For bonus points, draw paw/foot prints on the paper. For maximum effect, ensure the victim has an old thermal paper fax machine which will spew out metres of prints, then run out of paper and refuse to accept any more jobs.
I approached these guys ages ago about their domain - intending to publish information about why Microsoft's.NET was a bad idea (mostly just the passport side of things which is now cactus anyway). It's good to see a domain I wanted put to good use, rather than a handful of others which are still placeholders or want $$lots which they'll never get.
Supermarket product recalls are a completely new phenonemon to me. Until I placed a few online orders with Coles Online I'd never heard of them. Now I do, and even for products I have never purchased. Surely it wouldn't be too hard to look at the stuff I've bought from them before and *only* notify me if I've purchased the offending item(s). If I've bought beef with added mad cow then fine, spam me as much as you like. Otherwise leave me alone, as per our agreement.
Where it doesn't matter whether or not the device is connected (ie because it's sitting next to the computer), use a cable and enjoy *significantly* faster syncs. A few years ago I spent some time building a computer for the car which would be connected to my LAN at night by UTP cable and/or updated by CD. It was to be connected to the stacker interface and controlled as a CD stacker would be (complete with track names, etc.). Fine if you've got a garage but I was a student at the time so the car spent most of it's parked life a few hundred metres from the flat. Then MP3 car computers started being produced in small quantities, and I thought I'd wait until they hit mass market (figuring you can easily fit a cheap hard drive in a head unit and therefore it wouldn't be long until we saw such devices). Yes, you can buy a head unit which will play MP3s from a data CD, but that's not what I'm after. Then embedded platforms like Via Eden started to be mass produced and I now have access to a small form factor (300x300x80 or thereabouts) machine which is fed by 12vdc. Unfortunately I don't have the time to invest in it at the moment, but I figure it won't be long before one of the big manufacturers works it out - perhaps this year? The idea is that when you park your car (probably triggered by your turning off the ignition), it checks whether or not it is in range. If it is, it syncs and then shuts down. Otherwise it just shuts down. If you're lucky enough to have a carspace within wireless range of your desk at work then you can sync both ways, so as if you import a CD at work, you can also play it in the car and/or at home. The syncs may be slow, but they're only doing a few tracks a day so it doesn't matter. Anyway, if someone knows of such a beast already, or wants to make one, let me know.
I see these larrakins are still out trying to stand on toes wherever possible, this time by making a comparison between the security of two distributions based on the setup of their administrative systems. This courtesy the front page of their web site under 'SecurityNews'.
Monday 8th December 2003
A Linux vulnerability allowed attackers to elevate user privileges in a recent attack upon the servers of the Debian Linux distribution. The vulnerability can only be exploited by people who have already have access to a user account on the Linux system.
Unlike a standard Linux distribution, SmoothWall is a hardened system that does not create standard user accounts. Furthermore, all access for management or maintenance purposes is normally restricted to specific IP addresses.
For general purpose Linux systems using a kernel prior to 2.4.23 we recommend that the system be updated to remove this significant vulnerability. Check the website of your Linux distribution for applicable patches or see Network World Fusion for further information.
Actually it's 25c now, unless you're with a 1/2 decent provider like 3 (http://www.three.com.au) who charge 'only' 15c. Some carriers give cheaper/free SMSs 'internally'. I figure that it is worth something to be able to deliver a message to someone instantly, wherever they are. Won't be long before the data side of things sweeps away their SMS market anyway - although at $22,000 per gig (Optus last I checked) for GPRS data, one would think they've calculated their data rate by working back from 20c per email:) Given I pay all of $6 per gig at home, I'm having troubles coming to terms with this markup - regardless of contention for the airwaves. This will no doubt help the wireless hotspot industry, and there's less cost in setting up and running one of those given you don't need coverage everywhere to do so.
The music industry estimates the pirate trio cost it up to $200 million in lost sales revenue
That's more than triple the Police's (almost certainly already inflated) estimate of $60m - at AUD30 per CD that's around 2,000,000 albums, and yet there were only 7,000,000 'hits' (and probably a lot less 'downloads'). Who's to say that any, let alone all, of those 'hits' would have converted to sales? Even if each were a download, at AUD3 per track (averaging 10 tracks per CD) I only count $21m - an ORDER OF MAGNITUDE less than the ARIA estimates and a THIRD of the police estimates! Who are they trying to kid?
