Hey, if you were writing up this story, you'd probabally be typing as fast as possible while muttering things like "holy shit!" and "oh, yes!" under your breath. Typo's happen.
There will probabally be even more typos in the frantic minutes being taken this morning in the US as the studio execs try to work out how the *hell* they are supposed to spin this. Have a NICE day suckers - what goes around comes around!
And SCO's going to deliver all this in what, a freight train? Maybe IBM's discovered SCO uses HP printers and is trying to drive them into bancruptcy through the sheer cost of non-refillable toner cartridges.;)
I bet the IBM lawyers were laughing their collective asses off while they compiled *that* list... "Ooh, Ooh, I've got a good one! Let's ask for any documents that mention the GPL! Bwaaahaahaahaa!". I love the way the points about "any documents relating to Microsoft" and "sales of stock" that slipped in there too. Now where do you suppose *that's* going?;)
Technically, if ESR knew the identity of the perpetrator and was issued a subpeona, then he'd be guilty of aiding and abetting at the very least if he refused to reveal the perp's ID. You can bet that SCO has taken this to the authorities, especially since it was all so public and there was no way SCO could hide the fact. So, given that ESR has quite likely been contacted by the authorites, why is Darl able to make a claim that ESR is obstructing justice by withholding the name?
The simple answer is here. ESR doesn't know the identity of the DDoSer, having only dealt with a cut-out, only that (s)he is "an experienced Internet engineer". I find it incredibly crass of Darl to intimate that someone of ESR's standing in the community is obstructing the course of justice like that, and wonder if ESR might have some grounds for a libel case.
Both of Richard Morgan's books ("Altered Carbon" and "Broken Angels") back to back, and am eagerly awaiting the third. They don't involve spaceships, per se, but do have an interesting take on interstellar travel and what is shaping up to be an interesting, if violent, universe. Look him up.
Actually, look up several authors and try their works. Here's what I do every several months that led me to Richard Morgan:
Go to Amazon.
Search for a book / author I really like.
Skip past the details and look at the "People who also bought this..." section.
List the authors and titles on a piece of paper (or equivalent).
Repeat steps 2-4 several times.
Investigate the results that generate repeat hits more closely. I usually buy then, but you might prefer the library.
Profit!!!! (intellectually, anyway)
So far, I've found several new authors in a variery of genres like this, sure there has been a few books I've not got into, but the successes far outweigh those. If Amazon have a patent on this idea; then they deserve this one in my opinion, because it really does work.
I don't think it's that SciFi is dying, it's more that we are in a kind of generation gap. The old guard is passing away, and the new generation is still building up momentum, but there is a *lot* of good stuff out there if you look.
That's roughly 6,000 to 11,000 elephants. Or would you prefer it in something more sensible like the "15 to 28 miles" (24 to 45 km) mentioned in the article?
we will need to further reduce operating expenses in order to maintain profitability or generate positive cash flow.
So, if I read this right, if no one pays any license extortion money to SCO then they will have to cut costs to remain in the black. One might suggest they start by dismissing their over-priced lawyers, dismissing their frivolous lawsuits, and trying to kick the collective crack habit they seem to have developed.
Then again, they are well on their way to becoming the poster child to show that taking drugs leads to criminal behaviour. I wonder if they could claim royalties on all the eventual "Don't do drugs or you'll turn into SCO" posters in schools and police stations...;)
You must have some hefty expectations then, because KLite is telling me right now that there are "3,914,228 users online | 788,202,332 files (5,910,272 GB)" being shared. That hardly seems anywhere near "useless" to me, and I doubt it's going to get that way for a while either.
Remember, many of the people on there are not "technically" inclined; they are just average Janes and Joes who found out about Kazaa by word of mouth/email from friends when Napster went under. Until Kazaa's successor is known to the average man in the street Kazaa is probably going to remain king.
