Correct, he was absolved of criminal wrongdoing. He was then sued in civil, as opposed to criminal, court, by the famlies of the victims, and was found responsible for their 'wrongful deaths.' Or some such, I forget the actual wording. But the point here is that he was found civilly liable for the deaths, if not criminally guilty.
So, similarly, Mitnick might not be criminally liable for his actions, but they might still be able to take him to civil court and sue for lots of money.
If, say, one out of ten ideas are good, useful ones, then you need to come up with, implement, and identify nine ideas before you come up with the good one. The faster you can do that, the faster you'll get good ideas out.
Failing slow: "We have decided to persue strategy X. It will work. We will make it work. (repeat for five years, two CEOs, and four project renamings.)
Failing fast: "Does this work? Nope. How bout this? Nope. Hmmm. This? Nope. This? Hey...no. But if we do this...EUREKA!
Yes, and to avoid all this, businesses in Ottawa are boarding up their stores. Public works people are physically removing things that can be used as weapons, such as lightpoles.
There are people who are flying into the country specifically to break the law. And they're doing in in Ottawa, because the actual Summit is being held in a little out of the way town, something like 3500 miles away.
Mainly because, as you say, IPSEC is, at least, something of a standard, and is much more transparent. Less ad hoc, perhaps, is the phrase I'm looking for.
But I prefer something that will encrypt the traffic in a 'blanket' fashion, and completely unbeknownest to the application itself.
Perhaps we're using different terminology here, or perhaps I misunderstood the original post. There's a difference between 'creating an encrypted 'tunnel' across an unsecure network' and 'tunnelling a protocol through another.' SOAP is 'tunneled' through HTTP over port 80, and that sucks ass. Building a VPN 'tunnel' across the Internet, using IPSec, L2PP, or something else, is great, because it doesn't affect the original data, other than to encrypt it. The applications don't need to know what's happening, or why. Things aren't going out to nonstandard sockets/ports/whatever.
As I said in a different post, if it needs to be encrypted, it cannot escape to a public network. You need VPNs and the like at that point. Or a WAN.
The problem is that there's so many bloody ways to tunnel; some built into the protocol, some built into the server, some built into the firewall, some built into the routers, some added on by third party apps, it's a horrible horrible mess.
Ideally, the various 'core' protocols of TCP/IP would include provisions for encryption. And using SSL-like technology for this is fine; TLS for example.
To respond to my own post,
Last night, on the news, I saw what is one of the first of the G8 protests in Ottawa. Made up almost entirely of locals. There was something like 150 of them, and all they were doing was walking down the street in a big group. Sure, there was an abudance of hemp hats, and long beards, and, for lack of a better term, 'hippie' style dresses, and sandals, but there were also water bottles, sunglasses, friendly chats between people.
The only police I saw were duty uniformed officers strolling along. One was carrying a small camcorder, filming the protestors. They looked slightly bored.
Next week, Ottawa knows that the 'professional' agitators will have come in. There will be barricades up. The police will not be out in duty uniforms, they'll be out in riot gear. And why, you ask? Because although past performance does not guarentee future performance, it is often a strong indicator.
There are people who are going to be at that summit for the express purpose of causing damage, and violence. I think I can excuse Ottawa for being a little heavy handed in trying to make sure that the average folk walking down the street, who might not even realize that there's a summit going on, don't get beaned in the head with rocks. Why? Because the police can't stop anybody from protesting until they've done something to so warrent.
If the police and gov't were REALLY TRYING to clamp down on our basic freedom to protest, they'd just clear the streets, and break up any protests before they got started. But they're not doing that. They're trying to give the peaceful protestors every opportunity to protest peacefully.
And don't blame the riot cops. Nothing sucks worse than being a riot cop. Riot cops truly are 'damned if they do, and damned if they don't.' Mob psychology is a scary thing, and often all it takes is one person in the crowd who knows what he's doing to turn the whole thing violent.
Exactly. Peaceful protestors don't need balaclavas and backpacks full of bricks and bottles. Peaceful protestors don't say "We're going to block traffic, and if the Police try to move us, well, they're the ones starting the violence." And so on.
The problem with implementing a 'small scale' version is that it's often later turned into the 'wide scale' version. With the expected disasterous results.
Just out of curiousity, could you expand? Why do you consider tunnelling bad? Is it the bandwidth loss due to protocol overhead or something else?
IPSEC is great, but consider the fact that unless the other end is taking similar measures, you are (AFAIK) not gaining anything. (Of ironic interest is that not having both ends in sync is a weakness of tunnelling as well. It takes two to tango...)
Doing anything 'out of spec' is going to have the same problems. And most of the basic Internet protocols were built to be open text.
If you're going from site to site, use a VPN. If you have no control over the other site, then you're going to wind up sending plain text, most likely.
