I could write an article entitled "The six dumbest ways to secure your house." I'd start out with something like: "Locking your front door. People put strong locks on the door, when right next to it you have a windows made of fragile glass! Hello?!? Anyone with a brick can knock out the glass and walk right in!!!"
Broken glass is very good at rupturing arteries. Also, it makes a bit of noise when you break the glass. If burglars break glass, it's usually so they can open a door by using the handle from the inside, which only requires putting their arm through the broken window. Surely you are aware that burglars still force locks?
Whatever you do, dear God, don't let the scientists come up with the movie titles! I mean, they'll come up with a movie called "Phencyclidine", instead of "Angeldust".
Knowledge is power here, guys -- it's important to understand the difference between people who set about profiting off of other people's works, vs. the people who write IM applications.
You know the difference between those two? It's only that "people" writing respectable applications like IM are actually large software and media corporations, the same ones buying this legislation; like AOL-TimeWarner, Microsoft..
Which is why internet explorer isn't classified as a piracy device, even though the main function it has is to download material from the internet without prior permission to copy it. It's supported means for authorized copying (i.e. authentication) are so lackluster, they might as well be non-existent!
PS: you don't have permission to copy this post to your cache. Pirate!
McLeod has Fiber running 150 feet from my house along County Rd 46. I don't have access to those lines and they are likely sharing the "public space".
So why are they being treated differently? If we are going to regulate/deregulate due to public space I want access to that Fiber.
The EU regulations, which are pretty sane, have a simple distinction. Run a network open to the public and you get regulated, but you get unparalleled access to public lands. Run a private network and you're at the mercy of local government collecting huge amounts of money for a permit.
And here's the rub; if you run a public network (such as cable, dsl, etc. for IP, telephony, even pagers) you're regulated by your friendly national telco watchdog, who insist on calling everyone who has more than 25% of a market's share a monopolist (DSL being 1 market, cable being 1 market, etc.), which gives them the option to force you to bring your prices down to cost+a reasonable profit.
The reason youth is important is that old-hands tend to get stuck in a rut. They get used to doing things a particular way and loose the ability to step back and see what it is that is really going on. Look at any online resume of an experienced coder. Odds are, most such folk have a very few skills they have honed to perfection - with the consequence that they can do next to nothing with them.
In my experience, people get stuck in some niche as a "specialist" because of the people around them perceiving them that way. It's unfathomable to most people that you can be good at new stuff; in fact, that you can be a generalist, knowing your way about many specialized topics, not just the one.
In fact, one company I know has a policy that people from one department (say, the oracle implementation department) are not allowed to pick up a book on some other technology, because they could have spent that time on specializing even more. More specialized = more bucks. Of course, that sort of pigheaded narrowmindedness kills any efficient collaboration across technologies, never mind interoperability or innovation.
This "small elite" of people who can "change the world" are actually not unlike, say, the top 5% of their profession (a lot more than 500 people), it's just that they're being given the proper preconditions to flourish. Like, having a boss that isn't straight out of Dilbert. Or, not working for a government department. Not being bogged down by office politics. Not having to worry about patents. That sort of thing.
As it is, most people have to work for a living, working in fucked up organizations, for fucked up bosses, being frustrated all the way.
Google isn't really doing anything no-one has thought about doing before, it's just that their propellorheads are given an ability to execute.
sure he settled with his company beforehand, their scope on the issue goes no further then a violation of trade secrets and treats it accordingly.
Bullshit. Cisco has just as much interest in ensuring their kit is safe from insider attacks as the government. If they wanted to prevent loose lips from sinking ships, they wouldn't have settled.
Did this guy publish an exploit? No. Any details not know already? No.
From TFA: Although Lynn demonstrated for the audience what hackers could do to a router if they exploited the flaw, he did not reveal technical details that would allow anyone to exploit the bug without doing the same research he did to discover it.
i understand the need to question government just as much as you, but framing every action by them as some kind of totalitarian oppression kind of nullifies your point. if you cant see the issues this Lynn's expose' conjure's, then you have one eye open, but another one closed
the issue is also about how he reported the flaw, not just tha he did. Cisco has its own vunerability submission protocols in house, be he instead showed his findings at a Black Hat conference instead, exposing it to any savvy hacker willing to act on them.
