Seriously get out your resume and start updating it. Once management starts treating all programmers as interchangeable is the day that all things start going to hell. Programmers are not interchangeable, and all languages are not interchangeable. I sure hope you guys don't do anything that requires AI or if you do I sure hope you don't do anything that requires graphical interfaces because you are screwed either way if you need to pick one language.
I am sure we could all make due building every road out of steal, but it would certainly be a little expensive, because if we need to build everything out of the same material because all road builders need to be interchangeable, than we would never be able to build a bridge over say San Francisco Bay with using stones...
Oh a side note, I too have a CS degree, but I have worked IT and always planned to work IT since my sophomore year in college. In fact I changed majors from Electrical and Computer Engineering to CS, mainly because I knew I was going into IT (and I already knew most things that an IT degree would have taught me).
I've been working in IT for 7 years now. We have 2-3 other CS degree's in our group. I use that knowledge to help our programmers work better with our beowulf cluster, trying to point out things to do and things not to do in their architecture.
Keep doing what you are doing:D
Seriously, many IT shops actually like having a few CS degrees in their ranks so that they can help from time to time with some custom programs, or help the internal programming groups better understand your in-house environment so the custom programs work better/efficient.
The Comcast box will never receive the RST-ACK since Comcast is forging the origin of the packet. If you respond with the RST-ACK, you will be sending it to the peer that Comcast is trying to get you to close the connection from in the first place.
If the MAFIAA suits are banking on IP == identity, and the ISP is forging packets with an IP that doesn't belong to any computer they own, isn't that a fairly serious form of forgery?
Yet another reason why anyone who knows anything about computers and networks have been saying the **AA's methods of identification are a complete joke and don't amount to anything that could be considered evidence.
The above does what it says, drop TCP RST packets on port 36745. That is all you need to do to keep it from affecting your other network applications which may be getting legit reset packets.
Dude, Linksys routers were SHIPPED with linux originally back in 2002. Yes, the "L" version came out in 2005, the only reason there is an "L" version is because after v3 of the WRT54G, Linksys removed 1/2 the memory and switched to a proprietary firemware and not open source because they were threatened with lawsuits due to the original versions and not fully complying at first with release of the source code. They felt they had given up too many secrets of how their hardware worked when they had to release the source code in compliance with the GPL, and also wanted to cut production costs. The "L" version was really just a WRT54G version 3 hardware, which they then priced a lot higher...
We still might get the lawsuits. If you read that, the section 4(B)(ii) requires it to be "determined to be lawful", only the Courts can determine that the acts are lawful, not the President. As such, if the Court decides that the act was not lawful, the Telecom is still not immune to the activity.
He talks EXACTLY WHY the solar power->electric->battery WON'T WORK! Because it will take over a decade for electric cars make it to most households even if we outlawed all non-electric car sales today! Cars have a life expectancy of 10 years or more, which means you will see that same 2007 car that was bought last year on the road until 2017 or later. The government could even outright outlaw all gas powered cars today and still you would not see a full uptake of electric or hybrid cars for several years because people can't afford to make the purchase. Again, it is usually every 3-4 years for someone to get a different car, but not necessarily a brand new car (usually a used one), and most cars will see at least 10 years and 3 owners. This means people expect to have 10 years to save up to purchase a brand new vehicle, or 3 years to save up for a several year old used one. Any change that would be significant would need to be able to affect ALL cars at the same time, not after 10 years. This is why a fuel change that can be used in existing cars is the method of choice to change our energy usage. Yes, keep the hybrids and electrics coming, but do the thing right now which can affect ALL cars right now! And let the 10+ year solution continue to work as well.
There is a very simple fix and it will be to have the costs and time that is needed to fix everything that occurs when someone's identity is stole be put on those responsible for the loss of the information which enabled the identity to be stolen in the first place.
This means, if a company has a database which is breached from a known security vulnerability or from complete disregard of standard security practices, that company should be liable to fix the issue, not the customer who's data was lost. Any time that the customer has to spend dealing with banks, financial institutions, and government groups relating directly to having to fix issues from the stolen identity should be time that is directly charged to the company at a set fee, or the company can directly handle the issues themselves in some fashion.
