I don't necessarily disagree that education in most cases is favorable to education, but really, it's unrealistic.
Perhaps a thousand years ago it was certainly possible for one person to learn the sum of all human knowledge. A hundred years ago one could probably be pretty fluent in most subjects, but today, it's not possible for someone to educate themselves regarding everything that affects his life.
"He should have known better," is something I tend to say pretty frequently, but only when dealing with things where common sense should have played a role. Researching drugs and their faults is something best left for specialists.
Doctors are *trained* to know what types of drugs are best for what situations, when certain drugs shouldn't be used, and what existing medical conditions could make the use of such drugs harmful, or when the risk is acceptable. Further, they may know of a drug that performs the same thing but with a different set of side effects and problems that would be preferable.
Sure, I could probably go to some medical web site, look up my symptoms, find an ailment that causes those symptoms, find a common drug treatment, and do all sorts of research on that drug to make sure there aren't any problems, but who's to say my work is complete or accurate? Perhaps that ailment wasn't really the problem, and taking that drug only exacerbated the situation and caused my untimely death?
The average person is not qualified to make these types of decisions with *controlled substances* that have harmful and fatal side effects when not used correctly or in the correct situations. Nor is the average person qualified to have enough background knowledge in medicine to even attempt a thorough amount of research into their own ailments and what drugs they should take to cure them.
This legislation only applies to companies selling *across* state boundaries (thus bringing it into the federal domain). The vast, vast majority of pharmacies sell in a physical store, so they're only subject to the individual state's laws.
What if it is sent by a private mail carrier, like DHL?
I may be wrong, but I think private carriers might possibly share some liability here. It's probably quite illegal to ship controlled drugs from one country to another (where it may be illegal in either one). If a carrier is getting lots of international orders from a shifty-looking online pharmacy, an investigation might be performed. Carriers (at least in the US), I believe, have the right to open and inspect any package you put in their custody without a warrant.
No, I don't think this law does much in the way of international pharmaceutical orders. In those cases, I would simply hope that the host country would have similar laws (and most, if not all, do) regarding what types of drugs can be sold and how those drugs are sold and transported.
Who do you think is going to be "pushed" out of the US as a result of this legislation (assuming it passes)? The legal, legitimate, quality pharmacies? Really doubtful. The burdons placed on them as a result of this legislation are probably going to be very trivial. Certainly less than the costs of moving their operation to another country. Think of it as a business license. They already have to get one sort of license (or more) for the state they're doing business. What's one more?
So who's left? The illegal pharmacies, for one. Oh damn. Guess they'll have to move their illegal drug operation to another country, or maybe they can just try to hide their web site a little better. Then there's the pharmacies that don't seem to have any sort of quality control. If a pharmacy is consistently mis-filling prescriptions and acting really negligently, I would expect the FDA would pull their license. So I suppose there's a possibility there that they would move to another country. Again, good riddance.
If I'm ordering a prescription from an online pharmacy in the US, I would take much comfort in the fact that we had an oversight body in place licensing and monitoring these pharmacies.
If your entire business consists of 2 72" racks in a datacenter, and a local sysadmin, it's pretty easy to move your company to any country about as fast as you can propagate a DNS change.
Apparently you're forgetting the nature of the business. Pharmacies require taking in stock of drugs, filling personalized prescriptions for specific dosages of those drugs, and shipping them out. We don't care where the web site is; we care where they're doing their business. It takes a bit more effort to move this type of operation to another country than simply relocating data and making a DNS change.
Most countries have their own import/export laws with respects to controlled drugs. If it were so easy to get these things shipped out via standard mail, why aren't more people sending heroin, cocaine and marijuana via the USPS?
I don't think this legislation has anything to do with international orders.
Of course I'd have to actually read it or have someone give a better summary than what was provided in the article, but it seems to only apply to domestic pharmacies.
It would be kind of hard to require every 'Net pharmacy in the world to get a US license, and if they didn't comply, how is the US going to enforce a fine or penalty?
Agreed, but another important provision in this law is the power of the FDA to investigate the quality and set standards for online pharmacies. If an online pharmacy consistently mis-fills 10% of its drugs, or skimps out on a few pills out of each prescription, the FDA could then pull the pharmacy's license until they shape up. If the pharmacy continues to operate, the fines are quite severe.
This also makes investigating online pharmacies the explicit responsibility of the FDA. Without this legislation, that responsibility is ambiguous, and would generally require a state or a person to file a lawsuit.
