In DirecTV's defense, the brief snippet I read (TFA wasn't must of an FA) did not indicate who accessed the site--only "associates of DirecTV". Was it their lawyers? Should DirecTV fire their lawyers, with whom they have a huge, long working relationship and start over because they went against the spirit of an "agreement" with a website in the name of protecting their client? It's a moral question and one to which their is no answer, but my question to you is this: Is there a difference between someone acting on the behalf of DirecTV accessing that site and the president of DirecTV accessing that site? How far removed must a person be from DirecTV before you feel that DirecTV is immoral due to the actions detailed in this suit?
The actions by those kids could probably be construed as damaging, which the OP already said was illegal. A small US example would be allowing people to walk through your yard (presuming it isn't fenced in--I'm not sure how the laws apply to a fenced in forest in Finland.) Do you throw a fit every time someone strolls through your yard on the way to another destination? Do you kick them off your property if they walk up to take a look at your rosebushes?
I think the Finn way is a nicer way to live, and honestly, it's closer to the spirit if free software than the American property ideal.
...unless you are blind. Some sites have alternate audio versions for the vision-impaired, but it's still a problem.
And even if you aren't blind, I've run into many a captcha that I couldn't decipher. Poorly designed sites may delete the entire content of your post if you fail the captcha, but I guess that's a design issue for another topic.
Testing "all possible states" is virtually impossible. That means testing every value for every variable your program uses. Even if you don't go that far, but test every possible input instead, for all but the most trivial programs, this is going to take forever. Anything which parses arbitrary input (grep, for example?) certainly cannot be tested in this manner as the set of all possible input is infinite. Other forms of input might be constrainable, but testing all possible input could still take years.
And that's assuming the libraries and OS you're using are perfect.
This also all assumes that the hardware is without error. Leaking capacitors can change the 'correctness' of the hardware over time, meaning that your software no longer interfaces with something which is "to spec".
I believe that is the point. Consider, however, the implications of the government requiring all ISPs to use the network monitoring technology. All traffic would be kept, and could be correlated. If your particular Tor connection happened to stay completely within the US, they could still track everything you did. If they got help from other countries, they might still be able to track you.
Never attribute to malice that which is adequately explained through ignorance/stupidity. Or the bottom line.
The reason they want those CDs installed is to make sure your computer is set up "the right way" to minimize technical support calls. And once tech support is needed, they know that the computer is in a specific configuration and it's easier to troubleshoot. It's really that easy. If you don't believe it, put a bridge between the computer and the modem and capture the traffic.
I'd love to know your secret for using YouTube and Google Video... On my machines, the the Flash player will load up, but the video simply will never play. When I do manage to play it (through mplayer, usually) it loses synch very quickly.
What plugin do you use to play it? What browser/distro?
I don't think it's DVDs that are the problem, though. The type of people in this article probably use their DVD players for that.
No, it's the other multimedia, I think. The Google Video, You Tube, a few flash/shockwave games... That's the real killer, in my opinion. Stuff that Just Works in Windows or OS X but which simply doesn't in Linux. I usually download and convert if there's a YouTube I want to watch--but that's not what everyone would do.
So you're willing to play the definitions game until you're proven wrong?
Driving off without paying for your repairs is probably a contract violation. The US and some other countries might call it "theft of service"--the additional clause added because it is not theft by the classical definition, nor by the definition you were so quick and smug to point out to the other poster.
I'm not arguing for the sake of arguing, though. I'm arguing for the sake of precision. The very point the original poster was talking about, albeit he was wrong, too. Precision is necessary in law and legal language, or else you end up with wide-open laws like the DMCA. Lack of precision results in spin, something politicians love to use to influence the public. I consider it detestable.
And let's face it. Despite still being illegal, copying a song illegally isn't nearly as bad as most other forms of theft, where the rightful owner actually no longer possesses the object. You know it and I know it. And yet they're trying to get 10 year penalties for attempting to break copy protection controls.
The first definition of "property" is "Something owned; a possession." If you drive off without paying, you are not "feloniously taking" "something owned" unless they have installed parts into your car for which you have not paid.
I don't think QTAlt and RealAlt are legal programs.
Anything that requires direct access to physical hardware is probably going to require superuser access. This is true for Linux, as well (can't burn CDs unless you've got write permission to the drive...)
Installing mp3 software? Well yeah, that software probably included malware that needed SU. So the software is going to say it needs SU. Even if it didn't, did he change the install path to somewhere other than Program Files? Gotta have SU to write to that directory, right? Maybe it adds DLLs or something--c:\windows is (or should be) protected.
I use Windows fairly extensively and I don't run as SU. I rarely have to use RunAs--it's almost exclusively limited to installing software and/or accessing physical hardware. Just about everything else I install will work just fine when run as a normal user.
