However, for SOHO applications, this could save people thousands of dollars (especially small-to-medium businesses).
You do realize that since all the.com's went out of business you can buy used Cisco equipment for dirt cheap? You can even buy their low-grade equipment for pretty cheap.
For example: a Cisco 2501 you can find for probably $400 - $500. I'd rather have one of those than a Linux box, just for that whole "Best tool for the job" bit...
Re:Bunch of nice people work there
on
A Tour of Pixar
·
· Score: 1
Just remember that talent is something you develop, it's not something you're born with. You want to work there? Start climbing the steps.
I'm a decent artist. It's 50% talent, 50% work. I've found I have a cartoonist style, but I can't do still life. No matter how hard I try, I know guys who could beat me when they were in junior high school.
Play the hand you are dealt with, accept what you can't do well and do it mediocre and enjoy it.
You know what happens when everybody believes they have a talent and jumps on the "Fun and Money Bandwagon"?.com
I've never said its illegal to reverse engineer software. Its not illegal to own lockpicks, either. Breaking into buildings, though. That's illegal. With or without lockpicks. In fact, you don't even have to lock the doors. All you have to do is make it clear that it is private property, and that the general public is not invited. I think by hiding the protocols to access these features, and calling them 'admin featuers', UBISoft has fulfilled this requirement.
You said that they "broke into the client" which is just stupid. They did nothing of the sorts. If you honestly think that hiding the protocols to access admin features means UbiSoft has fulfilled their responsibility for security than, quite frankly, you are an idiot.
"But officer, I put my door in the back of my house so nobody could find it! It's not my fault they broke into it."
I'm not excusing the act of exploiting their services, but I'm not excusing UbiSoft for being incompotent and idiotic either. They had a very definite hand in what happened. It's like parents who keep loaded guns around children.
The time taken to fix the result of the attacks is independant of the time to fix the original bug. (reverting servers, answering support calls, etc).
Ok, repeat after me. Had it been an email notification, the same process would have likely taken place. Why do you not understand that? Oh, because you think that UbiSoft not telling people where the admin controls are at constitutes security...
You have never answered the question of why these people should not be punished (or deserve only extremely light punishment) for disrupting the service of thousands of people.
Yes, I have answered it. You just don't read what I write. You didn't answer my question that I posted last time. You tried:
The fix for this problem can be written with the servers still running. Access to these functions can be monitored, possibly controlled at a firewall level. The installation of the patch can occur during normal weekly maintenence cycles, which take place during periods of low usage.
This is where you prove without a shadow of a doubt you are absolutely clueless. You have obviously never worked in a production environment with server farms running code that could be exploited (and people try to exploit) at any given moment. Newsflash: If someone emails you and says, "By the way, your admin ports are hanging out and anybody can connect in if they figure it out" shit hits the fan.
You still think the attacker is indirectly responsible, which is bullshit from a criminal point of view.
You also think that these people have value. They are paying for entertainment, so why do they bitch if they get to live the same experience again? If it was so much fun the first time, they'll do it better the second time.
It's a fucking game. People didn't get to play their game. The person(s) who did this are going to get away, and I'm not saying that I think they should or not. I'm merely stating that they are. It's the way the law works. They only mucked around on one server. UbiSoft fixed all of them.
You know what this means? He's responsible for what happened on one server. Everything else is indirect damages, and are not his fault.
At this point, I would be amazed if you were older than 16... your lack of actually reading what other people write and understanding systems and law is astounding.
Are you, again, arguing that the attackers didn't have to break the code to do this? Whether the code "should" or "should not" contain this ability is pretty irrelevant.
Show me where it's illegal to reverse engineer software. Only technological copyright protection devices have this protection.
Furthermore, the EULA probably states that downtime will happen for reasons like software, hardware, and network maintenence. I doubt it lists malicious attackers.
The malicious attacker did not cause downtime. UbiSoft caused downtime for maintenance to fix a bug that they created. The attacker merely caused havok inside the game. It was UbiSofts decision to rollback, and they didn't technically need to.
This is false. All services were interrupted. All users were affected. Interruption to all services was a direct result of the attack. All servers needed to be reset, as the extent of the attack was not verifiable.
Ok, answer this question then: Why would this be different if someone had sent them an email detailing how to do the attack and saying that it is possible other people know about it?
This is false. UBISoft is not 'liable' for anything. They are responsible for their services. Had this attack not happened, no rollbacks would have been needed, no additional downtime would have occurred. The fix would have been installed during their next maintenence cycle.
First, prove that the rollbacks were in fact necessary. It looks like UbiSoft did that to be sure that nobody used the exploit to get something they didn't win in the game. If someone sent them an email and said, "I figured this out, and it's quite likely someone else will." than UbiSoft would have done an emergency patch job. You don't wait when you know there is a gaping security hole, you fix it then. Especially if it is a trivial fix (And 8 hours to patch all the services is trivial.)
This is false. There is significant damage, more than $4000. The crime committed affected thousands of people. The perpetrators deserve punishment.
If someone steals my car, and I have a computer in that car that I use to make money with (Lets say $4K a day, doing consulting work) they are not responsible for my lost wages. If I don't get my computer back, they are responsible for the computer. If I do, they are responsible for the crime of stealing my car (stealing something of a value greater than $5,000 - Grand Larceny, a felony)
No court will ever find that this attacker is directly responsible for more than the actual damage he caused directly. You are trying to blame him for indirect damage, and life doesn't work that way. In a civil case, UbiSoft could probably be able to get awarded the damages ($4K, it costs more for their lawyer than they get back) but in a criminal case, this will be treated exactly like toilet papering someones office.
Your analogy breaks down immediately. UBISoft clearly had locks on the doors. Not including the fucntionality in the client to begin with constitutes locks on the doors.
Providing that functionality to begin with is the problem. The fact that any client, not just those provided by UbiSoft (Think of employee, vs someone walking in off the street) could do this given the proper knowledge (where the door is located.)
The only reason that the people involved aren't getting refunds is because they haven't demanded it. And who would they demand it from? They would demand it from the attackers, as UBISoft's user agreement covers UBISoft from outages. When you're talking about damage here, you're talking about damage to anyone involved, not damage to only UBISoft.
Give each person the thirty cents, big fucking deal. Only give those people who were affected by the malicious client refunds, because that is the only damage caused by the perpetrator.
My statement is that because this service is provided without uptime guarantee, nor do people pay per hour/minute but by month, there is no valid way to calculate actual damages.
You cannot include any damages done by UbiSoft having to patch their servers and services. Because had someone notified them via email it would still have the same outcome.
Re:ding ding! Not in beta! (Score:1) by zipwow (1695) on 06:24 PM May 29th, 2003 (#6072833) (http://zipwow.net/) No, it's completely in sync with property. If a business doesn't have any locks on it's doors, and someone breaks in (by merely opening the door and walking in) and spreads toilet paper all over the place, the doors would then have locks installed. That's all I'm saying.
