Quick clarification(because SOMEBODY's going to ask, because I put down the wrong signature):
Cisco has a division called NSA--Network Supported Accounts, not No Such Agency.
Unsurprisingly, the real NSA was on my mind as I made this post. LOL. I work for Cisco's Network Supported Accounts division. Big, big, big difference.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Fresh from the US Patent Office, more of everyone's favorite pastime, "It's Net So It's New!"
Espionage is espionage. Major world superpowers spy on eachother. It's part of the structure of things--a presumption of visibility or "Sunshine" has a way of keeping governmental structures honest.
OK, honest isn't particularly the best of words. The US constitution is based on the concept that no one power structure can be fully trusted, so it places multiple power structures in opposition and dependance upon eachother, on the assumption that the intrinsic weaknesses in one will be balanced by the greed of another.
Heh, it makes about as much sense as Mutually Assured Destruction, but we did manage to make it through the Cold War without any (public) nuclear incidents. There's something amazing in that.
Anyway, if our country is based on the concept of multiple untrustable bodies balancing eachother, geopolitical stability as a whole is probably achieved by multiple untrustable nations spying on eachother, monitoring the behaviors of one another. The war wasn't that cold--just silenced.
Don't be surprised that there are spies online. Spies read newspapers. The NSA auto-downloads a number of sites on a daily basis(so said some guy who runs one of those sites). It's an "Open Source", as they call it. Extending the fact that they use open sources to the fact that they hack in a closed manner isn't ridiculous, or different.
It's standard operating procedure. If the spies weren't using the net, the intelligence level of the intelligence community would be rather suspect.
Are there differences? Yes. For one, the lack of a need for a physical presence at a compromised site--no moles, no informants--is disturbingly efficient. A report of an entire site compromising attack--Linux Kernel Module, uploading to some Australian Samba dropsite, slapped off a compromised Teraterm Pro SSH patch--that took eight seconds to go from full security to zero...the ease of this, compared to the espionage architectures of old, does have an impact.
What were you looking for? An easy answer?
Yours Truly,
Dan Kaminsky Cisco Systems, NSA Division http://www.doxpara.com
I've been playing with BSD as of late, and I must say, I'm enjoying the experience.
I have alot of trouble understanding where the angst between Linux and BSD derives, particularly among the hacker cores. My guess is that the semi-infamous bad attitude of BSD developers was directed against Linux in its growth years, and after years of having their work called immature and unstable(even when it began being much less so), Linux developers and users completed the "circle" of mutual distrust.
I wasn't around back then, so I'd like some better perspective.
Regardless, BSD has been quite the experience. OpenBSD, with its security-centric design, is something I plan to play around with for the specific reason that existing Linux Distributions run wayyyyyy too many network services by default, and the idea of an OS I can slap on a box and trust to be secure is very appealing.
Hearing that Theo's baby, OpenBSD, now has commercial support behind it is something that I am proud to hear. Theo's focus on security is making Linux better, and many of the apps that run on BSD were originally developed on Linux.
Congratulations to everyone involved.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
People seem to be getting into this "good enough" attitude regarding whether Sun's Community Source License is open or not.
It Just Isn't, and here's why.
StarOffice, recently licensed under Sun's Community Source terms(so I've heard), possesses an excellent charting component. While the GD Library is good for many tasks, the charting component of StarOffice is clearly superior, and would be inordinately useful for the myriad Linux/Unix based web servers out there.
Unfortunately, Sun's license restricts any productive work from being done that could web-enable StarOffice on the server side. Apache could never be bundled with mod_starchart, and fellow coders can't put out their own, less memory hungry versions of the component.
The only thing Sun lets you do with StarOffice is fix problems for them, and if Sun doesn't want the problems fixed, the most you can do is release a bulky and semi-difficult to apply patch to repair it.
I believe they even end up owning your patch as well.
Now, StarOffice appears to be a very well put together app, and I don't want to slight it for its licensing terms. But the bottom line is: StarOffice is not Open Source. It's nothing like Open Source. Using the words "Community Source" is inappropriate at best; their license unfortunately undermines the core advantages of the open model. While Sun is allowed to derive benefit from the community, the community is placed in a state of perpetual legal risk(and thus, extortable circumstance) should they do anything at all with the code beyond mailing in fixes.
Sun's License means no web charting component for you. It's that simple.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
People seem to be getting into this "good enough" attitude regarding whether Sun's Community Source License is open or not.
It Just Isn't, and here's why.
StarOffice, recently licensed under Sun's Community Source terms(so I've heard), possesses an excellent charting component. While the GD Library is good for many tasks, the charting component of StarOffice is clearly superior, and would be inordinately useful for the myriad Linux/Unix based web servers out there.
Unfortunately, Sun's license restricts any productive work from being done that could web-enable StarOffice on the server side. Apache could never be bundled with mod_starchart, and fellow coders can't put out their own, less memory hungry versions of the component.
The only thing Sun lets you do with StarOffice is fix problems for them, and if Sun doesn't want the problems fixed, the most you can do is release a bulky and semi-difficult to apply patch to repair it.
I believe they even end up owning your patch as well.
Now, StarOffice appears to be a very well put together app, and I don't want to slight it for its licensing terms. But the bottom line is: StarOffice is not Open Source. It's nothing like Open Source. Using the words "Community Source" is a cynical and slimy attempt to undermine the core advantages of the open model. While Sun is allowed to derive benefit from the community, the community is placed in a state of perpetual legal risk(and thus, extortable circumstance) should they do anything at all with the code beyond mailing in fixes.
Sun's License means no web charting component for you. It's that simple.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Well, the boxed package they sell in the software stores (that I've seen) says "Linux Mandrake" on it in big letters across the front of the box, with MacMillan in a corner somewhere. Unless they've changed it recently, I'd say the name-marketing was pretty well in favor of Mandrake.
Wait a sec, I could have sworn I've seen some book from Macmillan w/ Mandrake included that barely mentioned Mandrake.
If what you say above is true, then I really don't think that ZD guy did his homework. We've been talking about Mandrake for months now.
Sorry Dan, but this is not true. Even if it doesn't really matter who did what first I can not resist to point out that Stampede Linux was the first 2.2 kernel distribution that was compiled with pentium optimization.
I stand corrected. They were the first 2.1x kernel based distribution w/ PGCC optimizations, I'm almost positive.
My memory's kinda fuzzy, but I remember spazzing quite excessively over Berolinux's contents. Anyone out there have a more accurate timeline?
I like you guys. I actually do. Your Personal Bookshelf is an surprisingly useful site when I need a quick primer on some tech that I really should know off the top of my head by know, and you've kept that thing up for years.
But it's not fair for you to say you have a distribution. I think you know it.
Fellow Slashdot readers, I've been following the Mandrake guys ever since they merged with BeroLinux. BeroLinux, for those who don't know, was the first 2.2kernel distribution with everything recompiled to be pentium optimized. It was one heck of a slick package, unfortunately hobbled by some broken install routines.
Once Bero joined Mandrake(at the time, "Redhat+KDE"), I knew we'd be seeing a major powerhouse.
MacMillan may be doing great sales and marketing, but they're marketing the superlative work of the Mandrake people. I'm sorry if some Sales and Marketing folks at MacMillan don't feel they get much respect, but the bottom line is that the entire Linux community has been delivering rounds of applause to the Mandrake folks--those aw-shucks kinda guys who actually put together the package--to the degree that they got product of the year at the last Linuxworld Expo.
MacMillan should do the honorable thing and allow Mandrake to market the name of its distribution. There seems to be something quite faustian about his whole arrangement if you ask me; it's as if MacMillan went to Mandrake and said, "You could create the number one selling distribution, but it wouldn't be your name on it..."
