The patent applicant/defender is supposed to provide information about anything that could be considered prior art. If Amazon had been lax about that, the same people screaming now would have been complaining that Amazon wasn't thorough in its filing.
Second, what they're gathering is just a number (the BSSID, which is the unique base station identifier for networks that are set to broadcast). They do not access the network. And they can't provide any kind of exact correlation. Nor is there a way to associate BSSIDs with individuals or addresses in their system or elsewhere. (It's also not all home networks; there are millions and millions of business networks also being recorded.)
Exactly. There is no harm in anyone knowing that the wi-fi access point near or at my physical address has such and such BSSID. It doesn't add to any tool set that would allow someone to monitor me or my activity. All it means is that someone passing through my neighborhood can find out where they are by listening for my and other's APs. These are merely just electronic landmarks that have been mapped out. The BSSID of my AP is never passed along the net in such a way that it could be used for tracing some packet back to my location.
The reaction to these should be "neat idea, I wonder if it will work" instead of paranoid hype about privacy.
If anyone can think of a way that some three letter agency could make use of that database to invade anyone's privacy, please spell out the details.
The only thing that I can see is for marketers wanting to know the install base for D-link versus Linksys, etc. I suppose that Linksys could find that I'm using a D-link and send mail to my street address encouraging me to switch. But that is the worst I can imagine.
While I deplore the growing extent of government snooping, I think that such comparisons with the Soviet Union are misleading. I don't think that anyone who has lived under a communist dictatorship would suggest that the US is in the same league with respect to domestic spying.
When protesting government intrusion in the US, it is very useful to hold up the Soviet Union as an example of what is wrong with lack of protection of privacy. But to suggest that we are already (or even nearly) there makes one look foolish to anyone who's experienced the real thing.
I can't speak to the difference between IPCop and Smoothwall, but the difference between those two and monowall is enormous. Monowall is designed to run on very small systems. I recommend it on a Soekris net4801 where monowall can fit on an 8MB Compact Flash card. If energy consumption and space are a concern for you than something like monowall is great.
If, however, you want to do any kind of proxying (Squid for example) or run larger services off of the firewall and you have some old spare machine to use than something like IPCop maybe the right way to go.
I like keeping a powerful and flexible firewall (monowall) as a unit by itself. If later, I want to add web proxying, I can always put that on a separate box, and simply set the firewall to only allow web requests from the proxy.
But there are plenty of cases, where I've recommended something like Smoothwall/IPCop.
What about just adding small random timing loops into the encryption algorithm?
Apparently that is already done to thwart what the paper calls "classical timing attacks", but this attack is going after shared information about optimization. That information sharing seems part of the CPU architecture from my brief look at the paper.
Let's consider the source (a tech support person's comment). And then neither a confirmation nor denial from MS. MS may be considering such a policy, but it is probably just one of many being considered.
However, MS may see some benefit in allowing the rumour to circulate. MS has made no statement, but now there will be some real fear that unlicensed machines will get shutdown. This won't scare many individuals with unlicensed copies, but it will scare businesses that are running lots of machines with unlicensed copies. As long as the rumor seems reasonably credible, they will have to sort out their licenses before doomsday.
I think it's a bluff. But if I were an owner of a business running unlicensed copies of XP, I wouldn't be willing to call that bluff.
I've read the FA and the English language links from it, but an important question is left unanswered. If I purchase media with this tax, does that give me the right to make copies of material I otherwise would not have the right to copy?
If you (or someone) could shed some light on this, that would be very helpful. Then we could be discussing the specific stupidity of the law instead of guessing at which parts make utterly no sense and which parts make some sense, but remain stupid.
To do a third-party reset you have to be able to send the reset in real-time or each endpoint will have advanced their sequence window (actually the ack window is what matters).
Remember that in this case the third party is in the middle and so is perfectly capable of sending resets in time.
Exaclty. It is hardly news that social insects communicate with each other and that they do so by interacting with each other. And just because all participate in the decision doesn't mean that it is democratic. I suspect that the actual scientific paper behind TFA has more to say. That is, I suspect that there is a proposed algorithm that individual roaches follow that lead to the group behavior. But from TFA there is no news here.
What is often said about computers applies to cockroaches as well: Don't anthropomorphize them; they hate it when you do that.
I manage firewalls for some small and medium sized businesses. I used to have a default allow policy for out-going and blocked individuals hosts or ports as the need came up. But as time went on, it became clear that a default deny policy was the only maintainable way to go. Also it helped catch compromised machines on the local network that were trying to phone home.
