When I first got the fool thing, I changed
the IP address it responded to. At the moment,
my particular modem has the address 10.1.2.1/24.
Guess what? That particular subnet is not accessible through my ISP (net 10 is blocked) and I don't have any other system with that subnet defined.
When I want to play, I define a second net address on my Linux firewall to create an interface on that port, and manually update the router tables accordingly.
I wonder how many people have tried to find my Alcatel 1000?
This was the words out of the mouth of a MSCE when I had set up an office environment with network 10. Because the office was rather large, I had thought to use 10.0.0.x/24 for the main office network and 10.0.1.x/24 for the lab. When DSL testing was to go in, the DSL and LAN lab would use 10.0.[234].x/24 for primary DSL, primary LAN, and secondary LAN.
I took the advice, and selected 10.1.[1234].0/24, and things worked swell.
This proved to be excellent advice when we started testing with Cisco router-access servers, because those things do NOT like a zero in any quad. With 10.1.1.0/24, though, everything worked great.
I now continue that practice, using 10.1.1.0/24 for any small private network I set up. Because the gateway to the Internet uses NAT, I'm not concerned about what the numbering is on the other side. In any case, every firewall is configured to not forward the private network addresses.
This works with NT, 2K, 98, 95, 3.1, and Linux. Not to mention BDS, Ascend, Cisco, USRobotics Total Control, Portmaster, and other RAS brands.
I'm a consultant and free-lance writer, so I don't have any big-company bias. I've read all the links associated with this article, at least as much as I was able to in the limited time I devote to/. reading. So let's review the bidding, shall we?
Randell Schwartz went beyond the scope of his existing contracts in search of additional business. In doing so, he appears to have violated Intel policy regarding usage of Intel property. As far as I can tell from the information in the links, no one contests Intel's factual report on the matter. (That conclusion is subject to further review and comment.)
Intel admits that the usual response to violations of their security policy is to fire the "employee" that commits the breach. The fact that Mr. Schwartz's contact was at end of term means that Intel would need to do nothing (i.e., not renew) to effect this remedy. From my reading of the comments here, the conclusion of./ is that this is as far as it should have gone.
Intel decided that the security breach was severe enough (perhaps because ora.com was involved as well? Because this wasn't the first time Mr. Schwartz did this?) that Intel filed a criminal complaint. The criminal complaint was quite specific as to what Mr. Schwartz did.
The State of Oregon decided to procecute Mr. Schwartz, and accepted the aid of Intel employees in creating its case. The exact manner of this "help" is not clear based on the information available in a short time, but it does appear that Intel employees went beyond the role of "witness" in this aid.
Mr. Schwartz was convicted by a jury.
The conviction itself was upheld on appeal.
Unlike other people of opinion on/., I disagree that the Oregon law as envisioned by the Oregon legislature is overbroad, but that the lax definition of terms is what makes the law appear overbroad. In this particular case, given the usual level of knowledge by state law enforcement in 1993 of matters computer, it's not surprising that the State of Oregon decided to prosecute. It was the use of this law in the first place by the prosecutors that leaves me cold. According to my own experiences, the proper place to prosecute this case would be in civil court, if Intel felt that it has sustained substantial loss because of Mr. Schwartz's actions.
Lessons to be learned
Your client is not your friend. Your client is not to be trusted to "do the right thing". Therefore, in all written consulting contracts, state that any disputes arising from the execution from the contract, including any alledged criminal conduct alledged by either party, shall first be submitted to arbitration.
If someone in your client company "asks you for a favor" insist that the employee write you a letter formally asking you to perform that favor. One of the gray areas in this case had to do with whether Mr. Schwartz had authorization to do what he did, so make sure you have sufficient proof that you as the contractor believed you had authorization. Such letters should be channeled through your primary contact.
If part of your contract involves tightening up security, ensure the contract includes clauses authorizing you to perform the operations required to test and measure security. Make sure this clause is as specific as possible. Name program names, if you have favorates. This is an amplification of the authorization point above.
Don't communicate with the company with a company-provided and -administered e-mail account, EVER. Your contract should specify that all electronic mail communications shall be sent to your personal e-mail account, and that only communications from your e-mail account shall be considered to be from you. Negotiate appropriate SMTP access for contracts involving on-site activities, and also get them to agree that traffic to and from your personal e-mail account is owned by you and not the company.
As much as possible, use your own equipment to perform work for your client. The only time you should use client-provided equipment is when there is no alternative; e.g. you have to use a proprietary ICE as part of your work. Consider renting equipment that you will use under your own name (reimbursed under invoice by your client) so that YOU, not the client, owns any data generated by the instrument or equipment. Alternatively, specify in your contract that you own all data until you have received payment from the client.
Your contract should also specify what use you may use of company computing resources, including network connectivity. Insist that you be able to use their resources for your e-mail, for Web browsing for the purpose of research, and for any other application that you feel necessary to perform your duty for your client company. If your contract calls for you to be on-site during specific hours, as opposed to being on site only when performing specific tasks, your contract should also specify that you may make reasonable recreational use of their network resources.
Ensure your contract identifies a single individual as your point of contact. Insist that all company requests be funnelled through that single individual. Even better, have the contract specify a primary and an alternate, with specifics as to when the alternate may take the place of the primary. Your reports on your activities goes to your primary (or alternate). Any delegation of contact responsibility needs to be in the form of a letter from your primary -- accept nothing less.
Disclaimer: I am not a lawyer, nor do I play one on stage or screen.
That line of reasoning would make Burger King liable if someone set up a drug deal while eating a Whopper in the restaurant.
Perhaps the better analogy would be that a perp buys a Whopper(r) sandwich, inserts poison, and kills a person by presenting that Whopper(r) sandwich to the victim. Burger King would be an accessory to murder by providing the medium used to pass the poison -- the above-mentioned Whopper(r) sandwich.
