Obligatory French joke
on
Cracking GSM
·
· Score: 0, Troll
Interestingly enough, GSM crypto was designed by French 'military specialists', which has raised the usual (probably justified) suspicions of backdoors.
Not only that, but considering the historical precedent of the French in military conflicts, I'm surprised it puts in any effort what so ever.
The person clicking - presumably the person who bought this authorized copy of the distribution media (not a pirate copy, which is a separate issue) - and the company whence the license originates. I really don't see the ambiguity in who the parties are.
Try signing a check or credit card receipt with that sort of rationale and see how well it goes over. Or even a private IOU, to put a bit of distance between the example and the law.
Are you claiming that "do not try this at home" does *not* indemnify the producers of Jackass from lawsuits next time some kids sets himself on fire? Sure. Does this indemnify the maker of supposedly "flame retardant" pajamas? No.
Does "do not use while showering" indemnify makers of hair dryers from lawsuit should someone electrocute themselves in the shower? Yes. Does it indemnify them against the dryer electrocuting a customer when used "properly"? No.
There is no signature or proof of understanding with warning labels that dictate proper usage and scope of liability. Once you are duly informed of the terms of use, you use the product. In the case of the EULA, one could argue that your agreement to the license is necessary for use of the product - from the perspective of the software company. The agreement is just as prominent, if not more so, as a warning label.
That's a fair point, but the example was intended to show the absurdity of the idea that ignorance is an excuse.
I don't know how legally binding the EULA is - it needs testing in court. But I would say that, if agreement to it is a condition of use, and use is not necessary for basic necessities of life, then it will be hard to argue against the EULA in whatever shape is is presented. Use of software is a privilege, not a right, and the "owner" can set whatever terms they want.
How about "No shoes, no shirt, no service"? The rule may be there due to health code requirements, but it is private property and there is no crime being comitted in getting a burger while barefoot - especially at a beach.
Similarly with parking sideways in a mall parking lot. There is no crime, just a violation of private parking policy, yet the management has the right to tow your car for not parking between the lines - and there isn't a notice for anyone to read, it is simply presumed that you understand the convention.
Point being that ignorance, especially when the "rules" (private though they may be) are forthcoming, can not reasonably make for an excuse for non-compliance.
Of course, obscuring the terms, making them unavailable, implied, ambiguous or otherwise unreasonable to understand, access or decline, changes the context fully. I'm only arguing against the use of ignorance to justify breaking terms of use.
Just wait until the government retracts the list as "unconstitutional" or something of that sort, and then SELLS ALL THOSE NUMBERS, in the name of helping out the economy.
When it comes time that someone actually tries to enforce one in court, the fact that no one ever reads them will make a good case for them being invalid
" No, officer. I didn't actually READ the posted speed limit. May I go now? "
Last I checked, being ignorant of the terms of an agreement one enters into, when those terms are made clear and available, does not excuse one from abiding by those terms.
If the agreement was INSIDE the shrinkwrap (as has been tried before), and you are made to agree to it by opening the box, then you would be right. But, as you are given the opportunity to not agree to the terms, logic (not Law, since Law and logic are not always in sync) dictates that the terms are, in fact, binding.
A video clip of "Goatse.cx guy and tubgirl together at last" may indeed be very, very rotten, but in Denmark, it's legal. So keep your aesthetic judgments to yourself. Puritan!;)
So, how long will it take for a utility (WinAmp plug-in) to emerge, that adds or removes a sub-second long moment of silence to/from the beginning/end of every mp3 given to it as a parameter?
Re:I think you missed the point
on
P2P Spam?
·
· Score: 1
Of course you're right, with a few assumptions.
First, the worm author is subject to "local" law, and is the one to sell access tot he worm's mailing capabilities. The author could be anywhere in the world, and could only be making the API to the worm available - possibly through a number of layers of abstraction.
In fact, it's entirely possible that the API to the worm could be "discovered" by someone who would then sell it to spammers (or provide a service to access it) without being the original author of the worm.
Further, a link to the spammer yields nothing in the way of information on the worm author. Certainly no more so than an 800 number to a call center assures you that the person answering the phone is actually employed by your credit card company.
