Ruby is too much OO. I don't want methods for literal values.
Then don't use them, silly. Just because you can give your integers a different function for the addition operator doesn't mean you *have* to. Do whatever is appropriate.
In the professional world (i.e. the one that matters), OO is way overdone and misused.
Sturgeon's Law: 90% of everything is crud. Procedural programming is just as poorly used as object-oriented programming. You probably weren't around at the time, but OO was supposed to be the 'silver bullet' that solved all the problems that structured programming didn't solve. Structured programming, in turn was supposed to be the silver bullet that slew the beast of ad hoc programming.
With an OO environment, you can abstract the design of a program from the code itself, in the old procedural model you couldn't really do that.
Sure you could. Clear conceptual abstraction was, in fact, the *whole point* of structured design. 'This module has these responsibilities. It provides these functions. It uses these other modules. It functions as a highly-extended wrapper around this basic module.'
Take a good structured design, substitute 'class' for 'module' and 'member method' for 'public function', and you'll have a good OO design. OO is just an easier way to implement the classic structured design elements: encapsulation, extensibility, and genericity.
and not have to type all that class/method setup garbage just to get to one library routine. Is that too much to ask? To OO zealots it is.
Huh? I can't speak for Java, but your 'dream code' is standard operating procedure for Python (and, I imagine, Ruby). Here's a transcript of your Hello World example from an actual Python interpreter:
(I could have said print "Hello World" instead of the sys.stdout.write() call, but I wanted it to look like what you had written.)
Download a Python interpreter, type that code in, and see it run for yourself. If you don't like OO because of your experiences with C++, Java, or Perl, you should try Python or Ruby. They are OO languages done right, as opposed to the hideous Lovecraftian horror of C++. Even if you insist on structured programming with no OO, Python has a very nice module system that makes it easy to create and encapsulate modules.
For those who obviously only skimmed my article (not the one about the lawsuit, which I am NOT a part of), please go read it again, and pay attention to the facts, not the hyperbole.
Which article? As someone who designs things that hook up to a PC's serial port, I am very interested in learning how to not fry motherboards. Please post a link.
2) serial ports, as I understand them, are NOT designed to be hot-swapped safely. This is why any device that connects to a serial port (or anything other than USB for that matter) tells you specifically to turn OFF the computer before plugging it in.
Speaking as an electrical engineer who has designed RS-232C serial ports into several products -- with considerable familiarity with the relevant electronics and requirements -- I can say with assurance that 'hot plugging' RS-232 is perfectly safe. And on a practical basis, it is an operational necessity to be able to hot-plug serial ports. (Can you imagine having to turn off a mainframe that services thousands of dumb terminals every time a terminal has to be connected?)
That said, there is a lot of poorly-designed crap out there, and I wouldn't be at all surprised to meet a motherboard that blows itself up under perfectly acceptable conditions.
Sure, serial ports can take certain amounts of current, but obviously not as much as the ESD (electro-static discharge, yes?)
For consumer equipment, all externally-accessible connectors should be able to take some vicious ESD zaps on every single pin. In fact, the 'CE' requirements in Europe make this a legal requirement. As an example of how much ESD protection is in engineer's minds, take a look at this datasheet for the Maxim MAX3232E RS-232 transciever chip, which has built in +/-15kV ESD protection. (Again, there's a lot of crap being manufactured that can't take ESD like it should.)
6) I'll concede that the damaged UART might have been from something OTHER than just the ESD, but the sequence of events is so apparent that anyone in the room when it happened would almost certainly agree that the ESD is what caused,
If the Palm cradle connects to a 'wall wart' transformer to recharge the battery, there is another failure mode: the output of many wall warts is capacitively coupled to the AC power line. The ones I've seen make an approx. 60 VAC sine wave on the output, as measured relative to earth ground. There isn't much current available, and a proper RS-232 design should be able to take it all day long, but I *have* seen equipment that is damaged by it. (At work we're very paranoid about explicitly grounding laptop computers in the electronic labs to keep from frying our prototypes.)
You might call me a damnass for not grounding myself, but you would agree with me about what actually happened.
Oh, bullshit. It's the engineer's responsibility to design things that will actually work in the real world. Walking up to a piece of office equipment and touching it should *never* cause smoke and/or explosions.
I would join because I want Palm to fix a design that they KNOW facilitates damage to computers.
It's almost impossible to accidentally blow up a properly designed serial port. Either Palm deliberately and maliciously designed in a destruction circuit, or your motherboard was badly designed. Knowing how crappy commodity motherboards are, I'd bet on the latter.
I fully expect even more repetitive flames from people, telling me I'm a moron,... or anything else other than the probability that Palm decided that the risks of their cradle killing a certain percentage of people's computers didn't outweigh the cost of redesigning the cradle with it's own optical coupler to prevent ESD to the serial port.
Given that RS-232 is intended to hook up randomly-grounded pieces of equipment with 50meter cables -- and is required by law to include ESD protection in Europe -- there's no point in handling it with kid gloves. Adding optocouplers would cost about US $1.50 per unit. Adding them would mean that the tens of millions of Palm owners with correctly designed computers would be paying a $25,000,000 tax to protect the few people with defective computers.
For now, PalmV users have three choices:
You're forgetting the fourth choice: buy a computer that actually complies with the RS-232 standards, and actually has the run-of-the-mill standard level of ESD protection. Serial ports should be able to take almost anything short of being directly connected to the AC power line. It costs only pennies more to manufacture, and it provides a much better customer experience. (The only catch is that the computer manufacturers have to actually care about doing a good job, as opposed to cranking out an extra few hundred thousand motherboards per month.)
With every new report of this problem, all you flamers will jump on it all over again. But, sooner or later, it will be reported enough for enough people to believe it that the problem will be fixed.
I think you under-appreciate how hard it is to design good ESD protection. It's not enough to zap your circuit, and say it has good protection if it keeps working, because ESD damage often just weakens the transistors. Doing it right takes a good theoretical understanding of the circuit, great technician-type skill at performing the tests, and a well-developed sense of paranoia. Designing good ESD protection is a lot like designing cryptographic systems: it's easy to make something that *seems* to work, but very difficult to design something that will be rock solid under years of hard use.
All motherboard manufacturers are under *tremendous* schedule pressures. The engineers are being pushed and pushed and pushed to get the design shipping as fast as possible. A two week delay (an ESD fix would probably take 3-4 weeks) costs the company more than a senior engineer's yearly salary, so the tendency is to say 'We zapped it, it works, what the hell let's ship it!' Keerist, with the Rambus and MTH fiascos earlier this year, Intel was shipping motherboards where *the engineers knew the digital functions didn't work*. Their priority for ESD protection was probably two notches higher than picking lint out of their belly buttons.
I guess I'm a glutton for punishment, because I'll probably come back to read what drivel you people post in reply to this message. Heck, just posting this was like painting a target on my ass for you people.
Hint: the trolls want attention, and you're giving it to them. Act as if a forum is good, and it becomes better. Act as if it sucks, and it will suck worse.
I'm well aware of the other costs, but the exact number doesn't matter.
We are well into $2/user, or roughly 10% of your average dialup subscription.
10% of your average BOTTOM OF THE BUCKET AOL-GRADE CONSUMER SERVICE. Anyone betting a mission-critical business operation on that level of service deserves to lose. If I were running a business where email was critical, I would consider it a privilege to pay $600/year for email service. Remember that even the smallest business pays about $50/month for telephone service. Not paying $50/month for email service with plenty of safety margin is sheer folly.
