Re:Linux to the rescue?
on
Code Red III
·
· Score: 2
"Technically illegal?"
I don't know...is it illegal to use an open port on a machine if the person doesn't intend for us to use that port?
Let's say I leave port 80 open on my machine...unintentionally...and furthermore in such a way that private, confidential information can be seen and downloaded. If someone tries to read a web page or surf my now-open web browser, have they really broken any laws?
I don't think so. Because I'm the one who left the damned thing open.
An interesting thing about your comment is that perhaps Code Red II was built by white hats in the first place just for this reason -- to open up a back door on all of these folks' machines so that they could do just that. The US government protecting itself? Microsoft doing damage control? Blackhats? Who knows?
I think that if someone broke a hole in the wall of my house while I was on vacation, and someone came by and went inside my house just so that they could repair that hole, I would be grateful. I certainly wouldn't press charges.
Re:Sheesh, where was this book when I needed it.
on
From Bricks to Clicks
·
· Score: 2
So what you're basically saying is, "Duh?"
Bingo.
The "New Economy" was a scam. Students of History knew it. But now we've gone too far in the opposite direction, with the belief that online enterprises cannot make money.
The facts don't bear that out. I recently read (either in the Economist or The Motley Fool) that the current leaders on-line are old brick-and-mortar enterprises that successfully made the leap. The reason? They had the basic fundamentals of sound business practice first.
And it's not entirely true that geeks don't care about sales and marketing. You can geek out on sales and marketing strategy just as you can on software tools and hardware architecture. And we code geeks certainly DO care when we have jobs and have to work with sales and marketing to get the right product made, and then to get that product sold.
But you're right. The rules of business haven't changed, and the old rules still apply -- they always did -- we're just using a new medium for the same old rules.
I thought this was the fourth -edition- of "The C Programming Language," not the fourth -volume- of "The Art of Programming," and found myself wondering...
If the first edition is the Old Testament, and the second edition is the New Testament, then the third -might- be called the Book of Mormon...then what would be the fourth edition?
These are the questions which keep me up late at night...
For one thing, most of these attacks rely on sophisticated equipment that isn't readily available for people to use. And as the authors point out, the simple fix is to use end-to-end encryption (e.g., SSH) instead of expecting the WEP do it for you -- just as you would if you were on a broadcast network through your ISP (e.g., Roadrunner).
There is a threat of abuse from people with serious resources (e.g., the governments of developed nations), but even that threat is small. For now.
I'd be amazed if anyone actually believed that it was a TRS-80. Those things didn't have the RAM to even hold a single JPG image, much less serve them from a tape cassette player!
Waterloo's a really good school. If a nickel flew out my ass for every good piece of research I heard about from UW when I was in grad school, well then...I'd have a serious bagful of shit-coated nickels.
Good to see they're still churning out good research.
Oh, btw, the URL is here:
http://real.uwaterloo.ca/~robot/
And anyone who doesn't think that we in the US, or any other democratic/republican/parlimentary statis is immune to this, then they have fogotten the first thing taught to them in history class: "Thos who do not learn from history are destined to repeat it"
In college, I was doing research on the fall of Democracy in Chile. What fascinated me about the subject was how Chile, which had been a democracy for about a century, had become a military dictatorship. More importantly, I wondered if such a thing could ever happen here.
It turns out that there is an entire series of volumes titled The Breakdown of Democratic Regimes. There are volumes dedicated to Europe (e.g., Nazism in Germany), Latin America, a couple of more general texts, and a single volume dedicated just for Chile. And the entire scope of this series was summarized best by Julius Caesar over two thousand years ago:
All bad precedents began as justifiable measures.
Or, "It seemed like a good idea at the time." Or the great Benjamin Franklin quote above: "Those who would sacrifice essential liberty for security deserve neither." They get neither, as well.