Assume spam deals are managed on a golf course someplace. There certainly is no law saying that connectivity between spammers needs to be as well documented as the financial dealings of major corporations (Enron anyone?). All it takes is a check and a handshake, and a website explaining the API on how to harness the SpamNet.
I think you missed the point
on
P2P Spam?
·
· Score: 1
It's not the addresses that are for sale. It's the network that does the mailing - a distributed spam-house, one that can not be shut down at the source.
Or, in slashdotterese: Imagine a Beowulf cluster of spam servers...
Telling quote from the article
on
Diamonds & the RIAA
·
· Score: 3, Insightful
"If people really love each other, then they give each other the real stone"
Now... I have never, ever used the "If you loved me you'd sleep with me|suck my dick|swallow|let me fuck your sister|whatever else" bullshit.
I've always thought that sort of attitude was eminently disrespectful to anyone with whom you could possibly have any kind of relationship what so ever. It's something only the completely immoral assholes use on mindless, pathetic simulacra. And I say "immoral", not "amoral", since the statement entails a subversion of a pretense of emotional values.
But, De Beers clearly seems to think it works. It seems to think that this is a perfectly acceptable way to communicate with their clients, in their relationship with us. So, we have that same immoral to simulacrum relationship.
It's nice to be called a "worthless cunt" to your face, isn't it folks?
The media does seem to have a bit of an agenda, doesn't it? Far from "fair and balanced" to say the least.
I don't mind putting pressure on MS to clean up their act, but doing so by way of scaring people who are already too apprehensive about nuclear power is simply not right. That statement of course betrays my own bias, as I am a vocal supporter of properly managed nuclear energy. Still, exploiting popular ignorance to achieve one's goals, no matter how honorable, is unethical. (Someone should explain this to the politicians, eh?;) )
As for saying that the system administrators at the compromised facilities should be fired, that too is unfair. As has been pointed out, all it takes is one rogue employee who brings in a compromised laptop, or sets up a modem in his office, and your firewall, no matter how judiciously maintained and patched, is suddenly useless.
This is Microsoft's fault. Worm-storms like the ones we're seeing are indicative of a design flaw in email systems - primarily those of Microsoft's making. The problem is very hierarchical, and I'm sure all the sys admins out there are grateful to Microsoft for their continued employment while they tear their hair out over each successive bug. However, one must admit that were Microsoft to make their software not prone to this sort of exploitation by default, the problem would be greatly diminished. It would then be necessary for admins to secure their networks only against people who deliberately open their systems up to contagion - and such action would be easier to localize and eliminate.
There is no way an exposed, critical system would ever get NRC approval.
he phrasing of the article, while not incorrect, is woefully incomplete, and thus irresponsibly misleading.
Nuclear plants have safety critical systems, which are hardwired and isolated. They also have duplicate, completely passive "monitoring" systems. These provide the same information as the critical systems, but are for reporting purposes (not control) only. These non-critical systems make their plant telemetry data available, via fiber for electrical isolation and then a leased land-line, to off-site facilities.
These facilities include the utility company, the NRC, the plant designer company and others. There is very little control over these systems because they are essentially "syndication feeds" where plant data can be stored, observed and so on. They have no influence back to the plant. The plant is, in effect, broadcasting status information out to these select interested parties.
What these parties do with the data, and how they treat it, is largely up to them. The systems receiving this data do not require the degree of isolation that plant systems themselves do. They're regular LANs, and don't need to be anything more sophisticated than that. But, since they are receiving and processing plant monitoring data, they can be considered part of the "safety monitoring system on a nuclear power plant".
What this sounds like is the failure of a second or third tier of monitoring and processing. Sort of like having a local office of Charles Schwab go down due to the virus, and having the article say that the "virus took out Charles Schwab's ability to function". Or, upon www.weather.com going down, stating that the virus caused the National Weather Forecasting system to fail.
All they have to do is show the code to a former business major. The cheating and underhandedness of which the geeks never think is part and parcel of the business curriculum. In fact, I'm quite sure there's a whole section dedicated to the practice on the LSATs - so if not management, IBM's legal department could easily see to it.
Cringely just discovered the problem with outsourcing your IT competence. Someone pat that genius on the back.