Time to start using _plain text_ again, isn't it? I've never understood the eagerness of stupid mail clients to use Mime all over the place.
MIME lets you do several nice things: 1) Send messages in multiple formats. 2) Get the crypto gobbldygook out of the damn message. 3) Attach arbitrary files of arbitrary types in arbitrary charactersets and encodings, in a system agnostic fashion. 4) Encapsulate one message in another message *exactly as it was received*. (This is wonderful for bounces because you can see exactly what bounced. The bouncing MTA just has to stick it in a section of 'content-type: multipart'.) Of course, Outlook has an annoying tendency to shit all over itself for certain randomly chosen MIME messages, but then I was talking about fixing Outlook...
Or do you really think the bad old days of 'clip here, uudecode, untar' were good? System-agnostic structured messages are a great good.
Cryptography to establish trust? What on earth prevents the virus from using the same crypto? The passphrase? The passphrase that may be sniffed from the keyboard by the virus?
If the worm can sniff your keyboard, the game is already over. The goal should be to keep that from happening in the first place. Besides which, a good OS can keep anything from ever sniffing your passphrase. There just aren't any good OSes -- yet.
Sandbox model. Well, sure, but don't you forget something? How should the nice little doc be _saved_ for the cluebie, after he opened it in his nice little sandbox?
Documents don't save themselves, the trusted code of the sandbox saves them, and it does so when and where the user says.
Note number 3 is ok. User intervention is OK, but it'll make user just click 'ok' all the time, and have no effect except for the first month or so.:-/
There is essentially never a legitimate need to receive an executable as an email attachment. People who really need to can set up crypto and learn how to use it, and the other 99% can live without it and not know the difference.
Besides, if people *want* to hand their computers over to the Black Hats, there's no way to stop them sort of a draconian OS. Home users who do it will pay through the nose to get their machines unfucked, and corporate users will pay with their careers.
1. You have an account with an ISP that you use for business purposes. The ISP has a maximum mailbox size of, say, 20MB. If the mailbox fills up, anything else gets bounced.
Based on a $1600 street price for a 181GB Seagate Barracuda hard drive, 20MB of storage costs $0.18. Including the costs of administration and operation, the lifetime cost of that 20MB would be, say, a whopping $5.
5. By the time you get to back work and sort out the mess, the bounced client is over deadline, costing you big money in lost business.
Richly deserved lost business. If you aren't willing to invest more than $5 in communication infrastructure, you are obviously running an absolute joke of a business. A 20MB email quota is as absurd as getting party-line telephone service: customers will flee.
Would you be able to collect damages from the infected individual, for allowing their machine to be used to (essentially) DOS you? It be argued that they were negligent by not keeping their antivirus software up to date and by opening the attachment in the first place.
That's the nature of the Internet. You are relying on the goodwill and competence of millions of people you will never meet. If communcation really matters to you, you will have backup systems in place. (Such as modems or even leased lines.) If you have no backups, and run your single point of failure on a shoestring, count on having spectacular total failures.
If an attachment is executable, drop it on the floor. (Be nice and replace it with a message explaining that the executable attachment was stripped and, if this is the 1-in-a-million legitimate occurance the attachment should be retrieved from the sender via FTP or HTTP.)
Congratulations, you've just destroyed the referential integrity of the message. If the message had a MIME-encoded cryptographic signature, you rendered the entire message useless.
"Executable" means anything with an executable extension (e.g., "vbs") or which starts with a Windows executable prefix.
Wrong, wrong, wrong. There is no such thing as an 'executable extension'. Any supposed set of 'executable extensions' will block plenty of legitimate, innocuous files and fail to block plenty of malicious executables. (Hint: every Microsoft Word document is an executable file.)
Moreover, extensions are not entirely meaningful with MIME. Marking a.txt file as 'content-type: executable' can cause surprising things to happen.
This takes a little bit of time to perform, but it's far cheaper to automatically scan the first few kilobytes of a message than to needlessly send gigabytes of virus-laden mail.
Balderdash. People who use poorly engineered mail clients *deserve* what the get, in the same way that people who drive a car without a spare tire deserve what they get.
The real solution is a well-designed email client:
Uses cryptography to establish trust.
Only automatically opens/runs attachments via sandboxed methods.
Requires user intervention, and by default displays a warning, for accessing attachments that cannot be sandboxed.
Anything else is just half-assed attempt at a solution that will inevitably break.
Not being a troll, but I still don't see the big deal about one irrational number.
'Irrational' means literally 'cannot be written as a ratio'. This doesn't necessarily mean that the digits are random. You can have numbers like
3.44333444443333334444444...
that are irrational, but whose digits are trivially deterministic. Boring.
Then there are the 'dirty' irrational numbers like pi and e that seem to have random digits. The research mentioned has moved a big step closer to proving that the digits of pi don't just seem random, they truly are random (at least in the sense that all possible combinations occur).
The part that'll really blow your mind is that somebody found an equation that tells you any binary digit of pi you want, without having to calculate any of the other binary digits. (See here.) That is why people are excited by the conjectured normality of pi: if normal, it produces all possible strings of bits from a trivial deterministic equation. This mixture of randomness with order is at the heart of many interesting questions in chaos theory, computational theory, and cryptography.
Microsoft: Hmm, let's use, say, a Caesar cipher to encode the partition table. It's ours, after all.
First of all, the exact contents of the partition table would have to have been created by a Microsoft employee for them to have a copyright. Secondly, the partition table would have to be a creative work intended for comprehension by people, and not a totally functional device.
My point being that whilst you certainly are permitted to decode your own data, if that data doesn't belong to you but is instead, say, an integral part of the operating system (think encoded registry, FAT-equivalent, and so on) then I'm not so sure, looking at your comment, where Microsoft stand. And whilst there's no good reason to encrypt these things, you never know.
If Microsoft wishes to make the partition table a creative work (say, encrypted machine code that produces the partition boundaries when executed), let them. The configuration management and crash recovery nightmare will be its own punishment.
Read about how computer BIOS programs were reverse-engineered and cloned to see the lengths that companies such as Compaq have to go through to make sure that they don't "accidentally" create a derivative work.
The issue was not "accidentally creating a derivative", it was "being able to tell IBM to go to hell, and having the federal judge draw them a map for exactly how to go there." If they hadn't clean-roomed their BIOSes, IBM would have been able to show enough doubt to drag them into court. IBM would have lost, and lost big time, but the case would have cost the BIOS maker critical time to market (which would have been especially deadly for the first Compaq BIOS, the success of which made Compaq the billion dollar company it is today).
Clean-rooming the BIOS has nothing to do with this mythological contamination. It's simply so that the judge will instantaneously see that there is no merit.
You're going to have to translate the source code into English and "summarize" it down to an API, and somebody with whom you have never met face-to-face (and thus has never had a chance to see the actual code) will have to actually implement the API.
This is a completely erroneous misinterpretation of copyright law. If it were true, musicians would routinely go to prison for 'willfully and with malice aforethought' listening to the radio. Visiting artists would be deported for going to galleries.
DISCLAIMER: Nothing you read on Slashdot is legal advice; only your attorney can provide that.
In other words, everbody is full of shit. I deeply resent this attack on my knowledge and character. I *am* full of shit, but I resent being told so.;-)
W3K supports something called a 'Dynamic disk' in short it bypasses the 'standard' way of disk partioning in favor of the MS way.
