Chapter Four is about using common tools, like Ethereal, Netstat...
If you're talking about Joe User, you need to stick to what works under Windows. Last time I checked, Ethereal on win32 platforms only worked on LAN (eth) adapters and not dialup connections. If you've got a cable modem or DSL hooked up via an ethernet adapter, then it's a viable option. I'll agree about netstat, but I really don't think I'd be able to teach my a non-technical person how to interperet the output -- even given a book with examples, a non-techie really doesn't stand much chance tracing down what programs have what ports open.
As far as monitoring open connections on a win32 box, I'd heartily recommend TCPView. It's capable of printing out information on all connections, their states and what processes they're associated with. Very powerful tool, and I can talk my mom through using it over the phone, even sending my the results via email.
Wow. That's quite a statement. Let's take a look at what the article actually said and what you wrote.
'Anyone that knows anything about embedded systems with high quality requirements...'
Number of occurences of word "embedded": 0.
And since the article wasn't really about embedded systems, let's take a look at the what the article was about. It seems to be not about the imaging devices (x-ray, CAT scan, etc), but the associated controlling devices and archiving systems. In fact, one of the things that the article points to as being a positive step is an effort to patch software in "Used in Medical Information Systems." A medical information system is not a device, but a system designed to provide doctors and other health-care professionals with the information that they need. And by necessity, in today's world, this information needs to be available on windows-based networks. So the answer is not to ban windows, but to place mission-(life-)critical machines into a protected zone, and limit the access to well-defined, protected channels. Which, BTW, is the way it's done in well-run organizations.
Perhaps the moderators should actually read the articles prior to modding up posts from AC's who quite obviously didn't even read the article.
The passive operating system fingerprints are going to prove to be useless in preventing abuse. It boils down to this -- you can't trust any information gained exclusively from the user (even passively).
Writing software to spoof OS characteristics won't prove to be a challenge, esp. when you know what characteristics the other side is trying to detect. I just can't really see this system as bringing any added value at all.
I would question whether they could keep closed any of it being linked to current wine. So if they are not dealing with this now, is there a new funding requirement in their business plan for the lawsuits?
Actually, until they can modify and use GPL'ed code as much as they want internally -- the restrictions don't kick in until they start distributing their product. Until then, give 'em a break, 'cause as of right now there's no cause for complaint.
As a Java programmer, maybe im bias but i really hope that.net doesnt become the de-facto language on the linux client.
.NET is not a languague, but a platform. This would be the same is me saying, "As a C# programmer, maybe im bias but i really hope that J2EE doesnt become the de-facto language on the windows client." Sounds silly, doesn't it?
Light doesn't actually have "color". Color is our perception of the wavelength of the light. There's another article on BBC that explains the experiment in greater detail. Essentially, they didn't actually freeze the photons, ie. made them stop moving, but used a different method to make the photons bounce back and forth in place. So the "color" should have remained the same.
Instead, voters are left to fend for themselves as inept voting officials stumble their way through technology.
So exactly why, in your opinion, are the local voting officials, who had nothing to do with the selection of technology inept? Since when is it a requirement for the people who run the local precints to be experts on computers? The people who order and paid for the system, as well as the company that developed it and didn't stress test it could certainly be labeled as inept, but definitely not the local officials. Cool down.
The author is right in one regard, legislation won't do it. If everyone who is capable of deciphering the email headers to try to track down the originators of SPAM would try to report just one piece of spam to the offender's ISP, it would possibly begin to make a difference. The math is simple -- there are only a certain number of reputable (ie., non spammer-friendly) ISPs. If even 1000 people a day would use the available tools (www.abuse.net for one), and report this junk, eventually spammers will be forced to move to the spam-friendly ISPs. Then it's just a matter of adding the spam-friendly ISP to your favorite black-hole list, and you've just done your little part to stop spam.
Uh, no, actually they can't. MS engineers are specifically prohibited from accessing much open-source software (in specific GPL'ed code), without first obtaining permission from the legal department. This is to avoid "contamination" of their source code base.
