I really dislike the service (which I won't mention) that automatically hits all the various registries to gather this historical WHOIS information, but I won't deny it has a purpose here.
More likely they registered that domain for brand protection and repurposed it to keep their services up while they regain control of the.com. It's easier to register a domain than go through the UDRP with ICANN and/or the applicable registry to take it down when someone starts using it maliciously.
The ACLU has done a lot for various freedoms, including internet freedoms. One instance, where the ACLU represented an ISP that was served with National Security Letters, serves to illustrate the kinds of high profile and essential litigation they perform.
Yeah, but they have contract terms that basically allow them to discontinue your service for any or no reason whatsoever, so it's not like that changes much. I suppose the only difference would be, in the case of breaches of contract, you wouldn't get a refund.
I doubt Sony is going to see what Microsoft is doing as anything other than a precedent and road map for future endeavors. The only reason PSN is free is because they wanted to overcome the shocking price of the initial PS3 models and wanted to take a chunk out of Xbox Live's market share. Xbox Live is profitable, PSN is not. If PSN ever reaches comfortable profitability, you can bet they'll be doing exactly what Microsoft is. They're just as much about screwing the customer as any other company (anti-piracy rootkits anyone?).
Xbox Live is in the unique situation of being able to sell ads to the end-user, sell the ability to access end-users (via Marketplace) to publishers/developers, and take a cut of those purchases between publisher and end-user.
The article discusses this as a problem, but as far as Microsoft is concerned, it's everything as it should be. Customers aren't pissed enough to leave because they still see value in the service they're paying for and the ads are pretty unobtrusive. Until end-users or publishers get annoyed enough at the status quo to make a significant enough dent in their profits, Microsoft is not going to care. As it stands, we'll pretty much have to wait for one of the big name publishers to get annoyed enough that their games aren't getting the exposure they want, because the current minority voice of end-users annoyed at ads just isn't loud enough, and I don't think it ever will be. Publishers and their triple-A titles on the other hand have a ton of sway.
Of course, it will be interesting to see if the increasing dependence on Microsoft continues. If so, it might get to the point where the publishers don't have much sway as far as negotiations are concerned. Given that the gaming industry (excepting a few smart companies and indie devs) are basically abandoning the PC market in favor of locked-in console gamers, we're near the point where the console manufacturers and their signing keys are going to be the barrier between publishers and their continued success (or eventual failure).
Re:Saying "PHP 5.4 Released" isn't that meaningful
on
PHP 5.4 Released
·
· Score: 0
If you want opinion, go read an op ed in your local news, or if you really need technology opinion pieces, go read a PC World or what have you. PHP 5.4 being released is news people will care about, hence it being here.
Presumably you mean they cracked/etc/shadow.
Still, piss poor is a good assessment for their attempts at securing this process. At least they opened it up for public testing though.
So they went after the LulzSec mouthpiece instead of after someone involved with their illicit activities. Certainly the weakest link in the chain, but I wonder realistically how much this will limit LulzSec.
I think using intent as a basis for this judgment is a slippery slope, though. My counterargument is, for instance, having a website which links to videos of people committing vandalism. Regardless of whether it's a site by some graffiti artist who admires the content they're linking to, or some "get off my lawn type" documenting crimes being committed, it should be allowed either way, even if it could be construed as supporting something illegal.
What if the site name was different, say, "scumbagcopyrightinfringingwebsites.net", from someone who works in the movie industry and wants to generate a public list of sites of copyright infringers for his employer to take down (unlikely, I know, but an example nonetheless)? The intent is wildly different, but the end is the same--someone could use it to find streams or what have you of shows they want to watch or songs they want to listen to.
What if the site just blindly compiles video results from the Google Custom Search API allowing people unfamiliar with Google hacks to find TV shows? Different intent, but no attempt to limit those who obviously intend to use it for copyright infringement. Should a site like this have to take into consideration the copyright holders?
