For those of you who don't know. Dutch auctions are only useful to the seller if the buyers anticipate a lot of people investing at the stated price. Pretty much describes Google here.
Since the price goes *down* from there, Google is relying on a lot of (for lack of a better term) stupid geek-types to buy at the $108-$135 price. If you put in a bid at $75ish, you might still get shares.
What's nice about the Dutch auction is you get to pay what you think the shares are actually worth. If you pay at the $108-$135 range, you're going to be seriously overpaying and will be disappointed when the stock starts selling publicly at $85 by the guys that got a thousand shares at $75.
These are just example prices, but it totally rewards the people who bid lower and still get at least some of the stock whereas those that bid high get all they bid for.
It's kind of lame that Google is doing it this way, IMHO, because they will end up totally scamming some of their biggest supporters into paying such a high price. That is, some of those in the/. crowd that can afford to invest in them.
Hope those of you that actually bid $135 think it's really worth it, cause you're most likely to be disappointed in the long run.
But to each his own. I could end up being wrong about it. There are articles about this stuff: http://slate.msn.com/id/1002736/ http://b iz.yahoo.com/ibd/040709/tech_2.html
Basically, Google is ensuring that "insiders" don't get rich off of them, but that doesn't help *you*, the average investor, at all if you are looking short term and not long term.
I think by choosing Dutch they are looking for long term investors.
Actually, this is a great deal of what botnets are designed to do. There are legitimate sounding spamming institutions out there that hire shady botnet herders for their spam services. These institutions will approach mom and pop businesses or small companies and offer to promote their website.
After using the botnet herder to generate and send out tens of thousands of spam messages, they can then also simulate traffic to the poor webhost, giving a minor/. effect which makes the mom and pop operation think they are getting a great deal out of the marketing. They must be generating a lot of traffic if their web host is saying so!
And the spamming institution tries to sell them more on it. If no one is buying, they'll use the "well, maybe there's something about your product that makes it hard to sell online!" and offer to remedy whatever issue they agree needs fixed to improve sales.
Meanwhile the botnet herder uses a couple of his "phat" college and corporate connections to do file trading on IRC. If you get rid of spamming, you're also getting rid of other underground warez and movie outlets. To some people, the only reason why they don't actively hunt down spammers is for two reasons:
1) It's a kid, usually no older than 16. No one wants to be responsible for ruining his life.
2) That same kid is responsible for the following: my Spiderman 2 DVD I had the weekend after it came out, The King Arthur DVD I had the same weekend it came out, and the DVD-quality DVD of Chronicles of Riddick I had a week after it was in the theater.
I am capable of it, but if I'm not getting paid to do it: why hunt these kids down? Why bite the hand that feeds me?
So, the license is viral, doesn't allow changing the license (but is non-copyleft because it doesn't require source code), and has restrictions that the GPL doesn't have... tell me again why this is a *better* license than the GPL?
Because if I decide to sell my code and release a more pathetic free version for those aspiring coders, I won't have RMS and the FSF complaining about how much I suck.
It's too bad that nuclear power provokes such a backlash of emotion that thoughts like the above poster's aren't giving considerable weight.
The fact is, nuclear power can and will solve all our our energy problems. The problem of nuclear power is merely one of "waste" and what to do with it. The upside to this is that with the power of nuclear energy, we could be launching waste out of the planet within a decade.
Non-renewable resources drying up should *not* be an issue, but they are because of the fear of nuculear power. The next logical step was perceived for some reason as illogical, and now we're years behind because of it.
In the case of the Akamai incident, the vulnerable service was DNS. Paul Vixie, architect of BIND (Berkeley Internet Name Domain) and president of the Internet Systems Consortium, charged that Akamai's proprietary approach to DNS makes it a single point of failure. He added that the 13 DNS root servers, which weathered a vicious DDoS attack in 2002, are even more defensible today than they were back then. The root servers are resilient, Vixie said, because their operators embrace diversity. "We deliberately use different operating systems, different name server implementations, different kinds of routers, different kinds of switches, different kinds of CPUs, and especially, different operational procedures," Vixie told Internetnews.com.
He's not talking about how great Akamai is. He's talking about how great everyone else is.
On another note: What the heck does this story have to do with Akamai operators fighting DDoS attacks? They more than likely sat with their thumbs up their rears contemplating how having such a structured and inflexible DNS system could possibly be in err.
two of my friends believe that private ownership of nuclear weapons is justifiable under the second amendment. They own 'semi-automatic' weapons and one of them has been in court over it. He still owns his guns, so I assume he resolved it.
"consensus seems to be that private ownership of nuclear weapons is justifiable by the second amendment."