The biggest difference between this and the Linux world is that usually you can change the install path in the Linux world. I can compile and install to/home/sancho/opt without a problem. It's much more common for a Windows installer to require installing files to certain protected directories. This is inflexible and bad, but not quite the hole-ridden view you present.
I like ubuntu's approach. Everyone lives in a limited account, and you must SUDO in order to do anything dangerous. Ahhhh.... simplicity.
Yes. Instead of training you to click "Ok" to do anything, train them to enter their passwords every time. Lovely.
Windows does have something like this, however. Right-clicking on an executable ought to bring up a "Run as" option. For many Setup executables, Windows will automatically bring up this dialog box if you run it under a limited account.
Their network supports 65,534 hosts, not including the RFC1918 addresses. That's a lot for a flat file. Also, a flat file will have no format restrictions (people might not be consistent in their edits) and will not be able to do any error checking (mistype an IP/subnet/whatever and you may not notice for a long time afterward, with potentially cascading effects).
Also, some IP management products integrate with DHCP, DNS, or both, providing automatic updates as they are entered into the management software. Now you only have to make one change which will automatically propagate throughout the system and keep logs of the changes (including which administrator made the change).
Interesting, but how is this more secure than sshing to the box as a regular user and using sudo? Isn't key management in this form harder than editing the sudoers file? Imagine a situation with 10 administrators--you either need 10 keys (one per administrator) per command or you need one key per command and revokation/redistribution of keys whenever you need to revoke access to a command.
ssh keys, or kerberos can give the same advantages. Allowing root password ssh logins is just stupid.
How do ssh keys allow you to restrict the commands that can be used?
As for the sudo advisories.... well 8 in five years isn't all that bad, and most of them are somewhat common sense (let someone execute a scripting language and yeah, it's probably going to be somewhat insecure).
I got a PPC-6700--one of the reasons I wanted it was ssh.
I have to say, in general, the offerings are pretty disappointing. PocketPutty can't save sessions, so you're typing in a lot of the same information every time you want to connect. Also, I didn't see an immediately obvious way to send ESC events (for example).
mToken is pretty nice, though pricey. "Scripting" is completely unintuitive, but if you work at it, I understand you can get single-button CTRL-A events sent (for use with Screen). It supports multiple font sizes, which is nice (you can get an 80x24 terminal on the screen without scroll bars). If you do want scroll bars, you're stuck with 80x25 or greater, which irritated me.
I ended up buying and using PockeTTY because it was cheap and did almost everything I wanted. It only supports plain password authentication (had problems with PAM for some reason) and public key--which was fine for me. It supports port forwarding, which I use to tunnel my IMAP connection, and it saves sessions. It only has a single font size, so an 80x24 terminal will have scroll bars.
Keep in mind that any program you use will take awhile to negotiate the connection, and the connection will be a little slow (mostly due to encryption CPU overhead) and will really destroy your battery life (I can barely get more than an hour if I leave SSH connected). I ended up setting up OPIE (FreeBSD's s/key equivalent) and using telnet for most operations. I still use SSH when I need to port forward or do things which require an encrypted connection (bouncing from one host to another, for example, when I don't want my passwords to be sniffable), but most of the time, I'm happy enough with the one-time passwords and increased speed.
Here's my line of thinking when I posed that question:
Ok, this guy's trying to refute this guy who claims that Marvel didn't coin the term "Superhero." However, all he says is that Superman was created in 1938. This doesn't directly refute the claim because "Superman" isn't the same as "Superhero". Now a couple of things are possible here:
1) He knows that they called him a superhero, but failed to mention it in his post. In this case, asking the question points out that this piece of information which is vital to connecting the argument was missing, which a) gives me the answer without any expended effort searching and b) might help that poster make better and more informative posts in the future, or
2) He doesn't know or knows that Superman wasn't called a superhero, at which point my question becomes a rhetorical refutation of his post. In this instance, I care less about the actual answer and more about pointing out the mistake in the post, as is fairly common on Slashdot anyway, as well as deflecting another attempt to post a true fact in order to create the impression that some other implication is true.
Ultimately, while I'm mildly curious to know whether or not Superman was called a superhero pre-1942, my curiousity doesn't extend to searching for some piece of evidence on the Internet to support that claim. You made the assertion without the key fact that makes it true, so it's not all that unreasonable to ask you to back up your implied claim. So if conversation is stimulated by my question and I happen to find out the answer, great. If not, well frankly, my life isn't going to be less complete.
