Gah, I can't believe only one other person has stated this under this thread...
Reverse engineering security mechanisms is expressly forbidden under the DMCA!!!
Why the fuck do you think they're so hyped to declare it a security precaution? Are they thinking that people will just accept another security breech from Microsoft? Sure, like Microsoft has given a $hit about that in the past...
Oh Christ. Don't be so paranoid. All they're after is licensing fees for using their "service". Which is basically another form of active DNS. Which is a big chunk of change regardless.
"IM" clients were the next (and obvious) evolutional step from various broadcast functions for admins in VAX and UNIX systems.
Why didn't *I* patent it then? The same reason I haven't patented function/cell/user based PGP-style encrypted database entries. First, because it'd be dense as hell. Second, I doubt I'm the first because it's fucking obvious, just nobody's written the software except for a few hundred people. (or publicized it...I've got some of this written for half a dozen or so law firms.)
Authentication and decryption in one layer. Tough...
Just how in the hell do you think that people can talk to each other over the internet (ip addresses) without having someone store who was at what IP address?
Obviously, it's a MS server! If you really have trouble believing that, make an account with a few contacts or buddies or whatever they're called, and then log off. Go to a different computer that's never had MSN installed on it, and then log in.
Gee! Now where did that information come from? You guessed it, a MS server.
Holy shit, just realized I cross posted postings, and confused them to boot...
Wierd, when I speak my mind I get modded up to hell cause it's common sense to... well, apply common sense to things. I wish this would apply more often. Sometimes the occasional brain fart does come through though...
"Are you seriously trying to say that Microsoft has a monopoly on instant messaging? That would come as a shock to AIM and ICQ users."
No, only that they capured around 1/3rd of the market share of major label IM users since AIM/ICQ are basically the same thing.
"Nor does anywhere say Microsoft will charge for the licenses. They do give away licensed SDKs for free (the numerous Windows Media SDKs spring to mind)."
Okay, do this for me, will you? Go put on a condom, and then find someone to fuck.:P
There's a major difference between "taking what's contractually obligated" to "taking what you need/deserve/want." Do you object to spammers abusing open proxies? Same damn argument.
Have a BIT of modern common sense and figure this one out, PLEASE.
Idiot. If something was produced years ago, and the specifications laid out, during a time that was declared anti-competative by the business involved...
Is it that tough to figure out? Short and long range planning. Among the best made when you're planning on winning or losing.
Really I was under the impression that nobody used MSN/Yahoo/Jabber/whatever. But I suppose this might vary regionally.
Erk, not to be rude, but I happen to know that they have entire department(s) devoted to regionalization. IM's ARE highly fragmented by who you know and how you communicate. If you were a CEO, and you had an IM dept, wouldn't you want to investigate this for trends and marketing?
If you knew what you were talking about, your post would make more sense...
"Forcing compliance" to a monopoly introduced technical specification... Gee, isn't that convenient? If I didn't think this just didn't backfire for MS (after all, they ARE majorly financially inconvenienced by having to run the servers involved), I'd be willing to say that they were totally stupid to do this.
Unfortunately, it was inevitable that they gained major market share in the commercial and end user market by introducing this for free, and incurred the costs that they did.
Changing their specifications to "secure" their networks may be admirable, but not if it's purposely done to break other implementations.
HINT: This is easy to do if you're the only one that knows the spec's other than by interacting with them.:P
HINT2: Sure, we'll change the spec's to "improve" our services, but you'll have to pay for them now that you're dependant (would cost more to replace than license) on them.
No kidding.:P The thing is, open source conflicts with this entire business model, unless extremely well built cypto is used. Which, by the way, isn't an easy thing to implement. Codewise or legally!
Otherwise you change maybe a couple of lines of source, which any 1st year college student, or anyone who actually likes coding can do. --> Not that well built crypto is hard to find mind you, it's that it's hard to integrate into this kind of thing by anyone who cares about the technical specifications AND the legal specifications involved. Even if "Open Source" crypto is used, legal models currently prevalent my preclude such from being acceptable.
It's easy! (to make "a profit!", and almost exactly how proposed by numerous/. trolls!
Just make your product available to everyone, until such time a significant market share becomes reliant upon such technology. By reliant, I mean, that the total cost of changing over to somthing else is more than the cost of just paying whatever fees that the license holder deems fit to be acceptable.
This, in my opinion, is no better than legalized extortion! Also, how is this NOT leveraging a monopoly?
"He's a troll because he doesn't like a piece of software and you do?"