Common carriers are in the same situation as the above-mentioned fast food chain is in. It makes just as much sense to fine the ISP as it does to charge the restaurant for accessory.
For any keyboard system to be encrypted, you would need both hardware and either firmware or software support for it. Given the power of the CPUs put into keyboards, I don't think you would find strong enough encryption to be useful. After all, with a keyboard it's dead simple for a perp to run a known-plaintext attack on the keyboard.
Consider a laptop that you keep in your possession at all times, or lock in a safe when not in use.
Physical security is all-important with keyboards.
(And I hope this wasn't the last of the April Fool's Jokes -- they got old real fast this year.)
Not every single release requires one to download the tarball and rebuild the kernel...but for every release there is someone out there who wants the new feature or needs the bug fix and sees the advantage to take the time to upgrade. If we were to move to quarterly point releases, you would make a number of people mad.
For example, on some of the systems around here I'm still running 2.0.34, because those systems don't need the updates. The work gets done. Others are running 2.2.15 (soon to move to the latest 2.2 for security reasons). Not one of my servers is running a 2.4 -- yet -- because I don't think that the 2.4.x series has enough run time on it yet -- I tend to be conservative about upgrades. In other words, the 2.4.3 doesn't have something that I can't live without, so I let other early adopters (the people on the bleeding edge) scope out the system before I move to it on any of my boxes.
Does this sound to you like a variation on "If it ain't broke, don't fix it?" Good hearing...
Re:Oracle submits a laundry list of changes?
on
Preview Of Linux 2.5
·
· Score: 2
I read the laundry list in the article, and agreed with every single point. (No, I don't work for Oracle.) In fact, I'm surprised there weren't a couple of other items, such as the OOM killer problem that has consumed a lot of linux-kernel mail list space lately.
Everything Oracle asked for is bread-and-butter for high-performance database functions. If the PostgreSQL people had been at the summit, they would have asked for the same things. Another group that would benefit from the proposed changes would be real-time apps people, because several of the requests center around simplification of large-transfer requests.
As for resources, you can bet that Oracle people will be right in there testing the changes that are made, providing benchmark data, and perhaps submitting patches from time to time. I suspect, though, that they will leave the big-brush architecture work to the core people, so that the changes they want can be cleanly added to radditional changes requested by others, requests just as worthy for inclusion.
As for "what strings are attached," I suggest you read the GPL again...
Thank you, corky6921 and Michael, for the memory. Barlow's screed reminded me of my brush with the FBI in the NuPrometheus affair.
First, some background: I've been attending the Hacker's Conferences for more years than I care to admit, and my name and picture were included in the directory for the conference. At the time of NuPrometheus, I was working for InfoWorld magazine in some capacity or another. InfoWorld was one of the places that got the Color QuickDraw code. I'm located at Lake Tahoe, in Incline Village, Nevada, which means I'm out of the "Bay area" (with apologies to the Boston folks here, as well as other parts of the world that call themselves the "Bay area"). In other words, by Barlow's analysis I was a sure target for interview.
It took the FBI nearly a year before they got around to me. Like Barlow, my agent (whose name I cheerfully forgot when he retired two months later) was completely clueless. He read from a sheet sent by the SF office a list of 10 questions, and dutifully wrote down my answers. Then the agent put down his sheet, his pencil, and his ill manners and just started asking concept questions. It was three hours, with only the first 30 minutes being illness-making.
He was so far out of water it wasn't funny.
The SF office called me a week later to follow up on some of my answers; that call lasted all of 20 minutes. That's the last I've heard from the FBI, and it's been a decade since I heard the word NuPrometheus.
At least they didn't break down the door and cart all the electronics away.
As a long-time freelancer, I've noticed that there is a strange sameness to the freelancing contracts I'm told I have to sign in order to get assignments from magazines: I am required to hand over world-wide rights in any medium, present and future, for a lump sum.
Before? It was "first serial rights" plus possible inclusion in an anthology -- two bites at the apple by the publisher.
When the trend first started, the authors were getting higher payments to cover the additional usage, so the publishers were indeed paying for the further use. What has happened in the last few years is that freelance pay rates have been frozen, and the number of products continues to increase. Indeed, many of the webzines I looked to write for continue to demand worldwide rights, and pay virtually nothing.
(I'm not really concerned for myself -- my articles tend to have a very limited lifetime, so I'm not hurt as badly as others.)
Now, when all the publishers are demanding the same rights, there is a view that this is a form of trust, and the Department of Justice doesn't like it. There have been efforts to get someone in the US Government interested in this issue, so as to prevent the publishers from applying anti-competitive pressure on freelance writers to accept this giving up of worldwide rights.
One thing that I do with these contracts: I make the assignment effective when I receive payment, not immediately. If a publisher is not willing to accept that condition, then I don't write for them. It helps, especially when they start putting my unpaid articles up in their databases. It makes for interesting copyright cease-and-desist actions...
It may sound stupid, but the trend through four different Administrations (of the US Presidency) has been that employers have a right to anything on their networks, their equipment, and their building. So remember that anything on the company-purchased Palm, laptop, or desktop is (at least in a legal perspective) open to the boss.
DON'T use the company hardware/network/infrastructure for anything personal. DON'T accept a notebook or Palm from the company -- buy your own, and transfer your company stuff to company equipment on a regular basis.
That way, you avoid getting burned by workplace snooping.
I'm surprised, really surprised, that no one has brought up the observation that the law enforcement people will be VERY PISSED when they are unable to copy evidence from your computer.
How's that again, Satch?