Letting any Joe Bloe in the country pick up whatever prescription drugs he wants is not only stupid, it's negligent. The article states that the legislation is aimed at curbing illegal sales of prescription drugs. What better way to sell something illegally than over the Internet? The legislation only gives the FDA power to verify the quality of online pharmacies and to ensure that they are getting the required authorization before filling any orders for prescription drugs.
With respects to the whole concept of prescribing drugs, the average citizen is an idiot. This is why we have smart people who are licensed to make certain decisions for us, like doctors. If you have a medical problem that can be treated with prescription drugs, you have to get a doctor to make that diagnosis and decision. The doctor writes out a prescription, so that the pharmacy knows you've gotten a doctor's consent before they go handing out potentially lethal drugs. Would you really rather live in a country where anyone can buy any sort of drug and use it as he desires? What happens when that drug, or perhaps a certain mixture, causes sterility? Heart failure? Death? "Oh shucks, he should have known better." ? There are perfectly sane, legitimate reasons we license and prescribe drugs in this country.
The thing is, they can't really guarantee it. They can "guarantee" that their program is written correctly and will produce the correct results, but they have to work under the assumption that the operating system itself is working correctly.
We all remember the Pentium math errors of quite a while back. Who's to say that the OS will fail to add numbers correctly in a certain situation? What if you run their program under a heavily hacked copy of 'wine' and it ends up spitting out negative numbers erroneously? No software manufacturer can guarantee against these types of unknowns, so no software maker will guarantee that their product functions correctly.
The concept of "derivative work" is hardly a new one. How then, would you define a derivative work with respects to software?
The law with respects to software makes little distinction. The only thing software has over text is that the owner of a copy may make another copy for archival purposes.
So, given that software is treated basically the same, here's what the law has to say about derivative works, among other things (title 17, chapter 1, 103b):
(b) The copyright in a compilation or derivative work extends only to the material contributed by the author of such work, as distinguished from the preexisting material employed in the work, and
does not imply any exclusive right in the preexisting material. The copyright in such work is independent of, and does not affect or enlarge the scope, duration, ownership, or subsistence of, any copyright protection in the preexisting material.
Thus, he still owns the copyright on his work, but he cannot redistribute the whole work (the program) unless he licenses his own code under the GPL.
If he refuses to acknowledge or abide by the GPL, he has *no* rights to redistribute the rest of the work at all, as it remains copyrighted. He can certainly release his own code, under his own license, but he can't do so as part of the program.
No offense to you, but I'd really rather hear a professional legal opinion about all of this if there really is something contestable about the GPL, and not some rantings about the evil FSF with some occasional legal jargon from an anonymous poster.
Something like this though, the requirement to redistribute or otherwise make available the source code to your GPL'ed-base work, is the very heart of the GPL license.
Are you saying that if they were to violate this provision and not cooperate by coming into compliance, that they should be continued to be allowed to re-distribute the software? Perhaps I misspoke when I said they can lose "all" of their rights. At a minimum, I would expect that I could be able to revoke a person's right to redistribute my copyrighted work if they fail to uphold their end of my license. THIS has got to be supported by legal precedent in some fashion. The authors of this software have collectively said, "OK, we're letting people redistribute our copyrighted software so long as they comply with the terms of the GPL license."
So the only thing left would be the possibility that a portion of the GPL would be striked out as unreasonable. Could this source code requirement be classified as 'unreasonable'? I don't think it can, and I don't really see how this can't be supported by law or precedent. Unless you are referring to the fact that the GPL has never been tried in court...?
If they're actually in violation of the GPL, they can lose *all* of their rights with respects to the GPL'ed software.
Copyrighted works by default give people NO license to copy, redistribute or modify the work. The GPL explicitely grants this right so long as the user works within the bounds of the license. Once they violate the license, they lose all redistribution rights to the software, which would kinda put them out of business instantly.
I'm not sure if you mean have the IRS write the software, or just make a common set of "data files" available with whatever variations in taxes from year to year represented. If you want them to spend your tax money developing software, you're still paying for it one way or the other.
Personally, I'd rather get my tax software from a company motivated by profit. Things tend to be done a lot better than when we ask the government to do it for us.
Any "good" intruder can do a lot to cover his tracks, but all it takes is an admin watching network packets with the ISP of the source on the phone.
There's always a trail. It all boils down to who has the resources and time to follow it.