It'll need to be documented properly for RAID crash recovery tools, recovery of damaged hard drives (when the operator didn't keep backups;-), Partion Magic, legal investigations, and so forth.
Besides which, the old IBM PC partition table is running out of time. It doesn't have enough bits to represent the size of upcoming hard drives. Microsoft has to do *something*.
At some point we will hit a DCMA wall with the 'encrypeted data' partiions/folders/files.... All of this added to the fact that you can encrypt and compress a individual drive/folder/file. The encryption would be a problem just for the fact that MS seems to be behind DCMA enforcement.
I wish more people would actually read the DMCA. It gives the *copyright holder* privileges with respect to devices that can decode the encoded work. The DMCA says a decoder is legal if it has a 'commercially significant non-infringing' use. If it's your stuff on the partition, *you* determine what non-infringing means.
If any of the kernel hackers so much as look at the source code to WinCE, it could open some serious legal ickyness for all involved,
Bullshit. I don't know how this meme got started, but it's time for it to die. This isn't an NDA. Copyright solely covers the making of copies of the work. Unless you outright duplicate the copyright-protected work, there is no infringement.
Source code is really no different than books, magazines, and newspapers. You don't see newspaper editors scrupulously avoiding all printed materials besides their own paper, do you? You don't hear about musicians carefully avoiding listening to the radio, do you?
There is something called a "gravitoelectric field", but it has nothing to do with photons or electric charge. Rather, it describes how the gravitational field in linearized gravity decomposes into electric-like and magnetic-like components, analogously to the decomposition in electromagnetism.
That's the prediction and explanation of General Relativity. What's your point?
The point is that the hypotheses you were referring to were those that attempt to explain mass and gravitation in terms of self-radiation effects. You were calling these 'gravitoelectric' theories, but they are not. The term 'xyz-electric' refers to the static (non-moving) component of the 'xyz' force.
There is a theory that says they do. Just because you don't think so does not falsify it.
There certainly is such a theory, but its is not called gravitoelectrostatics nor gravitomagnetism. If you're gonna try discussing physics, at least make some feeble attempt at using the long-established terminology.
Nothing propagates in spacetime. By definition. The very fact that string theory postulates that time is one of the dimensions of nature falsifies it.
You are a crackpot. Whether troll or nut, you are cracked. Your idiotic web page goes on with this blather:
Why is motion in spacetime impossible? It has to do with the definitions of space and time and the equation of velocity v = dx/dt. What the equation is saying is that, if an object moves over any distance x, there is an elapsed time t. Since time is defined in physics as a parameter for denoting change (evolution), changing position from one point on a time axis to another is self-referential. Why? Because the equation for velocity along the time axis would have to be v = dt/dt which is, of course, meaningless as far as motion is concerned.
Velocity is the slope of a spacetime path, where the ordinate of the path is spatial and the abscissa is temporal. Velocity is inherently a two-axis metric. With reference to a single axis, the concept of velocity does not apply; you might as well try to count to infinity.
As to your dt/dt expression, it is perfectly meaningful: its value is, of course, dt/dt = 1. It is the defining identify for an infinite, smooth number line.
If spacetime is already curved magically, what's the point of having a graviton in the first place?
You are either a total idiot, or you are deliberately misdirecting the discussion by ignoring the fact that general relativity could very well be a highly-accurate approximation of a graviton theory.
For example, in Adobe's case, they would have to offer the writing software only under a license where the purchaser of the software would have to agree to something like this: "You agree to never give authorization to anyone (except as noted below) to descramble any documents that you create with this software. The exception is that you grant authorization to everyone to descramble documents created with this software, provided that they do the descrambling using Adobe-created or Adobe-licensed products, such as Acrobat Reader."
That would just make it a little harder. Take the encoding software to a jurisdiction where the license has no force, encode your document, and from that point forward people can decode the work with your authority (using non-Adobe decoders if they want).
It won't even help Adobe materially if the law is changed. In the U.S. at least, it cannot be changed retroactively and therefore Adobe can still be destroyed by their prior infringements.
Bzzzt! Wrong! But thank you for playing. The DMCA does indeed protect the encrypted work, and not the decoding system. If you have the permission of a single copyright holder whose work is encoded with the algorithm, you are legal to distribute the decoder. (Well, sort of. There is also a test for substantial commercial use, but the PDF format meets that criterion.)
It gets better. You can claim that *your* protection method is regular PDFs and sue Adobe because Acrobat reader is used without *your* authority.
People, try actually reading the DMCA some time. When you actually understand what all the clauses mean, you'll laugh long and hard. It is mutually-assured destruction for copyright law. *Anybody* can make a program illegal just by writing a work for it and saying 'I don't give you permission.'
Translation: they like the fact that the DMCA and a public Whois allows them to take the law into their own hands...
You are required to try taking the law into your own hands; courts are a last-resort measure to be used when negotiation has failed and government force is necessary. Courts look very, very unfavorably on people who refuse to make a reasonable effort to settle the matter outside court. Deliberately maintaining false information in WHOIS will prejudice the court against you (look up 'vexatious' in a law dictionary).
Moreover, if you are found guilty of copyright infringement, deliberately false information in WHOIS will be considered as evidence of willful premeditation on your part. (Much like wearing a ski mask during a robbery indicates that you have planned to carry out the crime.)
Restricting the Whois would force them to go through the courts, and they might not be able to intimidate people as easily.
Your 'solution' is to make every 'net copyright infringement involve at least one federal lawsuit + a private investigation, both of which are exceedingly expensive. And this is supposed to help individuals and small companies?
Generally speaking, any 'solution' that involves making information expensive and difficult to obtain does not help the little guy.
(If you're worried about being 'harassed' for saying things on the Internet, either shut up or grow a spine. If you aren't willing to take flack over what you say, then by your own measure it wasn't worth saying.)
And the biggest threat to them is people crafting oddball APIs because they somehow believe that these little handhelds can't run the desktop APIs. There is no need.
For unattended applications like data logging, you need to be able to turn the machine off under program control and have it turn back on at a scheduled time. You also need to be able to turn the backlight on and off under program control.
There is no standard Unix API for telling the system how fast you need the CPU to run, or that you don't need any CPU cycles for the next four hours.
The ethernet interface needs a precision clock, or it won't work right.
They could put a crystal good enough for Ethernet in the MCM. I suspect that the real reason for a separate crystal is that different people will need different types of crystals. Some people will want (expensive) ultra-stable crystals for time keeping purposes. Other people won't even have Ethernet and can live with a (cheap) sloppy crystal. Still other people will need rugged crystals for handheld devices. Unless he wants to burn lots of money on a gold-plated mil-spec unit, an engineer has to choose the most appropriate crystal for the job at hand.
I've designed boards with microprocessors on them, and I appreciate the external crystal. The more I look at Axis's products, the more it seems like they actually know what they are doing.
First you say "I am tired of hearing this drivel about SMTP being somehow 'broken'".
Then you say "What we need is a decentralized replacement without a central authority. Perhaps a 'web of trust' like PGP where any site can black hole another site on their OWN server, and others will pick up the ban automatically when enough servers they trust do so".
When people say SMTP is broken, the lack of trust management is what they're referring to. The inherent brokenness of SMTP is that it delivers just about anything that shows up on port 25. I agree with you that a distributed trust mechanism is needed.