We can't trust a government to do anything right. Why do we? Would you trust a bunch of complete power-greedy strangers to feed and clothe your children? Government has to be kept on a very short leash. If you do not set up and defend strict limits on the power officials can have and how long they can have that power, government will get too big for its britches. And if you give them more power than they deserve for more "security," you will find yourself walking down the streets, accosted by policemen. Or arrested without habeas corpus -- or bail.
A much better example would be if I studied hard for an exam, and you were peeking over my shoulder at my answers because you didn't do the studying. Where your analogy falls apart is that your little bro didn't spend hours slaving over the idea to come up with it -- he probably found it by accident.
The reason we have patents is because it takes time and effort to do the research to come up with a new idea, and people who come up with these good new ideas deserve to be rewarded for their efforts.
Now it's definitely a good point to make that the current patent system in the US is broken, but to go to the opposite extreme would only break things differently -- it's the "I can make you forget about that headache by breaking your arm" strategy.
I have a friend who works for a company that's doing just this. They are funded by the government to write intelligent agents ("agents" in the sense of mobile code) for security purposes. So rather than merely setting up a firewall, the goal of this is to write software that can move from machine to machine, like a virus, and stomp out viruses, trojans, and fight off other attackers.
Call it a white blood cell.
So is developing a counter-virus, an antibody, a white blood cell being part of the problem? I don't think so. Once a computer's been hacked, it's already been hacked. It's already been violated. If you don't want people to write counter-viruses, for heaven's sake, don't let you computer get infected in the first place! Viruses are preventable.
I don't think there's necessarily a connection between being able to describe it and whether or not it violates our constitutional rights. What it also implies is that their method, once known, is easily defeatible -- "security through obscurity" rearing its ugly head.
It seems to me possible that the FBI is using a device that can actually monitor a keyboard without touching it. If you ever turn the volume on your soundcard way up, you'll notice that you can hear in the static different notes depending on which keys on the keyboard you press.
This isn't something the average shmuck could defeat easily if he knew about it, but the larger fish which make and break FBI agents' careers do have the resources to install jammers for such occasions. So it is quite possible that the FBI has a point here.
I've read an e-book or two (I downloaded a couple of volumes from the Gutenburg project to my Palm), but I must say...there is something satisfying about paper. About holding a book in your hands. About owning a book.
Most of the books I own are not dated "travel guides" or "How to program C in SunOS 3". They're either timeless references such as the Dragon Book, or great fiction such as the works of Asimov and Zelazny. And the joy of owning these books is not just from the one time I read them. These books have depth and purpose, and I keep coming back to them so that I can read them again and see what I missed, or just to see the story from an older pair of eyes.
Most of them hold up very well.
Ray Bradbury has, in one of the earlier prefaces to "Fahrenheit 451," a wonderful description of his love for books. How you can shout at a book and throw it on the ground, or the smell of the paper and ink, or the feel of the pages in your hand. The experience of reading a book should not be a race against the clock! I enjoyed the fact that I could just slowly sink into "Necronomicon," page by page, so that I could really enjoy the work.
Having said that, I see the market for this kind of beast. The readers of Clive Cussler and Terry Brooks and Danielle Steele, the ones who go through pulp garbage like popcorn, can make use of this. I don't pick up the pulp after I've read it to enjoy it again...the second time through, I can see the banality of the mass-produced work.
But if it's Stephen King, I want to let him paint his mental pictures before me, and that takes time. I can't feel rushed, you know? If it's Neal Stephenson, if it's Frank Herbert, if it's someone with the tiniest shred of talent...well, come on then...let me read the damned thing.
If you take away ownership of the pages, it's just not a book any more. It's not part of information. It's no longer a meme. It's just throwaway disposable garbage. And it's great for that sort of thing...but let me keep the treasures!
Man, I wish...
on
Code Redux
·
· Score: 5, Insightful
I wish that RoadRunner San Diego would do that! All they've done so far is to send two "Virus Alert" e-mails out to people, imploring them to install the patch if they run Win2k or WinNT.