Which is why you replied as an AC. Libel isn't the proper term (IANAL, and neither is jamie), but it *is* an outright lie for jamie to suggest what he does. It's almost as if he's trying to use Slashdot as a bully pulpit to con IBM into doing what he wants.
Like I said, I would like nothing more than to hear IBM say they won't go after anyone who uses.GIF, but for jamie to suggest "consensus seems to be that IBM would lose any court action" that is downright dirty without evidence to back that claim up. He should have included a link to Groklaw or other site that suggested the same thing. You, of course, agree. That is why you posted this as an AC.
So, how much did Konica Minolta pay for this ad? I mean, if you analyze the actual content, there's NOTHING to this that would signify this post is a "story" or even remotely newsworthy.
Welcome to Slashdot, where we debate the commonplace if we can't find a better way to work in an advertisement.
Why yes, nothing to lose. Which is exactly why you're practically begging them.
... though the consensus seems to be that IBM would lose any court action it tried to bring.
No offense jamie, but you should really refrain from making things up like this. There is no one anywhere with any sort of legal background that would agree with this. Hell, it's probably libel to say that. It most assuredly is an outright lie.
If IBM releases it, then that's great, but don't try to badger them into it.
While an avid browser will most likely notice the dialog box and do a spyware check, what you are proposing is actually a really interesting way of duping the user. I would highly suggest you pose these issues to Full-Disclosure mailing list. They will accept any email submission, even if it involves some GUI trickery to exploit.
I don't know of any spyware that currently uses this method to install, but I have seen plenty that continually load after you've clicked no and say "YOU MUST CLICK *YES* IN ORDER TO DOWNLOAD THE PR0N!".
Yes. I am stating exactly that. Well, with the exception of Shell.Application, which wasn't even an option until Jelmer introduced it a few months back. Arguably, it is still not feasible to do. The "feasible" way to abuse Shell.Application is to use mshta.exe to call an ADODB.Stream capable file.
Basically, if you want to arbitrarily call any.exe, the ideal method for the last 11 months has been to abuse the ADODB.Stream object. Spyware will adapt now, but it will adapt by using Shell.Application to either try to load a file via tftp, ftp, or just hack the registry to revert the kill bit on ADODB.Stream (which is how it is inevitably going to happen).
I don't think the patch that turns off ADODB.Stream is pointless, because it kills 98% of Spyware deployment as we now see it. IMHO, that's a good thing, even if it is relatively short lived.
It's too bad MS made it a public thing though, several security "professionals" have been making money off of scripts that do this one registry hack.
If you're a consultant, they want your help, so they should let you do what you need to. Even as a security consultant, with the intention to break or steal, you can get a way with a lot.
If they are not letting you in with your watch, I'd say they are security concious enough. But then again, if they give you web access, you can just as easily upload to a webpage. (But at least they'll have a log of that)
Coolwebsearch has used multiple vulnerabilities over the last year or so all exploiting ADODB.Stream. One method it used early on did involve the MS JVM. In fact, many of the malware for the time previous to a year ago used other vulnerabilities. Around September of last year there was a huge amount of attention given to ADODB.Stream, however, including the release of a payload delivering PERL script of my own design. I figured it'd get MS to rethink the object, but they didn't until lately. My guess is that a real patch for the newest vulns is a ways off and this latest one is just to alleviate that fact.
It is used by IE exploits and, to a lesser extent, some ActiveX applications. It is also used by Admins. But the ActiveX use has never been very straightforward. It's been abused from day one by malware authors.
there have been other arbitrary-code-execution vulnerabilities in Internet Explorer during the time period you mention.
Fair enough. Now name one that doesn't use ADODB.Stream to get its payload to the client. There are two that I know of, but I'm sure you don't, so I'll let you go Google for a while. The reason they aren't that huge of a deal is because they aren't nearly as dynamic and flexible and still have the problem of the compromised machine not having the payload. (unless the payload is an executable under 2k)
I find and fix Mozilla security holes as a hobby and I think you're making stuff up.
I'm glad you were wholly unable to find one example, cause it makes your assumption of BS pointless. The onace is still on you to prove me wrong.
In case you weren't aware, Best Buy makes at most 1 to 2% on the products they sell. It's why they are often just as cheap as Walmart. They make their money on the service plans, which is why you have to put up with it. If you realize this before you go in you'll be fine.
When someone asks you if you want to buy the service plan, say (in your politest voice): "I don't want a fscking service plan." They won't ask again. If they do, drop it and leave, come back some other day.
Slashdot Mirror
Actually, this happens a LOT for US IPOs. Sometimes it is even *required by law*.
I like your sig. I used to have one that went:
"The entire world is now dominated by one group, of which, no one who will ever read this has any recourse."