Unfortunately making it work would take major design of new protocols and massive deployment of new mail servers. It would also take new email clients that people could use to report spam to their mail server. Large mail servers would need massive CPU power to do the necessary public key cryptography.
Except he isn't accused of attempting to backdoor the systems.... He's accused of running undesired software.
Security is all about the perception of trust.
Yes, the moment I see an exact catalog of specifically what McOwen was supposed to install, and in what order, I will agree that he had no discretion to install any more or any less.
Whatever was appropriate and necessary to fullfill the mission. For staff machines, that means very little software.
OTOH, we don't know what machines McOwen used -- the AnandTech story was too vague. If they were semi-public computer labs that were ghosted at the start of every day, the damages would be minimal. Nobody could reasonably expect such machines to be particularly secure, and therefore the damages for insecurity would be minimal. It all depends on the circumstances -- McOwen could be getting off easy, or he could be royally screwed. Hopefully/. will post more details soon.
Again, university environment, not big multibillion dollar conglomerate with a stock price to keep up.
First off, it seems to not be a university that this occurred at. I don't know how we got that meme going...
Besides which, any school large enough to have dozens of computers has a budget of several million dollars a year. It has accountants who must produce accurate numbers or they'll have to shut down. It has payrolls that have to be met on strict deadlines. It has confidential information that will cost millions if it is improperly disclosed. The school's few millions of dollars may be piddly compared to Chase-Manhattan, but that money is *very* important for the school.
Downtime is not disaster for *any* system in most universities.
Try being late for payroll at even an elementary school. The teachers, teacher's union, school administrators, board of education, city politicians, and press will hold a competition to see who can hand your head to you on a silver platter the fastest.
A university is even worse. Try making a department head miss a publication date for his paper in Science. The police detectives won't even be able to find your body, it having already been run through the particle accelerator one atom at a time.
I am not a troll. (Jeez. That's like saying 'I am not whiny' in a squeaky voice. Oh, well. Goodbye, dignity.) When I write, I try to express ideas clearly and forcefully. When I'm right, this makes me easier to understand. When I'm wrong, it makes me easier to correct.
Look at your disagreement with my post: you were able to directly argue against particular points of mine. You didn't have to untangle half-formed, vaguely qualified statements. It went 'clear statement, clear counterargument'. In fact, it is obvious that you were approaching it from the angle of a practial admin who isn't overly concerned about security and assurance, while my POV was known-good security and certifiable quality.
5. Delete directory.
Security is having confidence that every bit on the hardware comes from a known, approved source. You lose that when you install an untrusted program, and the only way to regain it is to delete everything and start from scratch.
If I hired a mechanic to check out my engine, and he sayed I used the wrong brand of oil, and I must replace my engine, Thats fraud.
A false analogy. A better analogy would be if you hired a mechanic to change the oil in your street-legal drag racing car with a $30,000 racing engine, telling him to only use Mobil synthetic oil, and he used olive oil instead. Maybe the engine wouldn't be hurt by it, but you don't have to put up with maybes. You are *owed* confidence that the engine is in a certain state. He'd be buying you a new engine, and compensating you for the loss of use. When confidence is the commodity of interest, you don't take chances.
BTW we use seti@home to burn in our Sun servers, even our big 10K clusters.
OTOH, if you installed S@H on a live banking server 'just because', they'd beat you to death with CAT5, even if you have admin privileges.
You state a cost of 3 hours per machine to "sanitize" and a cost of 1/2 hour per machine for a security analysis.
There aren't standard terms. By sanitize, I meant verifing the absence of malicious code and data in all the user-created files on the machine. Three hours per machine is actually very conservative. If the machine was used by an accountant to create a quarterly report, for instance, the only way they could have an acceptable level of confidence would be to recreate the report from scratch.
By security analysis, I meant that you had to check the machine for signs of malicious use. Compromised machines are frequently used as jumping off points for attacks on other systems, and you have to fix those systems too.
Examine one machine, then ghost out a new image using ghost multicast.
Each machine must be suddenly power cycled off to preserve evidence, and it's hard drive must be physically removed and read out. Most organizations are too lazy to do this (probably including the bozos in Georgia), but if you want security, it's what you have to do.
I should have made it clearer in my comment that I was exploring the worst-case costs of recovering from a compromise, the moral being that sysadmins should be utterly paranoid. A lot of this probably doesn't apply in David McOwen's case, since the 'victims' seem to have a severe case of recto-cranial inversion. It'll be interesting to see the details when they are made public.
If my dog pooped on your front lawn, would you send me the bill to have the entire house torn down, ground dug up, new sod laid down, and new house built?
False analogy. A good analogy would be if I hired you to clean the dog shit off my yard, and you instead dumped a truckload of dog shit on it. If you did that, you'd pay and pay and pay.
Have you never heard of "Uninstall"? It works really well, trust me.
Not for security it doesn't. Security is a matter of knowing where every program on the machine came from, and knowing that no uncertified programs have even been run on the machine. It is solely a matter of trust, a matter of having a known chain of control. That trust is easy to throw away and expensive to regain.
(I was actually being *extremely* conservative on the recovery costs. Many devices, like motherboards, BIOSes, and video cards use field-programmable flash devices. To fully recover from a compromise, you'd have to replace them all. Would probably be cheaper to just scrap the equipment and buy new stuff.)
It is my contention that his personal goals and the mission of his company were not in conflict,...
The trouble is that he was not mandated to do it, and it is not obvious that he had the leeway to do it. This gives him no ass-covering material. There's no piece of paper that unambiguously says he was permitted to do what he did. He can only argue about vague general principles.
Taking action in a large organization without a signed CYA document is playing with fire. If somebody higher up decides your action was wrong, you are doomed. It's your word against theirs, and they'll have the lawyers and monomania to bury you.
...and furthermore the odds of him actually winning the prize, remote enough(even with whatever rank he managed to achieve), the prize small enough, and the actual distribution of that profit distributed enough that for all intents and purposes the value of that prize goes to zero. In terms of the prize itself, his probabilistic share probably didn't add up to the price of a can of Mountain Dew.
Never take a risky action in a corporation without considering how it will sound in front of a Federal jury or Congressional committee. "So, Mr. McOwen, are you're telling us that you were converting these computers to your own use to win a $1000 prize?"
To a jury of bums, rednecks, and career Taco Bell cooks, that $1000 prize will be damning. Ditto for newspapers and blood-n-depravity TV news shows.
Incidentally -- these machines were going for some time, with no complaints being rendered for quite some time. This means a couple things:
It means one thing. The vindictive career academic bureaucrat who is going to send McOwen to the federal pen hadn't yet noticed. Now he has. It's a statistical thing, maybe they'll never notice, maybe the evidence will be gone before they notice, maybe they'll be too busy frying someone else, etc. Without the ass-covering paper trail, you're rolling dice.
Yeah, welcome to Winamp, Windows Media Player, RealPlayer, Yahoo Messenger, and Windows itself. Give be a break. The majority of university networks are so riddled with out of date daemons and unfirewalled ports...
So? The humorless gentlemen in the dark polished cars, wearing nice suits and ray ban sunglasses don't give a flying fuck that the situation is bad. All they care about is the documentary evidence that *you* made it measureably worse.
In my mind, the fact that so much time passed between his use of university resources and his eventual shutdown means that quite a few people knew of this incident and one person elected to express discretionary priveledge and can him. That's fine--it happens--but you don't send someone to jail for it.