That being said, I think they're doing a tremendous amount of good getting Linux out there, and we shouldn't take biased ravings(those geeks don't know what Linux is all about, thus he raved) too seriously--not even, mind you, from the person doing the raving. Five bucks says the guy was just quoting some out of line MCP guy off the record.
One lamer does not an organization doom...
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
What Canada Post is doing is "interesting"--authenticated email, hard traces, government backing--what we've yet to see is if they'll do it right. This is one of the first major deployments of a government-backed end-user market infrastructure, and its successes and difficulties will end up studied for quite some time.
However, while it borrows the imprimateur of the government, I'm not sure how much it actually exploits the vast resources governments as a whole spawn, and postal services in particular require.
The moment I read this story, I imagined that Canada Post might be facilitating convenient and efficient person to person transactions. Checks and money orders are incredibly inefficient, and the annoyance of compounded delays that permeate Online Auctions such as Ebay(send slip of paper, wait for slip of paper to arrive, wait for slip of paper to be converted to slips of paper redeemable anywhere for goods, wait for product to be mailed in response, hope nothing goes wrong) are just waiting for an efficient infrastructure to replace them--preferably one that could grow and deploy at the same impressive rate everything else online has sprouted.
I'm not expecting miracles. But postal services already support much of the (arguably inefficient, but definitely interesting) mass point-to-point package distribution system that's keeping Ebay in business. Through money orders, they're already directly involved in the actual exchanging of currency. Even the much maligned(and extraordinarily expensive) C.O.D. Delivery remains a strong historical precursor to what we're going to see the delivery person become.
As more transactions occur online, many of the functions the cashier once performed(everything from synchronizing the deal to acting as a buffer between management and the customer) will become shunted effectively into the delivery architecture. Deals agreed to via a Canada-post style secure email trail will have transactional paths drawn directly from one private citizen account to anothers--no cash to demand; your signature for delivery becomes your signature validating your willingness to pay.
Escrowed delivery and rock-solid paper trails are things that any of the major delivery providers can provide(and almost certainly will try), but I honestly think that government post has a serious advantage in this market--when it comes to designing systems that meet legal standards, being part of the organization that wrote those standards is both a PR coup and a legal benefit.
Of course, there are many, many issues I've glossed over, but I'd like to hear what others have to say about this.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Hate to be the pain in the ass demanding people be a bit consistent in their distaste for patents, but Ye Olde UltraHLE on Win32 *appears* to do a good chunk of automagic rewriting of processor instructions intended for another architecture.
I doubt it has the same kind of exception handling as we see described in this patent, though. Them TransMetans do some funky stuff;-)
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Once you pull the pin, Mr. Grenade is no longer your friend.
While I respect your postings greatly, it is plainly clear that you have neglected to observe some of the great technological failures of the past few years.
Who can forget the siren call of Push, which would flood us with more graphics and data than we could possibly handle? Oh, right. Everybody. Once the novelty of Internet Animation wore off, the concept of computers dialing away in the middle of the night, retrieving late data that merely looked pretty looked about as lame as it really was.
Look back a little farther, why not, to the misshappen history of Netscape Plug-Ins. I remember browsing through an index of dozens--soon to become hundreds--of plugins, all sorts of new features(and complexities--uh oh!) that people would have to install to get The Latest Web.
In fact, if you look at the last few years, an entire calvacade of fads have been propped up by VC-desperate firms who, no doubt, all either hire the same PR firm or read the same trade rags. Portals! Plumbing! MULTIMEDIA! It's the next big thing!
For things that are truly useful, success awaits. Everything else gets washed away in the toilet that is Internet Time.
New technologies and infrastructures barely get their name embedded into people's minds before they're revealed as either truly useful(Slashdot, eBay, Linux, Google) or utter garbage(take your pick). It's this massive environment of collaborative filtering that the non-technical sociologists utterly fail to comprehend.
I dunno. Maybe it's a bit of Patent Office grade It's-Net-So-It's-New syndrome, but the concept that people are going to spend hours upon hours searching through their five hundred channel guide is patently ridiculous. Scaling the willingness to poke through a TV Guide for few minutes up to poking through an online channel guide for a few hours is the height of illogic. It reminds me of an old joke--in 1976, there were a few hundred Elvis Impersonators, but by the late 80's, there were tens of thousands of 'em. At that rate, by the year 2030, one out of every three humans will be an Elvis Impersonator.
People who channel surf already will continue to do so, but the real advantage will come to those who will finally be able to watch those shows they want to see--and not just whatever random BS is on. As the channel model is debunked by the sheer quantity of stations advertising content viewers might wish to see, the power moves from the network program directors to the writers, the actors, and the producers of the shows the customers actually want to watch.
If, by some cruel trick of nature, people only watching the shows they want to see is a harbringer of inefficiency and "cyberclysm", then NBC, CBS, and ABC have been poisoning the water supply for quite some time now.
I have a good deal of trouble accepting some of the presumptions I see made. The Sharper Image has existed for most of my life--I recently found a catalog of theirs, and revelled in the memories of drooling over their inventive products--yet, strangely, I don't see most people walking around with GPS capable cufflinks yet. Apocolyptic ravings about featuritis don't take away from the fact that while Geeks Like Me will always be interested in the abilities granted by high degrees of technification, most of the population will have better things to do.
And yet, it's only when something comes from the geek realm into modern, everyday life that the bells start ringing.
Much like the Pokemon Lawyers suing themselves, suddenly a major Geek Champion has been caught in fear of encroaching geekdom?
Please. Using a search engine instead of a card catalog does not a disaster of epic proportions create. There are those who have not yet learned the basics of computer usage, but User Interface developments will continue as they have been since the web finally exposed networked connectivity to a world not raised on control characters and LaTeX markup. Overall, those who want to connect will be able to, unless a hurricane hits. That much technology isn't designed as disaster-proof as Ma Bell's network could be construed as a bad thing, I suppose. I'll have to look into that.
In the meantime, those portending a disastrous future of chemically aware porcelain should do well to know--nobody wants a damn camera in their crapper, except the prisons the things were invented for.
Overall, I think you hit on the strongest point of them all in your column: Perhaps the survivors will be the people with the simplest, not the most sophisticated, machines.
It is not an accident that the most successful concepts in all of technology are those that remain both the simplest and the most sophisticated. Grace and form, it seems, are as critical in high technology as they are in most human work, be it architecture, sculpture, or even perhaps law.
If any of the futurists quoted can convince me that all of the world will forever embrace that which completely flaunts all tenets of grace and form; if they can prove the mass population will ignore the precedent of their flashing 12:00's and throw themselves at that which is almost designed to thwart the desires of its users, you'd have a case for a Cyberclysm. However, the continual successes of those technologies that Do It Right(and the continual cycle of destruction that everything else is wrung through) tell me That's Just Not Going To Happen.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Once you pull the pin, Mr. Grenade is no longer your friend.
Being a perenial slacker(my roommate friends keep on telling me I'm going to get fired; I don't know what they're talking about. Why yes, I'm supposed to be at work right now. Why yes, I am working at home now. Oh shit, am I posting on slashdot? Accursed evidence!), I blasted through the archives of AY2K.
Jaw, meet floor.
NitroZac's strips are some of the funniest things I've seen in a very long time. Her parodies of the personalities that define our industry are drop dead hilarious. Having met Eric Raymond, seeing his, ah, preparations finally prove useful was among the most classic injokes I've ever been privy to. (No, I'm not linking to it. Go read through the AY2K's. Trust me, it's a classic.)
I love the perspective of these strips. I love the attention to detail that's poured nigh-obsessively into them. Their relevance is astounding, and the sheer amount of material parodied is...astounding.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
P.S.:
Geek Superiority, As Expressed In Terms Of Feminist Neoresocialization Acceptance Metrics
CHICKS BECOME DOCTORS: Men in the field spaz out. Women are intruding!