It amuses me how many l33t hax0r IRK kiddies there are that think they're indestructible, that the only kids that are ever caught are the ones they show on TV, that they'll never be discovered or prosecuted. And when the FBI raids their house and their parents are stuck losing their home and his college tuition money paying for damages, guess who's out there laughing his ass off.
If you want to break into systems to learn how security works, be able to examine code, etc., GO TO COLLEGE. Most universities have some very EXCELLENT network security courses where the students do precisely this, and have access to all sorts of very interesting hardware. Do not use my systems for your stupid games or "education", whatever it is you want to call it. How am I supposed to know you didn't touch anything vital? If you break into a bank vault just to "learn", and the cops come to your house the next morning, do you think they're going to care or believe you if you said, "But I didn't take any money!"
And just because a system isn't 100% impenetrable to your l33t hax0r skilLZ does not necessarily mean the admin is remotely incompetant. What if the exploit was made available before an announcement/fix/workaround was made? What if both were released at 3AM? Is the admin incompetant because his pager isn't set to wake him up every time an e-mail message is posted to Bugtraq? Is the company *deserving* of an attack just because they don't spend 80% of their meager revenue on network security?
If you break into my system illegally, REGARDLESS of your intentions, I will prosecute you and you will go to jail. Period.
You're right, it does sound like script kiddies. Script kiddies are who are responsible for 99% of the publicized "cracks" and web site defacements, so it's only natural to mention them.
With respects to shelling out money for better security measures, most businesses have to make compromises in this respect. Is the cost of adding firewalls, maintaining high-security systems and the necessary IT training to keep things up to date and running securely more or less than the cost of one noticable intrusion a year?
Just because you think you're capable of running such a setup doesn't automatically mean it's cheap for companies to do so. Just because they make compromises in this respect, does that mean they're incompetant or *deserving* of an attack?
And of course for those systems that *are* exposed in some fashion, it isn't uncommon for exploits to vulnerabilities to be published/brought into use by script kiddies *before* an announcement is made and fixes/workarounds made available. There are frequently windows of vulnerability for even the most competant and secure administrators and networks.
Second, we must make the assumption that if one file has been altered, -any- file on the system could have been altered. Remember, don't use tripwire, or any similar tool, as this will eat into your damage assessments
Do you honestly think that companies stating they've suffered 10M$ in damages ever actually get paid 10M$ by the attacker?
Companies have to weigh costs. There's the additional cost of implementing and maintaining something like Tripwire (which, as another poster mentioned, doesn't do crap for data) against the potential cost of a system intrusion. If your company has the funding for it, they've probably implemented a modest amount of security mechanisms (including things like Tripwire).
If your company doesn't have this funding, compromises must be made. Does that make this company irresponsible, incompetant, or "asking" to be rooted? Hell no.
For those types of companies (read: most), you HAVE to make the assumption that the system has been compromised in more than one way, with back doors in place and that the intruder has access to your internal systems as well. You need to cut off the network, locate the exploit used to break into the system, and totally re-build the OS and applications on the affected systems (probably ones even suspected of being rooted as well). Not taking these steps would be far more irresponsible of the admins than ignoring security bulletins in the first place (assuming they even did, and that if they hadn't, it would have helped them, which isn't always the case).
Remember, system restoration should be put in as overtime, so your figures for damages should reflect this.
Yep. Damages accumulate as network or web sites stay unreachable. The costs of overtime would presumably be less than the costs of staying offline. If this weren't the case, it wouldn't be worth it and it could probably wait until normal business hours. (Of course, I'd still physically disconnect the machines from the Internet during this time.)
you're still using it, so there's still a cost -somewhere- in the system.
If I get 10 free hours of tech support from a vendor, and I use all of that up as the result of an attack, you're damn right I should be compensated.
Fixing the security hole yourself is a big no-no
Apparently you're under the delusion that all corporate environments are using Linux on all of their mission-critical systems.
For those of us in the real world, we have to wait for vendor patches and upgrades, or we have to implement workarounds. Fortunately, major vendors tend to be quite helpful in emergency situations like this.
The punishment should be proportional to the amount of damaged caused. If a kid caused 100M$ of damage, he obviously can't pay 100M$ any more than he can pay 10k$, and it isn't quite fair that he serve the same prison sentence (if any) for both crimes. I think it's perfectly fair to base severity on damage.
You also have the funding factor. If you cause a huge company damage, they're probably going to unleash quite a team of lawyers upon you, unlike some non-profit web site that would barely be able to bring civil charges of its own.