If a business doesn't have any locks on it's doors, and someone breaks in (by merely opening the door and walking in) and spreads toilet paper all over the place, the doors would then have locks installed.
Your analogy breaks down immediately. UBISoft clearly had locks on the doors. Not including the fucntionality in the client to begin with constitutes locks on the doors.
So, in your example, the building has a rather wimpy security system, say cheap locks. This is probably a stupid choice on their part, but that doesn't really affect the legality or morality of the situation. Then, someone breaks in and trashes the place. I can't think of an analogy for 15,000 people not being able to play a game that they subscribe to, but I think you can see the point from here.
Maybe the business should've invested in a night guard, but that doesn't make it legal to break the cheap locks.
This is wrong, and this is why I listed my point twice. 15,000 people were affected by a bug in UbiSofts system. 1,200 people (or 3,000 as registered on that server, whatever) were affected by what the attacker did.
You understand the difference?
No, because there isn't one.
Are you arguing that UBISoft, upon noticing this exploit, shouldn't have restarted and rolled back all their servers? If this security problem hadn't been violated in this way, the rollback (and affects on all the players) could have been avoided. Also, the outage for the servers could have been much shorter, and at a time where it would have less impact on the general player base.
The outage was a direct result of the attacker's actions. Just because the locks on the doors weren't as strong as they needed to be (in your analogy), doesn't mean that the attackers aren't responsible for having to check and clean the whole building for vandalism after they broke in.
There is no damage, as I've said before. Damage doesn't mean pissed of geeks. Damage means money that is actually lost that they would have otherwise. You can't list UbiSoft having to patch their servers and services, because that would be the case even if they were notified in a friendly email. You can only list the actual damages: None.
If they distributed their IP in GPL'd code without their knowledge, the GPL does not apply to that code, as it was licensed by someone who did not have the authority to license it. They accepted the kernal as a package, under good faith that all contributions to it were legitimately licensed by the contributing parties.
Caldera has numerous kernel patches, which would lead one to believe that they did have a consistent review and familiarity of the kernel code long before this became an issue.
There are 3 things to prove: 1. They did not willfully and knowingly distribute "tainted" code through the Linux kernel (in the form of the Caldera kernel patches.) 2. They do in fact own the property rights to the code in question, and not Novell. As said in the article that is under interpretation. Novell has a lot more money than SCO, so Novell wins. 3. Tainted code actually exists in the Linux kernel. 5-15 lines, as stated, in multiple occurances can merely be a coincidence. The large blocks of code spoken of mysteriously is going to be the meat and potatoes.
Windows Update's main function is to provide a central place to patch all the holes and exploits that are discovered weekly in their software. Gentoo's emerge is there to install and update a whole library of software maintained and developed by many different companies and people. Call me blind, but I don't see the similarities.
Apparently you don't visit Freshmeat too often. If you had, you would see software packages that get updated constantly. Having a central service that ensures those are distributed and installed is a good idea.
Every software goes through revisions, but I guess because it's Microsoft Windows that gets updated and better it's inferior.
This view of the world of software as the only law on the internet, and anything not explicitly denied is allowed, is pretty out of whack with the idea of property.
No, it's completely in sync with property. If a business doesn't have any locks on it's doors, and someone breaks in (by merely opening the door and walking in) and spreads toilet paper all over the place, the doors would then have locks installed. That's all I'm saying.
UbiSoft didn't have locks installed. They learned they needed them. They installed them. End of story.
This is patently ridiculous. Ask any of the 15,000 people affected by this which option they'd prefer. I still don't understand why you assign no value to the time of the subscribers of this system.
This is wrong, and this is why I listed my point twice. 15,000 people were affected by a bug in UbiSofts system. 1,200 people (or 3,000 as registered on that server, whatever) were affected by what the attacker did.
You understand the difference?
The attackers broke the law, and disrupted the service, preventing thousands of paying users from using it. I don't see how damages aren't obvious.
There is no damage, as I've said before. Damage doesn't mean pissed of geeks. Damage means money that is actually lost that they would have otherwise. You can't list UbiSoft having to patch their servers and services, because that would be the case even if they were notified in a friendly email. You can only list the actual damages: None.
I think it would include at least a portion of the people who cancelled their accounts.
Only if you could prove the sole reason each of those people cancelled was due to this bug.
From the Ubisoft post and elsewhere, I read that *all* the servers were taken down and reverted. This process took somewhere between two and six hours. Lets take five.
This would be negligence, and correlative damage though. If UbiSoft did their part (By not doing buggy software) than the software would not need to be taken down. From what I read, it only took place on one server (Kahn or something)
Correlative damage doesn't count. Actual damage is what I'm looking at.
I think our disagreement is on a more fundamental level, though. Why do you feel the need to defend whatever miscreant did this? A lot of people seem to feel like its a harmless prank, but I think its pretty obviously more akin to vandalism.
This is the fundamental difference. I view it as a prank, you view it as vandalism. There is negligable actual loss. ~$450. If someone were to cancel their account purely because of this incident, perhaps more. I doubt anybody will cancel only because of this. The updates on the other servers and patches can't be counted in either, because it is a service that has patches regularly and it was something that needed to be patched. Even if the person or persons responsible sent UbiSoft an email demonstrating the capabilities without doing anything, the same thing would happen. The only actual damage was the few hours of gameplay lost to those affected.
15cents * 8 hours * 12,000 people = $14,400
The problem with this is that regular updates then would cost $14,400 and also entitled all players to account credits while the servers are being rolled back or patched. It doesn't work that way.
You can't add that figure in, because that figure would be the same if someone posted the report to UbiSoft without actually doing anything (redundant, I know, just drilling the point home)
There is actual no damage done, because they aren't billed per hour. There is only damage done if they had to pay their customers, or credit them, for downtime. This is obviously not the case. They are billed per month, with no guarantee of availability (Just things I'm gleaning from other comments) so nobody is entitled to anything.
Therefor, the only damage done is actually the cause of UbiSoft's negligence. Had they done proper quality and security controls this would never have happened. The actual damage was slightly worse than if someone had sent a friendly email detailing the exploit. The actual damage done by their exploitation of the system was pissing off a bunch of players.
And from a lot of the Shadowbane board comments and in this thread from the Shadowbane users, worse things have happened.
Now, if the game is, in fact $20/mo, and 0.5% (one half of one percent--a pretty darn low estimate) of the people affected cancel their account, then in the next month, 15 people will no longer subscribe. That's a direct loss of another $300 each month. Even if all those people would have quit in three months (far below the norm in MMORPGs), you're talking about $900. Add that to the $450 in damages above, and you're at nearly $1500 (1350).