The next step would be to start putting fines on companies that repeatedly let personal data be stolen or otherwise inappropriately accessed.
Two major things would start happening with laws like the above in place. 1) Personal financial data will no longer be stored 2) Customer information will also no longer be brokered between companies
These are both very good things for the consumer. Yes, there will be the extra hassle of needing to input your data each time you make a purchase online, but you could always setup your browser to store that information and have it auto-complete (not that I recommend doing that). There is no need for companies and business to keep full credit card information of a customer. The last 4 digits should suffice, and in the even of a return, the customer would need to submit the full card number so the return can be processed.
The only times this will cause any kind of problem is when dealing with pre-orders and returns. For a purchase that is happening and being charged at the moment, nothing will need to change, and it will work as normal.
I was going to point these out as well. These things are unbelievable. We use them to ship stuff all over the place. I am talking about sending fully configured suites of computers (disks removed and foam support around the inside of case). They get there everytime and almost always without issue. Someone has to drive a forklift through the case for it to get destroyed (had that happen).
Yes, anyone in IT understands these issues. But the fact remains that no one in IT is being listened to when they are calling this same information proof of infringement. This study is to show that their "proof" which is being used in these same cases is as worthless as all the IT people have said it was from the beginning, and that the checks the **AA investigators are using to confirm that they are not accusing the wrong people are as worthless as well in terms of verifying/screening false positives. This study shows for a FACT that false positives are occurring and occurring ALL THE TIME.
Get 2 Linksys WRT54GL rounters, one for each site, and replace an antenna on each with a Hawking [HAO14SDP] directional antenna, and align them to point at each other. Might be best to roof mount the antenna, but aligning them will be the hardest part. You might only need to buy one of the directionals and get an omni for the other antenna at the other site, and rely on the directional to make the connection. I own one of the directionals and it is in my "travel kit", i.e., whenever I go on the road, I have a laptop, a WRT54GL, and the 14dBi directional and do a quick scan around where-ever I am so I can get on the web for a quick fix if the hotel/friend/etc., doesn't have a network connection.
... if "no" simply does not work, discuss the costs of creating and maintaining a replication server which their custom queries will run so that none of their queries will affect the stability and performance of your main production database.
I am just wondering if it has to be 1U. You can get a nice 4U server complete for $350. It is close to your specs already. Just upgrade RAM, and add a second hard drive, possibly upgrade processor (it has an Intel 775 socket motherboard with 1066FSB Core 2 Duo processor support). So $30 for extra RAM,
$60 for disk, and possibly $200 for new CPU, you are still just in the $500-600 range, which isn't bad at all.
http://www.superlogics.com/rackmount-computer/rackmount-computers/SL-4U-CL-M900-HA/316-2541.htm
Comcast is most likely the source. Comcast is sending RST packets to both ends of the P2P connection, not just their subscribers. So simply having a large number of RST packets may simply mean your P2P client is connected to a large number of Comcast clients. We have know for a while that Comcast is sending the packets to both their own customer and forging a packet to their customer's destination. If Comcast wasn't sending the packets like that, all it would take would be a firewall filter to drop incoming RST packets on the in-bound P2P port used, and all Comcast P2P users would be fine. But we know this not to be the case, because we learned through tests, that BOTH ends need to have that filter in place for it to keep Comcast from resting the connection.
The difference here is that this is State court, not Federal court. This ruling will have no effect on any Federal case made in or against citizens of New Jersey. It does have precedence over any State or Municipal actions made in New Jersey.
Actually, there have been many studies that have proved that there are things which your muscles/nervous system will do without interaction from the brain. Many of these involved reflex actions as well as trained reflex actions where-in the muscles started to perform their actions faster than the time it takes for the nervous system to transmit the signal to the brain, let alone receive one back from the brain.
I mean, I have $8k in speakers/subs alone and that doesn't include the $2500 in amps.
Heck, I think I have over $21k in my setup, and that is just on the speakers, TV, stand, audio rack, DVD player, audio/video pre-processor, amplifiers, HTPC/DVR, and data server. Now grant it I have something like 7TB of storage now in that setup, and over 3000W of speaker/subs, but I don't even have close to my dream theater, which includes at least 2 rows of seating, and room audio treatments...
