Unfortunately, the effort here by Microsoft here won't save the users most likely affected by the virus. Those users who don't know how to protect themselves adequately probably rely on Windows Update to keep their computer safe. How many of them will be informed in time to use Live Safety, or for that matter, how many of them know that it exists?
At least I know how to protect my computers. So the impact to me would be none regardless of what Microsoft does. It is those users that don't even know the definition of malware that are most at risk, and will be the least likely to use Microsoft's proposed remedy.
Unfortunately, very few providers actually filter traffic leaving their network, which means someone could easily spoof their IP address. If someone can bang away at your firewall with a spoofed IP address, your firewall will cut off the traffic from the fake source AND the real one.
Also, a lot of zombies on the net sit on dynamically addressed machines. The next time a zombie connects to the net, your RBL won't block him since he will be coming from a different address.
Unfortunately, PIPEDA does permit this sort of disclosure. This is quoted from the exact bill here with the relevant section quoted below...
7.(3) For the purpose of clause 4.3 of Schedule 1, and despite the note that accompanies that clause, an organization may disclose personal information without the knowledge or consent of the individual only if the disclosure is...
...(c) required to comply with a subpoena or warrant issued or an order made by a court, person or body with jurisdiction to compel the production of information, or to comply with rules of court relating to the production of records;
So, if Videotron complies to submit the information by subpoena, PIPEDA doesn't protect you.
Also, if you end up getting sued, PIPEDA won't protect you from the debt collectors either because clause b of that same section states...
...(b) for the purpose of collecting a debt owed by the individual to the organization;
PIPEDA is not a law that allows you to hide from the enforcement or administration of any other law.
Essentially, Videotron won't fight the subpoena request because they are owned by Quebecor, a media company that is a CRIA member...
Now why would you think you have any rights to code you didn't write?
If you look at that situation through RIAA-colored glasses, it would be called "theft".
So Mr. Schwartz, if you want complain that you can't "steal" anything from Open Source because of the GPL, remember this well. Even thieves have to eventually pay when they get caught.
Unfortunately, the government's definition of an attempt to overthrow them can be much different than yours, so don't expect your values to mean anything to them.
I have had the fortune of travelling to China back in 1998, and here is a bit of advice if you plan to make a trip of any significant length.
1. If you plan on visiting or staying for some period of time, try to avoid bringing any computers or electronic devices with you. They have a strict policy at the border to inspect and confiscate devices if they consider any materials within them to be "detrimental" to the ideologies of the government. If you absolutely need one while you are there, consider buying one in China (the prices are relatively cheap). It is easier to get one out of the country than to bring one in.
2. While the "Great Firewall of China" might be a nuisance to you, it will be very difficult to avoid. SSH tunnelling will likely be your friend in this case.
3. Be courteous and cooperate with officials. The larger cities have dedicated police forces, but once you are in the more rural areas, these locations are policed by the army. And they use nice shiny AK-47s as sidearms.
The promise of technology that went bad.
on
Life Interrupted
·
· Score: 1
Well, this all stems from the technologies that were intended to make our lives easier and spend less time at work.
Unfortunately, these technologies were implemented into our jobs with the sense that a worker spends the same amount of time that he used to at work. He is now responsible for many more things and when the work piles on (because many things go wrong at the same time), the employee is expected to multitask or spend more time at work.
When you try to do several intensive tasks at the same time, it naturally causes stress and inefficiency requiring more time out of the worker.
Well, that pretty much kills off the original promise of an easier life and less time at work. It seems that employers got all the benefits of technology by getting a worker of this time to do the same job it took many people to do in the past (and save on all that salary...).
... that would turn your machine into a Spambot; now that would be funny.:)
CAN-SPAM may require an opt-out option in the e-mail to remain legal. However, the legislation DOESN'T protect you from the consequences of using that opt-out option.
It's legislated social engineering at its finest. Good luck out there.
Actually, the tokens themselves are quite reliable. I have seen only a small few that actually drift out of sync with the authentication server. In the case that the server determines that the token is out of sync, it can query the user during the authentication process to key in the current code to maintain sync with the server.
In most cases, it is the internal clock of the computer running the authentication server that drifts the most. Of course, you are always encouraged to use NTP in order to keep that clock in check.