It should be reasonable to assume that any people who cancel would not cancel purely for this reason. Did you read the threads on the board or even in here? Most of the people who say, "I'm cancelling" do so because it's just one more thing wrong with the game. The Warcraft 3 Frozen Throne beta has less bugs than this thing, from what I'm hearing. That's just plain silly.
So, yeah, I think these people did at least a couple thousand dollars worth of damage with this stunt. I think that my leniency would be to offer them a misdemeanor conviction and two weeks of jail time in return for a guilty plea. If they tried to plead not guilty, I think you've got an easy case for a felonious amount of damage.
They would only be liable for damages directly caused by their actions. This would be the $450 figure you listed above. You also can only claim damage for those who attempted to login to the server, and those who were playing in the time (Probably much less than the 3,000). If you attempt to claim (Unless in a civil court, much different) that your damages are in excess of that, you are going to get laughed at.
I think you have some confusion between civil and criminal hearings. For example, if I steal your car and you have a job that requires usage of your car, I am in no way criminally liable for you losing your job because you have no car. I am however persecuted under grand larceny (Assuming you don't drive an utter piece of shit) and the fines and penalties that go along with that. Speculative or correlative damage (I lost my job, my cat died, etc.) would take place under a civil lawsuit.
The only damages that will be tallied up for a criminal case are those actually inflicted upon the business. In this case, it would be $450. You would get laughed out of the FBI office. If they try to increase damages (Which is possible, by saying that lost wages due to on-call sysadmins, and recovery costs... but since the recovery costs were proven to be very small, as it was up and running in a matter of hours it would be hard pressed to get this number higher.) You also wouldn't be able to provide developers time fixing the bugs that caused it, because that's part of negligence.
Either way, if they do try to persecute it'll be pretty funny. If it's interstate, my guess is nothing will happen. My guess is it's interstate. I would look toward a civil case instead of a criminal case anyway, as a criminal case does ammount to someone spreading toilet paper all over. Except you have very expensive grounds keepers. But, once again, IANAL... just enjoy reading legal documents.
Unless thats a fix in a more recent version of Tomcat it also affected Tomcat and had nothing to do with anything the sysadmin could do IIRC. Unfortunately I dont have the book here (Core Servlets and JSP) to look up exactly what I'm referring to.
In regards to this and the other comment you posted, the only reason why you would have an HTML page listed as a JSP (and thus being processed by tomcat instead of setting up a handler to just process.html as normal.html, which will result in a bad request if you attempt to post (Method POST not allowed)) is because you either have a shitty sysadmin, or a shitty webdeveler who is forwarding requests to a press release that at some point accepted posts.
Your example has only said that if you have a document forward that forwards the request to an HTML page, it will forward the original request (Which means if you have a POST -> language_selector.jsp -> REDIRECT -> press_release_en.html, it will cause that.) This is a dumb architecture, and you should either overload the document loading (if you are doing a true dynamic site, which is still dumb to spit that much text) or not use the "Location: " header.
Just my opinions on the matter... a filetype should only be handled exactly as the contents of the file need. Having a JSP extension on an HTML file is bad design.
Since we've established that outages have harms, why should the perpetrators not be held responsible for this harm? I think that its pretty clear that UBISoft's image has been/will be tarnished from this. One piece of clear evidence of this is the posting of this news on Slashdot, when the game itself hasn't warranted any articles. This is a big deal.
I'm not excusing the actions of the person who did it, I'm just clarifying the actual damages. As you said, if you crash my lousy car, I'm entitled to get another car of the same or lesser value. Just because you crash my Baretta, doesn't mean I get to buy a Corvette.
If one person causes about $100 in "damages" to a service, charging them extra is extortion.
I don't understand your "Its funny, and they're unimportant" defense. Fortunately, I suspect that the judges in the case won't either.
It is funny, but that's not part of my defense. My defense is that there is no long lasting damage done. To me this is like toilet papering an offices campus. Or delivering hundreds of thousands of AOL CDs to AOL HQ.
I should clarify that you haven't specifically said any of the "get a life!" comments that have been rampant in other comments. However, given your sentiment that the perpetrators of this mess should be ignored, effectively encouraging them, I've lumped you in with them. Apologies if this isn't correct.
If someone wants to live their life as an elven warrior casting magic missile, that's they're choice. I can laugh at them a whole lot, and enjoy doing so, but this isn't about it. I find what the perpetrators did was very funny, especially because of the stereotype of the people it effected. However, I'm not saying they should be ignored. I'm saying they should be punished in accordance with the damage of the crime, ergo not much punishment. A firm slap on the wrist, a week of community service, and a "Don't do it again" is sufficient. Just like I'd expect them to do if some people spread toilet paper outside my office.
Wow, that was a lame comeback. MS is being blamed for a complete disregard for quality control.
I have an XP box. I use it to play games, and for media, it works great. BF1942 crashes, but aside from that the machine never crashes. I use Windows Updater (that prompts me) constantly. I got the notice for this update, and skipped it for some reason. Glad I did.
In the last 6 months since I've had this machine, I have downloaded every update and installed them without any concern or issue. That is pretty good quality control right there. For me, this is the first time I've seen them muck up MS Update for XP, that's a really good track record.
Considering I've had Nvidia bugger their drivers all to hell more times than I can count (Upgrading to a new driver on a geforce2 go took up about 80% of the RAM when I started X, but if I rolled back it was unstable...)
Saying that Microsoft is being blamed for a complete disregard for quality control is just dumb. Yes, quality control needs work, but they do work hard for it. From a programmers perspective, there is always something wrong. I'm working out this bug right now that only hits sometimes, that segfaults at a certain point in the code with a really "can't access memory" code in the debugger (gdb) and Valgrind just segfaults.
This is just one, and I guarantee that there will be more. Bugs happen. You can't always expect every piece of software to work flawlessly.
I've had better luck with Windows Update than urpmi, up2date. The only Linux equivalent that works, in what I would say, better fashion that Windows Update is Gentoo's emerge.
Besides the fact that the game is in full release (as I understand it), how can you ignore the value of an entertainment service?
A game that releases patches like this one is beta quality software. I can call a Chevy Baretta a Corvette, doesn't make it so...
What if someone interrupted an hour of home internet service for everyone in a city? With a few exceptions, home use of the internet is still entertainment.
That shit happens all the time. My internet connection goes down a couple times a month. I bitch at Verizon, and they say it's not their fault that some ambigious made-up term is failing.
Even more, there's direct harm to their business. Would you sign up with an ISP that has just had a major disruption like this? What if it happens again? What are they doing to prevent it?
You mean like @Home, Comcast, Verizon, Mindspring? All have had major outtages. Shit happens, and unless they have a uptime guarantee, you aren't entitled to it.
You can't joke around with 10,000 people and not expect to have some repercussions. I'm not saying we put the cracker to death or anything, but a fine, a month in jail and some community service is probably a good idea.