It's also worth noting that the website contained CD collections (Pimpology, Blazin' Up, Spades and Club Ace) compiled by 'aspiring DJ' Tommy Le, in which case they weren't necessarily copying music for the sake of it (and certainly not for profit), as ARIA would have you believe, nor were they adopt[ing] nicknames to avoid detection, as asserted in the article.
I am going to go spend that money I might otherwise have spent on CDs on an Electronic Frontiers Australia Life Membership and I urge others to do the same - it's only AUD110, or AUD16.50 through 1 July next year. That's less than USD12 for international readers! (your money goes further down under)
I find it strange that I be coming to the aid of the authors of BIND as a loyal djbdns user, but in this case I strongly believe it is Verisign who are to be hung, drawn and quartered over this one. The ISC were merely attempting to meet the needs of their customers. I haven't looked at why this caused breakage yet, but I wonder how much of it is related to poor configuration of the other domains? I wonder also how difficult it would be to modify the patch to sanitise only.com and.net domains? Not quite as clean, but better than, say, filtering IP numbers!
This is perhaps the most ridiculous, biased, inaccurate drivel I've read all year. The fact that it's published as an 'authorative' piece when in fact it's probably no more than sponsored FUD[1] is concerning, and is precisely why I won't be wasting my time reading Information Week in the future. It doesn't take a rocket scientist to work out that monocultures are nothing short of dangerous, and it's a shame to see a more reputable firm like Gartner being criticised for drawing our attention to an important issue.
Provides consulting services during the review process of a poorly founded negative piece on a vendor or its products and, should it be needed, showcases the research errors, statistical mistakes, and unfounded conclusions that often define such a piece.
Actually I have this already. I've been installing systems with ext3 roots (for restore purposes mainly), upgrading to the kernel-image-2.6* package(s) and creating xfs/home, etc. partitions. Thanks for the heads up nonetheless.
And if you want to use 2.4 kernels without compiling your own then you probably want to consider the 'all rounder', JFS, as 1.1.0 (or thereabouts) has been included since 2.4.20. I have a feeling XFS modifies things which weren't to be touched until 2.6.0 so you'll need a custom kernel for it. While some vendors ship 2.4 kernels with XFS support, I only really care about debian and it only ships the patch.
Use XFS unless you want to do lots of deletes (as they are slow and expensive) in which case ext2 is probably a better bet since the files are probably temporary (Squid caches for example).
In a free market the price of operating system and productivity software would be significantly cheaper than it is today. Considering the cost involved in designing, testing, distributing and supporting hardware and how it compares to that of shrink wrapped software (and yes, I am both an ISV and OEM so I know what's involved behind the scenes) there's no excuse for the software which runs on desktops to cost as much as it does.
Here in Australia we take things into account like the price of the goods and the purpose for which they were intended. You're not, for example, going to have much luck suing someone over those $2 scissors you were using to conduct major surgery, but you may succeed with the $200 surgical variety.
Now if MS were happy charging a reasonable (given the price of hardware, say, $100 - 10% of a machine's value rather than $1500 and 150%!) price for their software, and weren't running around trying to force their way into everything with a processor then they'd probably be safer from such claims than they are now.
if implemented properly, could revolutionise governance in general - pity it's being so badly implemented thus far. If voting were faster and cheaper it could be involved more regularly in all manner of decision making processes. I simply cannot believe that someone would implement such a critical system on any Microsoft platform, especially when there's plenty of alternatives out there. QNX comes to mind. Mind you it is no surprise to me that a company who chooses to start behind the 8 ball by making such a poor choice in platforms is subsequently found to show a disregard for security in general ('compromised' servers, serious flaws, etc.). I hope they're enjoying 'whack-a-mole' because you can bet that for every site they manage to take down, 10 others will pop up!
Or you could just look out for MAC addresses (or equivalents) of wireless devices carried by the occupants. I know I almost always have my mobile with me... now if only I had an I/O board to plug the computer behind my office door into a door strike.
One way to derive benefits from the statistics while protecting drivers from their own vehicles would be for the boxes to introduce the occasional error into the data - outliers will be filtered out when the stats are processed, but the figures will no longer be able to be trusted for avoiding claims and the like. If the information's recorded accurately, it's there to be abused.
Slashdot Mirror
For bonus points, draw paw/foot prints on the paper. For maximum effect, ensure the victim has an old thermal paper fax machine which will spew out metres of prints, then run out of paper and refuse to accept any more jobs.
Forget about Slowaris, GPL Java!