And tunnelling is bad from an admin perspective, as it adds unneeded overhead and what not, as well as making it more difficult to identify what's going on.
This "seatbelt" bullshit makes me want to exact my patriotism and destroy any tyrant who dares impede my freedom to keep me "safe"
Lord knows it couldn't POSSIBLY have anything to do with the fact that a person wearing a seatbelt is much more able to keep control of their vehicle in an emergency situation, and thus helps to avoid endangering OTHERS as well as yourself.
I'll point out that Exchange 2000 includes an MSN Messenger server. It's a real bitch to set up, but it can be done, and you can deploy a completely internal MS Messenger network.
The many eyes argument tends to fall apart when you see major bugs in MAJOR OSS software projects, like Apache and SSH, that have survived for years, through entire version numbers.
The simple fact of the matter is that any complex system is going to have unforseen interactions.
Who's to say the 'repair' wasn't just a cover to get out of the ring
Isn't this where the 'machine logic' usually turns the robot into a killer?
THIS UNIT is programmed to survive. ORGANIC CARBON UNITS force THIS UNIT to engage in activities which threaten to destroy THIS UNIT and therefore ORGANIC CARBON UNITS threaten the survival of THIS UNIT.THIS UNIT must destroy all ORGANIC CARBON UNITS to guarentee survival.
You take it on line, you'd best be cognizant of the risks and requirements thereof.
Or do you think Ford should be liable if one of it's vehicles lets you drive into oncoming traffic? Or doesn't automatically swerve out of the way when somebody from the opposite side of the road suddenly drives into your lane?
Everybody complains about the corporations not taking responsibility, but it's often to avoid taking personal responsibility.
What's that quote from Cryptonomicon, when the guy tells his buddy to use 4096 bit encryption? Something like "I want this encrypted until men no longer do evil."
So, anybody sitting behind a caching proxy...or an offline cache...is doing something you don't want them to do? Because the first, and under a strict interpretation, the second, fall under the heading 'republishing.'
It is hard to complain about a 24-hour response time for a bug.
Actually, it's easy. Watch.
Gee, I wonder what sort of regression testing they did. Or anything along the lines of QA, other than 'it compiles with only warnings.'
Final Fantasy VII for the PC kicked ass because there were no textures. Actually, there was one that I can think of, and that was Barett's tattoo.
The polys were all gourard shaded, I believe, which means that when the rez was bumped up, the shading bumped itself up along with, and all was good.
When VIII came out, it used textures. And when they ported it to PC, they didn't think, or didn't want, to resample all of the textures. So they simply get blown up, and look like crap.
Laserdisc flopped because of pricing and marketing.
DVD is succeeding in the same way that CD beat casette tape.
People like me who had bought, in their lives, five pre-recorded VHS movies, have amassed hundreds of DVDs in the last few years, because DVDs are worth owning.
And to tie this back to the article on Joel on Software, it's also selling complements. DVDs are better with hooge TVs, and sweet surround sound setups, and so on. VHS, on the other hand, is actually worse looking and sounding with the better equipment; it's flaws are magnified.
Not for this. Apparently this is the first time Sprint even realized they got owned by Mitnick in '94.
Correct, he was absolved of criminal wrongdoing. He was then sued in civil, as opposed to criminal, court, by the famlies of the victims, and was found responsible for their 'wrongful deaths.' Or some such, I forget the actual wording. But the point here is that he was found civilly liable for the deaths, if not criminally guilty.
So, similarly, Mitnick might not be criminally liable for his actions, but they might still be able to take him to civil court and sue for lots of money.
If, say, one out of ten ideas are good, useful ones, then you need to come up with, implement, and identify nine ideas before you come up with the good one. The faster you can do that, the faster you'll get good ideas out.
Failing slow: "We have decided to persue strategy X. It will work. We will make it work. (repeat for five years, two CEOs, and four project renamings.)
Failing fast: "Does this work? Nope. How bout this? Nope. Hmmm. This? Nope. This? Hey...no. But if we do this...EUREKA!
Aye, but they could pull an OJ and sue him civilly.
Actually, if he's at all intelligent, which is apparently is, he's garnered immunity in exchange for his testimony.
Yes, and to avoid all this, businesses in Ottawa are boarding up their stores. Public works people are physically removing things that can be used as weapons, such as lightpoles.
There are people who are flying into the country specifically to break the law. And they're doing in in Ottawa, because the actual Summit is being held in a little out of the way town, something like 3500 miles away.
