Meanwhile, Michael Crichton exec- or co- produces nearly all the movies based on his books, and still manages to "fuck them up"... at least completely retool them for visual effect and speed rather than suspense, intrigue, or intellectual merit. Sometimes he even changes the name. Heaven forbid the movie version of H2G2 be called "Running Around Space With A Book".
Correct me if I'm wrong, but I thought G appliances were backwards compatible with B appliances.
Seems G would be the way to go. Higher cost, but better longevity and compatibility and potential bandwidth.
As for concerns about speed: Here's the thing that gets me about WiFi speed potential (or Ethernet for that matter) when it comes to an open network: What difference does the speed of the line to the node make as long as it's at least as fast as the pipe you'll be using on the back to connect out to the world? Sure, this will matter to the municipal government, who presumably will have lots of internal point-to-point traffic, but not the public, who just want to surf the net.
Here's another question: Are municipal governments still subject to regulations on output, or being governmental, can they crank up the wattage? One wonders if metropolitan WiFi would benefit from greater output allowances. You'd need less APs, etc; instead of trying to put a city-owned piece of hardware on every downtown building, you could increase their range and put them further apart.
Isn't it this exact size of company that has had the highest percentage of layoffs due to operating costs going out of control?
Management at such companies are too far removed from day-to-day to know what is the best option, and yet their companies are too small or young to have made wise decisions based on experience. They are too paranoid, too vulnerable, and too short-view. They take the bulk offers from MS because they look cheap while really having high hidden cost. But "hidden cost" is the sort of thing that always seems to surprise companies of that size.
With 400,000 American construction workers injured each year, and a typical American house takeing at least six months to complete, house building had been the same tiring gritty job for 20,000 years.
Injured as they may be, they at least had a paycheck with which to feed their families.
It took you people this fricking long to realize that MAPS isn't just a "blackhole list" but an actual black hole of human sense?
MAPS and other overzealous spambots have been prior-restraining and zero-tolerating one-off cases of open relayness since before 1997. And all this time, thousands of ISPs have brain-deadedly blockaded any IP in MAPS, which is rarely updated to current state and has always been dreadfully difficult to correct.
MAPS, ORBS, SpamCop et al have been the most effective examples of the brain-dead zero-tolerance mentality. And the lazy companies that allow them to decide what goes over their network, like so many lazy parents who allow the government to decide what their children watch, turn MAPS into a hopeless stranglehold over communications.
I'm sorry, Spam Sucks, but if you've ever been the collateral damage of one of these lists, or of any other antispam crusader who is both brain-dead and incommunicable, you know just how hopeless it is and how unyielding they are, and how stupid it is to let them have unquestionable control your network.
Companies typically use a lot of software that has nothing to do with the business model of the company.
For example, if I decide that no CMS out there does what I want to do for the best arrangement of the company's Intranet, I might go ahead (if I have the cycles, or I am lucky enough to work for a "20% percent" company, or a "blue time" company, or can otherwise defend the time/effort, etc.) and start putting together a CMS that does what I want. But this is for a company that sells hot dogs, not CMS's. And there's nothing so essentially hot-dog-selling-centric about a CMS. So why keep it wrapped up within a hot dog company for no practical reason?
Unless the hot dog company decides it wants to go into software. This must mean it was living in a cave during the late 90s.
I don't think it's entirely as clean cut as it seems -- I wasn't asked or ordered to develop it (I'm QA, not development); I saw the need for it to do my job, not being able to find a suitable alternative, and went ahead and did it on my own. But I only developed it to the extent that was warranted by my responsibilities and job expectations.
As for mentioning the company, I quite likely would have done that anyway.
Well, I just recently received the blessing to release a bunch of internal PHP tools I made as open source... a test case management system, an inventory library system, and a scheduled task notification system.
It helps a lot when you can easily point out that the tools you want open sourced have nothing to do with the core function of the company, and are really serving a generic purpose and could be used by others. (It also helps to have designed the tools with this in mind from the start.)
