Even better would be if every station, not just the base station, acted as a router. Now even the base stations may sometimes benefit from the increased redundancy. To top it all off, the base stations should sign up for a few billion ipv6 addresses and the whole thing should run over ipv6. Add a proxy server for ipv4 services. SOCKS if you want to let people do just about anything.
Probably most importantly, a simple, cross-platform, standalone router should be written for people who don't know what they're doing. Just double click this installer and your laptop will have internet (ipv4) connectivity when you roam within the supported area.
Make this as simple to set up as Richochet (or even simpler) and I bet you can cover a huge percentage of the city.
How about consumer ISP's don't allow inbound TCP connections?
That's when we start tunneling through email, or through irc, or through MSN/AOL/Yahoo Messenger. Hell, you could "tunnel" through automated geocities account creation.
If all ISPs block p2p, consumers have no incentive to hop.
That would require some serious legislation. Legislation which would probably be unconstitutional, but more importantly, would hurt big business.
In any case, they're not going to block email. It's unlikely they'll even block MSN Messenger (as in force Microsoft to close the protocol). Tunnelling TCP over MSN Messenger is trivial, and the two ends don't even know each others IP address.
The problem is not lack of technology. HTML is successful today because precisely because all one can do is request documents. Think about it, would slashdot still be in business if it delivered its stories in XML? No, because no one would look at the ads. Sure, you can argue that there are ways to remove ads anyway but they are very site specific. Until you find a way to make money while giving away your raw content, XML-RPC is not going to be reasonable. Right now you have too many hands all dipping into the same pot: ISPs, web site companies, computer manufacturers, OS companies, to name the largest chunks. And right now that pot is shrinking. Adding direct payments to the content providers isn't going to happen, not for several years, anyway.
Re:Why people love Code Red
on
Code Red III
·
· Score: 1
It's impossible to guard 100% against any kind of break-in.
Absolutely positively untrue. Don't connect the machine to the internet. That guards 100% against an electronic breakin over the internet (which is what we're talking about here).
What's that, you want to allow people to connect to your machine? OK. What do you want to let them do? For any set of things you want to allow them to do, it is possible to set the machine up so that nothing else is possible.
You say a physical break-in is different than an electronic one because there's damage in a physical break-in and not in an electronic one. How is the damage different?
I guess the physicalness isn't the difference. One could argue that the bits on the hard drive are physical. Certainly hooking up your computer to a hammer which breaks your windows if you send it the proper code is physical. The difference is that you are explicitly enabling the damage. If I tell you that if you send me an email I'm going to format my hard drive, should it be illegal for you to send me an email? What if I set up a script which does that automatically?
I have a natural right to be secure in my home. I have a natural right to have my property in my home be secure. I am willing to pay taxes to the government to secure my natural rights and the natural rights of others. I don't have a natural right to run a web server. I don't expect the government to help me run a web server, and I do not want to pay taxes to the government to help others run a web server.
Suppose someone was able to hack a computer at your local power company and black out half the state?
The power company should be sued for negligence. There is no reason for it to be hooked up to the internet, and I highly doubt it is.
Suppose someone launches a DoS attack against your ISP for a day, and your Internet access is rendered useless.
Read your contract. There is probably no responsibility on the part of the ISP. As for the ISP, they can feel free to sue the person if they catch him/her.
Suppose someone mailbombs you because they got pissed off with something you said on a newsgroup. I've been through that, too. Even if there's no physical damage, there's damage caused by wasted time and productivity.
Suppose there's an earthquake and all my windows break? It's not my responsibilty to fix your windows. That's what better windows and insurance is for. You shouldn't set up a server which allows an unlimited number of anonymous emails to be sent to you if that's not what you want to allow. If you want to guard against your own mistakes, feel free to buy insurance.
If you're worried that he won't have the money to pay, then also worry about the victims of such attacks who don't have the money to bankroll their own investigations.
That's what insurance is for. Like I said, I don't feel I have an obligation to help you run a webserver.
In order to sue them, you need to cancel first. Chances are at that point they won't charge you a cancellation fee. If they do, then you need to refuse to pay it. If they charge your credit card, you need to reverse the charges. Then, they have to sue you, not the other way around.
Re:Why people love Code Red
on
Code Red III
·
· Score: 1
If one of them breaks into a system and destroys data or defaces a Web site, what do you propose we do with him?
Nothing. You should have a backup.