CHICKS BECOME LAWYERS: Men is the field spaz out. Women are intruding!
CHICKS BECOME COMPUTER GEEKS: Male geeks spaz out. Women are intruding! Hallelujah
Once you pull the pin, Mr. Grenade is no longer your friend.
(Sorry all for the public post. I don't have JSM2's private email.)
I attempted to email Gary, but the message was returned. Could you verify his address and contact me? I'd like to contact him, per your suggestion.
I checked google--yeah, this guy very likely would be interested in the software impacts of much of his economic theories. Particularly with the business model evolution I need to work on involving the future of software development--his input would definitely be appreciated.
Thanks!
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Once you pull the pin, Mr. Grenade is no longer your friend.
The phrase "Core Competency" is a [tm] trademark of Gary Hamel, a management science professor at the London Business School.
Did he come up with the concept that I named my paper after? Hurm, after I clean it up a bit(some significant alterations are in order after that rather interesting session I had at LWCE), I may toss the paper over to him for evaluation.
The term is reasonably public domain(hell, I've heard of it), but if he's the inventor of the field of thinking, it would behoove me to understand a bit more of what his theories are.
(For those who are wondering WTF all this is about--Core Competencies is an essay regarding the economics of Open Source. I brought it up when discussing the diseconomic meanderings of everybody's favorite registrar.)
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Once you pull the pin, Mr. Grenade is no longer your friend.
OK, gotta get the music to that strangely addictive game out of my head now.
Check out this piece of wholesome goodness, delivered in the same message as my (cleartext) domain hijacking password:
If you do not wish to receive e-mail from Network Solutions, click on this +e-mail address and type "remove" in the +subject line. PLEASE NOTE: by opting to be removed from this list we will not be able to +communicate to you, in real-time, on issues regarding your account.
The mind boggles. One of the primary aspects of the net's formative power is its ability to quickly report the consensus of a company's customer base. Emails such as the one recently sent to all domain owners--containing both an unprecedented security breach and a jaw-dropping amount of arrogance(read our spam or we lose your bill)--only serve to increase internal communication within NSI's customer base, and to erode and eliminate the trust that the company has built up over the years.
I am positive there are alot of others out there like myself who hold a great deal of technical respect for their extremely high-uptime management of the closest thing we have to a single point of failure. They've done much right, and honestly, they've scaled better than one might have expected considering their ever increasing workload and the sheer number of years they've been doing their job.
I almost see a parallel to Microsoft here. People complain that the Windows 9x kernel is buggy, but considering that it runs everything from ancient DOS games to 32 bit applications, it's a miracle it runs at all. There's some truly respectable hackery involved in that! However, nobody, not even Microsoft's staunchest allies will say that their businesspeople are the most ethical in the industry, and most of the industry will claim that the Microsoft businessdroids have even less faith in their coders than the Linux bigots.
Why else fudge the numbers and force the shipments? Nobody's going to run Internet Explorer unless they're forced to...so lets force 'em. That seems to be the mindset.
Similarly, the Network Solutions folks have pulled off some significant technical miracles, but their business side is obsessed with the concept that nobody cares about anything technical. Since nobody would use NSI if they had an alternative registrar, the quality and quantity of alternatives must be fought tooth and nail. Since NSI is nothing but its collection of names and addresses retrieved under contract from the federal government, they'll claim de facto ownership of the WHOIS database until the Commerce Department's gun is pointed at their head with the hammer cocked.
Nobody cares about name resolution, you see. The real fad is WEB BASED EMAIL; create accounts for people without even following basic security procedures!
Nobody would actually want any of the services offered by NSI through email, so issue a vague threat to cut off all email--even that which is critical to the operation of one's domain--unless the domain owner agrees to sift through the latest thing being hawked by NSI.
The more NSI does in this style, the more they disenchant, disenfranchise, and disconnect themselves from their customer base.
There's no logical reason for this to occur.
I call all of this the PARC Lemming Syndrome. Every hi-tech businessperson secretly(or not-so-secretly) laments that he or she wasn't there at Xerox PARC to bring all of those amazingly profitable inventions to market. The agony of imagining so many lost dollars causes them to try to milk whatever or wherever they're at without due concern for what this will actually do to the businesses Core Competency.
To the businessperson...maybe he's breaking loose, pulling ahead of the pack, about to lift off, ascend to new hights...or maybe she's in the middle of a herd, trailblazing, secure in the knowledge that together new possibilities are being forged.
The the customers, and the rest of us...just looks like a bunch of lemmings racing headlong towards a cliff.
I implore you, Network Solutions. Buy a clue. Get a twelve pack if needed. Your customers trust you because your uptime is unbeatable, your security is generally reasonably tight, and because you've been doing it right longer than anyone else in the business. I'm one of your customers. Before you tell me anything, offer me anything, or do anything, think of why I do business with you, and about what could make me stop.
Interesting response. Entirely outside of what I expected.
For instance, you claim the following:
"you present the USPTO as some idealitic world far removed from any contraints."
Far from it. Rereading my post, I find that the federal courts are predisposed to favor the opinion of the official government body for determining patent fairness, the USPTO, when judging a patent infringement lawsuit. Such is the nature of the courts--stick to precendent, stay consistent, defer to experts.
My point was that the patent office is not an impartial judge of proper patentry, and as a method of power aggrandization will eventually attempt to usurp more and more power over obvious monopolies.
Again, I fail to understand how you could possibly claim that I believe the patent office exists without constraints; rather, I think that the primary constraints against it aren't truly counterbalancing, due to the expert deferrance. I also think new constraints will form as more and more money gets extorted from large companies.
While the ability to utilize patent extortion is a powerful source of leverage for many large corporations, the exposure possible from being extorted is so vast that we will see significant reforms on this front, if only because it will be cheaper to pay to get the law changed than to deal with the continual flow of frivolous patents.
Lets look at some of the things you said. Could be fun.
This to me illustrates some of problems with the moderation as you present no real arguments but resort to long words. This then tells me that the average/. moderator has a limited vocabulary.
This to me illustrates some of problems with your post as you present ad hominem attacks yet cannot intrepret long words. This then tells me that the average/. moderator would mark this post as flamebait if I didn't limit my vocabulary.
Hint: The patent applications have many references to prior patents. The new patent is simply an extension of prior work.
This is not surprising. Here I am, arguing that the patent office is providing patents to more and more obvious things, and you're saying that the patent office is issuing patents related to previous patents.
The number 0 was novel once too, ya know.
You also have to consider, if you take a bunch of reference patents, then add something completely obvious(do it online!), you haven't particularly innovated much.
But, consider this. I have a great new concept for the internet. MS then figures that they also want this.
My good idea is gone. MS now has extended and embraced my idea.
We shouldn't be bashing Microsoft. They're standing up to Priceline. Brownie points from this Linux geek for that.
Lets extend your example into...like, reality. It's much more likely to be the other way around. MS has the money to patent any tiny idea that happens to spooge out in the middle of a board meeting, no matter how minute or obvious. You only patent your brilliance. Unfortunately, your one patent has been superceded by MS's thousands. They own your idea, or at least they threaten you into silence with expensive lawyers.
If I remember right, MS owns the concept to putting a computer in all those set top boxes that Everyone Will Buy and turning them into a distributed computing environment. Completely obvious to anyone in distributed computing.
Oh, sorry. Your great distributed computing idea...is now controlled by them. Sorry.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Once you pull the pin, Mr. Grenade is no longer your friend.
Once Upon A Life, I used to debate competitively. A common procedure was to take some argument of the opponent and extend it to its "natural conclusion". Often these conclusions would be quite silly, and would be degraded as an example of Reducio Ad Absurdium(Reduction To The Absurd).
