Nope, the tax applies to all recordable CDs, the rate varies. I think it's pretty low for most media (like $0.08 or something) but if you buy media specifically marked for audio use, it's much higher.
False. The System Idle process isn't actually a real thread, it performs no cycles and the CPU is allowed to perform a HLT instruction.
Many CPUs have power saving capability, it's a matter of correct configuration in the bios and OS. For example, my dual Celerons (not the FCPPGA Celeron 2s, but the original PPGA) do a very nice power saving operation under Win2K with ACPI enabled in the bios. Temperatures go down significantly...nice for hot days. I stopped running RC5 for just this reason.
He did talk to the FBI, they required proof of >$5000 damage, plus they would prioritize based on damage, and were extremely busy. Hence, not a snowball's chance in hell of prosecuting.
Ummm...UDP and ICMP don't use SYN/ACKs. Hence Syncookies would have been useless here. Perhaps you should have looked less at the pictures and read the article.
I disagree...a surprising number of the honey-pot articles I've read contain references to the crackers using Unix/Linux.
While command line tools aren't favored by the BackOrfice/GUI crowd, there's also the opportunity for somebody to create a fairly automated script to exploit any well known vulnerabilities...(eg. ADM's named/bind exploits).
The article is a bit OT in pointing these out as specific SSL/SSH vulnerabilities...man-in-the-middle attacks can be done with just about any protocol. It really just points out that encryption is no holy-grail.
Our highschool (Nova Scotia) had 386s across the board at least, but the computer courses were essentially glorified word-processing. Not a thing about programming, etc (course, it's not like our school-board would have wanted to pay for a programming language).
And I remember when I got to UNB here, the first couple programs were pretty lame Modula-2 crap. Man, talk about skull-bangingly boring, least the later students got to program games and stuff in Java.
I think the whole paragraph you wrote was very well written, it brings together a number of points that seem to escape many/. readers. I especially get irritated by the readers who insist that software/art/ideas should be free, as if the effort put into their creation doesn't require/need any return.
But on the other hand, free speech is just as important. The post you are replying to points out hypocrisy of/.ers who rant and rave over GPL violations but see nothing wrong with pirating anything and everything under the sun, claiming it's free speech.
I also find the hypocrisy absurd. I friend of mine repeatedly quotes "I'd pay a reasonable fee for music, movies, and sort of art", yet he downloads gobs of music off Napster, and the last time I mentioned buying a cd he said "I haven't bought a cd in years!". It pretty much seems to be a "I'm fighting for free speech", but since I can get it for free, I'm also going to pirate it.
The way I see it, nothing can reasonably be expected for free, at some point, somebody's effort goes into it, creating an intrinsic value that would need compensation. The problem with the RIAA and music corporations is that they artifically inflate the value of their merchandise, and attempt to monopolize their respective markets.
Fight for lower music/movie/art prices, fight for fairer supply/demand markets, but don't just use "free speech" as an excuse to pirate music cause you're cheap. Course, the standard rule applies "In any group, half the people don't have a clue", and I'm guessing that applies to/. as much as anywhere else. [that's not trolling, that's the truth]
Hate to say "me too", but I recall this as being factual also. Don't remember where I read it, but I do recall the "print, export as text, scan & OCR" methodology.
Perhaps the reason this doesn't apply is because the US DOD classifies encryption software as munitions, not encryption techniques/information. It's not so much because of free speach. Shrug, conjecture tho.
What?!?! You don't have a stack of old diesel sub batteries as an UPS for when your local power utility screws the pooch? And of course, you'd have a backup Internet connection, like satellite or laser link to the nearest location powered by "the other guys".
And of course the "pirst fost"'ers would have twice as much stuff to do their dirty work...
Perhaps I should have stated cracking & sniffing together...which although has no data loss, is still a malicious act (in that it generally leads to password compromises etc). Just because somebody compromised your box and only sniffed stuff is no reason to not prosecute them.