When copy control becomes ubiquitious, as the entertainment content providers would like to become, you can create files with the copy controls in place. The only option the G-man would have is to take the device. Not too easy to do when the search is supposed to be stealth. Today, your average lawman could make a copy of the file to floppy, or ZIP, or whatever, and walk away with the victim none the wiser.
Put it in context with existing requests by the FBI and other law agencies: (1) undetectable wiretaps of phone, fax, Internet; (2) growth of "no-knock" warrants; and (3) advances in possession-releated statutes. What the FBI can't get through the front door of legislation they are trying to get through the back door of international treaty.
So what is Congress to do about this? Any back door will be utilized by unscrupulous people -- witness what happened to Clinton's favorite child, Clipper. Trying to prohibit ordinary people from owning equipment that can generate protected files just means that casual use is stopped, just as prohibitions on gun ownership in some cities of the US and some countries of the world stops only the honest people.
Ubiquitious copy-protection hardware. Good for ALL criminals. Those that claim alligience to The Godfather and those that claim alligience to the RIAA...
We already have software to prevent linking
on
Unwanted Linking
·
· Score: 4
I'm sorry, but I'm surprised that no one has already pointed out the obvious: if you don't want linking, there are several methods of preventing linking.
I am writing an active-server Web site using PHP (nothing special about PHP, it could be as easily done in PERL or C or, I suspect, Visual Basic) that does not carry state information in the URL. No state information in the URL, no deep linking or even "shallow" linking. Any link goes to the "front door".
When I first heard about the BBB demanding that people bring down links, I was under the impression that the BBB didn't want any links to their site at all. The example that was cited in the report, though, did deep linking into the BBB side, but did it in such a manner that there could be some confusion about the association between the site in question and the BBB.
A footnote: not all links are "bad" in the eyes of the BBB. If you are a member of the Better Business Bureau, you are allowed to have a link from your Web site to the BBB in the context of "we support the principles of the BBB" or some such.
When Canada and the United States wanted to harmonize the technical requirements for equipment that would be attached to the telephone systems in the two countries, they started and promoted an open forum for the exchange of ideas, of proposals, and of implementation techniques. The same process continues under the auspices of the International Telecommunications Union (ITU), again in the sunshine of open exchange. With the ITU, you may not have direct access, but you do have input through your country's standards-making process.
With this treaty, we have a branch of the United States government supported by taxpayer dollars acting as a "consultant" to a European treaty body without full knowledge and consent of the people footing the bill, let alone preventing citizens from having any input into what is proposed. In other words, the law enforcement arm of the Poster Boy For Democracy is engaging in secret talks that affect the bill-payers, and the results of that political end-run is made public only after the concrete has been poured and cured in the document.
Why was the FBI involvement kept secret? Why was there no notice before the United States sent its advisors to Europe?
Perhaps it is time for the EFF to use FIOA to get a record of who did what, and exactly what process was used to make this happen.
Just a small comment about RISC: in the
lower-end RISC computers, there is no hardware
to resolve resource collisions or perform
memory timing -- that's done by the compiler at
code generation time. If you are stupid enough
to try to use a register before it's been filled,
that's your tough luck. Ditto if you do a memory
access and you access the data register too soon,
or get "out of sync" with the memory clock.
I make no claim to having THE answer, but I put forward for your consideration this idea. First, some background:
On July 3, 1995, Time Magazine published its infamous cover story on Cyberporn. Written by Phillip Elmer-Dewitt, the story was based on a "study" done by CMU then-undergraduate Martin Rimm. (see this page for some details.)
A number of dead-tree journalists who haunted alt.internet.media-coverage got up in arms about the article. Rather than lamenting the follies of their brothers in reporting, they decided to do something about it. Thus was born the Internet Press Guild, a peer organization of journalists who work to provide assistance to any member of the working press who find themselves with an assignment to write about "The Internet." Membership in the IPG is open to any working press, regardless of publishing method. We have Slashdot/NewsForge/Andover people as members, for example. (Hi, Rob!)
The goal of the "organizaiton" is not to "judge", but rather to assist reporters and editors find sources that are useful and accurate, and to point them to information that can prevent them getting egg on their face.
(Disclosure: I'm one of the founding members, so salt to taste.)
I'm not pushing the IPG as a solution to improving Net journalism -- our focus has been on helping reporters and editors reporting ABOUT the Net in the dead-tree and glowing-phosper media. The point is that we are an Internet-based organization -- no conventions, no formal face-to-face meetings, and very low dues -- that is designed to provide peer help.
I suggest that a meeting-place for working Net journalists could provide the same benefit for the New Media that the IPG is currently providing to the Old Media.
Why must children in public libraries be able to view every piece of filth availible? They will be adults soon enough; then they
will be able to make adult choices. Until then, children need to be protected, though, not used as pawns in a libertarian game.
I grew up in northern New Jersey (spare me the condolences) and the library had a very simple rule: young children (under 13) could not enter the adult portion of the library without permission from their parents. That permission took the form of different library cards for children and for adults, and for children that had a permission slip on file they received an "adult" card (but with a number that identified the patron as a child).
This was enforced by the librarians requiring anyone in the adult portion of the library to show an appropriate library card or proof of age.
(I got one of those kid-adult cards when I was 9, because of my interest in electronics that couldn't be satisfied by what was in the kid's section. My parents were amused at first by the permission aspect, but they were told that part of the reason for the ban was to keep "noisy children" away from the grown-ups. No problem with me -- give me a good book and I was quiet for hours.)
I had a Windows system that went toes-up on me--apparently a virus had clobbered some of the Windows core executables and the system refused to boot. Reinstalling Windows on top of the blown image didn't work. Even booting from floppy disk failed. The Command-line-only mode gave me only the 8.3 file names, not the longer file names.