Given that most devices on the market today come with firewalling included by default, you might as well use it! There's nothing to stop you putting a Linux/BSD based firewall behind it if you wanted too, and of course, you *do* have a personal firewall on each of the Internet connected PCs, right?
I have a routed block at home, and my basic setup is to use the embedded firewall (it's BSD running IPF as far as I can tell) to perform basic ingress/egress firewalling, DoS and portscan detection etc. and provide an Internet synched NTP server. All the firewall rule violations get sent back to a Linux box via SysLog and I also monitor network devices via SNMP. *All* my internal kit is restricted access by a local firewall; IPTables on the Linux boxes and Agnitum's excellent Outpost Pro on the Windows boxes. On top of all that, I have a slew of other stuff; TCPWrappers, a NAT'd wireless network locked down by MAC address, my switch is also locked to MACs and there is a small battery of IDS stuff running.
That's the setup. How does it work? Very well it turns out; here are the stats for Friday:
IP sessions blocked by gateway firewall: 4072
IP sessions blocked by local firewalls: 0 (that's zero!)
Probes of FTP server: 1
Probes of HTTP server: 16 (looks like Nimda's nearly dead)
Probes of SMTP server: 0 (that's suprising!)
Probes of SSH server: 0 (ditto)
So, yes, it does look like these things are very effective, if you set them up properly of course!
Yeah, but as I mentioned in an earlier post, *all* filesystems are databases of some type, it's just a matter of context. Generally, when someone says a "database filesystem" today, what they actually mean is "a relational database driven, virtual filesystem providing an infinite variety of views onto a soup of metadata". I think I prefer the former and leaving the rest up to inference, but I'm sure that when these new products finally ship the marketroids are going to think otherwise.
I do deserve my wrists slapping though... I'd completely forgotten about BeOS! For shame!
However, I do suspect that any robust interface would take a look at the tags, and if they are empty attempt to parse the filename.
Actually, I was just thinking about this problem, and you know what would make a *really* easy solution and is readily available already? P2P! Think about it; a new file arrives on the system by whatever means, so the file system has zero idea about it's nature beyond what's available from the file. We probably know the type of file from its header, extension or whatever other "file" command type trick was required. We also know its size, any tag type information that may be present, the filename, and we could maybe calculate a checksum too. So we fire off a P2P query with what we have and what we want to know, then wait for responses.
Sure, you will probably get responses that conflict, so some kind of progessive weighting and elimination system is required. If you search on Kazaa and look at the meta info returned, it's fairly easy to see what is correct and what is not; automating this analysis is the next step. There is also the probabilty of CDDB type services springing up to act as the "Supernodes" of such a system, or as dedicated standalone services.
Of course, you probably wouldn't want the OS doing this for you automatically. Imagine the fun and games that would ensue if you started getting Bill G. sending out P2P queries to fill in the meta tag blanks on a document about "increasing revenue through tweaking our licensing strategy again"!;)
Good guesses. Replace "SCO" with "Apple" and you probably have the right triumvirate. All three were working on this in 1995 or so - Microsoft was going it alone with "Cairo" (should have been Win2K) and IBM/Apple were working togther on "Taligent"/"Pink". Neither project saw the light of day, although whether this was because of the system requirements or a marketing decision based on the paradigm shift is a matter of opinion.
The idea was probably stolen from Xerox Parc in the first place, of course.
Not quite, NTFS is a traditional file table with some bells and whistles, but it's not a "database" in the sense meant here(1). The next version of Windows, "Longhorn", is supposed to introduce a new file system called WinFS that will use a version of SQLServer as its backend. Whether they will actually deliver or not is another matter, since we were promised this in 1995 with Cairo and Taligent (remember them?), and now that Longhorn appears to have been pushed back...