Alternatively, if the victim wants to hire a private investigator to catch the kid, and then file a civil lawsuit against him, I'm fine with that. But I don't want my tax money paying for your stupidity. You'll get no help from the DA, no help from the FBI, no help from any law enforcement, you can pay for the court costs yourself (possibly getting it back from the kid if you win the lawsuit and he's not broke), and you won't get my money to feed this kid and put bars around him.
Don't go and compare this to someone whose house is broken into because s/he didn't lock the door. First of all, there is physical harm involved. Secondly, it is impossible to guard 100% against a physical break in. Whereas an electronic break-in is trivial to guard against.
Re:Perhaps we should reconsider...
on
Code Red III
·
· Score: 1
The only problem I see with this is that it advertises to the world that your machine is comprimised. Why is this a bad thing? 1) you might have missed a backdoor, or maybe the virus has mutated to one with different backdoor(s). 2) This advertises that the machine is a windows machine that was running an unpatched version of IIS. While this could probably be found out, you don't want to advertise it to the world. Security through obscurity isn't a solution, but it is one part of a complete solution, at least for some.
Punching a hole in a standard is not illegal. Telling other people that you have punched a hole in a standard is not illegal. Demonstrating that you have punched a hole in a standard is not illegal. Telling others about how you punched that hole in a standard isn't illegal. Distributing the product that punches the hole in a manner reasonably calculated to advance the state of knowledge or development of encryption technology when engaged in a legitimate course of study and then providing the copyright owner with notice of the findings and documentation of the research is not illegal. Distributing the hack for noncommercial purposes is not criminally illegal.
Dmitry was allegedly selling a product designed primarily to commit illegal acts. That's why he was arrested, not because he demonstrated a security hole. He found it, then he tried to profit off of it by distributing it to people who paid him. Allegedly.
So don't use a four letter hotmail ID, how hard is that? Also, if you want to only accept email from people in your address book, unless you're expecting it, it's quite easy to automatically send bulk mail into the bulk mail folder. I currently have 25 messages sitting there right now. You don't get alerts for your bulk mail folder, and the mails get deleted after a certain amount of time, so you don't have to do anything to support it.
I must admit that hotmail isn't very good for mailing lists and signing up for sites, but I have a seperate account and email address for that. Admittedly that gets tons of spam, but I don't read it unless I'm changing my password anyway. For mailing lists, well, I don't read any any more, but you can always make a new account for each mailing list, or use an outlook express filter. Mailing lists via email is a stupid idea for the most part anyway.
I don't know, I'm sick of people complaining about spam. I don't get any in my personal mail, simply by only giving my email to real live humans and using hotmail's spam filter. I contend that if you get a lot of spam it's probably your own fault.
If I could have a few gigs of space and my mail was encrypted on the server, I'd definately pay for hotmail. Because I can use outlook express to compose my replies, hotmail kicks the ass of any other web based mail, and because I can quickly and easily access it from anywhere and get instant alerts, it kicks the ass of any POP/IMAP server. Plus the spam filter they offer is great, I have gotten 0 spams since turning it on.
The alternative is to allow people to sue the police for damages caused by this. For instance, this guy was questioned for all of about 5 minutes. Give him $5 and let him go on his way. On the other hand, Sklyarov was put in a jail cell for X days, he should be able to sue for a large amount of money if he is ultimately found innocent. Otherwise, I agree with you, let the police use whatever technology they have when it's in public. Technology (though not blindly believing in it) will help catch more guilty people and fewer innocent people.
a link database would make it all the easier for prosecutors to put the perpetrators in prison
What if those links are to offshore sites?
I'm somewhat torn about the "links to child porn" issue, only because I can imagine it being used in a newsworthy way. If faced with a decision though, I would support outlawing knowing making direct links to child porn, and probably knowingly making links to sites which primarily deal with child porn. It's a tough call though.
I'm not at all torn about links to DeCSS though. I don't believe that DeCSS should be illegal, therefore I don't believe that links to DeCSS should be illegal.
Right, and therefore fewer consumers buy the product, which hurts the big corporation. Do you think that tobacco companies don't try to fight the huge taxes on cigarettes? Or do you think they're wasting their money by doing this?
It doesn't matter if you apply the tax to the business or the consumer, either way it hurts both.
Why not have another virus that exploited the back door, closed it, then started sending itself to other servers for a certain period of time?
Sending to other servers for a certain period of time is not a good thing. First of all, you are causing harm by checking those other systems. Secondly, you are causing harm on the machine you install this on. Thirdly, you might screw it up, and accidently cause even more harm than you intended.