Sniffing has its place as a valid administrative tool, but so does exploiting, hacking, deep scanning, etc. Running a ICMP ping flood script against your own server has a valid role, but running it against Yahoo is malicious IMHO. I think you can apply similar qualifications to sniffing...
Sorry if I seemed a little anal with the sniffing bit...I just included it because it is an action that many scr1pt k1dd135 take on cracked boxen.
Yep, but I'm assuming that any damage that risks lives is already hunted down ASAP.
Standard rule of risk analysis seems to be: Human Life Risk, Financial Loss (data corruption/loss), Privacy, etc...
But from what I've heard, nobody seems to care about tracking down crackers unless it involves the first two...I'm merely suggesting that Financial loss (and life risks of course) shouldn't be the stopping point. (you can order them whatever way you feel...just hunt the fsckers down.)
Yeah, but why does it have to be released to the general public? Send any source code that verifies/debugs an exploit to the manufacturer, and just release a description to the public. If the manufacturer doesn't respond after a period, release a snippit to show the problem.
My problem is with the pre-written, ready to make/execute "demo" code. And if people won't believe that an exploit exists, send a copy to CERT or something, don't post it to USENET...
Yes, the information has to get out, but don't hand a gun to everyone to show them that your bulletproof vest has a hole in it...
1. I have a door with a broken lock, but don't know about it. Burgu13r001 finds how to jimmy it, and can now enter my house...very bad...
2. I have a door with a broken lock, but don't know about it. (Grey,White)Hat001 finds out how to jimmy it, and posts an article in the newspaper about the flaw, as well as a copy of the masterkey it requires...very bad...
3. I have a door with a broken lock, but don't know about it. (Grey,White)Hat001 finds out how to jimmy it, and posts an article in the newspaper about the flaw. He sends a copy of the masterkey to the company to help them fix the lock, and perhaps releases the key at a later date so the problem can be publicly analyzed to ensure it doesn't happen again. If lock company SmallSupple decides to not do anything, after a reasonable period, the key should be released so that other (Grey,White)Hats can try to develop fixes/IDS fingerprints.
I dunno, that sounds more reasonable then what some people do...IMHO.
Full disclosure helps, but in some cases is too extreme, does source code for a particular exploit really need to be published? In reality, when an exploit surfaces, it should be publicised, but not in detail. This would give reputable companies time to fix it (presuming the finder gave details to the company and perhaps a handful of reputable security experts who might be able to create a workaround plus IDS fingerprints).
Egress filtering. Yep, it's argued earlier in the iTrace story...but it is a good idea. Perhaps a mandatory requirement that no ISP passes traffic that isn't in there IP allocation. (there is *no* good reason for routing somebody else's IPs, right?). Yeah, there might be an issue with speed of filtering, but it really is the only way to prevent havoc. (oh, and iTrace is a step in the right direction too...at least a temporary one)
Malicious activity should be viewed as just that. DoS'ing, cracking, exploiting, rooting, sniffing should all be classified as illegal, and penalties must be established. Although the cost of tracking down perpetrators is high, the increasing number of these l337 scr1p7 k1dd13s is only going to cause more and more financial loss, especially as the Internet becomes more ingrained in society. Cracking system (even if there is no financial loss) should still be viewed as the intrusive crime that it is, and should be prosecuted. (of course, that's very difficult across borders, but something *must* be done...)
Relying on obscurity to provide any level of security is a bad idea. There are talented people who can find flaws in any closed system, given enough time and effort. But this is no excuse to start handing out information that doesn't need to become public. A source code example isn't required to demonstrate a flaw to the public, so it doesn't need to be distributed.
I believe (I read the article yesterday) that they mention that a menthod of verifying the iTrace ICMP messages will be developed (some sort of PKI perhaps?)
The majority of infamous DDoS's are against webservers, but don't rely upon the site running a http daemon. A large number of DoS attacks are attacking the host machine and it's TCPIP implmentation, eg SYN attacks, ICMP ping floods being echoed off of subnets. Fixing webservers will not stop DDoS attacks.
