Most people are not in situations where they have the ability to pick their Internet provider.
I know the situation is a lot worse in the US than it is here in the EU when it comes to choosing providers, but I still doubt that it's "most". Sure, in rural areas there might be very limited choice, perhaps in some urban centres too, but the majority of people in the first world live in urban or at least semi-urban areas where there is more likely be be a choice than not. If so, then as far as this issue is concerned it doesn't really matter that some people have no choice of provider as long as a large enough percentage of those customers that do have a choice move to another provider then it's going to have an impact on the bottom line.
It's actually even worse than that in some cases. Amongst other things, I manage a Linux based DP cluster used for data processing as part of the production process of semi-conductors. Needless to say, requirements and specifications are both extremely high and extremely strict; we can run our main application on Solaris on Sparc (no x86), and maybe half a dozen specific release/architecture combinations of Red Hat and Suse. Go off piste, and not only do you get zero support, but you are also not going to get the necessary qualification from potential customers either. No qualification, no business, no job, it's as simple as that.
In serious production environments you are hardly going to need to install a new release of some arbitrary application on a frequent basis anyway, let alone any applications that go through point releases every few days. Well, maybe if you are running a test environment for the next release of your major application, but even then corporate applications tend to evolve slowly. RPM might not be as proficient as APT, but it's plenty good enough for environments that at most only going to require a few specific applications be installed that are not part of any disto, and should be in "/opt" or "/usr/local" anyway.
Actually, you've probably got that slightly wrong. It's not so much "who their customers are" as "who their customers *were*". All Amazon, Google, Yahoo! et al need to do is agree not to cave in to the telcos demands for more money (they *are* presumably paying for their own connectivity, yes?) and sit it out - Google has pretty much stated they are going to do this anyway. After a while, once the word gets out and customers start to leave for alterative "single tier Internet" providers, the telcos will either have to quietly drop their demands and rate limits or suffer the inevitable stockholder backlash when their profits start to slide.
I've not looked at it in any great depth recently, but Zimbra is aiming to be what you are looking for and is now up to v3.0 so should be fairly mature. Zimbra's webclient is AJAX based rather than ActiveX, so unlike Exchange's Outlook Web Access even non-Microsoft browsers get all the pretty bells and whistles in the interface. You also have a much broader range of stand-alone clients to choose from without loosing much, if any, of Exchange's level of functionality.
If you stick with Exchange on the backend and just want to replace Outlook then Evolution is probably your best (if not only) choice as it implements most of Outlook's functionality. It also support other mail client standards like IMAP and POP3 of course, so will seamlessly integrate with any almost other backend mail server too. Packages for UNIX are readily available and the Windows port is also stable, and although there isn't a pre-rolled installation package just yet, that can't be too far off.
I predicted this in the last Slashdot thread on the Microsoft-Eolas, and it's pretty much come true already if the acticle is accurate. Sure, IE users have a "choice" to knowingly not patch IE, and developers have a "choice" to not recode, but it's as real as UK.gov's "optional" ID card plans that are (or will be come 2010) tied to getting a passport. As stated in the article, Microsoft has tied the functionality switch in with an update that fixes remote exploits in the browser so you have a choice of either having to face up to the new ActiveX methodology or the potential of being rooted whenever you visit a website. If Microsoft is serious about this, which they appear to be, then all that they need do is make all future Windows/Office/whatever patches dependent upon this patch being installed. Some choice, huh?
That's not going to impact too many commercial sites since most only use ActiveX for advertising, much of which is probably being blocked by pop-up blockers and the like anyway. Where it is going to have a much larger impact is on all of those internal web enabled applications companies have deployed internally, often with the entire core legacy codebase simply wrapped up in an ActiveX control. It's going to be a rough few months out there in SMEs with homebrewed apps that use ActiveX controls and a large amount of webpage interaction. I'll bet many of them are not even aware of this issue yet, and their developers are going to have a mad scramble to fix code that they may not even have originally written. Hopefully some of them are going to be bitten so badly they see the light and stop coding things in such a browser specific manner in future, but somehow I doubt it.