As for what to allow users to do, that's changed as well. Years ago the network access was a perk of the job. But that has been cut back over time. When a user's home directory is filled with a Gig of mp3s we have to quota or monitor disk usage.
For one company when setting up spam filters we had a lot of "false positives" in that people had genuinely subscribed to lists with daily horoscopes or the latest buzz from the music scene or for special deals on travel or the like. When faced with such things, it is hard to figure out what the user genuinely subscribed to or not. The boss (correctly in my view) said to treat those neither as "false positives" or as "true positives". That is, I should make no special effort to block those, but if I do block them, that is perfectly OK.
We can and do scan for malware that comes into the mailserver, but unless I set up an IMAP and POP proxy there is little I can do about malware that enters our network through those means. Having most desktops running Linux and absolutely banning Outhouse on the few MS machines helps. But if that were not the option, I'd think that blocking or proxying IMAP/POP is an option worth considering.
The simple fact of the matter is that "default deny" really is security model companies should be moving toward. If it means that network access is no longer the perk it once was, then business will have to find other ways to keep their employees happy.
First M$ creates an entire industry focused around fixing holes in their OS. Now they are threatening to fix their own holes and that industry is mad at them?
That's my feeling about it. A substantial portion of my earnings comes from coping with a problem that shouldn't exist. (I help small and medium sized businesses cope with spam.) If some development makes the spam problem go away, that will be bad for my business. I knew that when I started working in the business. And I'm not any brighter than the people who went into the anti-malware business.
Overall, I would like to be put out of business by a real end to the spam problem.
I think that you've taken what I said the wrong way. I guess we are all a bit oversensitive to things that creationists might say. Anyway, I'll take the opportunity of clarify my position.
First, I am not for a moment suggesting that the current picture of Neanderthals is wrong. I was talking about one of the early finds. The hunched over image we still see in drawings comes from that. Further Neanderthal finds (and you are right, there are plently) paint a picture of this hominid branch which is distinct from modern humans, but still not like the original image.
Thanks for the reference to the talk origins FAQ (always a good resource). I hadn't been aware until your reaction that creations pretend that the initial correction of Neanderthal posture somehow could be taken to mean Neanderthals aren't distinct from modern humans.
As for your second point, when I said it will take more finds, I was not talking about Neanderthals. As you say, there are plenty of finds. I was talking about the new find.
I keep on forgetting that any normal correction or dispute in these sciences gets blown into ridiculous lies saying that scientists are undermining evolutionary theory. But given that tendency, I should have been more careful in my wording and examples.
And for good measure, color me suspicious that the estimated age is on the same order of magnitude as the estimated error in that measurement.
The article doesn't say how the dating was done, nor whether further analysis should refine the estimate.
Just as a follow-up, the original press release (PDF or HTML gives more detail. Appearently the fossil was found in undatable material that itself occurred above a 500,000 year old layer and below a 250,000 year old layer.
is "the missing link" found every couple of months?
Well, not quite that often, but you are right. Almost all the major finds have been since the publication of The Descent of Man which is when the challenge was first posed. The article itself says that this find joins a handful of others between homo erectus and ourselves. And of course homo erectus is also a "missing" link discovered since The Descent of Man.
This is only one skull. Weigh in the likelihood that it could be just a deformity of something distinctly not a missing link.
You are right. It's happened before. For decades the thinking about Neanderthal was distorted because the first major find turned out to me a severely arthritic and deformed individual. It will take more finds before we can more confidently draw conclusions.
Evolution occurs through generation and elimination of lines. Is there even the slightest evidence that this is not from one of the extinct lines? It's fully possible (and likely) that the species in question doesn't even have modern living descendants.
Again, this has been a mistake that's been made before. (Neanderthals again provide an example). But even if this branch of hominid doesn't turn out to be a direct ancestor, the more we learn about it the better picture of Human evolution we'll have. Also while it has certainly happened that there have been separate hominid species living at the same time, on the whole you don't expect there to be many distinct simultanteous species of something so mobile.
And for good measure, color me suspicious that the estimated age is on the same order of magnitude as the estimated error in that measurement.
The article doesn't say how the dating was done, nor whether further analysis should refine the estimate.
You are exactly right and I hope that your post gets modded up. (My post, however, is redundent because all I'm doing is agreeing with you, and adding some speculation.)
I've just been playing with this, and it is a serious problem. It's sort of like the foo.jpg.exe trick on Windows, but it is worse because in this case the Finder (file browser) can really make the executable look like a JPEG (or whatever).
I also don't see a fix for this won't break functionality seriously. But I'm confident and hopeful that the people at Apple will be able to. I guess that there will have to be tighter restrictions on how metadata can be manipulated.
