I wonder if they realize they are only going to sell a handful of these things... The first guy to get one of these printers is just going to print up more printers for his friends...
Really? How is this situation any different from you, say, creating a rude website that mocks and degrades a local merchant because of his racial background... and then show up at his store, expecting the man you just maligned to serve you with a smile?
The owner of a private business has the right to refuse serivice to anyone, unless it was for one of the protected discrimination categories. I.e. he can keep out someone he's had a personal issues with, but not all people of a particular color.
You'd get yourself thrown out of the store, and perhaps arrested if you persisted.
Yes, it's called trespassing.
Same situation here. What makes this case different - the fact that this is a public institution?
Yup.
Why should that give you, or anyone else, the right to abuse the employees and expect them to simply take it and continue to provide you with whatever services you demand?
Because they don't own the school, the taxpayers do. And who said anyone had the right to abuse the employees? As I said, the pricipal probably had grounds for legal action as an individual. But as long as the student isn't disrupting school, there is no reason to kick him out.
Or, put another way, how is this different from you creating a website making fun of the President of the U.S.? What gives you the right to abuse federal employees? Why shouldn't George W. have you kicked out of the country? Do you expect him to go on paying your social security benefits with a smile?
I'm not talking about appeals. I'm talking about things like... well, distributing pictures of the principal having sex with Marge Simpson.
Homer Simpson. (Doh! MMmmmmm. Floor Pie!)
Repeatedly talking about their penis in the classroom. Making a hobby of reducing a girl in the room to tears. Free speech, yes.
Hmm... no, sounds like disrupting class and harrasment to me, not free speech.
What's the last resort a teacher has with a recalcitrant student?
Boot them out of class if they do it in class.
Or a principal? Recalcitrant principal? Sue them, apparantly. A number of people posting to this thread seem to have the right idea. The principal abused his power by taking an issue outside of school, and making it a school issue. He should have pursued legal recourse outside of the school.
Nothing,
Nothing if they do it outside of school.
institution. I won't ever teach in a public school unless I have an darn near unconditional right to say who gets to stay in my classroom.
Say, because you don't like something they did outside of school?
Free Speech is guaranteed to citizens in law. Free education isn't an unalienable right;
It's not in the list of inalienable rights. However, I have no choice about paying taxes to fund education, and I'm required by law to make sure my kids attend some sort of school. That's a pretty strong endorsement from the law in my mind that we're supposed to receive an education.
I have no sympathy for teachers (principal in this case) who aren't willing to give kids the rights they are entitled to, in order to make their jobs easier. I do have sympathy for what people get paid in the public school system, and I appreciate their sacrifice. Not enough to let them trample people's rights, though.
A creationist could simply say that God chose to create us with DNA containing similar components from other living things.
Right. If God wants to make our DNA look like monkeys, there's nothing to stop him. If God wants to plant dinosaur fossils even if they never existed, then that's within the power of the concept of God. If God controls reality, physics, etc.. then any attempts to prove anything while residing in that framework are futile. Theres nothing to suggest that God didn't use the process of evolution to create Man, working at whatever speed he likes.
The analogy I like to use is that of root and an unprivileged user. Any attempts by a normal user to draw a conclusion about root by reading the logs are doomed to failure. Root can modify the logs.
And here is the central question. Or more accurately, the central question is whether virtual child porn encourages people to produce more real child porn or to abuse real children.
The article also mentions the problem for law enforcement in determining if the pictures are real or generated. Not saying I have an opinion on the subject one way or the other, but I think that's also a central question.
Were you disagreeing with something I said, or what Weld said?
I simply said that Elias would post advisories that are useful. I never said that the AOL advisory was. I believe Elias posted it as an example of a "problem" advisory, not that he felt it was in the right shape to go through. That's why it was attached to an administrivia message rather than sent through on its own.
Bugtraq isn't going away. If it becomes illegal to run it in the US, we have contingency plans. If it becomes illegal to read it in the US, then that risk is up to the US readers to assume.
I don't think anyone can accuse @stake of being anti full-disclosure.
Second, no individual or group has been "banned". Elias decides what to allow on a per-post basis. If someone sends a message without any detail, he won't allow it, as indicated. Doesn't matter if it's Microsoft, the L0pht, or me. If someone sends a message with some good detail, he will let it through.
Don't forget that Bugtraq is an e-mail list. People want to read the stuff in e-mail format. If folks want to see bugs on the web, they can look at our vulnerability database, or visit the MS or @stake website.
I often think about this. I wonder what they would do in such a case. Shoting the guy that invented the factorisation stuff would be an obvious start, then hiring everyone on a path to the solution and making them work in such a way that they never find it. And probably killing the coders that implemented the cracking algorithms.
Yes, I enjoyed the movie "Sneakers" too.
If one invents a method to factor numbers in less than NP time (or prove P=NP) then post it to Bugtraq or Slashdot. The feds could never stuff it back in the bag, then.