I really think that it's the responsibility of a machine's owner to lock down his/her system from attack. Ignorance of the rule is no excuse. If you put a machine on the net, and it's not secure, it becomes a danger for everyone.
The easiest thing to do is to shut down the access to machines that are infected. That way, you have their undivided attention when they call you up and say, "My cable's not working!" You simply respond... "Yes, we shut it off, because you wouldn't take care of business."
You're not lame for running IIS if you've patched it. You're lame if you aren't paying attention to the patches out there.
Well, after the "Ewoks," and "Howard The Duck," I'm beginning to believe that with Star Wars (which is actually a pretty lame movie title too, if you think about it) Lucas just got lucky.
"Already, MP3 is showing signs of its age, and MP3Pro had to be trotted out, so it is assumed that users will eventually switch to something else."
MP3Pro? Never heard of it.
Really.
It's true that Ogg Vorbis will have an appeal to hardware manufacturers -- but they will still have to spend the time and resources developing that hardware, and they won't bother doing it if they don't already see a market. MP3 had been a very popular format for several years before even the first hardware came out to play them. It takes time to bring a product to market, and before you can do that, you have to show that people are out there willing to pay for it.
Even if you provide an easy means for people to use the Ogg Vorbis format with your player, you're talking about people who have already spent countless hours encoding their CD libraries and downloading MP3's from places like MP3.com -- why should they make the effort to re-encode all of this to MP3 all over again?
I don't buy the assumption that people will move on to something else. It's not just "mindshare" that MP3 owns. Individual consumers, the users of the format, have made an investment in MP3. Not a financial investment, but a time and hard disk space investment. If you listen to music, if you own a fairly modern computer, you have MP3's.
The only thing that will keep folks from listening to MP3 is if a change is FORCED on them. MP3 will have to be declared either illegal or "unsupported" by everyone. As it stands now, if you're a powerful corporation and choose not to support MP3 -- it's your future that will be affected. Not that of the MP3 format.
The guy who posted about GIF has a good point. It doesn't matter that the technology behind it has patents; it is the de facto standard. It has oodles of hardware and software support. And most importantly, it's the standard that -customers- want.
Geeks maybe want Ogg Vorbis. Corporations want.wma,.ram, and other formats with strict support for licensing. But the people with wallets full of green notes and good credit ratings want MP3.
What's preventing Ogg from taking over MP3 is that Ogg's place in the market is already taken up by MP3. Being first-mover is a strong advantage. Ogg's a long ways behind MP3, and there's really no advantage to it from a consumer's point of view. That's the reason why strictly-controlled music formats aren't competing well with MP3 as well: There is no advantage for the consumer.
I can acquire, make, and listen to MP3's for free. No cost. There are free encoders, free players, and free MP3's of all kinds everywhere. Why do I need Ogg?
This comment says it well, from the end of the article:
`"How Mr. Morris must be laughing," Harry Owen of Horley, Surrey, wrote in a letter to The Daily Telegraph. "Perhaps Channel 4, instead of apologizing, should have simply said, `We rest our case.' "'
It's funny how satire becomes reality in that way. It's kind of like the South Park movie; the whole thing parodied, prior to the fact, the reaction of everyone to the movie after it was released.
Such satire is the most brilliant kind -- when a satire makes fun of the very reaction people have tot he satire. It's when you know that the satire's creators have hit their target right in the center of the bullseye.
Slashdot Mirror
"Technically illegal?"
I don't know...is it illegal to use an open port on a machine if the person doesn't intend for us to use that port?
Let's say I leave port 80 open on my machine...unintentionally...and furthermore in such a way that private, confidential information can be seen and downloaded. If someone tries to read a web page or surf my now-open web browser, have they really broken any laws?
I don't think so. Because I'm the one who left the damned thing open.
