Do you own a SideKick and live in the States? If yes, why aren't you suing?
T-Mobile's negligence is a civil matter, not a criminal one. You want to punish them then sue or don't buy their junk. The other alternative is to get your State or the federal government to enact legislation that would impose criminal penalties for having lax security. Good luck with that. Suing stands a better chance.
Another idea would be to cancel your SideKick and not pay the penalty. If they threaten to collect then have a lawyer threaten to countersue since they provided a defective service. Heck, I have no idea how these contracts run but if there was an upfront fee to pay you could cancel and demand that back for them. Hell, maybe have them buy the phone back from you.
Again, as there are no laws criminalizing T-Mobile's practices this falls squarely under civil law. If you have standing and want them punished then it is up to you to take the steps.
There's plenty of people out there who hold off on college due to lack of funds or they need a couple of years to grow up and leverage their education. Seems like he falls squarely into the latter category. Heck, he can join the military, put in four years and get his college tuition paid for by the government.
And what intelligence are we talking about here? I'm not seeing him using some zero-day to crack Hilton's phone. Or some way to cleverly hide his tracks from the phone company when calling in a ****bomb threat****. There are plenty of people with his intelligence that wind up doing squat for whatever reason. Most of them probably have had the foresight and morale fiber to not call in a bomb threat. If the world isn't lamenting or raising a finger to get them a helping hand then why should it invest any effort to help this kid out? Because his "antics" have made him (in)famous?
The only way this punishment ruins his life is because he let's it ruin his life.
No. The kid was old enough to know right from wrong. Period. He made multiple decisions with the full knowledge that they were wrong and merited punishment if he were caught. Well, he got caught.
Now, as for punishing T-Mobile. How about... Don't buy their insecure shit? How about.... Have Snoop Dogg and Paris sue them? Or have all the SideKick users out there file a class-action.
The biggest fallacy in your PC/Gun comparison is that the gun is obviously dangerous in society's eyes and the computer is never going to be due to all the legitimate legal uses it has. I don't have to lock up my hammer or hedge trimmer. Somebody's kid could set another on fire with a can of Off and Zippo. Does that mean I have to have a nozzle lock on insect repellant?
Damn straight the kid is going to get blamed. And rightfully so. That doesn't preclude the SideKick customers from punishing T-Mobile by filing suit or dropping their contracts. Isn't going to be me because, as I don't own a SideKick, I have no standing to take action against T-Mobile.
It's two years, not two decades. If the kid needs to learn Calc he can *gasp* read a book. Need to write a paper? He can hire someone to transcribe it or dictate too. Need to stay current on the news? He can buy a newspaper. Want to listen to some music? He can turn on the radio or put in a CD.
I don't see how his life is suddenly derailed by that part of his punishment. Mitnick had to be without those things for a longer period of time and has been able to bring himself up to speed on current technology. If the kid wants to continue working on computers after his punishment nothing is stopping him.
Good for you. I'm glad that your sacrifice has enhanced your self-esteem and contributed to your journey towards self-actualization. Your contribution and opinion on the current state of successful network programming, while slightly off-topic due to the story being centered on an appliance to facilitate television viewing, is noted.
However I will politely refrain from foregoing my current television habit having trained myself to avoid the s**t and viewing fare I find worthwhile (which most people would consider to be boring s**t but I digress.) I'm definitely not considering giving up television while on the treadmill during winter. But that's just me.
Thanks. His name was on the tip of my tounge but I just couldn't remember it. The BayWatch reference was deliberate to connotate how acting poor that movie was. Kitt had more emotional range to work off of than anybody on Nick Fury: Agent of Shield.
1998 was it really so long ago? I thought SciFi was hyping it up just last year.
You didn't even RTFA. The exact scenerio brought up was that if someone filed a patent lawsuit against a GPL'd program the plaintiff would not be able to use said program. More than likely the idea would be that you can't use the code within their own proprietary and competing product. I particuliarly like the comment afterward stating that such a clause would probably be toothless.
But more importantly, you haven't seen even one proposed draft, not one single line of the proposed license and you are "considering" becoming part of some anti-GPL revolt or whatever over some spontaneous, reactionary/. fact devoid groupthink? I stand bewildered.