As far as I heard, it was only on one server with like 1200 people on it. Assuming they can catch the people who are involved, what are they going to charge them with? There was no damage*, and it was obvious negligence on behalf of whoever wrote the client bug/server bug that did this.
* Damage being defined as irreperable damage, even if it was down for 12 hours the amount of money would be very small. Those who cancel their accounts are doing it for other reasons as well, not just because of one incident. From what I've read on the boards linked in the story and the comments by the users of the game, it has a lot of issues.
You seem to think that because you don't value something (like a level of experience you've achieved in a game), it has no value. Nice attitude.
No, I think it has no value because a) It was one night. b) It's a game. and c) it's in beta.
I guess they can go ahead and give everybody on that server a $0.60 credit for their next bill.
Oh, by the way, don't assume that because I can understand the perspective of those who do see value in the game stats that I necessarily agree. Or did you miss the part where I was amused at what happened?
You were the one using the terms such as "destroyed," not me. It's not like gamestats were destroyed, they're rolling back by a few hours.
they hacked the game, destroyed a lot of people's expenditures of time, and most importantly to Ubi, trashed the hosting company's reputation.
So we have a thousand or so dorks that couldn't cast magic missile. Ok. It was one night, if they were doing upgrades that night, same thing. Quit bitching about that. It's not "destroying" anything, it was just making one night a little out of the norm.
As for trashing the hosting company's reputation, any company that allows this to happen deserves their reputation.
Kinda like if a child molester moves in they have to post the "Convicted Sex Offender" flyers up. It's good to know what type of scum is in your pool.
The 'other software' is OfferCompanion. Gator installs this software without prominent notification and does not uninstall it when Gator is removed. I didn't address it in my previous (badly linked) post, but the way Gator does its advertisment doesn't inform the user that Gator is the one doing the ads.
This is advertising support software! It tells you it is installing it (KaZaa, DivX.) If a person is too clueless to figure out what is actually being bundled in their software downloads (Which it is prominently listed) why is it not their fault? I'm not sure how you can think that Gator doesn't tell users that Gator is doing the adverts... Gator Advertising Network. Gator.com... they all say in nice big bold letters that they do it.
Spyware spies on the user. Period. That it may say it does so in a 1000 word EULA that 99% of users never read doesn't make it anyless spyware.
By your logic, your ISP and web-browser are all spyware, then. Gator doesn't put it in a 1000 word EULA. They put it on their front page.
I don't understand why you are so pissed off about a company that spends more resources disclosing everything they do, than any other company out there. You may not agree with pop-up advertising, but Gator goes completely out of it's way to let everybody know what they are doing and why.
Re:Gator by Payroll, WTF?
on
Gator Examined
·
· Score: 1
It is pretty obvious that you and genka are paid plants / trolls here, on the payroll of Gator. Nobody would be here sucking Gator dick unless they were doing it for financial gain.
Is this the best logic you can come up with? Because we read websites and try to say that you people are clueless and are spouting basic lies about them? We're paid... right.
Gator is the devil spawn of the most evil of the dark side, on par with professional spammers.
You don't even have a small aspect of a clue about them. I'm glad you added me to your foe list so you will hopefully just happily continue your life in your parents basement, wearing your tinfoil hat, and ignoring the real world.
Re:Cruel Intentions...
on
Shocking Clothing
·
· Score: 3, Insightful
When women stop getting payed 70% of a man's salary for doing the exact same job, then we can talk about reverse discrimination.
When women stop expecting me to buy them drinks, dinner, and dates, I'll expect them to get paid the same.
Gator watches what you do and reports the results back to the company. If that isn't spying, I don't know what is. Where is the information going? Who is using it? For what purpose(s) are they using it? Do they monitor keystrokes? Do they watch what you order? Do they record financial information? What configuration information do they gather?
It's really hard to spy when they tell you what they do. That's like someone walking right next to you talking on a cell phone saying, "A person who went to Starbucks also went to Nordstroms."
I do not care to cede my right to privacy just because I use an operating system or download a utility). Gator is "spyware," pure-and-simple.
I guess your ISP is spyware, too. So is Slashdot because it records logs. Spyware tries to hide what it does, not advertise.
Get off the bandwagon and educate yourself. Go visit the GAIN site, as they tell you everything they do. If you think that is Spyware, I'm sure the tinfoil hat manufacturers absolutely love you.
And another point: Nobody gives a shit about you. They give a shit about what percentages of people visit site X and site Y.
Gator installs another program that does the spyware.
Prove it. Are you talking about GAIN? GAIN isn't spyware either, because they tell you everything it does. Demographic collections correlating the websites you view and your zip code is for targetted advertisement. End of story. They don't give a shit about you. They also advertise everything they grab from your system, so I find it bullshit to call it Spyware.
Spyware tries to hide what they do, hence the term "spy." Software that advertises on their front-page what they do would be "Conspiciousware" or something.
Er.. it sends zipcode and other details back to the server... did you read the article?
Demographics. I'm sorry, but knowing that 56% of the people that live in zipcode 97223 view http://www.koin.com doesn't mean shit.
Cable companies also do targetted advertisement depending upon where you live, does that make them evil and wretched as well? My local cable company has adverts going that says, "Reach your local customers with our targetting advertising solution. Your commercial will be shown to people in the areas you want it to be seen."
I guess we better make up a bunch of shit about them being evil, too. After all, they have tons more information on you than Gator. They also interrupt your television shows (how dare they!) to show you advertisements. What assholes they are.
1. Gator monitors your web surfing habits and uploads that information to their database. That information is then, presumably, sold. They claim they do not record personally identifiable information, but URLs often contain identity strings which can be cross-referenced.
They also tell you explicitely what information they collect, and it's so that they can offer targetted advertisement. Why is that information sold? They don't need to sell that information. Besides, these practices already happen. "People who read Slashdot.org Also view Freshmeat.net" Ohhh, big deal! The monsters are out to get you! Nobody gives a rats ass about personally identifiable strings. You are not that important.
2. Gator throws annoying advertisements at you, even going to the point of showing you advertisements from certain companies when you view their competitors' websites (eg: seeing FedEx ads when you view the UPS website). They are currently in some hot water over this practice.
Yes, and coupons. It's called advertising, and it works. Car dealers advertise over other car dealers, supermarkets accept competitor coupons. It's called competitive advertisement. It's an innovative approach and makes money.
It has yet to be determined that #2 is illegal, but it seems unethical at best. Given that Gator engages in at least one unethical action, how are we to believe they would not engage in other unethical or illegal actions, especially as regards to point #1 (above)?
It is in no way illegal. They are being sued, to see if their practices are deceptive and that is a civil matter which will find them laible. This is not the same thing as illegal. Why you find it unethical is completely beyond me. Gas stations lower their prices so they get more business, is that unethical, too?
Slashdot Mirror
However, for SOHO applications, this could save people thousands of dollars (especially small-to-medium businesses).
