No need to try to save everything but if we know something is going to die off we should at least try to save it's DNA so we can clone it later if we need it for something or just want to study it.
It's my job to trace IPs back to customer's accounts. Big ISPs have nice record keeping and database systems setup to make it easy, but even the little guys can track you down with very little trouble.
It's not hard to trace an IP address back to a customer's internet account and (in many cases) a physical address.
Sure you can't tell exactly who was at the keyboard, but as far your ISP is concerned, who you allow to access your account is your problem. The account holder is responsible for what takes place over the service they signed up for.
When it comes to major legal issues, we are able to give police a very firm places to start looking (a physical address, a hostname, access logs etc) and from there they can check your hard drives, network, home router config, and decide how likely a suspect you are from that.
and just make it an option instead of forcing it on people
This is exactly what Mozilla needs to lean to start doing.
I don't even care if they bury those options in about:config but major changes to basic things like address bars, title bars, status bars, tabs, etc should all be 100% optional not need yet another add-on. I prefer using add-ons to extend the browser, not restore functionality. Far too many of the add-ons I have already installed were only added to bring back some feature that was taken out of the browser or changed.
workstations should have a desktop firewall mostly to monitor outbound connections. (good for keeping apps from phoneing home etc). most nasty inbound traffic should be blocked at the router but it's nice to be able to block an extra port or random IP when needed on a per machine level.
For servers where you are expecting random incoming traffic it's better to block all unwanted inbound traffic before it ever gets the sever (ACLs work fine here). You don't need to worry about outbound traffic as much, as long as you are doing reasonable things like blocking outbound port 25 for your web server, port 80 for your mail server etc.
Anytime someone registers something like www.paypal-loginweb.com it should be setting off red flags everywhere. I'm not saying these domains should be shutdown automatically or anything, but they should be flagged for review every few weeks and it might not be a bad idea to ask a few questions either.
The fact is that many registrars have worked so hard to lower costs that they cut out the basic checks that would have caught these kinds of domains.
Sure it would never stop someone from setting up a phishing site with a domain like skljhf3lihgfsklh2jnf.com but that domain sure would make it easier for people to detect something wasn't quite right.
In many cases lazy irresponsible registrars are making things too easy for criminals.
Reviews of the movie were good. http://www.rottentomatoes.com/m/hurt_locker/
I'm guessing that maybe many others (like myself) were well past starting to get sick of war in general and the war in iraq in particular. There has been a huge number of war movies set in the middle east over the last several years and maybe people who still bothered to go to a theater wanted something a little different.
Hey! That's the same number of ISPs I get to choose from in the US! Individuals in the US may not have much for options either but I do feel a little better that our gov has to work a little harder to spy on our net traffic than they do in China where it's all centralized for them in one of two places.
Not at all, only that you aren't likely to find something that will give you output exactly like what you'd want to present it to a non-tech (in some cases very non-tech) crowd. Benchmarking software is pretty much all designed for techs, as techs are the only ones who generally want to know a machines benchmarks.
The results you'll get from benchmarking software will give way more detail than "C level execs" are going to want to look at and will present it in ways that will be hard for them to grasp.
A presenter (tech translator) who gets the results that he/she understands best and then combines/reformats that info more or less by hand into something to show to the suits will have the best chance of getting the point across clearly and quickly.
My point was just that when you're shopping around for and trying out benchmarking software for this purpose, don't spend time worrying about if the app gives you pretty graphs for anyone else. Get whatever works best for you and be ready to spend a few minutes creating something pretty from that data on your own.
I'd have to agree - don't bother looking for something with nice charts - most charts won't matter much to non-techs anyway. Just take the results from the best tools for the job and use those numbers to create charts, graphs, etc that will work best for your audience.
After he was arrested and placed in custody is when he stated that he would only give the password to the mayor, not becuase it was a rule or directive but becuase Mayor Newsom was "the only person he felt he could trust".
I haven't followed this case very closely so forgive me if this has been answered elsewhere, but do you know why the mayor didn't just take the password from this guy and then hand it over to the new admins? It doesn't seem like too big a hassle for Mayor Newsom if 20 minutes on the phone would have actually helped the city avoid significant costs and problems.
Mr. Childs could then say any problems with the network from that point on were the mayor's fault for handing over the passwords to those less competent and that would have been the end of it. No huge court case needed.
Soon (now?) they can generate captions of everything heard (or sung) in a video immediately after upload and match the captions against lyrics and transcriptions of copyrighted works or even just search them for specific keywords. Then they can flag those videos as possible copyright violations or even prevent them from being displayed until after being reviewed by someone.