Let the "Flower, you must be new here" jokes commence.
Who has taken away his freedonm to code? Nothing prevents him from continuing to pound away at BSD code until the day he dies. It, just like GPL'd code, is open forever.
Taking BSD code and incorporating it into a proprietary product comes at a price. No more free development. You have to build a community from scratch. Still have to compete with an exisiting free product. Yeah MS has taken BSD code but big deal. The stuff that differentiates their product from OSS is their own code. Once again you're focusing on the tiny bottle of tabasco in Microsoft's MRE instead of focusing on the MSS Active Directory, MSS MSSQL, MSS Exchange and MSS XP.
Oh and as for content-free gestures. CARP provides a patent unencumbered alternative to VRRP that is not only more scalable but also more secure. Vorbis - patent free and saving game creators big bucks because it can be implemented free under a BSD license.
Oh for fuck's sake! Hey, how about we blame the real "enemy of freedom" and just point the finger at all those programmers who whore themselves out for a paycheck and decent stock options? How about we all start acting like pod people and start screeching at any Tom, Dick or Harry we find using Windows? Afterall, Billy G wouldn't have shit if they didn't pay MS througb the nose for that EVIL software.
Compared to those two A-bombs the BSD license is a gentle summer breeze. CARP, OpenSSH, and Vorbis are just a miniscule example of some of the good that's come out of people who have used the BSD license.
And this means what? The goals of the BSD license are not the goals of the GPL. There is nothing wrong with that. From everything I can tell people who write BSD licensed code do so because the license is simple and they want the code used. Period. Complex licensing, which for some people the GPL falls under, is a hassle to deal with and just interfers with getting the work done.
And note that there are circumstances where it is advantageous to use a simpler and less restrictive license than the GPL. Vorbis is a prime example. IIRC, the codec is BSD and the utilities are GPL'd. The developers wanted to promote Vorbis and to succeed at that they asked RMS to approve of the move to a less restrictive license. If it's good enough for RMS...
Some people might take offense but I can also bring up the need for creating the LGPL. Or how about all those binary drivers in linux. Suuuure the developers won't support them but they aren't frowned upon either because it's practical to have them. Heck, again iirc (I really need to find that cite again. I originally saw it mentioned somewhere while reading some stuff on OpenBSD), there's a SPARC platform supported by linux that uses a closed binary. And quite honestly most of the work I've seen towards getting vendors to open up stuff has been coming from the BSD crowd lately.
And finally, as has already been mentioned, Apple has been giving source back from Darwin.
First, nobody has yet attacked via this vector.That you know of...There are no examples of concept code out there.That you know of...Had someone exploited this vector, then it makes sense to educate the public that it exists and why.If I know about it I can keep an eye on my neck of the woods, implement workarounds as I deem necessary and sound the alert if I see it in the wild...Until then, I think the moral thing would be to STFU.I think the moral thing is to not keep me ignorant but that's just me.Cisco has a right to be angry (though not to use heavy-handed tactics). Cisco's emotional state is really not my problem. The network I admin using their products is.
From what I can gather and I'm no genius, so don't quote me on it.
Lynn seems to have found a way to get a shell on any version of IOS that is vulnerable to an overflow be it stack (which appears to be rare) or on the heap. The problem with exploiting an overflow on the heap is that Cisco deploys a watchdog which forces a software reboot of the device if it finds that the heap has been messed with.
Going deeper in his presentation it appears that Lynn found a way to kill the watchdog and keep the router from rebooting itself. With the time now bought by doing this one can setup a TTY and get a shell to take over the device. That appears to be the kicker over previous exploits that I've seen with Cisco kit. This isn't a DoS it is a remote root.
Ok, my flame-retardant Scoobies are properly in place, tag in back. Anything I have gotten wrong please feel free to correct with whatever amount of vitrol is deemed appropriate.
Ok, exactly what law did he break? The more information that we get about the situation it becomes more and more evident that Mr. Lynn broke no law.
You can't bring up the injunction. That means nothing since the suit was settled. Mr. Lynn did not have to make any admission of wrong-doing nor pay restitution. More than likely Lynn's lawyer brought up how much it would cost to defend himself and Mr. Lynn decided that it would be better to keep making car and house payments than fight in the courts.
