Wouldn't this be easily killed by simply having the webpage dynamically generate a page with a life of 15 minutes or less?
It's poor authentication on the server side. The browser is hitting links that it's given, and if you're doing something important, you shouldn't rely on the browser being fixed. The proper solution is for the server to give out a unique key with every form or link that needs to be secure, and if the key received don't match one given out to that user, it's rejected. Crackers wouldn't know which key you were given and so they couldn't make a malicious form or link for you to click.
The server also needs to be sure the user logs out using a timeout, and with supported browsers, some javascript that lets you know when they've left your page. And finally, at a higher business perspective, you shouldn't do something that can't be undone when it's initiated from an unsecure browser. E.g. Make sure you can untransfer any money.
One browser side change I can think of would be every time a browser takes you to an https link from some other site, you get a new https session that the server would use to require a new login (actually, it's possible browsers already do this, I don't get into that level of detail). Your site would need https, and again, that's something the server would need to have code to support.
Is why the HELL anyone is trying to build a voting machine around an unsecureable platform in the first place?
I suspect the answer is "that's business." Companies don't always get the best programmers, and programmers use what they know. The technical requirement to be secure was likely never considered, but rather user friendly enough for the retiree old manning the machine and profitable enough to make a business out of it.
What I want to know is why the states don't band together, form a group to write the application on a hardened OS (MS is good enough for some DoD requirements, but so are a lot of other OS's), and place it under and open/public license for their citizens to be able to review. We can significantly reduce the cost to our voting budget by only purchasing hardware instead of the hardware, software, a markup (businesses are in it for the profit), and training costs associated with multiple companies offering these products.
He turned out to be a corrupt bastard, but he disappeared without ever having to pay or atone for anything, and the people who use the schools have been paying for it ever since.
And yet they haven't paid a single penny on this debt. IBM even agreed to not charge interest, which I'm sure was in the original contract.
All the other comments here seem to be going 'lol pay up already', but it's not that simple. IBM should forgive the debt, and everyone should learn a lesson from this
You failed to explain why it isn't that simple. Their other payments are ending which is why their first payments to IBM are beginning now. This is an affluent district that can find many ways to pay IBM, including funding from the county, new taxes, selling bonds, etc. If they decide to declare bankruptcy, then so be it, but get a judge to make it official. We don't need lawmakers begging for money (that's what this really is). And should they declare bankruptcy, their credit rating will go further down the tubes and people will continue to pay for it well into the future.
Don't let public institutions pay with credit. The people who make decisions are not held responsible, and thus do not make responsible decisions. They will rip you off, and rip off the people they are supposed to be representing.
This isn't something IBM suddenly decided to do, no business pays for anything upfront. Typically, 60 days is a normal turnaround time for accounts payable, and the bigger the purchase, the longer the payments are spread over. You don't even get your paycheck in advance. While this seems foreign to consumers that pay at the checkout (ignoring credit cards), business is done this way, and the school system would just have given their business to someone else if IBM had crazy terms like that.
Personally, I'd be on IBM's side if they decided to forgive the debt, but then charged a "high risk credit" fee to the next acquisition done by the school or county. And make the fee for $5 mil plus interest. Considering all the mainframes, enterprise software, and other business critical things IBM sells, it won't be long before they need something that wasn't included in the original maintenance contract and have to pay the piper. I suspect IBM will be kinder than this and forgive the debt as part of a larger contract that is missing many of the normal government discounts.
Considering how hated America is by the whole of the world, don't you think its very important for America to remain the strongest nation, because lathough in the past it could have faded into insignificance and no one would have cared, it would just be another economy, but now there are people just waiting for America to fall.
I don't believe they really want us to fail, unless you've fallen for the fear mongering that confuses other world powers with the terrorists. However, they do want us to be indebted to them. Take the middle east with the oil profits they get from us. Take China with their huge stocks of US currency from the years of trade imbalances. Take India with the outsourcing movement and all their call centers. With the increasing globalization of the world's economies, any major competitor to the US would be shooting themselves in the foot to try to destroy us. Yet profiting from our laziness and ignorance is exactly what all the foreign blooming super powers want to do, and indeed, will do.
