Who's going to sue who? If JapanCorp doesn't want someone in America selling something, then TOO BAD FOR JapanCorp. You can't sue an American company in Japan (unless they have a branch in Japan).
Japanese laws don't apply to me, for example. If I want to ship some infringing software to Japan, that's my business. The Japanese government can't stop me. Customs can go after the importer or reject the shipment, though.
You mean to tell me that you have no keyboards, mice, and monitors in your possession? I've accumulated so many that giving up a set for a Mac Mini would be trivial...
> Microsoft couldn't do this because almost all Linux distros are GPL. And the GPL explicitly forbids mixing free and proprietary because of it's viral nautre. That is one of the reasons that Linux itself doesn't underly OS X.
What the hell are you talking about? The GPL says nothing about what you can and can't run on Linux. Kernel modules (drivers) can be proprietary (ever hear of the nVidia driver) and the software on top can be proprietary. Nothing was stopping Apple from using Linux, they just chose BSD because it's a more traditional UNIX.
Did you know that Apple uses the (L)GPL'd KHTML rendering engine inside their proprietary browser? How can such a thing occur?
Maybe not by your elitist definition. Tell me what you think when someone drives your car away because they brute-forced the encryption key.
(And you don't usually need to try EVERY key. You just need to try every key up to the one that works. On average, breaking a 2n-bit key takes 2^n trials.)
> I've never been rooted before, and feel violated.
You mean you've never found out that you've been rooted. The dedicated attacker isn't going to page you saying "I 0wn3d your b0>!!11", he's going to install rootkits that make him undetectable.
The worm behavior is obvious but humans are a bit more difficult to understand. Never assume that you aren't compromised:)
So their policy is to provide bandwidth to people who pay for it. When you start restricting who can and can't host a website, you start crossing the line from ISP to police state:)
Let's say we have 11 people in the world, and we line them up smartest to dumbest. The person in the middle has "average" intelligence. Then if you look at the 50% below him, those 50% are even dumber than average. Doesn't matter if it's a normal distribution or not; 50% of people are dumber than the person in the middle.
(Now if you want to average, that's a little different, but it doesn't have to be a normal distribution.)
Umm, the grandparent wrote the part about CourtTV. He was kidding, and I was telling him that people really do pay for things like that.
And as a computer engineer, most voltages I deal with are less than 5 (I'm more of a software/algorithms guy anyway). Thanks for your *cough* constructive comment though.
Law Student need to read cases? Be prepaired to pay CourtTV several hundred dollars a month for access.
Electrical engineering student need to read journal articles? Be prepared to pay the IEEE several thousand dollars a year for access. (I just looked, the IEEE charges $50,000 a year for online and print subscriptions to all their journals.)
This information isn't free (in the sense that researching, printing, and distributing cost money). University libraries seem happy to pay for this; I can get all IEEE publications since the 80s (or something) right from my dorm room (and many, many others... if you think the IEEE charges a lot wait until you see how much medial journals cost!). Paying for this is a fact of life. Going to University is about more than taking classes; it's about having information and people at your disposal (in the hopes that you'll better society in some way).
Sorry about the OT. Anyway, if the government starts limiting my access to whether information, I promise that I will set up a weather station here at UIC and provide the data for free. Hopefully my colleagues elsewhere will do the same, and we can provide out own (superior) collection of weather data.
Do you own the apartment building? Yes? Then sure; knock yourself out. (But don't expect the insurance company to pay for the building when you vapourize it one evening.)
Did you know that it is considered arson to burn down your own house that you fully own!?
Yeah, eventually someone will realize that shooting the messenger won't fix the security problems. It's getting to that "eventually" that's hard.
About a month ago, I found a major flaw in UI-Integrate, the system that does EVERYTHING for the University of Illinois (UIC, UIUC, and UIS). Anyway, I found this blatantly obvious (XSS) hole, and wrote up an advisory. Since it was potentially major, I didn't post it publicly. I made slight mention on my blog ("hey, I found a security hole, cool"). I showed up at work the next day (for the UIC computer center) and the shit hit the fan. Someone had cut-n-pasted my blog entry to the Mac mailing list (of all places), which consists of mostly simple mac users, not really in the position to understand computer security. Word got around to the higher-ups and eventually back to my supervisor. I got yelled at... blah blah this is unethical to talk about that, how can you live with yourself, etc, etc. I told them about my usual full-disclosure policy and how I hadn't disclosed any details yet. Eventually they forced me to write some retraction on my blog. They weren't happy with that, so the blog is gone now!!
