Ok, so you've found paragraph 3(a), how about 3(b), and 3(c)... hmm?
There are options. Providing the source with the binary is one option. Option B is distributing an offer to send the source separately. Option C is only available to people to are 1) distributing binaries and 2) received said binaries from someone who used option B, and basically guarantees the propagation of the offer.
Note that in all three cases, the source is made available to the person who received the binaries and the source need not be made available to people who did not receive the binaries. The fact that source is generally distributed to anyone, regardless of their possession of binaries, is only a convention.
nowhere does it state that the source code must be distributed with the binaries.
I beg to differ:
"3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)"
The folks here at the Fortune 500 company I work for who have been working around the clock since Wednesday trying to clean up this mess will be real happy to hear that you don't believe it exists.
Folks at your Fortune 500 company will also be real happy to hear that they can get, for free in many cases, a webserver and operating system that are significantly less susceptible to this sort of thing, especially since updated packages which fix this type of hole can be installed near-automatically generally within a day of discovering the vulnerability, and support for this platform is available from any one (or several, if they like) of thousands of people and companies around the world. They don't even have to buy new hardware, it will run on their existing systems.
It really caught my eye where they claimed 110 million Hotmail accounts. I wonder... if Hotmail implemented an activity percentile (a la Sourceforge) how many of those 110 million would fall into the bottom %1?... the bottom %0.5?
Re:Oh for goodness sakes!
on
Case Tweaking
·
· Score: 2, Informative
Here's how (I could tell you how I know this, but I'd have to kill you):
1) Obtain a floppy disk
2) Carefully disassemble the disk
3) Obtain several matches
4) Carefully remove the sulfur compound from the matchheads and collect
5) Apply a very thin layer of Elmer's glue to the floppy disk media (it may help to add a small amount of water to the glue)
6) Liberally dust the media with sulfur compound
7) Let dry
8) Reassemble disk
Now this disk is ready to make flames shoot out of the floppy drive. Just insert and access.
DISCLAIMER: If you try this, you are an idiot and the consequences of doing so are entirely your fault
We said it was free of VIRUSES, we never said it was free of worms.
This is correct, but some definitions are in order.
A virus is not a program. It is a piece of code which spreads by inserting itself into programs. The inserted copies execute when someone runs the infected program. Essentially, what this means is that a virus exploits weak filesystem security. These are generally not such a big deal on Linux and Unix in general because Unix-like operating systems have strong filesystem security, and the only program files that a user can infect are the ones owned by that user. Stuff installed "on the system" (as opposed to in a user's home directory) is not owned by any of the regular users, but rather by an administrative account, often root. Note that if you are logged in as root, and you happen to run a virus infected binary, you will have a major system-wide virus infection. For this (and other) reasons, the person with the root password is supposed to be intelligent about such things.
A worm is a program that spreads by copying itself from place to place and then causing the copies to execute. This essentially means that worms spread by exploiting just about any sort of bug. The Code Red, SirCam, and some other major auto-exploits of the last few years have been misidentified as virii, when in fact they are worms. Linux and Unix are susceptible to worms because the majority of worms spread via bugs in programs, and it is a well-understood fact that the occassional bug is inevitable, no matter how vigilant the coder.
A third variety of exploit is the aptly named trojan horse. A trojan horse spreads by misrepresenting itself to a naive user, and duping the user into running it. The LoveBug and AnnaKournikova email "virii" are actually examples of trojan horses. Linux and Unix are somewhat susceptible to trojan horses, but they are by and large also blocked by the same strong filesystem security and intelligent system administrator that blocks virii.
NOBODY is required to be immunized against anything by the government. School districts require it, yes. But there are people out there who have NOT been vaccinated for various "standard-vaccination" type diseases
Ahem... you could be talking about any one of hundreds of governments in this world and the person you responded to could be talking about any one of the other governments. I was required by the government of Australia to get certain vaccinations (I forget which) before visiting the country.
Also, note that in many cases, the school district is an organ of the government at some level. In grade school I was required by the school district (an organ of the state government) to get certain immunizations before entering school. Calling it a demand of the school district vs. a demand of the government is like arguing big endian vs. little endian.
However, you raise an interesting possibility, specifically, that it was a lower authority that demanded immunization. IIRC, the ToS for my DSL connection at the office includes clauses about spreading virii. Under those clauses, it would be perfectly legitimate for an ISP to shut down a connection to an infected site at its sole discretion. The latest Code Red preferrentially attacks its own/24, and so an infected site is essentially hitting its ISP's other customers. If some of you are having big enough problems with your DSL routers, it might bear fruit to contact your ISP about shutting down the offenders, but do check your ToS first.