I like using rlslog.net to conveniently find torrents. They host no copyrighted content whatsoever, only link to sites which link to torrents which in a sense link to a swarm of people who have parts of the file of interest.
I imagine that, just following random links on the internet from nearly any given site, I could eventually get to the site I mentioned above. How many links is enough degrees of separation? Surely if liability is introduced simply by linking to a website, you are liable for anything sites you link to also link to. I wonder how many government sites link to Google as their site search provider? Google can get you anywhere, so surely the government would in those cases be liable for linking to Google which links to torrent sites. And that's why this idea is completely absurd.
And how the hell is what this kid did worthy of extradition, or even a felony in the US? Our copyright policy is so ridiculous.
Yes it is; you're innocent until proven guilty, regardless of how much prosecutors, police, and the government don't want to believe it sometimes. If the government can't be burdened to prove that he's guilty, he's innocent.
Schools in North America at least--if not everywhere in the West--seem to think that their disciplinary powers extend to any actions committed by students anywhere during their years of attendance.
In my opinion, the only time a school should have the ability to initiate disciplinary action for an act committed off school premises should be after trial and conviction of a crime. Free speech protections often don't apply in schools (don't get me started on that), but a school has absolutely no right to restrict a student's speech off school grounds, and this would be aptly enforced by requiring disciplinary sanctions for off ground behavior be the result of a conviction in a court of law. This school would get laughed at if they even mentioned prosecution of this student for this behavior to a DA, so there's no reason they should be allowed to do this.
I'm pretty sure DD-WRT doesn't generate a new certificate every reboot, and if it did, generating a new private key would be a required part of that (the private/public keypair are generated in tandem as a necessary step of RSA).
I recently just reinstalled DD-WRT on my router for various irrelevant reasons. However, I had set it up with remote SSH access on a non-standard port so I could tunnel through it to my home web server to retrieve documents and such. I just did this over the weekend, and today (my first day back at work since) I ssh'd into it, and was presented with a prompt by PuTTY to accept the key fingerprint. So, it appears, a unique key is generated at least between firmware installs.
1) Router administrator negotiates an HTTPS or SSH session with a router or other hardware
2) Attacker is either listening passively or is a man in the middle (via ARP poisoning or what have you). Because they have the private key, they can advertise themselves as being the router without raising the alarm with your SSH client or browser
3) You provide credentials to the router (or MITM). The credentials are logged by the attacker
4) You proceed to do whatever you intended to do in the router's configuration, and log out.
5) Some time later, the attacker logs into the router as you, and makes nefarious changes to the router configuration (such as uploading compromised firmware which logs traffic, or has a backdoor, etc). Any changes done look like they've been done by the router administrator.
I don't know how likely this is in a work scenario though; I haven't searched the database for common mid-level to enterprise routers/remotely configurable switches. More than likely, in a work situation, you'd be using hardware which generates a key pair upon initial configuration. The scenario above is more likely to apply to SOHO, or to consumer wireless hardware in the home.
Presumably it will allow an attacker the ability to listen passively for traffic between a router administrator and the router itself, allowing the attacker to gather login credentials and use them to whatever ends they intend.
I'm pretty sure the article has no opinion on the link between the local population size and birth rate (where obviously the birth rate is proportional to the local population size). It means to test people's aptitude to incorrectly jump to a casual link between two related--but definitely not causally related--variables.
ctrl+f "DMCA" in that article doesn't find anything. Has this Righthaven organization heard of the DMCA, and the provisions it provides for relief from copyright infringement? Seems like a textbook case for a DMCA takedown notice. IANAL, but I imagine a judge will take one look at this and say "did you even TRY to work something out with the infringing party before litigating?"
Slashdot Mirror
I really dislike the service (which I won't mention) that automatically hits all the various registries to gather this historical WHOIS information, but I won't deny it has a purpose here.