The solution? Move the blown hard drive to a Linux machine, and use the VFAT FS support to read all the Windows files. Write a CD-ROM with everything that needed to be saved. Then blow away the hard drive image completely using the Linux utilities, and reload Windows and all the apps completely from scratch onto the now-clear hard drive. (This also meant I had to blow the partition table away, but that was small loss.)
It's even easier if you have your system dual-boot with Linux, so that when Windows eats itself for lunch, as it seems to do every six months or so, you have a way of saving off all those files you would otherwise lose. Linux makes Windows palatable.
I remember reading an article in Popular Science magazine circa 1965 that described a "rail system" for cars that would allow you to drive to a rail station, accelerate on a upramp rail, switch into the main line rail with all the other cars that are travelling, switch off onto a deacceleration rail at your destination, and back on the road.
Sound familiar?
Now, that particular system used dual rails so that existing suspension systems and wheel assemblies would have lightweight solid wheels to ride the rails. (It's been so long since I saw the article I don't remember the rail gauge, but it was supposed to be wide enough to handle small trucks...but not semis.) There would be no need to redesign auto bodies other than have clearance for the two rails.
The article in PS was well-balanced, because it also listed the "unsolved problems" with such a system. What's interesting is that in my reading of this article, I didn't see mention of the problems, let alone the solutions. From memory:
What happens when you have a failure in one of the cars?
How does the system respond to damage to the infrastructure (broken rail, loss of rail power)?
Can existing cars be retrofitted to use the rail system?
How fiend-proof is the system? What are the weak points that would be targeted by terrorists?
How would the system be paid for?
This last is an excellent question. Do we use tax dollars, or is there a use fee when you roll onto the rail? In the 60's the instant answer was "taxes, taxes, taxes" but in today's environment the trend is toward pay-per-use of the enhanced system, or don't use the enhancement and roll on the side road for no extra fee. (See what NJ is doing with private toll roads, for example.)
Are there answers to these concerns? I think there are. Is the rail system practical? For some parts of the world where traffic congestion is linear, such as in LA, but not where the traffic congestion is more two-dimension such as in England or Japan.
Disclaimer: I am not a lawyer, and this is not legal advice. Consult with an attorney for your specific situation.
If you are talking about implementing a compiler or interpreter for a language, any language, in which you (or your company) has created code, then you are free and clear, because copyright does not protect an idea, but the expression of an idea "fixed" in a medium.
Case in point: the type font industry used to have a big problem with piracy. They quickly learned that out-and-out copying (tracing a font, copying a digital representation of a font outline, and similar activity) was protected under copyright, but that a font designer re-creating the face other than by tracing was not a violation of copyright. The new face represented a distinctly different font.
The old Ashton-Tate company got a rude wake-up call when they stumbled on the fact that the dBASE language wasn't protected, but their interpreter and compiler were. (Clouding that issue is the fact that dBASE was based on a government developed language, but what the hell...)
That said, watch out that you don't use any of their code, such as libraries -- you would have to re-develop them yourself. You must make sure to use ONLY your code with your interpreter in order to avoid any potential problem with copyright.
There are also patent issues to worry about, but if the company hasn't declared any patents you are most likely safe from that little problem. Don't guess, though -- consult a good attorney.
Lawrance Livermore used to take decommissioned hard drives and Syquest style media in the green area and dump the platters into a vat of acid. Floppy disks went through the three-pass shredders, so you end up with fine magnetic dust.
The original specification for overwriting disks containing classified but not secret data called for 300 overwrite passes, alternating between all-zeros, all-ones, alternating zero-one, alternating one-zero, and "worst case pattern" (for those old MFM drives, the 16-bit pattern 0xDAC3). You needed to know the exact drive geometry, because you want to do all the tracks on a platter individually, using a back-and-forth sweep so as to get into the guard bands as much as possible.
(In other words, wipe from cylinder 0-max on head zero, then from cylinder max-0, then go to the next pattern and wipe. Then you go to the next head.)
Is it worth it? At today's prices, I don't think so.
Again, there is this tendency to wear blinders. In order to really see what is going on, you have to look at the Electoral College in context.
And the context? The States funded the Federal Government before the Income Tax was adopted. In short, each State figured out who they wanted as the Chief Executive, and through the EC sent representatives of their view to Washington DC. Because the decision was by State, and not by overall popular vote, every state had a say proportional to their contribution to the coffers.
Too bad that when the 16th amendement was passed that the EC wasn't realigned as well.
The first thing that popped in my mind was that some enterprising young Nevadan would "black-box" analyze the protocols, and put up a proxy server so that out-of-staters could bet through the proxy. That would beat any tracking scheme using ANI or caller ID, because the call would be made from the local in-Nevada exchange. Because the Nevada resident (with Nevada driver's license, mail address, and other identifying marks) would be signing up for the service, there is no way that the operator would be able to determine whether a given transaction was done by a Nevadan.
What proxy software, you ask? How about PCAnywhere, Timbuckto, Carbon Copy? And if that proprietary software just happens to run under Linux, there could even be a Web-based interface.
But don't look at this Nevadan to do the job. I wouldn't be surprised if the EULA states specifically that any such proxy use of their software was strictly verboten; indeed, that the proxy of their software would be illegal under Nevada Revised Statutes. Nope, not me.
I like living here, and don't want any reason for the State Gaming Board to even look my way. I have enough problems with the Tahoe Regional Planning Authority (TRPA)...
Both the Las Vegas and Reno airports have gaming in the food court areas, the terminal gate areas, and selected other places. In fairness, though, I must state that the machine are supervised by change clerks and by airport law enforcement. The age limits are enforced--I've seen it happen in the Southwest gate areas.