Also, I note that there is no mention as yet (there is another story on the way) of the highly critical security flaw found in Sendmail which also had a proven potential for remote and local exploitation and arbitrary command execution. Actually this is potentially quite interesting; with remotely exploitable problems with both IE and Sendmail announced at almost the same time, I wonder which one we are going to see exploited by the blackhats first? Admittedly there are already updated packages for most Linux distros and commerical UNIX versions, plus a new release of the software (no offical Sun patch for Solaris yet though) which is going to tip the results a little, but still...
Extend the hosts file metaphor
on
Organizing Your DNS?
·
· Score: 2, Interesting
You don't say how many domains you are dealing with, but unless it's something obscene then getting all your zones to include one "gold" server on their NS list is a good start. The zone files themselves then provide all the IP information you might need on the hosts, especially if you also include HINFO or TXT records for your hosts. Ideally this would be the SOA for all the domains, and not used for anything other than acting as authoritive DNS for secondaries that would handle the actual queries although if you are delegating administration on subdomains that might not be practical. Note that on BIND (and presumably other DNS servers), your listed "authoritive" DNS servers, including the SOA if you wish, can actually be slaves to a "hidden" server or servers that only they can query, which can be very useful in designing a management structure.
Depending on how many people are updating the zones, what kind of security you need on that, and how many zones you actually have then start looking at GUI/web based frontends and database backends. Personally, I'd try and assign a few designated hostmasters to administer all DNS changes centrally, but if that meets objection and you don't have or can't get enough weight to overrule it it's not a major problem. There are plenty of quite decent web based GUIs out there to interface with the zone files directly or things like SQL and LDAP based backends, pretty much all of the better ones allow you to apply access control somewhere in the implementatation. If you are considering a database based backend though, be very careful about your selection and implementation if there are any dynamic zones (especially Active Directory, since you mention Windows) in the mix!
HBHG didn't invent 'The Priory'. It 'actually' existed, or was invented about 100 years ago by the non-fictional priest who 'discovered' all this.
Actually, maybe not. Yes, the idea of The Priory existed before HBHG, but the Tony Robinson thing cast a lot of doubt on it's validity and timespan. IIRC TR's take was that the initial hoax about The Priory first surfaced in France during the 60s or 70s with the supposed insider deciding to reveal all. Like all good hoaxes, all the referenced information looked good at first glance, but started to fall apart under more intense scrutiny. It's this insider from the 60s/70s that later went on to be heavily involved in HBHG, so either the authors of HBHG were themselves suckered or were knowingly trying to perpetuate the hoax in order to cash in. Given their latest antics, I'm leaning strongly towards the latter with Dan Brown being the one who was actually taken in by the hoax, albeit to a rather profitable conclusion.
What it looks like is that Dan Brown has essentially written a story set in a world someone else invented. I pretty sure that's a no-no.
No, he's written a story set in the real world based around somebody else's supposedly factual theory, with several additional bits thrown in to flesh things out. As to Dan Brown (or his publisher's response) as far as I am aware, they haven't said anything yet, but they seem to have a lot of leeway. End of the world? They don't need to go that far; as far as I am aware they've appropriated a so called theory (Jesus & Mary Magdalene), and an organisation ("The Priory of Scion") - hardly the kind of rip that National Lampoon et al have been setting a nice precedent on for decades, is it? Well, actually, the use of "The Priory of Scion" seems like it might be a problem to me; there would be nothing problematic with someone authoring a story about a kid going to a magical university (other than the cries of *ripoff*), but call that kid "Harry Potter" and the university "Hogwarts" and things get sticky, or to paraphrase Dragnet: "The names have been changed to prevent legal action..."
IANAL, but I think the best bet would be that they will claim Dan took the HBHG's claim to be a factual theory as read, thus unprotectable by copyright other than as a complete text, and used them in good faith. They have a pretty good case here, since he pretty much stated as much at the start of the book, and should also provide some cover if HBHG suddenly becomes fiction after all. Something I think probable having seen an exposé on the two books by Tony Robinson (yes, Baldric from Blackaddder - he's now a popular TV archaelogist in the UK). That's possibly not a problem either, since IIRC from the exposé The Priory predated HBHG by some years and smacks of being one of those big media scams like "The Hitler Diaries", although that one of the sources (authors?) of HBHG was alledgedly a member of the same Priory of Scion might make things more complex.