I'm not saying captioning isn't a good idea, only that it can be used for more than just assisting the hard of hearing.
I normally I'd love this sort of thing. I pour over logs in my spare time - for kicks even, but this video just bored me. For nearly half the video this thing never goes beyond "look! people in different countries are active at different times!".
Even the few things that almost start to seem interesting leave you unable to gain any insight because there is just no information. There isn't any useful data to work with.
What this fails to provide us with is what kind of traffic this was in the first place. Any reasonably large site is going to get hit with all kinds of background noise, and so the fact that they found themselves with large amounts of "traffic" from 'nearly every country' doesn't surprise me.
This seems to be nothing more than an example of a very dull and uninformative way to display a large collection something very very common.
Sadly, microsoft doesn't seem to have anything you can do to fix this. http://www.microsoft.com/technet/security/advisory/979352.mspx It's seems all they advise will only reduce your odds of getting hit (by helping protect against the methods they've seen used to exploit it) and reducing the damage done after IE runs the malicious code on your system.
What they should be suggesting is that people not use IE on the internet (if possible) until this is fixed.
'0 day' exploits are everywhere. What matters to me is that once discovered they are quickly patched or at the very least, a work around that actually prevents exploitation is provided.
I'd be interested to know more about the social engineering aspect of this attack. Was this more of the usual attempts (something that really should have been caught by anyone who knows better than to open random attachments and click links from strangers) or was there something much more involved that allowed the attackers to gain sufficient trust that any one of us would have likely fallen for this. Did the attackers spend months building a strong level of trust with the people at these companies or did someone click an on E-card?
The last time I looked into thunderbird 3 all the mail was no going to be stored in an mbox format and wouldn't be stored in anything close to plain text. That's a deal breaker for me. I love the ability to grep a folder or even the entire inbox. The search in thunderbird has always been lacking but no matter how much the search is improved in thunderbird 3 it can't be good enough to replace the speed and power of what can be done on the command line.
If that's still the case and I had to switch to anything I'd go back to using to fetchmail
"we'd be using our 1200bps modems connecting to the local BBS and swapping email over fido."
exactly what I did in the old days. As long as computers are around, people will find a way to connect them and connect themselves to each other using them. I suspect that while dial up might not be answer people run to these days I could see people setting up wireless networks within their own neighborhoods, and extending them into WANs that cover a good part of their city.
"I don't think they will cut off customers. It would be a huge support hassle for them. We lost connection the other day and they sent out a tech guy the next day. That can't be cheap considering they are all contractors."
They shut them down already. This is just a way to cut costs by automating the notification process and giving infected customers a chance to clean up the problems themselves before they spew enough spam that a disconnection is needed. I certainly hope that they disconnect customers who neglect these notices and allow their computers to continue being used for spamming, phishing, etc. until they've re-secured their systems.
I've seen ISPs doing this sort of thing via walled gardens with a lot of success, and I hope it catches on.
Passing this would be a great thing for those corps and for Obama. Obama gets to be tough on those evil, tax cheating corporations. The corporations get a plausible excuse to officially move their HQ offshore, "we can't afford to do business here anymore."
Can I use that excuse too? I need to evade/cheat/avoid paying my income taxes because "I can't afford to do business here anymore" either.
I'm so tired of this idea that corporations should be able to do things which would fast have me inside a jail cell if I were to try doing them myself. I also have a pretty hard time feeling sorry for giant corporations who make billions in profits each year, considering the number of other advantages, resources, support, and security they have over the rest of us. I think they'll live. Even if companies needed to pay a higher percentage of total income in taxes then most of us, it won't have as great an impact on them then it does for the average guy working a 9-5. The ones that couldn't make it if they had to start paying their "fair" share of the tax burden most likely don't deserve to continue existing anyway.
Games do well enough for now at expressing emotion within the limits of graphics/voice acting/script
What I'd like to see are:
1. controls sensitive and natural enough that your character is able to clearly express how you are feeling with no effort on your part. If it's done well how your character moves and his expression will change without you even realizing it
2. NPCs that then respond to your emotional state at the time.
I've played a whole lot of adventure games and now every so often I'll see some random discarded object lying around on the ground somewhere and I get the odd feeling that if I picked it up and carried it around eventually I might figure out where I can use it for something.
but a new protocol for p2p traffic sounds good to me.