Saying that free software means that all programmers will starve to death would be a good example.
Saying that these programmers, in their hunger, will trigger a nuclear war that will destroy the earth is a realistic, debate world example. (I sh*t you not.)
Relevance, you ask? The absurd reduction of the concept that the patent office has the power to expand its own domain is that it will eventually allow ownership over the, well, patently obvious. An abusive debater would argue that government never, ever chooses to decrease its power, only to increase it(thus the use of counterbalanced powers--this way, one branch of government steals from another, and not from the overall pool of freedom), so the patent office would only limit its power grabbing up to the point where the courts would stop it.
Now, watch this. Since the patent office is the legal mediator between the "inventor" and the "infringer", it is ostensibly the objective expert in the matter of what makes a fair patent.
Courts defer to the experts. That the patent office possesses an extreme conflict of interest--it becomes more powerful(and rich) based on how much falls under its penumbra--is completely ignored.
So, given all that, the abusive debater would reduce the patent office into an agency that would apply patents to as much as it could possibly get away with, which would grow larger and larger with the passage of time, the deference of courts, and the greed of claimants.
Only what's funny is, as silly as this conclusion should be, we truly *are* seeing Reducio Ad Absurdium patents in widespread use. The concept of slapping a graphical advertisement on a virtual "page", just like one does with *gasp* real pages--this is not particularly inventive.
Neither, incidentally, is the exploitation of the most obvious security hole in cookie design. Nor, for that matter, naming your own price for a product and hoping somebody accepts it. (Ever been to a flea market?)
The general theme seems to be, if it's something common put online, it's automatically new and patentable. Not only is this an absurd conclusion, it's *debate* level absurd.
That basically means, from a philosophical point of view, one is ignoring every single piece of contravening reality to come to some conclusion that you desired in the first place. Amazingly, this pretty much describes what the patent office is doing.
But there's some beauty in all of this--remember when I was talking about counterbalanced powers? One agency of government has built up a pretty decent power base through its greed, but its completely unsecured. There's no "legitimacy value" to this power, so the potential exists to a) extract large amounts of campaign funding and b) get prestige and national name recognition(Americans love seeing corruption exposed, much like they like moving flower pots and seeing the insects writhe in the sunlight.) by going after the patent office.
In other words, greed will counter greed.
The more ridiculous the patents get, the more exposed businesses small and large become. The more exposed, the more willing to support a "champion" to defend their rights.
The Patent Agency is contributing to its own emasculation. This latest patent is just more of the same.
Run Lemming Run!
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Once you pull the pin, Mr. Grenade is no longer your friend.
apple's tcp/ip stacks have been vulnerable to the same bugs as MS, linux, and *bsd stacks have been; eg, ping o' death (oversize ping packet).
(I like the italicizing method.)
Hurm. That's right. They're all the same TCP/IP stack, barely rewritten. How ironic! The ultimate interoperable protocol only existed not just because of open specifications but literal *open source*...and *every* OS player agrees, if not in their words, then in their actions.
Fascinating.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Once you pull the pin, Mr. Grenade is no longer your friend.
(Disclaimer: Apple folks, I have a moral obligation to tweak macs. I grew up with an Apple IIgs.)
Ah, yes. There's nothing like a brick wall to prevent someone from breaking the lock.
MacOS actually gets some bonuses from its, uh, quaintly anachronistic operating system tendancies. (This is not a flame. I think it's cute to tell an application how much memory it gets. See disclaimer. Tweak. Tweak.) For example, the fact that the entire OS is really built to communicate over Appletalk instead of TCP/IP means there's absolutely *nothing* open by default for abuse on the general Internet.
Those who remember these kind of things will note that *the* definitive, original WinNuke was a bug in the TCP handling of an "Out Of Band" packet sent to port 139 on a Windows box. Open door. Boom.
As much as I love Linux, there are more open ports in your standard issue distribution than you're likely to find in an average brothel. Unix in general is hooked into TCP/IP addiction on a practically native level.
The speed on the mac might not be great. The stability probably won't be perfect, but who knows. With much less embedded functionality, there's Just Less To Break.
"We here at the US Army know that the most secure computer is the one that isn't plugged in. We use the next best thing."
Yours Truly,
Dan "Must Never Post When He's This Tired" Kaminsky DoxPara "Will Have No Memory Of This Post" Research http://haveasenseofhumor.www.doxpara.com
Once you pull the pin, Mr. Grenade is no longer your friend.
Looks like my mind goes into random fact mode when heavily deprived of sleep. (I'm literally having eye spasms here. Somebody save me and patch uulib/mmencode directly into SLiRP and pppd for me).
Anyway, undersea copper cables carry so little traffic relative to fiber that they're no longer used for data transmission--some scientists have been taking them over as a means for analyzing the earth's magnetic field. In other words, lets see what happens when we do nothing to them...we've come along way since when once of the first(*the first*?) transatlantic telegraph cables was literally burnt out when the scientist operator on one end was so obsessed with getting voice signals over a cable never intended for such that he jacked up the voltage higher, and higher, until boom...
Then again, maybe we haven't come that far *after* all...;-)
"Sir! Sir, our transmissions from the NSA are being interrupted by...my god, will somebody get that 16 year old out of that alt.binaries group? We'll be down for hours!"
Yours Exhaustingly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Once you pull the pin, Mr. Grenade is no longer your friend.
>AT&T Labs who developed VNC used a technology like that to make your home session appear on any terminal you walk by in their office. Cool.
nononono!
AT&T *bought* ORL, the research lab collaboration between Olivetti and Oracle(I believe). VNC was already an extremely mature platform at the time of purchase, thanks to the extraordinary labors of its core programmers. (Heh Wez.)
I'm tempted to agree with those who worry most about individual credit for projects being supplanted by corporate attention-mongering. Not that AT&T has done anything bad...well, yet.
AT&T did try to sue to get BSD back, if I remember correctly...
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Once you pull the pin, Mr. Grenade is no longer your friend.
Supposedly--mind you, I'm a city boy, so WTF do I know--large chunks of the cross country power grid are just unshielded solid cable. Why pay to insulate over those kind of distances, when you can just shove the cables up pretty high and hope nothing like a large-winged eagle will short your cables...
"KFE: The Official Dinner of BFE."
The point is, sometimes when you design to the minimum specification, things get burnt. Most power grids were designed for tossing out 60hz AC at the endpoints. Higher frequency artifacts were just never considered in the design specs. So basically we're left with an infrastructure that truly *is* universally available(power company goes *almost everywhere*, because private power is still expensive--this'll change), but we can't use these wires all over the place because of a failure in foresight.
The most powerful example of not seeing where things were going involves Sprint--as far as I've heard, which, again, probably ought to be verified, is that when they laid their thousands of miles of cable they only put in a few strands apiece. All the money was spent doing the truck roll...and barely anything on expandability for the future.
There's a lesson here. We all seem to thing where things are going. I think technologists need to start quantifying the degree of unsurity in technological prediction, so that companies like Sprint and Nortel can evaluate their decision makings on much large timespans.
Well, at least that's what I think.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Once you pull the pin, Mr. Grenade is no longer your friend.
Slashdot Mirror
Quick clarification(because SOMEBODY's going to ask, because I put down the wrong signature):
Cisco has a division called NSA--Network Supported Accounts, not No Such Agency.
Unsurprisingly, the real NSA was on my mind as I made this post. LOL. I work for Cisco's Network Supported Accounts division. Big, big, big difference.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Fresh from the US Patent Office, more of everyone's favorite pastime, "It's Net So It's New!"
