This is yet another point demonstrating the superiority of OSS & FS.
Closed-sourced-software (CSS) can easily be regulated, because it often has immobile targets of regulation. Companies can't afford to dick around with defying government regulation.
However, try to regulate OSS / FS. Its not possible. Few things go into OSS / FS that users don't want, and if things go in there that users really don't want, they will eventually be purged (either by a fork, or by users individually who simply delete the offending lines of source code).
Part of the reason OSS / FS is not regulable is because you can't control what users do with it once they get it. A user gets OSS / FS software, and it can include all the DRM and spyware in the world -- doesn't matter if the user doesn't want it; the user can simply delete the offending lines of code, do a little bit of work, and recompile, or (s)he can hire someone else do to do that. It only takes one person to do this and then offer the modifications to the public -- possibly anonymously -- for the offending code to be removed from nearly every install. [it should be noted that this has even occured for CSS (refer to Kazaa, which includes virus', spyware, and adware, all of which were removed in KazaaLite)].
The other reason why OSS / FS can't be regulated is because of its very nature. How do you regulate something for which no one makes any profits, no one need reveal their identity to contribute to, and which is free as in freedom (and usually free as in beer)? You can't. Not effectively anyways. Sure, the government can drag its heels, but there is no effective way to regulate OSS / FS -- not even for an authoritarian state like China. Every move that is made attempting to regulate OSS / FS can easily be countered and alluded by OSS / FS devlopers.
Demand that no one release crytpo software w/o a gov't backdoor, the penalty being multi-million dollar fines and long jail time? Works great on all CSS and businesses. They'll be scared shitless; their execs and programmers too. Doesn't work at all on OSS / FS developers. They simply start developing and posting anonymously, possibly post from a server in another country, possibly move to another country, or publish the code from a public terminal.
This is not to say the government can't be an inconvenience. Taking special steps to post anonymously or posting from a public terminal is a nuisance, as would be (obviously) hosting software on a server outside one's own nation or moving to another nation. Obviously, we should work to make OSS / FS as unregulatable as possible. The CBGTA should not be allowed to in any way touch OSS / FS.
Obviously, one major key to making sure government regulations don't hinder OSS / FS is anonymosity. The government cannot regulate what it can't see. Regulation relies on having a target to be regulated -- i.e., the poster of the code. If one can't see that target, one can't effectively regulate. Another key is distribution. Even if the government can't regulate the developers themselves, it can target the servers they use to post their code to the world, taking it down. The way to deal with this is obviously mirrors, as well as working on distribution through P2P.
Perhaps legal clarifications about what is and is not, for example, "breaking and entering" are necessary; obviously, removing the end of a url or a port scan doesn't constitute that online.
To determine how I know these are obviously not breaking and entering, you have to go back to what makes breaking an entering wrong: because it violates a person's right to propertty and privacy.
In the case of deleting the last part of a url, that's not breaking/entering, because in offering a website to the public w/o access restrictions, its like having a garage sale. You can't have a garage sale and then sue someone for tresspassing when they come to inquire whats for sale. In other words, simply putting a site on the net without any restrictions implies that you want people to view it.
Though this bill is bad (in that its privacy-rights violations are unconstitutional) and rendant (in that everything it bans is already dealt with adequately by another law), it does not give the death penalty to a teenager who simply hacks into someone's computer. The death penalty is explicity reserved for cases where an online hacker knowingly causes the death of another person, or the rape, or the torture thereof (if either of those are possible to cause online). This is not uneven law. Its essentially the same law as exists in the real world.
Personally, I think that we should also give out life in prison to people like Gary Wennig (Gloal Crossings), Kenneth Lay (Enron), and Martha Stewart. These people ruined lives just as surely as if they'd killed individuals. You don't think their crimes are of similar magnitude as those of rape/murder/torture? Well, what are the effects of rape/murder/torture? In all cases, the victims life is over, ruined, or crippled for years. And the effects of Wennig, Lay, and Stewart stealing hundreds of millions of dollars from investors? The same. Thus, I think they should be given life in prison.
But if we are to do such, we should do so universally. We do not give life in prison to someone who kills with a machete and a slap on the wrist to someone who kills with Cyanide. Similarly for the internet. The tool with which a crime is carried out should not effect the punishment we deem appropriate.
First, survelliance without a court order is unconstitutional. This portion of the bill will surely be stricken down by the Supreme Court.
Second, the rest of the law is redundant and unnecessary. Crimes committed via the internet should receive the same punishment as those in the real-world, where the situation is analagous. For example, breaking and entering can be treated the same. Simply hacking into a persons computer is breaking and entering, even if it causes no damage; similarly, breaking/entering into a person's home, even if you do no damage or steal nothing (and don't damage the locks), is a crime.
When a hacker purposefully hacks into, say the USAF HQ, and steals top-secret documents on airplane design, then divulges them to China that's a crime just as it is in real life (treason). Similarly, it should be punishable just as it is in real life (by life in prison or death).
Another example, if a mob boss orders an underling to kill someone via an on-line e-mail, that's murder and conspiracy to commit murder. It should be punished just as it is in real life: by life in prison or death.
The fact that a crime took place over the media of the internet does not greaten or lessen its severity or lack-thereof. It simply creates a jurisdictional issue. The issue can be solved like such: if a crime is committed on the internet and its affect occurs in that state, then its the state's jurisdiction; if it occurs in one state and affects another (i.e., the mob boss in NY orders his hitman to kill someone in CA), then it should be under federal jurisdiction.