It'd be nice if it allows for faster transfers and less congestion, but what I'd really like to see is something that makes it harder for ISPs to detect/penalize the traffic and more difficult for people to track what other people are transferring. Right now it's simple for your average unlicensed investigator to gather lists of IPs by monitoring torrents or just sharing out the material themselves and seeing who bites.
I wonder if you could use something like this to flood those lists with forged IPs, requesting entire files to be sent to other machines which just silently drop the traffic, all without causing bandwidth problems for anyone else. I'd hesitate to do something like that even if I didn't have to worry about causing random people connection trouble or slower file transfers, but the thought did pop into my head that if the traffic used by this protocol were made insignificant enough others might look into that sort of thing.
from time to time I run a keylogger on my own systems. It's been pretty useful for going back and figuring out exactly what I was doing last week, it provides a quick way to find some comment I made or a website I was at before, etc.
It helps that I spend a lot of time at a command line as well, but I have even left notes to myself by typing anywhere that will accept text, and then clearing the text out.
It's also nice to be able to know exactly when someone else was on my system and what exactly they were doing (although that doesn't come up too often and I let people who may want to use my system know that they are being logged first!)
All the ads they need are already in the games, but these companies aren't selling the products they advertise.
I played 'the world ends with you' and thought it'd be neat to have a player pin. I haven't seen one in stores anywhere but some random guy setup a cafe press shop where he's selling them and I'm buying! The advertising worked like a charm, but Square Enix isn't getting the money for it because they haven't made it easier for me to get what I wanted from them then it was to stumble upon the goods elsewhere. Given the choice, I'd pay MORE to get an official product from them than take my chances on some guy's website.
if game makers are looking for ways to increase the money they are making this is one place they could easily get it. I picked up this Cactuar cell phone charm (not mine in the pic tho) while I was in japan, but I'd have picked one up years ago if I'd seen it in a store here.
If game companies took advantage of the marketing power they already have it would turn the used game market into a win for them as more fans == more merchandise sold. The age of the game does not detract from that at all. It's been decades now and I'd still buy a rubber chicken with a pulley in the middle if I saw one!
Slashdot Mirror
No need to try to save everything but if we know something is going to die off we should at least try to save it's DNA so we can clone it later if we need it for something or just want to study it.
It's my job to trace IPs back to customer's accounts.
Big ISPs have nice record keeping and database systems setup to make it easy, but even the little guys can track you down with very little trouble.
It's not hard to trace an IP address back to a customer's internet account and (in many cases) a physical address.
Sure you can't tell exactly who was at the keyboard, but as far your ISP is concerned, who you allow to access your account is your problem. The account holder is responsible for what takes place over the service they signed up for.
When it comes to major legal issues, we are able to give police a very firm places to start looking (a physical address, a hostname, access logs etc) and from there they can check your hard drives, network, home router config, and decide how likely a suspect you are from that.
I'm guessing this game will cost $40-$60. That's a lot of money to risk on a hand held game. Not all Mario games have been gems.
This is exactly what Mozilla needs to lean to start doing. I don't even care if they bury those options in about:config but major changes to basic things like address bars, title bars, status bars, tabs, etc should all be 100% optional not need yet another add-on. I prefer using add-ons to extend the browser, not restore functionality. Far too many of the add-ons I have already installed were only added to bring back some feature that was taken out of the browser or changed.
workstations should have a desktop firewall mostly to monitor outbound connections. (good for keeping apps from phoneing home etc).
most nasty inbound traffic should be blocked at the router but it's nice to be able to block an extra port or random IP when needed on a per machine level.
For servers where you are expecting random incoming traffic it's better to block all unwanted inbound traffic before it ever gets the sever (ACLs work fine here). You don't need to worry about outbound traffic as much, as long as you are doing reasonable things like blocking outbound port 25 for your web server, port 80 for your mail server etc.
While I'm sure some of the new functionality will be exploited, I expect most of the abuse will be from folks who want to push ads and track users.
Anytime someone registers something like www.paypal-loginweb.com it should be setting off red flags everywhere.
I'm not saying these domains should be shutdown automatically or anything, but they should be flagged for review every few weeks and it might not be a bad idea to ask a few questions either.
The fact is that many registrars have worked so hard to lower costs that they cut out the basic checks that would have caught these kinds of domains.
Sure it would never stop someone from setting up a phishing site with a domain like skljhf3lihgfsklh2jnf.com but that domain sure would make it easier for people to detect something wasn't quite right.
In many cases lazy irresponsible registrars are making things too easy for criminals.