And it doesn't even matter that he can't talk about it any longer. The presentation hit BlackHat. I'm over here in the Mid-West and a printout of his slides are hanging outside my cube wall for any of my co-workers to go over. The stuff I'm not getting is being talked about on various blogs and I can just follow the trail of links to educate myself on what this exactly means. So where is the great admission of guilt in the injunction? Nowhere. The injunction is nothing but a PR wash for Cisco.
So what about the FBI investigation? Where are the charges? Where's the conviction? Taking his stuff and following up on Cisco's complaint is SOP for the FBI. I'm not seeing any law breaking here.
Until you've got something a heck of a lot more specific than "he broke the law and there are consequences for that" we don't have much to talk about because that axiom just isn't flying currently.
The negative to anonymity is that immature or socially maladjusted individuals can destroy the signal to noise ratio in a forum with impunity. The criteria you are "distinguishing" by isn't even relevent in the example shown. The hypothetical tool crying faggot to everyone is not providing unpleasant information. He is purposefully inciting the people around him. Mr. Tool is abusing his freedom of expression and in the non-anonymous setting a variety of social pressures can be applied against him to correct or remove his behavior ranging from ostricizing him, publically deriding him, kicking him out of the bar and, yes, up to the afore mentioned cracked skull whether warranted or not. The social group our hypothetical example has entered can choose to deal with him. This is normal. It's real life and in the example provided I would say it is fair. He isn't providing any "information" and it isn't like he can pretend there are no consequences to his actions. Just because the GP used an extreme example of a consequence doesn't mean his point isn't valid.
One of the strengths of the Internet is that actual oppressed populations can get their story out to the world. The price we pay for this currently is that an extremely vocal minority of maladjusted people abuse this ability to inflate their level of self-importance. The fact that you seem to twist this abdication of responsibility for self-gratification as "providing unpleasant information" speaks volumes.
Not a personal dig against you since there are so many of thses posts I could have used to replied to so please consider the "you" to be rhetorical. That said...
So instead of wasting the half second scanning the front page, noting "dupe" and moving on you decide that it is somehow more productive (being this is/. - joke intended) to click the link to the story and then post to it with what is essentially a dupe of a "This is a dupe" comment mit your +1 bonus.
You're not even a subscriber so the worst you have to put up with is the banner ads which also take less than a second to ignore or a little bit longer to block and then never see them again. But obviously there is no closure to this injustice until the bleating is complete.
Forget the myths of not taking showers or forgoing exercise, etc.. IMHO, the real reason geeks don't get laid (as often as they should) is because they can't move on if their "Pedantic" button has been pushed.
Slashdot Mirror
T-Mobile's negligence is a civil matter, not a criminal one. You want to punish them then sue or don't buy their junk. The other alternative is to get your State or the federal government to enact legislation that would impose criminal penalties for having lax security. Good luck with that. Suing stands a better chance.
Another idea would be to cancel your SideKick and not pay the penalty. If they threaten to collect then have a lawyer threaten to countersue since they provided a defective service. Heck, I have no idea how these contracts run but if there was an upfront fee to pay you could cancel and demand that back for them. Hell, maybe have them buy the phone back from you.
Again, as there are no laws criminalizing T-Mobile's practices this falls squarely under civil law. If you have standing and want them punished then it is up to you to take the steps.
And what intelligence are we talking about here? I'm not seeing him using some zero-day to crack Hilton's phone. Or some way to cleverly hide his tracks from the phone company when calling in a ****bomb threat****. There are plenty of people with his intelligence that wind up doing squat for whatever reason. Most of them probably have had the foresight and morale fiber to not call in a bomb threat. If the world isn't lamenting or raising a finger to get them a helping hand then why should it invest any effort to help this kid out? Because his "antics" have made him (in)famous?
The only way this punishment ruins his life is because he let's it ruin his life.
Now, as for punishing T-Mobile. How about... Don't buy their insecure shit? How about.... Have Snoop Dogg and Paris sue them? Or have all the SideKick users out there file a class-action.