I was obviously upset at this time, so I e-mailed professor Bernstein (who was my professor last semester in a security holes class), hoping that he would be on my side. He was; he wrote an e-mail to my supervisor about how they should apologize to me, etc.
Anyway, the rest of that week was bureaucratic meetings and ethics lectures. A whole meeting about how full disclosure is bad, how my duty as an employee is to lie to the users of the university computing system, how DJB is a moron* and how I shouldn't listen to him, etc. I thought the whole thing was quite ridiculous and I calmly told all these people that I believed in full disclosure and that I personally agree with DJB. They seemed upset with my "poor ethics", so I told them that if they had a problem with this I wouldn't work here anymore. (They really couldn't fire me because, 1) I would have taken legal action, and 2) I'm one of about three people that are actually worth the $7.30 an hour they pay us.)
*Not the exact words, but the meeting was mostly about discrediting him. This page was referenced. (obviously if you don't like patents you're a loony, right?)
Eventually the incident got escalated to a tech-type (the provost in charge of UofI technology) and he was very helpful. The hole was fixed within hours. I found a hole in their fix, and they fixed that. Over the course of another week they re-engineered the system, and the vendor pushed a patch to the other users.
As soon as it was in the hands of the higher-ups, I was thanked instead of criticized and demeaned. I think I will finally be able to publish the full advisory next week (less than a month after the initial discovery). Overall, I was impressed that people actually cared about security. Both AITS and the vendor involved (Sungard) were very helpful and supportive. It was just the people that didn't understand security that were upset (and scared, it seemed).
So here's my advice to a University student that discovers a hole in their university's computer system: publish immediately. If you publish immediately, the burden will no longer be on you. Everything will be out in the open, and the University will be responsible for their shoddy security, not you. It is your duty to inform the public that the systems they rely on are not secure. It is your right to publish this information. Never let anyone tell you differently. They are wrong. If it comes down to you being dismissed, you will win in court against the Univeristy. Keep that in mind. Always remember that you are doing the right thing.
Don't do what I did and tie yourself up with red tape, it's not worth the emotional drain. I was totally stressed for a week after this. The only thing that sav
Yes, but remember that 99% of CS students aren't like you. They don't really do much on their own, they learn everything through their classes. Security is very important for them to know, so it's not a bad idea to force feed it to them. Too bad they have to wait until they're graduate students (I would say that only the good undergraduates make it to graduate school, but that's sadly not the case.)
They can't really just come in your house though, so they can suspect you all they want, but can't really do anything until they press charges or something. Also, people trying to steal cable generally don't have cable service... they steal it from somewhere (duh).
But yeah, hacking satellites is not only safer, it doesn't seem very illegal to me. (They're sending the signal through MY house, why can't I build some hardware to decrypt it?)
And this is the problem with America's legal system. EA bought the rights to the players' names. What? You can buy and sell NAMES now? Is the phone book committing trademark infringement by daring to list NFL players?
Rights to the stadiums? Can I take a picture of a football field and make money, or is that illegal now? No more pictures of skylines... we will have to blur out all non-public property. (Like they do on TV. Every time I watch TV now I feel like I need new glasses because everything recognizable is blurred out. Apparently taking a picture of an object is illegal now...)
Anyway, this is illegal on the part of the NFL. Just because they have a lot of money doesn't make it right.
Joe Montana. Bret Farve. Whoever the fuck else plays football.
Slashdot Mirror
> I was cheking the ATX pin connectors but not sure what terminals should I jump to turn it on.
Connect the one green wire to any ground (black) wire. That will turn the PSU on (you need to keep it shorted to keep it on).
You can then measure the voltages, but I'm told that the voltages are often wrong when there's no load.
Have you ever heard of running in an emulator? Well that's what's happening there.
No.
Who's going to sue who? If JapanCorp doesn't want someone in America selling something, then TOO BAD FOR JapanCorp. You can't sue an American company in Japan (unless they have a branch in Japan).
Japanese laws don't apply to me, for example. If I want to ship some infringing software to Japan, that's my business. The Japanese government can't stop me. Customs can go after the importer or reject the shipment, though.
You mean to tell me that you have no keyboards, mice, and monitors in your possession? I've accumulated so many that giving up a set for a Mac Mini would be trivial...