So, thanks to this dimwit, we have the re-number all the elements after 118...just freakin' great...that makes me real happy, since I just memorized every element in the PT and its number...now I have to relearn them all over again.;-)
I'd forgotten about this project. Really, its been a long long long time since I've played Civ...I'm sure I'll enjoy this. Like a throw-back to the old days when there was Prince of Persia.
Well, I'm off to suck really really bad at FreeCiv;-).
Idiot, actually I use WindowMaker. Unlike Windows idiots like you who fork over $100+ for WinXP -- w/c really isn't any different than Win2k in terms of stability, and offers no GUI improvements over Win95 -- which is unstable and doesn't come with alot of extras.
It costs 99 dollars for RedHat. For that you get a real OS with several different GUI options, including KDE and GNOME. You can install any other WindowManager or Desktop Manager you want. I use WindowMaker and Xfce. I've found WindowMaker to be a much better GUI than anything in Windows or MacOSX. Not as much wasted screen-space because of hide-away bars. So in terms of GUI's, the great advantage of Linux is that you get vast choice, vast configurabiltiy, and better efficiency once configured.
Unlike idiots like yourself, I also know that just as the GUI isn't Linux, NOR is the command line. Both are simply UI's to Linux. However, one of the nice advantages of Linux is that it includes a very powerful command line, which can suffice in-and-of itself, and allows for advanced functionality which you don't get by default in Windows (you have to download Cygwin); however, MacOSX (being *BSD/Mach) does have a real command line UI.
Another great advantage of Linux is that you get TONS of applications and utilities with distros for a very nominal price (NONE if you download it). How many extras do you get with Windows for 99 dollars? Not to mention, you can't download Windows for free.
Your the idiot who's following trends, not me. I'm looking for an OS which offers great value (i.e., a lot of applications bundled for very little cost, and that's Linux/BSD).
I'm looking for an OS which is very powerful in default configuration, and that's Linux not Windows (DOS command line is nothign compared to TCSH).
I'm looking for something which is stable: Linux, not Windows.
I'm looking for something which is secure, and where bugs are fixed quickly (and where I can fix bugs b/c the source is open): Linux, not Windows.
I'm looking for something which is completely configurable and customizable to my needs due to the source code being available: Linux, not Windows.
I'm looking for something which is fast and has little bloat: again, Linux, not Windows.
One last thing, something with real tech support due to competition: Linux, not Windows.
So, tell me Mr. Smartass, what exactly are the advantages of Windows, and are they really worth the hefty price-tag in dollars and in legal liability, not to mention loss of privacy and being an ass-slave to MS' intellectual property enforcement (read, BSA/MPAA/RIAA/MS coalition and Palladium)?
Well, I hate to break it to you all, but TimeWarner/AOL probably is NOT reading these Slashdot posts. If you want to have an impact, "send feedback" to your local Road Runner service. I sent this message to the the Rochester Road Runner "Feedback" form:
To whom it may concern:
I've heard on slashdot ( http://yro.slashdot.org/article.pl?sid=02/07/14/02 37258&mode=thread&tid=153 ) that Road Runner is blocking certain ports which use file-sharing and other types of internet software in certain cities, particularly Texas. I am e-mailing you to express my disapproval of that, and to tell you that I will strongly consider changing services should Road Runner do such in Rochester. I am paying to get access to the internet and other internet users, not that portion of the net and other users which TimeWarner/AOL thinks appropriate. You should be in the business of providing a bandwidth service, not determining how your users use that bandwidth.
Sly tricks like this and other forms of architectural control by ISP's is a sure way to severely anger customers. Other than blocking specific programs like KazaaLite, WinMX, or Gnutella clients, other despicable tactics would be providing faster access to sites which TimeWarner was affiliated with, slower access to sites of rivals (i.e., DSL home pages). What's next, is TW going to use its power over architecture to mandate that its users connect to RR with Windows/Mac through Internet explorer, and not on alternate OS' such as Linux, BeOS, etc, nor through alternate browsers like Mozilla (which I'm using now)?
These types of architectural controls are just the sort of nightmarish 1984 dystopia Lawrence Lessig described in "Code and Other Laws of Cyberspace".
I urge you not to not to use such architectural controls here in Rochester, and to abandon those ill-sighted attempts elsewhere.
On a separate note, I'd also like to ask TW to start trying to build architectures which allow a dynamic ballance of upload/download bandwidth depending on what a user does. I.e., at any given time, if at any given time a user has access to up to 500 KB/s of bandwidht total (upload and download), why should it be split up into 400 KB/s download and 100KB/s upload always, even if the user is not downloading anything but uploading something? In other words, you should engineer architectures to adjust the download/upload bandwidth alotted depending on what the user is doing.
After all, what do moms like to do more than decorate, re-decorate, un-decorate, and re-decorate again their houses? Then there's the endless re-organizing, bed-making, cloth-folding, cloth-ironing, vacuuming, etc etc etc.
It makes perfect sense that moms would like Linux. After, what other OS can they re-decorate the GUI as much in? What other OS could they order and re-order things in so much?
Do you work for Red Hat? You certainly seemed very biased, most likey you are a major stockholder or executive of some Linux company. Why else would you spend so much time defending Linux?
What a crock of shit. I'm biased because I don't blindly believe that whatever is told to me is completely representative of the truth? I'm biased because I'm asking the important questions that are relevant to security, not just the superficial ones?
It seems more like your the one who's biased, as you've completely ignored the valid point I made: the number of attacks against a system is irrelevant. Its only the percentage of successes and total number of successes.