In DirecTV's defense, the brief snippet I read (TFA wasn't must of an FA) did not indicate who accessed the site--only "associates of DirecTV". Was it their lawyers? Should DirecTV fire their lawyers, with whom they have a huge, long working relationship and start over because they went against the spirit of an "agreement" with a website in the name of protecting their client? It's a moral question and one to which their is no answer, but my question to you is this: Is there a difference between someone acting on the behalf of DirecTV accessing that site and the president of DirecTV accessing that site? How far removed must a person be from DirecTV before you feel that DirecTV is immoral due to the actions detailed in this suit?
The actions by those kids could probably be construed as damaging, which the OP already said was illegal. A small US example would be allowing people to walk through your yard (presuming it isn't fenced in--I'm not sure how the laws apply to a fenced in forest in Finland.) Do you throw a fit every time someone strolls through your yard on the way to another destination? Do you kick them off your property if they walk up to take a look at your rosebushes?
I think the Finn way is a nicer way to live, and honestly, it's closer to the spirit if free software than the American property ideal.
...unless you are blind. Some sites have alternate audio versions for the vision-impaired, but it's still a problem.
And even if you aren't blind, I've run into many a captcha that I couldn't decipher. Poorly designed sites may delete the entire content of your post if you fail the captcha, but I guess that's a design issue for another topic.
Was this somehow posted to the wrong story?
Testing "all possible states" is virtually impossible. That means testing every value for every variable your program uses. Even if you don't go that far, but test every possible input instead, for all but the most trivial programs, this is going to take forever. Anything which parses arbitrary input (grep, for example?) certainly cannot be tested in this manner as the set of all possible input is infinite. Other forms of input might be constrainable, but testing all possible input could still take years.
And that's assuming the libraries and OS you're using are perfect.
This also all assumes that the hardware is without error. Leaking capacitors can change the 'correctness' of the hardware over time, meaning that your software no longer interfaces with something which is "to spec".
Just FYI, sugar doesn't kill an engine.
:)
But your argument is certainly reasonable otherwise
Maybe I'm cynical, but I imagine a signed document will pop up eventually.
I believe that is the point. Consider, however, the implications of the government requiring all ISPs to use the network monitoring technology. All traffic would be kept, and could be correlated. If your particular Tor connection happened to stay completely within the US, they could still track everything you did. If they got help from other countries, they might still be able to track you.
Never attribute to malice that which is adequately explained through ignorance/stupidity. Or the bottom line.
The reason they want those CDs installed is to make sure your computer is set up "the right way" to minimize technical support calls. And once tech support is needed, they know that the computer is in a specific configuration and it's easier to troubleshoot. It's really that easy. If you don't believe it, put a bridge between the computer and the modem and capture the traffic.
I'd love to know your secret for using YouTube and Google Video... On my machines, the the Flash player will load up, but the video simply will never play. When I do manage to play it (through mplayer, usually) it loses synch very quickly.
What plugin do you use to play it? What browser/distro?
I don't think it's DVDs that are the problem, though. The type of people in this article probably use their DVD players for that.
No, it's the other multimedia, I think. The Google Video, You Tube, a few flash/shockwave games... That's the real killer, in my opinion. Stuff that Just Works in Windows or OS X but which simply doesn't in Linux. I usually download and convert if there's a YouTube I want to watch--but that's not what everyone would do.
So you're willing to play the definitions game until you're proven wrong?
Driving off without paying for your repairs is probably a contract violation. The US and some other countries might call it "theft of service"--the additional clause added because it is not theft by the classical definition, nor by the definition you were so quick and smug to point out to the other poster.
I'm not arguing for the sake of arguing, though. I'm arguing for the sake of precision. The very point the original poster was talking about, albeit he was wrong, too. Precision is necessary in law and legal language, or else you end up with wide-open laws like the DMCA. Lack of precision results in spin, something politicians love to use to influence the public. I consider it detestable.
And let's face it. Despite still being illegal, copying a song illegally isn't nearly as bad as most other forms of theft, where the rightful owner actually no longer possesses the object. You know it and I know it. And yet they're trying to get 10 year penalties for attempting to break copy protection controls.
The first definition of "property" is "Something owned; a possession." If you drive off without paying, you are not "feloniously taking" "something owned" unless they have installed parts into your car for which you have not paid.
I don't think QTAlt and RealAlt are legal programs.
Anything that requires direct access to physical hardware is probably going to require superuser access. This is true for Linux, as well (can't burn CDs unless you've got write permission to the drive...)
Installing mp3 software? Well yeah, that software probably included malware that needed SU. So the software is going to say it needs SU. Even if it didn't, did he change the install path to somewhere other than Program Files? Gotta have SU to write to that directory, right? Maybe it adds DLLs or something--c:\windows is (or should be) protected.
I use Windows fairly extensively and I don't run as SU. I rarely have to use RunAs--it's almost exclusively limited to installing software and/or accessing physical hardware. Just about everything else I install will work just fine when run as a normal user.