There are also issues with gaining acceptance for the change in the way things work. This kind of thing has not really been done on a large scale in the wild before, on any OS, so whether people will be willing to accept the security and reliablity issues that may ensue is another matter. For example, what are the implications of a compromise in the database engine? MS is planning on using SQL, so if things go awry and it becomes possible to maliciously inject raw SQL to the filesystem interface... Oops. On the otherhand, the benefits for data retrival are *huge*. Imagine being able to find any audio files on your entire system by Justin Timberlake or Britney Spears and delete them all in one go by searching on the tag fields!;)
(1) Technically, all filesystems are databases, it's just that current ones are a collection of flatfile database tables that can point to each other, generally in a heirarchial manner. When people say "database" in the same sentence as "filesystem" they usually mean "relational database". As an aside however, high end databases usually forgo the need for a file system and provide the ability to write their tables directly to disk on a dedicated partition.
Re:What is the difference between MI5 and MI6 anyw
on
Cracking GSM
·
· Score: 3, Informative
MI5 is the old name for what is now officially the "Security Service" and is concerned with domestic security, although it does operate oversees. MI6 is the old name for what is now officially the "Secret Intelligence Service" and is concerned with foreign intelligence affairs, it supposedly has zero domestic mandate. There are also GCHQ (Government Communications Headquarters), JIC (Joint Intelligence Committee) and several other things under the auspices of Special Branch and the like.
For Windows XP? About half I'd say. SP1 is about 150MB, and the install CD is about 300MB, but includes some extra stuff. You can actually fit SP1 and all the critical patches onto a copy of the installation CD if you want to minimise room in your toolbox. Of course, SP1 just replaces some large files that might only have a few dozen bytes difference, so it's unfair to say half of Microsoft's code is patches, but still...
What? You're dubious about flying, but perfectly happy to have every molecule in your body ripped apart, beamed through the ether by some unknown technology and hopefully reassembled without being spliced with some fly DNA or having your favorite organ stuck to your forehead?.
I'm all for the Pizza though - there's no one near me that will deliver *waaaay* out here in the middle of nowhere. I mean, it's all of three miles... must be all the traffic congestion or something.
In the sense of HTTPS, yes, the CA is essentially saying "We confirm that this entity is who they claim to be". However, in this case, the role of the certificate is slightly different; it's to vouch for the fact that the sender is not sending spam. In effect the CA is now saying (or will be required to say) "We confirm that this entity is not a spammer". In both cases it's "to the best of our knowledge of course".
At least that's the way I understood it. There certainly has to be a mechanism for certificates to be declared invalid, or the whole concept falls apart. Either way, anything that increases the cost to spam is a good thing in the fight to reduce it.
only that a CA accepted money to vouch for your identity
Ah, but that's the point. Suppose I'm a spammer that spent a few dollars on the domain "foo.com" and I pay some more dollars to get a cert from CA #1 and spam away. This obviously gets noticed, and CA #1 revokes my certificate and blacklists the domain. So I go to CA #2 and pay some more money - same thing; cert revoked and domain blacklisted. However, dodgy CA #3 is prepared to take a few extra dollars for a guarantee to not revoke my cert. So I pony up the cash and keep spamming. Fairly obviously, people complain to CA #3. Repeatedly. Eventually they get fed up and stop trusting CA #3 altogether.
So, the key points are twofold. Firstly the spammer has to keep paying out money to stay in business, either on new domains or new certs. Probably the former since domains are cheap, but that rather hinders the prospect of repeat customers if they can't find you. Secondly it's not worth a CA going rogue, because if they lose the trust of the community and get blacklisted, then the value of their certificates plummets and they suffer financially.
Ultimately, it's making it more expensive to spam. At some point the cost of spamming must become more expensive then the dividend from those who fork over cash to you, and at that magical point spam dies on the vine. Well, in theory at least, since what's going to happen first is that the smaller players go out of business, improving the chances of the majors to get a sale.