.com's went out of business you can buy used Cisco equipment for dirt cheap? You can even buy their low-grade equipment for pretty cheap.
You do realize that since all the
For example: a Cisco 2501 you can find for probably $400 - $500. I'd rather have one of those than a Linux box, just for that whole "Best tool for the job" bit...
Just remember that talent is something you develop, it's not something you're born with. You want to work there? Start climbing the steps.
.com
Uhm, bullshit.
You know, that's why they call it "talent", as in, "A marked innate ability, as for artistic accomplishment."
I'm a decent artist. It's 50% talent, 50% work. I've found I have a cartoonist style, but I can't do still life. No matter how hard I try, I know guys who could beat me when they were in junior high school.
Play the hand you are dealt with, accept what you can't do well and do it mediocre and enjoy it.
You know what happens when everybody believes they have a talent and jumps on the "Fun and Money Bandwagon"?
I've never said its illegal to reverse engineer software. Its not illegal to own lockpicks, either. Breaking into buildings, though. That's illegal. With or without lockpicks. In fact, you don't even have to lock the doors. All you have to do is make it clear that it is private property, and that the general public is not invited. I think by hiding the protocols to access these features, and calling them 'admin featuers', UBISoft has fulfilled this requirement.
You said that they "broke into the client" which is just stupid. They did nothing of the sorts. If you honestly think that hiding the protocols to access admin features means UbiSoft has fulfilled their responsibility for security than, quite frankly, you are an idiot.
"But officer, I put my door in the back of my house so nobody could find it! It's not my fault they broke into it."
I'm not excusing the act of exploiting their services, but I'm not excusing UbiSoft for being incompotent and idiotic either. They had a very definite hand in what happened. It's like parents who keep loaded guns around children.
The time taken to fix the result of the attacks is independant of the time to fix the original bug. (reverting servers, answering support calls, etc).
Ok, repeat after me. Had it been an email notification, the same process would have likely taken place. Why do you not understand that? Oh, because you think that UbiSoft not telling people where the admin controls are at constitutes security...
You have never answered the question of why these people should not be punished (or deserve only extremely light punishment) for disrupting the service of thousands of people.
Yes, I have answered it. You just don't read what I write. You didn't answer my question that I posted last time. You tried:
The fix for this problem can be written with the servers still running. Access to these functions can be monitored, possibly controlled at a firewall level. The installation of the patch can occur during normal weekly maintenence cycles, which take place during periods of low usage.
This is where you prove without a shadow of a doubt you are absolutely clueless. You have obviously never worked in a production environment with server farms running code that could be exploited (and people try to exploit) at any given moment. Newsflash: If someone emails you and says, "By the way, your admin ports are hanging out and anybody can connect in if they figure it out" shit hits the fan.
You still think the attacker is indirectly responsible, which is bullshit from a criminal point of view.
You also think that these people have value. They are paying for entertainment, so why do they bitch if they get to live the same experience again? If it was so much fun the first time, they'll do it better the second time.
It's a fucking game. People didn't get to play their game. The person(s) who did this are going to get away, and I'm not saying that I think they should or not. I'm merely stating that they are. It's the way the law works. They only mucked around on one server. UbiSoft fixed all of them.
You know what this means? He's responsible for what happened on one server. Everything else is indirect damages, and are not his fault.
At this point, I would be amazed if you were older than 16... your lack of actually reading what other people write and understanding systems and law is astounding.
Are you, again, arguing that the attackers didn't have to break the code to do this? Whether the code "should" or "should not" contain this ability is pretty irrelevant.
Show me where it's illegal to reverse engineer software. Only technological copyright protection devices have this protection.
Furthermore, the EULA probably states that downtime will happen for reasons like software, hardware, and network maintenence. I doubt it lists malicious attackers.
The malicious attacker did not cause downtime. UbiSoft caused downtime for maintenance to fix a bug that they created. The attacker merely caused havok inside the game. It was UbiSofts decision to rollback, and they didn't technically need to.
This is false. All services were interrupted. All users were affected. Interruption to all services was a direct result of the attack. All servers needed to be reset, as the extent of the attack was not verifiable.
Ok, answer this question then: Why would this be different if someone had sent them an email detailing how to do the attack and saying that it is possible other people know about it?
This is false. UBISoft is not 'liable' for anything. They are responsible for their services. Had this attack not happened, no rollbacks would have been needed, no additional downtime would have occurred. The fix would have been installed during their next maintenence cycle.
First, prove that the rollbacks were in fact necessary. It looks like UbiSoft did that to be sure that nobody used the exploit to get something they didn't win in the game. If someone sent them an email and said, "I figured this out, and it's quite likely someone else will." than UbiSoft would have done an emergency patch job. You don't wait when you know there is a gaping security hole, you fix it then. Especially if it is a trivial fix (And 8 hours to patch all the services is trivial.)
This is false. There is significant damage, more than $4000. The crime committed affected thousands of people. The perpetrators deserve punishment.
If someone steals my car, and I have a computer in that car that I use to make money with (Lets say $4K a day, doing consulting work) they are not responsible for my lost wages. If I don't get my computer back, they are responsible for the computer. If I do, they are responsible for the crime of stealing my car (stealing something of a value greater than $5,000 - Grand Larceny, a felony)
No court will ever find that this attacker is directly responsible for more than the actual damage he caused directly. You are trying to blame him for indirect damage, and life doesn't work that way. In a civil case, UbiSoft could probably be able to get awarded the damages ($4K, it costs more for their lawyer than they get back) but in a criminal case, this will be treated exactly like toilet papering someones office.
Your analogy breaks down immediately. UBISoft clearly had locks on the doors. Not including the fucntionality in the client to begin with constitutes locks on the doors.
Providing that functionality to begin with is the problem. The fact that any client, not just those provided by UbiSoft (Think of employee, vs someone walking in off the street) could do this given the proper knowledge (where the door is located.)
The only reason that the people involved aren't getting refunds is because they haven't demanded it. And who would they demand it from? They would demand it from the attackers, as UBISoft's user agreement covers UBISoft from outages. When you're talking about damage here, you're talking about damage to anyone involved, not damage to only UBISoft.
Give each person the thirty cents, big fucking deal. Only give those people who were affected by the malicious client refunds, because that is the only damage caused by the perpetrator.
My statement is that because this service is provided without uptime guarantee, nor do people pay per hour/minute but by month, there is no valid way to calculate actual damages.
You cannot include any damages done by UbiSoft having to patch their servers and services. Because had someone notified them via email it would still have the same outcome.
Re:ding ding! Not in beta! (Score:1)
by zipwow (1695) on 06:24 PM May 29th, 2003 (#6072833)
(http://zipwow.net/)
No, it's completely in sync with property. If a business doesn't have any locks on it's doors, and someone breaks in (by merely opening the door and walking in) and spreads toilet paper all over the place, the doors would then have locks installed. That's all I'm saying.