You can have a perfectly competant sysadmin, one that performs his job 100% correctly, 100% accurately, and applies patches and security fixes exactly 0 seconds after they're announced and STILL BE VULNERABLE TO ATTACK.
It's not infrequent that a vulnerability will be discovered and exploited *before* it's announced on the major security mailing lists and web sites. There's also the possibility that it's announced at 3AM and the company silently rooted by 3:05AM. What are you going to do, have all your admins get paged at any hour of the day every time an e-mail comes to Bugtraq?
I won't disagree that some admins shouldn't carry the title. More often than not, a vulnerability is exploited long after it's been released, but THIS IS NOT ALWAYS THE CASE.
I really hate it when people go off bashing the administrators when they haven't necessarily done anything wrong or incompetantly at all. These guys are the victims. The script kiddies that mount these downloadable attacks are the people we need to be fighting here.
It could also be 18M people spending $1 a day on their site. $1 isn't much, and most people would be quite happy buying whatever $1 product this is from a competing site, or not at all.
The lost revenue figures are quite valid and the point still stands. Companies sue and prove these kinds of damages *very* regularly (not necessarily Internet-related either), so this is not a new concept.
I read it as, "a web site that makes the company $18M/day." If they're pulling in $18M of revenue from their web site alone, and that web site is out put of commission for a day, they will not make $18M that day. Thus, the outage cost them $18M in lost revenue.
If these things are going to be outside, take special note of the humidity note: non-condensing. If you get dew on your plants and grass early in the mornings, you'll probably end up with a wet motherboard.
"Dripping water" resistant doesn't mean crap. You can probably claim most any indoor AT case is "dripping water resistant."
Also be careful about the temperatures. Granted, if it's up 24/7 you *probably* won't have to worry about it getting too cold, but if the temperatures inside your computer case at home tend to climb to 100+ degF, just think what it'll get to sitting in the hot sun.
I haven't read anything about these, but it seems like they're more appropriate for indoor/climate-controlled industrial use, not for outdoor use.
True enough, though for the general public, it *is* a new theme. Star Trek has traditionally appealed to the same audience Asimov's work appeals to, and only through this movie is that message finally making its way to everyone (including non-Sci-Fi fans).
There were plenty of references to Asimov with respects to Data in Star Trek. The whole idea of a *positronic* brain came straight from Asimov. It kinda sounds like you want to say "Data came first" when really, the story this movie is based on is much older than Star Trek.:)
As I understood it, the robots didn't obey a set of black-and-white rules. Rather, the instructions guiding them were incredibly intricate and deeply ingrained within them. A robot may not harm a human being, but if a human orders a robot forcefully enough, a robot could probably be instructed to cause a very mild amount of pain, or to place a human being in a situation of slightly more risk of harm than the robot would otherwise permit. Likewise, a trivial instruction that a robot kill itself could probably be ignored.
In these situations, the robot would probably be under a bit of duress, but the point is that these situations tend to be represented as *potentials*, or "voltage levels", if you will. "Acceptable risk" is an acceptable synonym, in my opinion. Without this ability, I agree, robots obeying these laws would probably be useless.
A robot would theoretically be capable of a tremendous amount of observation and prediction. If a human were to run and jump out in front of a car driven by a robot, the robot would either be able to see this and prevent it, or there would be nothing he could do about it. A sufficiently advanced robot would survive either way. Since (in the Asimov world), most (all?) cars were driven by robots, and the robots could communicate between each other, it's easy to see that the act of navigating by car was relatively safe. Pedestrians alongside the road are another matter, but you're right -- a robot wouldn't do it if there was such a large chance of harming a human being. The logical conclusion is that the robots didn't see such a chance for harm, or if there were a small chance, the potential introduced by orders from the 2nd law would override the 1st law concern (but only to a point).
The article explicitely indicates it could be potentially activated by the user or by a monitoring station.
It wouldn't be very useful for doing things like tracking animals if the animals had to be the ones activating the implant, yes?
I imagine the market for this type of device in *humans* will not be realistically high compared with other uses.
How about some more discussion of the technical feasability of this idea?
So long as the transmissions were done quickly, and the base stations were dense enough in the area to search (they could be mobile), I don't see why this wouldn't necessarily work.
I don't imagine the type of coverage offered by, say, cell phone towers would be remotely capable of detecting a signal from one of these implants, so any area you want this device to function in would have to be specifically set up to do so, probably at a substantial cost.