Espionage is espionage. Major world superpowers spy on eachother. It's part of the structure of things--a presumption of visibility or "Sunshine" has a way of keeping governmental structures honest.
OK, honest isn't particularly the best of words. The US constitution is based on the concept that no one power structure can be fully trusted, so it places multiple power structures in opposition and dependance upon eachother, on the assumption that the intrinsic weaknesses in one will be balanced by the greed of another.
Heh, it makes about as much sense as Mutually Assured Destruction, but we did manage to make it through the Cold War without any (public) nuclear incidents. There's something amazing in that.
Anyway, if our country is based on the concept of multiple untrustable bodies balancing eachother, geopolitical stability as a whole is probably achieved by multiple untrustable nations spying on eachother, monitoring the behaviors of one another. The war wasn't that cold--just silenced.
Don't be surprised that there are spies online. Spies read newspapers. The NSA auto-downloads a number of sites on a daily basis(so said some guy who runs one of those sites). It's an "Open Source", as they call it. Extending the fact that they use open sources to the fact that they hack in a closed manner isn't ridiculous, or different.
It's standard operating procedure. If the spies weren't using the net, the intelligence level of the intelligence community would be rather suspect.
Are there differences? Yes. For one, the lack of a need for a physical presence at a compromised site--no moles, no informants--is disturbingly efficient. A report of an entire site compromising attack--Linux Kernel Module, uploading to some Australian Samba dropsite, slapped off a compromised Teraterm Pro SSH patch--that took eight seconds to go from full security to zero...the ease of this, compared to the espionage architectures of old, does have an impact.
What were you looking for? An easy answer?
Yours Truly,
Dan Kaminsky
Cisco Systems, NSA Division
http://www.doxpara.com
I've been playing with BSD as of late, and I must say, I'm enjoying the experience.
I have alot of trouble understanding where the angst between Linux and BSD derives, particularly among the hacker cores. My guess is that the semi-infamous bad attitude of BSD developers was directed against Linux in its growth years, and after years of having their work called immature and unstable(even when it began being much less so), Linux developers and users completed the "circle" of mutual distrust.
I wasn't around back then, so I'd like some better perspective.
Regardless, BSD has been quite the experience. OpenBSD, with its security-centric design, is something I plan to play around with for the specific reason that existing Linux Distributions run wayyyyyy too many network services by default, and the idea of an OS I can slap on a box and trust to be secure is very appealing.
Hearing that Theo's baby, OpenBSD, now has commercial support behind it is something that I am proud to hear. Theo's focus on security is making Linux better, and many of the apps that run on BSD were originally developed on Linux.
Congratulations to everyone involved.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
People seem to be getting into this "good enough" attitude regarding whether Sun's Community Source License is open or not.
It Just Isn't, and here's why.
StarOffice, recently licensed under Sun's Community Source terms(so I've heard), possesses an excellent charting component. While the GD Library is good for many tasks, the charting component of StarOffice is clearly superior, and would be inordinately useful for the myriad Linux/Unix based web servers out there.
Unfortunately, Sun's license restricts any productive work from being done that could web-enable StarOffice on the server side. Apache could never be bundled with mod_starchart, and fellow coders can't put out their own, less memory hungry versions of the component.
The only thing Sun lets you do with StarOffice is fix problems for them, and if Sun doesn't want the problems fixed, the most you can do is release a bulky and semi-difficult to apply patch to repair it.
I believe they even end up owning your patch as well.
Now, StarOffice appears to be a very well put together app, and I don't want to slight it for its licensing terms. But the bottom line is: StarOffice is not Open Source. It's nothing like Open Source. Using the words "Community Source" is inappropriate at best; their license unfortunately undermines the core advantages of the open model. While Sun is allowed to derive benefit from the community, the community is placed in a state of perpetual legal risk(and thus, extortable circumstance) should they do anything at all with the code beyond mailing in fixes.
Sun's License means no web charting component for you. It's that simple.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
People seem to be getting into this "good enough" attitude regarding whether Sun's Community Source License is open or not.
It Just Isn't, and here's why.
StarOffice, recently licensed under Sun's Community Source terms(so I've heard), possesses an excellent charting component. While the GD Library is good for many tasks, the charting component of StarOffice is clearly superior, and would be inordinately useful for the myriad Linux/Unix based web servers out there.
Unfortunately, Sun's license restricts any productive work from being done that could web-enable StarOffice on the server side. Apache could never be bundled with mod_starchart, and fellow coders can't put out their own, less memory hungry versions of the component.
The only thing Sun lets you do with StarOffice is fix problems for them, and if Sun doesn't want the problems fixed, the most you can do is release a bulky and semi-difficult to apply patch to repair it.
I believe they even end up owning your patch as well.
Now, StarOffice appears to be a very well put together app, and I don't want to slight it for its licensing terms. But the bottom line is: StarOffice is not Open Source. It's nothing like Open Source. Using the words "Community Source" is a cynical and slimy attempt to undermine the core advantages of the open model. While Sun is allowed to derive benefit from the community, the community is placed in a state of perpetual legal risk(and thus, extortable circumstance) should they do anything at all with the code beyond mailing in fixes.
Sun's License means no web charting component for you. It's that simple.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Well, the boxed package they sell in the software stores (that I've seen) says "Linux Mandrake" on it in big letters across the front of the box, with MacMillan in a corner somewhere. Unless they've changed it recently, I'd say the name-marketing was pretty well in favor of Mandrake.
Wait a sec, I could have sworn I've seen some book from Macmillan w/ Mandrake included that barely mentioned Mandrake.
If what you say above is true, then I really don't think that ZD guy did his homework. We've been talking about Mandrake for months now.
Sorry Dan, but this is not true. Even if it doesn't really matter who did what first I can not resist to point out that Stampede Linux was the first 2.2 kernel distribution that was compiled with pentium optimization.
I stand corrected. They were the first 2.1x kernel based distribution w/ PGCC optimizations, I'm almost positive.
My memory's kinda fuzzy, but I remember spazzing quite excessively over Berolinux's contents. Anyone out there have a more accurate timeline?
Sorry, Mac.
I like you guys. I actually do. Your Personal Bookshelf is an surprisingly useful site when I need a quick primer on some tech that I really should know off the top of my head by know, and you've kept that thing up for years.
But it's not fair for you to say you have a distribution. I think you know it.
Fellow Slashdot readers, I've been following the Mandrake guys ever since they merged with BeroLinux. BeroLinux, for those who don't know, was the first 2.2kernel distribution with everything recompiled to be pentium optimized. It was one heck of a slick package, unfortunately hobbled by some broken install routines.
Once Bero joined Mandrake(at the time, "Redhat+KDE"), I knew we'd be seeing a major powerhouse.
MacMillan may be doing great sales and marketing, but they're marketing the superlative work of the Mandrake people. I'm sorry if some Sales and Marketing folks at MacMillan don't feel they get much respect, but the bottom line is that the entire Linux community has been delivering rounds of applause to the Mandrake folks--those aw-shucks kinda guys who actually put together the package--to the degree that they got product of the year at the last Linuxworld Expo.
MacMillan should do the honorable thing and allow Mandrake to market the name of its distribution. There seems to be something quite faustian about his whole arrangement if you ask me; it's as if MacMillan went to Mandrake and said, "You could create the number one selling distribution, but it wouldn't be your name on it..."
That being said, I think they're doing a tremendous amount of good getting Linux out there, and we shouldn't take biased ravings(those geeks don't know what Linux is all about, thus he raved) too seriously--not even, mind you, from the person doing the raving. Five bucks says the guy was just quoting some out of line MCP guy off the record.
One lamer does not an organization doom...
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
What Canada Post is doing is "interesting"--authenticated email, hard traces, government backing--what we've yet to see is if they'll do it right. This is one of the first major deployments of a government-backed end-user market infrastructure, and its successes and difficulties will end up studied for quite some time.