I develop regularly in C/C++ (Unix and Windows), Java (J2EE), and PHP, and can't really agree with the author's contentions. J2EE is much superior to PHP for serious web applications -- the students mentioned in the article would have been much happier using WebLogic or jBoss instead of than Oracle.
Of the three, C/C++ is obviously not well suited for developing web-based applications.
PHP is quick and easy, but it suffers from a lack of vision -- it was never designed, and the authors don't really seem to know what they want to do or where they want to go with it (don't even get me started on how it's supposed to be "Object-oriented" now...). IMO, it's much easier to make a mistake in PHP, and code is much less maintainable than equivalent JSP pages -- just try switching from MySQL to Oracle, and you'll see what I mean. I shudder whenever I hear the words PHP and enterprise in the same sentence.
Never thought it'd happen, but I'm rooting for the squatter... if there's a group worse than spammers and domain squatters, it's Verisign. Just on a whim, I typed in a non-existent domain name, and sure enough, found myself on their page. Take a look at the "Terms of Use". Sections 2 and 14 are really telling:
2. You may have accessed the VeriSign Service(s) by initiating a query to our DNS resolution service for a nonexistent domain name.
14. By using the service(s) provided by VeriSign under these Terms of Use, you acknowledge that you have read and agree to be bound by all terms and conditions here in and documents incorporated by reference.
I'm not sure how the came up with the fact that I, the end user, made a query to their DNS server. In fact, I did not. My ISP may be using their services, but I personally have no legal relationship with Verisign whatsoever. My ISP may be using their services, but that in no way establishes a relationship between myself and Verisign. IMO, unless you're querying Verisign directly, their terms of use cannot possibly apply -- which means that they apply to almost noone. I would challenge them to show any log that shows my IP address accessing their service. If they can't, then I did not in fact access their service.
And what's worse is the implication that I can bound by "Terms of Use" that I have never seen, based on the assumption that I made the query, when in fact the query mas made to a DNS server at my ISP (and again, I don't really care how my ISP handles that request as long as it sends me the requested info.
I don't agree with the author's conclusions. Any person registering a domain name in.com is explicitly saying that they are a commercial organization, hence there should be no expectation of personal privacy. The solution is to set up another TLD explicity for individuals, since.org,.net and so on are not really appropriate either. It is necessary for all.com registrations to have valid and public registration info available, without this the level of fraud would be even worse than it is today. I have no sympathy for anyone who registers a.com domain name, and is not actually representing a business.
If you want the physical analogy, it would be having the right to sell your propery - only it is biometrically locked to you. And you have a company that can modify that lock, only they refuse to do so stating they have no legal obligation to help. Do you think that would be acceptable?
It would absolutely be acceptable. Sales of used items are generally "as is", and it's up to the buyer and seller to agree as to what warranty is to be provided, who bears the cost of transferring (think about buying a used car and paying for the title transfer), and so on. If a particular piece of property is tied to a particular identity by a deed, title or some other mechanism, then someone must bear the cost of transferring said title, and it almost certainly won't be the original producer of the goods. IMHO, Apple is under no obligation to facilitate transferral of the goods -- it's actually not significant at all that the goods will be worthless unless Apple does so.
It would be a pretty simple matter to simply add a bogus data at the beginning of the MP3 file, which would get skipped by the player and have no effect at all on how the file sounds. In fact, this is how ID3 version 2 tags work. The ID3V2 tag is added to the beginning of the MP3 file, and since it doesn't have an audio sync signal, the player will skip until it finds it. This would more than invalidate RIAA's library of MD5 hashes.
Of course, if two people change the same file differently, file sharing programs won't be able to match them either...
Why should this surprise you? Large corporations tend to act completely honestly only when they feel they won't be caught -- remember Enron, Worldcom, Xerox, and so on? It only takes a few people to sign on and say "let's use a spam mailer" for advertising. All in all, larger corporations do get caught up in spam, because it doesn't require organizational dishonesty, but rather individual dishonesty with a lower likelyhood of being caught.
Uh, sorry, but according to the arcticle, it's not a sales tax. It's a tax that will be applied each year to the value of the network equipment -- please note this quote from the article:
"Computer networks would be taxed at that percent on either annual lease payments or depreciation"
That definitely implies that it's not just a once-off tax, but a recurring one.