Some of the comments made were very interesting. He really slammed someone that I take was either an Intel rep, or otherwise associate. The best was when that rep/associate/whoever criticized Nvidia about their driver issues in Vista, and the slam-dunk response that I paraphase, "If we [Nvidia] only had to support the same product/application that Intel has [Office 2003] for the last 5 years then we probably wouldn't have as many driver issues as well. But since we have new products/applications that our drivers need to support which come out every day, it makes things a little more complicated".
I am just wondering, what percentage of the "patch available on the day the vulnerability is made public" were first disclosed to Microsoft or Apple months in advance from researchers and other sources and simply NOT posted on the "public" notification sites? We see stories all the time of security researchers making public vulnerabilities MONTHS if not YEARS after disclosing them to Microsoft because Microsoft still had not patched the issue, and the only way the researcher could get anyone to even look at the problem or admit it is a problem is to put it on the public notification sites. But those things are not being counted here, but we know many times these researchers will give the company a heads up before posting the vulnerability and make a promise not to disclose until a fix is ready (many times for a fee). We also know that there are vulnerabilities that are "public" to the hackers, but not the general "public". Are those being counted?
To me you can't make a claim such as one company being the fastest in patching without taking into account when the company was notified of the issue and measuring when it was fixed from that time, and not the time that the quote, unquote public was made aware of the problem.
As much as it has the potential to scare me, there were other reasons why the case went forward. He did destroy his hard drive and a thumb drive minutes before the FBI raided his home. As much as I can believe that it is possible for others to have highjacked his system or been tricked to clicking the link, etc., I have a hard time believing that he didn't go there to find some child porn due to his actions when he was about to be caught. Add to that the fact that they were able to recover some evidence of child porn on the disk he attempted to completely destroy...
Now does that mean that I think criminalizing attempts to do something is right? No, but then again, it is also criminal to attempt suicide (which incidentally is not a crime if you actually succeed)...
I mean, these guys are good enough to steal the design and have the knowledge to manufacture the device. What prevents them from modifying the IC to remove the lock? I mean, they are the ones actually making it. I am sure they have someone smart enough to be able to find the "added" authentication portion in the design docs, since the design docs probably have it named exactly what it is (i.e. the Epic lock circuit)....
Well, I am sorry to say it, but AMD is dying at this moment. Their purchase of ATI was disastrous for them and probably the worst move they have ever made. While "good on paper", the reality of it was that AMD was over-sold on the merits of ATI's then just about to be in production GPU from 2 years ago, and its in development (the current generation GPUs that they have now 3870/3850). As we still see today, even this current generation of GPU's from AMD can not outperform Nvidia's last generation 8800 series, even with 1.5 years time to reach that level of performance. This have seriously damaged their ability to be profitable in the video card segment as they have had to price their cards much lower than Nvidia to be even considered from a prospective customer. This is the same battle they are fighting on their CPU side as well ever since Intel released the Core Duo (and the subsequent Core 2 Duo, Core 2 Duo Extreme, Quad Core, and Quad Extreme processors). Basically, on the mid and high end desktop market, AMD has had no real competing product for about 1-2 years, and again, have to settle on pricing against the comparable performance Intel CPU. Intel gets to use the production line chips that fail to meet full speed for slower binned parts which in many cases still outperform AMD's fastest performing part. This is allowing Intel to keep their costs lower, and forcing AMD to slowly bleed to death because they can not afford to price their chips that low. And the high debt AMD incurred on the ATI purchase has been keeping them from doing what they have done in the past when they had a poorer performing chip, i.e. cut costs, bunker down, and increase development dollars on the next gen that was in progress to push up the release date of the new architecture. However, the lack of cash on hand is making that last part impossible to do. And early indications are not looking good even for this current line of quad cores and tri-cores. Basically, these chips still can not get near the performance of the current high end Intel chips.