[ PS, re. my earlier post: Yeah, Yeah. "anagram" - "HBHG" is the acronym. I'm short of sleep and high on caffeine. Sue me.;) ]
"Teabing" is also an acronym of "Baigent", the surname of the co-author of HBHG. I think that makes it pretty clear that Dan Brown wasn't trying to pretend that he had come up with an original idea about Jesus and Mary Magdalene and was giving them a nod. Frankly, this smacks of someone trying to cash in on Dan Brown's success, but even so, it's going to be interesting trying to watch a judge try and place a line in the sand about how much of an idea can be borrowed without infringing on copyright should the case actually make it to trial. I actually think that is fairly likely because it would be idiotic to settle on this given that HBHG was supposed to be a factual theory, admittedly based on some very sketchy "evidence", and not outright fiction. Never mind that the extremely broad claims of the infringement would open up just about any publisher of a work of fiction published in the UK to be sued on the same grounds; truly original fiction is an *extremely* rare thing.
It certainly implies to the man on the street that they can be bought by Crackberry addicted CEOs and similiar people with enough influence to apply pressure, be it political, financial or something else. Just when you thought that the USPTO could not be more of a laughing stock, they go and pull a stunt like this. If they had any sense, they would have let the courts decide the outcome and place the responsibility for any service disruptions or invalidated patents on the legal system.
Still, look on the bright side, this has hopefully made a lot of very influencial people realise that stupid patents, be they on software, business processes or anything else have far more potential for harm than good. Maybe once the USPTO has finished wiping the egg off it's face they will realise this too and be a little bit more careful about just how much latitude they give patent applicants in future. It's highly unlikely to make the problem go away of course, there are now far to many companies in the US operating purely on the basis of an "IP Portfolio" for that, but at this point anything that might apply some brakes to the process is to be welcomed.
You think that you will have much of a choice? Since Microsoft's patch mechanism supports pre-requisites so that one patch can require another, what's the bet that all future Office patches will require that the patent compliance patch be installed first? That leaves you the rhetorical question of which is going to provide the lesser pain to a PC with Office installed; leaving a feature you possibly never used anyway in place, or being vulnerable to the latest exploit. Good luck if you are opting for the latter, that's all I can say.
My guess is that Microsoft will throw its customers a bone by making the patch optional for a month or two and then start requiring it for all subsequent Office patches. Come the first serious exploit after that, and you'd better not be reliant on the Access-Excel data connectivity that's being removed unless you are really sure of your anti-virus and other network security systems.
What is really annoying is that LURQH are keeping the infection list secret
Are you sure? ISC has been sending out notifications about "Blackworm" (Nyxem) infected PCs for a few days, so the list is definitely available to to the security community. It would be fairly logical that Spamhaus' XBL list and other similar DNSBLs of compromised PCs would be able to acquire a copy of list as well, although they might be better with a sanitised version with hosts known to have been cleansed as a result of the ISC mailings being removed.
That's kind of what I was thinking too, what with the reported increase in on-line extortion of the "pay us money or suffer a DDoS" type and all. You could mass mail some destructive worm like Nyxem, see which IPs phoned home to report an infection, and if see evidence of a signicant outbreak in a big network offer to disable the thing via it's control channel for a "small" fee. It's getting a little close to the wire for effective blackmail based around Nyxem though, unless such attempts have not been made public of course...
I have to admit I've been kind of hoping for something like Nyxem that wipes out data would come along for a while now. After all the mainstream media coverage of such worms and trojans, all of which have preached the "don't click on the attachment" line, there is simply no excuse for this kind of thing. Sure, there's not a lot that the less IT aware members of the population are going to be able to do about a 0-day exploit like the recent GDI vulnerability, but a mass-mailing and P2P worm? It's harsh, but I think that losing all their documents is the only way that the IT security message is going to reach some people, and if that wakes them up to more involved stuff as well, then so much the better.