Yes, and this is exactly why the FBI should get involved! The army has stringent oversight procedures for this sort of thing, and to reveal flaws in top-secret installations without even going up the chain of command is tantamount to treason!
Oh wait. The dude isn't in the army. Or in government. Actually, his former employer settled the case. So the overriding federal government interest in this is...? Why, you might be forgiven to think "nothing at all, in fact, this sort of thing is precisely why such liberties as freedom of the press exist; even though this is a lone individual, surely some type of whistle-blower protection would exist that covers this, otherwise the public would never be made aware of critical flaws in the nation's privately-owned infrastructur until it was too late!"
But apparently, you'd be wrong. You see, by merely mentioning, without even going in to much specifics, that it might be possible for some-one else to exploit a flaw in Cisco's equipment, this guy has clearly commited a thought-crime. That's because warning people about security flaws is exactly the same as instructing people in cyberwarfare, and issueing commands to them to act on your behalve to bring down Western Civilization as we know it. You see, no difference there at all.
Of course, this is also why trains never run on time. If the published time tables were accurate, the railways would get prosecuted by the FBI for inviting people to commit suicide by throwing themselves in front of the 18:02 train.. Bet you didn't know that!
Really, how serious a threat is this? If someone has unrestricted physical access to your machine then you're already in serious trouble.
Plugging in a USB device isn't unrestricted physical access. With USB memory sticks basically replacing floppy disks, this is a serious threat. Especially in places like universities that have fairly restricted workstations, messing around with a computer's case, or plugigng into ethernet would be immedeately obvious. Plugging in a USB device, getting administrator rights and spamming to your hearts content is a lot less obvious.
Whereas if Google went bankrupt tomorrow, I would honestly be devastated. Heck, even my grandmother would be upset, she'd wonder where "the Internet" went. Granted, the vacuum would be filled very quickly by one or more entities.
Riiight. Now, let's replace "Google" in that sentence with other hot internet destinations that have fallen from grace. AltaVista? Webcrawler? Yahoo? Hotmail, even?
Hardly anything Google does is unique. It may be preferred by many, because its search engine is cleaner, its ads less obtrusive, its webmail more spatious.. But it's nothing you can't get anywhere else. In fact, lately I've started going to alltheweb.com when google's results seem paltry. (check here for interesting search engine statistics, including the fact that search engine results hardly overlap.)
So? If you're paying for Oracle RDBMS, cost of disk space is the least of your worries. (I believe that the licensing for Oracle on my current project is around 12K/CPU, and the DB machine has 4 CPUs...)
You'd think so, but it's pretty annoying when your laptop's harddrive fills up.. It's not just 8-way opterons that Oracle gets installed on during development and testing..
Jerry Sinfield racks up 100+ parking tickets in NYC for parking in handicapped or fire zones. He publicly says "I have enough money to pay those tickets, it is the price of parking where I want. And if I am toed, I have someone else who can bring me another porche"
As an aside, this is why some Scandinavian countries have traffic fines that are expressed in relative (percentage of gross income) rather than absolute terms.
What the world of online shopping really needs, well, at least I'm speaking for the situation in The Netherlands, is for online stores that sell clothes to sort them by size-availability. I'm only interested in things that fit me, and when I can get those (now or in 1-2 weeks). I hate browsing through a dozen pages only to find out nothing is available in my size. I hate browsing through racks in stores as well, but at least you can argue that in a store hanging the same kind of clothes together is more appealing; sorting the results slightly differently on a database-driven site is SO easy, why don't they do it??
Oh wait, I shouldn't have shot off my mouth like this, now Amazon is sure to patent it.
Why aren't the message times marked by the SMTP server itself?
They are, just look for the Received: header. Some software (Outlook) makes it hard to look at these headers, but they are there.
Even then, why does the SMTP server accept e-mails from the past?
Because of the store-and-forward nature of SMTP. In a typical situation, your mail is first delivered to your local SMTP server and then sent to the remote SMTP server. And some sites have complicated setups with multiple servers even within their own organization forwarding the messages a few times. Since delays and downtime can creep in a few places, there's no good reason to deny "old" messages. Although unlikely dates are usually flagges by anti-spam software as being suspicious.