My company asked that the company's name be included somewhere in the softwares' materials in the releases I was involved with; I figured this was a small favor to go along with, and it helped them appreciate the idea as having some sort of paid-forward benefit.
How soon we forget -- Mapquest had satellite imagery until about three years ago, when it went (free) subscription-only, then suddenly and without notice (like all other Mapquest changes) it disappeared.
The signature is there for your protection, but *after* the fact. If you challenge a purchase later, the original receipt is compared to your signature, and you can theoretically argue that if it doesn't look like your signature, you didn't authorize the purchase.
(That's presuming there aren't other factors that suggest that you really did make the purchase. Like security cameras. Or physically owning the item in question.)
Of course, it's in the merchants' best interests to check your signature, cause it's their loss if you challenge a purchase.
On the other hand, out West we now have systems where you can charge a small purchase (under $50, I guess) without even signing. Starbucks and Qdoba both have this, and some McDonald'ses.
A GSM phone should in theory work anywhere a GSM network is available. It may need to be unlocked; sometimes there are ways to get this done on your own, sometimes the original or new carrier will help you do it.
I personally would jump for joy at one of them Linux phonezors... an' if you don' wan' 'em no more...:)
I suppose, though a phone spouting at me in Japanese isn't exactly the best thing for me, but I'm guessing there's ways to solve that.
In order to submit IRS returns electronically, the software developer and/or the agency submitting the returns has to be an authorized E-File provider. (Read that, it's chock full of insightful information on this subject, as is this one.) When you use TurboTax, you don't end up submitting directly to the IRS, but via TurboTax's systems as a middleman, which passes your return along to the IRS via "e-file transmitters".
Furthermore, you also have to get approval from every state you want to be able to support state returns for. 1, 2, 3
Which is, no doubt, why there aren't a lot more tax software options.
In the unlikely scenario that an open source project received this approval, the trusted endpoint problem would wreak havoc with its success.
Such a project would have to function like a foundation, with its own online middleman service to process the returns through. (Or, perhaps more ambitiously, operate its own e-file Transmitter.)
Anyway, I'm a big fan of TurboTax for the Web. I don't need to download anything, or worry about upgrading each year, and the cost is somewhat dependent on the complexity of my return and the added features I want, so I don't end up buying a shrink-wrapped flat-rate option that I end up underusing.
But over time, you can take repeated samples of that time and thereby determine its drift far beyond 1 ms.
This is clearly not (or not obviously) an "okay, he's connected, it's him" solution. The story points out that their test on 69 XP boxes ran for 38 days. That's an awfully long time unless you're on a long haul sting. The "prettiest" unique timestamp graph in the paper (figure 3) covers a 96 hour period, for 69 hosts. To truly do unique fingerprinting of this sort when you have to content with a single ISP's worth of hosts is probably going to take an awful lot longer than 96 hours. The technique would actually be better off if the skews weren't perfectly linear.
I'm not sure it's practical. It's interesting, but not practical.
Anyway, it seems to me I could easily fiddle with my clock time at the millisecond level (probably in the stack code rather than actual system time, but who cares?) in such a way to throw off this technique.
From the paper:
Unfortunately, because Windows 2000 and XP machines do not include the TCP timestamps option in their initial SYN packets, the TCP timestamps RFC [13] mandates that none of the subsequent packets in Windows-initiated flows can include the TCP timestamps option. Thus, assuming that all parties correctly implement the TCP RFCs, a passive adversary will not be able to exploit the TCP timestamps option with Windows 2000/XP-initiated flows. If the adversary is semi-passive, we observe the following trick. Assume for simplicity that the adversary is the device to whom theWindows machine is connecting. After receiving the initial SYN packet from the Windows machine, the adversary will reply with a SYN/ACK, but the adversary will break the RFC 1323 specification and include the TCP timestamps option in its reply. After receiving such a reply, our Windows 2000 and XP machines ignored the fact that they did not include the TCP timestamps option in their initial SYN packets, and included the TCP timestamps option in all of their subsequent packets.