Can articles please link to these by default already?
Reviews of the movie were good. http://www.rottentomatoes.com/m/hurt_locker/
I'm guessing that maybe many others (like myself) were well past starting to get sick of war in general and the war in iraq in particular. There has been a huge number of war movies set in the middle east over the last several years and maybe people who still bothered to go to a theater wanted something a little different.
Hey! That's the same number of ISPs I get to choose from in the US!
Individuals in the US may not have much for options either but I do feel a little better that our gov has to work a little harder to spy on our net traffic than they do in China where it's all centralized for them in one of two places.
Not at all, only that you aren't likely to find something that will give you output exactly like what you'd want to present it to a non-tech (in some cases very non-tech) crowd. Benchmarking software is pretty much all designed for techs, as techs are the only ones who generally want to know a machines benchmarks.
The results you'll get from benchmarking software will give way more detail than "C level execs" are going to want to look at and will present it in ways that will be hard for them to grasp.
A presenter (tech translator) who gets the results that he/she understands best and then combines/reformats that info more or less by hand into something to show to the suits will have the best chance of getting the point across clearly and quickly.
My point was just that when you're shopping around for and trying out benchmarking software for this purpose, don't spend time worrying about if the app gives you pretty graphs for anyone else. Get whatever works best for you and be ready to spend a few minutes creating something pretty from that data on your own.
I'd have to agree - don't bother looking for something with nice charts - most charts won't matter much to non-techs anyway. Just take the results from the best tools for the job and use those numbers to create charts, graphs, etc that will work best for your audience.
After he was arrested and placed in custody is when he stated that he would only give the password to the mayor, not becuase it was a rule or directive but becuase Mayor Newsom was "the only person he felt he could trust".
I haven't followed this case very closely so forgive me if this has been answered elsewhere, but do you know why the mayor didn't just take the password from this guy and then hand it over to the new admins? It doesn't seem like too big a hassle for Mayor Newsom if 20 minutes on the phone would have actually helped the city avoid significant costs and problems.
Mr. Childs could then say any problems with the network from that point on were the mayor's fault for handing over the passwords to those less competent and that would have been the end of it. No huge court case needed.
Soon (now?) they can generate captions of everything heard (or sung) in a video immediately after upload and match the captions against lyrics and transcriptions of copyrighted works or even just search them for specific keywords. Then they can flag those videos as possible copyright violations or even prevent them from being displayed until after being reviewed by someone.
I'm not saying captioning isn't a good idea, only that it can be used for more than just assisting the hard of hearing.
I normally I'd love this sort of thing. I pour over logs in my spare time - for kicks even, but this video just bored me. For nearly half the video this thing never goes beyond "look! people in different countries are active at different times!".
Even the few things that almost start to seem interesting leave you unable to gain any insight because there is just no information. There isn't any useful data to work with.
What this fails to provide us with is what kind of traffic this was in the first place. Any reasonably large site is going to get hit with all kinds of background noise, and so the fact that they found themselves with large amounts of "traffic" from 'nearly every country' doesn't surprise me.
This seems to be nothing more than an example of a very dull and uninformative way to display a large collection something very very common.
Sadly, microsoft doesn't seem to have anything you can do to fix this.
http://www.microsoft.com/technet/security/advisory/979352.mspx
It's seems all they advise will only reduce your odds of getting hit (by helping protect against the methods they've seen used to exploit it) and reducing the damage done after IE runs the malicious code on your system.
What they should be suggesting is that people not use IE on the internet (if possible) until this is fixed.
'0 day' exploits are everywhere. What matters to me is that once discovered they are quickly patched or at the very least, a work around that actually prevents exploitation is provided.
I'd be interested to know more about the social engineering aspect of this attack. Was this more of the usual attempts (something that really should have been caught by anyone who knows better than to open random attachments and click links from strangers) or was there something much more involved that allowed the attackers to gain sufficient trust that any one of us would have likely fallen for this. Did the attackers spend months building a strong level of trust with the people at these companies or did someone click an on E-card?
The last time I looked into thunderbird 3 all the mail was no going to be stored in an mbox format and wouldn't be stored in anything close to plain text. That's a deal breaker for me. I love the ability to grep a folder or even the entire inbox. The search in thunderbird has always been lacking but no matter how much the search is improved in thunderbird 3 it can't be good enough to replace the speed and power of what can be done on the command line.