When are they going to send a probe to Uranus?
And I mean that in every nice way possible. There's actually a reason to study some of the moons there.
I really didn't see anything political about it. It made fun of everything.
For those of you who don't know. Dutch auctions are only useful to the seller if the buyers anticipate a lot of people investing at the stated price. Pretty much describes Google here.
/. crowd that can afford to invest in them.
b iz.yahoo.com/ibd/040709/tech_2.html
Since the price goes *down* from there, Google is relying on a lot of (for lack of a better term) stupid geek-types to buy at the $108-$135 price. If you put in a bid at $75ish, you might still get shares.
What's nice about the Dutch auction is you get to pay what you think the shares are actually worth. If you pay at the $108-$135 range, you're going to be seriously overpaying and will be disappointed when the stock starts selling publicly at $85 by the guys that got a thousand shares at $75.
These are just example prices, but it totally rewards the people who bid lower and still get at least some of the stock whereas those that bid high get all they bid for.
It's kind of lame that Google is doing it this way, IMHO, because they will end up totally scamming some of their biggest supporters into paying such a high price. That is, some of those in the
Hope those of you that actually bid $135 think it's really worth it, cause you're most likely to be disappointed in the long run.
But to each his own. I could end up being wrong about it. There are articles about this stuff:
http://slate.msn.com/id/1002736/
http://
Basically, Google is ensuring that "insiders" don't get rich off of them, but that doesn't help *you*, the average investor, at all if you are looking short term and not long term.
I think by choosing Dutch they are looking for long term investors.
And...
Agent Smith as Elrond.
Oh... wait...
Actually, this is a great deal of what botnets are designed to do. There are legitimate sounding spamming institutions out there that hire shady botnet herders for their spam services. These institutions will approach mom and pop businesses or small companies and offer to promote their website.
/. effect which makes the mom and pop operation think they are getting a great deal out of the marketing. They must be generating a lot of traffic if their web host is saying so!
After using the botnet herder to generate and send out tens of thousands of spam messages, they can then also simulate traffic to the poor webhost, giving a minor
And the spamming institution tries to sell them more on it. If no one is buying, they'll use the "well, maybe there's something about your product that makes it hard to sell online!" and offer to remedy whatever issue they agree needs fixed to improve sales.
Meanwhile the botnet herder uses a couple of his "phat" college and corporate connections to do file trading on IRC. If you get rid of spamming, you're also getting rid of other underground warez and movie outlets. To some people, the only reason why they don't actively hunt down spammers is for two reasons:
1) It's a kid, usually no older than 16. No one wants to be responsible for ruining his life.
2) That same kid is responsible for the following: my Spiderman 2 DVD I had the weekend after it came out, The King Arthur DVD I had the same weekend it came out, and the DVD-quality DVD of Chronicles of Riddick I had a week after it was in the theater.
I am capable of it, but if I'm not getting paid to do it: why hunt these kids down? Why bite the hand that feeds me?
So, the license is viral, doesn't allow changing the license (but is non-copyleft because it doesn't require source code), and has restrictions that the GPL doesn't have... tell me again why this is a *better* license than the GPL?
Because if I decide to sell my code and release a more pathetic free version for those aspiring coders, I won't have RMS and the FSF complaining about how much I suck.
It's too bad that nuclear power provokes such a backlash of emotion that thoughts like the above poster's aren't giving considerable weight.
The fact is, nuclear power can and will solve all our our energy problems. The problem of nuclear power is merely one of "waste" and what to do with it. The upside to this is that with the power of nuclear energy, we could be launching waste out of the planet within a decade.
Non-renewable resources drying up should *not* be an issue, but they are because of the fear of nuculear power. The next logical step was perceived for some reason as illogical, and now we're years behind because of it.
In the case of the Akamai incident, the vulnerable service was DNS. Paul Vixie, architect of BIND (Berkeley Internet Name Domain) and president of the Internet Systems Consortium, charged that Akamai's proprietary approach to DNS makes it a single point of failure. He added that the 13 DNS root servers, which weathered a vicious DDoS attack in 2002, are even more defensible today than they were back then. The root servers are resilient, Vixie said, because their operators embrace diversity. "We deliberately use different operating systems, different name server implementations, different kinds of routers, different kinds of switches, different kinds of CPUs, and especially, different operational procedures," Vixie told Internetnews.com.
He's not talking about how great Akamai is. He's talking about how great everyone else is.
On another note: What the heck does this story have to do with Akamai operators fighting DDoS attacks? They more than likely sat with their thumbs up their rears contemplating how having such a structured and inflexible DNS system could possibly be in err.