4. Have your users upload their images to your server, only supporting format(s) that can be verified as being what they claim and cannot directly execute scripts like WMF files can (GIF, JPEG,...). Politely refuse to accept images that are *not* what they claim; Joe might have saved a GIF document with a.JPG extension by mistake after all.
Now that does not preclude there being some means of exploiting the relevent image handler on the web browser's PC to execute code embedded in the file, and indeed there is no protection against this. In that eventuality however you can at least disable the upload of new images and scan the ones you already have as soon as the tools to do so become available, moving anything suspicious out of the live environment for further analysis. You've shown as much due diligence as could reasonably be expected, probably more that most others in your situation, and ultimately the root cause of the problem is completely out of your hands in the hands of the broken graphics viewer being used by the web browser.
My cousin is a qualified pilot on several of the bigger passenger jets and yes, it is entirely possible for a crew to do nothing but board the plane, taxi to the runway and then let the autopilot handle the entire flight, including the takeoff and landing. The normal mode of operation however is to clear the airport on manual, activate the autopilot until in the approach at the destination and then make a judgement call about letting the autopilot land the plane at the destination based on the conditions at hand. There are also exceptions about if one or more of the autopilots malfunctions (there are apparently three on the bigger jets, I'm not sure about the smaller ones). Technically one functional autopilot is enough to handle the entire flight, but the regulations of my cousin's employer prohibit non-manual landings with just one faulty autopilot, and with two faulty units all flight operations must be fully on manual. They do however have to complete a mandatory amount of manual take-offs, landings and flight hours each year to remain qualified, in addition to the numerous medical, physical and flight examinations you would expect. Other airlines do vary their individual guidelines and proceedures of course, but not by too much.
I am absolutely certain there is a special ring of hell reserved for these RIAA goons and their SCO-like tactics.
I hope so, because if they get their way then that will be the only way future listeners of Queen's "Bohemian Rhapsody" will have of finding out whether Bealzebub really does have a devil for a sideboard...
There is also another way which might be easier depending on your setup. As you say, the root kitphones home, and that means it has to perform a DNS lookup of the domain. In order to see which, if any, of your hosts have the Sony rootkit installed you could also enable query logging on your DNS server and see which hosts are doing that. Better still, you could also create a dummy zonefile for the zone and redirect the requests to/dev/null while you are at it - I've got a whole list of zones (mostly banner ad companies)/dev/nulled this way, and best of all they can all use the same zone file with BIND. Create an entries in named.conf like this:
zone "spammers.com" in { type master; file "devnull.master"; };
zone "phishers.net" in { type master; file "devnull.master"; };
Then create a zonefile "devnull.master" with records like this:
* IN A 127.0.0.1
@ IN MX 5 127.0.0.1
and none of your users will see any web traffic or be able to "unsubscribe" from them ever again...
How can DRM be set back when it's never got off the ground in the first place? As far as I am aware there is yet to be a single form of DRM that has even come close to forcing the use of recording of the output signal(s) in order to make a copy of a digital media file. Even Gartner is apparently now saying that DRM is a waste of time and predicting that the studios will abandon the idea in favour of enforced DRM controls in the hardware. Personally, I doubt that is going to work out any better given the totally ineffective DVD region coding scheme, but there does seem to be a sharp increase in lobbying going on, so maybe Gartner is on the right track.
So, even if it is also possible to generate collisions for DSA and GPG keys as well as SHA1 and MD5, the chances of being able to generate a collision for all four checksums/signatures at the same time is quite likely infinitesimally small. And that's just for a random file, things are going to get much more complex if you want that random file to can pass as whatever format the original was supposed to be and actually deliver a payload that might do something useful for the cracker.
They are still being weasels...
on
Bad Day To Be Sony
·
· Score: 3, Interesting
When the say "remove the rootkit CDs from the shelves" they mean just that; "rootkit CDs" specifically meaning those with "XCP-Aurora" installed and not with any other kind of DRM they are currently shipping. I wouldn't be at all surprised if they are even going to extend that to the specific version of "XCP-Aurora" people are complaining about on those CDs already known to contain it.