More likely they registered that domain for brand protection and repurposed it to keep their services up while they regain control of the .com. It's easier to register a domain than go through the UDRP with ICANN and/or the applicable registry to take it down when someone starts using it maliciously.
The ACLU has done a lot for various freedoms, including internet freedoms. One instance, where the ACLU represented an ISP that was served with National Security Letters, serves to illustrate the kinds of high profile and essential litigation they perform.
Yeah, but they have contract terms that basically allow them to discontinue your service for any or no reason whatsoever, so it's not like that changes much. I suppose the only difference would be, in the case of breaches of contract, you wouldn't get a refund.
I doubt Sony is going to see what Microsoft is doing as anything other than a precedent and road map for future endeavors. The only reason PSN is free is because they wanted to overcome the shocking price of the initial PS3 models and wanted to take a chunk out of Xbox Live's market share. Xbox Live is profitable, PSN is not. If PSN ever reaches comfortable profitability, you can bet they'll be doing exactly what Microsoft is. They're just as much about screwing the customer as any other company (anti-piracy rootkits anyone?).
Xbox Live is in the unique situation of being able to sell ads to the end-user, sell the ability to access end-users (via Marketplace) to publishers/developers, and take a cut of those purchases between publisher and end-user.
The article discusses this as a problem, but as far as Microsoft is concerned, it's everything as it should be. Customers aren't pissed enough to leave because they still see value in the service they're paying for and the ads are pretty unobtrusive. Until end-users or publishers get annoyed enough at the status quo to make a significant enough dent in their profits, Microsoft is not going to care. As it stands, we'll pretty much have to wait for one of the big name publishers to get annoyed enough that their games aren't getting the exposure they want, because the current minority voice of end-users annoyed at ads just isn't loud enough, and I don't think it ever will be. Publishers and their triple-A titles on the other hand have a ton of sway.
Of course, it will be interesting to see if the increasing dependence on Microsoft continues. If so, it might get to the point where the publishers don't have much sway as far as negotiations are concerned. Given that the gaming industry (excepting a few smart companies and indie devs) are basically abandoning the PC market in favor of locked-in console gamers, we're near the point where the console manufacturers and their signing keys are going to be the barrier between publishers and their continued success (or eventual failure).
Smallpox blankets didn't happen. It's just another part of Ward Churchill's academic misconduct.
See here.
If you want opinion, go read an op ed in your local news, or if you really need technology opinion pieces, go read a PC World or what have you. PHP 5.4 being released is news people will care about, hence it being here.
Presumably you mean they cracked /etc/shadow.
Still, piss poor is a good assessment for their attempts at securing this process. At least they opened it up for public testing though.
So they went after the LulzSec mouthpiece instead of after someone involved with their illicit activities. Certainly the weakest link in the chain, but I wonder realistically how much this will limit LulzSec.
I think using intent as a basis for this judgment is a slippery slope, though. My counterargument is, for instance, having a website which links to videos of people committing vandalism. Regardless of whether it's a site by some graffiti artist who admires the content they're linking to, or some "get off my lawn type" documenting crimes being committed, it should be allowed either way, even if it could be construed as supporting something illegal.
What if the site name was different, say, "scumbagcopyrightinfringingwebsites.net", from someone who works in the movie industry and wants to generate a public list of sites of copyright infringers for his employer to take down (unlikely, I know, but an example nonetheless)? The intent is wildly different, but the end is the same--someone could use it to find streams or what have you of shows they want to watch or songs they want to listen to.
What if the site just blindly compiles video results from the Google Custom Search API allowing people unfamiliar with Google hacks to find TV shows? Different intent, but no attempt to limit those who obviously intend to use it for copyright infringement. Should a site like this have to take into consideration the copyright holders?
I like using rlslog.net to conveniently find torrents. They host no copyrighted content whatsoever, only link to sites which link to torrents which in a sense link to a swarm of people who have parts of the file of interest.