Now, MS is closing their end. Hypocrisy at it's finest!
Where do you read in any of the articles that it's being "closed" -- but I suppose if you just read the comments from other posters that's the impression you get. All MS wants is to formalize the relationship between itself and third-party clients that use its service. MS never said that it wanted AOL to open up for free. Is it right that commercial services like Trillian make money by piggy-backing on top of the service without paying for that access - I would submit that it is not. The absolute best model would be for the companies producing commercial clients to pay their way, open-source non-commercial clients should get a free license.
Actually, the thing that bugs me most about most of the automatically generated virus warnings that I'm seeing is that they almost never provide info on the originating IP address. If I at least have that, I can try to warn people if I recognize a particular address...
The problem with automating this system is what about false positives? There's a difference between patterns being identified by humans and patterns being identified by computers.
Sorry, Charlie, but humans are just as capable of being wrong as computers. A pit boss can guess that somebody's counting cards with a pretty high probability of being right, just like a well-programmed pattern recognition system. Case in point -- remember the "MIT Blackjack Team" (Wired article). A single pit boss simply will not catch the more sophisticated attacks.
So, by commenting, you're saying that you're 'eurotrash'? <flame>Or are you just an asocial acne-ridden high-school student staying up late in the hopes of being able to insult as many people as possible.</flame> I'm an American who has lived overseas more than eight years, and feel it my duty to point out that not all people from the US are idiots. A lot (including the original poster) are, but not all. In fact, to show your patriotism, you should:
immediately delete all software from your computer that was not written 100% by Americans (say goodbye to linux, blender, apache, etc...)
immediate stop using all components not 100% produced by US manufacturers
implement a/. filter that keeps all non-US readers from being able to comment on "American" stories.
Re:Why can't it be more like Linux?
on
Absolute OpenBSD
·
· Score: 2, Funny
The default install doesn't include emacs, so you'll have to suffer through vi.
Or just make it available as a Samba mount, and use notepad on your favorite windows box...
Slashdot Mirror
Chapter Four is about using common tools, like Ethereal, Netstat...
If you're talking about Joe User, you need to stick to what works under Windows. Last time I checked, Ethereal on win32 platforms only worked on LAN (eth) adapters and not dialup connections. If you've got a cable modem or DSL hooked up via an ethernet adapter, then it's a viable option. I'll agree about netstat, but I really don't think I'd be able to teach my a non-technical person how to interperet the output -- even given a book with examples, a non-techie really doesn't stand much chance tracing down what programs have what ports open.
As far as monitoring open connections on a win32 box, I'd heartily recommend TCPView. It's capable of printing out information on all connections, their states and what processes they're associated with. Very powerful tool, and I can talk my mom through using it over the phone, even sending my the results via email.
Wow. That's quite a statement. Let's take a look at what the article actually said and what you wrote.
'Anyone that knows anything about embedded systems with high quality requirements...'
Number of occurences of word "embedded": 0.
And since the article wasn't really about embedded systems, let's take a look at the what the article was about. It seems to be not about the imaging devices (x-ray, CAT scan, etc), but the associated controlling devices and archiving systems. In fact, one of the things that the article points to as being a positive step is an effort to patch software in "Used in Medical Information Systems." A medical information system is not a device, but a system designed to provide doctors and other health-care professionals with the information that they need. And by necessity, in today's world, this information needs to be available on windows-based networks. So the answer is not to ban windows, but to place mission-(life-)critical machines into a protected zone, and limit the access to well-defined, protected channels. Which, BTW, is the way it's done in well-run organizations.
Perhaps the moderators should actually read the articles prior to modding up posts from AC's who quite obviously didn't even read the article.
"Just so long as they also bring back the mini-skirted 1960s era women..."
Otherwise known as the Austin Powers series...
The passive operating system fingerprints are going to prove to be useless in preventing abuse. It boils down to this -- you can't trust any information gained exclusively from the user (even passively).
Writing software to spoof OS characteristics won't prove to be a challenge, esp. when you know what characteristics the other side is trying to detect. I just can't really see this system as bringing any added value at all.