Sometimes being morally right is more valuable than being legally right.
In a reasonable approximation of democracy, there are three categories of laws
Those you agree with and accept
Those you disagree with and accept
Those which you consider such a violation of right or morality that you refuse to accept them.
Now if the RIAA sucessfully makes the legal case that it seems to be pushing here, you are saying that the law will fall into category (3). If that is so, than you should publically and openly defy the law and challenge the law. But secretly violating the law, just doesn't count as civil disobedience.
If they persuade me or the courts that they are right, then I believe that I've purchased my last CD. Surely they must realize that they are putting an end to the CD business this way, and therefore albums. As they say, we'll all use alternatives to buying CDs.
One possibility, however, is that they want to argue that we don't automatically have the right to make such copies of purchased CDs, but that they will grant us limited rights to do so. Or maybe they just aren't thinking.
Unfortunately you left out the link, so I don't know what "this" is supposed to be. But from your description...
It is a buffer overflow on IE but on Firefox it just completely freezes up the browser/potentially opens tons of windows.
No, it isn't anything like that. I'll find the direct link to the "exploit" (unfortunately and non-coincidentally I've erased my visit history since then) but it's just few links from the FA. So here's the so-called
exploit. It serves up as plain text so it's safe.
The effect makes restarting Firefox very very slow (several minutes). I've just tested on OS X and on SuSE 9.3. Once that is done you can clear history through Prefences. If you don't want to wait, you can remove or manually edit history.dat.
The claim of a buffer overflow is nonsense. I suspect that that claim is a joke. The only thing that makes this mild borking work is a very long document title. In setting that up, the author uses a variable called "buffer" and "buffer2". Just because a JS variable gets named "buffer2" and gets set to something very long doesn't make this a buffer overflow. I like to think that the guy must be joking, instead of actually being that stupid.
But in the end, there is a bug
to be fixed in Firefox
PS: and before anybody replies that you can download the urchin script and see what it does, let me ask if you're willing to monitor it constantly.
Unless the server depends on information gathered by the client retreiving the script, it should be simple enough to make a copy of the JS, take a good careful look at it, and install it in a place under your control. Call your copy of the JS from your pages, and you only need to monitor Google's scripts for updates.
I'm not saying that I'm happy about this whole approach, but I think that this one problem can be worked around.
I quick glance at the script makes it look like it makes heavy use of a cookie. But I'm not sure how it is used. I certainly wouldn't want to give my visitors a cookie that I don't understand.
Slashdot Mirror
The patent applicant/defender is supposed to provide information about anything that could be considered prior art. If Amazon had been lax about that, the same people screaming now would have been complaining that Amazon wasn't thorough in its filing.
It still being March in my timezone, I had to get most of the way through the first page of TFA to catch this.
Exactly. There is no harm in anyone knowing that the wi-fi access point near or at my physical address has such and such BSSID. It doesn't add to any tool set that would allow someone to monitor me or my activity. All it means is that someone passing through my neighborhood can find out where they are by listening for my and other's APs. These are merely just electronic landmarks that have been mapped out. The BSSID of my AP is never passed along the net in such a way that it could be used for tracing some packet back to my location.
The reaction to these should be "neat idea, I wonder if it will work" instead of paranoid hype about privacy.
If anyone can think of a way that some three letter agency could make use of that database to invade anyone's privacy, please spell out the details. The only thing that I can see is for marketers wanting to know the install base for D-link versus Linksys, etc. I suppose that Linksys could find that I'm using a D-link and send mail to my street address encouraging me to switch. But that is the worst I can imagine.
Agreed. There is no excuse for that. And why isn't Hedy Lamar on that list?
While I deplore the growing extent of government snooping, I think that such comparisons with the Soviet Union are misleading. I don't think that anyone who has lived under a communist dictatorship would suggest that the US is in the same league with respect to domestic spying.
When protesting government intrusion in the US, it is very useful to hold up the Soviet Union as an example of what is wrong with lack of protection of privacy. But to suggest that we are already (or even nearly) there makes one look foolish to anyone who's experienced the real thing.
If, however, you want to do any kind of proxying (Squid for example) or run larger services off of the firewall and you have some old spare machine to use than something like IPCop maybe the right way to go.
I like keeping a powerful and flexible firewall (monowall) as a unit by itself. If later, I want to add web proxying, I can always put that on a separate box, and simply set the firewall to only allow web requests from the proxy.
But there are plenty of cases, where I've recommended something like Smoothwall/IPCop.
For all of those who are attracted to participating in SETI@home, there is always YETI@Home which deals with issues closer to, well, home.