However, while it borrows the imprimateur of the government, I'm not sure how much it actually exploits the vast resources governments as a whole spawn, and postal services in particular require.
The moment I read this story, I imagined that Canada Post might be facilitating convenient and efficient person to person transactions. Checks and money orders are incredibly inefficient, and the annoyance of compounded delays that permeate Online Auctions such as Ebay(send slip of paper, wait for slip of paper to arrive, wait for slip of paper to be converted to slips of paper redeemable anywhere for goods, wait for product to be mailed in response, hope nothing goes wrong) are just waiting for an efficient infrastructure to replace them--preferably one that could grow and deploy at the same impressive rate everything else online has sprouted.
I'm not expecting miracles. But postal services already support much of the (arguably inefficient, but definitely interesting) mass point-to-point package distribution system that's keeping Ebay in business. Through money orders, they're already directly involved in the actual exchanging of currency. Even the much maligned(and extraordinarily expensive) C.O.D. Delivery remains a strong historical precursor to what we're going to see the delivery person become.
As more transactions occur online, many of the functions the cashier once performed(everything from synchronizing the deal to acting as a buffer between management and the customer) will become shunted effectively into the delivery architecture. Deals agreed to via a Canada-post style secure email trail will have transactional paths drawn directly from one private citizen account to anothers--no cash to demand; your signature for delivery becomes your signature validating your willingness to pay.
Escrowed delivery and rock-solid paper trails are things that any of the major delivery providers can provide(and almost certainly will try), but I honestly think that government post has a serious advantage in this market--when it comes to designing systems that meet legal standards, being part of the organization that wrote those standards is both a PR coup and a legal benefit.
Of course, there are many, many issues I've glossed over, but I'd like to hear what others have to say about this.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Hate to be the pain in the ass demanding people be a bit consistent in their distaste for patents, but Ye Olde UltraHLE on Win32 *appears* to do a good chunk of automagic rewriting of processor instructions intended for another architecture.
;-)
I doubt it has the same kind of exception handling as we see described in this patent, though. Them TransMetans do some funky stuff
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Once you pull the pin, Mr. Grenade is no longer your friend.
Mr. Katz:
While I respect your postings greatly, it is plainly clear that you have neglected to observe some of the great technological failures of the past few years.
Who can forget the siren call of Push, which would flood us with more graphics and data than we could possibly handle? Oh, right. Everybody. Once the novelty of Internet Animation wore off, the concept of computers dialing away in the middle of the night, retrieving late data that merely looked pretty looked about as lame as it really was.
Look back a little farther, why not, to the misshappen history of Netscape Plug-Ins. I remember browsing through an index of dozens--soon to become hundreds--of plugins, all sorts of new features(and complexities--uh oh!) that people would have to install to get The Latest Web.
In fact, if you look at the last few years, an entire calvacade of fads have been propped up by VC-desperate firms who, no doubt, all either hire the same PR firm or read the same trade rags. Portals! Plumbing! MULTIMEDIA! It's the next big thing!
For things that are truly useful, success awaits. Everything else gets washed away in the toilet that is Internet Time.
New technologies and infrastructures barely get their name embedded into people's minds before they're revealed as either truly useful(Slashdot, eBay, Linux, Google) or utter garbage(take your pick). It's this massive environment of collaborative filtering that the non-technical sociologists utterly fail to comprehend.
I dunno. Maybe it's a bit of Patent Office grade It's-Net-So-It's-New syndrome, but the concept that people are going to spend hours upon hours searching through their five hundred channel guide is patently ridiculous. Scaling the willingness to poke through a TV Guide for few minutes up to poking through an online channel guide for a few hours is the height of illogic. It reminds me of an old joke--in 1976, there were a few hundred Elvis Impersonators, but by the late 80's, there were tens of thousands of 'em. At that rate, by the year 2030, one out of every three humans will be an Elvis Impersonator.
People who channel surf already will continue to do so, but the real advantage will come to those who will finally be able to watch those shows they want to see--and not just whatever random BS is on. As the channel model is debunked by the sheer quantity of stations advertising content viewers might wish to see, the power moves from the network program directors to the writers, the actors, and the producers of the shows the customers actually want to watch.
If, by some cruel trick of nature, people only watching the shows they want to see is a harbringer of inefficiency and "cyberclysm", then NBC, CBS, and ABC have been poisoning the water supply for quite some time now.
I have a good deal of trouble accepting some of the presumptions I see made. The Sharper Image has existed for most of my life--I recently found a catalog of theirs, and revelled in the memories of drooling over their inventive products--yet, strangely, I don't see most people walking around with GPS capable cufflinks yet. Apocolyptic ravings about featuritis don't take away from the fact that while Geeks Like Me will always be interested in the abilities granted by high degrees of technification, most of the population will have better things to do.
And yet, it's only when something comes from the geek realm into modern, everyday life that the bells start ringing.
Much like the Pokemon Lawyers suing themselves, suddenly a major Geek Champion has been caught in fear of encroaching geekdom?
Please. Using a search engine instead of a card catalog does not a disaster of epic proportions create. There are those who have not yet learned the basics of computer usage, but User Interface developments will continue as they have been since the web finally exposed networked connectivity to a world not raised on control characters and LaTeX markup. Overall, those who want to connect will be able to, unless a hurricane hits. That much technology isn't designed as disaster-proof as Ma Bell's network could be construed as a bad thing, I suppose. I'll have to look into that.
In the meantime, those portending a disastrous future of chemically aware porcelain should do well to know--nobody wants a damn camera in their crapper, except the prisons the things were invented for.
Overall, I think you hit on the strongest point of them all in your column: Perhaps the survivors will be the people with the simplest, not the most sophisticated, machines.
It is not an accident that the most successful concepts in all of technology are those that remain both the simplest and the most sophisticated. Grace and form, it seems, are as critical in high technology as they are in most human work, be it architecture, sculpture, or even perhaps law.
If any of the futurists quoted can convince me that all of the world will forever embrace that which completely flaunts all tenets of grace and form; if they can prove the mass population will ignore the precedent of their flashing 12:00's and throw themselves at that which is almost designed to thwart the desires of its users, you'd have a case for a Cyberclysm. However, the continual successes of those technologies that Do It Right(and the continual cycle of destruction that everything else is wrung through) tell me That's Just Not Going To Happen.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Once you pull the pin, Mr. Grenade is no longer your friend.
Being a perenial slacker(my roommate friends keep on telling me I'm going to get fired; I don't know what they're talking about. Why yes, I'm supposed to be at work right now. Why yes, I am working at home now. Oh shit, am I posting on slashdot? Accursed evidence!), I blasted through the archives of AY2K.
Jaw, meet floor.
NitroZac's strips are some of the funniest things I've seen in a very long time. Her parodies of the personalities that define our industry are drop dead hilarious. Having met Eric Raymond, seeing his, ah, preparations finally prove useful was among the most classic injokes I've ever been privy to. (No, I'm not linking to it. Go read through the AY2K's. Trust me, it's a classic.)
I love the perspective of these strips. I love the attention to detail that's poured nigh-obsessively into them. Their relevance is astounding, and the sheer amount of material parodied is...astounding.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
P.S.:
Geek Superiority, As Expressed In Terms Of Feminist Neoresocialization Acceptance Metrics
CHICKS BECOME DOCTORS: Men in the field spaz out. Women are intruding!
CHICKS BECOME LAWYERS: Men is the field spaz out. Women are intruding!
CHICKS BECOME COMPUTER GEEKS: Male geeks spaz out. Women are intruding! Hallelujah
Once you pull the pin, Mr. Grenade is no longer your friend.