Sheesh. Someone send Bill that Despair poster of the exhausted athelete with the caption "Failure. When your best just isn't good enough!", it sounds like he needs some more negative reinforcement to me.;)
He may be in custody already. To actually arrest someone requires a warrant, but it is possible to hold someone without a warrant for limited time provided they are allowed their phone call etc. I suspect they already have the guy and are just waiting on the necessary paperwork to arrive from the DA's office.
What makes that even more funny is that Caldera really did used to own DOS (DR DOS to be precise), but the assets went to Lineo during a coorporate re-org, and from there to DeviceLogics. Some details here and some more here. Embedded DOS? Jeez, and I thought WinCE was bad!
Actually, I think Red Hat really realised the crux of the problem first; it's not the WM that's the problem, it's the look and feel. Hence we got Bluecurve, and now we have a plethora of popular themes being ported between KDE and Gnome. Some of these ports are so good I can log out of KDE, switch to Gnome and my desktop, widgets and applications are identical in both WMs, regardless of whether they were written in GTK or Qt.
Why standardise on a single WM and toolkit when you *can* have your choice and make it?
"Hypermedia" is what we used to call the often proprietary amalgamation of hypertext and multimedia back before Tim Berners-Lee came along and sorted it all out for us. I don't know about how far back prior art on this goes, but I was quite happily embedding dynamic clocks, calenders and such like in a multi-user hypertext authoring system at Liverpool University in the early 90's. Embedded images, sound and even video was *already* old-hat at this point.
It was an in-house developed tool called MUCH (Many Users Creating Hypertext) written in the Andrew toolkit (think a forerunner of GTk/Qt) and running on HP-UX, if you were wondering.
They also have a legal hitsquad that has managed to successfully prosecute some of the spammers and software copiers too. So, if Symantec's product activation scheme works, then they are at least, preventing a few people from helping spammers stay in business, and that's a good thing, right?
Slashdot Mirror
There will probabally be even more typos in the frantic minutes being taken this morning in the US as the studio execs try to work out how the *hell* they are supposed to spin this. Have a NICE day suckers - what goes around comes around!
I bet the IBM lawyers were laughing their collective asses off while they compiled *that* list... "Ooh, Ooh, I've got a good one! Let's ask for any documents that mention the GPL! Bwaaahaahaahaa!". I love the way the points about "any documents relating to Microsoft" and "sales of stock" that slipped in there too. Now where do you suppose *that's* going? ;)
The simple answer is here. ESR doesn't know the identity of the DDoSer, having only dealt with a cut-out, only that (s)he is "an experienced Internet engineer". I find it incredibly crass of Darl to intimate that someone of ESR's standing in the community is obstructing the course of justice like that, and wonder if ESR might have some grounds for a libel case.
Both of Richard Morgan's books ("Altered Carbon" and "Broken Angels") back to back, and am eagerly awaiting the third. They don't involve spaceships, per se, but do have an interesting take on interstellar travel and what is shaping up to be an interesting, if violent, universe. Look him up.
Actually, look up several authors and try their works. Here's what I do every several months that led me to Richard Morgan:
- Go to Amazon.
- Search for a book / author I really like.
- Skip past the details and look at the "People who also bought this..." section.
- List the authors and titles on a piece of paper (or equivalent).
- Repeat steps 2-4 several times.
- Investigate the results that generate repeat hits more closely. I usually buy then, but you might prefer the library.
- Profit!!!! (intellectually, anyway)
So far, I've found several new authors in a variery of genres like this, sure there has been a few books I've not got into, but the successes far outweigh those. If Amazon have a patent on this idea; then they deserve this one in my opinion, because it really does work.I don't think it's that SciFi is dying, it's more that we are in a kind of generation gap. The old guard is passing away, and the new generation is still building up momentum, but there is a *lot* of good stuff out there if you look.
That's roughly 6,000 to 11,000 elephants. Or would you prefer it in something more sensible like the "15 to 28 miles" (24 to 45 km) mentioned in the article?