More generally, SMTP doesn't try to check the authenticity of message headers or content in any way. Which is why you can also "forge" the From-address, etc.
Oh, yes, you're right. Amazon should do exactly what IBM is doing to defend against SCO. Oh wait, they are.
IBM is making counterclaims AND asking the courts to rule on the original infringement claims. Amazon isn't doing the latter. I mentioned IBM because of them doing the first, to illustrate that you can ask the courts to judge on claims that have already been dropped. Perhaps I could've picked a better example, seeing as IBM are also claiming other patents; the example I was going to post was that magazine that asked the courts to rule that their article about the Phantom console was on the legal up-and-up, even though the Phantom people weren't bringing any claims. I couldn't remember the name of the magazine (can't now either) or of the Phantom console at the time though.
My first thought was that this seems like a classic case of defensive patent action, and is fair game in my book.
No, that would have been if Amazon asked the courts to rule on the case that Cendant dropped. Much like IBM is now asking the courts to entertain SCO's original copyright infringement claims that SCO has since dropped.
Amazon is bringing a new suit, based on their own obvious bullshit patents. While it may be tit-for-tat, it's hardly justified.
Norton products simply suck ass. Their only saving grace is the enterprise edition of their virusscanner, anything marketed to consumers is basically complete crap.
Having said that, as a consumer you can settle for a free firewall as well. Check out Sygate's offering. Not quite suitable for your mother perhaps, but a pretty good program. It even nags about services that the windows firewall won't nag about.
For use in a network of windows workstations administered by a non-n00b, I like tdi_fw. It's simple, straightforward, and has a whole lot of nifty features. The user doesn't even get to see it, it's a service that reads its config from a text file and does the job. It'll even recognise processes (iexplore.exe) or play sounds when connections are blocked. Only drawback of the thing is that you need to restart the service for it to re-read its config.
Per CPU licensing makes no sense anyway. It gives no indication how heavily an application is used, or how important it is to a business. For databases, it would make more sense to have a license for X thousand transactions, or Y amount of data. After all, databases are used for doing transactions and storing data. (Don't let Oracle get wind of this idea though, I've got an Oracle database that's more than 1GB in size but compresses down to 30MB! This pricing model will be the ideal excuse for them to take up even more disk space..)
The reason licenses are tied to hardware or to seats is probably because it's easy to justify these as a "cost of doing business" to suits. While projects usually have the greatest difficulty getting an OK for money to go towards programmers, expensive hardware is purchased willy-nilly, on the basis of "well, now we've got this application, we need to run it, or else the money we spent on programming it is wasted!". So tying your database license to CPUs makes more of an afterthought. (Just like performance, scaleability and actual volumes are an afterthought).
The same goes for seats; you just HAVE to license one copy of Microsoft Office or an OS or a database for every employee, otherwise you're paying (some) employees for basically standing around! Then, to recover costs, you make sure they have very little access to things like notepads, pens, or copying machines, since those dimes add up, don't you know?
And of course the "you can't prove that it's impossible" argument applies to everything; by that argument I could be a sentient bowl of cinammon custard, but it's not productive to consider that idea.
Actually, falsifiability is a core concept in scientific endeavor. Also, it can be quite easily disproved that you're not a bowl of cinnamon custard; for one, I'm sure you don't taste as nice.
Right now, you can always take the kids to Six Flags if you don't like Disney's rules. You can always petition Disney to change as well.
Well, if you're being all libertarian and all that, I propose that to enable Six Flags to compete on a level playing field, we strip Disney of their copyrights as long as they're being asshats.
Slashdot Mirror
I could write an article entitled "The six dumbest ways to secure your house." I'd start out with something like: "Locking your front door. People put strong locks on the door, when right next to it you have a windows made of fragile glass! Hello?!? Anyone with a brick can knock out the glass and walk right in!!!"
Broken glass is very good at rupturing arteries. Also, it makes a bit of noise when you break the glass. If burglars break glass, it's usually so they can open a door by using the handle from the inside, which only requires putting their arm through the broken window. Surely you are aware that burglars still force locks?