Of course IT seeks to remain relevant, just like any other department. Most internal money is spent on make-work that just reminds everyone of everyone else's role. Hell, half the feature creep and spec shifting is just management's way of reminding everyone that the middle-managers exist. After all, their sole purpose is making life easier for the workers, but if they did that successfully, like security experts, they would appear completely redundant.
It's a wise CE/IO who keeps IT in-house, thereby tieing their livelihood to the success and well-being of the company. Outsourced IT is like paying a pharmacological company for drugs for a terminal patient. They'll help keep you alive to profit from your problems, but they won't want to make you better since then you might not need them.
That's understandable. But the rarity of the outage has to be factored into the "resiliency". Every summer we get local outages due to locally spiking load. The system absorbs this just fine, and has for 40 years.
Now, I'm not saying we should just leave it as is. Not at all. As soon as we know what the trigger here was, we correct for it. But, all in all, the system works remarkably well.
This is a minor crisis in terms of consequence and probability of recurrence, and calling for an overhaul of the infrastructure is myopic. This event is not indicative of a fundamental flow in the design of the multigrid. It just shows up that the compensatory hand-off between grids can, at peak load, cascade upstream to the closest, biggest anchor power plant.
Without a drastic resegmenting of the multigrid, this can not be fixed in a way that will not make small, local blackouts much more fequent and long lasting. The alternative is to keep the current hand-off system in place, but to add capacity to push the maximum managable peak load out of the realm of possibility. Obviously, then the question in either case becomes "who's to pay for it?"
If you think of "deregulation" as an economic and political concept, then it makes perfect sense to talk of increasing it. Optimal linguistic expression is not necessarily optimal semantic expression. More people understand "deregulation" than "regulation", and so it makes more sense to talk in terms of the former.
Slashdot Mirror
Interestingly enough, GSM crypto was designed by French 'military specialists', which has raised the usual (probably justified) suspicions of backdoors.
Not only that, but considering the historical precedent of the French in military conflicts, I'm surprised it puts in any effort what so ever.
Now, had the Germans designed it...
The person clicking - presumably the person who bought this authorized copy of the distribution media (not a pirate copy, which is a separate issue) - and the company whence the license originates. I really don't see the ambiguity in who the parties are.
Try signing a check or credit card receipt with that sort of rationale and see how well it goes over. Or even a private IOU, to put a bit of distance between the example and the law.
Are you claiming that "do not try this at home" does *not* indemnify the producers of Jackass from lawsuits next time some kids sets himself on fire? Sure. Does this indemnify the maker of supposedly "flame retardant" pajamas? No.
Does "do not use while showering" indemnify makers of hair dryers from lawsuit should someone electrocute themselves in the shower? Yes. Does it indemnify them against the dryer electrocuting a customer when used "properly"? No.
There is no signature or proof of understanding with warning labels that dictate proper usage and scope of liability. Once you are duly informed of the terms of use, you use the product. In the case of the EULA, one could argue that your agreement to the license is necessary for use of the product - from the perspective of the software company. The agreement is just as prominent, if not more so, as a warning label.
That's a fair point, but the example was intended to show the absurdity of the idea that ignorance is an excuse.
I don't know how legally binding the EULA is - it needs testing in court. But I would say that, if agreement to it is a condition of use, and use is not necessary for basic necessities of life, then it will be hard to argue against the EULA in whatever shape is is presented. Use of software is a privilege, not a right, and the "owner" can set whatever terms they want.
How about "No shoes, no shirt, no service"? The rule may be there due to health code requirements, but it is private property and there is no crime being comitted in getting a burger while barefoot - especially at a beach.
Similarly with parking sideways in a mall parking lot. There is no crime, just a violation of private parking policy, yet the management has the right to tow your car for not parking between the lines - and there isn't a notice for anyone to read, it is simply presumed that you understand the convention.
Point being that ignorance, especially when the "rules" (private though they may be) are forthcoming, can not reasonably make for an excuse for non-compliance.
Of course, obscuring the terms, making them unavailable, implied, ambiguous or otherwise unreasonable to understand, access or decline, changes the context fully. I'm only arguing against the use of ignorance to justify breaking terms of use.
