That if Blizzard would have said, "hey, we don't mind bnetd, we think it's really cool, but could you maybe put some serial number verification code in the bugger as not to encourage piracy?" and given them the code to do so, it probably would have been a win-win for everyone.
Of course, business is as business does, and business does a lot of shooting itself in the foot.
I will not buy Warcraft III. I will not buy Starcraft II if they ever make the damned thing. Pity, Blizzard. You make good games, but the two of your probably could have actually worked this out in much better ways.
It's not going to be a big a deal as you think, because of the way it's set up.
(Note: I've never seen the software, all this is based on how I *think* it would have to work. YMMV.)
(Note: I'm probably going to hell, because you know the Commies are reading this, and they'll use this stuff just the same as your company will.)
The system does no initial discovery, you have to know the address of an upstream node. Presumably, any folks using this within your company are probably going to know each other, and they're going to have one, maybe two upstream nodes that they're connecting to.
Syslog your firewall port 443 (or whatever port this thing ends us using - - if it's not port 443, even easier!), and every so often, check the destination addresses. You'll find your PaB users soon enough.
If, once the inital connection is made to a known node, the system jumps around from node to node, then scan for single machines making large numbers of SSL connections to different addresses.
If it *is* truely P2P, then the machines inside your organization are also nodes. Portscan your machines for the incoming port(s), and they'll show up easily.
Also, if you have an intranet, chances are the proxy's going to try to contact an external peer for your own internal web offerings. You'll be getting help desk calls that your people can't see your intranet soon after this thing's put in place.
*evil bofh grin*
I think it's going to be easy to pick out inside any network.
So, the Cable Companies don't seem to realize two things:
1. Private, residential users use VPN technology, too. I've done site-to-site VPN with friends and relatives.
2. As time goes on, more and more home technology will gain internet connectivity, virtually ensuring that security measures, such as VPN become *very* widespread home/residential technology.
True, if you're using TCP/IP and nothing higher. Shove a simple gateway on top of TCP/IP (or gateways, really, in multiple locations) and you can get the behavior you're looking for, I think.
I post this link every time something like this pops up. It's an idea I had last summer, I think, that's along these lines. One of these days, someone will actually read it:
I dunno. Call me crazy for being one of maybe 6 people on the planet who actually enjoyed this series, but here's why I liked it:
1. Cool Rock n' Rollish theme song. Enough of that classical shit. Rock n' Roll's long been our adventuring, road-tripping, coming-of-age music. That it was kind of mellow, contemplative rock seemed to really fit. The imagery during the title sequence really sets a mood, too. One of risk, accomplishment, venturing into the unknown. It fits. Very well.
2. I don't care about Trek "history." So what if Worf is going to say something hundreds of years in the future about how the Klingons changed appearance or that the war with the Klingons was due to botched first contact? I hope they don't stick to it too rigidly. I like that there isn't yet a Prime Directive (but how much do you want to make a bet that we see it before the end of the series?) I also like the fact that they didn't try to create props that would have had to look like they predated the first series. (My God, what a disaster that would have been.) I'll take this series and judge it mostly on it's own merits, thank you.
3. I can't recall hearing one computer sound like Ms. Roddenbarret. Maybe I just missed it, but I hope not.
My only nitpicky thing: Using the transporter to save major ass in the pilot. That could have waited a few episodes. But that was the only cheese moment, as far as I'm concerned.
If I had to rate it, I'd give it 4.5 out of 5. A damned good start. Good luck, folks, and let's hope it's a long, interesting voyage.
Here's something I came up with about the time Carnivore hit the news that wouldn't take a big corporation full of ex-intelligence (yeah, right.) officers to implement:
Yes, Pepsi could do that, or a record label could do that, but they won't, because the would have too release *their* recording under the terms of the Open License, too.
It doesn't seem to me that it could work, reliably, because it relies upon the query to an AVES-compatible DNS server to get things running.
What if the client doesn't make a DNS request (local host file storing hostnames, for example), or caches older DNS requests? What if a non-AVES DNS server resolves the request rather than the authoritative AVES server?
In the words of Dana Carvey as George Bush, "Na gonna work."
Careful port mapping will help you alleviate most of your NAT-related incoming connection issues. Those that can't, as in the case of Napster, and a lot of games that use UDP and/or dynamic ports to shuttle information back and forth would probably be better handled by a more intelligent NAT box and some sort of a standard Dynamic Port Translation protocol, where UDP app 1 and 2 communicate with each other an any intermediate NAT box to determine what port(s) each will accept data on, and to where it should be pointed inside the private network.
You wanna know the way to beat the DCMA and stuff like this from the EU?