Well, the two-factor authentication scheme works on the basis of something you know + something you have (password + token).
If you lose the token, you should report that you've lost it, so the administrators can disable that token from the authentication server. At that point, they can choose to reissue a new one, or reactivate the original one should you find it again.
If you thought that paying $699 per CPU license for a GPL'ed operating system was a rip off, they pull a bigger scam on us by saying we should pay the same amount for something that doesn't exist.
Hmm, the stink of fraud is certainly filling up the room now...
The automated parachute deploys (they have them for planes now) and the X foot fall is eliminated.
That assumes that your not the unlucky victim of entering a collision when someone hits the roof of your vehicle. Unfortunately, that is also the degree of motion that regular users will have the most difficulty adjusting to.
Hmm. If I remember correctly, a bug that was in a tool used in 9 Linux distributions (for example) was also counted as 9 vulnerabilities as opposed to just one.
Take the numbers out of context and they really lose all of their meaning. Hence, the study comes to its conclusions with a lot more spin than relevant fact.
I agree with these points. However, I read the article and then noticed why it appeared to be running so slow for the user.
With only 128 MB of RAM, you can run KDE within reason. In this case, the user attempts to run three basic tasks on his system (web browsing, e-mail, and an office application) simultaneously.
Mozilla was chosen for web-browsing. OpenOffice was chosen as the office application. Evolution was chosen as the mail client.
These apps are memory intensive. Since they don't share any of the desktop widgets that KDE offers, they consume additional memory for additional widgets. The combination of heavy apps plus most recent KDE plus 128MB of RAM in the system = crawl.
I figure that if the user used equivalent native KDE apps, this wouldn't be such a problem. Konquerer + KOffice + Kmail makes for a significantly smaller memory footprint to accomplish the same tasks.
If that makes you mad, maybe this will light a bigger fire.
In Ottawa, Canada, one police officer killed a civilian in a car crash while he was responding to a call. The only thing he is getting is 6 months of house arrest. He isn't even going to jail for the equivalent of vehicular manslaughter.
Back on topic, I don't see much of problem with this instance of the black box. We already have these in aircraft. The only problem is that we should inform drivers that such a monitor exists as they should have the right to know that it is there.
I think that this study does highlight something very important. But I think it has a lot more with the human brain's need to interpret whatever it encounters.
I live in an area where there are several languages that are in use. While I am tri-lingual myself, I usually will notice conversations that take place that are not in a language that I can understand (the keyword being notice). Mind you, since I won't understand either party involved, I will usually dismiss it quickly as noise.
I also notice people who converse with me while plodding around with their PDA, tablet PC, etc. (especially when I can't see it for myself).
The cell phone is probably the worst case. As you only hear the one party conversing, your brain can only interpret part of the conversation which increases the annoyance factor. What makes them even more annoying is that their mobility allows them to go anywhere.
And under the current system, the spammer doesn't know anything about the recipient (or even that the email address is valid) unless he does something stupid like reply or click on a web link.
Unfortunately, spammers don't even have to wait. They just need to look up their MTA's logfile and look for any messages like "250 message accepted for delivery" and they now have a valid e-mail address. Score one to the mail address database.
I guess that you have never had the luxury of dealing with Checkpoint support.
I work for an MSSP and regularly deal with Checkpoint. It is also good to get an independant source for tips about Checkpoint. To put it simply, Checkpoint support is sometimes less than helpful.
Actually, the X-Box was more of a child born in order to jump into the market faster. Microsoft realized that they were 2 years late in the game and need to trim that edge down so they would end up third in the market.
The Microsoft strategy was two-fold. Close the gap on the market and try to make a product that would outperform the competition. The hard-drive was a double-edged sword. It made the console unique, but because of the PC-like architecture, it also gained the moniker "hack-box".
This strategy failed. They weren't able to breakout as the winner in the next-generation console market. This time, they are changing the architecture because they are prepared to jump into the market. Also, they have to prevent the losses that plagued the original X-Box.
Now, they wait for Sony to drop their specs down for PS3. Microsoft is using the same strategy as last time with the exception of being 18 months behind to bring to market. We'll have to see what they offer and what difference it will make this time.
Mars is a nice goal, but there is no sense in trying to send a manned mission there without verifying first that such a mission is feasible.