(Sorry all for the public post. I don't have JSM2's private email.)
I attempted to email Gary, but the message was returned. Could you verify his address and contact me? I'd like to contact him, per your suggestion.
I checked google--yeah, this guy very likely would be interested in the software impacts of much of his economic theories. Particularly with the business model evolution I need to work on involving the future of software development--his input would definitely be appreciated.
Thanks!
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Once you pull the pin, Mr. Grenade is no longer your friend.
The phrase "Core Competency" is a [tm] trademark of Gary Hamel, a management science professor at the London Business School.
Did he come up with the concept that I named my paper after? Hurm, after I clean it up a bit(some significant alterations are in order after that rather interesting session I had at LWCE), I may toss the paper over to him for evaluation.
The term is reasonably public domain(hell, I've heard of it), but if he's the inventor of the field of thinking, it would behoove me to understand a bit more of what his theories are.
(For those who are wondering WTF all this is about--Core Competencies is an essay regarding the economics of Open Source. I brought it up when discussing the diseconomic meanderings of everybody's favorite registrar.)
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Once you pull the pin, Mr. Grenade is no longer your friend.
OK, gotta get the music to that strangely addictive game out of my head now.
Check out this piece of wholesome goodness, delivered in the same message as my (cleartext) domain hijacking password:
If you do not wish to receive e-mail from Network Solutions, click on this
+e-mail address and type "remove" in the
+subject line.
PLEASE NOTE: by opting to be removed from this list we will not be able to
+communicate to you, in real-time, on issues regarding your account.
The mind boggles. One of the primary aspects of the net's formative power is its ability to quickly report the consensus of a company's customer base. Emails such as the one recently sent to all domain owners--containing both an unprecedented security breach and a jaw-dropping amount of arrogance(read our spam or we lose your bill)--only serve to increase internal communication within NSI's customer base, and to erode and eliminate the trust that the company has built up over the years.
I am positive there are alot of others out there like myself who hold a great deal of technical respect for their extremely high-uptime management of the closest thing we have to a single point of failure. They've done much right, and honestly, they've scaled better than one might have expected considering their ever increasing workload and the sheer number of years they've been doing their job.
I almost see a parallel to Microsoft here. People complain that the Windows 9x kernel is buggy, but considering that it runs everything from ancient DOS games to 32 bit applications, it's a miracle it runs at all. There's some truly respectable hackery involved in that! However, nobody, not even Microsoft's staunchest allies will say that their businesspeople are the most ethical in the industry, and most of the industry will claim that the Microsoft businessdroids have even less faith in their coders than the Linux bigots.
Why else fudge the numbers and force the shipments? Nobody's going to run Internet Explorer unless they're forced to...so lets force 'em. That seems to be the mindset.
Similarly, the Network Solutions folks have pulled off some significant technical miracles, but their business side is obsessed with the concept that nobody cares about anything technical. Since nobody would use NSI if they had an alternative registrar, the quality and quantity of alternatives must be fought tooth and nail. Since NSI is nothing but its collection of names and addresses retrieved under contract from the federal government, they'll claim de facto ownership of the WHOIS database until the Commerce Department's gun is pointed at their head with the hammer cocked.
Nobody cares about name resolution, you see. The real fad is WEB BASED EMAIL; create accounts for people without even following basic security procedures!
Nobody would actually want any of the services offered by NSI through email, so issue a vague threat to cut off all email--even that which is critical to the operation of one's domain--unless the domain owner agrees to sift through the latest thing being hawked by NSI.
The more NSI does in this style, the more they disenchant, disenfranchise, and disconnect themselves from their customer base.
There's no logical reason for this to occur.
I call all of this the PARC Lemming Syndrome. Every hi-tech businessperson secretly(or not-so-secretly) laments that he or she wasn't there at Xerox PARC to bring all of those amazingly profitable inventions to market. The agony of imagining so many lost dollars causes them to try to milk whatever or wherever they're at without due concern for what this will actually do to the businesses Core Competency.
To the businessperson...maybe he's breaking loose, pulling ahead of the pack, about to lift off, ascend to new hights...or maybe she's in the middle of a herd, trailblazing, secure in the knowledge that together new possibilities are being forged.
The the customers, and the rest of us...just looks like a bunch of lemmings racing headlong towards a cliff.
I implore you, Network Solutions. Buy a clue. Get a twelve pack if needed. Your customers trust you because your uptime is unbeatable, your security is generally reasonably tight, and because you've been doing it right longer than anyone else in the business. I'm one of your customers. Before you tell me anything, offer me anything, or do anything, think of why I do business with you, and about what could make me stop.
Don't be a lemming!
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Once you pull the pin, Mr. Grenade is no longer your friend.
Interesting response. Entirely outside of what I expected.
/. moderator has a limited vocabulary.
/. moderator would mark this post as flamebait if I didn't limit my vocabulary.
For instance, you claim the following:
"you present the USPTO as some idealitic world far removed from any contraints."
Far from it. Rereading my post, I find that the federal courts are predisposed to favor the opinion of the official government body for determining patent fairness, the USPTO, when judging a patent infringement lawsuit. Such is the nature of the courts--stick to precendent, stay consistent, defer to experts.
My point was that the patent office is not an impartial judge of proper patentry, and as a method of power aggrandization will eventually attempt to usurp more and more power over obvious monopolies.
Again, I fail to understand how you could possibly claim that I believe the patent office exists without constraints; rather, I think that the primary constraints against it aren't truly counterbalancing, due to the expert deferrance. I also think new constraints will form as more and more money gets extorted from large companies.
While the ability to utilize patent extortion is a powerful source of leverage for many large corporations, the exposure possible from being extorted is so vast that we will see significant reforms on this front, if only because it will be cheaper to pay to get the law changed than to deal with the continual flow of frivolous patents.
Economics at work.
Lets look at some of the things you said. Could be fun.
This to me illustrates some of problems with the moderation as you present no real arguments but resort to long words. This then tells me that the average
This to me illustrates some of problems with your post as you present ad hominem attacks yet cannot intrepret long words. This then tells me that the average
Hint: The patent applications have many references to prior patents. The new patent is simply an extension of prior work.
This is not surprising. Here I am, arguing that the patent office is providing patents to more and more obvious things, and you're saying that the patent office is issuing patents related to previous patents.
The number 0 was novel once too, ya know.
You also have to consider, if you take a bunch of reference patents, then add something completely obvious(do it online!), you haven't particularly innovated much.
But, consider this. I have a great new concept for the internet. MS then figures that they also want this.
My good idea is gone. MS now has extended and embraced my idea.
We shouldn't be bashing Microsoft. They're standing up to Priceline. Brownie points from this Linux geek for that.
Lets extend your example into...like, reality. It's much more likely to be the other way around. MS has the money to patent any tiny idea that happens to spooge out in the middle of a board meeting, no matter how minute or obvious. You only patent your brilliance. Unfortunately, your one patent has been superceded by MS's thousands. They own your idea, or at least they threaten you into silence with expensive lawyers.
If I remember right, MS owns the concept to putting a computer in all those set top boxes that Everyone Will Buy and turning them into a distributed computing environment. Completely obvious to anyone in distributed computing.
Oh, sorry. Your great distributed computing idea...is now controlled by them. Sorry.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Once you pull the pin, Mr. Grenade is no longer your friend.
Literature? Why, the countervailing concept is the subtextual meaning.
Theology? Oh, God.
Slashdot? FIRST POST!
Patent Office? "Method for Anonymous Cowardice via failure to log in. Patent #123456789."
;-)
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Once you pull the pin, Mr. Grenade is no longer your friend.
Penumbra is to politics as digital is to computers as New World is to Cisco.
;-)
You just can't have a discussion on this topic without it, you see.