You missed the fact that we also have slots in the grocery stores, and virtually every bar in town has at least four of the video-poker machines.
When you get outside of Washoe and Clark county the guys have other ways they can spend money as well. Most notably in the State's Capitol. But this isn't about the Bunny Ranch FUFme server, this is about The Lucky Nugget Of The Web.
(It's amazing to me how many people forget that Reno and Lake Tahoe are both large gaming areas. The Eudomatic Pie described the escapades of some practical physics experimenters who built computers into shoes and bras--and the process was first tried in the field here at Lake Tahoe.)
Slashdot Mirror
When I first got the fool thing, I changed the IP address it responded to. At the moment, my particular modem has the address 10.1.2.1/24. Guess what? That particular subnet is not accessible through my ISP (net 10 is blocked) and I don't have any other system with that subnet defined.
When I want to play, I define a second net address on my Linux firewall to create an interface on that port, and manually update the router tables accordingly.
I wonder how many people have tried to find my Alcatel 1000?
This was the words out of the mouth of a MSCE when I had set up an office environment with network 10. Because the office was rather large, I had thought to use 10.0.0.x/24 for the main office network and 10.0.1.x/24 for the lab. When DSL testing was to go in, the DSL and LAN lab would use 10.0.[234].x/24 for primary DSL, primary LAN, and secondary LAN.
I took the advice, and selected 10.1.[1234].0/24, and things worked swell.
This proved to be excellent advice when we started testing with Cisco router-access servers, because those things do NOT like a zero in any quad. With 10.1.1.0/24, though, everything worked great.
I now continue that practice, using 10.1.1.0/24 for any small private network I set up. Because the gateway to the Internet uses NAT, I'm not concerned about what the numbering is on the other side. In any case, every firewall is configured to not forward the private network addresses.
This works with NT, 2K, 98, 95, 3.1, and Linux. Not to mention BDS, Ascend, Cisco, USRobotics Total Control, Portmaster, and other RAS brands.
I'm a consultant and free-lance writer, so I don't have any big-company bias. I've read all the links associated with this article, at least as much as I was able to in the limited time I devote to /. reading. So let's review the bidding, shall we?
Unlike other people of opinion on /., I disagree that the Oregon law as envisioned by the Oregon legislature is overbroad, but that the lax definition of terms is what makes the law appear overbroad. In this particular case, given the usual level of knowledge by state law enforcement in 1993 of matters computer, it's not surprising that the State of Oregon decided to prosecute. It was the use of this law in the first place by the prosecutors that leaves me cold. According to my own experiences, the proper place to prosecute this case would be in civil court, if Intel felt that it has sustained substantial loss because of Mr. Schwartz's actions.
Lessons to be learned
Your client is not your friend. Your client is not to be trusted to "do the right thing". Therefore, in all written consulting contracts, state that any disputes arising from the execution from the contract, including any alledged criminal conduct alledged by either party, shall first be submitted to arbitration.
If someone in your client company "asks you for a favor" insist that the employee write you a letter formally asking you to perform that favor. One of the gray areas in this case had to do with whether Mr. Schwartz had authorization to do what he did, so make sure you have sufficient proof that you as the contractor believed you had authorization. Such letters should be channeled through your primary contact.
If part of your contract involves tightening up security, ensure the contract includes clauses authorizing you to perform the operations required to test and measure security. Make sure this clause is as specific as possible. Name program names, if you have favorates. This is an amplification of the authorization point above.
Don't communicate with the company with a company-provided and -administered e-mail account, EVER. Your contract should specify that all electronic mail communications shall be sent to your personal e-mail account, and that only communications from your e-mail account shall be considered to be from you. Negotiate appropriate SMTP access for contracts involving on-site activities, and also get them to agree that traffic to and from your personal e-mail account is owned by you and not the company.
As much as possible, use your own equipment to perform work for your client. The only time you should use client-provided equipment is when there is no alternative; e.g. you have to use a proprietary ICE as part of your work. Consider renting equipment that you will use under your own name (reimbursed under invoice by your client) so that YOU, not the client, owns any data generated by the instrument or equipment. Alternatively, specify in your contract that you own all data until you have received payment from the client.
Your contract should also specify what use you may use of company computing resources, including network connectivity. Insist that you be able to use their resources for your e-mail, for Web browsing for the purpose of research, and for any other application that you feel necessary to perform your duty for your client company. If your contract calls for you to be on-site during specific hours, as opposed to being on site only when performing specific tasks, your contract should also specify that you may make reasonable recreational use of their network resources.
Ensure your contract identifies a single individual as your point of contact. Insist that all company requests be funnelled through that single individual. Even better, have the contract specify a primary and an alternate, with specifics as to when the alternate may take the place of the primary. Your reports on your activities goes to your primary (or alternate). Any delegation of contact responsibility needs to be in the form of a letter from your primary -- accept nothing less.
Disclaimer: I am not a lawyer, nor do I play one on stage or screen.
That line of reasoning would make Burger King liable if someone set up a drug deal while eating a Whopper in the restaurant.
Perhaps the better analogy would be that a perp buys a Whopper(r) sandwich, inserts poison, and kills a person by presenting that Whopper(r) sandwich to the victim. Burger King would be an accessory to murder by providing the medium used to pass the poison -- the above-mentioned Whopper(r) sandwich.
Common carriers are in the same situation as the above-mentioned fast food chain is in. It makes just as much sense to fine the ISP as it does to charge the restaurant for accessory.
For any keyboard system to be encrypted, you would need both hardware and either firmware or software support for it. Given the power of the CPUs put into keyboards, I don't think you would find strong enough encryption to be useful. After all, with a keyboard it's dead simple for a perp to run a known-plaintext attack on the keyboard.