What a shame that Scott Adams' "Weasel Awards" for 2005 have already been awarded. There's always 2006 I suppose, but this will probably have been long since done and dusted by then... unless it's still churning though legal systems in the US and elsewhere of course.
Not necessarily. That assumes they are using a standard client in the manner that a downloader would be doing. Even without resorting to custom software and hacking into trackers without permission it's perfectly possible to get detailed statistics on the traffic on a Torrent - using a suitably configured install of Azureus for instance. Since there are now several companies that specialise in monitoring P2P networks for the studios the likelihood of there being software that can connect to a tracker and its clients to determine exactly what each one is doing without uploading or downloading anything is almost a certainty. Somehow, I don't think that defense argument would fly very far...
Unlikely. They are suing this guy for $600,000 dollars for 4 movies at best, 1 movie at worst. That means each copy of a movie is worth $150,000./me checks the price of the last DVD I bought... nope, I'm not bankrupt yet.
They are not suing him for downloading the movie, they are suing him because others were alledgedly downloading the movie from him, plus that $600,000 probably also includes a certain amount of "administrative overhead". The MPAA will need to pay the salaries of those who monitor the P2P networks, serve up the lawsuits and subpoena the ISPs for them, none of which are going to work for peanuts. I'm not sure whether it's permissable in a civil suit, but if so they are probably going to be asking for punitive damages to be applied on top of everything else as well.
But even so that figure is definitely out of touch with any realistic amount of damages the studios may have suffered here. It's a home connection they are talking about, so if we assume a generous (for the the UK anyway) average 2Mb/s upload speed and an average movie size of ~1GB that gives an upload rate of about a dozen movies a day, flat out. So unless the MPAA thinks this guy has been uploading for an awfully long time, then they are paying their enforcement staff pretty good salaries for what they do and/or their stated damages are not exactly in line with reality.
I think it's pretty obvious where the MPAA is getting its figures from myself. By their own admission the MPAA and similar bodies are monitoring the P2P networks and the associated support infrastructure, so it's quite likely they have a pretty good idea how many copies of a given film or whatever are being downloaded. In the case of a movie, I'd assume that they assume that each download equates to the lost revenue they would otherwise have got from a theatre ticket, rental or media sale and multiply out accordingly.
Obviously they want the largest figure possible to get the politicians in a spin ("OMG! We're not getting the tax on $5.4b!"), so factoring in relative prices of the media in different markets is probably fudged, and a cant towards the more profitable of the three options is quite likely. The mere possibility of the fourth option, that someone will have downloaded the file just because it didn't cost them anything and wouldn't otherwise have seen it the film before it hit the TV screen, if at all, almost certainly isn't going to be a factor of course.
Slashdot Mirror
I know the situation is a lot worse in the US than it is here in the EU when it comes to choosing providers, but I still doubt that it's "most". Sure, in rural areas there might be very limited choice, perhaps in some urban centres too, but the majority of people in the first world live in urban or at least semi-urban areas where there is more likely be be a choice than not. If so, then as far as this issue is concerned it doesn't really matter that some people have no choice of provider as long as a large enough percentage of those customers that do have a choice move to another provider then it's going to have an impact on the bottom line.
In serious production environments you are hardly going to need to install a new release of some arbitrary application on a frequent basis anyway, let alone any applications that go through point releases every few days. Well, maybe if you are running a test environment for the next release of your major application, but even then corporate applications tend to evolve slowly. RPM might not be as proficient as APT, but it's plenty good enough for environments that at most only going to require a few specific applications be installed that are not part of any disto, and should be in "/opt" or "/usr/local" anyway.
Actually, you've probably got that slightly wrong. It's not so much "who their customers are" as "who their customers *were*". All Amazon, Google, Yahoo! et al need to do is agree not to cave in to the telcos demands for more money (they *are* presumably paying for their own connectivity, yes?) and sit it out - Google has pretty much stated they are going to do this anyway. After a while, once the word gets out and customers start to leave for alterative "single tier Internet" providers, the telcos will either have to quietly drop their demands and rate limits or suffer the inevitable stockholder backlash when their profits start to slide.