When will content publishers realize that security/encryption isn't worth a damn when the end party is NOT TRUSTED. Guess what? If I can read/view/hear it on my computer, there is a way of capturing it, and re-releasing it with no protection. This simple fact will never change. And yet the industries will waste countless millions of dollars trying to invent secure delivery/viewer systems, which is a complete fool's crusade.
They know it will never work. And yes, they will spend millions on lobbyists, lawyers, and programmers to make any copying, legal or otherwise, as difficult as possible. Why? Because it's a holding maneuver. As long as there is a return on investment for this protection shit they're working on, they don't care if it's viable long-term. The reason they do it is because for every dollar they spend on this amalgam of law and technology, they get a dollar plus epsilon in return, and epsilon is bigger in the short term for this than for any other investment they could make.
The NSA did the same thing WRT strong crypto for decades... every day they could delay its widespread usage was a victory. Similarly, every day the content industry can delay the commoditization of content is a victory for their side.
I've been watching my apache logs grow with requests for default.ida?blahblahblah and I had a weird thought last night. CR most likey has some bugs in it. How hard would it be to dissect a copy, find an exploitable buffer overflow, and write a CGI script that counter-attacks CR? I don't think it would be any harder than finding the original default.ida overflow. Or, if it really is making a shell available, why not just have the anti-worm log in and nuke CR?
You're entirely wrong when you say there is no difference between physical and wireless networks.
And you're entirely wrong trying to tell me that my personal experience is wrong. I said that I do not consider any wired network to which I have ever connected secure, therefore it's no different for me to switch to wireless.
I understand that most people think of their network connection as being sort of like a phone line for computers, and think of a connection between computers over a network as sort of like a phone call between computers. Private, isolated, secure. They're wrong, of course, and personally, I don't consider a network medium secure unless I personally control access to the premises or can see all of the wires and equipment without wandering around or turning my head. I don't even take for granted the security of my Apartment Area Network. Why? I have a roommate and a landlord.
What difference does it make whether the network media is secure? I have been connected at one point or another to a variety of different wired networks and I have not considered any of them secure. Therefore wireless is no different from a security standpoint than Ethernet. As a result I use secure applications (ssh, https, etc). Is there any compelling reason why someone should not use secure applications on every network whether it's a secure one or not?
That's a myth. Either that or it's a fairly recent phenomenon. I was at the Beijing McDonald's around lunchtime for about twenty minutes one day in 1994 and the place was damn near empty. So was the one on the other side of Tian'an'men square the next day.
On the other hand, it is kind of a one-of-a-kind experience to see fifteen Buddhist monks in full garb sit down to eat across from you at McDonald's. What ever happened to the idea of Mu?
Any ISP that does choose to do "virus support" should also add a line-item charge for doing so. ISPs run the network. E-mail is not a part of the network, but a service that runs on the network and it's job is to deliver to you any message that bears your address. What the client software does with it is 1) out of the ISP's hands and 2) irrelevant to email delivery.
Anyway, isn't this all unconstitutional? Maybe not. The constitution (Article I, section 8) grants authors and inventors "exclusive right to their respective writings and discoveries." Seems like this could conceptually include access restrictions.
Remember that this bit of the Constitution that we're talking about is also the basis of patent law. The fact that this particular right has never been part of copyright law before now is irrelevant to the Constitutionality of the DMCA. It has been a part of patent law, meaning that Congress does have power over this right, and it is granted by the clause in question. They've just decided that copyright law needs it, too.
I think the first amendment issue is the direction to attack the DMCA. That and a demostrative example or logical argument of how the DMCA actually harms society. Here is one (taken from the Chicago Protest Information Packet, which I co-wrote):
"...the DMCA is materially harmful to society. Under the DMCA it is criminal to discover and openly discuss a flaw in a security system which is designed to control access to information. The net effect of this provision is that flaws in such systems are 'protected' from ever being fixed. The result is an accumulation of security systems which don't secure anything, due to their flaws, placing people at risk of such treacherous acts as identity theft and fraud."
The fact that the Constitution itself does not grant copyright, but rather allows Congress to do so is beside the point.
The Constitution allows Congress to grant exclusive rights to authors and inventors for limited times to promote the useful arts and sciences. How long can long be and still be limited? Many people think that the current law is too long. What exclusive rights? The right to copy, derive, use, and distribute the author's/inventor's work. What if it actually harms the useful arts and sciences? That is the subject of two and a quarter centuries of debate (see also: Liberal vs. Constructionist).