Whatever you do, dear God, don't let the scientists come up with the movie titles! I mean, they'll come up with a movie called "Phencyclidine", instead of "Angeldust".
Knowledge is power here, guys -- it's important to understand the difference between people who set about profiting off of other people's works, vs. the people who write IM applications.
You know the difference between those two? It's only that "people" writing respectable applications like IM are actually large software and media corporations, the same ones buying this legislation; like AOL-TimeWarner, Microsoft..
Which is why internet explorer isn't classified as a piracy device, even though the main function it has is to download material from the internet without prior permission to copy it. It's supported means for authorized copying (i.e. authentication) are so lackluster, they might as well be non-existent!
PS: you don't have permission to copy this post to your cache. Pirate!
McLeod has Fiber running 150 feet from my house along County Rd 46. I don't have access to those lines and they are likely sharing the "public space".
So why are they being treated differently? If we are going to regulate/deregulate due to public space I want access to that Fiber.
The EU regulations, which are pretty sane, have a simple distinction. Run a network open to the public and you get regulated, but you get unparalleled access to public lands. Run a private network and you're at the mercy of local government collecting huge amounts of money for a permit.
And here's the rub; if you run a public network (such as cable, dsl, etc. for IP, telephony, even pagers) you're regulated by your friendly national telco watchdog, who insist on calling everyone who has more than 25% of a market's share a monopolist (DSL being 1 market, cable being 1 market, etc.), which gives them the option to force you to bring your prices down to cost+a reasonable profit.
The reason youth is important is that old-hands tend to get stuck in a rut. They get used to doing things a particular way and loose the ability to step back and see what it is that is really going on. Look at any online resume of an experienced coder. Odds are, most such folk have a very few skills they have honed to perfection - with the consequence that they can do next to nothing with them.
In my experience, people get stuck in some niche as a "specialist" because of the people around them perceiving them that way. It's unfathomable to most people that you can be good at new stuff; in fact, that you can be a generalist, knowing your way about many specialized topics, not just the one.
In fact, one company I know has a policy that people from one department (say, the oracle implementation department) are not allowed to pick up a book on some other technology, because they could have spent that time on specializing even more. More specialized = more bucks. Of course, that sort of pigheaded narrowmindedness kills any efficient collaboration across technologies, never mind interoperability or innovation.
This "small elite" of people who can "change the world" are actually not unlike, say, the top 5% of their profession (a lot more than 500 people), it's just that they're being given the proper preconditions to flourish. Like, having a boss that isn't straight out of Dilbert. Or, not working for a government department. Not being bogged down by office politics. Not having to worry about patents. That sort of thing.
As it is, most people have to work for a living, working in fucked up organizations, for fucked up bosses, being frustrated all the way.
Google isn't really doing anything no-one has thought about doing before, it's just that their propellorheads are given an ability to execute.
sure he settled with his company beforehand, their scope on the issue goes no further then a violation of trade secrets and treats it accordingly.
Bullshit. Cisco has just as much interest in ensuring their kit is safe from insider attacks as the government. If they wanted to prevent loose lips from sinking ships, they wouldn't have settled.
Did this guy publish an exploit? No. Any details not know already? No.
From TFA:
Although Lynn demonstrated for the audience what hackers could do to a router if they exploited the flaw, he did not reveal technical details that would allow anyone to exploit the bug without doing the same research he did to discover it.
i understand the need to question government just as much as you, but framing every action by them as some kind of totalitarian oppression kind of nullifies your point. if you cant see the issues this Lynn's expose' conjure's, then you have one eye open, but another one closed
Not "every action". This particular one.
the issue is also about how he reported the flaw, not just tha he did. Cisco has its own vunerability submission protocols in house, be he instead showed his findings at a Black Hat conference instead, exposing it to any savvy hacker willing to act on them.
Yes, and this is exactly why the FBI should get involved! The army has stringent oversight procedures for this sort of thing, and to reveal flaws in top-secret installations without even going up the chain of command is tantamount to treason!