I imagine that, just following random links on the internet from nearly any given site, I could eventually get to the site I mentioned above. How many links is enough degrees of separation? Surely if liability is introduced simply by linking to a website, you are liable for anything sites you link to also link to. I wonder how many government sites link to Google as their site search provider? Google can get you anywhere, so surely the government would in those cases be liable for linking to Google which links to torrent sites. And that's why this idea is completely absurd.
And how the hell is what this kid did worthy of extradition, or even a felony in the US? Our copyright policy is so ridiculous.
Yes it is; you're innocent until proven guilty, regardless of how much prosecutors, police, and the government don't want to believe it sometimes. If the government can't be burdened to prove that he's guilty, he's innocent.
Last I checked, Canada was a country in the North American continent. But please, take the opportunity to bring up the US for no discernible reason.
Schools in North America at least--if not everywhere in the West--seem to think that their disciplinary powers extend to any actions committed by students anywhere during their years of attendance.
In my opinion, the only time a school should have the ability to initiate disciplinary action for an act committed off school premises should be after trial and conviction of a crime. Free speech protections often don't apply in schools (don't get me started on that), but a school has absolutely no right to restrict a student's speech off school grounds, and this would be aptly enforced by requiring disciplinary sanctions for off ground behavior be the result of a conviction in a court of law. This school would get laughed at if they even mentioned prosecution of this student for this behavior to a DA, so there's no reason they should be allowed to do this.
And those apps require that all location data be recorded and saved to a file all the time?
Did you mean to say unlike lazy people in general?
If you can get the symmetric key negotiated between the two hosts, what's stopping you from using it to decrypt subsequent traffic?
I'm pretty sure DD-WRT doesn't generate a new certificate every reboot, and if it did, generating a new private key would be a required part of that (the private/public keypair are generated in tandem as a necessary step of RSA).
I recently just reinstalled DD-WRT on my router for various irrelevant reasons. However, I had set it up with remote SSH access on a non-standard port so I could tunnel through it to my home web server to retrieve documents and such. I just did this over the weekend, and today (my first day back at work since) I ssh'd into it, and was presented with a prompt by PuTTY to accept the key fingerprint. So, it appears, a unique key is generated at least between firmware installs.
1) Router administrator negotiates an HTTPS or SSH session with a router or other hardware
2) Attacker is either listening passively or is a man in the middle (via ARP poisoning or what have you). Because they have the private key, they can advertise themselves as being the router without raising the alarm with your SSH client or browser
3) You provide credentials to the router (or MITM). The credentials are logged by the attacker
4) You proceed to do whatever you intended to do in the router's configuration, and log out.
5) Some time later, the attacker logs into the router as you, and makes nefarious changes to the router configuration (such as uploading compromised firmware which logs traffic, or has a backdoor, etc). Any changes done look like they've been done by the router administrator.
I don't know how likely this is in a work scenario though; I haven't searched the database for common mid-level to enterprise routers/remotely configurable switches. More than likely, in a work situation, you'd be using hardware which generates a key pair upon initial configuration. The scenario above is more likely to apply to SOHO, or to consumer wireless hardware in the home.
Presumably it will allow an attacker the ability to listen passively for traffic between a router administrator and the router itself, allowing the attacker to gather login credentials and use them to whatever ends they intend.
I'm pretty sure the article has no opinion on the link between the local population size and birth rate (where obviously the birth rate is proportional to the local population size). It means to test people's aptitude to incorrectly jump to a casual link between two related--but definitely not causally related--variables.
ctrl+f "DMCA" in that article doesn't find anything. Has this Righthaven organization heard of the DMCA, and the provisions it provides for relief from copyright infringement? Seems like a textbook case for a DMCA takedown notice. IANAL, but I imagine a judge will take one look at this and say "did you even TRY to work something out with the infringing party before litigating?"
I suppose I should also elaborate that raw sockets are required to make non-standard modifications to the IP header (such as spoofing the IP address).