An interesting thing about your comment is that perhaps Code Red II was built by white hats in the first place just for this reason -- to open up a back door on all of these folks' machines so that they could do just that. The US government protecting itself? Microsoft doing damage control? Blackhats? Who knows?
I think that if someone broke a hole in the wall of my house while I was on vacation, and someone came by and went inside my house just so that they could repair that hole, I would be grateful. I certainly wouldn't press charges.
So what you're basically saying is, "Duh?"
Bingo.
The "New Economy" was a scam. Students of History knew it. But now we've gone too far in the opposite direction, with the belief that online enterprises cannot make money.
The facts don't bear that out. I recently read (either in the Economist or The Motley Fool) that the current leaders on-line are old brick-and-mortar enterprises that successfully made the leap. The reason? They had the basic fundamentals of sound business practice first.
And it's not entirely true that geeks don't care about sales and marketing. You can geek out on sales and marketing strategy just as you can on software tools and hardware architecture. And we code geeks certainly DO care when we have jobs and have to work with sales and marketing to get the right product made, and then to get that product sold.
But you're right. The rules of business haven't changed, and the old rules still apply -- they always did -- we're just using a new medium for the same old rules.
I thought this was the fourth -edition- of "The C Programming Language," not the fourth -volume- of "The Art of Programming," and found myself wondering...
If the first edition is the Old Testament, and the second edition is the New Testament, then the third -might- be called the Book of Mormon...then what would be the fourth edition?
These are the questions which keep me up late at night...
And what if I'm using SSH2, as the AC below suggested?
For one thing, most of these attacks rely on sophisticated equipment that isn't readily available for people to use. And as the authors point out, the simple fix is to use end-to-end encryption (e.g., SSH) instead of expecting the WEP do it for you -- just as you would if you were on a broadcast network through your ISP (e.g., Roadrunner).
There is a threat of abuse from people with serious resources (e.g., the governments of developed nations), but even that threat is small. For now.
I'd be amazed if anyone actually believed that it was a TRS-80. Those things didn't have the RAM to even hold a single JPG image, much less serve them from a tape cassette player!
But still...there's one born every minute...
That this is the URL for the robot:
http://real.uwaterloo.ca/~robot/
The link below is not the URL for the robot:
Waterloo's a really good school. If a nickel flew out my ass for every good piece of research I heard about from UW when I was in grad school, well then...I'd have a serious bagful of shit-coated nickels.
Good to see they're still churning out good research.
Oh, btw, the URL is here:
http://real.uwaterloo.ca/~robot/
"Actually, I heard the blank spot was just noise introduced by a top-secret CIA funded copy-protection scheme from the era. ;) "
Wouldn't that mean that the attempts to hear what's there would violate the DMCA?
I think we're in trouble.
In college, I was doing research on the fall of Democracy in Chile. What fascinated me about the subject was how Chile, which had been a democracy for about a century, had become a military dictatorship. More importantly, I wondered if such a thing could ever happen here.
It turns out that there is an entire series of volumes titled The Breakdown of Democratic Regimes. There are volumes dedicated to Europe (e.g., Nazism in Germany), Latin America, a couple of more general texts, and a single volume dedicated just for Chile. And the entire scope of this series was summarized best by Julius Caesar over two thousand years ago:
All bad precedents began as justifiable measures.
Or, "It seemed like a good idea at the time." Or the great Benjamin Franklin quote above: "Those who would sacrifice essential liberty for security deserve neither." They get neither, as well.
We can't trust a government to do anything right. Why do we? Would you trust a bunch of complete power-greedy strangers to feed and clothe your children? Government has to be kept on a very short leash. If you do not set up and defend strict limits on the power officials can have and how long they can have that power, government will get too big for its britches. And if you give them more power than they deserve for more "security," you will find yourself walking down the streets, accosted by policemen. Or arrested without habeas corpus -- or bail.