I approached these guys ages ago about their domain - intending to publish information about why Microsoft's .NET was a bad idea (mostly just the passport side of things which is now cactus anyway). It's good to see a domain I wanted put to good use, rather than a handful of others which are still placeholders or want $$lots which they'll never get.
Supermarket product recalls are a completely new phenonemon to me. Until I placed a few online orders with Coles Online I'd never heard of them. Now I do, and even for products I have never purchased. Surely it wouldn't be too hard to look at the stuff I've bought from them before and *only* notify me if I've purchased the offending item(s). If I've bought beef with added mad cow then fine, spam me as much as you like. Otherwise leave me alone, as per our agreement.
Where it doesn't matter whether or not the device is connected (ie because it's sitting next to the computer), use a cable and enjoy *significantly* faster syncs. A few years ago I spent some time building a computer for the car which would be connected to my LAN at night by UTP cable and/or updated by CD. It was to be connected to the stacker interface and controlled as a CD stacker would be (complete with track names, etc.). Fine if you've got a garage but I was a student at the time so the car spent most of it's parked life a few hundred metres from the flat. Then MP3 car computers started being produced in small quantities, and I thought I'd wait until they hit mass market (figuring you can easily fit a cheap hard drive in a head unit and therefore it wouldn't be long until we saw such devices). Yes, you can buy a head unit which will play MP3s from a data CD, but that's not what I'm after. Then embedded platforms like Via Eden started to be mass produced and I now have access to a small form factor (300x300x80 or thereabouts) machine which is fed by 12vdc. Unfortunately I don't have the time to invest in it at the moment, but I figure it won't be long before one of the big manufacturers works it out - perhaps this year? The idea is that when you park your car (probably triggered by your turning off the ignition), it checks whether or not it is in range. If it is, it syncs and then shuts down. Otherwise it just shuts down. If you're lucky enough to have a carspace within wireless range of your desk at work then you can sync both ways, so as if you import a CD at work, you can also play it in the car and/or at home. The syncs may be slow, but they're only doing a few tracks a day so it doesn't matter. Anyway, if someone knows of such a beast already, or wants to make one, let me know.
Now we just need an ActiveX version so one can Debianise their Windows box from the comfort of Internet Explorer!
I see these larrakins are still out trying to stand on toes wherever possible, this time by making a comparison between the security of two distributions based on the setup of their administrative systems. This courtesy the front page of their web site under 'SecurityNews'.
Monday 8th December 2003
A Linux vulnerability allowed attackers to elevate user privileges in a recent attack upon the servers of the Debian Linux distribution. The vulnerability can only be exploited by people who have already have access to a user account on the Linux system.
Unlike a standard Linux distribution, SmoothWall is a hardened system that does not create standard user accounts. Furthermore, all access for management or maintenance purposes is normally restricted to specific IP addresses.
For general purpose Linux systems using a kernel prior to 2.4.23 we recommend that the system be updated to remove this significant vulnerability. Check the website of your Linux distribution for applicable patches or see Network World Fusion for further information.
Actually it's 25c now, unless you're with a 1/2 decent provider like 3 (http://www.three.com.au) who charge 'only' 15c. Some carriers give cheaper/free SMSs 'internally'. I figure that it is worth something to be able to deliver a message to someone instantly, wherever they are. Won't be long before the data side of things sweeps away their SMS market anyway - although at $22,000 per gig (Optus last I checked) for GPRS data, one would think they've calculated their data rate by working back from 20c per email :) Given I pay all of $6 per gig at home, I'm having troubles coming to terms with this markup - regardless of contention for the airwaves. This will no doubt help the wireless hotspot industry, and there's less cost in setting up and running one of those given you don't need coverage everywhere to do so.
We still pay for unlisted numbers here in Australia...
That's more than triple the Police's (almost certainly already inflated) estimate of $60m - at AUD30 per CD that's around 2,000,000 albums, and yet there were only 7,000,000 'hits' (and probably a lot less 'downloads'). Who's to say that any, let alone all, of those 'hits' would have converted to sales? Even if each were a download, at AUD3 per track (averaging 10 tracks per CD) I only count $21m - an ORDER OF MAGNITUDE less than the ARIA estimates and a THIRD of the police estimates! Who are they trying to kid?
It's also worth noting that the website contained CD collections (Pimpology, Blazin' Up, Spades and Club Ace) compiled by 'aspiring DJ' Tommy Le, in which case they weren't necessarily copying music for the sake of it (and certainly not for profit), as ARIA would have you believe, nor were they adopt[ing] nicknames to avoid detection, as asserted in the article.