So, if I read this right, if no one pays any license extortion money to SCO then they will have to cut costs to remain in the black. One might suggest they start by dismissing their over-priced lawyers, dismissing their frivolous lawsuits, and trying to kick the collective crack habit they seem to have developed.
Then again, they are well on their way to becoming the poster child to show that taking drugs leads to criminal behaviour. I wonder if they could claim royalties on all the eventual "Don't do drugs or you'll turn into SCO" posters in schools and police stations... ;)
You must have some hefty expectations then, because KLite is telling me right now that there are "3,914,228 users online | 788,202,332 files (5,910,272 GB)" being shared. That hardly seems anywhere near "useless" to me, and I doubt it's going to get that way for a while either.
Remember, many of the people on there are not "technically" inclined; they are just average Janes and Joes who found out about Kazaa by word of mouth/email from friends when Napster went under. Until Kazaa's successor is known to the average man in the street Kazaa is probably going to remain king.
I have a routed block at home, and my basic setup is to use the embedded firewall (it's BSD running IPF as far as I can tell) to perform basic ingress/egress firewalling, DoS and portscan detection etc. and provide an Internet synched NTP server. All the firewall rule violations get sent back to a Linux box via SysLog and I also monitor network devices via SNMP. *All* my internal kit is restricted access by a local firewall; IPTables on the Linux boxes and Agnitum's excellent Outpost Pro on the Windows boxes. On top of all that, I have a slew of other stuff; TCPWrappers, a NAT'd wireless network locked down by MAC address, my switch is also locked to MACs and there is a small battery of IDS stuff running.
- That's the setup. How does it work? Very well it turns out; here are the stats for Friday:
- IP sessions blocked by gateway firewall: 4072
- IP sessions blocked by local firewalls: 0 (that's zero!)
- Probes of FTP server: 1
- Probes of HTTP server: 16 (looks like Nimda's nearly dead)
- Probes of SMTP server: 0 (that's suprising!)
- Probes of SSH server: 0 (ditto)
So, yes, it does look like these things are very effective, if you set them up properly of course!I do deserve my wrists slapping though... I'd completely forgotten about BeOS! For shame!
Actually, I was just thinking about this problem, and you know what would make a *really* easy solution and is readily available already? P2P! Think about it; a new file arrives on the system by whatever means, so the file system has zero idea about it's nature beyond what's available from the file. We probably know the type of file from its header, extension or whatever other "file" command type trick was required. We also know its size, any tag type information that may be present, the filename, and we could maybe calculate a checksum too. So we fire off a P2P query with what we have and what we want to know, then wait for responses.
Sure, you will probably get responses that conflict, so some kind of progessive weighting and elimination system is required. If you search on Kazaa and look at the meta info returned, it's fairly easy to see what is correct and what is not; automating this analysis is the next step. There is also the probabilty of CDDB type services springing up to act as the "Supernodes" of such a system, or as dedicated standalone services.
Of course, you probably wouldn't want the OS doing this for you automatically. Imagine the fun and games that would ensue if you started getting Bill G. sending out P2P queries to fill in the meta tag blanks on a document about "increasing revenue through tweaking our licensing strategy again"! ;)
The idea was probably stolen from Xerox Parc in the first place, of course.
There are also issues with gaining acceptance for the change in the way things work. This kind of thing has not really been done on a large scale in the wild before, on any OS, so whether people will be willing to accept the security and reliablity issues that may ensue is another matter. For example, what are the implications of a compromise in the database engine? MS is planning on using SQL, so if things go awry and it becomes possible to maliciously inject raw SQL to the filesystem interface... Oops. On the otherhand, the benefits for data retrival are *huge*. Imagine being able to find any audio files on your entire system by Justin Timberlake or Britney Spears and delete them all in one go by searching on the tag fields! ;)
(1) Technically, all filesystems are databases, it's just that current ones are a collection of flatfile database tables that can point to each other, generally in a heirarchial manner. When people say "database" in the same sentence as "filesystem" they usually mean "relational database". As an aside however, high end databases usually forgo the need for a file system and provide the ability to write their tables directly to disk on a dedicated partition.
