL;DR: Meh, mutants; The ones you don't target will become the next Flu epidemic -- Do we really want to breed viruses which are that much harder to kill?

  20. Re:Solution? on An Open Letter To PC Makers: Ditch Bloatware, Now! · · Score: 1

    I still remember when I got my first computer though. There were some demos preinstalled, but there were also full versions of software as well on CDs - a few games, Encarta, etc.

    I remember when I got my first computer, there was no OS -- I had to install that, the HD was blank.
    ( I build my own systems still, just to retain the OS options -- Some bundled hardware + OS has no driver support for multiple OSs )

    I remember when I got my second computer -- an Osborne 1. It was "Portable" (if you call 25 Lbs portable) it came with an OS (CPM, IIRC), but if I wanted to do anything with it I had to code it myself (on a built-in 5 inch green-monochrome screen). That was the last time I bought a computer pre-built. It was (an is even more so today) very easy and much cheaper to build my own... I remember attending only one "Build or Buy a new PC" SIG (special interest group) at my local computer club -- Considering the retarded price difference (literally, a slower price increase) of the assemble it yourself models and ease of construction, I couldn't see why anyone with a few Philips' screwdrivers handy was buying pre-built machines.

    At least the input devices back then were usable, and the machines were programmable. My great grand niece showed me her new tablet PC -- There was no keyboard so I pulled a Scotty (Star Trek IV) and tried talking to it -- WTF, either give me mechanical keys or damn good voice recognition; neither = failure. I asked her if she had written any software for it, and she said she had yet to pay the developer's fee to begin doing so... Dev Fee?! You PAY to write your OWN CODE now? And the price! I showed her a full featured laptop that I build for the same price and nearly had to pick her jaw up off the floor.

    Now, Get off my lawn, and take your factory build bullshit with you.

  21. Just once, I want Version numbers that decrement. on Mozilla Aims To Release Four Firefox Versions In 2011 · · Score: 1

    At least if the version numbers decremented we'd have some kind of goal...
    Line up the milestones, as each feature is complete, subtract one version number.
    There could be a big celebration when we reach 0, then we switch to another application.

    Give it a try. Use a browser for a bit, assign a value to each of its major / minor / patch version numbers.
    Pick a number between 1 and 100 based on how much you like it, and subtract your chosen values as each new version comes out.

    You reach 0 (or negative in my case with IE6), You Switch browsers.

    The more I use a browser the less I like most of the changes.
    I reached Zero with Netscape 6, IE 6, Firefox 3, Opera 10, Currently at version T -23 (and counting) with Chrome.

    I think I'll try Seamonkey (web + email) after Chrome.
    Everything will be fresh and new again when I get back to Firefox (9?), maybe I'll be used to the tabs being at the top from my short fling with Chrome.

  22. Re:hack on HBGary Federal Hacked By Anonymous · · Score: 1

    A clever hack, much like any tool, can be used for good or evil.
    A hacker creates hacks by hacking.
    A cracker uses hacks to crack secure systems.

    "I've managed to hack together a solution...."
    "I've created a screen saver bypass hack by exploiting thumbnail previews and USB auto-open."
    "I used that screen saver hack to crack my kid's screensaver-password prompt."
    "Those pesky hackers cracked the Blu-Ray encryption again!"

  23. Re:It's about time those namefags stopped trollin on Anonymous Isn't Anonymous Anymore · · Score: 1

    Before I start; you are making the fundamental technical person's standard mistake of thinking that law deals with actions rather than intent. It's a very different way of thinking and really matters

    The original intent of my post was to illuminate the fact that the law doesn't understand technology. I ask are each of these things illegal? You assume intent.

    What if I say online: "Everyone Point your browsers at: www.mastercard.com" -- Am I now a DDOS perpetrator?

    Probably yes. At least for conspiracy.

