It seems that steps could have been taken to have prevented a full out shut-down of everything.
I think this is called getting their attention. Once the government is focused on the problem (forcibly, as it were) then real solutions can be explored. As a short-term attention-getter, you can't beat something like this.
What I don't understand is why these teachers don't simply quit, instead of going to jail.
Teachers might be ordered back to work, but "Sorry, judge, I resigned five minutes before I arrived here in court. I'm not a teacher any more so your order doesn't apply to me."
I suspect this would be just as effective, if not more effective, than their current job action. Sooner or later, the school board will want to hire them back, just as sooner or later they will be let out of jail.
Resign just before going to court, then go home and wait for the call from the school board asking you to return to your job.
Do you need a different license to be a geek in a different state?
If you're a professional engineeer, you probably do. I'm in Canada, and a Professional Engineer (P.Eng) must be registered with the provincial Professional Enginners association before he can use the P.Eng title or do professional engineering work.
The difference between Harry Potter and a computer game is simply that with Harry Potter, the text is the product. Period. Whether that text is read on a computer screen, off of a sheet of paper or off of microfilm, the text is the product that is being sold.
In the case of a computer game, the product is the game, which includes the text, the gameplay, the graphics, music, sound effects, what-have-you.
In the case of someone "ripping off" Harry Potter, the "ripped-off" product would be the complete text of the book, and that's what the publisher is trying to sell. In the case of Civ3, a patch to change the language to something else is nowhere near to being the entire product. In fact, it could be argued that the actual wording of the text is not really part of the game at all - for an example of this, does the fact that a football referee calls a game penalty in Spanish make the penalty any different than if he called it in English or used sign language? The language is not the game. Since it's the game that this outfit wants to sell (though they have a funny way of promoting it, I must say) a language patch is not a violation of "their property".
Which brings up an interesting point. If I am paying my money for "their property", then why can't I do what I want to with it? If I pay money for any other kind of property I'm allowed to do what I choose with the product that I've purchased. Computers are about the only industry where the business revolves around "You pay for my product but I still own it."
The only way you'll ever be sure is if you write your own
Or get the source code for an existing cryptographic application and audit it. A good programmer and a good mathematician working together could probably produce a reasonably trustworthy audit of the cryptographic functions in a given application.
Of course, this requires that the source code be availble for inspection and that the code can be compiled for actual use in the production environment. It's pointless to audit source code that is then carried off and you are subsequently handed a binary-only application "supposedly" based on the audited code.
Even if there's a hole - the relative breadth of the knowledge is going to be limited until a public release
Which all sounds very nice, right up until you're the poor sap who got his box r00ted by one of the "limited" hackers.
Step right up, folks, and get your lottery ticket here!
I'd rather know about a hole and deal with it, even if I have to shut a server off or take other drastic action, than discover that someone has been r00ting around in my stuff for the past week/month/what-have-you. "But the information was limited." Sure. Limited to the guy who's even now playing Pong using your server resources.
The mass majority of criminals are going to use the OS used by the mass majority of consumers.
The vast majority of criminals are, indeed, not very bright. I sincerely believe that's because if they were indeed smart, they would find a better way to make a living than through crime and so on.
For proof, attend court someday and watch the carry-on. It's amazing. "The perpetrator left his wallet on the table when he tipped the stripper just before he held up the nightclub. We identified him using his drivers license." And it goes on and on. Crime, by and large, is committed on the spur-of-the-moment and against a target of opportunity; in other words, it doesn't involve a lot of advance planning, no matter what the movies say.
Therefore, your statement is correct in that the majority of computer-using criminals will be using Windows, just because it's there. However, I suspect that the real "career criminals" like the Mafia and such will have people around to advise them on computer and communication matters and those guys will likely be beyond the reach of this Magic Lantern stuff.
Which actually takes the point away, doesn't it. Those are the guys that the FBI will want to get using this technology because they can't get them any other way (or so the story goes). However, they will be the only criminals (generally) who will have the know-how (or people "on staff" with the know-how) to circumvent the methods used.
I live in a town of 5000 people, in Saskatchewan Canada. I have DSL Internet service from the friendly telephone company (government-owned, by the way) for $45 Canadian (which is about US$25 or so, I guess) per month.