One might also settle for The Onion. They've got the balls to cover any story exactly how it deserves to be covered, no matter how touchy it is politically.
So? They can buy it for whatever reason they want to.
Yes. I agree. And you're still missing the point. I'm not saying that there's anything wrong with people giving up an arm and a leg in order to watch TV (in fact, I have not stated my opinion of the phenomenon, quite intentionally). I am saying that here on./ the prevailing opinion seems to be that people will just give up on TV, and I am saying that no, they won't.
I'm going to repeat that just for you, codeforprofit2:
They can buy it for whatever reason they want to, and contrary to what many non-TV-watching./ers* might think, they will.
* And don't even try to interpret that the wrong way. It says "non-TV-watching./ers", not "./ers don't watch TV."
people should be free to determine for themself what they want or don't want. Thats not any of mine or your business.
I agree, but I think that most people would sooner give up the entire contents of their bookshelves or (in the US) even their 2nd ammendment rights before they gave up TV. That is my point. People here seem to think that when people "out there" have to pay money to watch or record TV, they'll stop. Fact is, most of them are already paying to watch TV (cable), and I think most of them would pay to record the things that they want to record. And if they aren't allowed to record the stuff they want, then they'll just find a way to watch it when it's on or just watch something else.
Simply put, lots of people can't imagine life without TV. They'll go pretty far with whatever scheme the industry invents before they give up and do something else with their time.
I have no plans to get any TV. What would it get me, anyway? Talk shows, sitcoms, talking heads... and, oh yeah, a couple of channels with a couple of good shows (few of which are available outside of cable).
Slashdot Mirror
Ok, so you've found paragraph 3(a), how about 3(b), and 3(c)... hmm?
There are options. Providing the source with the binary is one option. Option B is distributing an offer to send the source separately. Option C is only available to people to are 1) distributing binaries and 2) received said binaries from someone who used option B, and basically guarantees the propagation of the offer.
Note that in all three cases, the source is made available to the person who received the binaries and the source need not be made available to people who did not receive the binaries. The fact that source is generally distributed to anyone, regardless of their possession of binaries, is only a convention.
nowhere does it state that the source code must be distributed with the binaries.
I beg to differ:
"3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)"
The folks here at the Fortune 500 company I work for who have been working around the clock since Wednesday trying to clean up this mess will be real happy to hear that you don't believe it exists.
Folks at your Fortune 500 company will also be real happy to hear that they can get, for free in many cases, a webserver and operating system that are significantly less susceptible to this sort of thing, especially since updated packages which fix this type of hole can be installed near-automatically generally within a day of discovering the vulnerability, and support for this platform is available from any one (or several, if they like) of thousands of people and companies around the world. They don't even have to buy new hardware, it will run on their existing systems.
Would you mind suggesting it to them?
Yes. I know. I live in Chicago. I laughed. You should, too.
the Brothers W do it right (no way I'm gonna try to spell that name ;)
It's W-A-R-N-E-R.
Or for that matter, how long would it be before Hussein jams a bowie knife into the thing just to spite the son of Bush?
Yes there is. It's sovereignty is on pretty thin ice, but it does exist, and it is technically a coutry.
1 &mode=nested
3 &mode=nested
9 &mode=nested
4 4&mode=nested
4 2&mode=nested
3 8&mode=nested
0 9&mode=nested
See these articles:
http://slashdot.org/article.pl?sid=01/07/16/17421
http://slashdot.org/article.pl?sid=00/07/02/16025
http://slashdot.org/article.pl?sid=01/03/12/06025
http://slashdot.org/article.pl?sid=01/03/06/00252
http://slashdot.org/article.pl?sid=00/10/09/22142
http://slashdot.org/article.pl?sid=00/06/07/01532
http://slashdot.org/article.pl?sid=00/06/04/17422
and this:
http://www.sealandgov.com/
Make of it what you will.
It really caught my eye where they claimed 110 million Hotmail accounts. I wonder... if Hotmail implemented an activity percentile (a la Sourceforge) how many of those 110 million would fall into the bottom %1? ... the bottom %0.5?
Here's how (I could tell you how I know this, but I'd have to kill you):
1) Obtain a floppy disk
2) Carefully disassemble the disk
3) Obtain several matches
4) Carefully remove the sulfur compound from the matchheads and collect
5) Apply a very thin layer of Elmer's glue to the floppy disk media (it may help to add a small amount of water to the glue)
6) Liberally dust the media with sulfur compound
7) Let dry
8) Reassemble disk
Now this disk is ready to make flames shoot out of the floppy drive. Just insert and access.
