For itrace to become useful, it has to be installed near DoS-ing hax0red boxes, and/or near the script kiddies.
Currently, these DoS-originating locations can stay anonymous if they can spoof their IP address, that is, if the connecting ISP didn't install proper filters to protect against spoofed addresses.
So before itrace can become effective, these already clueless ISPs must be persuaded to upgrade their hardware. These are the same ISPs that currently don't install IP spoofing filters, even though that has been recommended by various organisations for years now.
And given the fact that there are still some remote locations that are so outdated that they don't understand CIDR routing, I expect it to take much longer than 18 months for itrace to become effective against all spoofed IP addresses.
Maybe we should stimulate the major router vendors to give away OS upgrades that include itrace for free:)
Actually spoofed packets are useful in not-so-evil manners.
Well, tough. I'm afraid current internet practices of simply disallowing fake source packets will quickly render your protocols unusable.
Note that there are already other ways to send stuff anonymously, for example using onion routers. The freedom program by zeroknowledge uses this technology, for example.
Re:I really don't like this ruling
on
Microsoft Loses
·
· Score: 1
2) MS violated the Sherman Act by "unlawfully tying its Web browser to its operating system"; [...] Ruling 2), on the other hand, is dead wrong, and I have a very difficult time believing any of you disagree. The simple fact is, every desktop OS/environment today has an integrated web browser.
IMO, what the ruling condemnes is not so much the actual integration of the browser to the OS, but the way in which it was tied to it. The FofF give rather explicit details about the way the integration of the browser literally into the core OS generally hurt consumers more than they benefit from it (less stable platform, more difficult to remove browser if not wanted, etc).
I find it actually reassuring that they are being punished for this.
3) "the effect of Microsoft's marketing arrangements with other companies" did NOT constitute "unlawful exclusive dealing under criteria established by leading decisions". [...] As for 3), I'd say that it is precisely MS's marketing arrangements that have made them an anticompetitive monopoly. I admit that IANAL and thus Judge Jackson knows the "criteria established by leading decisions" much much better than I do. However, if in fact MS does not meet those criteria, than I think a new precedent must be advanced, as MS has clearly effected the competitive landscape in the software industry for the worse.
I agree with you on this one. The business practices described in the FofF are disgusting at best. But being a european techie, I probably don't understand american business ethics very well. Maybe they're "common practice" in the US.
(Disclaimer: IANAL. And I haven't read the entire CofL yet, I will read it in the train in palm doc format just as I did with the FofF)
Slashdot Mirror
This is old news. Job showed the very same bug at HAL2001, on his "SMS security" session on friday 10th 2001, 16:00.
;)
Just goes to show that TheRegister apparently missed a great hacker conference
For itrace to become useful, it has to be installed near DoS-ing hax0red boxes, and/or near the script kiddies.
Currently, these DoS-originating locations can stay anonymous if they can spoof their IP address, that is, if the connecting ISP didn't install proper filters to protect against spoofed addresses.
So before itrace can become effective, these already clueless ISPs must be persuaded to upgrade their hardware. These are the same ISPs that currently don't install IP spoofing filters, even though that has been recommended by various organisations for years now.
And given the fact that there are still some remote locations that are so outdated that they don't understand CIDR routing, I expect it to take much longer than 18 months for itrace to become effective against all spoofed IP addresses.
Maybe we should stimulate the major router vendors to give away OS upgrades that include itrace for free :)
Actually spoofed packets are useful in not-so-evil manners.
Well, tough. I'm afraid current internet practices of simply disallowing fake source packets will quickly render your protocols unusable.
Note that there are already other ways to send stuff anonymously, for example using onion routers. The freedom program by zeroknowledge uses this technology, for example.
2) MS violated the Sherman Act by "unlawfully tying its Web browser to its operating system";
[...]
Ruling 2), on the other hand, is dead wrong, and I have a very difficult time believing any of you disagree. The simple fact is, every desktop OS/environment today has an integrated web browser.
IMO, what the ruling condemnes is not so much the actual integration of the browser to the OS, but the way in which it was tied to it. The FofF give rather explicit details about the way the integration of the browser literally into the core OS generally hurt consumers more than they benefit from it (less stable platform, more difficult to remove browser if not wanted, etc).
I find it actually reassuring that they are being punished for this.
3) "the effect of Microsoft's marketing arrangements with other companies" did NOT constitute "unlawful exclusive dealing under criteria established by leading decisions".
[...]
As for 3), I'd say that it is precisely MS's marketing arrangements that have made them an anticompetitive monopoly. I admit that IANAL and thus Judge Jackson knows the "criteria established by leading decisions" much much better than I do. However, if in fact MS does not meet those criteria, than I think a new precedent must be advanced, as MS has clearly effected the competitive landscape in the software industry for the worse.
I agree with you on this one. The business practices described in the FofF are disgusting at best. But being a european techie, I probably don't understand american business ethics very well. Maybe they're "common practice" in the US.
(Disclaimer: IANAL. And I haven't read the entire CofL yet, I will read it in the train in palm doc format just as I did with the FofF)