A much better example would be if I studied hard for an exam, and you were peeking over my shoulder at my answers because you didn't do the studying. Where your analogy falls apart is that your little bro didn't spend hours slaving over the idea to come up with it -- he probably found it by accident.
The reason we have patents is because it takes time and effort to do the research to come up with a new idea, and people who come up with these good new ideas deserve to be rewarded for their efforts.
Now it's definitely a good point to make that the current patent system in the US is broken, but to go to the opposite extreme would only break things differently -- it's the "I can make you forget about that headache by breaking your arm" strategy.
Is this part of the problem?
I have a friend who works for a company that's doing just this. They are funded by the government to write intelligent agents ("agents" in the sense of mobile code) for security purposes. So rather than merely setting up a firewall, the goal of this is to write software that can move from machine to machine, like a virus, and stomp out viruses, trojans, and fight off other attackers.
Call it a white blood cell.
So is developing a counter-virus, an antibody, a white blood cell being part of the problem? I don't think so. Once a computer's been hacked, it's already been hacked. It's already been violated. If you don't want people to write counter-viruses, for heaven's sake, don't let you computer get infected in the first place! Viruses are preventable.
I don't think there's necessarily a connection between being able to describe it and whether or not it violates our constitutional rights. What it also implies is that their method, once known, is easily defeatible -- "security through obscurity" rearing its ugly head.
It seems to me possible that the FBI is using a device that can actually monitor a keyboard without touching it. If you ever turn the volume on your soundcard way up, you'll notice that you can hear in the static different notes depending on which keys on the keyboard you press.
This isn't something the average shmuck could defeat easily if he knew about it, but the larger fish which make and break FBI agents' careers do have the resources to install jammers for such occasions. So it is quite possible that the FBI has a point here.
I've read an e-book or two (I downloaded a couple of volumes from the Gutenburg project to my Palm), but I must say...there is something satisfying about paper. About holding a book in your hands. About owning a book.
Most of the books I own are not dated "travel guides" or "How to program C in SunOS 3". They're either timeless references such as the Dragon Book, or great fiction such as the works of Asimov and Zelazny. And the joy of owning these books is not just from the one time I read them. These books have depth and purpose, and I keep coming back to them so that I can read them again and see what I missed, or just to see the story from an older pair of eyes.
Most of them hold up very well.
Ray Bradbury has, in one of the earlier prefaces to "Fahrenheit 451," a wonderful description of his love for books. How you can shout at a book and throw it on the ground, or the smell of the paper and ink, or the feel of the pages in your hand. The experience of reading a book should not be a race against the clock! I enjoyed the fact that I could just slowly sink into "Necronomicon," page by page, so that I could really enjoy the work.
Having said that, I see the market for this kind of beast. The readers of Clive Cussler and Terry Brooks and Danielle Steele, the ones who go through pulp garbage like popcorn, can make use of this. I don't pick up the pulp after I've read it to enjoy it again...the second time through, I can see the banality of the mass-produced work.
But if it's Stephen King, I want to let him paint his mental pictures before me, and that takes time. I can't feel rushed, you know? If it's Neal Stephenson, if it's Frank Herbert, if it's someone with the tiniest shred of talent...well, come on then...let me read the damned thing.
If you take away ownership of the pages, it's just not a book any more. It's not part of information. It's no longer a meme. It's just throwaway disposable garbage. And it's great for that sort of thing...but let me keep the treasures!
I wish that RoadRunner San Diego would do that! All they've done so far is to send two "Virus Alert" e-mails out to people, imploring them to install the patch if they run Win2k or WinNT.
I really think that it's the responsibility of a machine's owner to lock down his/her system from attack. Ignorance of the rule is no excuse. If you put a machine on the net, and it's not secure, it becomes a danger for everyone.
The easiest thing to do is to shut down the access to machines that are infected. That way, you have their undivided attention when they call you up and say, "My cable's not working!" You simply respond... "Yes, we shut it off, because you wouldn't take care of business."