But who knows, maybe they've developed a way of transmitting signals that would work at much greater distances than I'm tempted to believe...
Slashdot Mirror
I don't necessarily disagree that education in most cases is favorable to education, but really, it's unrealistic.
Perhaps a thousand years ago it was certainly possible for one person to learn the sum of all human knowledge. A hundred years ago one could probably be pretty fluent in most subjects, but today, it's not possible for someone to educate themselves regarding everything that affects his life.
"He should have known better," is something I tend to say pretty frequently, but only when dealing with things where common sense should have played a role. Researching drugs and their faults is something best left for specialists.
Doctors are *trained* to know what types of drugs are best for what situations, when certain drugs shouldn't be used, and what existing medical conditions could make the use of such drugs harmful, or when the risk is acceptable. Further, they may know of a drug that performs the same thing but with a different set of side effects and problems that would be preferable.
Sure, I could probably go to some medical web site, look up my symptoms, find an ailment that causes those symptoms, find a common drug treatment, and do all sorts of research on that drug to make sure there aren't any problems, but who's to say my work is complete or accurate? Perhaps that ailment wasn't really the problem, and taking that drug only exacerbated the situation and caused my untimely death?
The average person is not qualified to make these types of decisions with *controlled substances* that have harmful and fatal side effects when not used correctly or in the correct situations. Nor is the average person qualified to have enough background knowledge in medicine to even attempt a thorough amount of research into their own ailments and what drugs they should take to cure them.
This legislation only applies to companies selling *across* state boundaries (thus bringing it into the federal domain). The vast, vast majority of pharmacies sell in a physical store, so they're only subject to the individual state's laws.
What if it is sent by a private mail carrier, like DHL?
I may be wrong, but I think private carriers might possibly share some liability here. It's probably quite illegal to ship controlled drugs from one country to another (where it may be illegal in either one). If a carrier is getting lots of international orders from a shifty-looking online pharmacy, an investigation might be performed. Carriers (at least in the US), I believe, have the right to open and inspect any package you put in their custody without a warrant.
No, I don't think this law does much in the way of international pharmaceutical orders. In those cases, I would simply hope that the host country would have similar laws (and most, if not all, do) regarding what types of drugs can be sold and how those drugs are sold and transported.
Who do you think is going to be "pushed" out of the US as a result of this legislation (assuming it passes)? The legal, legitimate, quality pharmacies? Really doubtful. The burdons placed on them as a result of this legislation are probably going to be very trivial. Certainly less than the costs of moving their operation to another country. Think of it as a business license. They already have to get one sort of license (or more) for the state they're doing business. What's one more?
So who's left? The illegal pharmacies, for one. Oh damn. Guess they'll have to move their illegal drug operation to another country, or maybe they can just try to hide their web site a little better. Then there's the pharmacies that don't seem to have any sort of quality control. If a pharmacy is consistently mis-filling prescriptions and acting really negligently, I would expect the FDA would pull their license. So I suppose there's a possibility there that they would move to another country. Again, good riddance.
If I'm ordering a prescription from an online pharmacy in the US, I would take much comfort in the fact that we had an oversight body in place licensing and monitoring these pharmacies.
If your entire business consists of 2 72" racks in a datacenter, and a local sysadmin, it's pretty easy to move your company to any country about as fast as you can propagate a DNS change.
Apparently you're forgetting the nature of the business. Pharmacies require taking in stock of drugs, filling personalized prescriptions for specific dosages of those drugs, and shipping them out. We don't care where the web site is; we care where they're doing their business. It takes a bit more effort to move this type of operation to another country than simply relocating data and making a DNS change.
Most countries have their own import/export laws with respects to controlled drugs. If it were so easy to get these things shipped out via standard mail, why aren't more people sending heroin, cocaine and marijuana via the USPS?
Think about it. Somebody else already has.
I don't think this legislation has anything to do with international orders.
Of course I'd have to actually read it or have someone give a better summary than what was provided in the article, but it seems to only apply to domestic pharmacies.
It would be kind of hard to require every 'Net pharmacy in the world to get a US license, and if they didn't comply, how is the US going to enforce a fine or penalty?
Agreed, but another important provision in this law is the power of the FDA to investigate the quality and set standards for online pharmacies. If an online pharmacy consistently mis-fills 10% of its drugs, or skimps out on a few pills out of each prescription, the FDA could then pull the pharmacy's license until they shape up. If the pharmacy continues to operate, the fines are quite severe.