For USians, the roles equate as follows:
MI5 = FBI
MI6 = CIA
GCHQ = NSA
JIC = Senate Oversight Committee (*very* roughly)
For Windows XP? About half I'd say. SP1 is about 150MB, and the install CD is about 300MB, but includes some extra stuff. You can actually fit SP1 and all the critical patches onto a copy of the installation CD if you want to minimise room in your toolbox. Of course, SP1 just replaces some large files that might only have a few dozen bytes difference, so it's unfair to say half of Microsoft's code is patches, but still...
I'm all for the Pizza though - there's no one near me that will deliver *waaaay* out here in the middle of nowhere. I mean, it's all of three miles... must be all the traffic congestion or something.
At least that's the way I understood it. There certainly has to be a mechanism for certificates to be declared invalid, or the whole concept falls apart. Either way, anything that increases the cost to spam is a good thing in the fight to reduce it.
Ah, but that's the point. Suppose I'm a spammer that spent a few dollars on the domain "foo.com" and I pay some more dollars to get a cert from CA #1 and spam away. This obviously gets noticed, and CA #1 revokes my certificate and blacklists the domain. So I go to CA #2 and pay some more money - same thing; cert revoked and domain blacklisted. However, dodgy CA #3 is prepared to take a few extra dollars for a guarantee to not revoke my cert. So I pony up the cash and keep spamming. Fairly obviously, people complain to CA #3. Repeatedly. Eventually they get fed up and stop trusting CA #3 altogether.
So, the key points are twofold. Firstly the spammer has to keep paying out money to stay in business, either on new domains or new certs. Probably the former since domains are cheap, but that rather hinders the prospect of repeat customers if they can't find you. Secondly it's not worth a CA going rogue, because if they lose the trust of the community and get blacklisted, then the value of their certificates plummets and they suffer financially.
Ultimately, it's making it more expensive to spam. At some point the cost of spamming must become more expensive then the dividend from those who fork over cash to you, and at that magical point spam dies on the vine. Well, in theory at least, since what's going to happen first is that the smaller players go out of business, improving the chances of the majors to get a sale.
We've got a long way to go yet...
Having spotted the typo in the initial Google I finally, found the link!
Sheesh. Someone send Bill that Despair poster of the exhausted athelete with the caption "Failure. When your best just isn't good enough!", it sounds like he needs some more negative reinforcement to me. ;)
He may be in custody already. To actually arrest someone requires a warrant, but it is possible to hold someone without a warrant for limited time provided they are allowed their phone call etc. I suspect they already have the guy and are just waiting on the necessary paperwork to arrive from the DA's office.
What makes that even more funny is that Caldera really did used to own DOS (DR DOS to be precise), but the assets went to Lineo during a coorporate re-org, and from there to DeviceLogics. Some details here and some more here. Embedded DOS? Jeez, and I thought WinCE was bad!
Why standardise on a single WM and toolkit when you *can* have your choice and make it?
I can give you an instance of prior art from 1991, three years before this patent was even filed. See my post above for more.
"Hypermedia" is what we used to call the often proprietary amalgamation of hypertext and multimedia back before Tim Berners-Lee came along and sorted it all out for us. I don't know about how far back prior art on this goes, but I was quite happily embedding dynamic clocks, calenders and such like in a multi-user hypertext authoring system at Liverpool University in the early 90's. Embedded images, sound and even video was *already* old-hat at this point.
It was an in-house developed tool called MUCH (Many Users Creating Hypertext) written in the Andrew toolkit (think a forerunner of GTk/Qt) and running on HP-UX, if you were wondering.
They also have a legal hitsquad that has managed to successfully prosecute some of the spammers and software copiers too. So, if Symantec's product activation scheme works, then they are at least, preventing a few people from helping spammers stay in business, and that's a good thing, right?