My biggest fear is that neither the US people, government, nor economy will be ready to be removed from the top position. We'll continue spending all our time and effort building walls to "keep the bad guys out" while forgetting that we need to "make some good guys within."
they have one thing right - human contact on the phones.
And they have one thing wrong, they can't compete on price because of the high overhead. If independent organizations ranked computers based on support, quality, etc, and placed that rank right next to the price tag, things might be different. But until then, the uneducated consumer will buy based on the one piece of data they have there.
I'll second everything you just said. When someone breaks the law, we tend to call the police to enforce it, rather than having the riaa take the law into their own hands. But to your point:
That being said, it's a bit disconcerting to see them concerned with "who owns reproduction equipment like this". I really don't think that should be a concern of anyone... owning equipment shouldn't be a crime, even if it is professional-quality duplicators.
I'd say that owning equipment is perfectly legit. It's using the equipment to violate the copyrights that needs to be stopped. So if you find the equipment owner that created these disks, then you've found a key player in the crime. But to your point, equipment is evidence with the rest of the proof the police have, not a crime in and of itself.
This reminds me of an old email/fax scam trick. You start sending 1600 messages to people on a stock that's going to have big news the next day, either very good or very bad, no one knows. To 800 of those people, you say it will be good, and the other 800, you tell them it will be bad. The next day, you take the 800 who you predicted the right answer for, take another stock with big news coming out, and 400 of those people will end up with the right answer. Then 200, and on the 4th day, 100. Now for those 100 remaining people, you send a message saying that you've been giving valuable stock picks for the past 4 days and how much would they be willing to pay for your tips. The moral, everyone is a winner when your losers don't count. If you were hoping to find a good stock trader from this contest, this wasn't the way.
As for the bigger picture, I'm not a fan of "trading", though it does have it's place. I'd rather use the market for long term "investing" and doing something that provides value to the world with the rest of my time. But just like with power and politics, money corrupts, so we should expect that people will abuse the system and just do our best job ensuring we aren't the ones they are abusing.
That's why they want to enforce their local monopoly, um, I mean encourage people to play the lottery. If they had banned the lottery, vegas, etc when they banned online gamboling, it would have at least been consistent. As it is, there's no doubt that the government is just looking for more money. So they'll be happy to allow internet gamboling if they can regulate and tax the bejesus out of it, like every other legalized "sin".
There are a few politicians that need to be added to this list as a start. I still ponder a world where the people really are treated as the boss of our elected officials.
Now as a small business owner, I see the logic of such a list. Though I'd prefer to have it reversed, the allowed to work list, which you get on at birth or upon immigrating or with a visa, etc. Then we can give some new ID number that's only used for this database to each person (something like a ssn number, but different so it's more difficult to steal and easier to write laws to lock it down).
But there needs to be one addition, either the government needs to be liable for any losses from not including someone on the list, or business owners should only be required to report people missing from the list and not responsible for enforcing it. I'd prefer the latter since you can then keep making an income and take your case to court when you're wrongly accused.
I haven't been following the market closely enough, but the little I've seen is companies putting linux on phones as a replacement for another embedded OS, but without the ability to expand what's there.
I would say you haven't! Or at all, judging by that comment.
Sorry for not following things so closely, that dang day job gets in the way. What linux smartphones are you referring to that allow customers to add their own apps?
Thanks
Part of what made Palm successful was the ability to write applications and expand it. Will they continue this ability on their linux phones? Have they considered including a palm emulator in the initial versions so people can bring their apps with them? I haven't been following the market closely enough, but the little I've seen is companies putting linux on phones as a replacement for another embedded OS, but without the ability to expand what's there. I'm hoping palm can change this with a truly open mobile development platform.
Considering they are supposed to be writing the laws, I don't know how wise it is to have people that don't understand the law in that position. It's like banning economist from holding a position at the federal reserve.
What would help is to end the special interest influence. Law firms are huge donors to political groups. Make it so that people are the only ones able to donate, and put a cap on how much they can donate per year. No golf trips, no vacations, no planes, etc. Make politicians go back to being public servants as a position of honor and service instead of greed and power. Sadly, this will never happen as long as politicians make their own rules, political parties maintain their status quo, and people are afraid of wasting votes on independents.