If you stick with Exchange on the backend and just want to replace Outlook then Evolution is probably your best (if not only) choice as it implements most of Outlook's functionality. It also support other mail client standards like IMAP and POP3 of course, so will seamlessly integrate with any almost other backend mail server too. Packages for UNIX are readily available and the Windows port is also stable, and although there isn't a pre-rolled installation package just yet, that can't be too far off.
That's not going to impact too many commercial sites since most only use ActiveX for advertising, much of which is probably being blocked by pop-up blockers and the like anyway. Where it is going to have a much larger impact is on all of those internal web enabled applications companies have deployed internally, often with the entire core legacy codebase simply wrapped up in an ActiveX control. It's going to be a rough few months out there in SMEs with homebrewed apps that use ActiveX controls and a large amount of webpage interaction. I'll bet many of them are not even aware of this issue yet, and their developers are going to have a mad scramble to fix code that they may not even have originally written. Hopefully some of them are going to be bitten so badly they see the light and stop coding things in such a browser specific manner in future, but somehow I doubt it.
Let me guess; in the end it was a close shave and the tortoise only won by a whisker? ;)
Also, I note that there is no mention as yet (there is another story on the way) of the highly critical security flaw found in Sendmail which also had a proven potential for remote and local exploitation and arbitrary command execution. Actually this is potentially quite interesting; with remotely exploitable problems with both IE and Sendmail announced at almost the same time, I wonder which one we are going to see exploited by the blackhats first? Admittedly there are already updated packages for most Linux distros and commerical UNIX versions, plus a new release of the software (no offical Sun patch for Solaris yet though) which is going to tip the results a little, but still...
Depending on how many people are updating the zones, what kind of security you need on that, and how many zones you actually have then start looking at GUI/web based frontends and database backends. Personally, I'd try and assign a few designated hostmasters to administer all DNS changes centrally, but if that meets objection and you don't have or can't get enough weight to overrule it it's not a major problem. There are plenty of quite decent web based GUIs out there to interface with the zone files directly or things like SQL and LDAP based backends, pretty much all of the better ones allow you to apply access control somewhere in the implementatation. If you are considering a database based backend though, be very careful about your selection and implementation if there are any dynamic zones (especially Active Directory, since you mention Windows) in the mix!
Actually, maybe not. Yes, the idea of The Priory existed before HBHG, but the Tony Robinson thing cast a lot of doubt on it's validity and timespan. IIRC TR's take was that the initial hoax about The Priory first surfaced in France during the 60s or 70s with the supposed insider deciding to reveal all. Like all good hoaxes, all the referenced information looked good at first glance, but started to fall apart under more intense scrutiny. It's this insider from the 60s/70s that later went on to be heavily involved in HBHG, so either the authors of HBHG were themselves suckered or were knowingly trying to perpetuate the hoax in order to cash in. Given their latest antics, I'm leaning strongly towards the latter with Dan Brown being the one who was actually taken in by the hoax, albeit to a rather profitable conclusion.
No, he's written a story set in the real world based around somebody else's supposedly factual theory, with several additional bits thrown in to flesh things out. As to Dan Brown (or his publisher's response) as far as I am aware, they haven't said anything yet, but they seem to have a lot of leeway. End of the world? They don't need to go that far; as far as I am aware they've appropriated a so called theory (Jesus & Mary Magdalene), and an organisation ("The Priory of Scion") - hardly the kind of rip that National Lampoon et al have been setting a nice precedent on for decades, is it? Well, actually, the use of "The Priory of Scion" seems like it might be a problem to me; there would be nothing problematic with someone authoring a story about a kid going to a magical university (other than the cries of *ripoff*), but call that kid "Harry Potter" and the university "Hogwarts" and things get sticky, or to paraphrase Dragnet: "The names have been changed to prevent legal action..."
IANAL, but I think the best bet would be that they will claim Dan took the HBHG's claim to be a factual theory as read, thus unprotectable by copyright other than as a complete text, and used them in good faith. They have a pretty good case here, since he pretty much stated as much at the start of the book, and should also provide some cover if HBHG suddenly becomes fiction after all. Something I think probable having seen an exposé on the two books by Tony Robinson (yes, Baldric from Blackaddder - he's now a popular TV archaelogist in the UK). That's possibly not a problem either, since IIRC from the exposé The Priory predated HBHG by some years and smacks of being one of those big media scams like "The Hitler Diaries", although that one of the sources (authors?) of HBHG was alledgedly a member of the same Priory of Scion might make things more complex.