Of course you do. It is bad news about linux. Just do what you do best; smear the numbers
Typical response of someone who's been blinded by propaganda. We know nothing about how this study was done, and little about the organization that did it, although they appear to be corporate (already a hint that they're unfairly biased).
Its only bad knews if you are shallow and don't consider anything beyond what was presented, as you have obviously done. Gee, there's twice as many attacks against Linux, that must be bad. That's like saying, "Gee, Allen Iverson shoots twice as much as anyone else, that must be good". Its not. The number of attempts are IRRELEVANT. The only thing that is relevant is the percentage of successes and the net number of successes.
There are pseudonymous chat and filesharing systems where all transfers go through a central server which masks the end-users IP addresses from one another.
Aside from the disadvantage you mentioned, this also has the disadvantage of being centralized similarly to Napster. A court can shut down such a service. Though perhaps there will eventually be a constitutional challenge to the Napster rulings.
No, they only need to litigate in the cases where the takedown notice isn't sufficient to cause the offender to cave and pull the content.
Which, if we inform the public, can be nearly every case. Each accused person has nothing to lose by denying the charge. If you make the public aware of that, then there will nearly everyone will deny the allegation within 24 hours. This could be done VERY easily. People who share files need to do so through a file-sharing program -- Kazaa, LimeWire, Bearshear, Phex, etc etc. Simply form a coalition of various people who offer file-sharing software, and have them all place a message on their program informing users what their rights are and that they have nothing to lose by denying any allegations. This and other measures aimed at the (mostly) tech-savy people who file-share, could quickly raise the number of denials from less than 0.1% to nearly 100%. Their scare-tactics would then be completely broken, and litigation isn't an option against 50,000 people.
On a similar vein, perhaps file-sharers should put together a common fund for defending ourselves against litigation.
rong. Given an IP number and a timestamp, the ISP can check their RADIUS or DHCP logs and determine who was assigned that IP at that time. These 'rights' you speak of, where were you granted them?
Gee, by the constitution, under freedom of speech. Freedom of speech isn't a right unless you have the means to speak. And being realistic, your rights can be violated by entities other than the government, including corporations, organizations, and people.
Firstly, I question the source on these studies. We are given no real details, only "the number of attacks is up from ~5000 all of last year to ~7000 half of this year". This is completely meaningless, as we don't know what kind of attacks, or anything about the sampling method.
Here's some critical questions of this study:
1. How was this data taken? What was the sampling method? What was considered an attack?
2. Of those attacks on Linux, how many were successful? What's important isn't the number of attacks attempted -- that is irrelevant -- but ratio of the number of attacks that succeeded over the number that were attempted: in other words, the probability that an attack will be successful. I bet on Linux, that number is way below 50% and on Windows -- '95, '98, 'ME, 2000, and XP -- its way above 50%.
3. Of the attacks that were successful, how many of them were because of Linux itself, and how many because of some poor application? Same question to Windows. This is a minor point. The OS should have control and prevent security lapses, despite how crappily third parties code.
4. What kind of attacks were these? Attacks is a very general word; there may be many successful minor attacks (i.e., crashing a system), but that's not as bad as a few successful major ones (i.e., wiping the entire hard drive of a system, stealing a credit card number, etc etc). In other words, how far into the OS did the attacks go. For Linux, a relevant question is "did the attack just breach a user's account, or did it penetrate to the root?"
5. There's a lot of different "brands" or "flavors" of Linux. This matters. You'd expect Corel Linux to have much weaker security than the NSA's release of Linux, or than (for example) RT Linux. Different releases of Linux ship with different security by default, and different extra security features.
6. What is being done about the problems?
Relating to 6, we can rest somewhat assured in terms of security for Linux, as its Free Software and/or Open Sourced Software. Well-known bugs will be fixed by someone, and if they aren't, an annoyed individual could always take the initiative.
What separates Linux from MS isn't just that its more secure, its also that bugs, security flaws, stability flaws, performance pitfalls, etc, are usually fixed much more rapidly than they are in MS.
Also, no one has mentioned the attacks on other stable OSS/FS software, such as OpenBSD. Somehow, I doubt there's been much success in attacking OpenBSD.
The solution here is to develop anonymous file-sharing techniques. Things where your IP address is masked, for instance. I believe he mentioned a program called "Flyster" which provides downloaders with anonymosity.
Also, lets get real here. This is a scare tactic which only works if you get scared. The MPAA/RIAA have neither the time nor desire (nor even the money) to actually litigate each one of these 50,000 cases out. You should automatically challenge these rulings, whether they're true or not. Chances are, they won't respond back. ISP's have to give you back access if you challenge the accusation, at least until the dispute has been litigated out. And chances are, the MPAA/RIAA isn't going to respond to any challenges of their accusations. It simply isn't feasable to sue 50,000 people, and increasing.
So there are two ways to fight this: one technological (anonymosity), the other "legal" (challenging the accusation within 24 hours).
They have their backwards beliefs about how intellectual property should be enforced draconianly, and how no fair-use should apply, and about increasing its scope, and increasing its duration ad-infinitum.
We have our ideals about freedom of information, democracy, freedom of speech, privacy, and an open society.
In other words, they represent fascist nazi values. We represent democratic values.
P.S. -- Another solution is to get on a broad-band connection with a dynamic IP; thus, IP numbers can't be traced back to a specific user. However, this raises its own problems as dynamics IP's take away users rights. You can't log into your own computer from remote w/ a dynamic IP; can't host a web page; etc etc.
The most likely scenario here is that they bought IP from SGI which SGI had given to the OpenGL project under a public/OSS/FS license. Thus, MS' claims are invalid. You can't put something into the public domain and then take it back. Sorry, that's just not permitted. Once something's in the public domain, its there forever.