Nah, he's a troll because if you compare the memory footprints over the indivdual clients emulated, or actually look at the XML skinning stuff, his objections are provably false, or he obviously has no idea what he's talking about, or just really screwed up his copy somehow.;)
Granted, Trillian probably isn't as clean as GAIM running under linux, but it's a hell of an app. All I ever use, and I looked hard for IM clients that can handle descent crypto. Not many out there. (I've really never used GAIM though btw - just very rarely much cruft on OS apps that active, but it always depends)
Could've been the "GPL: Free as in Herpes" crack though too. lol.
Okay, so the "Wow, insightful? Hardly." was over the top. My apologies on that score... that did come off as rather trollish and arrogant.
Some people here aren't technical to the level of knowledge I mentioned though. I was just meaning to point out that the traffic going to "windows update" could be relatively easily discerned and filtered out and really shouldn't be counted as bandwidth being consumed by the worm itself. At least in my (Now I guess not so) humble opinion.:)
Actually, I wonder about that. The Municipal one near here does credit checks for *every* account. To run that a SSN is almost required and allowed to require for that purpose (if I'm remembering right).
I'd love to find out more info about SSN requirements. I'll have to do some googling tonight...
Yup, tough legal summons or subpeonas are often handled using some of the same methods. No big trick to it. I've done it as a matter of fact. Not exactly the payphone thing, but something damn close.:)
"As long as there are automated attack worms, cleaner worms will be beneficial in combatting them. They're a valuable community service."
I don't mean to come off as a flame here, but I'd have to argue that you don't know what you're talking about. Do some web searching on the current "worm battle", and such virus related events in the past.
Usually, the clean up worm does as much damage or more damage than the origional. Also, it's a fire and forget system. By definition, it's beyond your control, so a system change later could change how the worm/virus affects the computer. This HAS happened before:
(credit to Satan's Librarian for this tidbit) The 'original' virus that cleaned up another one was the DenZuk virus, which cleaned up Brain. Both virus profiles are available at datafellows. This is like late 80's stuff. DenZuk started corrupting floppies when the new high density ones came out.
Anyway, I've never met one professional and competant programmer that would be willing to write a "beneficial" worm like this and that would be willing to publically take credit. And I've met a lot of dev's. That alone ought to tell you something...
Yeah, you're probably right. Usually once I fully explain why something like this might be a good thing, I usually have people agreeing with me though. Either that or people just don't say that they don't agree cause I get so irritated with stuff like this. heh. Too bad I'm not a politician though, and never really want to be one. I don't know why "internet laws" need to be any different than other laws, except usually in the case of jurisdiction. Breaking and Entering == A destructive unauthorized intrustion of a system, and etc...
I tend to think that personal responsibility is almost a thing of the past these days, unfortunately. Especially in the corporate world.:(
Printer sharing isn't common? Why shouldn't we be able to do this if we really want to, and if it's done securely? Well, if you mean do %90 of users do print sharing, almost definately not. But I'd say it's common enough. A print server/service of some type is usually very common if you've got more than one computer networked together and want to print from both though.
Anyway, sure, most of this is beside the point and uncommon for the average end user.
What I'm mostly talking about is end users having some idea that just plugging their computer into the internet and then leaving it forever to be abused by whoever wanders by - is a bad thing!
End users should have some basic responsability and accountability though. I'm sick to death of people just looking blank and shrugging and saying, "I'm not a computer person...", and using that as a license to quite intentionally never even try to take minimal precautions or learning / remembering / retaining even the smallest portion of what they're told. I run into this type of thing way too often, and it always astonishes me how apathetic people are.
Granted, there are a few that care, but almost all of the non-techies that I know are actually comfortable giving this kind of reaction to even the most trivial technical operation. This is when I say stuff like "empty the recycle bin if you delete confidential info", or "don't mail 50MB attachments to a list of 500 people on the same server." (Yes, I know there are trivial ways around stuff like this, but I'm just using it to illustrate a point.)
Exactly, what if they actually had a payload to do something other than infect? Now that someone's conviently released yet another template for idiot script kiddies to use, how long before you think we'll see an updated variant that does this?:(
Cheers mate. You'd think this would be common sense.
Anyway, anything that gains access to my machine that I don't explicitly authorize is bad freaking news to me. I can't believe that more people don't think this too.
You know, for a network admin, it's pretty trivial to be able to tell the traffic that's downloading the latest MS patch from the traffic that's incessantly trying to scan for uninfected hosts to infect.
Slashdot Mirror
Gah, I can't believe only one other person has stated this under this thread...
Reverse engineering security mechanisms is expressly forbidden under the DMCA!!!
Why the fuck do you think they're so hyped to declare it a security precaution? Are they thinking that people will just accept another security breech from Microsoft? Sure, like Microsoft has given a $hit about that in the past...