Consider a laptop that you keep in your possession at all times, or lock in a safe when not in use.
Physical security is all-important with keyboards.
(And I hope this wasn't the last of the April Fool's Jokes -- they got old real fast this year.)
Not every single release requires one to download the tarball and rebuild the kernel...but for every release there is someone out there who wants the new feature or needs the bug fix and sees the advantage to take the time to upgrade. If we were to move to quarterly point releases, you would make a number of people mad.
For example, on some of the systems around here I'm still running 2.0.34, because those systems don't need the updates. The work gets done. Others are running 2.2.15 (soon to move to the latest 2.2 for security reasons). Not one of my servers is running a 2.4 -- yet -- because I don't think that the 2.4.x series has enough run time on it yet -- I tend to be conservative about upgrades. In other words, the 2.4.3 doesn't have something that I can't live without, so I let other early adopters (the people on the bleeding edge) scope out the system before I move to it on any of my boxes.
Does this sound to you like a variation on "If it ain't broke, don't fix it?" Good hearing...
I read the laundry list in the article, and agreed with every single point. (No, I don't work for Oracle.) In fact, I'm surprised there weren't a couple of other items, such as the OOM killer problem that has consumed a lot of linux-kernel mail list space lately.
Everything Oracle asked for is bread-and-butter for high-performance database functions. If the PostgreSQL people had been at the summit, they would have asked for the same things. Another group that would benefit from the proposed changes would be real-time apps people, because several of the requests center around simplification of large-transfer requests.
As for resources, you can bet that Oracle people will be right in there testing the changes that are made, providing benchmark data, and perhaps submitting patches from time to time. I suspect, though, that they will leave the big-brush architecture work to the core people, so that the changes they want can be cleanly added to radditional changes requested by others, requests just as worthy for inclusion.
As for "what strings are attached," I suggest you read the GPL again...
Thank you, corky6921 and Michael, for the memory. Barlow's screed reminded me of my brush with the FBI in the NuPrometheus affair.
First, some background: I've been attending the Hacker's Conferences for more years than I care to admit, and my name and picture were included in the directory for the conference. At the time of NuPrometheus, I was working for InfoWorld magazine in some capacity or another. InfoWorld was one of the places that got the Color QuickDraw code. I'm located at Lake Tahoe, in Incline Village, Nevada, which means I'm out of the "Bay area" (with apologies to the Boston folks here, as well as other parts of the world that call themselves the "Bay area"). In other words, by Barlow's analysis I was a sure target for interview.
It took the FBI nearly a year before they got around to me. Like Barlow, my agent (whose name I cheerfully forgot when he retired two months later) was completely clueless. He read from a sheet sent by the SF office a list of 10 questions, and dutifully wrote down my answers. Then the agent put down his sheet, his pencil, and his ill manners and just started asking concept questions. It was three hours, with only the first 30 minutes being illness-making.
He was so far out of water it wasn't funny.
The SF office called me a week later to follow up on some of my answers; that call lasted all of 20 minutes. That's the last I've heard from the FBI, and it's been a decade since I heard the word NuPrometheus.
At least they didn't break down the door and cart all the electronics away.
As a long-time freelancer, I've noticed that there is a strange sameness to the freelancing contracts I'm told I have to sign in order to get assignments from magazines: I am required to hand over world-wide rights in any medium, present and future, for a lump sum.
Before? It was "first serial rights" plus possible inclusion in an anthology -- two bites at the apple by the publisher.
When the trend first started, the authors were getting higher payments to cover the additional usage, so the publishers were indeed paying for the further use. What has happened in the last few years is that freelance pay rates have been frozen, and the number of products continues to increase. Indeed, many of the webzines I looked to write for continue to demand worldwide rights, and pay virtually nothing.
(I'm not really concerned for myself -- my articles tend to have a very limited lifetime, so I'm not hurt as badly as others.)
Now, when all the publishers are demanding the same rights, there is a view that this is a form of trust, and the Department of Justice doesn't like it. There have been efforts to get someone in the US Government interested in this issue, so as to prevent the publishers from applying anti-competitive pressure on freelance writers to accept this giving up of worldwide rights.
One thing that I do with these contracts: I make the assignment effective when I receive payment, not immediately. If a publisher is not willing to accept that condition, then I don't write for them. It helps, especially when they start putting my unpaid articles up in their databases. It makes for interesting copyright cease-and-desist actions...
It may sound stupid, but the trend through four different Administrations (of the US Presidency) has been that employers have a right to anything on their networks, their equipment, and their building. So remember that anything on the company-purchased Palm, laptop, or desktop is (at least in a legal perspective) open to the boss.
DON'T use the company hardware/network/infrastructure for anything personal. DON'T accept a notebook or Palm from the company -- buy your own, and transfer your company stuff to company equipment on a regular basis.
That way, you avoid getting burned by workplace snooping.
I'm surprised, really surprised, that no one has brought up the observation that the law enforcement people will be VERY PISSED when they are unable to copy evidence from your computer.
How's that again, Satch?
When copy control becomes ubiquitious, as the entertainment content providers would like to become, you can create files with the copy controls in place. The only option the G-man would have is to take the device. Not too easy to do when the search is supposed to be stealth. Today, your average lawman could make a copy of the file to floppy, or ZIP, or whatever, and walk away with the victim none the wiser.
Put it in context with existing requests by the FBI and other law agencies: (1) undetectable wiretaps of phone, fax, Internet; (2) growth of "no-knock" warrants; and (3) advances in possession-releated statutes. What the FBI can't get through the front door of legislation they are trying to get through the back door of international treaty.