When it is possible, please post links to the printer-friendly versions of stories. This way it loads faster on our computer, and we don't have to waste time going through as many corporate ads.
Mod this up if you don't want to look at so many corporate flashy banners because people don't link to printer-friendly versions of the story when applicable.
An alternate solution is simply to set up a random response system such that each "non trusted source" is sent an e-mail with your "ok password on it" but the "ok passwords" are generated dynamically and randomly by a random password generator, and each "ok password" is linked to a specific e-mail address, and will only work if used in correlation with that e-mail address.
To accomodate for potential contacts who may change e-mails rapidly, you may want to create one master "ok password" and give it only to people who your really trust. This would be a convenience for them when switching e-mails; however, it is a potential security flaw.
Someone mentioned TMDA, which is basically similar to the system I use.
Here's my system.
1. Make a comprehensive address book, listing all known contacts and companies you want information from.
2. Set up a filter to let any e-mail through which is in your address book or allowed senders list, OR to allow any e-mail through which has your "ok password" on it (i.e., anything with "32dje573hkjd3k:" is let through), unless an exception is noted.
3. Set up a web page which displays your "ok password" as a GRAPHIC IMAGE, not a text image.
4. Set up a filter such that any e-mail not from a known contact or without your "ok password" on it is automatically deleted, and a message sent back to the originator, "Your e-mail has been automatically deleted from that person's account, as you are not a trusted source. If you want to sent that person a message, go to http://www.persons-webpage.com and find his 'ok password'. Put his 'ok password' on your message title followed by a colon and the rest of the title, then re-send the message. The person you are trying to e-mail will then receive your message and evaluate whether or not your are a trust-worthy source. If he decides you are a spammer, flamer, or anything else of the kind, he'll take further measures to avoid getting e-mail from you".
5. Anyone who's a legit e-mail sender will do this. Then you can get their messages and add their e-mails to either your address book or "accepted e-mails list". Some spammers may do it to, but these will be few and far between; and then you can filter them out specifically.
APPENDIX: A note on your "ok password". Your "ok password" should NOT be static. It should change daily; and there should be multiple "ok passwords" daily which will be randomly displayed to each different user who enters the site. Use a random password generator to generate different passwords at various intervals, convert the text to a jpg graphic, and post it on your web-page.
Actually, no, a company needs a valid reason for firing an employee. For public companies (ones which the public owns stock in), this is reasonable.
Firing the employee who posted this internal memo is not a valid reason. This memo leaked no sensitive data, nor did it leak any trade secrets. Internal memo's are not necessarily trade secrets.
There is no valid reason for firing the person who sent this message; were (s)he fired, (s)he'd have grounds for a wrongful termination lawsuit.
My personal solution to SPAM is to ban all e-mails from anyone I don't know. If I get an e-mail from someone not on my address book or accepted e-mails list, its automatically deleted before I see it.
This requires actively maintaining a list of e-mails, but it is fool-proof for elminating spam, and won't filter out many legitimate messages from people you WANT to get messages from.
At my employer's firm, we have perfected the art of repelling those out to gain information by a 2-pronged approach. We run the callers through a maze of automated phone forwarding recordings to (eventually) a person who has no clue about anything.
Isn't that the way every company's support is?
For example, you call the police and you get:
Please enter the abbreviation for the state you are in
TX.
Please enter the letters for the city you are in
DALLAS.
Please enter your zip code
25636
Please enter your telephone number
485-1253
Please enter your last name
SMITH.
Please enter your first name
JOHN.
Please enter your sex
MALE.
Please tell us do you jerk off with your left or right hand
LEFT.
Please tell us what you are calling about: Enter 1 for reporting a crime in progress, 2 for reporting a past crime, 3 for reporting a crime you have reason to believe will be committed, 4 for inquiring about a suspect, 5 for filing complaints, 6 for all other issues
1.
Please identify the type of crime being committed: 1 for murder, 2 for rape, 3 for child molestation, 4 for torture, 5 for assault, 6 for robbery, 7 for drinking while driving, 8 for public indecency, 9 for all other types of crimes.
2.
Please identify the gender of the offender raping the victim
MALE.
Please hold. Your call will be answered in the order that it was received. Average wait times range from 30 minutes to 1 hour
10 min: Thank you for your patience. All of our police officers are currently busy. Please hold. Your patience is appreciated.
20min: Thank you for your patience. All of our police officers are currently busy. Please hold. Your patience is appreciated.
59 minutes: We're sorry, due to circumstances beyond our control, your call has been disconnected. Please call the police number again and re-enter your complaint.
The posting of this message was not harmful or malicious to AT&T or its security issues. Its only informative; you could say it may even give customers higher confidence. The person who posted it did nothing that would get him/her fired. If he were fired, (s)he'd have valid grounds to sue.
Furthermore, the reactions to this haven't been negative. There's nothing wrong with AT&T taking reasonable measures to insure that private customer information is kept private, and that the general security of their networks is maintained. Indeed, if they did anything else, that would be wrong and irresponsible.
Speaking as a cyber-libertarian, I can say that cyber-libertarian ideals don't include giving crackers free reign to break into confidential or private information. Indeed, if you allow such, you're destroying liberty, because you lose privacy rights. Cyber-liberties -- as Lessig has said -- can be violated not only by the government, but also by corporations, organizations, and other individuals.
Slashdot Mirror
This is yet another point demonstrating the superiority of OSS & FS.