I would question whether they could keep closed any of it being linked to current wine. So if they are not dealing with this now, is there a new funding requirement in their business plan for the lawsuits?
Actually, until they can modify and use GPL'ed code as much as they want internally -- the restrictions don't kick in until they start distributing their product. Until then, give 'em a break, 'cause as of right now there's no cause for complaint.
As a Java programmer, maybe im bias but i really hope that .net doesnt become the de-facto language on the linux client.
.NET is not a languague, but a platform. This would be the same is me saying, "As a C# programmer, maybe im bias but i really hope that J2EE doesnt become the de-facto language on the windows client." Sounds silly, doesn't it?
Light doesn't actually have "color". Color is our perception of the wavelength of the light. There's another article on BBC that explains the experiment in greater detail. Essentially, they didn't actually freeze the photons, ie. made them stop moving, but used a different method to make the photons bounce back and forth in place. So the "color" should have remained the same.
Instead, voters are left to fend for themselves as inept voting officials stumble their way through technology.
So exactly why, in your opinion, are the local voting officials, who had nothing to do with the selection of technology inept? Since when is it a requirement for the people who run the local precints to be experts on computers? The people who order and paid for the system, as well as the company that developed it and didn't stress test it could certainly be labeled as inept, but definitely not the local officials. Cool down.
The author is right in one regard, legislation won't do it. If everyone who is capable of deciphering the email headers to try to track down the originators of SPAM would try to report just one piece of spam to the offender's ISP, it would possibly begin to make a difference. The math is simple -- there are only a certain number of reputable (ie., non spammer-friendly) ISPs. If even 1000 people a day would use the available tools (www.abuse.net for one), and report this junk, eventually spammers will be forced to move to the spam-friendly ISPs. Then it's just a matter of adding the spam-friendly ISP to your favorite black-hole list, and you've just done your little part to stop spam.
They can still access all the technology ...
Uh, no, actually they can't. MS engineers are specifically prohibited from accessing much open-source software (in specific GPL'ed code), without first obtaining permission from the legal department. This is to avoid "contamination" of their source code base.
I develop regularly in C/C++ (Unix and Windows), Java (J2EE), and PHP, and can't really agree with the author's contentions. J2EE is much superior to PHP for serious web applications -- the students mentioned in the article would have been much happier using WebLogic or jBoss instead of than Oracle.
Of the three, C/C++ is obviously not well suited for developing web-based applications.
PHP is quick and easy, but it suffers from a lack of vision -- it was never designed, and the authors don't really seem to know what they want to do or where they want to go with it (don't even get me started on how it's supposed to be "Object-oriented" now...). IMO, it's much easier to make a mistake in PHP, and code is much less maintainable than equivalent JSP pages -- just try switching from MySQL to Oracle, and you'll see what I mean. I shudder whenever I hear the words PHP and enterprise in the same sentence.
From the article:
Typically, Internet users are shown a generic "404 -- cannot be found" page when a Web address does not exist.
Sooooo, if the web server can't be found, who's sending the HTTP 404 response (which incidentally means that a file on a server doesn't exist...)?
Never thought it'd happen, but I'm rooting for the squatter... if there's a group worse than spammers and domain squatters, it's Verisign. Just on a whim, I typed in a non-existent domain name, and sure enough, found myself on their page. Take a look at the "Terms of Use". Sections 2 and 14 are really telling:
2. You may have accessed the VeriSign Service(s) by initiating a query to our DNS resolution service for a nonexistent domain name.
14. By using the service(s) provided by VeriSign under these Terms of Use, you acknowledge that you have read and agree to be bound by all terms and conditions here in and documents incorporated by reference.
I'm not sure how the came up with the fact that I, the end user, made a query to their DNS server. In fact, I did not. My ISP may be using their services, but I personally have no legal relationship with Verisign whatsoever. My ISP may be using their services, but that in no way establishes a relationship between myself and Verisign. IMO, unless you're querying Verisign directly, their terms of use cannot possibly apply -- which means that they apply to almost noone. I would challenge them to show any log that shows my IP address accessing their service. If they can't, then I did not in fact access their service.