And what's up with there cooperation with Palm? Does anybody know if they're getting finanical renumeration? Or is the cooperation leading to some sort of Apple webpad/palm computer/wearable?
I'm willing to bet that people like you are the exception (at least in my personal, limited experience). And yes, I'd consider what you do "fair use". I personally dump some of my CDs to minidisc to take to work with me.
Course, if you then share the whole archive publiclly...that's different.
Ummmm....who's to say a "legit" company (well, one with a real product) won't take your email address and sell it to spammers? Get a hotmail address for this kinda crap.
Slashdot Mirror
Nope, the tax applies to all recordable CDs, the rate varies. I think it's pretty low for most media (like $0.08 or something) but if you buy media specifically marked for audio use, it's much higher.
Many CPUs have power saving capability, it's a matter of correct configuration in the bios and OS. For example, my dual Celerons (not the FCPPGA Celeron 2s, but the original PPGA) do a very nice power saving operation under Win2K with ACPI enabled in the bios. Temperatures go down significantly...nice for hot days. I stopped running RC5 for just this reason.
He did talk to the FBI, they required proof of >$5000 damage, plus they would prioritize based on damage, and were extremely busy. Hence, not a snowball's chance in hell of prosecuting.
Ummm...UDP and ICMP don't use SYN/ACKs. Hence Syncookies would have been useless here. Perhaps you should have looked less at the pictures and read the article.
~72000 km round trip.
c= ~300,000 km/s
t=72000/300,000 = 240 ms
While command line tools aren't favored by the BackOrfice/GUI crowd, there's also the opportunity for somebody to create a fairly automated script to exploit any well known vulnerabilities...(eg. ADM's named/bind exploits).
The article is a bit OT in pointing these out as specific SSL/SSH vulnerabilities...man-in-the-middle attacks can be done with just about any protocol. It really just points out that encryption is no holy-grail.
Didn't read the article?
The article doesn't have anything to do with cracking SSL/SSH encryption, but discusses the classic man-in-the-middle attack.
Being as there has been an ssh client for Palm for ages...I'd guess no problem. (if the 16Mhz Palm can ssh, anything can...)
Our highschool (Nova Scotia) had 386s across the board at least, but the computer courses were essentially glorified word-processing. Not a thing about programming, etc (course, it's not like our school-board would have wanted to pay for a programming language).
And I remember when I got to UNB here, the first couple programs were pretty lame Modula-2 crap. Man, talk about skull-bangingly boring, least the later students got to program games and stuff in Java.
I especially get irritated by the readers who insist that software/art/ideas should be free, as if the effort put into their creation doesn't require/need any return.
But on the other hand, free speech is just as important. The post you are replying to points out hypocrisy of /.ers who rant and rave over GPL violations but see nothing wrong with pirating anything and everything under the sun, claiming it's free speech.
I also find the hypocrisy absurd. I friend of mine repeatedly quotes "I'd pay a reasonable fee for music, movies, and sort of art", yet he downloads gobs of music off Napster, and the last time I mentioned buying a cd he said "I haven't bought a cd in years!". It pretty much seems to be a "I'm fighting for free speech", but since I can get it for free, I'm also going to pirate it.
The way I see it, nothing can reasonably be expected for free, at some point, somebody's effort goes into it, creating an intrinsic value that would need compensation. The problem with the RIAA and music corporations is that they artifically inflate the value of their merchandise, and attempt to monopolize their respective markets.
Fight for lower music/movie/art prices, fight for fairer supply/demand markets, but don't just use "free speech" as an excuse to pirate music cause you're cheap. /. as much as anywhere else.
Course, the standard rule applies "In any group, half the people don't have a clue", and I'm guessing that applies to
[that's not trolling, that's the truth]
Perhaps the reason this doesn't apply is because the US DOD classifies encryption software as munitions, not encryption techniques/information. It's not so much because of free speach. Shrug, conjecture tho.
I attached a keyboard to my mouse...104 "buttons", plus the three that were there before... :P
Only for the initial publicity gathering, once the song/artist has reached critical mass, they drop that in favor of receiving their license fees.