Oh wait. The dude isn't in the army. Or in government. Actually, his former employer settled the case. So the overriding federal government interest in this is...? Why, you might be forgiven to think "nothing at all, in fact, this sort of thing is precisely why such liberties as freedom of the press exist; even though this is a lone individual, surely some type of whistle-blower protection would exist that covers this, otherwise the public would never be made aware of critical flaws in the nation's privately-owned infrastructur until it was too late!"
But apparently, you'd be wrong. You see, by merely mentioning, without even going in to much specifics, that it might be possible for some-one else to exploit a flaw in Cisco's equipment, this guy has clearly commited a thought-crime. That's because warning people about security flaws is exactly the same as instructing people in cyberwarfare, and issueing commands to them to act on your behalve to bring down Western Civilization as we know it. You see, no difference there at all.
Of course, this is also why trains never run on time. If the published time tables were accurate, the railways would get prosecuted by the FBI for inviting people to commit suicide by throwing themselves in front of the 18:02 train.. Bet you didn't know that!
Really, how serious a threat is this? If someone has unrestricted physical access to your machine then you're already in serious trouble.
Plugging in a USB device isn't unrestricted physical access. With USB memory sticks basically replacing floppy disks, this is a serious threat. Especially in places like universities that have fairly restricted workstations, messing around with a computer's case, or plugigng into ethernet would be immedeately obvious. Plugging in a USB device, getting administrator rights and spamming to your hearts content is a lot less obvious.
Whereas if Google went bankrupt tomorrow, I would honestly be devastated. Heck, even my grandmother would be upset, she'd wonder where "the Internet" went. Granted, the vacuum would be filled very quickly by one or more entities.
Riiight. Now, let's replace "Google" in that sentence with other hot internet destinations that have fallen from grace. AltaVista? Webcrawler? Yahoo? Hotmail, even?
Hardly anything Google does is unique. It may be preferred by many, because its search engine is cleaner, its ads less obtrusive, its webmail more spatious.. But it's nothing you can't get anywhere else. In fact, lately I've started going to alltheweb.com when google's results seem paltry. (check here for interesting search engine statistics, including the fact that search engine results hardly overlap.)
So? If you're paying for Oracle RDBMS, cost of disk space is the least of your worries. (I believe that the licensing for Oracle on my current project is around 12K/CPU, and the DB machine has 4 CPUs...)
You'd think so, but it's pretty annoying when your laptop's harddrive fills up.. It's not just 8-way opterons that Oracle gets installed on during development and testing..
Jerry Sinfield racks up 100+ parking tickets in NYC for parking in handicapped or fire zones. He publicly says "I have enough money to pay those tickets, it is the price of parking where I want. And if I am toed, I have someone else who can bring me another porche"
As an aside, this is why some Scandinavian countries have traffic fines that are expressed in relative (percentage of gross income) rather than absolute terms.
I think in Texas some mom killed another cheerleader so her daughter could get on the team and have less competition.
You must be referring to The Positively True Adventures of the Alleged Texas Cheerleader-Murdering Mom..
What the world of online shopping really needs, well, at least I'm speaking for the situation in The Netherlands, is for online stores that sell clothes to sort them by size-availability. I'm only interested in things that fit me, and when I can get those (now or in 1-2 weeks). I hate browsing through a dozen pages only to find out nothing is available in my size. I hate browsing through racks in stores as well, but at least you can argue that in a store hanging the same kind of clothes together is more appealing; sorting the results slightly differently on a database-driven site is SO easy, why don't they do it??
Oh wait, I shouldn't have shot off my mouth like this, now Amazon is sure to patent it.
Going on previous layoff stories, I give it about 30 seconds before the first "see how evil corporations are?" reply.
Riiiight.. So you're only avoiding the flamewar by pre-emptively taking the troll bait and posting some non-responses to straw man arguments?
Bob: "We find it's always better to fire people on a Friday."
Bob: "Studies have statistically shown that there's less chance of an incident if you do it at the end of the week."
Why aren't the message times marked by the SMTP server itself?
They are, just look for the Received: header. Some software (Outlook) makes it hard to look at these headers, but they are there.
Even then, why does the SMTP server accept e-mails from the past?
Because of the store-and-forward nature of SMTP. In a typical situation, your mail is first delivered to your local SMTP server and then sent to the remote SMTP server. And some sites have complicated setups with multiple servers even within their own organization forwarding the messages a few times. Since delays and downtime can creep in a few places, there's no good reason to deny "old" messages. Although unlikely dates are usually flagges by anti-spam software as being suspicious.