Easy
Beat 'em in the marketplace.
That's right. Beat 'em in the marketplace.
Fuck the lawyers, fuck the legislators. You can't sue em, you can't buy 'em. Beat 'em where you can always beat 'em, and that's in the marketplace.
Go into business and create and/or distribute digital content and devices to play it back that do *not* have any encryption or copy protection in them. Stand up for the fair use of the consumer. Proclaim that fact loud and proud.
(Be willing to take a hit from piracy, because it's going to happen. Just because you're good to people doesn't mean that people are going to be good back to you. Do what you have to do -- go after the Napsters and the Gnutella's and the rest of the thieves out there, but don't use the shotgun tactics today's media companies are trying to use, because they won't work.)
And, of course, once your fair-use protecting media and devices take off in the marketplace, be sure to license the technology to the other bastards for some ungodly amount of money.
A person can use the DCMA to nail you for forwarding a piece of email that they've sent you. A person can REALLY try to send you to hell if he'd ROT-13'd the message to you first, and you sent it to someone else after ROT-13ing it again.
A person can use the DCMA to nail you for converting a jpeg to a gif. Apparently even if it's for your own use.
A person could nail you for stripping the tags out of a paragraph in a page of HTML, apparently even if for you own use. If that page of HTML arrived on your PC via SSL, look out. You're going to hell.
The DCMA would prevent me from splicing two reel-to-reel tapes together into one long tape with a peice of scotch tape. (Doesn't have to be hi-tech. You're still using technology that they don't want you to to do things to their material that they don't want you to do. Or burning the contents of those tapes on to one CD. Even for my own personal use.
See, the thing about the DCMA is not that it tries to protect copyrights. It overreaches that. The DCMA seeks to mandate acceptable use of pieces of technology, seeks to grant manufacturers the right to say *how* you may view their material -- preferably on their devices, and their devices only. It's not about protecting their copyrights -- it's about protecting their investment/sales of hardware to play it back. That's monopolistic. Bigtime. And it's wrong.
I'm assuming this refers to HIPAA, the Health Insurance Portability and Accountability Act of 1996, and I'm amazed that the NY Times couldn't even come up with a name for what they're reporting on. HIPAA's really not new news - - health care's been dealing with it now for 4 years, really seriously now in the last year that the regs and the data formats are starting to come down the pike.
It's been estimated that HIPAA compliance will cost the Health Care industry twice what Y2K cost the bloody *world*. Sounds like fun, doesn't it?
I think the scariest thing this article has brought to light is the "discussion" here -- a bunch of one-liners and propaganda. It's frightening the number of folks who don't take it the least bit seriously.
You're right -- there is no one standard protocol -- There's two: ESP (Encapsulated Security Payload, Protocol 51) and AH (Authentication Header, Protocol 50 [I think. It may be 52.]).
ESP by itself encapsulates the entire payload (thus the acronym.), encrypts it, and sends it along.
AH by itself [I think. Fuzzier on AH moreso than ESP] just adds a checksum or hash to the packet headed by which you can verify that the contents of the packet haven't been manipulated.
The two can be used together, or separately. AH doesn't work very well, for example, through NAT boxes.
There's also PPTP, but nobody uses/relies on it (if they do, they probably shouldn't.)
I hope Roadrunner, my cable modem provider, doesn't pull this same stuff.
It really is a shame. These so-called service providers need to wise up and realize that Internet service isn't one-way any more, and that a being able to log onto the office securely from home and being able to VPN into my home network are vital, essential, acceptable uses for their service. As it is, they're saying that I don't have the right to protect my property or information over their service, and neither does my employer. That's crap.
First off, if these registrars and their related organizations would follow their own rules, most of this would not be a problem.
The most important of these being, "One domain name per entity." The second being, ".com for commercial folk,.edu for education,.net for net-related folks,.org for (non-profit) organizations, and so on."
But no. These people will give 40 addresses from several TLDs to the same people for the same domain. That's bull. If they'd stick to their guns, and tell em, "Uh, no. Pick *one* that you really want, and stick to it." We would not have this problem.
Anyone ready to start up their own Top-Level domain service?
Slashdot Mirror
1. Over a billion chinese, and you're going to recognize a clone or two?
2. You'd think they'd clone rice or toilet paper, instead.
Uh... "ensuing," even. (And that's probably spelled wrong, too.)
... name your company. The unsuing bad press will put a stop to that right away.
That if Blizzard would have said, "hey, we don't mind bnetd, we think it's really cool, but could you maybe put some serial number verification code in the bugger as not to encourage piracy?" and given them the code to do so, it probably would have been a win-win for everyone.