Patent offices are supposed to analyse the validility of the patent application and ensure that no prior art exist (which according to many post further down there is prior art), and that its not a trivial patent.
Apparently the USPTO doesn't see that as their job. I recall reading an article a while ago (probably linked from Slashdot, in fact) where some patent supervisor-type stated that any "bad" patents could be appealed to the courts and so on, so they (the patent office) weren't too concerned about that and don't see it as a problem.
No-one with any sense naively accepts selling price as a true measure of worth.
Who says people have sense?
True story: I was in the electronic gizmo section of a department store a few weeks ago looking for a set of headphones. There was an early-20's couple standing a bit further down the aisle from me looking at the mini-stereo systems. I heard the girl say to the guy, "Hey, maybe we should get this one. It has lots of lights on it."
You'd be surprised what adds value to something in the minds of some people.
If I earn $100 this year, and donate $10, then I pay income tax on $90 at the end of the year.
Depending on taxation levels and so on, I can sometimes end up with more money in my pocket by "giving away" $10 and paying tax on $90, than I would have if I kept all of my money and paid tax on $100.
Maybe if McAfee understands how stupid this is, they'll change their minds
And when McAfee says, "Oh, sorry guys, we've learned our lesson and won't do that" how do you know that they are telling you the truth? The joy of closed-source software. "Of course we would never do something like that! Ignore the man behind the curtain."
just look for strange TCP connections to the 205.229.233.0/24(FBI) Netblock
Somehow I don't think so. When the police are running an undercover "sting", do they give the suspect the phone number of the local precinct to use as a contact number?
It is more likely that they would have the data sent out to an innocuous-appearing network address.
Therefore if I wish to use a non-US product, I have to accept a lesser level of quality and/or support.
Not for long.
This should create a huge opportunity for a non-US software company to build up one helluva business developing, selling and supporting "the one true virus checker".
I'm wondering how long it will be before some enterprising soul catches a copy of the lantern, analyzes it for a.sig, and then tells the (under)world how to add it to the McA virus list by hand?
Probably the first time that the said "enterprising soul" gets put under the FBI microscope and has the FBI trojan/virus/whatever uploaded to his computer. When the lights flash and the alarms go off (smart enterprising soul) then said soul says, "Ba-da-bing!" and rips 'er apart, writes a report, and publishes it in Bad Guy News.
One would have to put some humor into the translations.
Tough to prove, there. If humour is a required element, how would a court define humour? Some stuff is obviously humourous (Marx Bros, Jerry Lewis, Jim Carrey, etc) while other things are not so cut-and-dried.
The problem here seems to be that the text those guys are distributing is (c) Infogrames.
It is?
You meet someone and say "Hello, sir. How are you today?" and I hear you say that. I think that's a pretty good phrase, so when I next meet someone I say, "Howdy, dood! Howzit hangin, my man?" am I infringing on your copyright to the phrase you uttered initially?
Some printers don't have any built-in character set and can even depend on the software driver to provide ALL of the functionality that you would expect in a printer. For example, some of the Brother laser printers work only with their Windows drivers because they aren't actually a "printer" in the normal sense of the word. Kind of like a win-modem, but with paper instead of a phone line. I guess that when you purchase those printers you get the hardware, but most of what you would expect to be in the firmware is actually software.
getting something like this done in 2 weeks isn't bad for a large corporation
But THIS is security! To take a real-world example, if you break into a bank at night and start carrying out the cash, the security guards don't have to stop and ask their supervisor to wait for the next board meeting (in three weeks) to obtain permission to apprehend the criminals.
There's no room for bureaucratic bullshit in matters of security. You set a policy that affords the maximum protection to your customers, and follow that. No ad-hoc decision-making required. If there's a possible exploit, test it NOW and report NOW and release an advisory RIGHT NOW. Period. Just like apprehending the criminals on the way out of the bank. "Halt! You're under arrest!"
"We are obviously not going to
respond instantly--we have to sieve the wheat from the chaff to determine how reliable the vulnerability warning is," said Neil Laver, Windows product marketing manager for Microsoft. "Until we can investigate the issue, we are not going to issue a bulletin, as that would create a crying wolf situation."
can anyone argue with this?
