Indeed, it's worth stressing why the penalty should be so severe. The guy positioned himself as a security expert, offering to protect his clients against this very sort of thing. TFA, which you apparently didn't read, says he agreed to plead guilty to those charges.
So, yes, he expects to be found guilty - he's pleading guilty. What worse punishment was offered? There's something very wrong with this picture.
I am agreement that what he did merits punishment, perhaps even as severe as the maximum, but what I don't understand is why he agreed to plead guilty. What did he have to lose fighting it? His life is ruined.
Safety will increase by magnitudes when you are not restricted to driving in an almost 1-dimensional space, but rather have full access to the air. You, my friend, have obviously never seen rush hour traffic in Shattrath City.
From TFA:
They have young, talented programmers apparently. If you want me to put it harshly... "young" programmers and "young" technical managers at Microsoft who signed off on ActiveX et al, are totally at blame for the problem. We, the more elderly of the communty who programmed the internet in the first place, discarded executable content over the wire. Unshar was written for a reason!
The sophistication of this Storm "application" is much more indicative of a mature elder programmer, who probably has read the complete cypherpunks archives. We talked about stuff like this long ago. Compare to things like the Morris worm, the two Manila children, etc. Those were intense, but brief due to coding errors and the like.
Bah. No, these people are not children and they do know what they're doing.
My power was out for a week... My cell phone worked, however. It also was a very handy flashlight, as there was no power AT ALL anywhere near my apartment I'm amazed that your battery kept power for that long with the backlight enabled. Even my Japanese cellphones wouldn't stay charged that long.
Why the hell do these stupid sports-minded assholes think the major league organizations are any better than the **AA. They're getting what they deserve for their misplaced trust, just as the music/movie idiots are. Not very tactfully put, but brutally correct. They (I'm looking especially at MLB) have been abusing their fans for years. Who do they think pays the bills?
There's only one way to bring these motherfucking bastards to their knees -- just say NO. Yeah. The year they went on strike and cancelled the World Series I went on strike too. Their loss. I've been to hundreds of Los Angeles Dodger home games, but not any more. I still love baseball, but I follow Japanese professional baseball now.
In WoW, if some 70 decides to gank in STV, you're pretty much screwed Maybe on a PvP server, but I don't play those (see above posting). The only time I've been ganked in STV was after killing Samantha Swifthoof and I was mounted and never had time to dismount to get a shot off. Whatever. Killing Samantha Swifthoof is its own reward. I'm not a PvPer and that's OK in WoW, because there's plenty of content for us care bears.
While EVE is design around (non-consensual) PvP, there so much more you can do in EVE. Yeah, I've heard that. My own experiences with non-consensual PvP in WoW would make me shy away from it, but thanks for an honest evaluation.
I used to like "mistakes are fatal" games, my all-time favorite game used to be rogue and its successor NetHack. Blizzard has changed my mind.
The Linux and Mac gaming markets aren't all that large, especially since in both cases the option always exists to boot to Windows if you really want to play games. I am so tired of this argument, especially when Microsoft Windows is justified by "Hey, you've got to have it to play games." WoW is a lot more fun with a Mac than Microsoft Windows XP and I hope the same is the case with EVE (though I won't play it, I'm no fan of PvP).
They employ a bunch of computer dufuses and their "evidence" is most suspect, but don't take anyone's word for it. Read the deposition of their "expert".
Or are you just making some kind of point about prohibiting any version of Javascript? I'm not a big fan of any kind of Javascript and I'm on the side of turning it off. On a scale of 1 to 10 where 1 is dangerous and 10 is most dangerous, Java would rank about a 3, Javascript an 8 and ActiveX/plugins 10+.
Just as there are code signing authorities, the language plugins should be signed and available from trusted sources. Signed code or no it's still a dangerous practice that was rejected as unsafe two decades ago (unshar was written for a reason) and the proliferation of successful attacks today is the proof. Accidents happen, music albums get distributed with root kits installed by the supplier on them, broken signed updates get downloaded in the dead of night, etc.