Closed-sourced-software (CSS) can easily be regulated, because it often has immobile targets of regulation. Companies can't afford to dick around with defying government regulation.
However, try to regulate OSS / FS. Its not possible. Few things go into OSS / FS that users don't want, and if things go in there that users really don't want, they will eventually be purged (either by a fork, or by users individually who simply delete the offending lines of source code).
Part of the reason OSS / FS is not regulable is because you can't control what users do with it once they get it. A user gets OSS / FS software, and it can include all the DRM and spyware in the world -- doesn't matter if the user doesn't want it; the user can simply delete the offending lines of code, do a little bit of work, and recompile, or (s)he can hire someone else do to do that. It only takes one person to do this and then offer the modifications to the public -- possibly anonymously -- for the offending code to be removed from nearly every install. [it should be noted that this has even occured for CSS (refer to Kazaa, which includes virus', spyware, and adware, all of which were removed in KazaaLite)].
The other reason why OSS / FS can't be regulated is because of its very nature. How do you regulate something for which no one makes any profits, no one need reveal their identity to contribute to, and which is free as in freedom (and usually free as in beer)? You can't. Not effectively anyways. Sure, the government can drag its heels, but there is no effective way to regulate OSS / FS -- not even for an authoritarian state like China. Every move that is made attempting to regulate OSS / FS can easily be countered and alluded by OSS / FS devlopers.
Demand that no one release crytpo software w/o a gov't backdoor, the penalty being multi-million dollar fines and long jail time? Works great on all CSS and businesses. They'll be scared shitless; their execs and programmers too. Doesn't work at all on OSS / FS developers. They simply start developing and posting anonymously, possibly post from a server in another country, possibly move to another country, or publish the code from a public terminal.
This is not to say the government can't be an inconvenience. Taking special steps to post anonymously or posting from a public terminal is a nuisance, as would be (obviously) hosting software on a server outside one's own nation or moving to another nation. Obviously, we should work to make OSS / FS as unregulatable as possible. The CBGTA should not be allowed to in any way touch OSS / FS.
Obviously, one major key to making sure government regulations don't hinder OSS / FS is anonymosity. The government cannot regulate what it can't see. Regulation relies on having a target to be regulated -- i.e., the poster of the code. If one can't see that target, one can't effectively regulate. Another key is distribution. Even if the government can't regulate the developers themselves, it can target the servers they use to post their code to the world, taking it down. The way to deal with this is obviously mirrors, as well as working on distribution through P2P.
Perhaps legal clarifications about what is and is not, for example, "breaking and entering" are necessary; obviously, removing the end of a url or a port scan doesn't constitute that online.
To determine how I know these are obviously not breaking and entering, you have to go back to what makes breaking an entering wrong: because it violates a person's right to propertty and privacy.
In the case of deleting the last part of a url, that's not breaking/entering, because in offering a website to the public w/o access restrictions, its like having a garage sale. You can't have a garage sale and then sue someone for tresspassing when they come to inquire whats for sale. In other words, simply putting a site on the net without any restrictions implies that you want people to view it.
Though this bill is bad (in that its privacy-rights violations are unconstitutional) and rendant (in that everything it bans is already dealt with adequately by another law), it does not give the death penalty to a teenager who simply hacks into someone's computer. The death penalty is explicity reserved for cases where an online hacker knowingly causes the death of another person, or the rape, or the torture thereof (if either of those are possible to cause online). This is not uneven law. Its essentially the same law as exists in the real world.
Personally, I think that we should also give out life in prison to people like Gary Wennig (Gloal Crossings), Kenneth Lay (Enron), and Martha Stewart. These people ruined lives just as surely as if they'd killed individuals. You don't think their crimes are of similar magnitude as those of rape/murder/torture? Well, what are the effects of rape/murder/torture? In all cases, the victims life is over, ruined, or crippled for years. And the effects of Wennig, Lay, and Stewart stealing hundreds of millions of dollars from investors? The same. Thus, I think they should be given life in prison.
But if we are to do such, we should do so universally. We do not give life in prison to someone who kills with a machete and a slap on the wrist to someone who kills with Cyanide. Similarly for the internet. The tool with which a crime is carried out should not effect the punishment we deem appropriate.
First, survelliance without a court order is unconstitutional. This portion of the bill will surely be stricken down by the Supreme Court.
Second, the rest of the law is redundant and unnecessary. Crimes committed via the internet should receive the same punishment as those in the real-world, where the situation is analagous. For example, breaking and entering can be treated the same. Simply hacking into a persons computer is breaking and entering, even if it causes no damage; similarly, breaking/entering into a person's home, even if you do no damage or steal nothing (and don't damage the locks), is a crime.
When a hacker purposefully hacks into, say the USAF HQ, and steals top-secret documents on airplane design, then divulges them to China that's a crime just as it is in real life (treason). Similarly, it should be punishable just as it is in real life (by life in prison or death).
Another example, if a mob boss orders an underling to kill someone via an on-line e-mail, that's murder and conspiracy to commit murder. It should be punished just as it is in real life: by life in prison or death.
The fact that a crime took place over the media of the internet does not greaten or lessen its severity or lack-thereof. It simply creates a jurisdictional issue. The issue can be solved like such: if a crime is committed on the internet and its affect occurs in that state, then its the state's jurisdiction; if it occurs in one state and affects another (i.e., the mob boss in NY orders his hitman to kill someone in CA), then it should be under federal jurisdiction.
So, thanks to this dimwit, we have the re-number all the elements after 118...just freakin' great...that makes me real happy, since I just memorized every element in the PT and its number...now I have to relearn them all over again. ;-)
Your evil copy walks opposite the way you do -- everything mirror image. So you manipulate it so that he will fall off the ledge.