You do if you're a career state-employed academic bureaucrat. Any one of 'career', 'state-employed', 'academic', or 'bureaucrat' would be bad news. Put them all together and it's a deadly situation. The person carrying out this campaign against McOwen is certainly clueless, likely vindictive, likely monomaniacal, and *committed*. Once a person like that starts a campaign, they'll push it as far as possible. They won't know when to give up.
Silly. You have no idea how much Cracking DES did, do you? Do you have any idea how significant the EFF's DES Cracking book was in making sure AES happened, and in forcing 3DES to be the standard of the day?
Overall it hurt the situation, by driving the spook traitors underground and forcing them to use more subtle means to frustrate crypto. Onerous crypto controls are still in place, and the traitors are still mostly successful at preventing widespread deployment of crypto. It would arguably have been better to continue with 40-bit DES, and let the electronic pearl harbor force Congress to clean house at the NSA.
...that travesty that is 802.11 WEP...
Offtopic, but... WEP is an impressive accomplishment. They actually managed to design a cryptosystem that has cipher- and key-exchange-independent insecurity (the 24-bit initialization vector).
Diligent recovery from this compromise would involve... a lot of things that didn't happen. At all. Even in the slightest.
Hmm...you're probably right. I'm not sure why I thought they did a proper recovery. (Although my list of expenses is a pretty good reason to get permission before you screw with hundreds of machines.)
If they really did just make up this numbers, the case could blow up in their faces. For McOwen's sake I hope it does.
If his interpretation was at odds with that of the administration, perhaps he deserved to lose his job -- but this doesn't even pass the giggle test for felony hacking. They were HIS BOXES. He had a legitimate accounts, probably even root accounts and did things that were *arguably* legitimate.
This is where I disagree. It's kind of like a delivery man. During the day, the truck is *HIS*. He can pick his own routes, make a detour for a customer who is in a huge hurry, bend the traffic regulations, and generally do whatever it takes to get the job done. He job is a big one, and he therefore has a lot of leeway to make autonomous decisions. Suppose he wants to take the truck home at the end of the day to move a sofa. If he takes 10 seconds to get the boss's permission, taking the truck is perfectly OK.
If he doesn't get permission, he has just hitched his fate to another person's mercy. In a small company where they've been friends for years, the boss might later tell him how glad he was that he went ahead and took the truck. At a larger company, the boss might admonish him not to do it without asking in the future and drop the matter. Or the boss might call the police and report it stolen, and prosecute it as grand theft.
Personally, I think that what McOwen did was absolutely wrong, but I also would have made the reaction proportional to the actual harm, which was fairly small. Suing someone into oblivion and getting them sent to prison is simply not good business.
Oddly enough, who do you go to if you have a project that could really use a few hundred machines?
If it's your job to use them that way, you just do it. However, if there is a person who could say no, and you don't ask, you have done something wrong.
Complete lack of precedent for a deleterious effect has an effect in a courtroom, you know.
Sadly, no. In a criminal case it is not necessary to prove substantial monetary damages, it is merely necessary to prove that the person did something they had not been given permission to do. If we can give people life sentences for agriculture (specifically, three strikes growing of cannabis sativa), then convicting an admitted vandal who was trying to win a $1000 prize is a piece of cake.
If the prospect of a decade of prison rape wouldn't make you run screaming like a horror movie prom queen into whatever abandoned warehouse of an online forum you could find -- you're a stronger man than I.
If you allow fear to govern your actions, you are letting the enemy dictate your actions.
Oh, this is much better than a felony conviction. It don't say, "Have you ever been mentioned on Slashdot" on the employment forms, you know:-)
It's funny, but I am also being serious. The Internet search engines are already starting to correlate information with specific people. I expect syntax-aware indexing to start being used within a few years. You'll be able to search on something like "name(John Smith) employed_by(Foo University) keywords(employed)". When you can do a good background search routinely, this sort of highly public announcement will be a Bad Thing.
I do feel for the prosecutor, though. I don't think he realizes how badly he's being used.
The prosecutor is actually a good point of approach, if you can get him in touch with a clueful expert.
Anyway, I understand what you're saying, I just think it's McOwen's fault for not establishing a paper trail showing permission. This isn't the first time I've heard of this sort of thing, either. I saw an almost identical case in the Ars Technica forums a while back, although it was a smaller amount (on the order of $10k IIRC, and no criminal case). I ought to write a web page about this problem: "The Young Male Sysadmin's Guide To Not Going To Prison".
1) The exact job specifications of Mr. McOwen's employment were not and literally could not be set in stone; his basic task was to administer the systems according to the precepts of the site they were deployed.
For the support of the organization, not for his own personal amusement, and most assuredly *not* for an effort to win him a prize.
Surely, it is not inconcievable that given the extraordinarily high degree of public works that universities are known for, that he might have come to the reasonable conclusion that installation of software that contributed to a public good (the global improvement of cryptographic quality) would be a fair extension of the mission of the university.
That a university is publicly oriented does not give its employees license to do whatever they think is in the public interest. A university is a corporation, just like any other, and the use of its resources must be approved by management.
2)... There was nothing hidden about the RC5 code, and as for destructiveness, few would argue it is destructive to a computer to ask it to compute!
Either you have reviewed the actual binaries that were running on the machine and are making a public offer to provide an unlimited monetary guarantee that there are no exploitable security bugs in the RC5 program, or you are talking out of your ass.
Unreviewed, untested, warranty-less binaries that engage in continuous communication with remote servers are a serious security threat, as well as a threat to the integrity of the machines. Many a machine has been brought to its knees because of some weird interaction between the installed packages.
A competent professional would *never* risk his client's machines for an unnecessary program.
3) Statistics have shown a multi billion dollar a year loss to the country from insufficient encryption and computer security systems.
And what the fuck does that have to do with this discussion? The question is whether he had permission, not whether he would have had a good justification if he had asked for permission.
And even if that was our discussion, brute-force cracking RC5 is a stunt. It doesn't do a damn thing for security.
4) No actual damage can be substantiated by the prosecution.
Are you an idiot? Do you know nothing about computers? Diligent recovery from this compromise would involve 1) backing up all data on the compromised hard drives, 2) formatting them, 3) reinstalling them from scratch, 4) sanitizing all the backed-up data, 5) and reinstalling all the backed-up data. Assuming a $150/hour sysadmin, three labor hours per machine, and 200 machines, that's a direct recovery cost of $90k.
Then you've got all the people who will be sitting around with their thumbs up their asses while their machines are offline. Assuming an average downtime of 1 week, an average employee salary of $25k/year, and an overhead rate of 100%, that's an indirect recovery cost of $192k.
Then there's the investigation cost. Assuming a security expert at $500/hour, and an analysis time of 30 min/machine, that's an investigation cost of $50k.
Then there's the legal costs. Because of the severity of the compromise, and the threat to the University's IP, a top-notch law firm specializing in insider sabotage will be needed. Assuming the law firm charges 80 hours @ $200/hour, that's a legal cost of $16k.
Then there's the prosecution cost. I have no idea what DAs, judges, and courts charge, but it's gotta be a lot.
That's a total of $348k for direct and simple indirect losses.
Then there's interest. It will probably take the Uni about three years to get a judgement for the losses. At the standard 25% rate for unsecured credit, that's a net interest of 95%, which will bring the final judgement to $679k.