I'm also convinced it doesn't add anything substantial to the web experience. The one other site I regularly visit that requires Javascript is the Blizzard WoW forum. There's plenty of "eye candy" there, but as a forum application it's slow and awkward at best to use.
The one Web 2.0 application done correctly (a decade ago) was Lars Magne Ingebrigtsen's Dejanews backend for Gnus.
Forget the layout which doesn't tend to work right anyway, forget the executable scripts, etc., concentrate on delivering content. To name one example (and thinking about what www.deja.com looks like today), if advertising is a necessary requirement, their time would be better spent defining a protocol where either the client accepts advertising (adblock or no) or the server has the chance to not deliver any content at all.
the browser (or other executing object) retrieve an interpreter for it, That's exactly the wrong approach. Perhaps you missed the article yesterday http://apple.slashdot.org/article.pl?sid=07/11/01/1855259 on the Mac OSX trojan download.
Executable content on the web is just plain wrong and no amount of Microsoft's or anyone else's marketshare makes it right.
When I use a Windows laptop, I notice the hard disk spinning up on a fairly regular basis, even when I'm doing something fairly lame like web browsing or word processing. I would expect both of those two activities to access the disk. A web browser could be saving cache or saving a history file, or more likely, page faulting. Text editing I would expect to periodically write to an autosave file.
You could tune a notebook mode to eliminate most or all of the web browser disk accesses, turn off history, caching, swapping to disk, etc. However, especially with a notebook, you would want aggressive autosaving in case the battery suddenly dies.
Postel wasn't wrong then and he isn't wrong now, but common sense must be applied. The problem as I see it is that first Netscape (introducing javascript) and then Microsoft (with ActiveX) got people used to executable content and that's always been an unwise thing to do. Unshar was written for a reason - it's not safe to run scripts off the wire even when they're coming from comp.sources.unix.
In the absence of executable content it makes sense to attempt to render something in the face of malformed HTML. It makes no sense to be liberal about what kinds of executable content to accept and even less sense to attempt to run it anyway when it is malformed.
People will rather live with a familiar piece of crap, rather than switch to something totally new that may (not) be better. So long as when you walk into a random computer store and try to buy a computer and the only thing you can buy is Microsoft Windows Vista crap, yeah.
Free countries don't do that and I have the Philippine computer store data sheets to prove it because you can walk into a random store and buy a computer without an O/S or a computer with Linux there.
At one point I had full XFCE desktop and latest (at the time) 2.6.xx kernel running in under 35 MB. That was a few months ago. Good job. Long, long ago I made a 2 1.44MB floppy boot/root-fs system (with networking & NFS) for rescue & installation which worked just fine.
I suppose this is the wrong article to point out that not only what you did is possible, but you can sell it afterwards thanks to Open Source licensing.
Mod me down Microsoft Fan Boys. Bury the truth.
Re:Why we can't stop spam with our current techniq
on
Spam Hits 95% of All Email
·
· Score: 2, Insightful
We can't stop it because we aren't addressing the real problem. Spam is an economic problem. People send out spam because they make money off of it. And they will therefore continue to send out spam as long as they make money off of it.
If you want to stop spam, you have to remove the economic incentive. To do that, you need to cut off the co-conspirators You're right, but for the wrong (IMO) reason. Spam has economic incentive because all the costs of email are borne by the recipient. Botnets have made it even cheaper. You must remove that if you want to really fix the problem.
If you do not remove the economic incentive, nothing will work because it will just be an arms race and the "good guys" will necessarily always be on the defensive side.
1) Not that big of a problem (hard to believe if you are a mail provider / ISP yourself) No, it's a problem. The model of email we use is fundamentally broken == spam friendly.
2) Impossible to solve by means of free market solutions, and requires cooperation and standardization of new technology. Disagree on the first part, agree on the second part.
Email is broken because all of the costs are placed on the recipient. The way to fix this is to require micro-postage paid to the recipient. Yes, this requires cooperation and new technology that was unfortunately patented by a company that went bankrupt and all the patent rights went into limbo so no one can use them (Digicash and the Chaum e-money/identity patents).