Oh Christ. Don't be so paranoid. All they're after is licensing fees for using their "service". Which is basically another form of active DNS. Which is a big chunk of change regardless.
"IM" clients were the next (and obvious) evolutional step from various broadcast functions for admins in VAX and UNIX systems.
Why didn't *I* patent it then? The same reason I haven't patented function/cell/user based PGP-style encrypted database entries. First, because it'd be dense as hell. Second, I doubt I'm the first because it's fucking obvious, just nobody's written the software except for a few hundred people. (or publicized it...I've got some of this written for half a dozen or so law firms.)
Authentication and decryption in one layer. Tough...
Just to add to the many that will correct you...
Just how in the hell do you think that people can talk to each other over the internet (ip addresses) without having someone store who was at what IP address?
Obviously, it's a MS server! If you really have trouble believing that, make an account with a few contacts or buddies or whatever they're called, and then log off. Go to a different computer that's never had MSN installed on it, and then log in.
Gee! Now where did that information come from? You guessed it, a MS server.
No, not just MS lawyers, but MS lawyers with DMCA and PATRIOT teeth behind them...
"You have no one to blame but yourself..." (Can't claim credit, someone has to have said it before. Most memorably, my mother...
Holy shit, just realized I cross posted postings, and confused them to boot...
Wierd, when I speak my mind I get modded up to hell cause it's common sense to... well, apply common sense to things. I wish this would apply more often. Sometimes the occasional brain fart does come through though...
Oh my, how many ways to respond...
:P
"Are you seriously trying to say that Microsoft has a monopoly on instant messaging? That would come as a shock to AIM and ICQ users."
No, only that they capured around 1/3rd of the market share of major label IM users since AIM/ICQ are basically the same thing.
"Nor does anywhere say Microsoft will charge for the licenses. They do give away licensed SDKs for free (the numerous Windows Media SDKs spring to mind)."
Okay, do this for me, will you? Go put on a condom, and then find someone to fuck.
Gee, I only didn't reply to the right thread, I used century instead of decade. My apologies to all.
HOW many beers are missing?!
Oh wow, was that overrated! Can you please come up with something that's recent to this century?
Are you really THAT naive? Holy shit!
There's a major difference between "taking what's contractually obligated" to "taking what you need/deserve/want." Do you object to spammers abusing open proxies? Same damn argument.
Have a BIT of modern common sense and figure this one out, PLEASE.
Idiot. If something was produced years ago, and the specifications laid out, during a time that was declared anti-competative by the business involved...
Is it that tough to figure out? Short and long range planning. Among the best made when you're planning on winning or losing.
Really I was under the impression that nobody used MSN/Yahoo/Jabber/whatever. But I suppose this might vary regionally.
Erk, not to be rude, but I happen to know that they have entire department(s) devoted to regionalization. IM's ARE highly fragmented by who you know and how you communicate. If you were a CEO, and you had an IM dept, wouldn't you want to investigate this for trends and marketing?
If you knew what you were talking about, your post would make more sense...
:P
"Forcing compliance" to a monopoly introduced technical specification... Gee, isn't that convenient? If I didn't think this just didn't backfire for MS (after all, they ARE majorly financially inconvenienced by having to run the servers involved), I'd be willing to say that they were totally stupid to do this.
Unfortunately, it was inevitable that they gained major market share in the commercial and end user market by introducing this for free, and incurred the costs that they did.
Changing their specifications to "secure" their networks may be admirable, but not if it's purposely done to break other implementations.
HINT: This is easy to do if you're the only one that knows the spec's other than by interacting with them.
HINT2: Sure, we'll change the spec's to "improve" our services, but you'll have to pay for them now that you're dependant (would cost more to replace than license) on them.
No kidding. :P The thing is, open source conflicts with this entire business model, unless extremely well built cypto is used. Which, by the way, isn't an easy thing to implement. Codewise or legally!
/. trolls!
Otherwise you change maybe a couple of lines of source, which any 1st year college student, or anyone who actually likes coding can do. --> Not that well built crypto is hard to find mind you, it's that it's hard to integrate into this kind of thing by anyone who cares about the technical specifications AND the legal specifications involved. Even if "Open Source" crypto is used, legal models currently prevalent my preclude such from being acceptable.
It's easy! (to make "a profit!", and almost exactly how proposed by numerous
Just make your product available to everyone, until such time a significant market share becomes reliant upon such technology. By reliant, I mean, that the total cost of changing over to somthing else is more than the cost of just paying whatever fees that the license holder deems fit to be acceptable.
This, in my opinion, is no better than legalized extortion! Also, how is this NOT leveraging a monopoly?
*laughs* Nice of you to actually point out anything that you could substantiate.
"He's a troll because he doesn't like a piece of software and you do?"