I'd forgotten about this project. Really, its been a long long long time since I've played Civ...I'm sure I'll enjoy this. Like a throw-back to the old days when there was Prince of Persia.
;-).
Well, I'm off to suck really really bad at FreeCiv
Idiot, actually I use WindowMaker. Unlike Windows idiots like you who fork over $100+ for WinXP -- w/c really isn't any different than Win2k in terms of stability, and offers no GUI improvements over Win95 -- which is unstable and doesn't come with alot of extras.
It costs 99 dollars for RedHat. For that you get a real OS with several different GUI options, including KDE and GNOME. You can install any other WindowManager or Desktop Manager you want. I use WindowMaker and Xfce. I've found WindowMaker to be a much better GUI than anything in Windows or MacOSX. Not as much wasted screen-space because of hide-away bars. So in terms of GUI's, the great advantage of Linux is that you get vast choice, vast configurabiltiy, and better efficiency once configured.
Unlike idiots like yourself, I also know that just as the GUI isn't Linux, NOR is the command line. Both are simply UI's to Linux. However, one of the nice advantages of Linux is that it includes a very powerful command line, which can suffice in-and-of itself, and allows for advanced functionality which you don't get by default in Windows (you have to download Cygwin); however, MacOSX (being *BSD/Mach) does have a real command line UI.
Another great advantage of Linux is that you get TONS of applications and utilities with distros for a very nominal price (NONE if you download it). How many extras do you get with Windows for 99 dollars? Not to mention, you can't download Windows for free.
Your the idiot who's following trends, not me. I'm looking for an OS which offers great value (i.e., a lot of applications bundled for very little cost, and that's Linux/BSD).
I'm looking for an OS which is very powerful in default configuration, and that's Linux not Windows (DOS command line is nothign compared to TCSH).
I'm looking for something which is stable: Linux, not Windows.
I'm looking for something which is secure, and where bugs are fixed quickly (and where I can fix bugs b/c the source is open): Linux, not Windows.
I'm looking for something which is completely configurable and customizable to my needs due to the source code being available: Linux, not Windows.
I'm looking for something which is fast and has little bloat: again, Linux, not Windows.
One last thing, something with real tech support due to competition: Linux, not Windows.
So, tell me Mr. Smartass, what exactly are the advantages of Windows, and are they really worth the hefty price-tag in dollars and in legal liability, not to mention loss of privacy and being an ass-slave to MS' intellectual property enforcement (read, BSA/MPAA/RIAA/MS coalition and Palladium)?
Well, I hate to break it to you all, but TimeWarner/AOL probably is NOT reading these Slashdot posts. If you want to have an impact, "send feedback" to your local Road Runner service. I sent this message to the the Rochester Road Runner "Feedback" form:
2 37258&mode=thread&tid=153 ) that Road Runner is blocking certain ports which use file-sharing and other types of internet software in certain cities, particularly Texas. I am e-mailing you to express my disapproval of that, and to tell you that I will strongly consider changing services should Road Runner do such in Rochester. I am paying to get access to the internet and other internet users, not that portion of the net and other users which TimeWarner/AOL thinks appropriate. You should be in the business of providing a bandwidth service, not determining how your users use that bandwidth.
To whom it may concern:
I've heard on slashdot ( http://yro.slashdot.org/article.pl?sid=02/07/14/0
Sly tricks like this and other forms of architectural control by ISP's is a sure way to severely anger customers. Other than blocking specific programs like KazaaLite, WinMX, or Gnutella clients, other despicable tactics would be providing faster access to sites which TimeWarner was affiliated with, slower access to sites of rivals (i.e., DSL home pages). What's next, is TW going to use its power over architecture to mandate that its users connect to RR with Windows/Mac through Internet explorer, and not on alternate OS' such as Linux, BeOS, etc, nor through alternate browsers like Mozilla (which I'm using now)?
These types of architectural controls are just the sort of nightmarish 1984 dystopia Lawrence Lessig described in "Code and Other Laws of Cyberspace".
I urge you not to not to use such architectural controls here in Rochester, and to abandon those ill-sighted attempts elsewhere.
On a separate note, I'd also like to ask TW to start trying to build architectures which allow a dynamic ballance of upload/download bandwidth depending on what a user does. I.e., at any given time, if at any given time a user has access to up to 500 KB/s of bandwidht total (upload and download), why should it be split up into 400 KB/s download and 100KB/s upload always, even if the user is not downloading anything but uploading something? In other words, you should engineer architectures to adjust the download/upload bandwidth alotted depending on what the user is doing.
After all, what do moms like to do more than decorate, re-decorate, un-decorate, and re-decorate again their houses? Then there's the endless re-organizing, bed-making, cloth-folding, cloth-ironing, vacuuming, etc etc etc.
It makes perfect sense that moms would like Linux. After, what other OS can they re-decorate the GUI as much in? What other OS could they order and re-order things in so much?
Do you work for Red Hat? You certainly seemed very biased, most likey you are a major stockholder or executive of some Linux company. Why else would you spend so much time defending Linux?
What a crock of shit. I'm biased because I don't blindly believe that whatever is told to me is completely representative of the truth? I'm biased because I'm asking the important questions that are relevant to security, not just the superficial ones?
It seems more like your the one who's biased, as you've completely ignored the valid point I made: the number of attacks against a system is irrelevant. Its only the percentage of successes and total number of successes.