If that's still the case and I had to switch to anything I'd go back to using to fetchmail
"we'd be using our 1200bps modems connecting to the local BBS and swapping email over fido."
exactly what I did in the old days. As long as computers are around, people will find a way to connect them and connect themselves to each other using them. I suspect that while dial up might not be answer people run to these days I could see people setting up wireless networks within their own neighborhoods, and extending them into WANs that cover a good part of their city.
"I don't think they will cut off customers. It would be a huge support hassle for them. We lost connection the other day and they sent out a tech guy the next day. That can't be cheap considering they are all contractors." They shut them down already. This is just a way to cut costs by automating the notification process and giving infected customers a chance to clean up the problems themselves before they spew enough spam that a disconnection is needed. I certainly hope that they disconnect customers who neglect these notices and allow their computers to continue being used for spamming, phishing, etc. until they've re-secured their systems. I've seen ISPs doing this sort of thing via walled gardens with a lot of success, and I hope it catches on.
Passing this would be a great thing for those corps and for Obama.
Obama gets to be tough on those evil, tax cheating corporations.
The corporations get a plausible excuse to officially move their HQ offshore, "we can't afford to do business here anymore."
Can I use that excuse too? I need to evade/cheat/avoid paying my income taxes because "I can't afford to do business here anymore" either.
I'm so tired of this idea that corporations should be able to do things which would fast have me inside a jail cell if I were to try doing them myself. I also have a pretty hard time feeling sorry for giant corporations who make billions in profits each year, considering the number of other advantages, resources, support, and security they have over the rest of us. I think they'll live. Even if companies needed to pay a higher percentage of total income in taxes then most of us, it won't have as great an impact on them then it does for the average guy working a 9-5. The ones that couldn't make it if they had to start paying their "fair" share of the tax burden most likely don't deserve to continue existing anyway.
Games do well enough for now at expressing emotion within the limits of graphics/voice acting/script
What I'd like to see are:
1. controls sensitive and natural enough that your character is able to clearly express how you are feeling with no effort on your part. If it's done well how your character moves and his expression will change without you even realizing it
2. NPCs that then respond to your emotional state at the time.
I sometimes wonder if this hasn't affected me.
I've played a whole lot of adventure games and now every so often I'll see some random discarded object lying around on the ground somewhere and I get the odd feeling that if I picked it up and carried it around eventually I might figure out where I can use it for something.
but a new protocol for p2p traffic sounds good to me.
It'd be nice if it allows for faster transfers and less congestion, but what I'd really like to see is something that makes it harder for ISPs to detect/penalize the traffic and more difficult for people to track what other people are transferring. Right now it's simple for your average unlicensed investigator to gather lists of IPs by monitoring torrents or just sharing out the material themselves and seeing who bites.
I wonder if you could use something like this to flood those lists with forged IPs, requesting entire files to be sent to other machines which just silently drop the traffic, all without causing bandwidth problems for anyone else. I'd hesitate to do something like that even if I didn't have to worry about causing random people connection trouble or slower file transfers, but the thought did pop into my head that if the traffic used by this protocol were made insignificant enough others might look into that sort of thing.
from time to time I run a keylogger on my own systems. It's been pretty useful for going back and figuring out exactly what I was doing last week, it provides a quick way to find some comment I made or a website I was at before, etc.
It helps that I spend a lot of time at a command line as well, but I have even left notes to myself by typing anywhere that will accept text, and then clearing the text out.
It's also nice to be able to know exactly when someone else was on my system and what exactly they were doing (although that doesn't come up too often and I let people who may want to use my system know that they are being logged first!)
keyloggers are just another type of tool.
All the ads they need are already in the games, but these companies aren't selling the products they advertise.
I played 'the world ends with you' and thought it'd be neat to have a player pin. I haven't seen one in stores anywhere but some random guy setup a cafe press shop where he's selling them and I'm buying! The advertising worked like a charm, but Square Enix isn't getting the money for it because they haven't made it easier for me to get what I wanted from them then it was to stumble upon the goods elsewhere. Given the choice, I'd pay MORE to get an official product from them than take my chances on some guy's website.
if game makers are looking for ways to increase the money they are making this is one place they could easily get it. I picked up this Cactuar cell phone charm (not mine in the pic tho) while I was in japan, but I'd have picked one up years ago if I'd seen it in a store here.
If game companies took advantage of the marketing power they already have it would turn the used game market into a win for them as more fans == more merchandise sold. The age of the game does not detract from that at all. It's been decades now and I'd still buy a rubber chicken with a pulley in the middle if I saw one!