I can. It doesn't take a week to recreate an exploit like this and say, "OH shit!" br>Microsoft is a large enough company to have someone on the job whose exclusive responsibility is to read incoming exploit reports and IMMEDIATELY test the described method. Immediately after that (ten minutes after the report arrived, if they have a bunch of configured machines immediately available - again, MS is big enough to afford this) they can say, "Report verified. Issue a bulletin and get the engineers on the job fixing that bug."
In the case of a major (or any) exploit, there is no excuse for a large outfit like MS to require more than an hour or two to verify that a problem exists. Actually fixing it will probably take longer, but the fact that the expolit exists should be immediately published so those running the affected software can decide if they want to take their servers off-line or take some kind of self-protective action.
Two years ago, I walked out the door of my business one day at noon and discovered that a roofing contractor had strung a cord across the vacant lot beside my building and had plugged into an outside electrical outlet on the rear of my building. He was using my power to run his roof-tar machine.
I immediately turned around and went back inside and turned off the circuit breaker for that outlet. After a while, though, I thought, "Hey, where does he get off plugging in without permission!" As the fax number for his company was printed on the door of his truck, I wrote up an invoice for one "asshole fee" at $50 plus $3.50 sales tax, and faxed it to his company.
To my surprise, the following week I had a cheque in the mail from them, for $53.50. The payment stub that came with it said, payment enclosed for asshole fee, $50 plus sales tax.
I was amazed. On the other hand, I hotfooted it right to the bank and deposited the cheque, too!
Slashdot Mirror
It seems that steps could have been taken to have prevented a full out shut-down of everything.
I think this is called getting their attention. Once the government is focused on the problem (forcibly, as it were) then real solutions can be explored. As a short-term attention-getter, you can't beat something like this.
if this were my money/info, I'd sure be upset...
Well, it is your money. Your tax dollar at work and all that.
So you can start getting upset now.
you might end up in the clink.
What I don't understand is why these teachers don't simply quit, instead of going to jail.
Teachers might be ordered back to work, but "Sorry, judge, I resigned five minutes before I arrived here in court. I'm not a teacher any more so your order doesn't apply to me."
I suspect this would be just as effective, if not more effective, than their current job action. Sooner or later, the school board will want to hire them back, just as sooner or later they will be let out of jail.
Resign just before going to court, then go home and wait for the call from the school board asking you to return to your job.
Simple, and it beats sitting in jail.
Do you need a different license to be a geek in a different state?
If you're a professional engineeer, you probably do. I'm in Canada, and a Professional Engineer (P.Eng) must be registered with the provincial Professional Enginners association before he can use the P.Eng title or do professional engineering work.
I disagree.
The difference between Harry Potter and a computer game is simply that with Harry Potter, the text is the product. Period. Whether that text is read on a computer screen, off of a sheet of paper or off of microfilm, the text is the product that is being sold.
In the case of a computer game, the product is the game, which includes the text, the gameplay, the graphics, music, sound effects, what-have-you.
In the case of someone "ripping off" Harry Potter, the "ripped-off" product would be the complete text of the book, and that's what the publisher is trying to sell. In the case of Civ3, a patch to change the language to something else is nowhere near to being the entire product. In fact, it could be argued that the actual wording of the text is not really part of the game at all - for an example of this, does the fact that a football referee calls a game penalty in Spanish make the penalty any different than if he called it in English or used sign language? The language is not the game. Since it's the game that this outfit wants to sell (though they have a funny way of promoting it, I must say) a language patch is not a violation of "their property".
Which brings up an interesting point. If I am paying my money for "their property", then why can't I do what I want to with it? If I pay money for any other kind of property I'm allowed to do what I choose with the product that I've purchased. Computers are about the only industry where the business revolves around "You pay for my product but I still own it."
The only way you'll ever be sure is if you write your own
Or get the source code for an existing cryptographic application and audit it. A good programmer and a good mathematician working together could probably produce a reasonably trustworthy audit of the cryptographic functions in a given application.
Of course, this requires that the source code be availble for inspection and that the code can be compiled for actual use in the production environment. It's pointless to audit source code that is then carried off and you are subsequently handed a binary-only application "supposedly" based on the audited code.