Of course you do. It is bad news about linux. Just do what you do best; smear the numbers
Typical response of someone who's been blinded by propaganda. We know nothing about how this study was done, and little about the organization that did it, although they appear to be corporate (already a hint that they're unfairly biased).
Its only bad knews if you are shallow and don't consider anything beyond what was presented, as you have obviously done. Gee, there's twice as many attacks against Linux, that must be bad. That's like saying, "Gee, Allen Iverson shoots twice as much as anyone else, that must be good". Its not. The number of attempts are IRRELEVANT. The only thing that is relevant is the percentage of successes and the net number of successes.
There are pseudonymous chat and filesharing systems where all transfers go through a central server which masks the end-users IP addresses from one another.
Aside from the disadvantage you mentioned, this also has the disadvantage of being centralized similarly to Napster. A court can shut down such a service. Though perhaps there will eventually be a constitutional challenge to the Napster rulings.
No, they only need to litigate in the cases where the takedown notice isn't sufficient to cause the offender to cave and pull the content.
Which, if we inform the public, can be nearly every case. Each accused person has nothing to lose by denying the charge. If you make the public aware of that, then there will nearly everyone will deny the allegation within 24 hours. This could be done VERY easily. People who share files need to do so through a file-sharing program -- Kazaa, LimeWire, Bearshear, Phex, etc etc. Simply form a coalition of various people who offer file-sharing software, and have them all place a message on their program informing users what their rights are and that they have nothing to lose by denying any allegations. This and other measures aimed at the (mostly) tech-savy people who file-share, could quickly raise the number of denials from less than 0.1% to nearly 100%. Their scare-tactics would then be completely broken, and litigation isn't an option against 50,000 people.
On a similar vein, perhaps file-sharers should put together a common fund for defending ourselves against litigation.
rong. Given an IP number and a timestamp, the ISP can check their RADIUS or DHCP logs and determine who was assigned that IP at that time. These 'rights' you speak of, where were you granted them?
Gee, by the constitution, under freedom of speech. Freedom of speech isn't a right unless you have the means to speak. And being realistic, your rights can be violated by entities other than the government, including corporations, organizations, and people.
Firstly, I question the source on these studies. We are given no real details, only "the number of attacks is up from ~5000 all of last year to ~7000 half of this year". This is completely meaningless, as we don't know what kind of attacks, or anything about the sampling method.
Here's some critical questions of this study:
1. How was this data taken? What was the sampling method? What was considered an attack?
2. Of those attacks on Linux, how many were successful? What's important isn't the number of attacks attempted -- that is irrelevant -- but ratio of the number of attacks that succeeded over the number that were attempted: in other words, the probability that an attack will be successful. I bet on Linux, that number is way below 50% and on Windows -- '95, '98, 'ME, 2000, and XP -- its way above 50%.
3. Of the attacks that were successful, how many of them were because of Linux itself, and how many because of some poor application? Same question to Windows. This is a minor point. The OS should have control and prevent security lapses, despite how crappily third parties code.
4. What kind of attacks were these? Attacks is a very general word; there may be many successful minor attacks (i.e., crashing a system), but that's not as bad as a few successful major ones (i.e., wiping the entire hard drive of a system, stealing a credit card number, etc etc). In other words, how far into the OS did the attacks go. For Linux, a relevant question is "did the attack just breach a user's account, or did it penetrate to the root?"
5. There's a lot of different "brands" or "flavors" of Linux. This matters. You'd expect Corel Linux to have much weaker security than the NSA's release of Linux, or than (for example) RT Linux. Different releases of Linux ship with different security by default, and different extra security features.
6. What is being done about the problems?
Relating to 6, we can rest somewhat assured in terms of security for Linux, as its Free Software and/or Open Sourced Software. Well-known bugs will be fixed by someone, and if they aren't, an annoyed individual could always take the initiative.
What separates Linux from MS isn't just that its more secure, its also that bugs, security flaws, stability flaws, performance pitfalls, etc, are usually fixed much more rapidly than they are in MS.
Also, no one has mentioned the attacks on other stable OSS/FS software, such as OpenBSD. Somehow, I doubt there's been much success in attacking OpenBSD.
The solution here is to develop anonymous file-sharing techniques. Things where your IP address is masked, for instance. I believe he mentioned a program called "Flyster" which provides downloaders with anonymosity.
Also, lets get real here. This is a scare tactic which only works if you get scared. The MPAA/RIAA have neither the time nor desire (nor even the money) to actually litigate each one of these 50,000 cases out. You should automatically challenge these rulings, whether they're true or not. Chances are, they won't respond back. ISP's have to give you back access if you challenge the accusation, at least until the dispute has been litigated out. And chances are, the MPAA/RIAA isn't going to respond to any challenges of their accusations. It simply isn't feasable to sue 50,000 people, and increasing.
So there are two ways to fight this: one technological (anonymosity), the other "legal" (challenging the accusation within 24 hours).
They have their backwards beliefs about how intellectual property should be enforced draconianly, and how no fair-use should apply, and about increasing its scope, and increasing its duration ad-infinitum.
We have our ideals about freedom of information, democracy, freedom of speech, privacy, and an open society.
In other words, they represent fascist nazi values. We represent democratic values.
P.S. -- Another solution is to get on a broad-band connection with a dynamic IP; thus, IP numbers can't be traced back to a specific user. However, this raises its own problems as dynamics IP's take away users rights. You can't log into your own computer from remote w/ a dynamic IP; can't host a web page; etc etc.
Yes, but SGI donated their patents to the public domain by allowing them to be used in OpenGL, hence no company can claim restrictive rights on them.