While all you say may be true, some guy going by Dimitri did hack a couple of MS servers using the Unicode hole. Not a terribly impressive hack, but he tracked down a couple of MS servers that were vulnerable, and placed a couple of files.
I was given a copy of a small log that Dimitri shared with the IDG reporter. Egg.microsoft.com was not one of the servers mentioned.
And yes, the exploit was nearly identical to one of the lines you mentioned above.
(The IDG reporter said I couldn't share the log, sorry. Though it's possible that restriction might be gone now that the story has been published. The Infoworld story is a reprint of the IDG story that broke on Friday. Strangely enough, I didn't actually say the first sentence attributed to me in the article.)
So, you'd rather have them all using private tools, rather than the public ones that everyone can get their hands on to examine, and write IDS signatures for?
Very few novice Redhat 6 users, myself included, actively monitor the security problems addressed at bugtraq or securityfocus
Then perhaps you should. Heck, if you don't have the time to wade through Bugtraq, then subscribe to your distro vendors security notification list. They're typically only a day or two behind us. Or install our pager app, and configure it to mail you when one something you're running has an advisory released for it.
Or if you just refuse to watch for patches, then run OpenBSD. It's not totally perfect, but it will allow to you be a lot less vigilent than most other OSes.
Or do like most of the world, and wait until you get nailed. When you recover, apply all the security patches at the time as well, while security has your attention.
DO NOT post exploits to the general public; insist that securityfocus, bugtraq, and others only allow legitimate developers to view them.
Exploits serve many more people than just the attackers, and there is no such thing as a list of "legitmate developers".
Realize the useability and security go hand in hand
Clearly, the person was making reference to the fact that the link looks quite similar to the goatsex domain. That was the first thing I thought of, too. Too much/.
Slashdot Mirror
Now there's a strange thought.. presumably, condoms would be a workable substrate for circuits.
"Um... no... that's not a webcam printed on my condom, or something.."
I wonder if they realize they are only going to sell a handful of these things... The first guy to get one of these printers is just going to print up more printers for his friends...
Trojan hardware.
Really? How is this situation any different from you, say, creating a rude website that mocks and degrades a local merchant because of his racial background... and then show up at his store, expecting the man you just maligned to serve you with a smile?
The owner of a private business has the right to refuse serivice to anyone, unless it was for one of the protected discrimination categories. I.e. he can keep out someone he's had a personal issues with, but not all people of a particular color.
You'd get yourself thrown out of the store, and perhaps arrested if you persisted.
Yes, it's called trespassing.
Same situation here. What makes this case different - the fact that this is a public institution?
Yup.
Why should that give you, or anyone else, the right to abuse the employees and expect them to simply take it and continue to provide you with whatever services you demand?
Because they don't own the school, the taxpayers do. And who said anyone had the right to abuse the employees? As I said, the pricipal probably had grounds for legal action as an individual. But as long as the student isn't disrupting school, there is no reason to kick him out.
Or, put another way, how is this different from you creating a website making fun of the President of the U.S.? What gives you the right to abuse federal employees? Why shouldn't George W. have you kicked out of the country? Do you expect him to go on paying your social security benefits with a smile?
I'm not talking about appeals. I'm talking about things like ... well, distributing pictures of the principal having sex with Marge Simpson.
Homer Simpson. (Doh! MMmmmmm. Floor Pie!)
Repeatedly talking about their penis in the classroom. Making a hobby of reducing a girl in the room to tears. Free speech, yes.
Hmm... no, sounds like disrupting class and harrasment to me, not free speech.
What's the last resort a teacher has with a recalcitrant student?
Boot them out of class if they do it in class.
Or a principal?
Recalcitrant principal? Sue them, apparantly. A number of people posting to this thread seem to have the right idea. The principal abused his power by taking an issue outside of school, and making it a school issue. He should have pursued legal recourse outside of the school.
Nothing,
Nothing if they do it outside of school.
institution. I won't ever teach in a public school unless I have an darn near unconditional right to say who gets to stay in my classroom.
Say, because you don't like something they did outside of school?
Free Speech is guaranteed to citizens in law. Free education isn't an unalienable right;
It's not in the list of inalienable rights. However, I have no choice about paying taxes to fund education, and I'm required by law to make sure my kids attend some sort of school. That's a pretty strong endorsement from the law in my mind that we're supposed to receive an education.
I have no sympathy for teachers (principal in this case) who aren't willing to give kids the rights they are entitled to, in order to make their jobs easier. I do have sympathy for what people get paid in the public school system, and I appreciate their sacrifice. Not enough to let them trample people's rights, though.
You poor bastard.
A creationist could simply say that God chose to create us with DNA containing similar components from other living things.
Right. If God wants to make our DNA look like monkeys, there's nothing to stop him. If God wants to plant dinosaur fossils even if they never existed, then that's within the power of the concept of God. If God controls reality, physics, etc.. then any attempts to prove anything while residing in that framework are futile. Theres nothing to suggest that God didn't use the process of evolution to create Man, working at whatever speed he likes.