I don't have a problem with exploiting the back door and closing it for any site which specifically tries to infect you, but after that your interaction with the other server should stop. Even that has the problem of possibly not letting the victim know about the problem, and that in itself is troublesome.
OK, now this is unconstitutional. The U.S. government is the only government that has the right to regulate interstate commerce. This is why you don't get charged sales tax for mail order purchases unless the buyer resides in a state in which you have a nexus (basically, a physical presence). State law simply doesn't apply to interstate commerce otherwise.
I'm pretty confident the supreme court will take this case again. To allow this precedent to be set would be horrible not just for consumers, but for big business as well, as it would pave the way toward taxation of interstate commerce. Write letters to Microsoft and Dell. They will almost surely see the connection and vigorously oppose this ruling.
that someone starts their own virtual internet, where such stupid laws do not apply (either through explicit contracts or through anonymous software distribution).
I am using verizon DSL on the slowest plan, and I regularly get 2.5Mbps. The modem tops out at 7.1Mbps download though, the only reason I top out at 2.5Mbps is because of the next hop bandwidth. Think about it, RADSL goes over the same copper wires. The hardware at the two ends is the only difference, and the bandwidth they need to reserve for the next hop. My point is that with video on demand, the next hop is meaningless, if you store the video at the phone company.
Yes, it shares my voice line. But I still contend that at least half of the cost is coming from the next hop, whether it's voice or data. Direct point to point copper lines don't cost $20/month, no matter how you slice it. They probably cost the phone company about $5/month in recurring costs. I'd bet it's less than that, even.
That's what, 3 DSL lines? $60 a month? As long as you put the TIVO (not literally) at the phone company what's stopping us from video on demand at $60/month? 95% of your DSL bandwidth limits happen after you get to the phone company, not before. Hell, I don't need HDTV quality. DVD quality is more like 6Mbps, or $20/month.
So what? If an author's publisher sells his book in a country where that book is illegal, is the author breaking the law?
If the author knows about it and allows it to happen, certainly. If the author doesn't know about it, or tries to get an injunction to stop it, that's a different story.
Slashdot Mirror
Even better would be if every station, not just the base station, acted as a router. Now even the base stations may sometimes benefit from the increased redundancy. To top it all off, the base stations should sign up for a few billion ipv6 addresses and the whole thing should run over ipv6. Add a proxy server for ipv4 services. SOCKS if you want to let people do just about anything.
Probably most importantly, a simple, cross-platform, standalone router should be written for people who don't know what they're doing. Just double click this installer and your laptop will have internet (ipv4) connectivity when you roam within the supported area.
Make this as simple to set up as Richochet (or even simpler) and I bet you can cover a huge percentage of the city.
Damn, I wish I lived in Manhattan.
How about consumer ISP's don't allow inbound TCP connections?
That's when we start tunneling through email, or through irc, or through MSN/AOL/Yahoo Messenger. Hell, you could "tunnel" through automated geocities account creation.
If all ISPs block p2p, consumers have no incentive to hop.
That would require some serious legislation. Legislation which would probably be unconstitutional, but more importantly, would hurt big business.
In any case, they're not going to block email. It's unlikely they'll even block MSN Messenger (as in force Microsoft to close the protocol). Tunnelling TCP over MSN Messenger is trivial, and the two ends don't even know each others IP address.
The problem is not lack of technology. HTML is successful today because precisely because all one can do is request documents. Think about it, would slashdot still be in business if it delivered its stories in XML? No, because no one would look at the ads. Sure, you can argue that there are ways to remove ads anyway but they are very site specific. Until you find a way to make money while giving away your raw content, XML-RPC is not going to be reasonable. Right now you have too many hands all dipping into the same pot: ISPs, web site companies, computer manufacturers, OS companies, to name the largest chunks. And right now that pot is shrinking. Adding direct payments to the content providers isn't going to happen, not for several years, anyway.
It's impossible to guard 100% against any kind of break-in.
Absolutely positively untrue. Don't connect the machine to the internet. That guards 100% against an electronic breakin over the internet (which is what we're talking about here).
What's that, you want to allow people to connect to your machine? OK. What do you want to let them do? For any set of things you want to allow them to do, it is possible to set the machine up so that nothing else is possible.
You say a physical break-in is different than an electronic one because there's damage in a physical break-in and not in an electronic one. How is the damage different?
I guess the physicalness isn't the difference. One could argue that the bits on the hard drive are physical. Certainly hooking up your computer to a hammer which breaks your windows if you send it the proper code is physical. The difference is that you are explicitly enabling the damage. If I tell you that if you send me an email I'm going to format my hard drive, should it be illegal for you to send me an email? What if I set up a script which does that automatically?