The most likely scenario here is that they bought IP from SGI which SGI had given to the OpenGL project under a public/OSS/FS license. Thus, MS' claims are invalid. You can't put something into the public domain and then take it back. Sorry, that's just not permitted. Once something's in the public domain, its there forever.
When it is possible, please post links to the printer-friendly versions of stories. This way it loads faster on our computer, and we don't have to waste time going through as many corporate ads.
Mod this up if you don't want to look at so many corporate flashy banners because people don't link to printer-friendly versions of the story when applicable.
An alternate solution is simply to set up a random response system such that each "non trusted source" is sent an e-mail with your "ok password on it" but the "ok passwords" are generated dynamically and randomly by a random password generator, and each "ok password" is linked to a specific e-mail address, and will only work if used in correlation with that e-mail address.
To accomodate for potential contacts who may change e-mails rapidly, you may want to create one master "ok password" and give it only to people who your really trust. This would be a convenience for them when switching e-mails; however, it is a potential security flaw.
Someone mentioned TMDA, which is basically similar to the system I use.
Here's my system.
1. Make a comprehensive address book, listing all known contacts and companies you want information from.
2. Set up a filter to let any e-mail through which is in your address book or allowed senders list, OR to allow any e-mail through which has your "ok password" on it (i.e., anything with "32dje573hkjd3k:" is let through), unless an exception is noted.
3. Set up a web page which displays your "ok password" as a GRAPHIC IMAGE, not a text image.
4. Set up a filter such that any e-mail not from a known contact or without your "ok password" on it is automatically deleted, and a message sent back to the originator, "Your e-mail has been automatically deleted from that person's account, as you are not a trusted source. If you want to sent that person a message, go to http://www.persons-webpage.com and find his 'ok password'. Put his 'ok password' on your message title followed by a colon and the rest of the title, then re-send the message. The person you are trying to e-mail will then receive your message and evaluate whether or not your are a trust-worthy source. If he decides you are a spammer, flamer, or anything else of the kind, he'll take further measures to avoid getting e-mail from you".
5. Anyone who's a legit e-mail sender will do this. Then you can get their messages and add their e-mails to either your address book or "accepted e-mails list". Some spammers may do it to, but these will be few and far between; and then you can filter them out specifically.
APPENDIX: A note on your "ok password". Your "ok password" should NOT be static. It should change daily; and there should be multiple "ok passwords" daily which will be randomly displayed to each different user who enters the site. Use a random password generator to generate different passwords at various intervals, convert the text to a jpg graphic, and post it on your web-page.
Actually, no, a company needs a valid reason for firing an employee. For public companies (ones which the public owns stock in), this is reasonable.
Firing the employee who posted this internal memo is not a valid reason. This memo leaked no sensitive data, nor did it leak any trade secrets. Internal memo's are not necessarily trade secrets.
There is no valid reason for firing the person who sent this message; were (s)he fired, (s)he'd have grounds for a wrongful termination lawsuit.
Hey, tough shit.
My personal solution to SPAM is to ban all e-mails from anyone I don't know. If I get an e-mail from someone not on my address book or accepted e-mails list, its automatically deleted before I see it.
This requires actively maintaining a list of e-mails, but it is fool-proof for elminating spam, and won't filter out many legitimate messages from people you WANT to get messages from.
At my employer's firm, we have perfected the art of repelling those out to gain information by a 2-pronged approach. We run the callers through a maze of automated phone forwarding recordings to (eventually) a person who has no clue about anything.
Isn't that the way every company's support is?
For example, you call the police and you get:
Please enter the abbreviation for the state you are in
TX.
Please enter the letters for the city you are in
DALLAS.
Please enter your zip code
25636
Please enter your telephone number
485-1253
Please enter your last name
SMITH.
Please enter your first name
JOHN.
Please enter your sex
MALE.
Please tell us do you jerk off with your left or right hand
LEFT.
Please tell us what you are calling about: Enter 1 for reporting a crime in progress, 2 for reporting a past crime, 3 for reporting a crime you have reason to believe will be committed, 4 for inquiring about a suspect, 5 for filing complaints, 6 for all other issues
1.
Please identify the type of crime being committed: 1 for murder, 2 for rape, 3 for child molestation, 4 for torture, 5 for assault, 6 for robbery, 7 for drinking while driving, 8 for public indecency, 9 for all other types of crimes.
2.
Please identify the gender of the offender raping the victim
MALE.
Please hold. Your call will be answered in the order that it was received. Average wait times range from 30 minutes to 1 hour
10 min: Thank you for your patience. All of our police officers are currently busy. Please hold. Your patience is appreciated.
20min: Thank you for your patience. All of our police officers are currently busy. Please hold. Your patience is appreciated.
59 minutes: We're sorry, due to circumstances beyond our control, your call has been disconnected. Please call the police number again and re-enter your complaint.
The posting of this message was not harmful or malicious to AT&T or its security issues. Its only informative; you could say it may even give customers higher confidence. The person who posted it did nothing that would get him/her fired. If he were fired, (s)he'd have valid grounds to sue.
Furthermore, the reactions to this haven't been negative. There's nothing wrong with AT&T taking reasonable measures to insure that private customer information is kept private, and that the general security of their networks is maintained. Indeed, if they did anything else, that would be wrong and irresponsible.
Speaking as a cyber-libertarian, I can say that cyber-libertarian ideals don't include giving crackers free reign to break into confidential or private information. Indeed, if you allow such, you're destroying liberty, because you lose privacy rights. Cyber-liberties -- as Lessig has said -- can be violated not only by the government, but also by corporations, organizations, and other individuals.