I am going to go spend that money I might otherwise have spent on CDs on an Electronic Frontiers Australia Life Membership and I urge others to do the same - it's only AUD110, or AUD16.50 through 1 July next year. That's less than USD12 for international readers! (your money goes further down under)
I find it strange that I be coming to the aid of the authors of BIND as a loyal djbdns user, but in this case I strongly believe it is Verisign who are to be hung, drawn and quartered over this one. The ISC were merely attempting to meet the needs of their customers. I haven't looked at why this caused breakage yet, but I wonder how much of it is related to poor configuration of the other domains? I wonder also how difficult it would be to modify the patch to sanitise only .com and .net domains? Not quite as clean, but better than, say, filtering IP numbers!
This is perhaps the most ridiculous, biased, inaccurate drivel I've read all year. The fact that it's published as an 'authorative' piece when in fact it's probably no more than sponsored FUD[1] is concerning, and is precisely why I won't be wasting my time reading Information Week in the future. It doesn't take a rocket scientist to work out that monocultures are nothing short of dangerous, and it's a shame to see a more reputable firm like Gartner being criticised for drawing our attention to an important issue.
http://www.enderlegroup.com/
Provides consulting services during the review process of a poorly founded negative piece on a vendor or its products and, should it be needed, showcases the research errors, statistical mistakes, and unfounded conclusions that often define such a piece.
You lot are only 2 years behind us aussies on this one.
Actually I have this already. I've been installing systems with ext3 roots (for restore purposes mainly), upgrading to the kernel-image-2.6* package(s) and creating xfs /home, etc. partitions. Thanks for the heads up nonetheless.
And if you want to use 2.4 kernels without compiling your own then you probably want to consider the 'all rounder', JFS, as 1.1.0 (or thereabouts) has been included since 2.4.20. I have a feeling XFS modifies things which weren't to be touched until 2.6.0 so you'll need a custom kernel for it. While some vendors ship 2.4 kernels with XFS support, I only really care about debian and it only ships the patch.
Use XFS unless you want to do lots of deletes (as they are slow and expensive) in which case ext2 is probably a better bet since the files are probably temporary (Squid caches for example).
I disagree - I'd like to see this statement justified. If anything I'd argue they aren't doing enough a lot of the time.
Hopefully they'll be asking Verisign questions about SiteFinder next...
In a free market the price of operating system and productivity software would be significantly cheaper than it is today. Considering the cost involved in designing, testing, distributing and supporting hardware and how it compares to that of shrink wrapped software (and yes, I am both an ISV and OEM so I know what's involved behind the scenes) there's no excuse for the software which runs on desktops to cost as much as it does.
Here in Australia we take things into account like the price of the goods and the purpose for which they were intended. You're not, for example, going to have much luck suing someone over those $2 scissors you were using to conduct major surgery, but you may succeed with the $200 surgical variety.
Now if MS were happy charging a reasonable (given the price of hardware, say, $100 - 10% of a machine's value rather than $1500 and 150%!) price for their software, and weren't running around trying to force their way into everything with a processor then they'd probably be safer from such claims than they are now.
I'll bet even the binaries won't see the light of day, so it's all good and well to say it works, but that's not going to help us any time soon.
I doubt it.
if implemented properly, could revolutionise governance in general - pity it's being so badly implemented thus far. If voting were faster and cheaper it could be involved more regularly in all manner of decision making processes. I simply cannot believe that someone would implement such a critical system on any Microsoft platform, especially when there's plenty of alternatives out there. QNX comes to mind. Mind you it is no surprise to me that a company who chooses to start behind the 8 ball by making such a poor choice in platforms is subsequently found to show a disregard for security in general ('compromised' servers, serious flaws, etc.). I hope they're enjoying 'whack-a-mole' because you can bet that for every site they manage to take down, 10 others will pop up!
Or you could just look out for MAC addresses (or equivalents) of wireless devices carried by the occupants. I know I almost always have my mobile with me... now if only I had an I/O board to plug the computer behind my office door into a door strike.
One way to derive benefits from the statistics while protecting drivers from their own vehicles would be for the boxes to introduce the occasional error into the data - outliers will be filtered out when the stats are processed, but the figures will no longer be able to be trusted for avoiding claims and the like. If the information's recorded accurately, it's there to be abused.