Slashdot Mirror
Seriously get out your resume and start updating it. Once management starts treating all programmers as interchangeable is the day that all things start going to hell. Programmers are not interchangeable, and all languages are not interchangeable. I sure hope you guys don't do anything that requires AI or if you do I sure hope you don't do anything that requires graphical interfaces because you are screwed either way if you need to pick one language.
I am sure we could all make due building every road out of steal, but it would certainly be a little expensive, because if we need to build everything out of the same material because all road builders need to be interchangeable, than we would never be able to build a bridge over say San Francisco Bay with using stones...
Oh a side note, I too have a CS degree, but I have worked IT and always planned to work IT since my sophomore year in college. In fact I changed majors from Electrical and Computer Engineering to CS, mainly because I knew I was going into IT (and I already knew most things that an IT degree would have taught me).
I've been working in IT for 7 years now. We have 2-3 other CS degree's in our group. I use that knowledge to help our programmers work better with our beowulf cluster, trying to point out things to do and things not to do in their architecture.
Keep doing what you are doing :D
Seriously, many IT shops actually like having a few CS degrees in their ranks so that they can help from time to time with some custom programs, or help the internal programming groups better understand your in-house environment so the custom programs work better/efficient.
The Comcast box will never receive the RST-ACK since Comcast is forging the origin of the packet. If you respond with the RST-ACK, you will be sending it to the peer that Comcast is trying to get you to close the connection from in the first place.
I thought it was innocent until proven guilty?
Which decade do you think you live in? When computers are involved you are always guilty until proven innocent.
If the MAFIAA suits are banking on IP == identity, and the ISP is forging packets with an IP that doesn't belong to any computer they own, isn't that a fairly serious form of forgery?
Yet another reason why anyone who knows anything about computers and networks have been saying the **AA's methods of identification are a complete joke and don't amount to anything that could be considered evidence.
As my subject says. This is why you only put the filter on the specific port you are using for P2P traffic. For instance, my rule is as follows:
iptables -I FORWARD 3 -p tcp --dport 36745 --tcp-flags RST RST -j DROP;
The above does what it says, drop TCP RST packets on port 36745. That is all you need to do to keep it from affecting your other network applications which may be getting legit reset packets.
Dude, Linksys routers were SHIPPED with linux originally back in 2002. Yes, the "L" version came out in 2005, the only reason there is an "L" version is because after v3 of the WRT54G, Linksys removed 1/2 the memory and switched to a proprietary firemware and not open source because they were threatened with lawsuits due to the original versions and not fully complying at first with release of the source code. They felt they had given up too many secrets of how their hardware worked when they had to release the source code in compliance with the GPL, and also wanted to cut production costs. The "L" version was really just a WRT54G version 3 hardware, which they then priced a lot higher...
We still might get the lawsuits. If you read that, the section 4(B)(ii) requires it to be "determined to be lawful", only the Courts can determine that the acts are lawful, not the President. As such, if the Court decides that the act was not lawful, the Telecom is still not immune to the activity.
He talks EXACTLY WHY the solar power->electric->battery WON'T WORK! Because it will take over a decade for electric cars make it to most households even if we outlawed all non-electric car sales today! Cars have a life expectancy of 10 years or more, which means you will see that same 2007 car that was bought last year on the road until 2017 or later. The government could even outright outlaw all gas powered cars today and still you would not see a full uptake of electric or hybrid cars for several years because people can't afford to make the purchase. Again, it is usually every 3-4 years for someone to get a different car, but not necessarily a brand new car (usually a used one), and most cars will see at least 10 years and 3 owners. This means people expect to have 10 years to save up to purchase a brand new vehicle, or 3 years to save up for a several year old used one. Any change that would be significant would need to be able to affect ALL cars at the same time, not after 10 years. This is why a fuel change that can be used in existing cars is the method of choice to change our energy usage. Yes, keep the hybrids and electrics coming, but do the thing right now which can affect ALL cars right now! And let the 10+ year solution continue to work as well.
There is a very simple fix and it will be to have the costs and time that is needed to fix everything that occurs when someone's identity is stole be put on those responsible for the loss of the information which enabled the identity to be stolen in the first place. This means, if a company has a database which is breached from a known security vulnerability or from complete disregard of standard security practices, that company should be liable to fix the issue, not the customer who's data was lost. Any time that the customer has to spend dealing with banks, financial institutions, and government groups relating directly to having to fix issues from the stolen identity should be time that is directly charged to the company at a set fee, or the company can directly handle the issues themselves in some fashion.
The next step would be to start putting fines on companies that repeatedly let personal data be stolen or otherwise inappropriately accessed.
Two major things would start happening with laws like the above in place.
1) Personal financial data will no longer be stored
2) Customer information will also no longer be brokered between companies
These are both very good things for the consumer. Yes, there will be the extra hassle of needing to input your data each time you make a purchase online, but you could always setup your browser to store that information and have it auto-complete (not that I recommend doing that). There is no need for companies and business to keep full credit card information of a customer. The last 4 digits should suffice, and in the even of a return, the customer would need to submit the full card number so the return can be processed.
The only times this will cause any kind of problem is when dealing with pre-orders and returns. For a purchase that is happening and being charged at the moment, nothing will need to change, and it will work as normal.
I was going to point these out as well. These things are unbelievable. We use them to ship stuff all over the place. I am talking about sending fully configured suites of computers (disks removed and foam support around the inside of case). They get there everytime and almost always without issue. Someone has to drive a forklift through the case for it to get destroyed (had that happen).
Yes, anyone in IT understands these issues. But the fact remains that no one in IT is being listened to when they are calling this same information proof of infringement. This study is to show that their "proof" which is being used in these same cases is as worthless as all the IT people have said it was from the beginning, and that the checks the **AA investigators are using to confirm that they are not accusing the wrong people are as worthless as well in terms of verifying/screening false positives. This study shows for a FACT that false positives are occurring and occurring ALL THE TIME.
Get 2 Linksys WRT54GL rounters, one for each site, and replace an antenna on each with a Hawking [HAO14SDP] directional antenna, and align them to point at each other. Might be best to roof mount the antenna, but aligning them will be the hardest part. You might only need to buy one of the directionals and get an omni for the other antenna at the other site, and rely on the directional to make the connection. I own one of the directionals and it is in my "travel kit", i.e., whenever I go on the road, I have a laptop, a WRT54GL, and the 14dBi directional and do a quick scan around where-ever I am so I can get on the web for a quick fix if the hotel/friend/etc., doesn't have a network connection.
... if "no" simply does not work, discuss the costs of creating and maintaining a replication server which their custom queries will run so that none of their queries will affect the stability and performance of your main production database.
I am just wondering if it has to be 1U. You can get a nice 4U server complete for $350. It is close to your specs already. Just upgrade RAM, and add a second hard drive, possibly upgrade processor (it has an Intel 775 socket motherboard with 1066FSB Core 2 Duo processor support). So $30 for extra RAM, $60 for disk, and possibly $200 for new CPU, you are still just in the $500-600 range, which isn't bad at all. http://www.superlogics.com/rackmount-computer/rackmount-computers/SL-4U-CL-M900-HA/316-2541.htm
Comcast is most likely the source. Comcast is sending RST packets to both ends of the P2P connection, not just their subscribers. So simply having a large number of RST packets may simply mean your P2P client is connected to a large number of Comcast clients. We have know for a while that Comcast is sending the packets to both their own customer and forging a packet to their customer's destination. If Comcast wasn't sending the packets like that, all it would take would be a firewall filter to drop incoming RST packets on the in-bound P2P port used, and all Comcast P2P users would be fine. But we know this not to be the case, because we learned through tests, that BOTH ends need to have that filter in place for it to keep Comcast from resting the connection.
The difference here is that this is State court, not Federal court. This ruling will have no effect on any Federal case made in or against citizens of New Jersey. It does have precedence over any State or Municipal actions made in New Jersey.
Actually, there have been many studies that have proved that there are things which your muscles/nervous system will do without interaction from the brain. Many of these involved reflex actions as well as trained reflex actions where-in the muscles started to perform their actions faster than the time it takes for the nervous system to transmit the signal to the brain, let alone receive one back from the brain.
I mean, I have $8k in speakers/subs alone and that doesn't include the $2500 in amps.
Heck, I think I have over $21k in my setup, and that is just on the speakers, TV, stand, audio rack, DVD player, audio/video pre-processor, amplifiers, HTPC/DVR, and data server. Now grant it I have something like 7TB of storage now in that setup, and over 3000W of speaker/subs, but I don't even have close to my dream theater, which includes at least 2 rows of seating, and room audio treatments...
Some of the comments made were very interesting. He really slammed someone that I take was either an Intel rep, or otherwise associate. The best was when that rep/associate/whoever criticized Nvidia about their driver issues in Vista, and the slam-dunk response that I paraphase, "If we [Nvidia] only had to support the same product/application that Intel has [Office 2003] for the last 5 years then we probably wouldn't have as many driver issues as well. But since we have new products/applications that our drivers need to support which come out every day, it makes things a little more complicated".
I am just wondering, what percentage of the "patch available on the day the vulnerability is made public" were first disclosed to Microsoft or Apple months in advance from researchers and other sources and simply NOT posted on the "public" notification sites? We see stories all the time of security researchers making public vulnerabilities MONTHS if not YEARS after disclosing them to Microsoft because Microsoft still had not patched the issue, and the only way the researcher could get anyone to even look at the problem or admit it is a problem is to put it on the public notification sites. But those things are not being counted here, but we know many times these researchers will give the company a heads up before posting the vulnerability and make a promise not to disclose until a fix is ready (many times for a fee). We also know that there are vulnerabilities that are "public" to the hackers, but not the general "public". Are those being counted? To me you can't make a claim such as one company being the fastest in patching without taking into account when the company was notified of the issue and measuring when it was fixed from that time, and not the time that the quote, unquote public was made aware of the problem.
As much as it has the potential to scare me, there were other reasons why the case went forward. He did destroy his hard drive and a thumb drive minutes before the FBI raided his home. As much as I can believe that it is possible for others to have highjacked his system or been tricked to clicking the link, etc., I have a hard time believing that he didn't go there to find some child porn due to his actions when he was about to be caught. Add to that the fact that they were able to recover some evidence of child porn on the disk he attempted to completely destroy...
Now does that mean that I think criminalizing attempts to do something is right? No, but then again, it is also criminal to attempt suicide (which incidentally is not a crime if you actually succeed)...
I mean, these guys are good enough to steal the design and have the knowledge to manufacture the device. What prevents them from modifying the IC to remove the lock? I mean, they are the ones actually making it. I am sure they have someone smart enough to be able to find the "added" authentication portion in the design docs, since the design docs probably have it named exactly what it is (i.e. the Epic lock circuit)....
Well, I am sorry to say it, but AMD is dying at this moment. Their purchase of ATI was disastrous for them and probably the worst move they have ever made. While "good on paper", the reality of it was that AMD was over-sold on the merits of ATI's then just about to be in production GPU from 2 years ago, and its in development (the current generation GPUs that they have now 3870/3850). As we still see today, even this current generation of GPU's from AMD can not outperform Nvidia's last generation 8800 series, even with 1.5 years time to reach that level of performance. This have seriously damaged their ability to be profitable in the video card segment as they have had to price their cards much lower than Nvidia to be even considered from a prospective customer. This is the same battle they are fighting on their CPU side as well ever since Intel released the Core Duo (and the subsequent Core 2 Duo, Core 2 Duo Extreme, Quad Core, and Quad Extreme processors). Basically, on the mid and high end desktop market, AMD has had no real competing product for about 1-2 years, and again, have to settle on pricing against the comparable performance Intel CPU. Intel gets to use the production line chips that fail to meet full speed for slower binned parts which in many cases still outperform AMD's fastest performing part. This is allowing Intel to keep their costs lower, and forcing AMD to slowly bleed to death because they can not afford to price their chips that low. And the high debt AMD incurred on the ATI purchase has been keeping them from doing what they have done in the past when they had a poorer performing chip, i.e. cut costs, bunker down, and increase development dollars on the next gen that was in progress to push up the release date of the new architecture. However, the lack of cash on hand is making that last part impossible to do. And early indications are not looking good even for this current line of quad cores and tri-cores. Basically, these chips still can not get near the performance of the current high end Intel chips.