This also makes investigating online pharmacies the explicit responsibility of the FDA. Without this legislation, that responsibility is ambiguous, and would generally require a state or a person to file a lawsuit.
Letting any Joe Bloe in the country pick up whatever prescription drugs he wants is not only stupid, it's negligent. The article states that the legislation is aimed at curbing illegal sales of prescription drugs. What better way to sell something illegally than over the Internet? The legislation only gives the FDA power to verify the quality of online pharmacies and to ensure that they are getting the required authorization before filling any orders for prescription drugs.
With respects to the whole concept of prescribing drugs, the average citizen is an idiot. This is why we have smart people who are licensed to make certain decisions for us, like doctors. If you have a medical problem that can be treated with prescription drugs, you have to get a doctor to make that diagnosis and decision. The doctor writes out a prescription, so that the pharmacy knows you've gotten a doctor's consent before they go handing out potentially lethal drugs. Would you really rather live in a country where anyone can buy any sort of drug and use it as he desires? What happens when that drug, or perhaps a certain mixture, causes sterility? Heart failure? Death? "Oh shucks, he should have known better." ? There are perfectly sane, legitimate reasons we license and prescribe drugs in this country.
The thing is, they can't really guarantee it. They can "guarantee" that their program is written correctly and will produce the correct results, but they have to work under the assumption that the operating system itself is working correctly.
We all remember the Pentium math errors of quite a while back. Who's to say that the OS will fail to add numbers correctly in a certain situation? What if you run their program under a heavily hacked copy of 'wine' and it ends up spitting out negative numbers erroneously? No software manufacturer can guarantee against these types of unknowns, so no software maker will guarantee that their product functions correctly.
The law with respects to software makes little distinction. The only thing software has over text is that the owner of a copy may make another copy for archival purposes.
So, given that software is treated basically the same, here's what the law has to say about derivative works, among other things (title 17, chapter 1, 103b):Thus, he still owns the copyright on his work, but he cannot redistribute the whole work (the program) unless he licenses his own code under the GPL.
If he refuses to acknowledge or abide by the GPL, he has *no* rights to redistribute the rest of the work at all, as it remains copyrighted. He can certainly release his own code, under his own license, but he can't do so as part of the program.
No offense to you, but I'd really rather hear a professional legal opinion about all of this if there really is something contestable about the GPL, and not some rantings about the evil FSF with some occasional legal jargon from an anonymous poster.
Something like this though, the requirement to redistribute or otherwise make available the source code to your GPL'ed-base work, is the very heart of the GPL license.
Are you saying that if they were to violate this provision and not cooperate by coming into compliance, that they should be continued to be allowed to re-distribute the software? Perhaps I misspoke when I said they can lose "all" of their rights. At a minimum, I would expect that I could be able to revoke a person's right to redistribute my copyrighted work if they fail to uphold their end of my license. THIS has got to be supported by legal precedent in some fashion. The authors of this software have collectively said, "OK, we're letting people redistribute our copyrighted software so long as they comply with the terms of the GPL license."
So the only thing left would be the possibility that a portion of the GPL would be striked out as unreasonable. Could this source code requirement be classified as 'unreasonable'? I don't think it can, and I don't really see how this can't be supported by law or precedent. Unless you are referring to the fact that the GPL has never been tried in court...?
If they're actually in violation of the GPL, they can lose *all* of their rights with respects to the GPL'ed software.
Copyrighted works by default give people NO license to copy, redistribute or modify the work. The GPL explicitely grants this right so long as the user works within the bounds of the license. Once they violate the license, they lose all redistribution rights to the software, which would kinda put them out of business instantly.
I'm not sure if you mean have the IRS write the software, or just make a common set of "data files" available with whatever variations in taxes from year to year represented. If you want them to spend your tax money developing software, you're still paying for it one way or the other.
Personally, I'd rather get my tax software from a company motivated by profit. Things tend to be done a lot better than when we ask the government to do it for us.
Any "good" intruder can do a lot to cover his tracks, but all it takes is an admin watching network packets with the ISP of the source on the phone.
There's always a trail. It all boils down to who has the resources and time to follow it.
It amuses me how many l33t hax0r IRK kiddies there are that think they're indestructible, that the only kids that are ever caught are the ones they show on TV, that they'll never be discovered or prosecuted. And when the FBI raids their house and their parents are stuck losing their home and his college tuition money paying for damages, guess who's out there laughing his ass off.