Except for this is not just a user, this is an editor on /.
two of my friends believe that private ownership of nuclear weapons is justifiable under the second amendment. They own 'semi-automatic' weapons and one of them has been in court over it. He still owns his guns, so I assume he resolved it.
"consensus seems to be that private ownership of nuclear weapons is justifiable by the second amendment."
Why would you post this comment as an AC?
Does it ever strike you as odd that stories that hit the front page about products often have some of the least interesting history behind them?
Like I said, I would like nothing more than to hear IBM say they won't go after anyone who uses .GIF, but for jamie to suggest "consensus seems to be that IBM would lose any court action" that is downright dirty without evidence to back that claim up. He should have included a link to Groklaw or other site that suggested the same thing. You, of course, agree. That is why you posted this as an AC.
Welcome to Slashdot, where we debate the commonplace if we can't find a better way to work in an advertisement.
And it's neither supported by the current Mozilla build nor IE:
http://libmng.sourceforge.net/downloadbrowsers.h tml
Why yes, nothing to lose. Which is exactly why you're practically begging them.
... though the consensus seems to be that IBM would lose any court action it tried to bring.
No offense jamie, but you should really refrain from making things up like this. There is no one anywhere with any sort of legal background that would agree with this. Hell, it's probably libel to say that. It most assuredly is an outright lie.
If IBM releases it, then that's great, but don't try to badger them into it.
While an avid browser will most likely notice the dialog box and do a spyware check, what you are proposing is actually a really interesting way of duping the user. I would highly suggest you pose these issues to Full-Disclosure mailing list. They will accept any email submission, even if it involves some GUI trickery to exploit.
I don't know of any spyware that currently uses this method to install, but I have seen plenty that continually load after you've clicked no and say "YOU MUST CLICK *YES* IN ORDER TO DOWNLOAD THE PR0N!".
Yes. I am stating exactly that. Well, with the exception of Shell.Application, which wasn't even an option until Jelmer introduced it a few months back. Arguably, it is still not feasible to do. The "feasible" way to abuse Shell.Application is to use mshta.exe to call an ADODB.Stream capable file.
.exe, the ideal method for the last 11 months has been to abuse the ADODB.Stream object. Spyware will adapt now, but it will adapt by using Shell.Application to either try to load a file via tftp, ftp, or just hack the registry to revert the kill bit on ADODB.Stream (which is how it is inevitably going to happen).
Basically, if you want to arbitrarily call any
I don't think the patch that turns off ADODB.Stream is pointless, because it kills 98% of Spyware deployment as we now see it. IMHO, that's a good thing, even if it is relatively short lived.
It's too bad MS made it a public thing though, several security "professionals" have been making money off of scripts that do this one registry hack.
If you're a consultant, they want your help, so they should let you do what you need to. Even as a security consultant, with the intention to break or steal, you can get a way with a lot.
If they are not letting you in with your watch, I'd say they are security concious enough. But then again, if they give you web access, you can just as easily upload to a webpage. (But at least they'll have a log of that)
Coolwebsearch has used multiple vulnerabilities over the last year or so all exploiting ADODB.Stream. One method it used early on did involve the MS JVM. In fact, many of the malware for the time previous to a year ago used other vulnerabilities. Around September of last year there was a huge amount of attention given to ADODB.Stream, however, including the release of a payload delivering PERL script of my own design. I figured it'd get MS to rethink the object, but they didn't until lately. My guess is that a real patch for the newest vulns is a ways off and this latest one is just to alleviate that fact.
It is used by IE exploits and, to a lesser extent, some ActiveX applications. It is also used by Admins. But the ActiveX use has never been very straightforward. It's been abused from day one by malware authors.
Fair enough. Now name one that doesn't use ADODB.Stream to get its payload to the client. There are two that I know of, but I'm sure you don't, so I'll let you go Google for a while. The reason they aren't that huge of a deal is because they aren't nearly as dynamic and flexible and still have the problem of the compromised machine not having the payload. (unless the payload is an executable under 2k)
I find and fix Mozilla security holes as a hobby and I think you're making stuff up.
I'm glad you were wholly unable to find one example, cause it makes your assumption of BS pointless. The onace is still on you to prove me wrong.
In case you weren't aware, Best Buy makes at most 1 to 2% on the products they sell. It's why they are often just as cheap as Walmart. They make their money on the service plans, which is why you have to put up with it. If you realize this before you go in you'll be fine.
When someone asks you if you want to buy the service plan, say (in your politest voice): "I don't want a fscking service plan." They won't ask again. If they do, drop it and leave, come back some other day.
No offense taken.
I'm not exactly the most trustworthy person anyway, I've been compromising computers for the last 5 years.