The biggest fallacy in your PC/Gun comparison is that the gun is obviously dangerous in society's eyes and the computer is never going to be due to all the legitimate legal uses it has. I don't have to lock up my hammer or hedge trimmer. Somebody's kid could set another on fire with a can of Off and Zippo. Does that mean I have to have a nozzle lock on insect repellant?
Damn straight the kid is going to get blamed. And rightfully so. That doesn't preclude the SideKick customers from punishing T-Mobile by filing suit or dropping their contracts. Isn't going to be me because, as I don't own a SideKick, I have no standing to take action against T-Mobile.
I don't see how his life is suddenly derailed by that part of his punishment. Mitnick had to be without those things for a longer period of time and has been able to bring himself up to speed on current technology. If the kid wants to continue working on computers after his punishment nothing is stopping him.
However I will politely refrain from foregoing my current television habit having trained myself to avoid the s**t and viewing fare I find worthwhile (which most people would consider to be boring s**t but I digress.) I'm definitely not considering giving up television while on the treadmill during winter. But that's just me.
I just have a morbid curiousity in knowing how they would use the Wand of Watoomb... .
1998 was it really so long ago? I thought SciFi was hyping it up just last year.
They already did Nick Fury on SciFi Channel. I saw bits and pieces of it. Nick Fury was played by that guy from BayWatch. It hurt. It hurt real bad.
But more importantly, you haven't seen even one proposed draft, not one single line of the proposed license and you are "considering" becoming part of some anti-GPL revolt or whatever over some spontaneous, reactionary /. fact devoid groupthink? I stand bewildered.
Let the "Flower, you must be new here" jokes commence.
Well we now finally know how the underpants gnome wind up at "PROFIT!"
Taking BSD code and incorporating it into a proprietary product comes at a price. No more free development. You have to build a community from scratch. Still have to compete with an exisiting free product. Yeah MS has taken BSD code but big deal. The stuff that differentiates their product from OSS is their own code. Once again you're focusing on the tiny bottle of tabasco in Microsoft's MRE instead of focusing on the MSS Active Directory, MSS MSSQL, MSS Exchange and MSS XP.
Oh and as for content-free gestures. CARP provides a patent unencumbered alternative to VRRP that is not only more scalable but also more secure. Vorbis - patent free and saving game creators big bucks because it can be implemented free under a BSD license.
Yeah, real empty there.
Compared to those two A-bombs the BSD license is a gentle summer breeze. CARP, OpenSSH, and Vorbis are just a miniscule example of some of the good that's come out of people who have used the BSD license.
Hrmmm, you mean like Caldera or, yes if you go back to when Y.A.S.T was proprietary, SuSE?
And note that there are circumstances where it is advantageous to use a simpler and less restrictive license than the GPL. Vorbis is a prime example. IIRC, the codec is BSD and the utilities are GPL'd. The developers wanted to promote Vorbis and to succeed at that they asked RMS to approve of the move to a less restrictive license. If it's good enough for RMS...
Some people might take offense but I can also bring up the need for creating the LGPL. Or how about all those binary drivers in linux. Suuuure the developers won't support them but they aren't frowned upon either because it's practical to have them. Heck, again iirc (I really need to find that cite again. I originally saw it mentioned somewhere while reading some stuff on OpenBSD), there's a SPARC platform supported by linux that uses a closed binary. And quite honestly most of the work I've seen towards getting vendors to open up stuff has been coming from the BSD crowd lately.
And finally, as has already been mentioned, Apple has been giving source back from Darwin.
No. Since they took so long to resolve those last few issues we just assumed that they hadn't gone for a quality hire. :P
Ok, I am now soooooo ashamed.
I'm not paying $50 just to have a CCO account. Wha? If I get my CCIE do I get a token for free?
First, nobody has yet attacked via this vector. That you know of... There are no examples of concept code out there. That you know of... Had someone exploited this vector, then it makes sense to educate the public that it exists and why. If I know about it I can keep an eye on my neck of the woods, implement workarounds as I deem necessary and sound the alert if I see it in the wild... Until then, I think the moral thing would be to STFU. I think the moral thing is to not keep me ignorant but that's just me. Cisco has a right to be angry (though not to use heavy-handed tactics).