No need, X win is completely usable with the exception that you can't open new windows, so you can just go to firefox and stop it normally. But the key phrase here is "not that you should have to...":-/ Despite all this, I still prefer firefox, but there are enough bugs to make me wish I had the time to help fix things.
It's not just bloated in ram, there's a lot of feature bloat, but for the most part, I like what bloat there is. My biggest complaint is "leaks", and the worst ones aren't ram but rather x windows. Run "xwininfo -root -children" on a machine after firefox has been running for a while. In addition to all the named firefox entries, there will be many saying "has no name" that are also firefox. Run it long enough (I suspend my laptop and keep it running for months), and you'll eventually get the famous:
Xlib: connection to ":0.0" refused by server
Xlib: Maximum number of clients reached
your_app_here: unable to open display ":0.0"
So basically you can't open another window until you kill firefox. There's no warning, no slow down, no cpu spikes, so you can be in the middle of something important with 10 tabs open and have to close the whole thing down to get any other app up. Despite all this, it remains my favorite browser because it supports standards and lots of developer and user friendly plug-ins.
Being aware of suddenly lower mileage has caught a cracked temp sensor and a battery that was starting to leak acid. If you want to make less of a negative impact on the world and like to catch problems with your car before you're broken down on the side of the highway, it's a good thing to check. It's easy, always fill the tank all the way up, reset your trip counter as you drive off, and at the first stop light out of the station divide a few numbers (lots of cell phones have a calculator). I don't see any time wasted or lost.
Let's get a couple other numbers for completeness.
How many GPL and other licensing violations are there in MS software?
How many patent violations are there within MS software, particularly those patents owned by OSS contributors?
I'm sure there are violations, and when we've been made aware of the issue, many distributions go out of their way to correct the issue. But as long as we're making accusations, lets get everything out in the open.
P.S. Pot, the kettle is on line 2, seems to be upset about some "black" comment you made.
1. Get a "catch a phisher" account number
2. Connect to the bank site through an ISP which NATs your IP address
3. Use the account number
4. The ISP gets blocked
Nothing in the description said "automated" or "blocked". The idea is to determine which transactions may be fraudulent and stop them before they clear the bank, hence the word "freeze" and "flagging" things for people to review. If the noise level from attackers submitting the flagged accounts gets too high, restrict it to people that call a phone number (doesn't even need to be an 800 number), or people who have an account (and allow yourself to track who's requesting the flagged numbers), or any of the other tools that prevent scripted attacks against web pages. Just because you're finding an implementation of an idea that has holes doesn't mean it can't be implemented in a way that solves (or significantly reduces) the issue.
Yeah, one problem with your system. Two, actually.
Tor, or randomized anonymous proxies
Uncooperative foreign countries
Those are an issue even if you didn't implement this. That said, if you use or run an anonymous proxy and the bank slows down your transaction and makes you jump through extra hoops, I don't have a problem with that. In fact, any time the bank puts an effort to verify the origin of a transaction that came from an anonymous source. And as for uncooperative foreign countries, you would assume the bank doesn't have many countries in their, so again, slowing down their transactions wouldn't be a bad thing. It also makes citizens of those countries push for change in their government since they are inconvenienced when they try to do business with the rest of the world.
I don't think we'll ever get to the point when we can catch every phisher. But we can catch some of them, and make the lives of others so difficult that they find another way to scam people.
The users will provide this red flagged account information to the phisher, who upon logging in a few times with these flagged accounts causes the banks to silently freeze other transactions placed from the same source until they can determine who's account data has been compromised.
Did you see where the problem was though?
Note the lack of the word "automatically". You see how you completely avoided saying what the problem was right?
Okay, so your scheme gives you the IP address of some machine they've rooted and are proxying their connection through. How does that help you stop them again?
It means you know other attempts to login from this IP may be going through a compromised machine, which is more than you knew before. You still need to apply some common sense the avoid a denial of service against an unsuspecting user or a NAT'd network. But when you're dealing with phishers, their weapon is being undetected until after the money has moved, so this is the best way to detect them before that happens.
And if the red flagged accounts appear to be completely legit, then it also means that phishers have to change their attack vector for each account, increasing their overhead, and increasing the chance they leave a trail somewhere that can be tracked.
Foolproof systems do not take into account the ingenuity of fools.