DISCLAIMER: If you try this, you are an idiot and the consequences of doing so are entirely your fault
We said it was free of VIRUSES, we never said it was free of worms.
This is correct, but some definitions are in order.
A virus is not a program. It is a piece of code which spreads by inserting itself into programs. The inserted copies execute when someone runs the infected program. Essentially, what this means is that a virus exploits weak filesystem security. These are generally not such a big deal on Linux and Unix in general because Unix-like operating systems have strong filesystem security, and the only program files that a user can infect are the ones owned by that user. Stuff installed "on the system" (as opposed to in a user's home directory) is not owned by any of the regular users, but rather by an administrative account, often root. Note that if you are logged in as root, and you happen to run a virus infected binary, you will have a major system-wide virus infection. For this (and other) reasons, the person with the root password is supposed to be intelligent about such things.
A worm is a program that spreads by copying itself from place to place and then causing the copies to execute. This essentially means that worms spread by exploiting just about any sort of bug. The Code Red, SirCam, and some other major auto-exploits of the last few years have been misidentified as virii, when in fact they are worms. Linux and Unix are susceptible to worms because the majority of worms spread via bugs in programs, and it is a well-understood fact that the occassional bug is inevitable, no matter how vigilant the coder.
A third variety of exploit is the aptly named trojan horse. A trojan horse spreads by misrepresenting itself to a naive user, and duping the user into running it. The LoveBug and AnnaKournikova email "virii" are actually examples of trojan horses. Linux and Unix are somewhat susceptible to trojan horses, but they are by and large also blocked by the same strong filesystem security and intelligent system administrator that blocks virii.
NOBODY is required to be immunized against anything by the government. School districts require it, yes. But there are people out there who have NOT been vaccinated for various "standard-vaccination" type diseases
/24, and so an infected site is essentially hitting its ISP's other customers. If some of you are having big enough problems with your DSL routers, it might bear fruit to contact your ISP about shutting down the offenders, but do check your ToS first.
Ahem... you could be talking about any one of hundreds of governments in this world and the person you responded to could be talking about any one of the other governments. I was required by the government of Australia to get certain vaccinations (I forget which) before visiting the country.
Also, note that in many cases, the school district is an organ of the government at some level. In grade school I was required by the school district (an organ of the state government) to get certain immunizations before entering school. Calling it a demand of the school district vs. a demand of the government is like arguing big endian vs. little endian.
However, you raise an interesting possibility, specifically, that it was a lower authority that demanded immunization. IIRC, the ToS for my DSL connection at the office includes clauses about spreading virii. Under those clauses, it would be perfectly legitimate for an ISP to shut down a connection to an infected site at its sole discretion. The latest Code Red preferrentially attacks its own
When will content publishers realize that security/encryption isn't worth a damn when the end party is NOT TRUSTED. Guess what? If I can read/view/hear it on my computer, there is a way of capturing it, and re-releasing it with no protection. This simple fact will never change. And yet the industries will waste countless millions of dollars trying to invent secure delivery/viewer systems, which is a complete fool's crusade.
They know it will never work. And yes, they will spend millions on lobbyists, lawyers, and programmers to make any copying, legal or otherwise, as difficult as possible. Why? Because it's a holding maneuver. As long as there is a return on investment for this protection shit they're working on, they don't care if it's viable long-term. The reason they do it is because for every dollar they spend on this amalgam of law and technology, they get a dollar plus epsilon in return, and epsilon is bigger in the short term for this than for any other investment they could make.
The NSA did the same thing WRT strong crypto for decades... every day they could delay its widespread usage was a victory. Similarly, every day the content industry can delay the commoditization of content is a victory for their side.
I've been watching my apache logs grow with requests for default.ida?blahblahblah and I had a weird thought last night. CR most likey has some bugs in it. How hard would it be to dissect a copy, find an exploitable buffer overflow, and write a CGI script that counter-attacks CR? I don't think it would be any harder than finding the original default.ida overflow. Or, if it really is making a shell available, why not just have the anti-worm log in and nuke CR?
You're entirely wrong when you say there is no difference between physical and wireless networks.
And you're entirely wrong trying to tell me that my personal experience is wrong. I said that I do not consider any wired network to which I have ever connected secure, therefore it's no different for me to switch to wireless.