I have a natural right to be secure in my home. I have a natural right to have my property in my home be secure. I am willing to pay taxes to the government to secure my natural rights and the natural rights of others. I don't have a natural right to run a web server. I don't expect the government to help me run a web server, and I do not want to pay taxes to the government to help others run a web server.
Suppose someone was able to hack a computer at your local power company and black out half the state?
The power company should be sued for negligence. There is no reason for it to be hooked up to the internet, and I highly doubt it is.
Suppose someone launches a DoS attack against your ISP for a day, and your Internet access is rendered useless.
Read your contract. There is probably no responsibility on the part of the ISP. As for the ISP, they can feel free to sue the person if they catch him/her.
Suppose someone mailbombs you because they got pissed off with something you said on a newsgroup. I've been through that, too. Even if there's no physical damage, there's damage caused by wasted time and productivity.
Suppose there's an earthquake and all my windows break? It's not my responsibilty to fix your windows. That's what better windows and insurance is for. You shouldn't set up a server which allows an unlimited number of anonymous emails to be sent to you if that's not what you want to allow. If you want to guard against your own mistakes, feel free to buy insurance.
If you're worried that he won't have the money to pay, then also worry about the victims of such attacks who don't have the money to bankroll their own investigations.
That's what insurance is for. Like I said, I don't feel I have an obligation to help you run a webserver.
In order to sue them, you need to cancel first. Chances are at that point they won't charge you a cancellation fee. If they do, then you need to refuse to pay it. If they charge your credit card, you need to reverse the charges. Then, they have to sue you, not the other way around.
If one of them breaks into a system and destroys data or defaces a Web site, what do you propose we do with him?
Nothing. You should have a backup.
Alternatively, if the victim wants to hire a private investigator to catch the kid, and then file a civil lawsuit against him, I'm fine with that. But I don't want my tax money paying for your stupidity. You'll get no help from the DA, no help from the FBI, no help from any law enforcement, you can pay for the court costs yourself (possibly getting it back from the kid if you win the lawsuit and he's not broke), and you won't get my money to feed this kid and put bars around him.
Don't go and compare this to someone whose house is broken into because s/he didn't lock the door. First of all, there is physical harm involved. Secondly, it is impossible to guard 100% against a physical break in. Whereas an electronic break-in is trivial to guard against.
The only problem I see with this is that it advertises to the world that your machine is comprimised. Why is this a bad thing? 1) you might have missed a backdoor, or maybe the virus has mutated to one with different backdoor(s). 2) This advertises that the machine is a windows machine that was running an unpatched version of IIS. While this could probably be found out, you don't want to advertise it to the world. Security through obscurity isn't a solution, but it is one part of a complete solution, at least for some.
Punching a hole in a standard is not illegal. Telling other people that you have punched a hole in a standard is not illegal. Demonstrating that you have punched a hole in a standard is not illegal. Telling others about how you punched that hole in a standard isn't illegal. Distributing the product that punches the hole in a manner reasonably calculated to advance the state of knowledge or development of encryption technology when engaged in a legitimate course of study and then providing the copyright owner with notice of the findings and documentation of the research is not illegal. Distributing the hack for noncommercial purposes is not criminally illegal.
Dmitry was allegedly selling a product designed primarily to commit illegal acts. That's why he was arrested, not because he demonstrated a security hole. He found it, then he tried to profit off of it by distributing it to people who paid him. Allegedly.
So don't use a four letter hotmail ID, how hard is that? Also, if you want to only accept email from people in your address book, unless you're expecting it, it's quite easy to automatically send bulk mail into the bulk mail folder. I currently have 25 messages sitting there right now. You don't get alerts for your bulk mail folder, and the mails get deleted after a certain amount of time, so you don't have to do anything to support it.
I must admit that hotmail isn't very good for mailing lists and signing up for sites, but I have a seperate account and email address for that. Admittedly that gets tons of spam, but I don't read it unless I'm changing my password anyway. For mailing lists, well, I don't read any any more, but you can always make a new account for each mailing list, or use an outlook express filter. Mailing lists via email is a stupid idea for the most part anyway.
I don't know, I'm sick of people complaining about spam. I don't get any in my personal mail, simply by only giving my email to real live humans and using hotmail's spam filter. I contend that if you get a lot of spam it's probably your own fault.