Even if there's a hole - the relative breadth of the knowledge is going to be limited until a public release
Which all sounds very nice, right up until you're the poor sap who got his box r00ted by one of the "limited" hackers.
Step right up, folks, and get your lottery ticket here!
I'd rather know about a hole and deal with it, even if I have to shut a server off or take other drastic action, than discover that someone has been r00ting around in my stuff for the past week/month/what-have-you. "But the information was limited." Sure. Limited to the guy who's even now playing Pong using your server resources.
The mass majority of criminals are going to use the OS used by the mass majority of consumers.
The vast majority of criminals are, indeed, not very bright. I sincerely believe that's because if they were indeed smart, they would find a better way to make a living than through crime and so on.
For proof, attend court someday and watch the carry-on. It's amazing. "The perpetrator left his wallet on the table when he tipped the stripper just before he held up the nightclub. We identified him using his drivers license." And it goes on and on. Crime, by and large, is committed on the spur-of-the-moment and against a target of opportunity; in other words, it doesn't involve a lot of advance planning, no matter what the movies say.
Therefore, your statement is correct in that the majority of computer-using criminals will be using Windows, just because it's there. However, I suspect that the real "career criminals" like the Mafia and such will have people around to advise them on computer and communication matters and those guys will likely be beyond the reach of this Magic Lantern stuff.
Which actually takes the point away, doesn't it. Those are the guys that the FBI will want to get using this technology because they can't get them any other way (or so the story goes). However, they will be the only criminals (generally) who will have the know-how (or people "on staff" with the know-how) to circumvent the methods used.
The word that you're missing here is business opportunity.
The folks who write this stuff are going to say, "Hey, we can advertise that we sell the only COMPLETE virus detection gear", and they'll be right.
Super Duper Virus Detector, send your visa number to Helsinki Software Products, Finland.
Or whatever.
If nobody is making superior (for lack of a better word) AV software in a non-US location now, I don't think it will be long before they start!
Amazing.
I live in a town of 5000 people, in Saskatchewan Canada. I have DSL Internet service from the friendly telephone company (government-owned, by the way) for $45 Canadian (which is about US$25 or so, I guess) per month.
Patent offices are supposed to analyse the validility of the patent application and ensure that no prior art exist (which according to many post further down there is prior art), and that its not a trivial patent.
Apparently the USPTO doesn't see that as their job. I recall reading an article a while ago (probably linked from Slashdot, in fact) where some patent supervisor-type stated that any "bad" patents could be appealed to the courts and so on, so they (the patent office) weren't too concerned about that and don't see it as a problem.
Sometimes you just gotta shake your head....
IIRC, Apple first employed Hyperlinking commercially on the Mac well over a decade ago.
The article says that the patent was filed for in 1976! That's well over your "decade ago", unfortunately.
No-one with any sense naively accepts selling price as a true measure of worth.
Who says people have sense?
True story: I was in the electronic gizmo section of a department store a few weeks ago looking for a set of headphones. There was an early-20's couple standing a bit further down the aisle from me looking at the mini-stereo systems. I heard the girl say to the guy, "Hey, maybe we should get this one. It has lots of lights on it."
You'd be surprised what adds value to something in the minds of some people.
Actually a donation is a tax-saving device.
If I earn $100 this year, and donate $10, then I pay income tax on $90 at the end of the year.
Depending on taxation levels and so on, I can sometimes end up with more money in my pocket by "giving away" $10 and paying tax on $90, than I would have if I kept all of my money and paid tax on $100.
That's how a lot of corporate donations work.
Maybe if McAfee understands how stupid this is, they'll change their minds
And when McAfee says, "Oh, sorry guys, we've learned our lesson and won't do that" how do you know that they are telling you the truth? The joy of closed-source software. "Of course we would never do something like that! Ignore the man behind the curtain."
just look for strange TCP connections to the 205.229.233.0/24(FBI) Netblock
Somehow I don't think so. When the police are running an undercover "sting", do they give the suspect the phone number of the local precinct to use as a contact number?
It is more likely that they would have the data sent out to an innocuous-appearing network address.
Therefore if I wish to use a non-US product, I have to accept a lesser level of quality and/or support.