And what's worse is the implication that I can bound by "Terms of Use" that I have never seen, based on the assumption that I made the query, when in fact the query mas made to a DNS server at my ISP (and again, I don't really care how my ISP handles that request as long as it sends me the requested info.
- mismatched <span> tags
- mismatched <li> </li> tags
- <li> tags outside of <ul> or <ol> blocks
- mismatched <td>/</td> tags
- use of unapproved <nobr> tags (but without </nobr> closing tags)
Netscape 7 renders it OK, but all in all, I'm amazed that any browswer could, especially with the mismatched <td> </td> tags.I don't agree with the author's conclusions. Any person registering a domain name in .com is explicitly saying that they are a commercial organization, hence there should be no expectation of personal privacy. The solution is to set up another TLD explicity for individuals, since .org, .net and so on are not really appropriate either. It is necessary for all .com registrations to have valid and public registration info available, without this the level of fraud would be even worse than it is today. I have no sympathy for anyone who registers a .com domain name, and is not actually representing a business.
If you want the physical analogy, it would be having the right to sell your propery - only it is biometrically locked to you. And you have a company that can modify that lock, only they refuse to do so stating they have no legal obligation to help. Do you think that would be acceptable?
It would absolutely be acceptable. Sales of used items are generally "as is", and it's up to the buyer and seller to agree as to what warranty is to be provided, who bears the cost of transferring (think about buying a used car and paying for the title transfer), and so on. If a particular piece of property is tied to a particular identity by a deed, title or some other mechanism, then someone must bear the cost of transferring said title, and it almost certainly won't be the original producer of the goods. IMHO, Apple is under no obligation to facilitate transferral of the goods -- it's actually not significant at all that the goods will be worthless unless Apple does so.
Banning list-generation software seems a bit heavy-handed, doesn't it...
Yep... don't know how our Australian friends are going to get by without grep.
It would be a pretty simple matter to simply add a bogus data at the beginning of the MP3 file, which would get skipped by the player and have no effect at all on how the file sounds. In fact, this is how ID3 version 2 tags work. The ID3V2 tag is added to the beginning of the MP3 file, and since it doesn't have an audio sync signal, the player will skip until it finds it. This would more than invalidate RIAA's library of MD5 hashes.
Of course, if two people change the same file differently, file sharing programs won't be able to match them either...
Why should this surprise you? Large corporations tend to act completely honestly only when they feel they won't be caught -- remember Enron, Worldcom, Xerox, and so on? It only takes a few people to sign on and say "let's use a spam mailer" for advertising. All in all, larger corporations do get caught up in spam, because it doesn't require organizational dishonesty, but rather individual dishonesty with a lower likelyhood of being caught.
Uh, sorry, but according to the arcticle, it's not a sales tax. It's a tax that will be applied each year to the value of the network equipment -- please note this quote from the article:
"Computer networks would be taxed at that percent on either annual lease payments or depreciation"
That definitely implies that it's not just a once-off tax, but a recurring one.
Now, MS is closing their end. Hypocrisy at it's finest!
Where do you read in any of the articles that it's being "closed" -- but I suppose if you just read the comments from other posters that's the impression you get. All MS wants is to formalize the relationship between itself and third-party clients that use its service. MS never said that it wanted AOL to open up for free. Is it right that commercial services like Trillian make money by piggy-backing on top of the service without paying for that access - I would submit that it is not. The absolute best model would be for the companies producing commercial clients to pay their way, open-source non-commercial clients should get a free license.
Actually, the thing that bugs me most about most of the automatically generated virus warnings that I'm seeing is that they almost never provide info on the originating IP address. If I at least have that, I can try to warn people if I recognize a particular address...
The problem with automating this system is what about false positives? There's a difference between patterns being identified by humans and patterns being identified by computers.
Sorry, Charlie, but humans are just as capable of being wrong as computers. A pit boss can guess that somebody's counting cards with a pretty high probability of being right, just like a well-programmed pattern recognition system. Case in point -- remember the "MIT Blackjack Team" (Wired article). A single pit boss simply will not catch the more sophisticated attacks.
The default install doesn't include emacs, so you'll have to suffer through vi.
Or just make it available as a Samba mount, and use notepad on your favorite windows box...