Just wait until the government retracts the list as "unconstitutional" or something of that sort, and then SELLS ALL THOSE NUMBERS, in the name of helping out the economy.
When it comes time that someone actually tries to enforce one in court, the fact that no one ever reads them will make a good case for them being invalid
" No, officer. I didn't actually READ the posted speed limit. May I go now? "
Last I checked, being ignorant of the terms of an agreement one enters into, when those terms are made clear and available, does not excuse one from abiding by those terms.
If the agreement was INSIDE the shrinkwrap (as has been tried before), and you are made to agree to it by opening the box, then you would be right. But, as you are given the opportunity to not agree to the terms, logic (not Law, since Law and logic are not always in sync) dictates that the terms are, in fact, binding.
Does this barcode spec have enough dataspace to represent all the barcodes that can be generated from the spec, AND anything else? Huh?
Those MIT people think they're *so* smart...
A video clip of "Goatse.cx guy and tubgirl together at last" may indeed be very, very rotten, but in Denmark, it's legal. So keep your aesthetic judgments to yourself. Puritan! ;)
So, how long will it take for a utility (WinAmp plug-in) to emerge, that adds or removes a sub-second long moment of silence to/from the beginning/end of every mp3 given to it as a parameter?
RIAA: "Only hackers."
Trinity: "Hash *this*!"
So there.
Well, it *is* ironic!
... melons to melons?
(I'm sorry. I've been drinking.)
Of course you're right, with a few assumptions.
First, the worm author is subject to "local" law, and is the one to sell access tot he worm's mailing capabilities. The author could be anywhere in the world, and could only be making the API to the worm available - possibly through a number of layers of abstraction.
In fact, it's entirely possible that the API to the worm could be "discovered" by someone who would then sell it to spammers (or provide a service to access it) without being the original author of the worm.
Further, a link to the spammer yields nothing in the way of information on the worm author. Certainly no more so than an 800 number to a call center assures you that the person answering the phone is actually employed by your credit card company.
Assume spam deals are managed on a golf course someplace. There certainly is no law saying that connectivity between spammers needs to be as well documented as the financial dealings of major corporations (Enron anyone?). All it takes is a check and a handshake, and a website explaining the API on how to harness the SpamNet.
It's not the addresses that are for sale. It's the network that does the mailing - a distributed spam-house, one that can not be shut down at the source.
Or, in slashdotterese: Imagine a Beowulf cluster of spam servers...
"If people really love each other, then they give each other the real stone"
Now... I have never, ever used the "If you loved me you'd sleep with me|suck my dick|swallow|let me fuck your sister|whatever else" bullshit.
I've always thought that sort of attitude was eminently disrespectful to anyone with whom you could possibly have any kind of relationship what so ever. It's something only the completely immoral assholes use on mindless, pathetic simulacra. And I say "immoral", not "amoral", since the statement entails a subversion of a pretense of emotional values.
But, De Beers clearly seems to think it works. It seems to think that this is a perfectly acceptable way to communicate with their clients, in their relationship with us. So, we have that same immoral to simulacrum relationship.
It's nice to be called a "worthless cunt" to your face, isn't it folks?
The media does seem to have a bit of an agenda, doesn't it? Far from "fair and balanced" to say the least.
;) )
I don't mind putting pressure on MS to clean up their act, but doing so by way of scaring people who are already too apprehensive about nuclear power is simply not right. That statement of course betrays my own bias, as I am a vocal supporter of properly managed nuclear energy. Still, exploiting popular ignorance to achieve one's goals, no matter how honorable, is unethical. (Someone should explain this to the politicians, eh?
As for saying that the system administrators at the compromised facilities should be fired, that too is unfair. As has been pointed out, all it takes is one rogue employee who brings in a compromised laptop, or sets up a modem in his office, and your firewall, no matter how judiciously maintained and patched, is suddenly useless.
This is Microsoft's fault. Worm-storms like the ones we're seeing are indicative of a design flaw in email systems - primarily those of Microsoft's making. The problem is very hierarchical, and I'm sure all the sys admins out there are grateful to Microsoft for their continued employment while they tear their hair out over each successive bug. However, one must admit that were Microsoft to make their software not prone to this sort of exploitation by default, the problem would be greatly diminished. It would then be necessary for admins to secure their networks only against people who deliberately open their systems up to contagion - and such action would be easier to localize and eliminate.