This breaks mailing lists, but it also breaks spam. If each mail message contains a digital coin payable to me, the spammers can bring it on, as far as I'm concerned.
Note that it would be huge mistake to pay the recipient's ISP as they would then have the same kind of financial incentive to deliver spam, just like the USPS has a financial incentive to deliver dead tree spam. Note also, that it would be possible to return postage for legitimate email as well.
Fix the model first. Attempting to legislate against misuse of something broken is an exercise in futility.
how many people are getting 96-100% spam, in order for this average to hold true? Anyone with a long-time email address, especially one associated with usenet or mailing list archives. My xemacs.org email address gets near 100% spam.
Microsoft said it. http://support.microsoft.com/kb/942435/en-usSYMPTOMS When you try to copy files from a Windows Vista-based computer to another computer by using Windows Explorer, you may receive the following error message:
Out of memory There is not enough memory to complete this operation.
This problem occurs if the following conditions are true:
The files include extended attributes.
You copy lots of files in a single operation.
CAUSE This problem occurs because of a memory leak in the Windows OLE component. This memory leak is triggered by the way that Windows Explorer deals with the extended attributes of the files. That sounds like two separate bugs as the "lots of files in a single operation" sounds more like overflowing a fixed size array than anything else.
Unix does shell globbing (yes, it IS fucking retarded) Not particularly. It guarantees that it's always available. I thought the VMS design of having globbing done in a library was suboptimal.
The limitation on `*' expansion is command line length (actually command line length plus number of parameters plus the size of the environment) and that is an irritation. More so if the shell doesn't enforce the same limit when invoking a shell function, although perhaps that's a feature.
I don't think any of the GUIs have a problem similar to this. You didn't RTFA. Internet Explorer apparently has a limitation of 2**14 files in a single operation.
There are two bugs involved in this article. One is a limitation of (probably) 16384 total files in one operation and the second is a memory leak in a library when many files with extended attributes are processed.
Magic numbers, whether it is 14 characters for a file name, 3 levels of indirect inode blocks, or whatever are evil. GUI programmers are not immune from that programming mistake.
Microsoft has been a destroyer of standards, rather than a builder of standards. You must be new here. They're only doing what titans in the computer industry have done in the past. IBM (with OS 360), DEC (with VMS), etc.
Standards have traditionally been whoever has the largest market share. They may change from vendor to vendor, but it has always been this way. Always.
Sigh. When I went through college, there were no computer majors, but now it definitely seems time that there should be computer history majors...
Slashdot Mirror
So, yes, he expects to be found guilty - he's pleading guilty. What worse punishment was offered? There's something very wrong with this picture.
I am agreement that what he did merits punishment, perhaps even as severe as the maximum, but what I don't understand is why he agreed to plead guilty. What did he have to lose fighting it? His life is ruined.
You are missing a very big point. He agreed to plead guilty to the charges yielding those penalties.
What is wrong with this picture?
I clearly have lived in the 3rd world too much where cell phones as flashlights aren't a novelty, they're a necessity. Thanks for the info.
The sophistication of this Storm "application" is much more indicative of a mature elder programmer, who probably has read the complete cypherpunks archives. We talked about stuff like this long ago. Compare to things like the Morris worm, the two Manila children, etc. Those were intense, but brief due to coding errors and the like.
Bah. No, these people are not children and they do know what they're doing.
I'm not a PvPer and that's OK in WoW, because there's plenty of content for us care bears.
Murder does not in any way equate to what happened here.
I used to like "mistakes are fatal" games, my all-time favorite game used to be rogue and its successor NetHack. Blizzard has changed my mind.
Go alternative platforms. Choice Is Good.
(I can't find the slashdot article where this was posted).
They employ a bunch of computer dufuses and their "evidence" is most suspect, but don't take anyone's word for it. Read the deposition of their "expert".
I'm also convinced it doesn't add anything substantial to the web experience. The one other site I regularly visit that requires Javascript is the Blizzard WoW forum. There's plenty of "eye candy" there, but as a forum application it's slow and awkward at best to use.
The one Web 2.0 application done correctly (a decade ago) was Lars Magne Ingebrigtsen's Dejanews backend for Gnus.