[ PS, re. my earlier post: Yeah, Yeah. "anagram" - "HBHG" is the acronym. I'm short of sleep and high on caffeine. Sue me. ;) ]
"Teabing" is also an acronym of "Baigent", the surname of the co-author of HBHG. I think that makes it pretty clear that Dan Brown wasn't trying to pretend that he had come up with an original idea about Jesus and Mary Magdalene and was giving them a nod. Frankly, this smacks of someone trying to cash in on Dan Brown's success, but even so, it's going to be interesting trying to watch a judge try and place a line in the sand about how much of an idea can be borrowed without infringing on copyright should the case actually make it to trial. I actually think that is fairly likely because it would be idiotic to settle on this given that HBHG was supposed to be a factual theory, admittedly based on some very sketchy "evidence", and not outright fiction. Never mind that the extremely broad claims of the infringement would open up just about any publisher of a work of fiction published in the UK to be sued on the same grounds; truly original fiction is an *extremely* rare thing.
Still, look on the bright side, this has hopefully made a lot of very influencial people realise that stupid patents, be they on software, business processes or anything else have far more potential for harm than good. Maybe once the USPTO has finished wiping the egg off it's face they will realise this too and be a little bit more careful about just how much latitude they give patent applicants in future. It's highly unlikely to make the problem go away of course, there are now far to many companies in the US operating purely on the basis of an "IP Portfolio" for that, but at this point anything that might apply some brakes to the process is to be welcomed.
My guess is that Microsoft will throw its customers a bone by making the patch optional for a month or two and then start requiring it for all subsequent Office patches. Come the first serious exploit after that, and you'd better not be reliant on the Access-Excel data connectivity that's being removed unless you are really sure of your anti-virus and other network security systems.
Are you sure? ISC has been sending out notifications about "Blackworm" (Nyxem) infected PCs for a few days, so the list is definitely available to to the security community. It would be fairly logical that Spamhaus' XBL list and other similar DNSBLs of compromised PCs would be able to acquire a copy of list as well, although they might be better with a sanitised version with hosts known to have been cleansed as a result of the ISC mailings being removed.
I have to admit I've been kind of hoping for something like Nyxem that wipes out data would come along for a while now. After all the mainstream media coverage of such worms and trojans, all of which have preached the "don't click on the attachment" line, there is simply no excuse for this kind of thing. Sure, there's not a lot that the less IT aware members of the population are going to be able to do about a 0-day exploit like the recent GDI vulnerability, but a mass-mailing and P2P worm? It's harsh, but I think that losing all their documents is the only way that the IT security message is going to reach some people, and if that wakes them up to more involved stuff as well, then so much the better.
4. Have your users upload their images to your server, only supporting format(s) that can be verified as being what they claim and cannot directly execute scripts like WMF files can (GIF, JPEG, ...). Politely refuse to accept images that are *not* what they claim; Joe might have saved a GIF document with a .JPG extension by mistake after all.
Now that does not preclude there being some means of exploiting the relevent image handler on the web browser's PC to execute code embedded in the file, and indeed there is no protection against this. In that eventuality however you can at least disable the upload of new images and scan the ones you already have as soon as the tools to do so become available, moving anything suspicious out of the live environment for further analysis. You've shown as much due diligence as could reasonably be expected, probably more that most others in your situation, and ultimately the root cause of the problem is completely out of your hands in the hands of the broken graphics viewer being used by the web browser.