> Microsoft couldn't do this because almost all Linux distros are GPL. And the GPL explicitly forbids mixing free and proprietary because of it's viral nautre. That is one of the reasons that Linux itself doesn't underly OS X.
What the hell are you talking about? The GPL says nothing about what you can and can't run on Linux. Kernel modules (drivers) can be proprietary (ever hear of the nVidia driver) and the software on top can be proprietary. Nothing was stopping Apple from using Linux, they just chose BSD because it's a more traditional UNIX.
Did you know that Apple uses the (L)GPL'd KHTML rendering engine inside their proprietary browser? How can such a thing occur?
If it's illegal to buy it, I guess we'll have to just download the games for free.
If that's what they want, then fine. No qualms here.
The `i' key and `o' key are right next to each other. Give him a break.
You've never pressed the wrong key before!?
> Brute force can never be considered "cracking."
Maybe not by your elitist definition. Tell me what you think when someone drives your car away because they brute-forced the encryption key.
(And you don't usually need to try EVERY key. You just need to try every key up to the one that works. On average, breaking a 2n-bit key takes 2^n trials.)
> I've never been rooted before, and feel violated.
:)
You mean you've never found out that you've been rooted. The dedicated attacker isn't going to page you saying "I 0wn3d your b0>!!11", he's going to install rootkits that make him undetectable.
The worm behavior is obvious but humans are a bit more difficult to understand. Never assume that you aren't compromised
True. But the data doesn't have to be normally distributed; it just has to be even about the median.
So their policy is to provide bandwidth to people who pay for it. When you start restricting who can and can't host a website, you start crossing the line from ISP to police state :)
Bravo for having some balls, HE.
Wrong.
Let's say we have 11 people in the world, and we line them up smartest to dumbest. The person in the middle has "average" intelligence. Then if you look at the 50% below him, those 50% are even dumber than average. Doesn't matter if it's a normal distribution or not; 50% of people are dumber than the person in the middle.
(Now if you want to average, that's a little different, but it doesn't have to be a normal distribution.)
Umm, the grandparent wrote the part about CourtTV. He was kidding, and I was telling him that people really do pay for things like that.
And as a computer engineer, most voltages I deal with are less than 5 (I'm more of a software/algorithms guy anyway). Thanks for your *cough* constructive comment though.
Law Student need to read cases? Be prepaired to pay CourtTV several hundred dollars a month for access.
Electrical engineering student need to read journal articles? Be prepared to pay the IEEE several thousand dollars a year for access. (I just looked, the IEEE charges $50,000 a year for online and print subscriptions to all their journals.)
This information isn't free (in the sense that researching, printing, and distributing cost money). University libraries seem happy to pay for this; I can get all IEEE publications since the 80s (or something) right from my dorm room (and many, many others... if you think the IEEE charges a lot wait until you see how much medial journals cost!). Paying for this is a fact of life. Going to University is about more than taking classes; it's about having information and people at your disposal (in the hopes that you'll better society in some way).
Sorry about the OT. Anyway, if the government starts limiting my access to whether information, I promise that I will set up a weather station here at UIC and provide the data for free. Hopefully my colleagues elsewhere will do the same, and we can provide out own (superior) collection of weather data.
You have no right not to be offended. If you don't want to hear the prayer then DON'T LISTEN.
Do you own the apartment building? Yes? Then sure; knock yourself out. (But don't expect the insurance company to pay for the building when you vapourize it one evening.)
Did you know that it is considered arson to burn down your own house that you fully own!?
Getting some notarized contract would probably help in that case.
But isn't it also illegal to kill yourself? I think they can put you in jail if you try and fail...
Yeah, eventually someone will realize that shooting the messenger won't fix the security problems. It's getting to that "eventually" that's hard.
About a month ago, I found a major flaw in UI-Integrate, the system that does EVERYTHING for the University of Illinois (UIC, UIUC, and UIS). Anyway, I found this blatantly obvious (XSS) hole, and wrote up an advisory. Since it was potentially major, I didn't post it publicly. I made slight mention on my blog ("hey, I found a security hole, cool"). I showed up at work the next day (for the UIC computer center) and the shit hit the fan. Someone had cut-n-pasted my blog entry to the Mac mailing list (of all places), which consists of mostly simple mac users, not really in the position to understand computer security. Word got around to the higher-ups and eventually back to my supervisor. I got yelled at... blah blah this is unethical to talk about that, how can you live with yourself, etc, etc. I told them about my usual full-disclosure policy and how I hadn't disclosed any details yet. Eventually they forced me to write some retraction on my blog. They weren't happy with that, so the blog is gone now!!