It's an ILLEGAL INTRUSION.
If you want to break into systems to learn how security works, be able to examine code, etc., GO TO COLLEGE. Most universities have some very EXCELLENT network security courses where the students do precisely this, and have access to all sorts of very interesting hardware. Do not use my systems for your stupid games or "education", whatever it is you want to call it. How am I supposed to know you didn't touch anything vital? If you break into a bank vault just to "learn", and the cops come to your house the next morning, do you think they're going to care or believe you if you said, "But I didn't take any money!"
And just because a system isn't 100% impenetrable to your l33t hax0r skilLZ does not necessarily mean the admin is remotely incompetant. What if the exploit was made available before an announcement/fix/workaround was made? What if both were released at 3AM? Is the admin incompetant because his pager isn't set to wake him up every time an e-mail message is posted to Bugtraq? Is the company *deserving* of an attack just because they don't spend 80% of their meager revenue on network security?
If you break into my system illegally, REGARDLESS of your intentions, I will prosecute you and you will go to jail. Period.
You're right, it does sound like script kiddies. Script kiddies are who are responsible for 99% of the publicized "cracks" and web site defacements, so it's only natural to mention them.
With respects to shelling out money for better security measures, most businesses have to make compromises in this respect. Is the cost of adding firewalls, maintaining high-security systems and the necessary IT training to keep things up to date and running securely more or less than the cost of one noticable intrusion a year?
Just because you think you're capable of running such a setup doesn't automatically mean it's cheap for companies to do so. Just because they make compromises in this respect, does that mean they're incompetant or *deserving* of an attack?
And of course for those systems that *are* exposed in some fashion, it isn't uncommon for exploits to vulnerabilities to be published/brought into use by script kiddies *before* an announcement is made and fixes/workarounds made available. There are frequently windows of vulnerability for even the most competant and secure administrators and networks.
Second, we must make the assumption that if one file has been altered, -any- file on the system could have been altered. Remember, don't use tripwire, or any similar tool, as this will eat into your damage assessments
Do you honestly think that companies stating they've suffered 10M$ in damages ever actually get paid 10M$ by the attacker?
Companies have to weigh costs. There's the additional cost of implementing and maintaining something like Tripwire (which, as another poster mentioned, doesn't do crap for data) against the potential cost of a system intrusion. If your company has the funding for it, they've probably implemented a modest amount of security mechanisms (including things like Tripwire).
If your company doesn't have this funding, compromises must be made. Does that make this company irresponsible, incompetant, or "asking" to be rooted? Hell no.
For those types of companies (read: most), you HAVE to make the assumption that the system has been compromised in more than one way, with back doors in place and that the intruder has access to your internal systems as well. You need to cut off the network, locate the exploit used to break into the system, and totally re-build the OS and applications on the affected systems (probably ones even suspected of being rooted as well). Not taking these steps would be far more irresponsible of the admins than ignoring security bulletins in the first place (assuming they even did, and that if they hadn't, it would have helped them, which isn't always the case).
Remember, system restoration should be put in as overtime, so your figures for damages should reflect this.
Yep. Damages accumulate as network or web sites stay unreachable. The costs of overtime would presumably be less than the costs of staying offline. If this weren't the case, it wouldn't be worth it and it could probably wait until normal business hours. (Of course, I'd still physically disconnect the machines from the Internet during this time.)
you're still using it, so there's still a cost -somewhere- in the system.
If I get 10 free hours of tech support from a vendor, and I use all of that up as the result of an attack, you're damn right I should be compensated.
Fixing the security hole yourself is a big no-no
Apparently you're under the delusion that all corporate environments are using Linux on all of their mission-critical systems.
For those of us in the real world, we have to wait for vendor patches and upgrades, or we have to implement workarounds. Fortunately, major vendors tend to be quite helpful in emergency situations like this.
The punishment should be proportional to the amount of damaged caused. If a kid caused 100M$ of damage, he obviously can't pay 100M$ any more than he can pay 10k$, and it isn't quite fair that he serve the same prison sentence (if any) for both crimes. I think it's perfectly fair to base severity on damage.
You also have the funding factor. If you cause a huge company damage, they're probably going to unleash quite a team of lawyers upon you, unlike some non-profit web site that would barely be able to bring civil charges of its own.
But what can I expect from an AC.
You can have a perfectly competant sysadmin, one that performs his job 100% correctly, 100% accurately, and applies patches and security fixes exactly 0 seconds after they're announced and STILL BE VULNERABLE TO ATTACK.