;)
Nah, he's a troll because if you compare the memory footprints over the indivdual clients emulated, or actually look at the XML skinning stuff, his objections are provably false, or he obviously has no idea what he's talking about, or just really screwed up his copy somehow.
Granted, Trillian probably isn't as clean as GAIM running under linux, but it's a hell of an app. All I ever use, and I looked hard for IM clients that can handle descent crypto. Not many out there. (I've really never used GAIM though btw - just very rarely much cruft on OS apps that active, but it always depends)
Could've been the "GPL: Free as in Herpes" crack though too. lol.
Okay, so the "Wow, insightful? Hardly." was over the top. My apologies on that score... that did come off as rather trollish and arrogant.
:)
Some people here aren't technical to the level of knowledge I mentioned though. I was just meaning to point out that the traffic going to "windows update" could be relatively easily discerned and filtered out and really shouldn't be counted as bandwidth being consumed by the worm itself. At least in my (Now I guess not so) humble opinion.
Actually, I wonder about that. The Municipal one near here does credit checks for *every* account. To run that a SSN is almost required and allowed to require for that purpose (if I'm remembering right).
I'd love to find out more info about SSN requirements. I'll have to do some googling tonight...
Yup, tough legal summons or subpeonas are often handled using some of the same methods. No big trick to it. I've done it as a matter of fact. Not exactly the payphone thing, but something damn close. :)
"As long as there are automated attack worms, cleaner worms will be beneficial in combatting them. They're a valuable community service."
I don't mean to come off as a flame here, but I'd have to argue that you don't know what you're talking about. Do some web searching on the current "worm battle", and such virus related events in the past.
Usually, the clean up worm does as much damage or more damage than the origional. Also, it's a fire and forget system. By definition, it's beyond your control, so a system change later could change how the worm/virus affects the computer. This HAS happened before:
(credit to Satan's Librarian for this tidbit)
The 'original' virus that cleaned up another one was the DenZuk virus, which cleaned up Brain. Both virus profiles are available at datafellows. This is like late 80's stuff. DenZuk started corrupting floppies when the new high density ones came out.
Anyway, I've never met one professional and competant programmer that would be willing to write a "beneficial" worm like this and that would be willing to publically take credit. And I've met a lot of dev's. That alone ought to tell you something...
Yeah, you're probably right. Usually once I fully explain why something like this might be a good thing, I usually have people agreeing with me though. Either that or people just don't say that they don't agree cause I get so irritated with stuff like this. heh. Too bad I'm not a politician though, and never really want to be one. I don't know why "internet laws" need to be any different than other laws, except usually in the case of jurisdiction. Breaking and Entering == A destructive unauthorized intrustion of a system, and etc...
:(
I tend to think that personal responsibility is almost a thing of the past these days, unfortunately. Especially in the corporate world.
Printer sharing isn't common? Why shouldn't we be able to do this if we really want to, and if it's done securely? Well, if you mean do %90 of users do print sharing, almost definately not. But I'd say it's common enough. A print server/service of some type is usually very common if you've got more than one computer networked together and want to print from both though.
Anyway, sure, most of this is beside the point and uncommon for the average end user.
What I'm mostly talking about is end users having some idea that just plugging their computer into the internet and then leaving it forever to be abused by whoever wanders by - is a bad thing!
End users should have some basic responsability and accountability though. I'm sick to death of people just looking blank and shrugging and saying, "I'm not a computer person...", and using that as a license to quite intentionally never even try to take minimal precautions or learning / remembering / retaining even the smallest portion of what they're told. I run into this type of thing way too often, and it always astonishes me how apathetic people are.
Granted, there are a few that care, but almost all of the non-techies that I know are actually comfortable giving this kind of reaction to even the most trivial technical operation. This is when I say stuff like "empty the recycle bin if you delete confidential info", or "don't mail 50MB attachments to a list of 500 people on the same server." (Yes, I know there are trivial ways around stuff like this, but I'm just using it to illustrate a point.)
Exactly, what if they actually had a payload to do something other than infect? Now that someone's conviently released yet another template for idiot script kiddies to use, how long before you think we'll see an updated variant that does this? :(
Cheers mate. You'd think this would be common sense.
Anyway, anything that gains access to my machine that I don't explicitly authorize is bad freaking news to me. I can't believe that more people don't think this too.
Wow, insightful? Hardly.
You know, for a network admin, it's pretty trivial to be able to tell the traffic that's downloading the latest MS patch from the traffic that's incessantly trying to scan for uninfected hosts to infect.
Just thought you'd want to know.
Actually I'd say that the only stupid design decision on this virus writer's part was designing and releasing the worm in the first place.