If a business doesn't have any locks on it's doors, and someone breaks in (by merely opening the door and walking in) and spreads toilet paper all over the place, the doors would then have locks installed.
Your analogy breaks down immediately. UBISoft clearly had locks on the doors. Not including the fucntionality in the client to begin with constitutes locks on the doors.
So, in your example, the building has a rather wimpy security system, say cheap locks. This is probably a stupid choice on their part, but that doesn't really affect the legality or morality of the situation. Then, someone breaks in and trashes the place. I can't think of an analogy for 15,000 people not being able to play a game that they subscribe to, but I think you can see the point from here.
Maybe the business should've invested in a night guard, but that doesn't make it legal to break the cheap locks.
This is wrong, and this is why I listed my point twice. 15,000 people were affected by a bug in UbiSofts system. 1,200 people (or 3,000 as registered on that server, whatever) were affected by what the attacker did.
You understand the difference?
No, because there isn't one.
Are you arguing that UBISoft, upon noticing this exploit, shouldn't have restarted and rolled back all their servers? If this security problem hadn't been violated in this way, the rollback (and affects on all the players) could have been avoided. Also, the outage for the servers could have been much shorter, and at a time where it would have less impact on the general player base.
The outage was a direct result of the attacker's actions. Just because the locks on the doors weren't as strong as they needed to be (in your analogy), doesn't mean that the attackers aren't responsible for having to check and clean the whole building for vandalism after they broke in.
There is no damage, as I've said before. Damage doesn't mean pissed of geeks. Damage means money that is actually lost that they would have otherwise. You can't list UbiSoft having to patch their servers and services, because that would be the case even if they were notified in a friendly email. You can only list the actual damages: None.
Again, there is clearly damage done.
T
If they distributed their IP in GPL'd code without their knowledge, the GPL does not apply to that code, as it was licensed by someone who did not have the authority to license it. They accepted the kernal as a package, under good faith that all contributions to it were legitimately licensed by the contributing parties.
Caldera has numerous kernel patches, which would lead one to believe that they did have a consistent review and familiarity of the kernel code long before this became an issue.
There are 3 things to prove:
1. They did not willfully and knowingly distribute "tainted" code through the Linux kernel (in the form of the Caldera kernel patches.)
2. They do in fact own the property rights to the code in question, and not Novell. As said in the article that is under interpretation. Novell has a lot more money than SCO, so Novell wins.
3. Tainted code actually exists in the Linux kernel. 5-15 lines, as stated, in multiple occurances can merely be a coincidence. The large blocks of code spoken of mysteriously is going to be the meat and potatoes.
IANAL...
Windows Update's main function is to provide a central place to patch all the holes and exploits that are discovered weekly in their software. Gentoo's emerge is there to install and update a whole library of software maintained and developed by many different companies and people. Call me blind, but I don't see the similarities.
Apparently you don't visit Freshmeat too often. If you had, you would see software packages that get updated constantly. Having a central service that ensures those are distributed and installed is a good idea.
Every software goes through revisions, but I guess because it's Microsoft Windows that gets updated and better it's inferior.
Fucking hypocrites.
This view of the world of software as the only law on the internet, and anything not explicitly denied is allowed, is pretty out of whack with the idea of property.
No, it's completely in sync with property. If a business doesn't have any locks on it's doors, and someone breaks in (by merely opening the door and walking in) and spreads toilet paper all over the place, the doors would then have locks installed. That's all I'm saying.
UbiSoft didn't have locks installed. They learned they needed them. They installed them. End of story.
This is patently ridiculous. Ask any of the 15,000 people affected by this which option they'd prefer. I still don't understand why you assign no value to the time of the subscribers of this system.
This is wrong, and this is why I listed my point twice. 15,000 people were affected by a bug in UbiSofts system. 1,200 people (or 3,000 as registered on that server, whatever) were affected by what the attacker did.
You understand the difference?
The attackers broke the law, and disrupted the service, preventing thousands of paying users from using it. I don't see how damages aren't obvious.
There is no damage, as I've said before. Damage doesn't mean pissed of geeks. Damage means money that is actually lost that they would have otherwise. You can't list UbiSoft having to patch their servers and services, because that would be the case even if they were notified in a friendly email. You can only list the actual damages: None.
Absolutely, after spending years on a nuclear submarine I know they are perfectly safe.
Excuse me, Professor Xavier is calling me...
I think it would include at least a portion of the people who cancelled their accounts.
Only if you could prove the sole reason each of those people cancelled was due to this bug.
From the Ubisoft post and elsewhere, I read that *all* the servers were taken down and reverted. This process took somewhere between two and six hours. Lets take five.
This would be negligence, and correlative damage though. If UbiSoft did their part (By not doing buggy software) than the software would not need to be taken down. From what I read, it only took place on one server (Kahn or something)
Correlative damage doesn't count. Actual damage is what I'm looking at.
I think our disagreement is on a more fundamental level, though. Why do you feel the need to defend whatever miscreant did this? A lot of people seem to feel like its a harmless prank, but I think its pretty obviously more akin to vandalism.
This is the fundamental difference. I view it as a prank, you view it as vandalism. There is negligable actual loss. ~$450. If someone were to cancel their account purely because of this incident, perhaps more. I doubt anybody will cancel only because of this. The updates on the other servers and patches can't be counted in either, because it is a service that has patches regularly and it was something that needed to be patched. Even if the person or persons responsible sent UbiSoft an email demonstrating the capabilities without doing anything, the same thing would happen. The only actual damage was the few hours of gameplay lost to those affected.
15cents * 8 hours * 12,000 people = $14,400
The problem with this is that regular updates then would cost $14,400 and also entitled all players to account credits while the servers are being rolled back or patched. It doesn't work that way.
You can't add that figure in, because that figure would be the same if someone posted the report to UbiSoft without actually doing anything (redundant, I know, just drilling the point home)
There is actual no damage done, because they aren't billed per hour. There is only damage done if they had to pay their customers, or credit them, for downtime. This is obviously not the case. They are billed per month, with no guarantee of availability (Just things I'm gleaning from other comments) so nobody is entitled to anything.
Therefor, the only damage done is actually the cause of UbiSoft's negligence. Had they done proper quality and security controls this would never have happened. The actual damage was slightly worse than if someone had sent a friendly email detailing the exploit. The actual damage done by their exploitation of the system was pissing off a bunch of players.
And from a lot of the Shadowbane board comments and in this thread from the Shadowbane users, worse things have happened.
Now, if the game is, in fact $20/mo, and 0.5% (one half of one percent--a pretty darn low estimate) of the people affected cancel their account, then in the next month, 15 people will no longer subscribe. That's a direct loss of another $300 each month. Even if all those people would have quit in three months (far below the norm in MMORPGs), you're talking about $900. Add that to the $450 in damages above, and you're at nearly $1500 (1350).