Forget the layout which doesn't tend to work right anyway, forget the executable scripts, etc., concentrate on delivering content. To name one example (and thinking about what www.deja.com looks like today), if advertising is a necessary requirement, their time would be better spent defining a protocol where either the client accepts advertising (adblock or no) or the server has the chance to not deliver any content at all.
Executable content on the web is just plain wrong and no amount of Microsoft's or anyone else's marketshare makes it right.
You could tune a notebook mode to eliminate most or all of the web browser disk accesses, turn off history, caching, swapping to disk, etc. However, especially with a notebook, you would want aggressive autosaving in case the battery suddenly dies.
Postel wasn't wrong then and he isn't wrong now, but common sense must be applied. The problem as I see it is that first Netscape (introducing javascript) and then Microsoft (with ActiveX) got people used to executable content and that's always been an unwise thing to do. Unshar was written for a reason - it's not safe to run scripts off the wire even when they're coming from comp.sources.unix.
In the absence of executable content it makes sense to attempt to render something in the face of malformed HTML. It makes no sense to be liberal about what kinds of executable content to accept and even less sense to attempt to run it anyway when it is malformed.
It's getting better!
But sir knight, you have no arms and no legs, what are you going to do, bleed on me?
Free countries don't do that and I have the Philippine computer store data sheets to prove it because you can walk into a random store and buy a computer without an O/S or a computer with Linux there.
I suppose this is the wrong article to point out that not only what you did is possible, but you can sell it afterwards thanks to Open Source licensing.
Mod me down Microsoft Fan Boys. Bury the truth.
If you want to stop spam, you have to remove the economic incentive. To do that, you need to cut off the co-conspirators You're right, but for the wrong (IMO) reason. Spam has economic incentive because all the costs of email are borne by the recipient. Botnets have made it even cheaper. You must remove that if you want to really fix the problem.
If you do not remove the economic incentive, nothing will work because it will just be an arms race and the "good guys" will necessarily always be on the defensive side.
Email is broken because all of the costs are placed on the recipient. The way to fix this is to require micro-postage paid to the recipient. Yes, this requires cooperation and new technology that was unfortunately patented by a company that went bankrupt and all the patent rights went into limbo so no one can use them (Digicash and the Chaum e-money/identity patents).
This breaks mailing lists, but it also breaks spam. If each mail message contains a digital coin payable to me, the spammers can bring it on, as far as I'm concerned.
Note that it would be huge mistake to pay the recipient's ISP as they would then have the same kind of financial incentive to deliver spam, just like the USPS has a financial incentive to deliver dead tree spam. Note also, that it would be possible to return postage for legitimate email as well.
Fix the model first. Attempting to legislate against misuse of something broken is an exercise in futility.
When you try to copy files from a Windows Vista-based computer to another computer by using Windows Explorer, you may receive the following error message:
Out of memory
There is not enough memory to complete this operation.
This problem occurs if the following conditions are true:
CAUSE
This problem occurs because of a memory leak in the Windows OLE component. This memory leak is triggered by the way that Windows Explorer deals with the extended attributes of the files. That sounds like two separate bugs as the "lots of files in a single operation" sounds more like overflowing a fixed size array than anything else.
The limitation on `*' expansion is command line length (actually command line length plus number of parameters plus the size of the environment) and that is an irritation. More so if the shell doesn't enforce the same limit when invoking a shell function, although perhaps that's a feature. I don't think any of the GUIs have a problem similar to this. You didn't RTFA. Internet Explorer apparently has a limitation of 2**14 files in a single operation.
There are two bugs involved in this article. One is a limitation of (probably) 16384 total files in one operation and the second is a memory leak in a library when many files with extended attributes are processed.
Magic numbers, whether it is 14 characters for a file name, 3 levels of indirect inode blocks, or whatever are evil. GUI programmers are not immune from that programming mistake.
Standards have traditionally been whoever has the largest market share. They may change from vendor to vendor, but it has always been this way. Always.
Sigh. When I went through college, there were no computer majors, but now it definitely seems time that there should be computer history majors