I understand that most people think of their network connection as being sort of like a phone line for computers, and think of a connection between computers over a network as sort of like a phone call between computers. Private, isolated, secure. They're wrong, of course, and personally, I don't consider a network medium secure unless I personally control access to the premises or can see all of the wires and equipment without wandering around or turning my head. I don't even take for granted the security of my Apartment Area Network. Why? I have a roommate and a landlord.
But incredibly insecure?
What difference does it make whether the network media is secure? I have been connected at one point or another to a variety of different wired networks and I have not considered any of them secure. Therefore wireless is no different from a security standpoint than Ethernet. As a result I use secure applications (ssh, https, etc). Is there any compelling reason why someone should not use secure applications on every network whether it's a secure one or not?
That's a myth. Either that or it's a fairly recent phenomenon. I was at the Beijing McDonald's around lunchtime for about twenty minutes one day in 1994 and the place was damn near empty. So was the one on the other side of Tian'an'men square the next day.
On the other hand, it is kind of a one-of-a-kind experience to see fifteen Buddhist monks in full garb sit down to eat across from you at McDonald's. What ever happened to the idea of Mu?
Any ISP that does choose to do "virus support" should also add a line-item charge for doing so. ISPs run the network. E-mail is not a part of the network, but a service that runs on the network and it's job is to deliver to you any message that bears your address. What the client software does with it is 1) out of the ISP's hands and 2) irrelevant to email delivery.
I think the more pertinent statistic is that 99 out of 100 Senators don't search for anything online except porn.
Anyway, isn't this all unconstitutional? Maybe not. The constitution (Article I, section 8) grants authors and inventors "exclusive right to their respective writings and discoveries." Seems like this could conceptually include access restrictions.
Remember that this bit of the Constitution that we're talking about is also the basis of patent law. The fact that this particular right has never been part of copyright law before now is irrelevant to the Constitutionality of the DMCA. It has been a part of patent law, meaning that Congress does have power over this right, and it is granted by the clause in question. They've just decided that copyright law needs it, too.
I think the first amendment issue is the direction to attack the DMCA. That and a demostrative example or logical argument of how the DMCA actually harms society. Here is one (taken from the Chicago Protest Information Packet, which I co-wrote):
"...the DMCA is materially harmful to society. Under the DMCA it is criminal to discover and openly discuss a flaw in a security system which is designed to control access to information. The net effect of this provision is that flaws in such systems are 'protected' from ever being fixed. The result is an accumulation of security systems which don't secure anything, due to their flaws, placing people at risk of such treacherous acts as identity theft and fraud."
The fact that the Constitution itself does not grant copyright, but rather allows Congress to do so is beside the point.
The Constitution allows Congress to grant exclusive rights to authors and inventors for limited times to promote the useful arts and sciences. How long can long be and still be limited? Many people think that the current law is too long. What exclusive rights? The right to copy, derive, use, and distribute the author's/inventor's work. What if it actually harms the useful arts and sciences? That is the subject of two and a quarter centuries of debate (see also: Liberal vs. Constructionist).
One might also settle for The Onion. They've got the balls to cover any story exactly how it deserves to be covered, no matter how touchy it is politically.
Like passport.com? Imagine it would be awefully hard to flood that to death unless you were flooding it from other MSN servers.
So? They can buy it for whatever reason they want to.
./ the prevailing opinion seems to be that people will just give up on TV, and I am saying that no, they won't.
./ers* might think, they will.
./ers", not "./ers don't watch TV."
Yes. I agree. And you're still missing the point. I'm not saying that there's anything wrong with people giving up an arm and a leg in order to watch TV (in fact, I have not stated my opinion of the phenomenon, quite intentionally). I am saying that here on
I'm going to repeat that just for you, codeforprofit2:
They can buy it for whatever reason they want to, and contrary to what many non-TV-watching
* And don't even try to interpret that the wrong way. It says "non-TV-watching
people should be free to determine for themself what they want or don't want. Thats not any of mine or your business.
I agree, but I think that most people would sooner give up the entire contents of their bookshelves or (in the US) even their 2nd ammendment rights before they gave up TV. That is my point. People here seem to think that when people "out there" have to pay money to watch or record TV, they'll stop. Fact is, most of them are already paying to watch TV (cable), and I think most of them would pay to record the things that they want to record. And if they aren't allowed to record the stuff they want, then they'll just find a way to watch it when it's on or just watch something else.
Simply put, lots of people can't imagine life without TV. They'll go pretty far with whatever scheme the industry invents before they give up and do something else with their time.
I have no plans to get any TV. What would it get me, anyway? Talk shows, sitcoms, talking heads... and, oh yeah, a couple of channels with a couple of good shows (few of which are available outside of cable).