Cisco's emotional state is really not my problem. The network I admin using their products is.
Lynn seems to have found a way to get a shell on any version of IOS that is vulnerable to an overflow be it stack (which appears to be rare) or on the heap. The problem with exploiting an overflow on the heap is that Cisco deploys a watchdog which forces a software reboot of the device if it finds that the heap has been messed with.
Going deeper in his presentation it appears that Lynn found a way to kill the watchdog and keep the router from rebooting itself. With the time now bought by doing this one can setup a TTY and get a shell to take over the device. That appears to be the kicker over previous exploits that I've seen with Cisco kit. This isn't a DoS it is a remote root.
Ok, my flame-retardant Scoobies are properly in place, tag in back. Anything I have gotten wrong please feel free to correct with whatever amount of vitrol is deemed appropriate.
You can't bring up the injunction. That means nothing since the suit was settled. Mr. Lynn did not have to make any admission of wrong-doing nor pay restitution. More than likely Lynn's lawyer brought up how much it would cost to defend himself and Mr. Lynn decided that it would be better to keep making car and house payments than fight in the courts.
And it doesn't even matter that he can't talk about it any longer. The presentation hit BlackHat. I'm over here in the Mid-West and a printout of his slides are hanging outside my cube wall for any of my co-workers to go over. The stuff I'm not getting is being talked about on various blogs and I can just follow the trail of links to educate myself on what this exactly means. So where is the great admission of guilt in the injunction? Nowhere. The injunction is nothing but a PR wash for Cisco.
So what about the FBI investigation? Where are the charges? Where's the conviction? Taking his stuff and following up on Cisco's complaint is SOP for the FBI. I'm not seeing any law breaking here.
Until you've got something a heck of a lot more specific than "he broke the law and there are consequences for that" we don't have much to talk about because that axiom just isn't flying currently.
Your nick is so white they could use it in an Orbitz commercial.
Your nick is so white your Grams uses it to bleach her coffee cups.
Your nick is so white it flips 0xFFF to 0x000.
Your nick is so white the KKK is suing for diluting their trademark.
And last but not least. Your nick is so white it makes a 40-something, suburban white dude spontaneously bust out in snaps.
Again, sorry. Slow day. Dead story. And I was inspired by your post.
The negative to anonymity is that immature or socially maladjusted individuals can destroy the signal to noise ratio in a forum with impunity. The criteria you are "distinguishing" by isn't even relevent in the example shown. The hypothetical tool crying faggot to everyone is not providing unpleasant information. He is purposefully inciting the people around him. Mr. Tool is abusing his freedom of expression and in the non-anonymous setting a variety of social pressures can be applied against him to correct or remove his behavior ranging from ostricizing him, publically deriding him, kicking him out of the bar and, yes, up to the afore mentioned cracked skull whether warranted or not. The social group our hypothetical example has entered can choose to deal with him. This is normal. It's real life and in the example provided I would say it is fair. He isn't providing any "information" and it isn't like he can pretend there are no consequences to his actions. Just because the GP used an extreme example of a consequence doesn't mean his point isn't valid.
One of the strengths of the Internet is that actual oppressed populations can get their story out to the world. The price we pay for this currently is that an extremely vocal minority of maladjusted people abuse this ability to inflate their level of self-importance. The fact that you seem to twist this abdication of responsibility for self-gratification as "providing unpleasant information" speaks volumes.
Why would the intruder care? You make it sound like they are using their own personal box to launch the attack.
Because she's a hot dish?
So instead of wasting the half second scanning the front page, noting "dupe" and moving on you decide that it is somehow more productive (being this is /. - joke intended) to click the link to the story and then post to it with what is essentially a dupe of a "This is a dupe" comment mit your +1 bonus.
You're not even a subscriber so the worst you have to put up with is the banner ads which also take less than a second to ignore or a little bit longer to block and then never see them again. But obviously there is no closure to this injustice until the bleating is complete.
Forget the myths of not taking showers or forgoing exercise, etc.. IMHO, the real reason geeks don't get laid (as often as they should) is because they can't move on if their "Pedantic" button has been pushed.