    No. That statement alone does not make me a DDOS perpetrator. You are assuming intent when you say "probably yes". In conjunction with all of the following actions, you may attempt to prove implied intent, but not before. Much as I do not expect you to run over people in your car based on my words, I also do not expect everyone to visit the above domain... Ergo, you have made two conflicting statements. Either stating "Everyone visit example.com" does or doesn't, by itself, make me guilty of executing a DDOS. The correct answer, which you arrived at later, was that it depends on intent and contex.

    What if I write a program, say a Firefox plugin, that automatically reloads www.mastercard.com in a new tab, once a day?
    What if that plugin updates the website to load from my website, but the USERS of the plugin opt to install the software and download the daily dot-com to reload.
    What if the plugin is updated so that it refreshes several times a minute instead of once a day?

    Each step taken gets us closer to having a tool that could be used for a DDOS, it may have many other uses as well.

    I would argue that even given all of the above, mass distribution of the tool would be needed in order to execute a DDOS. Simply having such a tool created does not actually cause a DDOS or demonstrate intent to do so.

    LOIC lets you specify hit frequency as well as domain -- Only with intent to use the tool as a DDOS tool is the line crossed. I suppose that the config of the tool could also be aimed at a site without the intent or expectation that anyone will actually partake in a DDOS attack.

    Should creating such a tool cause the creator to be as guilty as those performing illegal acts with the tool? You reply: It probably is. Being illegal already doesn't mean something should remain so, or that the current laws are just. Ask a professional skilled in the technical arts if they believe tools such as these should be illegal to create or posses. Why are the answers of skilled professionals frequently at odds with judges and jurors? The answer can only be that the judges and jurors don't fully grasp the concept -- Frequently the tool is banned when instead only the actions of those that used the tool, and their intent to do harm while performing the acts should be illegal.

    You and I realise that creating these tools is like owning a tamper-proof-screwdriver, or a pistol -- Illegal Actions performed with malicious intent can be done with many tools; Creating the tools themselves should not illegal, yet some courts have found otherwise. The legal system does not understand technology -- this was what I was focusing on in my original post.

    "IMHO, The real story here is that IP addresses are not being used to link online activities to people."

    Preceding this statement: Technical examples of how simple it is to prosecute the ACTUAL attackers, using actual evidence.
    Following the above statement: Over simplistic breakdown and comparison of basic tech-tools to guns.

    Now, what I'm illustrating is that it's simple to find "perps" because their "DDOS weapons" left a paper trail. Those hard facts can lead to actual participators in the DDOS attack. It can be proven with a fair degree of certainty that those who opted to run the LOIC software intended to participate in a DDOS attack.

    The LOIC

  24. Re:It's about time those namefags stopped trollin on Anonymous Isn't Anonymous Anymore · · Score: 1

    What if I say online: "Everyone Point your browsers at: www.mastercard.com" -- Am I now a DDOS perpetrator?

    Probably yes. At least for conspiracy.

    Well, I just did -- Conspiracy to do what?

    I think the Slashdot effect is more powerful than many of the LOIC attacks -- Slashdot posts links to websites; In essence this is exactly saying, "point your browser at: example.com". Surely you don't mean that when example.com goes down due to a slashdot article link all of us visitors are breaking the law? How do you distinguish a traffic from a Slashdot visitor repeatedly clicking an article link that points to a downed website from LOIC attack traffic that may be occurring at the same time? You don't.

    What if I write a program, say a Firefox plugin, that automatically reloads www.mastercard.com in a new tab, once a day?

    Depends on why you do it. If you do it "to help increase world support for mastercard in the light of their terrible affliction" then no. If you do it to cause overload on their servers then yes. If you do it to help them but claim to be doing it to destroy them it's quite likely you will be unfairly and incorrectly arrested for damage.

    What if I do it for no reason at all? Can you really prove that such a plugin has a purpose other than to open a tab and reload it? Users could use the tool to tell when a website came back online after being slashdotted...

    What if I do it so that people can run a traffic test on their own websites? This is what LOIC was designed to do... Guns designed to hunt ducks can be used on other objects -- It's not the gun maker's fault when a person is killed by firearms. It's not the security researcher's fault when someone takes their tools and uses them to cause harm. It's not Slashdot's fault that a website has insufficient bandwidth to support the visitor flood a frontpage article causes. It's not the creator of the LOIC tool's fault that it was used to DDOS someone.