More generally, SMTP doesn't try to check the authenticity of message headers or content in any way. Which is why you can also "forge" the From-address, etc.
Oh, yes, you're right. Amazon should do exactly what IBM is doing to defend against SCO. Oh wait, they are.
IBM is making counterclaims AND asking the courts to rule on the original infringement claims. Amazon isn't doing the latter. I mentioned IBM because of them doing the first, to illustrate that you can ask the courts to judge on claims that have already been dropped. Perhaps I could've picked a better example, seeing as IBM are also claiming other patents; the example I was going to post was that magazine that asked the courts to rule that their article about the Phantom console was on the legal up-and-up, even though the Phantom people weren't bringing any claims. I couldn't remember the name of the magazine (can't now either) or of the Phantom console at the time though.
My first thought was that this seems like a classic case of defensive patent action, and is fair game in my book.
No, that would have been if Amazon asked the courts to rule on the case that Cendant dropped. Much like IBM is now asking the courts to entertain SCO's original copyright infringement claims that SCO has since dropped.
Amazon is bringing a new suit, based on their own obvious bullshit patents. While it may be tit-for-tat, it's hardly justified.
Use port 443. As a bonus, corporate firewalls will think it's an HTTPS site and you can log in to your box from work.
Norton products simply suck ass. Their only saving grace is the enterprise edition of their virusscanner, anything marketed to consumers is basically complete crap.
Having said that, as a consumer you can settle for a free firewall as well. Check out Sygate's offering. Not quite suitable for your mother perhaps, but a pretty good program. It even nags about services that the windows firewall won't nag about.
For use in a network of windows workstations administered by a non-n00b, I like tdi_fw.
It's simple, straightforward, and has a whole lot of nifty features. The user doesn't even get to see it, it's a service that reads its config from a text file and does the job. It'll even recognise processes (iexplore.exe) or play sounds when connections are blocked. Only drawback of the thing is that you need to restart the service for it to re-read its config.
Mental note; when moving into a new neighborhood with a lot of white trash families, don't announce one's condition as "I'm a Haemophiliac".
Come to think of it, don't mention "I die pretty easily if you get me bleeding" when a bar fight starts either.
Per CPU licensing makes no sense anyway. It gives no indication how heavily an application is used, or how important it is to a business. For databases, it would make more sense to have a license for X thousand transactions, or Y amount of data. After all, databases are used for doing transactions and storing data. (Don't let Oracle get wind of this idea though, I've got an Oracle database that's more than 1GB in size but compresses down to 30MB! This pricing model will be the ideal excuse for them to take up even more disk space..)
The reason licenses are tied to hardware or to seats is probably because it's easy to justify these as a "cost of doing business" to suits. While projects usually have the greatest difficulty getting an OK for money to go towards programmers, expensive hardware is purchased willy-nilly, on the basis of "well, now we've got this application, we need to run it, or else the money we spent on programming it is wasted!". So tying your database license to CPUs makes more of an afterthought. (Just like performance, scaleability and actual volumes are an afterthought).
The same goes for seats; you just HAVE to license one copy of Microsoft Office or an OS or a database for every employee, otherwise you're paying (some) employees for basically standing around! Then, to recover costs, you make sure they have very little access to things like notepads, pens, or copying machines, since those dimes add up, don't you know?
Call me a cynical bastard if you will..
And of course the "you can't prove that it's impossible" argument applies to everything; by that argument I could be a sentient bowl of cinammon custard, but it's not productive to consider that idea.
Actually, falsifiability is a core concept in scientific endeavor. Also, it can be quite easily disproved that you're not a bowl of cinnamon custard; for one, I'm sure you don't taste as nice.
Disney is not a part of your government.
Which doesn't make it OK for them to be asshats.
Right now, you can always take the kids to Six Flags if you don't like Disney's rules. You can always petition Disney to change as well.
Well, if you're being all libertarian and all that, I propose that to enable Six Flags to compete on a level playing field, we strip Disney of their copyrights as long as they're being asshats.