Of course, business is as business does, and business does a lot of shooting itself in the foot.
I will not buy Warcraft III. I will not buy Starcraft II if they ever make the damned thing. Pity, Blizzard. You make good games, but the two of your probably could have actually worked this out in much better ways.
It's not going to be a big a deal as you think, because of the way it's set up.
(Note: I've never seen the software, all this is based on how I *think* it would have to work. YMMV.)
(Note: I'm probably going to hell, because you know the Commies are reading this, and they'll use this stuff just the same as your company will.)
The system does no initial discovery, you have to know the address of an upstream node. Presumably, any folks using this within your company are probably going to know each other, and they're going to have one, maybe two upstream nodes that they're connecting to.
Syslog your firewall port 443 (or whatever port this thing ends us using - - if it's not port 443, even easier!), and every so often, check the destination addresses. You'll find your PaB users soon enough.
If, once the inital connection is made to a known node, the system jumps around from node to node, then scan for single machines making large numbers of SSL connections to different addresses.
If it *is* truely P2P, then the machines inside your organization are also nodes. Portscan your machines for the incoming port(s), and they'll show up easily.
Also, if you have an intranet, chances are the proxy's going to try to contact an external peer for your own internal web offerings. You'll be getting help desk calls that your people can't see your intranet soon after this thing's put in place.
*evil bofh grin*
I think it's going to be easy to pick out inside any network.
Hmmm.
I wonder if you could keep enough of the filesystem up to run, say, firewalling and TUX. (TUX *is* a kernel-resident www server, correct?)
If so, that's a neat possibility. Serve web pages off a machine runlevel 0 machine.
I use LEAF/LRP based routers a lot, I'm going to fiddle with one of them and see if I can't get them to run halted.
So, the Cable Companies don't seem to realize two things:
1. Private, residential users use VPN technology, too. I've done site-to-site VPN with friends and relatives.
2. As time goes on, more and more home technology will gain internet connectivity, virtually ensuring that security measures, such as VPN become *very* widespread home/residential technology.
True, if you're using TCP/IP and nothing higher. Shove a simple gateway on top of TCP/IP (or gateways, really, in multiple locations) and you can get the behavior you're looking for, I think.
I post this link every time something like this pops up. It's an idea I had last summer, I think, that's along these lines. One of these days, someone will actually read it:
It's Here.
1. Cool Rock n' Rollish theme song. Enough of that classical shit. Rock n' Roll's long been our adventuring, road-tripping, coming-of-age music. That it was kind of mellow, contemplative rock seemed to really fit. The imagery during the title sequence really sets a mood, too. One of risk, accomplishment, venturing into the unknown. It fits. Very well. 2. I don't care about Trek "history." So what if Worf is going to say something hundreds of years in the future about how the Klingons changed appearance or that the war with the Klingons was due to botched first contact? I hope they don't stick to it too rigidly. I like that there isn't yet a Prime Directive (but how much do you want to make a bet that we see it before the end of the series?) I also like the fact that they didn't try to create props that would have had to look like they predated the first series. (My God, what a disaster that would have been.) I'll take this series and judge it mostly on it's own merits, thank you.
3. I can't recall hearing one computer sound like Ms. Roddenbarret. Maybe I just missed it, but I hope not.
My only nitpicky thing: Using the transporter to save major ass in the pilot. That could have waited a few episodes. But that was the only cheese moment, as far as I'm concerned.
If I had to rate it, I'd give it 4.5 out of 5. A damned good start. Good luck, folks, and let's hope it's a long, interesting voyage.
No wonder it went nuts and tried to kill us all.
Ed R.Zahurak
I pray to God that nobody spent millions on that study.
I'd also like to have a copy of that "hey, buddy! I'm doing a research project, could you tell me what your passwords are?" list.
Ed R.Zahurak
Ed R.Zahurak
With any luck, there will be a way, via the Document Object Model, to detect this and turn it off, like I did with ThirdVoice.
And I can't wait for Microsoft to cease-and-desist me when I try.
Ed R.Zahurak
http://www.digitech.org/~tjunkie/idea.html
It's a pretty simple idea, not very flashy, and, oh, it's a freaking bandwidth hog. But, same time, it might be fun to play with.
Ed R.Zahurak
Ed R.Zahurak
What if the client doesn't make a DNS request (local host file storing hostnames, for example), or caches older DNS requests? What if a non-AVES DNS server resolves the request rather than the authoritative AVES server?
In the words of Dana Carvey as George Bush, "Na gonna work."