It should be reasonable to assume that any people who cancel would not cancel purely for this reason. Did you read the threads on the board or even in here? Most of the people who say, "I'm cancelling" do so because it's just one more thing wrong with the game. The Warcraft 3 Frozen Throne beta has less bugs than this thing, from what I'm hearing. That's just plain silly.
So, yeah, I think these people did at least a couple thousand dollars worth of damage with this stunt. I think that my leniency would be to offer them a misdemeanor conviction and two weeks of jail time in return for a guilty plea. If they tried to plead not guilty, I think you've got an easy case for a felonious amount of damage.
They would only be liable for damages directly caused by their actions. This would be the $450 figure you listed above. You also can only claim damage for those who attempted to login to the server, and those who were playing in the time (Probably much less than the 3,000). If you attempt to claim (Unless in a civil court, much different) that your damages are in excess of that, you are going to get laughed at.
I think you have some confusion between civil and criminal hearings. For example, if I steal your car and you have a job that requires usage of your car, I am in no way criminally liable for you losing your job because you have no car. I am however persecuted under grand larceny (Assuming you don't drive an utter piece of shit) and the fines and penalties that go along with that. Speculative or correlative damage (I lost my job, my cat died, etc.) would take place under a civil lawsuit.
The only damages that will be tallied up for a criminal case are those actually inflicted upon the business. In this case, it would be $450. You would get laughed out of the FBI office. If they try to increase damages (Which is possible, by saying that lost wages due to on-call sysadmins, and recovery costs... but since the recovery costs were proven to be very small, as it was up and running in a matter of hours it would be hard pressed to get this number higher.) You also wouldn't be able to provide developers time fixing the bugs that caused it, because that's part of negligence.
Either way, if they do try to persecute it'll be pretty funny. If it's interstate, my guess is nothing will happen. My guess is it's interstate. I would look toward a civil case instead of a criminal case anyway, as a criminal case does ammount to someone spreading toilet paper all over. Except you have very expensive grounds keepers. But, once again, IANAL... just enjoy reading legal documents.
Unless thats a fix in a more recent version of Tomcat it also affected Tomcat and had nothing to do with anything the sysadmin could do IIRC. Unfortunately I dont have the book here (Core Servlets and JSP) to look up exactly what I'm referring to.
.html as normal .html, which will result in a bad request if you attempt to post (Method POST not allowed)) is because you either have a shitty sysadmin, or a shitty webdeveler who is forwarding requests to a press release that at some point accepted posts.
In regards to this and the other comment you posted, the only reason why you would have an HTML page listed as a JSP (and thus being processed by tomcat instead of setting up a handler to just process
Your example has only said that if you have a document forward that forwards the request to an HTML page, it will forward the original request (Which means if you have a POST -> language_selector.jsp -> REDIRECT -> press_release_en.html, it will cause that.) This is a dumb architecture, and you should either overload the document loading (if you are doing a true dynamic site, which is still dumb to spit that much text) or not use the "Location: " header.
Just my opinions on the matter... a filetype should only be handled exactly as the contents of the file need. Having a JSP extension on an HTML file is bad design.
Since we've established that outages have harms, why should the perpetrators not be held responsible for this harm? I think that its pretty clear that UBISoft's image has been/will be tarnished from this. One piece of clear evidence of this is the posting of this news on Slashdot, when the game itself hasn't warranted any articles. This is a big deal.
I'm not excusing the actions of the person who did it, I'm just clarifying the actual damages. As you said, if you crash my lousy car, I'm entitled to get another car of the same or lesser value. Just because you crash my Baretta, doesn't mean I get to buy a Corvette.
If one person causes about $100 in "damages" to a service, charging them extra is extortion.
I don't understand your "Its funny, and they're unimportant" defense. Fortunately, I suspect that the judges in the case won't either.
It is funny, but that's not part of my defense. My defense is that there is no long lasting damage done. To me this is like toilet papering an offices campus. Or delivering hundreds of thousands of AOL CDs to AOL HQ.
I should clarify that you haven't specifically said any of the "get a life!" comments that have been rampant in other comments. However, given your sentiment that the perpetrators of this mess should be ignored, effectively encouraging them, I've lumped you in with them. Apologies if this isn't correct.
If someone wants to live their life as an elven warrior casting magic missile, that's they're choice. I can laugh at them a whole lot, and enjoy doing so, but this isn't about it. I find what the perpetrators did was very funny, especially because of the stereotype of the people it effected. However, I'm not saying they should be ignored. I'm saying they should be punished in accordance with the damage of the crime, ergo not much punishment. A firm slap on the wrist, a week of community service, and a "Don't do it again" is sufficient. Just like I'd expect them to do if some people spread toilet paper outside my office.
Wow, that was a lame comeback. MS is being blamed for a complete disregard for quality control.
I have an XP box. I use it to play games, and for media, it works great. BF1942 crashes, but aside from that the machine never crashes. I use Windows Updater (that prompts me) constantly. I got the notice for this update, and skipped it for some reason. Glad I did.
In the last 6 months since I've had this machine, I have downloaded every update and installed them without any concern or issue. That is pretty good quality control right there. For me, this is the first time I've seen them muck up MS Update for XP, that's a really good track record.
Considering I've had Nvidia bugger their drivers all to hell more times than I can count (Upgrading to a new driver on a geforce2 go took up about 80% of the RAM when I started X, but if I rolled back it was unstable...)
Saying that Microsoft is being blamed for a complete disregard for quality control is just dumb. Yes, quality control needs work, but they do work hard for it. From a programmers perspective, there is always something wrong. I'm working out this bug right now that only hits sometimes, that segfaults at a certain point in the code with a really "can't access memory" code in the debugger (gdb) and Valgrind just segfaults.
This is just one, and I guarantee that there will be more. Bugs happen. You can't always expect every piece of software to work flawlessly.
I've had better luck with Windows Update than urpmi, up2date. The only Linux equivalent that works, in what I would say, better fashion that Windows Update is Gentoo's emerge.
Besides the fact that the game is in full release (as I understand it), how can you ignore the value of an entertainment service?
A game that releases patches like this one is beta quality software. I can call a Chevy Baretta a Corvette, doesn't make it so...
What if someone interrupted an hour of home internet service for everyone in a city? With a few exceptions, home use of the internet is still entertainment.
That shit happens all the time. My internet connection goes down a couple times a month. I bitch at Verizon, and they say it's not their fault that some ambigious made-up term is failing.
Even more, there's direct harm to their business. Would you sign up with an ISP that has just had a major disruption like this? What if it happens again? What are they doing to prevent it?
You mean like @Home, Comcast, Verizon, Mindspring? All have had major outtages. Shit happens, and unless they have a uptime guarantee, you aren't entitled to it.
You can't joke around with 10,000 people and not expect to have some repercussions. I'm not saying we put the cracker to death or anything, but a fine, a month in jail and some community service is probably a good idea.