    What if that plugin updates the website to load from my website, but the USERS of the plugin opt to install the software and download the daily dot-com to reload.
    What if the plugin is updated so that it refreshes several times a minute instead of once a day?

    Did you tell them to do it? Then you are in trouble. Even if it was just a hint and you get caught. Did someone else tell them to do it? Then that someone else is guilty.

    Reformat you hard drive, then run over pedestrians with your car.

    There, now go do that and try to sue me for damaging your hard drive or injuring people with your car; You are responsible for your own actions. I won't be held liable -- Hint: the RIAA doesn't lose money when people use "The Music Made Me Do It" defence...

    What's next? Are we going to hold security researchers responsible for malware that uses their published exploits and/or proof of concept code?

    Been tried. Mostly not done. Results may depend on jurisdiction and target.

    [citation needed]
    Uhhm, excuse me, Many (and I do mean MANY) security research companies are currently submitting exploits to Microsoft. Some are even publishing before MS has fixed the exploits -- I remember a Google employee discovering and publishing MS flaws -- Jail? Nope.

    discovering the "leaders" and arresting them is not going to have any effect. IMHO, arresting everyone who participated would have little effect -- Anyone who says otherwise has never spent any time at 4chan or any other (lowercase a) anonymous forum.

    I think it will have an effect. At the very least, those who weren't caught will learn to be a little more careful next time.

    ROFLMAO!

    Seriously now, did you not just read that? Please enlighten me, how much time have you spent browsing 4chan? (You can't be serious!) You clearly have no clue as to the sort of people we're dealing with.

  25. It's about time those namefags stopped trollin /b/ on Anonymous Isn't Anonymous Anymore · · Score: 1, Redundant

    Protip: Leave the name field blank!

    Seriously though: How hard could it really be to track down someone on the internet?

    0. Ask those sites attacked for IP addresses of the attackers.
    1. Open the linux terminal
    2. type: "host <ip-address-here>" and press [Enter]
    3. Subpoena the ISP that the IP belongs to requesting the name & contact info of the customer who was allocated the IP at the time of the attack.
    4. ...
    5. Profit?

    Eg; Using the IP of a visitor of my site...

    host 69.150.185.133

    133.185.150.69.in-addr.arpa domain name pointer adsl-69-150-185-133.dsl.hstntx.swbell.net.
     

    Ah, that's a Southwestern Bell (AT&T Yahoo) DSL subscriber that hails from Houston, Texas.
    GEOIP might even be more accurate.

    WTF folks, this is a non-story. LOIC does not spoof IP addresses, therefore it should be trivial to discover who attacked.

    IMHO, The real story here is that IP addresses are not being used to link online activities to people.

    What if I say online: "Everyone Point your browsers at: www.mastercard.com" -- Am I now a DDOS perpetrator?
    What if I write a program, say a Firefox plugin, that automatically reloads www.mastercard.com in a new tab, once a day?
    What if that plugin updates the website to load from my website, but the USERS of the plugin opt to install the software and download the daily dot-com to reload.
    What if the plugin is updated so that it refreshes several times a minute instead of once a day?

    The point is: I did not install the plugin to the user's browser, THE USERS DID -- They are the real attackers, NOT ME.
    Why are we holding the director, who did not even write the plugin, responsible?
    They basically did the equivalent of creating a web page that says: "Target=www.mastercard.com"

    What's next? Are we going to hold security researchers responsible for malware that uses their published exploits and/or proof of concept code? IMHO, If anyone should be arrested, it should be those that actually send syn floods to the websites -- It's not that hard to find out who the actual attackers are!

    As long as "leading" a DDOS is as easy as tweeting: "LOIC_Target=example.com; Refresh=6sec", discovering the "leaders" and arresting them is not going to have any effect. IMHO, arresting everyone who participated would have little effect -- Anyone who says otherwise has never spent any time at 4chan or any other (lowercase a) anonymous forum.