And of course the "pirst fost"'ers would have twice as much stuff to do their dirty work...
Yeah, but one thinks in cm, the other in inches, and they like to co-operate....
Sniffing has its place as a valid administrative tool, but so does exploiting, hacking, deep scanning, etc. Running a ICMP ping flood script against your own server has a valid role, but running it against Yahoo is malicious IMHO. I think you can apply similar qualifications to sniffing...
Sorry if I seemed a little anal with the sniffing bit...I just included it because it is an action that many scr1pt k1dd135 take on cracked boxen.
Standard rule of risk analysis seems to be: Human Life Risk, Financial Loss (data corruption/loss), Privacy, etc...
But from what I've heard, nobody seems to care about tracking down crackers unless it involves the first two...I'm merely suggesting that Financial loss (and life risks of course) shouldn't be the stopping point. (you can order them whatever way you feel...just hunt the fsckers down.)
My problem is with the pre-written, ready to make/execute "demo" code. And if people won't believe that an exploit exists, send a copy to CERT or something, don't post it to USENET...
Yes, the information has to get out, but don't hand a gun to everyone to show them that your bulletproof vest has a hole in it...
1. I have a door with a broken lock, but don't know about it. Burgu13r001 finds how to jimmy it, and can now enter my house...very bad...
2. I have a door with a broken lock, but don't know about it. (Grey,White)Hat001 finds out how to jimmy it, and posts an article in the newspaper about the flaw, as well as a copy of the masterkey it requires...very bad...
3. I have a door with a broken lock, but don't know about it. (Grey,White)Hat001 finds out how to jimmy it, and posts an article in the newspaper about the flaw. He sends a copy of the masterkey to the company to help them fix the lock, and perhaps releases the key at a later date so the problem can be publicly analyzed to ensure it doesn't happen again. If lock company SmallSupple decides to not do anything, after a reasonable period, the key should be released so that other (Grey,White)Hats can try to develop fixes/IDS fingerprints.
I dunno, that sounds more reasonable then what some people do...IMHO.
Egress filtering. Yep, it's argued earlier in the iTrace story...but it is a good idea. Perhaps a mandatory requirement that no ISP passes traffic that isn't in there IP allocation. (there is *no* good reason for routing somebody else's IPs, right?). Yeah, there might be an issue with speed of filtering, but it really is the only way to prevent havoc. (oh, and iTrace is a step in the right direction too...at least a temporary one)
Malicious activity should be viewed as just that. DoS'ing, cracking, exploiting, rooting, sniffing should all be classified as illegal, and penalties must be established. Although the cost of tracking down perpetrators is high, the increasing number of these l337 scr1p7 k1dd13s is only going to cause more and more financial loss, especially as the Internet becomes more ingrained in society. Cracking system (even if there is no financial loss) should still be viewed as the intrusive crime that it is, and should be prosecuted. (of course, that's very difficult across borders, but something *must* be done...)
Relying on obscurity to provide any level of security is a bad idea. There are talented people who can find flaws in any closed system, given enough time and effort. But this is no excuse to start handing out information that doesn't need to become public. A source code example isn't required to demonstrate a flaw to the public, so it doesn't need to be distributed.
I believe (I read the article yesterday) that they mention that a menthod of verifying the iTrace ICMP messages will be developed (some sort of PKI perhaps?)
The majority of infamous DDoS's are against webservers, but don't rely upon the site running a http daemon. A large number of DoS attacks are attacking the host machine and it's TCPIP implmentation, eg SYN attacks, ICMP ping floods being echoed off of subnets.
Fixing webservers will not stop DDoS attacks.
And what's up with there cooperation with Palm? Does anybody know if they're getting finanical renumeration? Or is the cooperation leading to some sort of Apple webpad/palm computer/wearable?
Course, if you then share the whole archive publiclly...that's different.
Ummmm....who's to say a "legit" company (well, one with a real product) won't take your email address and sell it to spammers? Get a hotmail address for this kinda crap.