So if you're looking to avoid detection via this method, you need to ignore ICMP TSTAMP requests (used in the "active" technique) and have a TCP stack that never sends TSOpt timestamps (used in the passive and semi-passive techniques). Apparently Windows boxes normally get through life quite fine without them. One wonders if the TCP performance benefits of the TSOpt are really relevant in an era of broadband and high-speed links for the majority of uses.
Another way that seems implied by suggestions about the best fingerprint-detecting device would be to have your system clock maintained by something better than NTP. The paper suggests CDMA and GPS as higher-accuracy alternatives for the attacking host; no comment on how it affects the process if used on the target host (especially if the attacking host doesn't).
What, you mean production decisions made based on the actual value to viewers?
The only problem is that the only things left on TV will star 20 year olds playing the parts of teenagers who whine about their parents and sleep with their best friend's S.O.'s.
Gotta love the flat Phillips; probably more universally suitable than your average single-size full screwdriver.
The scissors are nice but easily abused. Mine are looking pretty ragged and don't cut paper very well at all anymore. Of course, I've used it to cut small branches.
I've also found you can get a bad pinch from the back hinge end. And the keychain pseudo-tool can get in the way of other tools on that end.
Slashdot Mirror
Meanwhile, Michael Crichton exec- or co- produces nearly all the movies based on his books, and still manages to "fuck them up"... at least completely retool them for visual effect and speed rather than suspense, intrigue, or intellectual merit. Sometimes he even changes the name. Heaven forbid the movie version of H2G2 be called "Running Around Space With A Book".
Correct me if I'm wrong, but I thought G appliances were backwards compatible with B appliances.
Seems G would be the way to go. Higher cost, but better longevity and compatibility and potential bandwidth.
As for concerns about speed: Here's the thing that gets me about WiFi speed potential (or Ethernet for that matter) when it comes to an open network: What difference does the speed of the line to the node make as long as it's at least as fast as the pipe you'll be using on the back to connect out to the world? Sure, this will matter to the municipal government, who presumably will have lots of internal point-to-point traffic, but not the public, who just want to surf the net.
Here's another question: Are municipal governments still subject to regulations on output, or being governmental, can they crank up the wattage? One wonders if metropolitan WiFi would benefit from greater output allowances. You'd need less APs, etc; instead of trying to put a city-owned piece of hardware on every downtown building, you could increase their range and put them further apart.
Isn't it this exact size of company that has had the highest percentage of layoffs due to operating costs going out of control?
Management at such companies are too far removed from day-to-day to know what is the best option, and yet their companies are too small or young to have made wise decisions based on experience. They are too paranoid, too vulnerable, and too short-view. They take the bulk offers from MS because they look cheap while really having high hidden cost. But "hidden cost" is the sort of thing that always seems to surprise companies of that size.
Killing people for real is much harder than it is on TV!
Well, some crimes aren't.
Company A doesn't give a fuck if you get another job, and company B doesn't give a fuck if Company A won't let you give them what they want.
My best advice to you is to say fuck the system. Oh, and stop voting Republican.
With 400,000 American construction workers injured each year, and a typical American house takeing at least six months to complete, house building had been the same tiring gritty job for 20,000 years.
Injured as they may be, they at least had a paycheck with which to feed their families.
but...
In Soviet Russia, security cracks you!
It's all in the CVS at the moment. I'm holding off on progress right now until I can acquire a place with the required MySQL 4.1 for a demo site.
It took you people this fricking long to realize that MAPS isn't just a "blackhole list" but an actual black hole of human sense?
MAPS and other overzealous spambots have been prior-restraining and zero-tolerating one-off cases of open relayness since before 1997. And all this time, thousands of ISPs have brain-deadedly blockaded any IP in MAPS, which is rarely updated to current state and has always been dreadfully difficult to correct.