You're funny and exactly right at the same time. Instead of stopping phishing by preventing stupid users from doing stupid things, lets instead make it harder for the phishers to blend in with the other bank traffic. I'll suggest (again) that every financial organization make a "catch a phisher" link on their page that provides a unique (so that phishers can't build a list of the trojans) account number / login information that the intelligent users can request from the bank. The users will provide this red flagged account information to the phisher, who upon logging in a few times with these flagged accounts causes the banks to silently freeze other transactions placed from the same source until they can determine who's account data has been compromised. You may also be able to keep the phisher connected enough to determine where they are located to assist with law enforcement. It's something like a distributed honey-pot attack against the phishers that will make their job very hard very fast and quickly eliminate phishing attacks against organizations that implement this scheme.
A number of us have been saying for years that sooner or later people will stand up and refuse to obey unjust laws.
We've made the claim that copyright is just such an unjust law.
The application may be wrong in some cases, but I don't see a problem with the concept. GPL would cease to be effective without copyright law. You're claiming that every open source developer should lose all rights on their creation, which would discourage all open source creations. I would hypothesize that without copyright protections, there would be a slight increase in public domain software, and the rest would either become closed source or avoid the business all together. And that doesn't include the impact on books, movies, music, and so forth.
The last few years we've seen it actually happening. We dipped our toes in with music sharing, but it was too hot, so we went back to the shadows. The so-called Pirate Party grows stronger. Now there's YouTube/Google.
The silent majority of us ignore these laws. Now there's a vocal minority who are saying enough is enough.
I think this issue has finally come of age.
There's also a silent majority that speeds down the highways. It doesn't mean that it's right, only that it's an easy law to break and that you usually get away with it. As long as there are reasonable checks and balances to ensure that people breaking the speeding laws are reprimanded with as little impact on my civil rights as possible, the system works.
With copyright infringement, I think we need to make the punishment within reason. It should be more than the cost of buying the work legally for those caught downloading, and a fair bit more for those caught uploading, but not some extreme burden that many would be unable to pay. And it needs to be a government run organization where the normal copyright profits plus some service fee is refunded to the copyright holder and the rest goes to fun that government organization. There should be no vigilante/mafia/riaa/mpaa highly paid lawsuits going after little kids just as we shouldn't have individuals on the side of the road writing down license plate numbers and running to the courthouse demanding to know who I am and exactly where I was at various times of the day. Also, this government agency needs to be available to every copyright holder, and not just the big media companies. I say this as a libertarian that wants a smaller government, but I think some services are essential, law enforcement being one of them. And in this case, we're seeing the government struggle to keep up with the information age.
But I digress, the lawsuit claims that google "knowingly misappropriated and exploited this valuable property" and I think the simple question is "did they really?" Did google post the content or was it a user? Did they encourage this behavior, or was it a case of computer algorithms favoring the videos that many users recommended? Did they provide a way to have the videos taken down and offer to assist with any legal orders to identify the source of an infringing video? Was there a terms of use that clearly states illegal content is not permitted?
If your local DOT changes the speed limit to 100mph and moves the lanes to go through the middle of a farmers market, then we sue the DOT. When they put up the necessary protections and someone does it anyway, then we sue the driver. We need the same level of common sense when dealing with copyright infringement. Personally, I'm happy to see Google taking the heat, but not because they can do away with the copyright protections, but they have the money to keep the law from being improperly enforced. Every site that allows user contributions, and every web hosting company that allows users to update their own web pages (as in every one of them) wants to see google win this to keep their rights as service providers isolated from the actual copyright infringer.
Slashdot Mirror
The server also needs to be sure the user logs out using a timeout, and with supported browsers, some javascript that lets you know when they've left your page. And finally, at a higher business perspective, you shouldn't do something that can't be undone when it's initiated from an unsecure browser. E.g. Make sure you can untransfer any money.
One browser side change I can think of would be every time a browser takes you to an https link from some other site, you get a new https session that the server would use to require a new login (actually, it's possible browsers already do this, I don't get into that level of detail). Your site would need https, and again, that's something the server would need to have code to support.
What I want to know is why the states don't band together, form a group to write the application on a hardened OS (MS is good enough for some DoD requirements, but so are a lot of other OS's), and place it under and open/public license for their citizens to be able to review. We can significantly reduce the cost to our voting budget by only purchasing hardware instead of the hardware, software, a markup (businesses are in it for the profit), and training costs associated with multiple companies offering these products.