The moon will have to be that proving ground. We already know that we can make it there. The question for the near future is whether or not an operation can be sustained there for a suitable time period.
The problem with Mars is that there is only a small window from which a manned mission can launch. This window occurs only once every 18 months.
If some problem occurs and it is several months away from the next launch window, the men and women on that mission have to live with that problem. If the problem is life-threatening, those people are as good as dead.
The moon is a good first step because it stays at a relatively constant distance from Earth. If a problem occurs on the moon, a launch could be made to assist them at anytime. It is a less risky proposition to start.
I believe that when a manned mission can operate independantly on the moon for a period of two years, Mars will be a reachable and sustainable goal.
The FBI cart equipment away to their premises in order to duplicate the systems and environments. If ever you get into information systems forensics, they would at least perform 2 copies. One is kept as an exact duplicate (to keep for their investigation records) and at least another to actually run analysis against (since searching on an active system can change the data stored in it).
It also makes it easier to catalog what they are working with, and prevents any interference from the outside.
Slashdot Mirror
Unfortunately, the effort here by Microsoft here won't save the users most likely affected by the virus. Those users who don't know how to protect themselves adequately probably rely on Windows Update to keep their computer safe. How many of them will be informed in time to use Live Safety, or for that matter, how many of them know that it exists?
At least I know how to protect my computers. So the impact to me would be none regardless of what Microsoft does. It is those users that don't even know the definition of malware that are most at risk, and will be the least likely to use Microsoft's proposed remedy.
Also, a lot of zombies on the net sit on dynamically addressed machines. The next time a zombie connects to the net, your RBL won't block him since he will be coming from a different address.
7.(3) For the purpose of clause 4.3 of Schedule 1, and despite the note that accompanies that clause, an organization may disclose personal information without the knowledge or consent of the individual only if the disclosure is...
So, if Videotron complies to submit the information by subpoena, PIPEDA doesn't protect you.
Also, if you end up getting sued, PIPEDA won't protect you from the debt collectors either because clause b of that same section states...
PIPEDA is not a law that allows you to hide from the enforcement or administration of any other law.
Essentially, Videotron won't fight the subpoena request because they are owned by Quebecor, a media company that is a CRIA member...
If you look at that situation through RIAA-colored glasses, it would be called "theft".
So Mr. Schwartz, if you want complain that you can't "steal" anything from Open Source because of the GPL, remember this well. Even thieves have to eventually pay when they get caught.
I have had the fortune of travelling to China back in 1998, and here is a bit of advice if you plan to make a trip of any significant length.
1. If you plan on visiting or staying for some period of time, try to avoid bringing any computers or electronic devices with you. They have a strict policy at the border to inspect and confiscate devices if they consider any materials within them to be "detrimental" to the ideologies of the government. If you absolutely need one while you are there, consider buying one in China (the prices are relatively cheap). It is easier to get one out of the country than to bring one in.
2. While the "Great Firewall of China" might be a nuisance to you, it will be very difficult to avoid. SSH tunnelling will likely be your friend in this case.
3. Be courteous and cooperate with officials. The larger cities have dedicated police forces, but once you are in the more rural areas, these locations are policed by the army. And they use nice shiny AK-47s as sidearms.
Unfortunately, these technologies were implemented into our jobs with the sense that a worker spends the same amount of time that he used to at work. He is now responsible for many more things and when the work piles on (because many things go wrong at the same time), the employee is expected to multitask or spend more time at work.
When you try to do several intensive tasks at the same time, it naturally causes stress and inefficiency requiring more time out of the worker.
Well, that pretty much kills off the original promise of an easier life and less time at work. It seems that employers got all the benefits of technology by getting a worker of this time to do the same job it took many people to do in the past (and save on all that salary...).
CAN-SPAM may require an opt-out option in the e-mail to remain legal. However, the legislation DOESN'T protect you from the consequences of using that opt-out option.
It's legislated social engineering at its finest. Good luck out there.
In most cases, it is the internal clock of the computer running the authentication server that drifts the most. Of course, you are always encouraged to use NTP in order to keep that clock in check.
If you lose the token, you should report that you've lost it, so the administrators can disable that token from the authentication server. At that point, they can choose to reissue a new one, or reactivate the original one should you find it again.
It seems that Firefox doesn't render these iframes properly.