Fucking Laptop Users!
There is no way an exposed, critical system would ever get NRC approval.
he phrasing of the article, while not incorrect, is woefully incomplete, and thus irresponsibly misleading.
Nuclear plants have safety critical systems, which are hardwired and isolated. They also have duplicate, completely passive "monitoring" systems. These provide the same information as the critical systems, but are for reporting purposes (not control) only. These non-critical systems make their plant telemetry data available, via fiber for electrical isolation and then a leased land-line, to off-site facilities.
These facilities include the utility company, the NRC, the plant designer company and others. There is very little control over these systems because they are essentially "syndication feeds" where plant data can be stored, observed and so on. They have no influence back to the plant. The plant is, in effect, broadcasting status information out to these select interested parties.
What these parties do with the data, and how they treat it, is largely up to them. The systems receiving this data do not require the degree of isolation that plant systems themselves do. They're regular LANs, and don't need to be anything more sophisticated than that. But, since they are receiving and processing plant monitoring data, they can be considered part of the "safety monitoring system on a nuclear power plant".
What this sounds like is the failure of a second or third tier of monitoring and processing. Sort of like having a local office of Charles Schwab go down due to the virus, and having the article say that the "virus took out Charles Schwab's ability to function". Or, upon www.weather.com going down, stating that the virus caused the National Weather Forecasting system to fail.
All they have to do is show the code to a former business major. The cheating and underhandedness of which the geeks never think is part and parcel of the business curriculum. In fact, I'm quite sure there's a whole section dedicated to the practice on the LSATs - so if not management, IBM's legal department could easily see to it.
Cringely just discovered the problem with outsourcing your IT competence. Someone pat that genius on the back.
Of course IT seeks to remain relevant, just like any other department. Most internal money is spent on make-work that just reminds everyone of everyone else's role. Hell, half the feature creep and spec shifting is just management's way of reminding everyone that the middle-managers exist. After all, their sole purpose is making life easier for the workers, but if they did that successfully, like security experts, they would appear completely redundant.
It's a wise CE/IO who keeps IT in-house, thereby tieing their livelihood to the success and well-being of the company. Outsourced IT is like paying a pharmacological company for drugs for a terminal patient. They'll help keep you alive to profit from your problems, but they won't want to make you better since then you might not need them.
That's understandable. But the rarity of the outage has to be factored into the "resiliency". Every summer we get local outages due to locally spiking load. The system absorbs this just fine, and has for 40 years.
Now, I'm not saying we should just leave it as is. Not at all. As soon as we know what the trigger here was, we correct for it. But, all in all, the system works remarkably well.
This is a minor crisis in terms of consequence and probability of recurrence, and calling for an overhaul of the infrastructure is myopic. This event is not indicative of a fundamental flow in the design of the multigrid. It just shows up that the compensatory hand-off between grids can, at peak load, cascade upstream to the closest, biggest anchor power plant.
Without a drastic resegmenting of the multigrid, this can not be fixed in a way that will not make small, local blackouts much more fequent and long lasting. The alternative is to keep the current hand-off system in place, but to add capacity to push the maximum managable peak load out of the realm of possibility. Obviously, then the question in either case becomes "who's to pay for it?"
Did you know that there are many (as many as half??) New Yorkers who have never been outside of New York City??
A city-wide outage is one thing. A regional one, that affects several major cities, in multiple countries no less, is quite another.
New York is huge, but it is just one city. There's a whole planet outside The City, just as there is a whole planet outside the USA.
No, it's not. It's simply not unbreakable. Considering the date of the last regional outage, the Northeastern power grid is damned resilient.
Show me something else that runs 24/7 and has done so for the last 38 years.
If you think of "deregulation" as an economic and political concept, then it makes perfect sense to talk of increasing it. Optimal linguistic expression is not necessarily optimal semantic expression. More people understand "deregulation" than "regulation", and so it makes more sense to talk in terms of the former.