However, MS may see some benefit in allowing the rumour to circulate. MS has made no statement, but now there will be some real fear that unlicensed machines will get shutdown. This won't scare many individuals with unlicensed copies, but it will scare businesses that are running lots of machines with unlicensed copies. As long as the rumor seems reasonably credible, they will have to sort out their licenses before doomsday.
I think it's a bluff. But if I were an owner of a business running unlicensed copies of XP, I wouldn't be willing to call that bluff.
If you (or someone) could shed some light on this, that would be very helpful. Then we could be discussing the specific stupidity of the law instead of guessing at which parts make utterly no sense and which parts make some sense, but remain stupid.
Now when they train the dogs to sniff things out based on region code, that will be news.
What is often said about computers applies to cockroaches as well: Don't anthropomorphize them; they hate it when you do that.
As for what to allow users to do, that's changed as well. Years ago the network access was a perk of the job. But that has been cut back over time. When a user's home directory is filled with a Gig of mp3s we have to quota or monitor disk usage.
For one company when setting up spam filters we had a lot of "false positives" in that people had genuinely subscribed to lists with daily horoscopes or the latest buzz from the music scene or for special deals on travel or the like. When faced with such things, it is hard to figure out what the user genuinely subscribed to or not. The boss (correctly in my view) said to treat those neither as "false positives" or as "true positives". That is, I should make no special effort to block those, but if I do block them, that is perfectly OK.
We can and do scan for malware that comes into the mailserver, but unless I set up an IMAP and POP proxy there is little I can do about malware that enters our network through those means. Having most desktops running Linux and absolutely banning Outhouse on the few MS machines helps. But if that were not the option, I'd think that blocking or proxying IMAP/POP is an option worth considering.
The simple fact of the matter is that "default deny" really is security model companies should be moving toward. If it means that network access is no longer the perk it once was, then business will have to find other ways to keep their employees happy.
Overall, I would like to be put out of business by a real end to the spam problem.
First, I am not for a moment suggesting that the current picture of Neanderthals is wrong. I was talking about one of the early finds. The hunched over image we still see in drawings comes from that. Further Neanderthal finds (and you are right, there are plently) paint a picture of this hominid branch which is distinct from modern humans, but still not like the original image.
Thanks for the reference to the talk origins FAQ (always a good resource). I hadn't been aware until your reaction that creations pretend that the initial correction of Neanderthal posture somehow could be taken to mean Neanderthals aren't distinct from modern humans.
As for your second point, when I said it will take more finds, I was not talking about Neanderthals. As you say, there are plenty of finds. I was talking about the new find.
I keep on forgetting that any normal correction or dispute in these sciences gets blown into ridiculous lies saying that scientists are undermining evolutionary theory. But given that tendency, I should have been more careful in my wording and examples.
I've just been playing with this, and it is a serious problem. It's sort of like the foo.jpg.exe trick on Windows, but it is worse because in this case the Finder (file browser) can really make the executable look like a JPEG (or whatever).
I also don't see a fix for this won't break functionality seriously. But I'm confident and hopeful that the people at Apple will be able to. I guess that there will have to be tighter restrictions on how metadata can be manipulated.
In a reasonable approximation of democracy, there are three categories of laws
- Those you agree with and accept
- Those you disagree with and accept
- Those which you consider such a violation of right or morality that you refuse to accept them.
Now if the RIAA sucessfully makes the legal case that it seems to be pushing here, you are saying that the law will fall into category (3). If that is so, than you should publically and openly defy the law and challenge the law. But secretly violating the law, just doesn't count as civil disobedience.One possibility, however, is that they want to argue that we don't automatically have the right to make such copies of purchased CDs, but that they will grant us limited rights to do so. Or maybe they just aren't thinking.
The claim of a buffer overflow is nonsense. I suspect that that claim is a joke. The only thing that makes this mild borking work is a very long document title. In setting that up, the author uses a variable called "buffer" and "buffer2". Just because a JS variable gets named "buffer2" and gets set to something very long doesn't make this a buffer overflow. I like to think that the guy must be joking, instead of actually being that stupid.
But in the end, there is a bug to be fixed in Firefox
Unless the server depends on information gathered by the client retreiving the script, it should be simple enough to make a copy of the JS, take a good careful look at it, and install it in a place under your control. Call your copy of the JS from your pages, and you only need to monitor Google's scripts for updates.
I'm not saying that I'm happy about this whole approach, but I think that this one problem can be worked around.
I quick glance at the script makes it look like it makes heavy use of a cookie. But I'm not sure how it is used. I certainly wouldn't want to give my visitors a cookie that I don't understand.