The analogy I like to use is that of root and an unprivileged user. Any attempts by a normal user to draw a conclusion about root by reading the logs are doomed to failure. Root can modify the logs.
If it were possible to kill off old, bad standards then we would have shot FTP in the head and left it to rot in a ditch long ago.
And here is the central question. Or more accurately, the central question is whether virtual child porn encourages people to produce more real child porn or to abuse real children.
The article also mentions the problem for law enforcement in determining if the pictures are real or generated. Not saying I have an opinion on the subject one way or the other, but I think that's also a central question.
You mean like this one?
http://project.honeynet.org/papers/worm/
It's a troll I'm sure, but I might as well point out that Redhat has up2date, which is similar to the WindowsUpdate service.
For which, the Ramen worm? It also uses the LPD hole, in RH7.0. Check out this comment:2 35&cid=12 by the guy who posted a well-done analysis to the incidents list.
http://slashdot.org/comments.pl?sid=01/01/17/1836
Like this one? :)
http://www.securityfocus.com/news/134
Not so insightful...
Were you disagreeing with something I said, or what Weld said?
I simply said that Elias would post advisories that are useful. I never said that the AOL advisory was. I believe Elias posted it as an example of a "problem" advisory, not that he felt it was in the right shape to go through. That's why it was attached to an administrivia message rather than sent through on its own.
Bugtraq isn't going away. If it becomes illegal to run it in the US, we have contingency plans. If it becomes illegal to read it in the US, then that risk is up to the US readers to assume.
Geeze... people would love to create a war where there is none.
First of all, you can see Weld's reply to Elias' post here:
http://www.securityfocus.com/archive/1/150706
I don't think anyone can accuse @stake of being anti full-disclosure.
Second, no individual or group has been "banned". Elias decides what to allow on a per-post basis. If someone sends a message without any detail, he won't allow it, as indicated. Doesn't matter if it's Microsoft, the L0pht, or me. If someone sends a message with some good detail, he will let it through.
Don't forget that Bugtraq is an e-mail list. People want to read the stuff in e-mail format. If folks want to see bugs on the web, they can look at our vulnerability database, or visit the MS or @stake website.
I often think about this. I wonder what they would do in such a case. Shoting the guy that invented the factorisation stuff would be an obvious start, then hiring everyone on a path to the solution and making them work in such a way that they never find it. And probably killing the coders that implemented the cracking algorithms.
Yes, I enjoyed the movie "Sneakers" too.
If one invents a method to factor numbers in less than NP time (or prove P=NP) then post it to Bugtraq or Slashdot. The feds could never stuff it back in the bag, then.
There was a thread about this on the vuln-dev list as well:
hacksdmi?
It was a, umm... honeypot. Yeah, that's it! Script kiddies just can't get enough of the chat server hacking.
We weren't wasting time, or hacking cyber sex, or um.. something.
While all you say may be true, some guy going by Dimitri did hack a couple of MS servers using the Unicode hole. Not a terribly impressive hack, but he tracked down a couple of MS servers that were vulnerable, and placed a couple of files.
I was given a copy of a small log that Dimitri shared with the IDG reporter. Egg.microsoft.com was not one of the servers mentioned.
And yes, the exploit was nearly identical to one of the lines you mentioned above.
(The IDG reporter said I couldn't share the log, sorry. Though it's possible that restriction might be gone now that the story has been published. The Infoworld story is a reprint of the IDG story that broke on Friday. Strangely enough, I didn't actually say the first sentence attributed to me in the article.)
Search engine isn't particularly broken..but you probably want the vulnerability DB anyway:
n dor=OpenBSD&title=&version=any&g t; http://securityfocus.com/vdb/middle.html?vendor=Op enBSD&title=&version=any/A&g t;
A HREF="http://securityfocus.com/vdb/middle.html?ve
So, you'd rather have them all using private tools, rather than the public ones that everyone can get their hands on to examine, and write IDS signatures for?
OK, I'll feed the troll....
Very few novice Redhat 6 users, myself included, actively monitor the security problems addressed at bugtraq or securityfocus
Then perhaps you should. Heck, if you don't have the time to wade through Bugtraq, then subscribe to your distro vendors security notification list. They're typically only a day or two behind us. Or install our pager app, and configure it to mail you when one something you're running has an advisory released for it.
Or if you just refuse to watch for patches, then run OpenBSD. It's not totally perfect, but it will allow to you be a lot less vigilent than most other OSes.
Or do like most of the world, and wait until you get nailed. When you recover, apply all the security patches at the time as well, while security has your attention.
DO NOT post exploits to the general public; insist that securityfocus, bugtraq, and others only allow legitimate developers to view them.
Exploits serve many more people than just the attackers, and there is no such thing as a list of "legitmate developers".
Realize the useability and security go hand in hand
Actually, they're quite in opposition.
Why troll?
/.
Clearly, the person was making reference to the fact that the link looks quite similar to the goatsex domain. That was the first thing I thought of, too. Too much