As far as I heard, it was only on one server with like 1200 people on it. Assuming they can catch the people who are involved, what are they going to charge them with? There was no damage*, and it was obvious negligence on behalf of whoever wrote the client bug/server bug that did this.
* Damage being defined as irreperable damage, even if it was down for 12 hours the amount of money would be very small. Those who cancel their accounts are doing it for other reasons as well, not just because of one incident. From what I've read on the boards linked in the story and the comments by the users of the game, it has a lot of issues.
You seem to think that because you don't value something (like a level of experience you've achieved in a game), it has no value. Nice attitude.
No, I think it has no value because a) It was one night. b) It's a game. and c) it's in beta.
I guess they can go ahead and give everybody on that server a $0.60 credit for their next bill.
Oh, by the way, don't assume that because I can understand the perspective of those who do see value in the game stats that I necessarily agree. Or did you miss the part where I was amused at what happened?
You were the one using the terms such as "destroyed," not me. It's not like gamestats were destroyed, they're rolling back by a few hours.
Because depending on what the site is doing sometimes you have to rename your static HTML files to .jsp for things to work properly.
I would recommend firing your sysadmins then. The only excuse for that is really, really shitty configuration. Even TomCat can do better than that.
they hacked the game, destroyed a lot of people's expenditures of time, and most importantly to Ubi, trashed the hosting company's reputation.
So we have a thousand or so dorks that couldn't cast magic missile. Ok. It was one night, if they were doing upgrades that night, same thing. Quit bitching about that. It's not "destroying" anything, it was just making one night a little out of the norm.
As for trashing the hosting company's reputation, any company that allows this to happen deserves their reputation.
Kinda like if a child molester moves in they have to post the "Convicted Sex Offender" flyers up. It's good to know what type of scum is in your pool.
The 'other software' is OfferCompanion. Gator installs this software without prominent notification and does not uninstall it when Gator is removed. I didn't address it in my previous (badly linked) post, but the way Gator does its advertisment doesn't inform the user that Gator is the one doing the ads.
This is advertising support software! It tells you it is installing it (KaZaa, DivX.) If a person is too clueless to figure out what is actually being bundled in their software downloads (Which it is prominently listed) why is it not their fault? I'm not sure how you can think that Gator doesn't tell users that Gator is doing the adverts... Gator Advertising Network. Gator.com... they all say in nice big bold letters that they do it.
Spyware spies on the user. Period. That it may say it does so in a 1000 word EULA that 99% of users never read doesn't make it anyless spyware.
By your logic, your ISP and web-browser are all spyware, then. Gator doesn't put it in a 1000 word EULA. They put it on their front page.
I don't understand why you are so pissed off about a company that spends more resources disclosing everything they do, than any other company out there. You may not agree with pop-up advertising, but Gator goes completely out of it's way to let everybody know what they are doing and why.
It is pretty obvious that you and genka are paid plants / trolls here, on the payroll of Gator. Nobody would be here sucking Gator dick unless they were doing it for financial gain.
Is this the best logic you can come up with? Because we read websites and try to say that you people are clueless and are spouting basic lies about them? We're paid... right.
Gator is the devil spawn of the most evil of the dark side, on par with professional spammers.
You don't even have a small aspect of a clue about them. I'm glad you added me to your foe list so you will hopefully just happily continue your life in your parents basement, wearing your tinfoil hat, and ignoring the real world.
When women stop getting payed 70% of a man's salary for doing the exact same job, then we can talk about reverse discrimination.
When women stop expecting me to buy them drinks, dinner, and dates, I'll expect them to get paid the same.
Gator watches what you do and reports the results back to the company. If that isn't spying, I don't know what is. Where is the information going? Who is using it? For what purpose(s) are they using it? Do they monitor keystrokes? Do they watch what you order? Do they record financial information? What configuration information do they gather?
It's really hard to spy when they tell you what they do. That's like someone walking right next to you talking on a cell phone saying, "A person who went to Starbucks also went to Nordstroms."
I do not care to cede my right to privacy just because I use an operating system or download a utility). Gator is "spyware," pure-and-simple.
I guess your ISP is spyware, too. So is Slashdot because it records logs. Spyware tries to hide what it does, not advertise.
Get off the bandwagon and educate yourself. Go visit the GAIN site, as they tell you everything they do. If you think that is Spyware, I'm sure the tinfoil hat manufacturers absolutely love you.
And another point: Nobody gives a shit about you. They give a shit about what percentages of people visit site X and site Y.
Fix your link.
Gator installs another program that does the spyware.
Prove it. Are you talking about GAIN? GAIN isn't spyware either, because they tell you everything it does. Demographic collections correlating the websites you view and your zip code is for targetted advertisement. End of story. They don't give a shit about you. They also advertise everything they grab from your system, so I find it bullshit to call it Spyware.
Spyware tries to hide what they do, hence the term "spy." Software that advertises on their front-page what they do would be "Conspiciousware" or something.
Er.. it sends zipcode and other details back to the server... did you read the article?
Demographics. I'm sorry, but knowing that 56% of the people that live in zipcode 97223 view http://www.koin.com doesn't mean shit.
Cable companies also do targetted advertisement depending upon where you live, does that make them evil and wretched as well? My local cable company has adverts going that says, "Reach your local customers with our targetting advertising solution. Your commercial will be shown to people in the areas you want it to be seen."
I guess we better make up a bunch of shit about them being evil, too. After all, they have tons more information on you than Gator. They also interrupt your television shows (how dare they!) to show you advertisements. What assholes they are.
1. Gator monitors your web surfing habits and uploads that information to their database. That information is then, presumably, sold. They claim they do not record personally identifiable information, but URLs often contain identity strings which can be cross-referenced.
They also tell you explicitely what information they collect, and it's so that they can offer targetted advertisement. Why is that information sold? They don't need to sell that information. Besides, these practices already happen. "People who read Slashdot.org Also view Freshmeat.net" Ohhh, big deal! The monsters are out to get you! Nobody gives a rats ass about personally identifiable strings. You are not that important.
2. Gator throws annoying advertisements at you, even going to the point of showing you advertisements from certain companies when you view their competitors' websites (eg: seeing FedEx ads when you view the UPS website). They are currently in some hot water over this practice.
Yes, and coupons. It's called advertising, and it works. Car dealers advertise over other car dealers, supermarkets accept competitor coupons. It's called competitive advertisement. It's an innovative approach and makes money.
It has yet to be determined that #2 is illegal, but it seems unethical at best. Given that Gator engages in at least one unethical action, how are we to believe they would not engage in other unethical or illegal actions, especially as regards to point #1 (above)?
It is in no way illegal. They are being sued, to see if their practices are deceptive and that is a civil matter which will find them laible. This is not the same thing as illegal. Why you find it unethical is completely beyond me. Gas stations lower their prices so they get more business, is that unethical, too?