Personally, I'd be on IBM's side if they decided to forgive the debt, but then charged a "high risk credit" fee to the next acquisition done by the school or county. And make the fee for $5 mil plus interest. Considering all the mainframes, enterprise software, and other business critical things IBM sells, it won't be long before they need something that wasn't included in the original maintenance contract and have to pay the piper. I suspect IBM will be kinder than this and forgive the debt as part of a larger contract that is missing many of the normal government discounts.
My biggest fear is that neither the US people, government, nor economy will be ready to be removed from the top position. We'll continue spending all our time and effort building walls to "keep the bad guys out" while forgetting that we need to "make some good guys within."
This reminds me of an old email/fax scam trick. You start sending 1600 messages to people on a stock that's going to have big news the next day, either very good or very bad, no one knows. To 800 of those people, you say it will be good, and the other 800, you tell them it will be bad. The next day, you take the 800 who you predicted the right answer for, take another stock with big news coming out, and 400 of those people will end up with the right answer. Then 200, and on the 4th day, 100. Now for those 100 remaining people, you send a message saying that you've been giving valuable stock picks for the past 4 days and how much would they be willing to pay for your tips. The moral, everyone is a winner when your losers don't count. If you were hoping to find a good stock trader from this contest, this wasn't the way.
As for the bigger picture, I'm not a fan of "trading", though it does have it's place. I'd rather use the market for long term "investing" and doing something that provides value to the world with the rest of my time. But just like with power and politics, money corrupts, so we should expect that people will abuse the system and just do our best job ensuring we aren't the ones they are abusing.
That's why they want to enforce their local monopoly, um, I mean encourage people to play the lottery. If they had banned the lottery, vegas, etc when they banned online gamboling, it would have at least been consistent. As it is, there's no doubt that the government is just looking for more money. So they'll be happy to allow internet gamboling if they can regulate and tax the bejesus out of it, like every other legalized "sin".
...that they have 900,000 instances of prior art, give or take.
(Sorry, couldn't resist.)
There are a few politicians that need to be added to this list as a start. I still ponder a world where the people really are treated as the boss of our elected officials.
Now as a small business owner, I see the logic of such a list. Though I'd prefer to have it reversed, the allowed to work list, which you get on at birth or upon immigrating or with a visa, etc. Then we can give some new ID number that's only used for this database to each person (something like a ssn number, but different so it's more difficult to steal and easier to write laws to lock it down).
But there needs to be one addition, either the government needs to be liable for any losses from not including someone on the list, or business owners should only be required to report people missing from the list and not responsible for enforcing it. I'd prefer the latter since you can then keep making an income and take your case to court when you're wrongly accused.
Thanks
Part of what made Palm successful was the ability to write applications and expand it. Will they continue this ability on their linux phones? Have they considered including a palm emulator in the initial versions so people can bring their apps with them? I haven't been following the market closely enough, but the little I've seen is companies putting linux on phones as a replacement for another embedded OS, but without the ability to expand what's there. I'm hoping palm can change this with a truly open mobile development platform.
Considering they are supposed to be writing the laws, I don't know how wise it is to have people that don't understand the law in that position. It's like banning economist from holding a position at the federal reserve.
What would help is to end the special interest influence. Law firms are huge donors to political groups. Make it so that people are the only ones able to donate, and put a cap on how much they can donate per year. No golf trips, no vacations, no planes, etc. Make politicians go back to being public servants as a position of honor and service instead of greed and power. Sadly, this will never happen as long as politicians make their own rules, political parties maintain their status quo, and people are afraid of wasting votes on independents.
No need, X win is completely usable with the exception that you can't open new windows, so you can just go to firefox and stop it normally. But the key phrase here is "not that you should have to..." :-/ Despite all this, I still prefer firefox, but there are enough bugs to make me wish I had the time to help fix things.