So what is Congress to do about this? Any back door will be utilized by unscrupulous people -- witness what happened to Clinton's favorite child, Clipper. Trying to prohibit ordinary people from owning equipment that can generate protected files just means that casual use is stopped, just as prohibitions on gun ownership in some cities of the US and some countries of the world stops only the honest people.
Ubiquitious copy-protection hardware. Good for ALL criminals. Those that claim alligience to The Godfather and those that claim alligience to the RIAA...
I'm sorry, but I'm surprised that no one has already pointed out the obvious: if you don't want linking, there are several methods of preventing linking.
I am writing an active-server Web site using PHP (nothing special about PHP, it could be as easily done in PERL or C or, I suspect, Visual Basic) that does not carry state information in the URL. No state information in the URL, no deep linking or even "shallow" linking. Any link goes to the "front door".
When I first heard about the BBB demanding that people bring down links, I was under the impression that the BBB didn't want any links to their site at all. The example that was cited in the report, though, did deep linking into the BBB side, but did it in such a manner that there could be some confusion about the association between the site in question and the BBB.
A footnote: not all links are "bad" in the eyes of the BBB. If you are a member of the Better Business Bureau, you are allowed to have a link from your Web site to the BBB in the context of "we support the principles of the BBB" or some such.
When Canada and the United States wanted to harmonize the technical requirements for equipment that would be attached to the telephone systems in the two countries, they started and promoted an open forum for the exchange of ideas, of proposals, and of implementation techniques. The same process continues under the auspices of the International Telecommunications Union (ITU), again in the sunshine of open exchange. With the ITU, you may not have direct access, but you do have input through your country's standards-making process.
With this treaty, we have a branch of the United States government supported by taxpayer dollars acting as a "consultant" to a European treaty body without full knowledge and consent of the people footing the bill, let alone preventing citizens from having any input into what is proposed. In other words, the law enforcement arm of the Poster Boy For Democracy is engaging in secret talks that affect the bill-payers, and the results of that political end-run is made public only after the concrete has been poured and cured in the document.
Why was the FBI involvement kept secret? Why was there no notice before the United States sent its advisors to Europe?
Perhaps it is time for the EFF to use FIOA to get a record of who did what, and exactly what process was used to make this happen.
If you replace "purchase patents" with "purchase bad debt" and "TechSearch" with "Bob's Credit Collections" the story plays exactly the same.
My next question is this: if the patent is found invalid, who gets nailed for the defense costs and the consequences?
(I might add that I believe there is ample prior art examples out there that this patent wouldn't survive. Start with AP WirePhoto...)
Just a small comment about RISC: in the lower-end RISC computers, there is no hardware to resolve resource collisions or perform memory timing -- that's done by the compiler at code generation time. If you are stupid enough to try to use a register before it's been filled, that's your tough luck. Ditto if you do a memory access and you access the data register too soon, or get "out of sync" with the memory clock.
CISC machines hide these details.
I make no claim to having THE answer, but I put forward for your consideration this idea. First, some background:
On July 3, 1995, Time Magazine published its infamous cover story on Cyberporn. Written by Phillip Elmer-Dewitt, the story was based on a "study" done by CMU then-undergraduate Martin Rimm. (see this page for some details.)
A number of dead-tree journalists who haunted alt.internet.media-coverage got up in arms about the article. Rather than lamenting the follies of their brothers in reporting, they decided to do something about it. Thus was born the Internet Press Guild, a peer organization of journalists who work to provide assistance to any member of the working press who find themselves with an assignment to write about "The Internet." Membership in the IPG is open to any working press, regardless of publishing method. We have Slashdot/NewsForge/Andover people as members, for example. (Hi, Rob!)
The goal of the "organizaiton" is not to "judge", but rather to assist reporters and editors find sources that are useful and accurate, and to point them to information that can prevent them getting egg on their face.
(Disclosure: I'm one of the founding members, so salt to taste.)
I'm not pushing the IPG as a solution to improving Net journalism -- our focus has been on helping reporters and editors reporting ABOUT the Net in the dead-tree and glowing-phosper media. The point is that we are an Internet-based organization -- no conventions, no formal face-to-face meetings, and very low dues -- that is designed to provide peer help.
I suggest that a meeting-place for working Net journalists could provide the same benefit for the New Media that the IPG is currently providing to the Old Media.
Why must children in public libraries be able to view every piece of filth availible? They will be adults soon enough; then they will be able to make adult choices. Until then, children need to be protected, though, not used as pawns in a libertarian game.
I grew up in northern New Jersey (spare me the condolences) and the library had a very simple rule: young children (under 13) could not enter the adult portion of the library without permission from their parents. That permission took the form of different library cards for children and for adults, and for children that had a permission slip on file they received an "adult" card (but with a number that identified the patron as a child).
This was enforced by the librarians requiring anyone in the adult portion of the library to show an appropriate library card or proof of age.
(I got one of those kid-adult cards when I was 9, because of my interest in electronics that couldn't be satisfied by what was in the kid's section. My parents were amused at first by the permission aspect, but they were told that part of the reason for the ban was to keep "noisy children" away from the grown-ups. No problem with me -- give me a good book and I was quiet for hours.)
I had a Windows system that went toes-up on me--apparently a virus had clobbered some of the Windows core executables and the system refused to boot. Reinstalling Windows on top of the blown image didn't work. Even booting from floppy disk failed. The Command-line-only mode gave me only the 8.3 file names, not the longer file names.
The solution? Move the blown hard drive to a Linux machine, and use the VFAT FS support to read all the Windows files. Write a CD-ROM with everything that needed to be saved. Then blow away the hard drive image completely using the Linux utilities, and reload Windows and all the apps completely from scratch onto the now-clear hard drive. (This also meant I had to blow the partition table away, but that was small loss.)