I was obviously upset at this time, so I e-mailed professor Bernstein (who was my professor last semester in a security holes class), hoping that he would be on my side. He was; he wrote an e-mail to my supervisor about how they should apologize to me, etc.
Anyway, the rest of that week was bureaucratic meetings and ethics lectures. A whole meeting about how full disclosure is bad, how my duty as an employee is to lie to the users of the university computing system, how DJB is a moron* and how I shouldn't listen to him, etc. I thought the whole thing was quite ridiculous and I calmly told all these people that I believed in full disclosure and that I personally agree with DJB. They seemed upset with my "poor ethics", so I told them that if they had a problem with this I wouldn't work here anymore. (They really couldn't fire me because, 1) I would have taken legal action, and 2) I'm one of about three people that are actually worth the $7.30 an hour they pay us.)
*Not the exact words, but the meeting was mostly about discrediting him. This page was referenced. (obviously if you don't like patents you're a loony, right?)
Eventually the incident got escalated to a tech-type (the provost in charge of UofI technology) and he was very helpful. The hole was fixed within hours. I found a hole in their fix, and they fixed that. Over the course of another week they re-engineered the system, and the vendor pushed a patch to the other users.
As soon as it was in the hands of the higher-ups, I was thanked instead of criticized and demeaned. I think I will finally be able to publish the full advisory next week (less than a month after the initial discovery). Overall, I was impressed that people actually cared about security. Both AITS and the vendor involved (Sungard) were very helpful and supportive. It was just the people that didn't understand security that were upset (and scared, it seemed).
So here's my advice to a University student that discovers a hole in their university's computer system: publish immediately. If you publish immediately, the burden will no longer be on you. Everything will be out in the open, and the University will be responsible for their shoddy security, not you. It is your duty to inform the public that the systems they rely on are not secure. It is your right to publish this information. Never let anyone tell you differently. They are wrong. If it comes down to you being dismissed, you will win in court against the Univeristy. Keep that in mind. Always remember that you are doing the right thing.
Don't do what I did and tie yourself up with red tape, it's not worth the emotional drain. I was totally stressed for a week after this. The only thing that sav
Yes, but remember that 99% of CS students aren't like you. They don't really do much on their own, they learn everything through their classes. Security is very important for them to know, so it's not a bad idea to force feed it to them. Too bad they have to wait until they're graduate students (I would say that only the good undergraduates make it to graduate school, but that's sadly not the case.)
:-)
Oh, and I like your sig
If you were a real computer scientist, and not a code monkey, you would not have made that statement.
"I don't like it, so it must be poorly designed." Riiiight.
They can't really just come in your house though, so they can suspect you all they want, but can't really do anything until they press charges or something. Also, people trying to steal cable generally don't have cable service... they steal it from somewhere (duh).
But yeah, hacking satellites is not only safer, it doesn't seem very illegal to me. (They're sending the signal through MY house, why can't I build some hardware to decrypt it?)
Every postal worker i've ever met is STUPID. The postal service sucks. FedEx breaks many fewer packages than the good ol USPS.
Did I mention that the USPS sucks? 'cause they do. Really. Hard.
(Oh no, I just "talked shits" about them... arrest me!!!!)
And this is the problem with America's legal system. EA bought the rights to the players' names. What? You can buy and sell NAMES now? Is the phone book committing trademark infringement by daring to list NFL players?
Rights to the stadiums? Can I take a picture of a football field and make money, or is that illegal now? No more pictures of skylines... we will have to blur out all non-public property. (Like they do on TV. Every time I watch TV now I feel like I need new glasses because everything recognizable is blurred out. Apparently taking a picture of an object is illegal now...)
Anyway, this is illegal on the part of the NFL. Just because they have a lot of money doesn't make it right.
Joe Montana. Bret Farve. Whoever the fuck else plays football.
Hah. I'm a criminal.
Absolutely right. Security is there to make you think you're safe, not to actually make you safe. You are vulnerable...
But if I do that then you can turn off my 1337 blinking by simply overriding my CSS file with your own. Noooooooooo!