It's not just bloated in ram, there's a lot of feature bloat, but for the most part, I like what bloat there is. My biggest complaint is "leaks", and the worst ones aren't ram but rather x windows. Run "xwininfo -root -children" on a machine after firefox has been running for a while. In addition to all the named firefox entries, there will be many saying "has no name" that are also firefox. Run it long enough (I suspend my laptop and keep it running for months), and you'll eventually get the famous:
Xlib: connection to ":0.0" refused by server
Xlib: Maximum number of clients reached
your_app_here: unable to open display ":0.0"
So basically you can't open another window until you kill firefox. There's no warning, no slow down, no cpu spikes, so you can be in the middle of something important with 10 tabs open and have to close the whole thing down to get any other app up. Despite all this, it remains my favorite browser because it supports standards and lots of developer and user friendly plug-ins.
Being aware of suddenly lower mileage has caught a cracked temp sensor and a battery that was starting to leak acid. If you want to make less of a negative impact on the world and like to catch problems with your car before you're broken down on the side of the highway, it's a good thing to check. It's easy, always fill the tank all the way up, reset your trip counter as you drive off, and at the first stop light out of the station divide a few numbers (lots of cell phones have a calculator). I don't see any time wasted or lost.
- How many GPL and other licensing violations are there in MS software?
- How many patent violations are there within MS software, particularly those patents owned by OSS contributors?
I'm sure there are violations, and when we've been made aware of the issue, many distributions go out of their way to correct the issue. But as long as we're making accusations, lets get everything out in the open.P.S. Pot, the kettle is on line 2, seems to be upset about some "black" comment you made.
...if they move my desk again I'm going to burn the building down.
I don't think we'll ever get to the point when we can catch every phisher. But we can catch some of them, and make the lives of others so difficult that they find another way to scam people.
Note the lack of the word "automatically". You see how you completely avoided saying what the problem was right?
And if the red flagged accounts appear to be completely legit, then it also means that phishers have to change their attack vector for each account, increasing their overhead, and increasing the chance they leave a trail somewhere that can be tracked.
You're funny and exactly right at the same time. Instead of stopping phishing by preventing stupid users from doing stupid things, lets instead make it harder for the phishers to blend in with the other bank traffic. I'll suggest (again) that every financial organization make a "catch a phisher" link on their page that provides a unique (so that phishers can't build a list of the trojans) account number / login information that the intelligent users can request from the bank. The users will provide this red flagged account information to the phisher, who upon logging in a few times with these flagged accounts causes the banks to silently freeze other transactions placed from the same source until they can determine who's account data has been compromised. You may also be able to keep the phisher connected enough to determine where they are located to assist with law enforcement. It's something like a distributed honey-pot attack against the phishers that will make their job very hard very fast and quickly eliminate phishing attacks against organizations that implement this scheme.
With copyright infringement, I think we need to make the punishment within reason. It should be more than the cost of buying the work legally for those caught downloading, and a fair bit more for those caught uploading, but not some extreme burden that many would be unable to pay. And it needs to be a government run organization where the normal copyright profits plus some service fee is refunded to the copyright holder and the rest goes to fun that government organization. There should be no vigilante/mafia/riaa/mpaa highly paid lawsuits going after little kids just as we shouldn't have individuals on the side of the road writing down license plate numbers and running to the courthouse demanding to know who I am and exactly where I was at various times of the day. Also, this government agency needs to be available to every copyright holder, and not just the big media companies. I say this as a libertarian that wants a smaller government, but I think some services are essential, law enforcement being one of them. And in this case, we're seeing the government struggle to keep up with the information age.
But I digress, the lawsuit claims that google "knowingly misappropriated and exploited this valuable property" and I think the simple question is "did they really?" Did google post the content or was it a user? Did they encourage this behavior, or was it a case of computer algorithms favoring the videos that many users recommended? Did they provide a way to have the videos taken down and offer to assist with any legal orders to identify the source of an infringing video? Was there a terms of use that clearly states illegal content is not permitted?
If your local DOT changes the speed limit to 100mph and moves the lanes to go through the middle of a farmers market, then we sue the DOT. When they put up the necessary protections and someone does it anyway, then we sue the driver. We need the same level of common sense when dealing with copyright infringement. Personally, I'm happy to see Google taking the heat, but not because they can do away with the copyright protections, but they have the money to keep the law from being improperly enforced. Every site that allows user contributions, and every web hosting company that allows users to update their own web pages (as in every one of them) wants to see google win this to keep their rights as service providers isolated from the actual copyright infringer.