Careful port mapping will help you alleviate most of your NAT-related incoming connection issues. Those that can't, as in the case of Napster, and a lot of games that use UDP and/or dynamic ports to shuttle information back and forth would probably be better handled by a more intelligent NAT box and some sort of a standard Dynamic Port Translation protocol, where UDP app 1 and 2 communicate with each other an any intermediate NAT box to determine what port(s) each will accept data on, and to where it should be pointed inside the private network.
Ed R.Zahurak
Easy
Beat 'em in the marketplace.
That's right. Beat 'em in the marketplace.
Fuck the lawyers, fuck the legislators. You can't sue em, you can't buy 'em. Beat 'em where you can always beat 'em, and that's in the marketplace. Go into business and create and/or distribute digital content and devices to play it back that do *not* have any encryption or copy protection in them. Stand up for the fair use of the consumer. Proclaim that fact loud and proud.
(Be willing to take a hit from piracy, because it's going to happen. Just because you're good to people doesn't mean that people are going to be good back to you. Do what you have to do -- go after the Napsters and the Gnutella's and the rest of the thieves out there, but don't use the shotgun tactics today's media companies are trying to use, because they won't work.)
And, of course, once your fair-use protecting media and devices take off in the marketplace, be sure to license the technology to the other bastards for some ungodly amount of money.
Ed R.Zahurak
The best dumb examples I can think of are these:
A person can use the DCMA to nail you for forwarding a piece of email that they've sent you. A person can REALLY try to send you to hell if he'd ROT-13'd the message to you first, and you sent it to someone else after ROT-13ing it again.
A person can use the DCMA to nail you for converting a jpeg to a gif. Apparently even if it's for your own use.
A person could nail you for stripping the tags out of a paragraph in a page of HTML, apparently even if for you own use. If that page of HTML arrived on your PC via SSL, look out. You're going to hell.
The DCMA would prevent me from splicing two reel-to-reel tapes together into one long tape with a peice of scotch tape. (Doesn't have to be hi-tech. You're still using technology that they don't want you to to do things to their material that they don't want you to do. Or burning the contents of those tapes on to one CD. Even for my own personal use.
See, the thing about the DCMA is not that it tries to protect copyrights. It overreaches that. The DCMA seeks to mandate acceptable use of pieces of technology, seeks to grant manufacturers the right to say *how* you may view their material -- preferably on their devices, and their devices only. It's not about protecting their copyrights -- it's about protecting their investment/sales of hardware to play it back. That's monopolistic. Bigtime. And it's wrong.
Ed R.Zahurak
Ahem. Anyhoo.
I'm assuming this refers to HIPAA, the Health Insurance Portability and Accountability Act of 1996, and I'm amazed that the NY Times couldn't even come up with a name for what they're reporting on. HIPAA's really not new news - - health care's been dealing with it now for 4 years, really seriously now in the last year that the regs and the data formats are starting to come down the pike.
It's been estimated that HIPAA compliance will cost the Health Care industry twice what Y2K cost the bloody *world*. Sounds like fun, doesn't it?
Ed R.Zahurak
"And the company that will bring it to you... is AT&T"
20 years later...
"And the company that will stick it to you... is AT&T"
Ed R.Zahurak
>VRML is not HTML.
>And a fish is not a bicycle.
So you're saying that Feminists don't need VRML?
Ed R.Zahurak
Ed R.Zahurak
Don't worry, though. I'd say you're still more up on American politics than your average American. :)
ESP by itself encapsulates the entire payload (thus the acronym.), encrypts it, and sends it along.
AH by itself [I think. Fuzzier on AH moreso than ESP] just adds a checksum or hash to the packet headed by which you can verify that the contents of the packet haven't been manipulated.
The two can be used together, or separately. AH doesn't work very well, for example, through NAT boxes.
There's also PPTP, but nobody uses/relies on it (if they do, they probably shouldn't.)
I hope Roadrunner, my cable modem provider, doesn't pull this same stuff.
It really is a shame. These so-called service providers need to wise up and realize that Internet service isn't one-way any more, and that a being able to log onto the office securely from home and being able to VPN into my home network are vital, essential, acceptable uses for their service. As it is, they're saying that I don't have the right to protect my property or information over their service, and neither does my employer. That's crap.
The most important of these being, "One domain name per entity." The second being, ".com for commercial folk, .edu for education, .net for net-related folks, .org for (non-profit) organizations, and so on."
But no. These people will give 40 addresses from several TLDs to the same people for the same domain. That's bull. If they'd stick to their guns, and tell em, "Uh, no. Pick *one* that you really want, and stick to it." We would not have this problem.
Anyone ready to start up their own Top-Level domain service?