It's not infrequent that a vulnerability will be discovered and exploited *before* it's announced on the major security mailing lists and web sites. There's also the possibility that it's announced at 3AM and the company silently rooted by 3:05AM. What are you going to do, have all your admins get paged at any hour of the day every time an e-mail comes to Bugtraq?
I won't disagree that some admins shouldn't carry the title. More often than not, a vulnerability is exploited long after it's been released, but THIS IS NOT ALWAYS THE CASE.
I really hate it when people go off bashing the administrators when they haven't necessarily done anything wrong or incompetantly at all. These guys are the victims. The script kiddies that mount these downloadable attacks are the people we need to be fighting here.
It could also be 18M people spending $1 a day on their site. $1 isn't much, and most people would be quite happy buying whatever $1 product this is from a competing site, or not at all.
The lost revenue figures are quite valid and the point still stands. Companies sue and prove these kinds of damages *very* regularly (not necessarily Internet-related either), so this is not a new concept.
I read it as, "a web site that makes the company $18M/day." If they're pulling in $18M of revenue from their web site alone, and that web site is out put of commission for a day, they will not make $18M that day. Thus, the outage cost them $18M in lost revenue.
If these things are going to be outside, take special note of the humidity note: non-condensing. If you get dew on your plants and grass early in the mornings, you'll probably end up with a wet motherboard.
"Dripping water" resistant doesn't mean crap. You can probably claim most any indoor AT case is "dripping water resistant."
Also be careful about the temperatures. Granted, if it's up 24/7 you *probably* won't have to worry about it getting too cold, but if the temperatures inside your computer case at home tend to climb to 100+ degF, just think what it'll get to sitting in the hot sun.
I haven't read anything about these, but it seems like they're more appropriate for indoor/climate-controlled industrial use, not for outdoor use.
True enough, though for the general public, it *is* a new theme. Star Trek has traditionally appealed to the same audience Asimov's work appeals to, and only through this movie is that message finally making its way to everyone (including non-Sci-Fi fans).
There were plenty of references to Asimov with respects to Data in Star Trek. The whole idea of a *positronic* brain came straight from Asimov. It kinda sounds like you want to say "Data came first" when really, the story this movie is based on is much older than Star Trek. :)
As I understood it, the robots didn't obey a set of black-and-white rules. Rather, the instructions guiding them were incredibly intricate and deeply ingrained within them. A robot may not harm a human being, but if a human orders a robot forcefully enough, a robot could probably be instructed to cause a very mild amount of pain, or to place a human being in a situation of slightly more risk of harm than the robot would otherwise permit. Likewise, a trivial instruction that a robot kill itself could probably be ignored.
In these situations, the robot would probably be under a bit of duress, but the point is that these situations tend to be represented as *potentials*, or "voltage levels", if you will. "Acceptable risk" is an acceptable synonym, in my opinion. Without this ability, I agree, robots obeying these laws would probably be useless.
A robot would theoretically be capable of a tremendous amount of observation and prediction. If a human were to run and jump out in front of a car driven by a robot, the robot would either be able to see this and prevent it, or there would be nothing he could do about it. A sufficiently advanced robot would survive either way. Since (in the Asimov world), most (all?) cars were driven by robots, and the robots could communicate between each other, it's easy to see that the act of navigating by car was relatively safe. Pedestrians alongside the road are another matter, but you're right -- a robot wouldn't do it if there was such a large chance of harming a human being. The logical conclusion is that the robots didn't see such a chance for harm, or if there were a small chance, the potential introduced by orders from the 2nd law would override the 1st law concern (but only to a point).
this device must be triggered by the user
The article explicitely indicates it could be potentially activated by the user or by a monitoring station.
It wouldn't be very useful for doing things like tracking animals if the animals had to be the ones activating the implant, yes?
I imagine the market for this type of device in *humans* will not be realistically high compared with other uses.
How about some more discussion of the technical feasability of this idea?
So long as the transmissions were done quickly, and the base stations were dense enough in the area to search (they could be mobile), I don't see why this wouldn't necessarily work.
I don't imagine the type of coverage offered by, say, cell phone towers would be remotely capable of detecting a signal from one of these implants, so any area you want this device to function in would have to be specifically set up to do so, probably at a substantial cost.
But who knows, maybe they've developed a way of transmitting signals that would work at much greater distances than I'm tempted to believe...