Then there's the potential reputation cost to the university. Insider sabotage of the IT infrastructure makes tech and biotech firms very antsy, and less likely to engage in lucrative contracts with the Uni. Likewise for alumni support. The damages from this are pretty much unlimited; if the fates are against you it could run to tens of millions of dollars.
Suppose the school spent $200,000 on their internet connection yearly,...
It's their bandwidth and they can sell it for whatever price they want. It's up to you to ask for the price before you start appropriating it.
But that's irrelevant. The $0.59/min figure is almost certainly an aggregate number. They added up the total losses, divided them by the duration of the compromise, and that was the number.
5) Prosecution of Mr. McOwen would have a drastic chilling effect on the ability of computer administrators to do their work.
It will not. Competent professionals help the client accomplish their mission. If they have ideas for new mission objectives, or even for cool charitable projects that don't really accomplish much, they discuss it with the boss. They *don't* run off and reconfigure hundreds of pieces of high tech equipment for their own whimsy.
His actions were questionable even as a offense worthy of termination, given the wide berth that system administrators require to be effective and the vast freedoms inherent in the academic environment.
Bullshit. Sysadmins *never* have the right to turn hundreds of the institution's machines into zombies for their own pet projects. The reason sysadmins have wide latitude in decisions is because *that's what it takes to accomplish the mission*, and not because the machines are part of their personal toy chest.
They'd be laughed out of any civil court in the country, and the fact that they've reached criminal court--at the felony level, which would deprive Mr. McOwen of his freedom, his voting rights,...
Hardly. It's vandalism, plain and simple. The alterations he performed obviously had no relevance to the organization's mission, they had a potential serious deleterious impact on the mission, and he deliberately chose not to ask permission when doing so would have required little time or effort.
.... and even his ability to simply procure employment--is a grave insult.
The law is the least of his problems. Not only did he recklessly fuck over hundreds of his client's machines, he whined about the client's consternation on the Internet. For the rest of his life, any time a prospective employer does a web search on him this story will show up in all its tawdry glory.
I propose a new phrase for the Internet lexicon: "Pulling a David McOwen". It will be the Darwin Award of Career Limiting Moves. Example usage:
PERSON 1: What did he do?
PERSON 2: The story I heard said he spilled a can of coke into the NYSE mainframe.
PERSON 1: (awed voice) Wow. Talk about pulling a David McOwen.
Slashdot Mirror
Take a good structured design, substitute 'class' for 'module' and 'member method' for 'public function', and you'll have a good OO design. OO is just an easier way to implement the classic structured design elements: encapsulation, extensibility, and genericity.
You also said:
Huh? I can't speak for Java, but your 'dream code' is standard operating procedure for Python (and, I imagine, Ruby). Here's a transcript of your Hello World example from an actual Python interpreter: (I could have said print "Hello World" instead of the sys.stdout.write() call, but I wanted it to look like what you had written.)Download a Python interpreter, type that code in, and see it run for yourself. If you don't like OO because of your experiences with C++, Java, or Perl, you should try Python or Ruby. They are OO languages done right, as opposed to the hideous Lovecraftian horror of C++. Even if you insist on structured programming with no OO, Python has a very nice module system that makes it easy to create and encapsulate modules.
That said, there is a lot of poorly-designed crap out there, and I wouldn't be at all surprised to meet a motherboard that blows itself up under perfectly acceptable conditions.
For consumer equipment, all externally-accessible connectors should be able to take some vicious ESD zaps on every single pin. In fact, the 'CE' requirements in Europe make this a legal requirement. As an example of how much ESD protection is in engineer's minds, take a look at this datasheet for the Maxim MAX3232E RS-232 transciever chip, which has built in +/-15kV ESD protection. (Again, there's a lot of crap being manufactured that can't take ESD like it should.) If the Palm cradle connects to a 'wall wart' transformer to recharge the battery, there is another failure mode: the output of many wall warts is capacitively coupled to the AC power line. The ones I've seen make an approx. 60 VAC sine wave on the output, as measured relative to earth ground. There isn't much current available, and a proper RS-232 design should be able to take it all day long, but I *have* seen equipment that is damaged by it. (At work we're very paranoid about explicitly grounding laptop computers in the electronic labs to keep from frying our prototypes.) Oh, bullshit. It's the engineer's responsibility to design things that will actually work in the real world. Walking up to a piece of office equipment and touching it should *never* cause smoke and/or explosions. It's almost impossible to accidentally blow up a properly designed serial port. Either Palm deliberately and maliciously designed in a destruction circuit, or your motherboard was badly designed. Knowing how crappy commodity motherboards are, I'd bet on the latter. Given that RS-232 is intended to hook up randomly-grounded pieces of equipment with 50meter cables -- and is required by law to include ESD protection in Europe -- there's no point in handling it with kid gloves. Adding optocouplers would cost about US $1.50 per unit. Adding them would mean that the tens of millions of Palm owners with correctly designed computers would be paying a $25,000,000 tax to protect the few people with defective computers. You're forgetting the fourth choice: buy a computer that actually complies with the RS-232 standards, and actually has the run-of-the-mill standard level of ESD protection. Serial ports should be able to take almost anything short of being directly connected to the AC power line. It costs only pennies more to manufacture, and it provides a much better customer experience. (The only catch is that the computer manufacturers have to actually care about doing a good job, as opposed to cranking out an extra few hundred thousand motherboards per month.) I think you under-appreciate how hard it is to design good ESD protection. It's not enough to zap your circuit, and say it has good protection if it keeps working, because ESD damage often just weakens the transistors. Doing it right takes a good theoretical understanding of the circuit, great technician-type skill at performing the tests, and a well-developed sense of paranoia. Designing good ESD protection is a lot like designing cryptographic systems: it's easy to make something that *seems* to work, but very difficult to design something that will be rock solid under years of hard use.All motherboard manufacturers are under *tremendous* schedule pressures. The engineers are being pushed and pushed and pushed to get the design shipping as fast as possible. A two week delay (an ESD fix would probably take 3-4 weeks) costs the company more than a senior engineer's yearly salary, so the tendency is to say 'We zapped it, it works, what the hell let's ship it!' Keerist, with the Rambus and MTH fiascos earlier this year, Intel was shipping motherboards where *the engineers knew the digital functions didn't work*. Their priority for ESD protection was probably two notches higher than picking lint out of their belly buttons.
Hint: the trolls want attention, and you're giving it to them. Act as if a forum is good, and it becomes better. Act as if it sucks, and it will suck worse.Or do you really think the bad old days of 'clip here, uudecode, untar' were good? System-agnostic structured messages are a great good.
If the worm can sniff your keyboard, the game is already over. The goal should be to keep that from happening in the first place. Besides which, a good OS can keep anything from ever sniffing your passphrase. There just aren't any good OSes -- yet. Documents don't save themselves, the trusted code of the sandbox saves them, and it does so when and where the user says.There is essentially never a legitimate need to receive an executable as an email attachment. People who really need to can set up crypto and learn how to use it, and the other 99% can live without it and not know the difference.
Besides, if people *want* to hand their computers over to the Black Hats, there's no way to stop them sort of a draconian OS. Home users who do it will pay through the nose to get their machines unfucked, and corporate users will pay with their careers.
Moreover, extensions are not entirely meaningful with MIME. Marking a .txt file as 'content-type: executable' can cause surprising things to happen.
Balderdash. People who use poorly engineered mail clients *deserve* what the get, in the same way that people who drive a car without a spare tire deserve what they get.The real solution is a well-designed email client:
Anything else is just half-assed attempt at a solution that will inevitably break.