MAPS, ORBS, SpamCop et al have been the most effective examples of the brain-dead zero-tolerance mentality. And the lazy companies that allow them to decide what goes over their network, like so many lazy parents who allow the government to decide what their children watch, turn MAPS into a hopeless stranglehold over communications.
I'm sorry, Spam Sucks, but if you've ever been the collateral damage of one of these lists, or of any other antispam crusader who is both brain-dead and incommunicable, you know just how hopeless it is and how unyielding they are, and how stupid it is to let them have unquestionable control your network.
Companies typically use a lot of software that has nothing to do with the business model of the company.
For example, if I decide that no CMS out there does what I want to do for the best arrangement of the company's Intranet, I might go ahead (if I have the cycles, or I am lucky enough to work for a "20% percent" company, or a "blue time" company, or can otherwise defend the time/effort, etc.) and start putting together a CMS that does what I want. But this is for a company that sells hot dogs, not CMS's. And there's nothing so essentially hot-dog-selling-centric about a CMS. So why keep it wrapped up within a hot dog company for no practical reason?
Unless the hot dog company decides it wants to go into software. This must mean it was living in a cave during the late 90s.
FWIW, the company has since changed its name.
I don't think it's entirely as clean cut as it seems -- I wasn't asked or ordered to develop it (I'm QA, not development); I saw the need for it to do my job, not being able to find a suitable alternative, and went ahead and did it on my own. But I only developed it to the extent that was warranted by my responsibilities and job expectations.
As for mentioning the company, I quite likely would have done that anyway.
Well, I just recently received the blessing to release a bunch of internal PHP tools I made as open source... a test case management system, an inventory library system, and a scheduled task notification system.
It helps a lot when you can easily point out that the tools you want open sourced have nothing to do with the core function of the company, and are really serving a generic purpose and could be used by others. (It also helps to have designed the tools with this in mind from the start.)
My company asked that the company's name be included somewhere in the softwares' materials in the releases I was involved with; I figured this was a small favor to go along with, and it helped them appreciate the idea as having some sort of paid-forward benefit.
How soon we forget -- Mapquest had satellite imagery until about three years ago, when it went (free) subscription-only, then suddenly and without notice (like all other Mapquest changes) it disappeared.
Shut up and make sites Lynx-compatible and no one will have a problem.
He doesn't, he runs a vncserver on the host and gets RealVNC client for Windows.
The signature is there for your protection, but *after* the fact. If you challenge a purchase later, the original receipt is compared to your signature, and you can theoretically argue that if it doesn't look like your signature, you didn't authorize the purchase.
(That's presuming there aren't other factors that suggest that you really did make the purchase. Like security cameras. Or physically owning the item in question.)
Of course, it's in the merchants' best interests to check your signature, cause it's their loss if you challenge a purchase.
On the other hand, out West we now have systems where you can charge a small purchase (under $50, I guess) without even signing. Starbucks and Qdoba both have this, and some McDonald'ses.
So you wanna blame Slashdot because corporations and governments are routinely bullshitting people, then backpedaling?
(Why exactly do we let them get away with that, anyway...? Oh yeah, cause we're a nation of pathetic dumbasses.)
A GSM phone should in theory work anywhere a GSM network is available. It may need to be unlocked; sometimes there are ways to get this done on your own, sometimes the original or new carrier will help you do it.
:)
I personally would jump for joy at one of them Linux phonezors... an' if you don' wan' 'em no more...
I suppose, though a phone spouting at me in Japanese isn't exactly the best thing for me, but I'm guessing there's ways to solve that.
In order to submit IRS returns electronically, the software developer and/or the agency submitting the returns has to be an authorized E-File provider. (Read that, it's chock full of insightful information on this subject, as is this one.) When you use TurboTax, you don't end up submitting directly to the IRS, but via TurboTax's systems as a middleman, which passes your return along to the IRS via "e-file transmitters".