Yours Truly,
Dan Kaminsky
DoxPara Research(and Cisco
http://www.doxpara.com
Once you pull the pin, Mr. Grenade is no longer your friend.
Isn't there some patent clause against those patents that would be obvious to somebody in the trade?
Once you pull the pin, Mr. Grenade is no longer your friend.
Oh, I enjoy this.
Once Upon A Life, I used to debate competitively. A common procedure was to take some argument of the opponent and extend it to its "natural conclusion". Often these conclusions would be quite silly, and would be degraded as an example of Reducio Ad Absurdium(Reduction To The Absurd).
Saying that free software means that all programmers will starve to death would be a good example.
Saying that these programmers, in their hunger, will trigger a nuclear war that will destroy the earth is a realistic, debate world example. (I sh*t you not.)
Relevance, you ask? The absurd reduction of the concept that the patent office has the power to expand its own domain is that it will eventually allow ownership over the, well, patently obvious. An abusive debater would argue that government never, ever chooses to decrease its power, only to increase it(thus the use of counterbalanced powers--this way, one branch of government steals from another, and not from the overall pool of freedom), so the patent office would only limit its power grabbing up to the point where the courts would stop it.
Now, watch this. Since the patent office is the legal mediator between the "inventor" and the "infringer", it is ostensibly the objective expert in the matter of what makes a fair patent.
Courts defer to the experts. That the patent office possesses an extreme conflict of interest--it becomes more powerful(and rich) based on how much falls under its penumbra--is completely ignored.
So, given all that, the abusive debater would reduce the patent office into an agency that would apply patents to as much as it could possibly get away with, which would grow larger and larger with the passage of time, the deference of courts, and the greed of claimants.
Only what's funny is, as silly as this conclusion should be, we truly *are* seeing Reducio Ad Absurdium patents in widespread use. The concept of slapping a graphical advertisement on a virtual "page", just like one does with *gasp* real pages--this is not particularly inventive.
Neither, incidentally, is the exploitation of the most obvious security hole in cookie design. Nor, for that matter, naming your own price for a product and hoping somebody accepts it. (Ever been to a flea market?)
The general theme seems to be, if it's something common put online, it's automatically new and patentable. Not only is this an absurd conclusion, it's *debate* level absurd.
That basically means, from a philosophical point of view, one is ignoring every single piece of contravening reality to come to some conclusion that you desired in the first place. Amazingly, this pretty much describes what the patent office is doing.
But there's some beauty in all of this--remember when I was talking about counterbalanced powers? One agency of government has built up a pretty decent power base through its greed, but its completely unsecured. There's no "legitimacy value" to this power, so the potential exists to a) extract large amounts of campaign funding and b) get prestige and national name recognition(Americans love seeing corruption exposed, much like they like moving flower pots and seeing the insects writhe in the sunlight.) by going after the patent office.
In other words, greed will counter greed.
The more ridiculous the patents get, the more exposed businesses small and large become. The more exposed, the more willing to support a "champion" to defend their rights.
The Patent Agency is contributing to its own emasculation. This latest patent is just more of the same.
Run Lemming Run!
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Once you pull the pin, Mr. Grenade is no longer your friend.
apple's tcp/ip stacks have been vulnerable to the same bugs as MS, linux, and *bsd stacks have been; eg, ping o' death (oversize ping packet).
(I like the italicizing method.)
Hurm. That's right. They're all the same TCP/IP stack, barely rewritten. How ironic! The ultimate interoperable protocol only existed not just because of open specifications but literal *open source*...and *every* OS player agrees, if not in their words, then in their actions.
Fascinating.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Once you pull the pin, Mr. Grenade is no longer your friend.
(Disclaimer: Apple folks, I have a moral obligation to tweak macs. I grew up with an Apple IIgs.)
Ah, yes. There's nothing like a brick wall to prevent someone from breaking the lock.
MacOS actually gets some bonuses from its, uh, quaintly anachronistic operating system tendancies. (This is not a flame. I think it's cute to tell an application how much memory it gets. See disclaimer. Tweak. Tweak.) For example, the fact that the entire OS is really built to communicate over Appletalk instead of TCP/IP means there's absolutely *nothing* open by default for abuse on the general Internet.
Those who remember these kind of things will note that *the* definitive, original WinNuke was a bug in the TCP handling of an "Out Of Band" packet sent to port 139 on a Windows box. Open door. Boom.
As much as I love Linux, there are more open ports in your standard issue distribution than you're likely to find in an average brothel. Unix in general is hooked into TCP/IP addiction on a practically native level.
The speed on the mac might not be great. The stability probably won't be perfect, but who knows. With much less embedded functionality, there's Just Less To Break.
"We here at the US Army know that the most secure computer is the one that isn't plugged in. We use the next best thing."
Yours Truly,
Dan "Must Never Post When He's This Tired" Kaminsky
DoxPara "Will Have No Memory Of This Post" Research
http://haveasenseofhumor.www.doxpara.com
Once you pull the pin, Mr. Grenade is no longer your friend.
Looks like my mind goes into random fact mode when heavily deprived of sleep. (I'm literally having eye spasms here. Somebody save me and patch uulib/mmencode directly into SLiRP and pppd for me).
Anyway, undersea copper cables carry so little traffic relative to fiber that they're no longer used for data transmission--some scientists have been taking them over as a means for analyzing the earth's magnetic field. In other words, lets see what happens when we do nothing to them...we've come along way since when once of the first(*the first*?) transatlantic telegraph cables was literally burnt out when the scientist operator on one end was so obsessed with getting voice signals over a cable never intended for such that he jacked up the voltage higher, and higher, until boom...
Then again, maybe we haven't come that far *after* all...;-)
"Sir! Sir, our transmissions from the NSA are being interrupted by...my god, will somebody get that 16 year old out of that alt.binaries group? We'll be down for hours!"
Yours Exhaustingly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Once you pull the pin, Mr. Grenade is no longer your friend.
>AT&T Labs who developed VNC used a technology like that to make your home session appear on any terminal you walk by in their office. Cool.
nononono!
AT&T *bought* ORL, the research lab collaboration between Olivetti and Oracle(I believe). VNC was already an extremely mature platform at the time of purchase, thanks to the extraordinary labors of its core programmers. (Heh Wez.)
I'm tempted to agree with those who worry most about individual credit for projects being supplanted by corporate attention-mongering. Not that AT&T has done anything bad...well, yet.
AT&T did try to sue to get BSD back, if I remember correctly...
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Once you pull the pin, Mr. Grenade is no longer your friend.
Supposedly--mind you, I'm a city boy, so WTF do I know--large chunks of the cross country power grid are just unshielded solid cable. Why pay to insulate over those kind of distances, when you can just shove the cables up pretty high and hope nothing like a large-winged eagle will short your cables...
"KFE: The Official Dinner of BFE."
The point is, sometimes when you design to the minimum specification, things get burnt. Most power grids were designed for tossing out 60hz AC at the endpoints. Higher frequency artifacts were just never considered in the design specs. So basically we're left with an infrastructure that truly *is* universally available(power company goes *almost everywhere*, because private power is still expensive--this'll change), but we can't use these wires all over the place because of a failure in foresight.
The most powerful example of not seeing where things were going involves Sprint--as far as I've heard, which, again, probably ought to be verified, is that when they laid their thousands of miles of cable they only put in a few strands apiece. All the money was spent doing the truck roll...and barely anything on expandability for the future.
There's a lesson here. We all seem to thing where things are going. I think technologists need to start quantifying the degree of unsurity in technological prediction, so that companies like Sprint and Nortel can evaluate their decision makings on much large timespans.
Well, at least that's what I think.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Once you pull the pin, Mr. Grenade is no longer your friend.