Hmm, the stink of fraud is certainly filling up the room now...
That assumes that your not the unlucky victim of entering a collision when someone hits the roof of your vehicle. Unfortunately, that is also the degree of motion that regular users will have the most difficulty adjusting to.
Hmm, would you pee in your pants if you had just thought that you wormed the cops?
You never know what they can do with that carbonite freezer...
There is one thing stronger than "The Force". It's called a copyright... Because it lives on after you die.
Take the numbers out of context and they really lose all of their meaning. Hence, the study comes to its conclusions with a lot more spin than relevant fact.
With only 128 MB of RAM, you can run KDE within reason. In this case, the user attempts to run three basic tasks on his system (web browsing, e-mail, and an office application) simultaneously.
Mozilla was chosen for web-browsing. OpenOffice was chosen as the office application. Evolution was chosen as the mail client.
These apps are memory intensive. Since they don't share any of the desktop widgets that KDE offers, they consume additional memory for additional widgets. The combination of heavy apps plus most recent KDE plus 128MB of RAM in the system = crawl.
I figure that if the user used equivalent native KDE apps, this wouldn't be such a problem. Konquerer + KOffice + Kmail makes for a significantly smaller memory footprint to accomplish the same tasks.
In Ottawa, Canada, one police officer killed a civilian in a car crash while he was responding to a call. The only thing he is getting is 6 months of house arrest. He isn't even going to jail for the equivalent of vehicular manslaughter.
Back on topic, I don't see much of problem with this instance of the black box. We already have these in aircraft. The only problem is that we should inform drivers that such a monitor exists as they should have the right to know that it is there.
I live in an area where there are several languages that are in use. While I am tri-lingual myself, I usually will notice conversations that take place that are not in a language that I can understand (the keyword being notice). Mind you, since I won't understand either party involved, I will usually dismiss it quickly as noise.
I also notice people who converse with me while plodding around with their PDA, tablet PC, etc. (especially when I can't see it for myself).
The cell phone is probably the worst case. As you only hear the one party conversing, your brain can only interpret part of the conversation which increases the annoyance factor. What makes them even more annoying is that their mobility allows them to go anywhere.
Unfortunately, spammers don't even have to wait. They just need to look up their MTA's logfile and look for any messages like "250 message accepted for delivery" and they now have a valid e-mail address. Score one to the mail address database.
Would lawyers that specialize in harassment cases use this kind of tactic.
As for getting anything decided at these meetings, that's a whole other matter entirely.
I work for an MSSP and regularly deal with Checkpoint. It is also good to get an independant source for tips about Checkpoint. To put it simply, Checkpoint support is sometimes less than helpful.
The Microsoft strategy was two-fold. Close the gap on the market and try to make a product that would outperform the competition. The hard-drive was a double-edged sword. It made the console unique, but because of the PC-like architecture, it also gained the moniker "hack-box".
This strategy failed. They weren't able to breakout as the winner in the next-generation console market. This time, they are changing the architecture because they are prepared to jump into the market. Also, they have to prevent the losses that plagued the original X-Box.
Now, they wait for Sony to drop their specs down for PS3. Microsoft is using the same strategy as last time with the exception of being 18 months behind to bring to market. We'll have to see what they offer and what difference it will make this time.
The moon will have to be that proving ground. We already know that we can make it there. The question for the near future is whether or not an operation can be sustained there for a suitable time period.
The problem with Mars is that there is only a small window from which a manned mission can launch. This window occurs only once every 18 months.
If some problem occurs and it is several months away from the next launch window, the men and women on that mission have to live with that problem. If the problem is life-threatening, those people are as good as dead.
The moon is a good first step because it stays at a relatively constant distance from Earth. If a problem occurs on the moon, a launch could be made to assist them at anytime. It is a less risky proposition to start.
I believe that when a manned mission can operate independantly on the moon for a period of two years, Mars will be a reachable and sustainable goal.
The FBI cart equipment away to their premises in order to duplicate the systems and environments. If ever you get into information systems forensics, they would at least perform 2 copies. One is kept as an exact duplicate (to keep for their investigation records) and at least another to actually run analysis against (since searching on an active system can change the data stored in it).
It also makes it easier to catalog what they are working with, and prevents any interference from the outside.