You're not lame for running IIS if you've patched it. You're lame if you aren't paying attention to the patches out there.
How many freaking "Send in the Clones" jokes do I have to read? IT'S BEEN DONE! READ THE THREAD BEFORE YOU POST! Gaaack!
Of course, someone else has probably already posted this sentiment by now...
Except that "Revenge of the Jedi" was a GREAT title! This one sucks!
Well, after the "Ewoks," and "Howard The Duck," I'm beginning to believe that with Star Wars (which is actually a pretty lame movie title too, if you think about it) Lucas just got lucky.
"Don't forget to tip your waitress. Unless she's a cow. Because we could never condone cow-tipping."
The drummer of a band I was in used to say that...
...is the kind that costs $50 at Cheetah's Totally Nude.
"Already, MP3 is showing signs of its age, and MP3Pro had to be trotted out, so it is assumed that users will eventually switch to something else."
MP3Pro? Never heard of it.
Really.
It's true that Ogg Vorbis will have an appeal to hardware manufacturers -- but they will still have to spend the time and resources developing that hardware, and they won't bother doing it if they don't already see a market. MP3 had been a very popular format for several years before even the first hardware came out to play them. It takes time to bring a product to market, and before you can do that, you have to show that people are out there willing to pay for it.
Even if you provide an easy means for people to use the Ogg Vorbis format with your player, you're talking about people who have already spent countless hours encoding their CD libraries and downloading MP3's from places like MP3.com -- why should they make the effort to re-encode all of this to MP3 all over again?
I don't buy the assumption that people will move on to something else. It's not just "mindshare" that MP3 owns. Individual consumers, the users of the format, have made an investment in MP3. Not a financial investment, but a time and hard disk space investment. If you listen to music, if you own a fairly modern computer, you have MP3's.
The only thing that will keep folks from listening to MP3 is if a change is FORCED on them. MP3 will have to be declared either illegal or "unsupported" by everyone. As it stands now, if you're a powerful corporation and choose not to support MP3 -- it's your future that will be affected. Not that of the MP3 format.
MP3 is -the- format.
.wma, .ram, and other formats with strict support for licensing. But the people with wallets full of green notes and good credit ratings want MP3.
The guy who posted about GIF has a good point. It doesn't matter that the technology behind it has patents; it is the de facto standard. It has oodles of hardware and software support. And most importantly, it's the standard that -customers- want.
Geeks maybe want Ogg Vorbis. Corporations want
What's preventing Ogg from taking over MP3 is that Ogg's place in the market is already taken up by MP3. Being first-mover is a strong advantage. Ogg's a long ways behind MP3, and there's really no advantage to it from a consumer's point of view. That's the reason why strictly-controlled music formats aren't competing well with MP3 as well: There is no advantage for the consumer.
I can acquire, make, and listen to MP3's for free. No cost. There are free encoders, free players, and free MP3's of all kinds everywhere. Why do I need Ogg?
This comment says it well, from the end of the article:
`"How Mr. Morris must be laughing," Harry Owen of Horley, Surrey, wrote in a letter to The Daily Telegraph. "Perhaps Channel 4, instead of apologizing, should have simply said, `We rest our case.' "'
It's funny how satire becomes reality in that way. It's kind of like the South Park movie; the whole thing parodied, prior to the fact, the reaction of everyone to the movie after it was released.
Such satire is the most brilliant kind -- when a satire makes fun of the very reaction people have tot he satire. It's when you know that the satire's creators have hit their target right in the center of the bullseye.
Yeah, it is :)
Very nice when it does happen.
Oh, one more thing.
"Have you any clue about the creative process involved in making techno music, or are you speaking purely from a biased-listener standpoint?"
You might want to listen to "Journey to Rivendell" or "Hyperactif" on my mp3.com page if you really want an answer to that question.