It's even easier if you have your system dual-boot with Linux, so that when Windows eats itself for lunch, as it seems to do every six months or so, you have a way of saving off all those files you would otherwise lose. Linux makes Windows palatable.
Now, isn't that ironic?
I remember reading an article in Popular Science magazine circa 1965 that described a "rail system" for cars that would allow you to drive to a rail station, accelerate on a upramp rail, switch into the main line rail with all the other cars that are travelling, switch off onto a deacceleration rail at your destination, and back on the road.
Sound familiar?
Now, that particular system used dual rails so that existing suspension systems and wheel assemblies would have lightweight solid wheels to ride the rails. (It's been so long since I saw the article I don't remember the rail gauge, but it was supposed to be wide enough to handle small trucks...but not semis.) There would be no need to redesign auto bodies other than have clearance for the two rails.
The article in PS was well-balanced, because it also listed the "unsolved problems" with such a system. What's interesting is that in my reading of this article, I didn't see mention of the problems, let alone the solutions. From memory:
This last is an excellent question. Do we use tax dollars, or is there a use fee when you roll onto the rail? In the 60's the instant answer was "taxes, taxes, taxes" but in today's environment the trend is toward pay-per-use of the enhanced system, or don't use the enhancement and roll on the side road for no extra fee. (See what NJ is doing with private toll roads, for example.)
Are there answers to these concerns? I think there are. Is the rail system practical? For some parts of the world where traffic congestion is linear, such as in LA, but not where the traffic congestion is more two-dimension such as in England or Japan.
Disclaimer: I am not a lawyer, and this is not legal advice. Consult with an attorney for your specific situation.
If you are talking about implementing a compiler or interpreter for a language, any language, in which you (or your company) has created code, then you are free and clear, because copyright does not protect an idea, but the expression of an idea "fixed" in a medium.
Case in point: the type font industry used to have a big problem with piracy. They quickly learned that out-and-out copying (tracing a font, copying a digital representation of a font outline, and similar activity) was protected under copyright, but that a font designer re-creating the face other than by tracing was not a violation of copyright. The new face represented a distinctly different font.
The old Ashton-Tate company got a rude wake-up call when they stumbled on the fact that the dBASE language wasn't protected, but their interpreter and compiler were. (Clouding that issue is the fact that dBASE was based on a government developed language, but what the hell...)
That said, watch out that you don't use any of their code, such as libraries -- you would have to re-develop them yourself. You must make sure to use ONLY your code with your interpreter in order to avoid any potential problem with copyright.
There are also patent issues to worry about, but if the company hasn't declared any patents you are most likely safe from that little problem. Don't guess, though -- consult a good attorney.
Lawrance Livermore used to take decommissioned hard drives and Syquest style media in the green area and dump the platters into a vat of acid. Floppy disks went through the three-pass shredders, so you end up with fine magnetic dust.
The original specification for overwriting disks containing classified but not secret data called for 300 overwrite passes, alternating between all-zeros, all-ones, alternating zero-one, alternating one-zero, and "worst case pattern" (for those old MFM drives, the 16-bit pattern 0xDAC3). You needed to know the exact drive geometry, because you want to do all the tracks on a platter individually, using a back-and-forth sweep so as to get into the guard bands as much as possible.
(In other words, wipe from cylinder 0-max on head zero, then from cylinder max-0, then go to the next pattern and wipe. Then you go to the next head.)
Is it worth it? At today's prices, I don't think so.
Again, there is this tendency to wear blinders. In order to really see what is going on, you have to look at the Electoral College in context.
And the context? The States funded the Federal Government before the Income Tax was adopted. In short, each State figured out who they wanted as the Chief Executive, and through the EC sent representatives of their view to Washington DC. Because the decision was by State, and not by overall popular vote, every state had a say proportional to their contribution to the coffers.
Too bad that when the 16th amendement was passed that the EC wasn't realigned as well.
The first thing that popped in my mind was that some enterprising young Nevadan would "black-box" analyze the protocols, and put up a proxy server so that out-of-staters could bet through the proxy. That would beat any tracking scheme using ANI or caller ID, because the call would be made from the local in-Nevada exchange. Because the Nevada resident (with Nevada driver's license, mail address, and other identifying marks) would be signing up for the service, there is no way that the operator would be able to determine whether a given transaction was done by a Nevadan.
What proxy software, you ask? How about PCAnywhere, Timbuckto, Carbon Copy? And if that proprietary software just happens to run under Linux, there could even be a Web-based interface.
But don't look at this Nevadan to do the job. I wouldn't be surprised if the EULA states specifically that any such proxy use of their software was strictly verboten; indeed, that the proxy of their software would be illegal under Nevada Revised Statutes. Nope, not me. I like living here, and don't want any reason for the State Gaming Board to even look my way. I have enough problems with the Tahoe Regional Planning Authority (TRPA)...
Both the Las Vegas and Reno airports have gaming in the food court areas, the terminal gate areas, and selected other places. In fairness, though, I must state that the machine are supervised by change clerks and by airport law enforcement. The age limits are enforced--I've seen it happen in the Southwest gate areas.
You missed the fact that we also have slots in the grocery stores, and virtually every bar in town has at least four of the video-poker machines.
When you get outside of Washoe and Clark county the guys have other ways they can spend money as well. Most notably in the State's Capitol. But this isn't about the Bunny Ranch FUFme server, this is about The Lucky Nugget Of The Web.
(It's amazing to me how many people forget that Reno and Lake Tahoe are both large gaming areas. The Eudomatic Pie described the escapades of some practical physics experimenters who built computers into shoes and bras--and the process was first tried in the field here at Lake Tahoe.)
You forgot that when Mir was first flown, the Russians were considered "enemy", so this may fall more under the act-of-war disclaimer. :)