Then there are the 'dirty' irrational numbers like pi and e that seem to have random digits. The research mentioned has moved a big step closer to proving that the digits of pi don't just seem random, they truly are random (at least in the sense that all possible combinations occur).
The part that'll really blow your mind is that somebody found an equation that tells you any binary digit of pi you want, without having to calculate any of the other binary digits. (See here.) That is why people are excited by the conjectured normality of pi: if normal, it produces all possible strings of bits from a trivial deterministic equation. This mixture of randomness with order is at the heart of many interesting questions in chaos theory, computational theory, and cryptography.
Clean-rooming the BIOS has nothing to do with this mythological contamination. It's simply so that the judge will instantaneously see that there is no merit.
This is a completely erroneous misinterpretation of copyright law. If it were true, musicians would routinely go to prison for 'willfully and with malice aforethought' listening to the radio. Visiting artists would be deported for going to galleries. In other words, everbody is full of shit. I deeply resent this attack on my knowledge and character. I *am* full of shit, but I resent being told so.Besides which, the old IBM PC partition table is running out of time. It doesn't have enough bits to represent the size of upcoming hard drives. Microsoft has to do *something*.
I wish more people would actually read the DMCA. It gives the *copyright holder* privileges with respect to devices that can decode the encoded work. The DMCA says a decoder is legal if it has a 'commercially significant non-infringing' use. If it's your stuff on the partition, *you* determine what non-infringing means.Source code is really no different than books, magazines, and newspapers. You don't see newspaper editors scrupulously avoiding all printed materials besides their own paper, do you? You don't hear about musicians carefully avoiding listening to the radio, do you?
As to your dt/dt expression, it is perfectly meaningful: its value is, of course, dt/dt = 1. It is the defining identify for an infinite, smooth number line.
You are either a total idiot, or you are deliberately misdirecting the discussion by ignoring the fact that general relativity could very well be a highly-accurate approximation of a graviton theory.It won't even help Adobe materially if the law is changed. In the U.S. at least, it cannot be changed retroactively and therefore Adobe can still be destroyed by their prior infringements.
It gets better. You can claim that *your* protection method is regular PDFs and sue Adobe because Acrobat reader is used without *your* authority.
People, try actually reading the DMCA some time. When you actually understand what all the clauses mean, you'll laugh long and hard. It is mutually-assured destruction for copyright law. *Anybody* can make a program illegal just by writing a work for it and saying 'I don't give you permission.'
Moreover, if you are found guilty of copyright infringement, deliberately false information in WHOIS will be considered as evidence of willful premeditation on your part. (Much like wearing a ski mask during a robbery indicates that you have planned to carry out the crime.)
Your 'solution' is to make every 'net copyright infringement involve at least one federal lawsuit + a private investigation, both of which are exceedingly expensive. And this is supposed to help individuals and small companies?Generally speaking, any 'solution' that involves making information expensive and difficult to obtain does not help the little guy.
(If you're worried about being 'harassed' for saying things on the Internet, either shut up or grow a spine. If you aren't willing to take flack over what you say, then by your own measure it wasn't worth saying.)
There is no standard Unix API for telling the system how fast you need the CPU to run, or that you don't need any CPU cycles for the next four hours.
I've designed boards with microprocessors on them, and I appreciate the external crystal. The more I look at Axis's products, the more it seems like they actually know what they are doing.
Then you say "What we need is a decentralized replacement without a central authority. Perhaps a 'web of trust' like PGP where any site can black hole another site on their OWN server, and others will pick up the ban automatically when enough servers they trust do so".
When people say SMTP is broken, the lack of trust management is what they're referring to. The inherent brokenness of SMTP is that it delivers just about anything that shows up on port 25. I agree with you that a distributed trust mechanism is needed.
Unfortunately making it work would take major design of new protocols and massive deployment of new mail servers. It would also take new email clients that people could use to report spam to their mail server. Large mail servers would need massive CPU power to do the necessary public key cryptography.
OTOH, we don't know what machines McOwen used -- the AnandTech story was too vague. If they were semi-public computer labs that were ghosted at the start of every day, the damages would be minimal. Nobody could reasonably expect such machines to be particularly secure, and therefore the damages for insecurity would be minimal. It all depends on the circumstances -- McOwen could be getting off easy, or he could be royally screwed. Hopefully /. will post more details soon.
First off, it seems to not be a university that this occurred at. I don't know how we got that meme going...Besides which, any school large enough to have dozens of computers has a budget of several million dollars a year. It has accountants who must produce accurate numbers or they'll have to shut down. It has payrolls that have to be met on strict deadlines. It has confidential information that will cost millions if it is improperly disclosed. The school's few millions of dollars may be piddly compared to Chase-Manhattan, but that money is *very* important for the school.
Try being late for payroll at even an elementary school. The teachers, teacher's union, school administrators, board of education, city politicians, and press will hold a competition to see who can hand your head to you on a silver platter the fastest.A university is even worse. Try making a department head miss a publication date for his paper in Science. The police detectives won't even be able to find your body, it having already been run through the particle accelerator one atom at a time.
Look at your disagreement with my post: you were able to directly argue against particular points of mine. You didn't have to untangle half-formed, vaguely qualified statements. It went 'clear statement, clear counterargument'. In fact, it is obvious that you were approaching it from the angle of a practial admin who isn't overly concerned about security and assurance, while my POV was known-good security and certifiable quality.
Security is having confidence that every bit on the hardware comes from a known, approved source. You lose that when you install an untrusted program, and the only way to regain it is to delete everything and start from scratch. A false analogy. A better analogy would be if you hired a mechanic to change the oil in your street-legal drag racing car with a $30,000 racing engine, telling him to only use Mobil synthetic oil, and he used olive oil instead. Maybe the engine wouldn't be hurt by it, but you don't have to put up with maybes. You are *owed* confidence that the engine is in a certain state. He'd be buying you a new engine, and compensating you for the loss of use. When confidence is the commodity of interest, you don't take chances. OTOH, if you installed S@H on a live banking server 'just because', they'd beat you to death with CAT5, even if you have admin privileges.By security analysis, I meant that you had to check the machine for signs of malicious use. Compromised machines are frequently used as jumping off points for attacks on other systems, and you have to fix those systems too.
Each machine must be suddenly power cycled off to preserve evidence, and it's hard drive must be physically removed and read out. Most organizations are too lazy to do this (probably including the bozos in Georgia), but if you want security, it's what you have to do.I should have made it clearer in my comment that I was exploring the worst-case costs of recovering from a compromise, the moral being that sysadmins should be utterly paranoid. A lot of this probably doesn't apply in David McOwen's case, since the 'victims' seem to have a severe case of recto-cranial inversion. It'll be interesting to see the details when they are made public.
(I was actually being *extremely* conservative on the recovery costs. Many devices, like motherboards, BIOSes, and video cards use field-programmable flash devices. To fully recover from a compromise, you'd have to replace them all. Would probably be cheaper to just scrap the equipment and buy new stuff.)
Taking action in a large organization without a signed CYA document is playing with fire. If somebody higher up decides your action was wrong, you are doomed. It's your word against theirs, and they'll have the lawyers and monomania to bury you.