The biggest difference between this and the Linux world is that usually you can change the install path in the Linux world. I can compile and install to
I like ubuntu's approach. Everyone lives in a limited account, and you must SUDO in order to do anything dangerous. Ahhhh.... simplicity.
Yes. Instead of training you to click "Ok" to do anything, train them to enter their passwords every time. Lovely.
Windows does have something like this, however. Right-clicking on an executable ought to bring up a "Run as" option. For many Setup executables, Windows will automatically bring up this dialog box if you run it under a limited account.
Except that they can track and prosecute people who aren't doing it on a private (University) LAN.
Because right now they make money on ads and DVD sales. In your scenario, they'd only make money off of DVD sales--a clear drop in revenue.
Their network supports 65,534 hosts, not including the RFC1918 addresses. That's a lot for a flat file. Also, a flat file will have no format restrictions (people might not be consistent in their edits) and will not be able to do any error checking (mistype an IP/subnet/whatever and you may not notice for a long time afterward, with potentially cascading effects).
Also, some IP management products integrate with DHCP, DNS, or both, providing automatic updates as they are entered into the management software. Now you only have to make one change which will automatically propagate throughout the system and keep logs of the changes (including which administrator made the change).
Glancing at the headline, I thought they might have upgraded Pocket IE :( I was sadly mistaken.
Interesting, but how is this more secure than sshing to the box as a regular user and using sudo? Isn't key management in this form harder than editing the sudoers file? Imagine a situation with 10 administrators--you either need 10 keys (one per administrator) per command or you need one key per command and revokation/redistribution of keys whenever you need to revoke access to a command.
ssh keys, or kerberos can give the same advantages. Allowing root password ssh logins is just stupid.
How do ssh keys allow you to restrict the commands that can be used?
As for the sudo advisories.... well 8 in five years isn't all that bad, and most of them are somewhat common sense (let someone execute a scripting language and yeah, it's probably going to be somewhat insecure).
One more thing--don't expect the source to PocketPutty. Although the author's webpage promises the source soon, it's been that way for awhile.
I got a PPC-6700--one of the reasons I wanted it was ssh.
I have to say, in general, the offerings are pretty disappointing. PocketPutty can't save sessions, so you're typing in a lot of the same information every time you want to connect. Also, I didn't see an immediately obvious way to send ESC events (for example).
mToken is pretty nice, though pricey. "Scripting" is completely unintuitive, but if you work at it, I understand you can get single-button CTRL-A events sent (for use with Screen). It supports multiple font sizes, which is nice (you can get an 80x24 terminal on the screen without scroll bars). If you do want scroll bars, you're stuck with 80x25 or greater, which irritated me.
I ended up buying and using PockeTTY because it was cheap and did almost everything I wanted. It only supports plain password authentication (had problems with PAM for some reason) and public key--which was fine for me. It supports port forwarding, which I use to tunnel my IMAP connection, and it saves sessions. It only has a single font size, so an 80x24 terminal will have scroll bars.
Keep in mind that any program you use will take awhile to negotiate the connection, and the connection will be a little slow (mostly due to encryption CPU overhead) and will really destroy your battery life (I can barely get more than an hour if I leave SSH connected). I ended up setting up OPIE (FreeBSD's s/key equivalent) and using telnet for most operations. I still use SSH when I need to port forward or do things which require an encrypted connection (bouncing from one host to another, for example, when I don't want my passwords to be sniffable), but most of the time, I'm happy enough with the one-time passwords and increased speed.
Here's my line of thinking when I posed that question:
Ok, this guy's trying to refute this guy who claims that Marvel didn't coin the term "Superhero." However, all he says is that Superman was created in 1938. This doesn't directly refute the claim because "Superman" isn't the same as "Superhero". Now a couple of things are possible here:
1) He knows that they called him a superhero, but failed to mention it in his post. In this case, asking the question points out that this piece of information which is vital to connecting the argument was missing, which a) gives me the answer without any expended effort searching and b) might help that poster make better and more informative posts in the future, or
2) He doesn't know or knows that Superman wasn't called a superhero, at which point my question becomes a rhetorical refutation of his post. In this instance, I care less about the actual answer and more about pointing out the mistake in the post, as is fairly common on Slashdot anyway, as well as deflecting another attempt to post a true fact in order to create the impression that some other implication is true.
Ultimately, while I'm mildly curious to know whether or not Superman was called a superhero pre-1942, my curiousity doesn't extend to searching for some piece of evidence on the Internet to support that claim. You made the assertion without the key fact that makes it true, so it's not all that unreasonable to ask you to back up your implied claim. So if conversation is stimulated by my question and I happen to find out the answer, great. If not, well frankly, my life isn't going to be less complete.
Was he referred to as a "superhero(tm)" at that time?