Not for long.
This should create a huge opportunity for a non-US software company to build up one helluva business developing, selling and supporting "the one true virus checker".
I'm wondering how long it will be before some enterprising soul catches a copy of the lantern, analyzes it for a .sig, and then tells the (under)world how to add it to the McA virus list by hand?
Probably the first time that the said "enterprising soul" gets put under the FBI microscope and has the FBI trojan/virus/whatever uploaded to his computer. When the lights flash and the alarms go off (smart enterprising soul) then said soul says, "Ba-da-bing!" and rips 'er apart, writes a report, and publishes it in Bad Guy News.
One would have to put some humor into the translations.
Tough to prove, there. If humour is a required element, how would a court define humour? Some stuff is obviously humourous (Marx Bros, Jerry Lewis, Jim Carrey, etc) while other things are not so cut-and-dried.
The problem here seems to be that the text those guys are distributing is (c) Infogrames.
It is?
You meet someone and say "Hello, sir. How are you today?" and I hear you say that. I think that's a pretty good phrase, so when I next meet someone I say, "Howdy, dood! Howzit hangin, my man?" am I infringing on your copyright to the phrase you uttered initially?
Same meaning, different words.
Some printers don't have any built-in character set and can even depend on the software driver to provide ALL of the functionality that you would expect in a printer. For example, some of the Brother laser printers work only with their Windows drivers because they aren't actually a "printer" in the normal sense of the word. Kind of like a win-modem, but with paper instead of a phone line. I guess that when you purchase those printers you get the hardware, but most of what you would expect to be in the firmware is actually software.
How's that for jargon!
getting something like this done in 2 weeks isn't bad for a large corporation
But THIS is security! To take a real-world example, if you break into a bank at night and start carrying out the cash, the security guards don't have to stop and ask their supervisor to wait for the next board meeting (in three weeks) to obtain permission to apprehend the criminals.
There's no room for bureaucratic bullshit in matters of security. You set a policy that affords the maximum protection to your customers, and follow that. No ad-hoc decision-making required. If there's a possible exploit, test it NOW and report NOW and release an advisory RIGHT NOW. Period. Just like apprehending the criminals on the way out of the bank. "Halt! You're under arrest!"
"We are obviously not going to
respond instantly--we have to sieve the wheat from the chaff to determine how reliable the vulnerability warning is," said Neil Laver, Windows product marketing manager for Microsoft. "Until we can investigate the issue, we are not going to issue a bulletin, as that would create a crying wolf situation."
can anyone argue with this?
I can. It doesn't take a week to recreate an exploit like this and say, "OH shit!"
br>Microsoft is a large enough company to have someone on the job whose exclusive responsibility is to read incoming exploit reports and IMMEDIATELY test the described method. Immediately after that (ten minutes after the report arrived, if they have a bunch of configured machines immediately available - again, MS is big enough to afford this) they can say, "Report verified. Issue a bulletin and get the engineers on the job fixing that bug."
In the case of a major (or any) exploit, there is no excuse for a large outfit like MS to require more than an hour or two to verify that a problem exists. Actually fixing it will probably take longer, but the fact that the expolit exists should be immediately published so those running the affected software can decide if they want to take their servers off-line or take some kind of self-protective action.
Two years ago, I walked out the door of my business one day at noon and discovered that a roofing contractor had strung a cord across the vacant lot beside my building and had plugged into an outside electrical outlet on the rear of my building. He was using my power to run his roof-tar machine.
I immediately turned around and went back inside and turned off the circuit breaker for that outlet. After a while, though, I thought, "Hey, where does he get off plugging in without permission!" As the fax number for his company was printed on the door of his truck, I wrote up an invoice for one "asshole fee" at $50 plus $3.50 sales tax, and faxed it to his company.
To my surprise, the following week I had a cheque in the mail from them, for $53.50. The payment stub that came with it said, payment enclosed for asshole fee, $50 plus sales tax.
I was amazed. On the other hand, I hotfooted it right to the bank and deposited the cheque, too!
Then any X86 Linux games should hopefully work.
Kewl! A cheap Mame box. (http://www.mame.net)
I might even purchase one if someone can get that going.