If I could have a few gigs of space and my mail was encrypted on the server, I'd definately pay for hotmail. Because I can use outlook express to compose my replies, hotmail kicks the ass of any other web based mail, and because I can quickly and easily access it from anywhere and get instant alerts, it kicks the ass of any POP/IMAP server. Plus the spam filter they offer is great, I have gotten 0 spams since turning it on.
Yeah, FreeBSD never has root exploits that are enabled by default.
The alternative is to allow people to sue the police for damages caused by this. For instance, this guy was questioned for all of about 5 minutes. Give him $5 and let him go on his way. On the other hand, Sklyarov was put in a jail cell for X days, he should be able to sue for a large amount of money if he is ultimately found innocent. Otherwise, I agree with you, let the police use whatever technology they have when it's in public. Technology (though not blindly believing in it) will help catch more guilty people and fewer innocent people.
a link database would make it all the easier for prosecutors to put the perpetrators in prison
What if those links are to offshore sites?
I'm somewhat torn about the "links to child porn" issue, only because I can imagine it being used in a newsworthy way. If faced with a decision though, I would support outlawing knowing making direct links to child porn, and probably knowingly making links to sites which primarily deal with child porn. It's a tough call though.
I'm not at all torn about links to DeCSS though. I don't believe that DeCSS should be illegal, therefore I don't believe that links to DeCSS should be illegal.
Right, and therefore fewer consumers buy the product, which hurts the big corporation. Do you think that tobacco companies don't try to fight the huge taxes on cigarettes? Or do you think they're wasting their money by doing this?
It doesn't matter if you apply the tax to the business or the consumer, either way it hurts both.
Why not have another virus that exploited the back door, closed it, then started sending itself to other servers for a certain period of time?
Sending to other servers for a certain period of time is not a good thing. First of all, you are causing harm by checking those other systems. Secondly, you are causing harm on the machine you install this on. Thirdly, you might screw it up, and accidently cause even more harm than you intended.
I don't have a problem with exploiting the back door and closing it for any site which specifically tries to infect you, but after that your interaction with the other server should stop. Even that has the problem of possibly not letting the victim know about the problem, and that in itself is troublesome.
OK, now this is unconstitutional. The U.S. government is the only government that has the right to regulate interstate commerce. This is why you don't get charged sales tax for mail order purchases unless the buyer resides in a state in which you have a nexus (basically, a physical presence). State law simply doesn't apply to interstate commerce otherwise.
I'm pretty confident the supreme court will take this case again. To allow this precedent to be set would be horrible not just for consumers, but for big business as well, as it would pave the way toward taxation of interstate commerce. Write letters to Microsoft and Dell. They will almost surely see the connection and vigorously oppose this ruling.
How does this differ from those paramagnetic fields, which can levitate frogs?
The real world also has physical aspects to it. Without physical aspects, laws are unnecessary.
that someone starts their own virtual internet, where such stupid laws do not apply (either through explicit contracts or through anonymous software distribution).
I am using verizon DSL on the slowest plan, and I regularly get 2.5Mbps. The modem tops out at 7.1Mbps download though, the only reason I top out at 2.5Mbps is because of the next hop bandwidth. Think about it, RADSL goes over the same copper wires. The hardware at the two ends is the only difference, and the bandwidth they need to reserve for the next hop. My point is that with video on demand, the next hop is meaningless, if you store the video at the phone company.
Yes, it shares my voice line. But I still contend that at least half of the cost is coming from the next hop, whether it's voice or data. Direct point to point copper lines don't cost $20/month, no matter how you slice it. They probably cost the phone company about $5/month in recurring costs. I'd bet it's less than that, even.
That's what, 3 DSL lines? $60 a month? As long as you put the TIVO (not literally) at the phone company what's stopping us from video on demand at $60/month? 95% of your DSL bandwidth limits happen after you get to the phone company, not before. Hell, I don't need HDTV quality. DVD quality is more like 6Mbps, or $20/month.
Just because you were "only following orders" doesn't make it legal to arrest someone on an unconstitutional charge.
Exactly what part of the constitution prohibits congress from establishing laws regulating international trade?
That is a violation of the DMCA, and, unfortunately, "ignorance of the law is no excuse".
Actually, ignorance of this law is an excuse. (em mine)
So what? If an author's publisher sells his book in a country where that book is illegal, is the author breaking the law?
If the author knows about it and allows it to happen, certainly. If the author doesn't know about it, or tries to get an injunction to stop it, that's a different story.
Dude... read up on the charges. They have nothing to do with the speech, and were committed while he was in Russia.