Mainly because, as you say, IPSEC is, at least, something of a standard, and is much more transparent. Less ad hoc, perhaps, is the phrase I'm looking for. But I prefer something that will encrypt the traffic in a 'blanket' fashion, and completely unbeknownest to the application itself. Perhaps we're using different terminology here, or perhaps I misunderstood the original post. There's a difference between 'creating an encrypted 'tunnel' across an unsecure network' and 'tunnelling a protocol through another.' SOAP is 'tunneled' through HTTP over port 80, and that sucks ass. Building a VPN 'tunnel' across the Internet, using IPSec, L2PP, or something else, is great, because it doesn't affect the original data, other than to encrypt it. The applications don't need to know what's happening, or why. Things aren't going out to nonstandard sockets/ports/whatever.
As I said in a different post, if it needs to be encrypted, it cannot escape to a public network. You need VPNs and the like at that point. Or a WAN. The problem is that there's so many bloody ways to tunnel; some built into the protocol, some built into the server, some built into the firewall, some built into the routers, some added on by third party apps, it's a horrible horrible mess. Ideally, the various 'core' protocols of TCP/IP would include provisions for encryption. And using SSL-like technology for this is fine; TLS for example.
To respond to my own post, Last night, on the news, I saw what is one of the first of the G8 protests in Ottawa. Made up almost entirely of locals. There was something like 150 of them, and all they were doing was walking down the street in a big group. Sure, there was an abudance of hemp hats, and long beards, and, for lack of a better term, 'hippie' style dresses, and sandals, but there were also water bottles, sunglasses, friendly chats between people. The only police I saw were duty uniformed officers strolling along. One was carrying a small camcorder, filming the protestors. They looked slightly bored. Next week, Ottawa knows that the 'professional' agitators will have come in. There will be barricades up. The police will not be out in duty uniforms, they'll be out in riot gear. And why, you ask? Because although past performance does not guarentee future performance, it is often a strong indicator. There are people who are going to be at that summit for the express purpose of causing damage, and violence. I think I can excuse Ottawa for being a little heavy handed in trying to make sure that the average folk walking down the street, who might not even realize that there's a summit going on, don't get beaned in the head with rocks. Why? Because the police can't stop anybody from protesting until they've done something to so warrent. If the police and gov't were REALLY TRYING to clamp down on our basic freedom to protest, they'd just clear the streets, and break up any protests before they got started. But they're not doing that. They're trying to give the peaceful protestors every opportunity to protest peacefully. And don't blame the riot cops. Nothing sucks worse than being a riot cop. Riot cops truly are 'damned if they do, and damned if they don't.' Mob psychology is a scary thing, and often all it takes is one person in the crowd who knows what he's doing to turn the whole thing violent.
Exactly. Peaceful protestors don't need balaclavas and backpacks full of bricks and bottles. Peaceful protestors don't say "We're going to block traffic, and if the Police try to move us, well, they're the ones starting the violence." And so on.
The problem with implementing a 'small scale' version is that it's often later turned into the 'wide scale' version. With the expected disasterous results.
Don't do it. Tunnelling is bad. Period. You want a secure network? Use IPSEC or something similar, and encrypt your traffic.
It's not that difficult to configure a network to be one-way only.
I'll point out that Exchange 2000 includes an MSN Messenger server. It's a real bitch to set up, but it can be done, and you can deploy a completely internal MS Messenger network.
The many eyes argument tends to fall apart when you see major bugs in MAJOR OSS software projects, like Apache and SSH, that have survived for years, through entire version numbers. The simple fact of the matter is that any complex system is going to have unforseen interactions.
You take it on line, you'd best be cognizant of the risks and requirements thereof. Or do you think Ford should be liable if one of it's vehicles lets you drive into oncoming traffic? Or doesn't automatically swerve out of the way when somebody from the opposite side of the road suddenly drives into your lane? Everybody complains about the corporations not taking responsibility, but it's often to avoid taking personal responsibility.
What's that quote from Cryptonomicon, when the guy tells his buddy to use 4096 bit encryption? Something like "I want this encrypted until men no longer do evil."
So, anybody sitting behind a caching proxy...or an offline cache...is doing something you don't want them to do? Because the first, and under a strict interpretation, the second, fall under the heading 'republishing.'
Final Fantasy VII for the PC kicked ass because there were no textures. Actually, there was one that I can think of, and that was Barett's tattoo. The polys were all gourard shaded, I believe, which means that when the rez was bumped up, the shading bumped itself up along with, and all was good. When VIII came out, it used textures. And when they ported it to PC, they didn't think, or didn't want, to resample all of the textures. So they simply get blown up, and look like crap.
Laserdisc flopped because of pricing and marketing. DVD is succeeding in the same way that CD beat casette tape. People like me who had bought, in their lives, five pre-recorded VHS movies, have amassed hundreds of DVDs in the last few years, because DVDs are worth owning. And to tie this back to the article on Joel on Software, it's also selling complements. DVDs are better with hooge TVs, and sweet surround sound setups, and so on. VHS, on the other hand, is actually worse looking and sounding with the better equipment; it's flaws are magnified.