Furthermore, you also have to get approval from every state you want to be able to support state returns for. 1, 2, 3
Which is, no doubt, why there aren't a lot more tax software options.
In the unlikely scenario that an open source project received this approval, the trusted endpoint problem would wreak havoc with its success.
Such a project would have to function like a foundation, with its own online middleman service to process the returns through. (Or, perhaps more ambitiously, operate its own e-file Transmitter.)
Anyway, I'm a big fan of TurboTax for the Web. I don't need to download anything, or worry about upgrading each year, and the cost is somewhat dependent on the complexity of my return and the added features I want, so I don't end up buying a shrink-wrapped flat-rate option that I end up underusing.
From how it's described in the paper, I would have to describe MS TCP's behaviour as "embarrassed".
"Let's see if I can get away with not doing this... Ack, the other end wants it; ok, let's pretend like we know what we're doing..."
n/t
But over time, you can take repeated samples of that time and thereby determine its drift far beyond 1 ms.
This is clearly not (or not obviously) an "okay, he's connected, it's him" solution. The story points out that their test on 69 XP boxes ran for 38 days. That's an awfully long time unless you're on a long haul sting. The "prettiest" unique timestamp graph in the paper (figure 3) covers a 96 hour period, for 69 hosts. To truly do unique fingerprinting of this sort when you have to content with a single ISP's worth of hosts is probably going to take an awful lot longer than 96 hours. The technique would actually be better off if the skews weren't perfectly linear.
I'm not sure it's practical. It's interesting, but not practical.
Anyway, it seems to me I could easily fiddle with my clock time at the millisecond level (probably in the stack code rather than actual system time, but who cares?) in such a way to throw off this technique.
From the paper:
Unfortunately, because Windows 2000 and XP machines do not include the TCP timestamps option in their initial SYN packets, the TCP timestamps RFC [13] mandates that none of the subsequent packets in Windows-initiated flows can include the TCP timestamps option. Thus, assuming that all parties correctly implement the TCP RFCs, a passive adversary will not be able to exploit the TCP timestamps option with Windows 2000/XP-initiated flows.
If the adversary is semi-passive, we observe the following trick. Assume for simplicity that the adversary is the device to whom theWindows machine is connecting. After receiving the initial SYN packet from the Windows machine, the adversary will reply with a SYN/ACK, but the adversary will break the RFC 1323 specification and include the TCP timestamps option in its reply. After receiving such a reply, our Windows 2000 and XP machines ignored the fact that they did not include the TCP timestamps option in their initial SYN packets, and included the TCP timestamps option in all of their subsequent packets.
So if you're looking to avoid detection via this method, you need to ignore ICMP TSTAMP requests (used in the "active" technique) and have a TCP stack that never sends TSOpt timestamps (used in the passive and semi-passive techniques). Apparently Windows boxes normally get through life quite fine without them. One wonders if the TCP performance benefits of the TSOpt are really relevant in an era of broadband and high-speed links for the majority of uses.
Another way that seems implied by suggestions about the best fingerprint-detecting device would be to have your system clock maintained by something better than NTP. The paper suggests CDMA and GPS as higher-accuracy alternatives for the attacking host; no comment on how it affects the process if used on the target host (especially if the attacking host doesn't).
What, you mean production decisions made based on the actual value to viewers?
The only problem is that the only things left on TV will star 20 year olds playing the parts of teenagers who whine about their parents and sleep with their best friend's S.O.'s.
Then again, it could save Enterprise.
(I'm not sure that that's any better.)
Gotta love the flat Phillips; probably more universally suitable than your average single-size full screwdriver.
The scissors are nice but easily abused. Mine are looking pretty ragged and don't cut paper very well at all anymore. Of course, I've used it to cut small branches.
I've also found you can get a bad pinch from the back hinge end. And the keychain pseudo-tool can get in the way of other tools on that end.