Never take a risky action in a corporation without considering how it will sound in front of a Federal jury or Congressional committee. "So, Mr. McOwen, are you're telling us that you were converting these computers to your own use to win a $1000 prize?"To a jury of bums, rednecks, and career Taco Bell cooks, that $1000 prize will be damning. Ditto for newspapers and blood-n-depravity TV news shows.
It means one thing. The vindictive career academic bureaucrat who is going to send McOwen to the federal pen hadn't yet noticed. Now he has. It's a statistical thing, maybe they'll never notice, maybe the evidence will be gone before they notice, maybe they'll be too busy frying someone else, etc. Without the ass-covering paper trail, you're rolling dice. So? The humorless gentlemen in the dark polished cars, wearing nice suits and ray ban sunglasses don't give a flying fuck that the situation is bad. All they care about is the documentary evidence that *you* made it measureably worse. You do if you're a career state-employed academic bureaucrat. Any one of 'career', 'state-employed', 'academic', or 'bureaucrat' would be bad news. Put them all together and it's a deadly situation. The person carrying out this campaign against McOwen is certainly clueless, likely vindictive, likely monomaniacal, and *committed*. Once a person like that starts a campaign, they'll push it as far as possible. They won't know when to give up. Overall it hurt the situation, by driving the spook traitors underground and forcing them to use more subtle means to frustrate crypto. Onerous crypto controls are still in place, and the traitors are still mostly successful at preventing widespread deployment of crypto. It would arguably have been better to continue with 40-bit DES, and let the electronic pearl harbor force Congress to clean house at the NSA. Offtopic, but... WEP is an impressive accomplishment. They actually managed to design a cryptosystem that has cipher- and key-exchange-independent insecurity (the 24-bit initialization vector). Hmm...you're probably right. I'm not sure why I thought they did a proper recovery. (Although my list of expenses is a pretty good reason to get permission before you screw with hundreds of machines.)If they really did just make up this numbers, the case could blow up in their faces. For McOwen's sake I hope it does.
This is where I disagree. It's kind of like a delivery man. During the day, the truck is *HIS*. He can pick his own routes, make a detour for a customer who is in a huge hurry, bend the traffic regulations, and generally do whatever it takes to get the job done. He job is a big one, and he therefore has a lot of leeway to make autonomous decisions. Suppose he wants to take the truck home at the end of the day to move a sofa. If he takes 10 seconds to get the boss's permission, taking the truck is perfectly OK.If he doesn't get permission, he has just hitched his fate to another person's mercy. In a small company where they've been friends for years, the boss might later tell him how glad he was that he went ahead and took the truck. At a larger company, the boss might admonish him not to do it without asking in the future and drop the matter. Or the boss might call the police and report it stolen, and prosecute it as grand theft.
Personally, I think that what McOwen did was absolutely wrong, but I also would have made the reaction proportional to the actual harm, which was fairly small. Suing someone into oblivion and getting them sent to prison is simply not good business.
If it's your job to use them that way, you just do it. However, if there is a person who could say no, and you don't ask, you have done something wrong. Sadly, no. In a criminal case it is not necessary to prove substantial monetary damages, it is merely necessary to prove that the person did something they had not been given permission to do. If we can give people life sentences for agriculture (specifically, three strikes growing of cannabis sativa), then convicting an admitted vandal who was trying to win a $1000 prize is a piece of cake. If you allow fear to govern your actions, you are letting the enemy dictate your actions. It's funny, but I am also being serious. The Internet search engines are already starting to correlate information with specific people. I expect syntax-aware indexing to start being used within a few years. You'll be able to search on something like "name(John Smith) employed_by(Foo University) keywords(employed)". When you can do a good background search routinely, this sort of highly public announcement will be a Bad Thing. The prosecutor is actually a good point of approach, if you can get him in touch with a clueful expert.Anyway, I understand what you're saying, I just think it's McOwen's fault for not establishing a paper trail showing permission. This isn't the first time I've heard of this sort of thing, either. I saw an almost identical case in the Ars Technica forums a while back, although it was a smaller amount (on the order of $10k IIRC, and no criminal case). I ought to write a web page about this problem: "The Young Male Sysadmin's Guide To Not Going To Prison".
Unreviewed, untested, warranty-less binaries that engage in continuous communication with remote servers are a serious security threat, as well as a threat to the integrity of the machines. Many a machine has been brought to its knees because of some weird interaction between the installed packages.
A competent professional would *never* risk his client's machines for an unnecessary program.
And what the fuck does that have to do with this discussion? The question is whether he had permission, not whether he would have had a good justification if he had asked for permission.And even if that was our discussion, brute-force cracking RC5 is a stunt. It doesn't do a damn thing for security.
Are you an idiot? Do you know nothing about computers? Diligent recovery from this compromise would involve 1) backing up all data on the compromised hard drives, 2) formatting them, 3) reinstalling them from scratch, 4) sanitizing all the backed-up data, 5) and reinstalling all the backed-up data. Assuming a $150/hour sysadmin, three labor hours per machine, and 200 machines, that's a direct recovery cost of $90k.Then you've got all the people who will be sitting around with their thumbs up their asses while their machines are offline. Assuming an average downtime of 1 week, an average employee salary of $25k/year, and an overhead rate of 100%, that's an indirect recovery cost of $192k.
Then there's the investigation cost. Assuming a security expert at $500/hour, and an analysis time of 30 min/machine, that's an investigation cost of $50k.
Then there's the legal costs. Because of the severity of the compromise, and the threat to the University's IP, a top-notch law firm specializing in insider sabotage will be needed. Assuming the law firm charges 80 hours @ $200/hour, that's a legal cost of $16k.
Then there's the prosecution cost. I have no idea what DAs, judges, and courts charge, but it's gotta be a lot.
That's a total of $348k for direct and simple indirect losses.
Then there's interest. It will probably take the Uni about three years to get a judgement for the losses. At the standard 25% rate for unsecured credit, that's a net interest of 95%, which will bring the final judgement to $679k.
Then there's the potential reputation cost to the university. Insider sabotage of the IT infrastructure makes tech and biotech firms very antsy, and less likely to engage in lucrative contracts with the Uni. Likewise for alumni support. The damages from this are pretty much unlimited; if the fates are against you it could run to tens of millions of dollars.
It's their bandwidth and they can sell it for whatever price they want. It's up to you to ask for the price before you start appropriating it.But that's irrelevant. The $0.59/min figure is almost certainly an aggregate number. They added up the total losses, divided them by the duration of the compromise, and that was the number.
It will not. Competent professionals help the client accomplish their mission. If they have ideas for new mission objectives, or even for cool charitable projects that don't really accomplish much, they discuss it with the boss. They *don't* run off and reconfigure hundreds of pieces of high tech equipment for their own whimsy. Bullshit. Sysadmins *never* have the right to turn hundreds of the institution's machines into zombies for their own pet projects. The reason sysadmins have wide latitude in decisions is because *that's what it takes to accomplish the mission*, and not because the machines are part of their personal toy chest. Hardly. It's vandalism, plain and simple. The alterations he performed obviously had no relevance to the organization's mission, they had a potential serious deleterious impact on the mission, and he deliberately chose not to ask permission when doing so would have required little time or effort. The law is the least of his problems. Not only did he recklessly fuck over hundreds of his client's machines, he whined about the client's consternation on the Internet. For the rest of his life, any time a prospective employer does a web search on him this story will show up in all its tawdry glory.I propose a new phrase for the Internet lexicon: "Pulling a David McOwen". It will be the Darwin Award of Career Limiting Moves. Example usage: