Careful now, don't give people ideas. Someone could pay Panama to block
all ports commonly used for file sharing, and maybe some TCP ports too!
Rather troubling that this new decree apparently also applies to any traffic
that just happens to go through Panama in the physical world. How critical is
Panama, anyway; and how easy is it to route around Panama?
How often do you see the phrase "[this] software is licensed, not sold"
on EULAs? Supposedly, when you purchase a piece of software, you are
just buying a license to use a copy of the software. The media you get
is an extra bonus, and in fact, you can purchase licenses without the
media, such as with certain operating systems from Redmond.
Wouldn't this allow you to argue that you have the right to obtain
another copy of the media, as long as you follow the provisions of the
license?
As a guess, probably because of the way the time() function works.
You can pass a pointer to time(), and it will store the current time in
the specified memory location, in addition to returning the value.
What happens when you pass an invalid pointer to the function? errno is
supposed to be EFAULT, and thus time() can return -1.
In Linux, system calls directly return the errno as a negative number,
and the kernel and libc reserve the first 4095 negative numbers for this
purpose. Since time_t is signed, this isn't a problem. However, you
would have a problem if you could not distinguish an errno return from a
valid return value.
Now, forcing everyone to use gettimeofday() instead of time() would
help solve this problem.
IMHO, You have to look at the way a tool is presented when determining responsibility. Selling a hammer in a weapons shop would be entirely different from selling the exact same hammer in a supply store. The implied use of items from a weapons shop is different from items in a supply store.
It is similar with rootkits and exploits. How and where someone gives you an exploit or rootkit is important. An exploit on a cracking website might have a different implied use from the same exploit on bugtraq.
Thus, I think you need to examine the intent of the distributor more than the intent of the maker.
Why do people find it difficult to use encryption over the networks they use?
A person should assume that any un-encrypted traffic over any network could be
easily monitored by someone with the right equipment, and relying on the
security of every machine along a route is dangerous.
IMHO, saying that encrypting traffic is too much effort is no longer a valid
excuse, now that tools such as ssh, PGP/GPG, and SSL are in wide use. In fact,
OpenSSH now supports dynamic port forwarding with socks support; which can
allow transparent encryption of traffic.
So, what is the hurdle that prevents people from using the tools available to
encrypt their traffic?
Question for the science fantasy people out
there: What would happen if it were possible to
embed something like Asimov's Three Laws into a
clone through some method that ensured that the
Laws were deeply embedded (as they were,
theoretically, with Asimov's robots.)
All the
benefits of a human, without all that nasty free
will stuff?
I was referring to having/tmp-like directories inside AFS./tmp-like
directories in AFS are used in practice, for example, I have access to a
cluster of machines that serve login shells to about 30,000+ users. The
machines are load-balanced through multiple A records (thus distributing the
load), and there is a tmp directory in AFS for the cluster. People are told to
use the AFS tmp directory and avoid/tmp, since/tmp isn't shared across the
machines.
However, AFS uses ACLs at directory-level, instead of at file-level,
which is a pain. Every file in a directory always has the same
permissions. This can lead to problems when you have security in mind,
such as with/tmp-like directories. Mode bits are completely ignored in
AFS, for both files and directories.
In addition, the ACL on a new directory are set to the parent's ACL.
Mode bits are also ignored for directories, meaning that a private
directory under/tmp is not possible without manually changing the
permissions (or having all your applications be AFS aware.)
So, no, I wouldn't say AFS has "good" support for ACLs, as they are
rather braindamaged without file-level ACLs.
For those of you that want to play one of the first MUDs (created by Richard Bartle), it is
available on the Internet at
http://www.british-legends.com/ for free play.
(Telnet address is british-legends.com port 27750)
Personally, I would rather have a kernel that works rather than
one that causes data corruption. For those that are watching
linux-kernel, they have still been working on
tracking down the innd corruption bugs. I think it is good that
the important bugs are being fixed instead of rushing a release
(Red Hat 7.0 anyone?) I would hardly call this vaporware.
One list of 2.4 issues is available
here, for the curious.
Ok, so port-scanning is legal in Georgia. However, would it make sense to only
apply this to port scans that use connect()? How many people would classify
stealth port scanning as being innocuos? If someone is trying to determine
what services I have running without me knowing about it, I might consider
that to have malicious intent. Similarly for trying to circumvent firewalls in
order to see what services are running.
Does anyone have any thoughts on
whether they would want stealth scanning to also be legal, if connect() scans
are legal?
>You do not have the right to use anyone elses computer hardware for
any purpose without permission.
I am not sure if this is strictly true. Would it then be illegal to send a
single ping to a machine to determine whether it is responding to packets? How about
traceroute? When you are using the Internet, you are using a lot of
other people's hardware without having explicit permission (i.e. routers,
backbone providers, and so forth)
It seems to me that by placing a machine
on the Internet, and running public services, you are implicitly granting
permission for people to use it for some purposes. (If the machine is also implicitly running a public service,
i.e. a router, implicit permission is also granted, IMHO)
I am hoping that this series won't be a mockery of the novels, and does better
than the David Lynch movie. I am slightly worried though about all the press/marketing
(hype?) around this version of Dune. For instance, the CNN article
compares the portrayal of Paul to "Luke Skywalker with a mind," which kind
of bothers me; why is it necessary to compare Dune with Star Wars?
Does anyone have any thoughts about the "amazingly big event" style in which
this version is being presented? (Look at all the stuff on the Sci-Fi site,
Dune sweepstakes?) Is all this marketing beneficial and in good taste?
If someone really wanted to use phone numbers, then using IPv6 would be a
good start, since it already has similar characteristics, and would not be a
patented technology.
IPv6 already has a similar scheme to area codes; the address space is
divided in a hierarchial fashion and delegated to regional authorities.
RFC 1881 has more
information on the address space for IPv6.
Would IPv6 also qualify as prior art for the patents they have pending?
One alternate method to using a forwarding service is to run your very own
server, on your very own freshly purchased domain. This method allows you to
control every aspect of the hardware and software on the machine, so that you
can use Linux instead of Windows NT, and decent MTAs like Postfix.
Since the server is under your control, you can be reasonably assured that
the machine won't magically disappear for some unknown reason, and as long as
you maintain the machine and pay the domain fees, you will have a permanent
mailbox. You can also play with nifty things like using dynamic DNS, running a
webserver, writing your own POP3 daemon that uses PostgreSQL, and so forth.
One nice thing about doing this is that you can setup relaying to allow you
to relay messages through your freshly installed mailserver, and get around
blocks placed on your ISP. (Some people block some parts of the big broadband
ISPs, like rr.com and mediaone.net)
(As to how to get a machine attached to the network, some ISPs *do* offer free
co-location space to people who work there.:)
I think it is a very poor excuse, considering that they could fix their flooding problems if they really wanted to. Right now, they use MS Exchange as their IRC server, with proxy servers to handle nick registration, since they cannot modify the MS Exchange code, and are unwilling to switch to an open-source IRC server. Before the proxies, they tried to use an IRC bot; however, the bot triggered a misfeature in MS Exchange which caused random people to be killed.
Many of the flooders abuse open wingates to get around the (ineffective, one-IP only) bans that TalkCity uses, and they could add a check to their proxies to scan for an open wingate, as many other networks have done. If they go to the trouble to try and prevent real clients from connecting, I do not see why they cannot scan for open wingates.
Slashdot Mirror
Rather troubling that this new decree apparently also applies to any traffic that just happens to go through Panama in the physical world. How critical is Panama, anyway; and how easy is it to route around Panama?
Wouldn't this allow you to argue that you have the right to obtain another copy of the media, as long as you follow the provisions of the license?
What about the SSS? Does that qualify as mandatory? The penalties for not registering can be severe, even though you may not be jailed for it.
You can pass a pointer to time(), and it will store the current time in the specified memory location, in addition to returning the value.
What happens when you pass an invalid pointer to the function? errno is supposed to be EFAULT, and thus time() can return -1.
In Linux, system calls directly return the errno as a negative number, and the kernel and libc reserve the first 4095 negative numbers for this purpose. Since time_t is signed, this isn't a problem. However, you would have a problem if you could not distinguish an errno return from a valid return value.
Now, forcing everyone to use gettimeofday() instead of time() would help solve this problem.
It is similar with rootkits and exploits. How and where someone gives you an exploit or rootkit is important. An exploit on a cracking website might have a different implied use from the same exploit on bugtraq.
Thus, I think you need to examine the intent of the distributor more than the intent of the maker.
IMHO, saying that encrypting traffic is too much effort is no longer a valid excuse, now that tools such as ssh, PGP/GPG, and SSL are in wide use. In fact, OpenSSH now supports dynamic port forwarding with socks support; which can allow transparent encryption of traffic.
So, what is the hurdle that prevents people from using the tools available to encrypt their traffic?
All the benefits of a human, without all that nasty free will stuff?
Also, /tmp is usually set sticky, which restricts deletion to the owner or a super-user.
I was referring to having /tmp-like directories inside AFS. /tmp-like
directories in AFS are used in practice, for example, I have access to a
cluster of machines that serve login shells to about 30,000+ users. The
machines are load-balanced through multiple A records (thus distributing the
load), and there is a tmp directory in AFS for the cluster. People are told to
use the AFS tmp directory and avoid /tmp, since /tmp isn't shared across the
machines.
In addition, the ACL on a new directory are set to the parent's ACL. Mode bits are also ignored for directories, meaning that a private directory under /tmp is not possible without manually changing the
permissions (or having all your applications be AFS aware.)
So, no, I wouldn't say AFS has "good" support for ACLs, as they are rather braindamaged without file-level ACLs.
(Telnet address is british-legends.com port 27750)
One list of 2.4 issues is available here, for the curious.
Does anyone have any thoughts on whether they would want stealth scanning to also be legal, if connect() scans are legal?
any purpose without permission.
I am not sure if this is strictly true. Would it then be illegal to send a single ping to a machine to determine whether it is responding to packets? How about traceroute? When you are using the Internet, you are using a lot of other people's hardware without having explicit permission (i.e. routers, backbone providers, and so forth)
It seems to me that by placing a machine on the Internet, and running public services, you are implicitly granting permission for people to use it for some purposes. (If the machine is also implicitly running a public service, i.e. a router, implicit permission is also granted, IMHO)
Does anyone have any thoughts about the "amazingly big event" style in which this version is being presented? (Look at all the stuff on the Sci-Fi site, Dune sweepstakes?) Is all this marketing beneficial and in good taste?
IPv6 already has a similar scheme to area codes; the address space is divided in a hierarchial fashion and delegated to regional authorities. RFC 1881 has more information on the address space for IPv6.
Would IPv6 also qualify as prior art for the patents they have pending?
Since the server is under your control, you can be reasonably assured that the machine won't magically disappear for some unknown reason, and as long as you maintain the machine and pay the domain fees, you will have a permanent mailbox. You can also play with nifty things like using dynamic DNS, running a webserver, writing your own POP3 daemon that uses PostgreSQL, and so forth.
One nice thing about doing this is that you can setup relaying to allow you to relay messages through your freshly installed mailserver, and get around blocks placed on your ISP. (Some people block some parts of the big broadband ISPs, like rr.com and mediaone.net)
(As to how to get a machine attached to the network, some ISPs *do* offer free co-location space to people who work there. :)
Many of the flooders abuse open wingates to get around the (ineffective, one-IP only) bans that TalkCity uses, and they could add a check to their proxies to scan for an open wingate, as many other networks have done. If they go to the trouble to try and prevent real clients from connecting, I do not see why they cannot scan for open wingates.