My cousin is a qualified pilot on several of the bigger passenger jets and yes, it is entirely possible for a crew to do nothing but board the plane, taxi to the runway and then let the autopilot handle the entire flight, including the takeoff and landing. The normal mode of operation however is to clear the airport on manual, activate the autopilot until in the approach at the destination and then make a judgement call about letting the autopilot land the plane at the destination based on the conditions at hand. There are also exceptions about if one or more of the autopilots malfunctions (there are apparently three on the bigger jets, I'm not sure about the smaller ones). Technically one functional autopilot is enough to handle the entire flight, but the regulations of my cousin's employer prohibit non-manual landings with just one faulty autopilot, and with two faulty units all flight operations must be fully on manual. They do however have to complete a mandatory amount of manual take-offs, landings and flight hours each year to remain qualified, in addition to the numerous medical, physical and flight examinations you would expect. Other airlines do vary their individual guidelines and proceedures of course, but not by too much.
I hope so, because if they get their way then that will be the only way future listeners of Queen's "Bohemian Rhapsody" will have of finding out whether Bealzebub really does have a devil for a sideboard...
zone "spammers.com" in { type master; file "devnull.master"; };
zone "phishers.net" in { type master; file "devnull.master"; };
Then create a zonefile "devnull.master" with records like this:
* IN A 127.0.0.1
@ IN MX 5 127.0.0.1
and none of your users will see any web traffic or be able to "unsubscribe" from them ever again...
How can DRM be set back when it's never got off the ground in the first place? As far as I am aware there is yet to be a single form of DRM that has even come close to forcing the use of recording of the output signal(s) in order to make a copy of a digital media file. Even Gartner is apparently now saying that DRM is a waste of time and predicting that the studios will abandon the idea in favour of enforced DRM controls in the hardware. Personally, I doubt that is going to work out any better given the totally ineffective DVD region coding scheme, but there does seem to be a sharp increase in lobbying going on, so maybe Gartner is on the right track.
$ rpm --checksig lynx-2.8.5-23.2.x86_64.rpm
lynx-2.8.5-23.2.x86_64.rpm: (sha1) dsa sha1 md5 gpg OK
$
So, even if it is also possible to generate collisions for DSA and GPG keys as well as SHA1 and MD5, the chances of being able to generate a collision for all four checksums/signatures at the same time is quite likely infinitesimally small. And that's just for a random file, things are going to get much more complex if you want that random file to can pass as whatever format the original was supposed to be and actually deliver a payload that might do something useful for the cracker.
What a shame that Scott Adams' "Weasel Awards" for 2005 have already been awarded. There's always 2006 I suppose, but this will probably have been long since done and dusted by then... unless it's still churning though legal systems in the US and elsewhere of course.
Not necessarily. That assumes they are using a standard client in the manner that a downloader would be doing. Even without resorting to custom software and hacking into trackers without permission it's perfectly possible to get detailed statistics on the traffic on a Torrent - using a suitably configured install of Azureus for instance. Since there are now several companies that specialise in monitoring P2P networks for the studios the likelihood of there being software that can connect to a tracker and its clients to determine exactly what each one is doing without uploading or downloading anything is almost a certainty. Somehow, I don't think that defense argument would fly very far...
They are not suing him for downloading the movie, they are suing him because others were alledgedly downloading the movie from him, plus that $600,000 probably also includes a certain amount of "administrative overhead". The MPAA will need to pay the salaries of those who monitor the P2P networks, serve up the lawsuits and subpoena the ISPs for them, none of which are going to work for peanuts. I'm not sure whether it's permissable in a civil suit, but if so they are probably going to be asking for punitive damages to be applied on top of everything else as well.
But even so that figure is definitely out of touch with any realistic amount of damages the studios may have suffered here. It's a home connection they are talking about, so if we assume a generous (for the the UK anyway) average 2Mb/s upload speed and an average movie size of ~1GB that gives an upload rate of about a dozen movies a day, flat out. So unless the MPAA thinks this guy has been uploading for an awfully long time, then they are paying their enforcement staff pretty good salaries for what they do and/or their stated damages are not exactly in line with reality.
Obviously they want the largest figure possible to get the politicians in a spin ("OMG! We're not getting the tax on $5.4b!"), so factoring in relative prices of the media in different markets is probably fudged, and a cant towards the more profitable of the three options is quite likely. The mere possibility of the fourth option, that someone will have downloaded the file just because it didn't cost them anything and wouldn't otherwise have seen it the film before it hit the TV screen, if at all, almost certainly isn't going to be a factor of course.