The real crime here was the characterization of the actions in these articles. "Makes the computer slow and less productive", "Annoying", etc.
This is SO WRONG - and THIS perception is what we are SELLING to the public... THIS is the mantra that a "victim" will chant. "It's wrong because it is an inconvenience!"
No, sorry - these are all acts of felony tampering... from the initial install of the adware, to each popup that appears: insertion of data; theft of service; unauthorized access; you name it.
This continued misdirection IS the cause of the current situation. If we'd start selling the public on the concept of what these actions *really* are... we'd start seeing people (the public, then the law makers, then the law enforcement) take it more seriously... and we'd start seeing the offenders (180solutions, along with their ad clients) being held accountable.
Perhaps it is time for us in our industry to start highlighting, and exacerbating, the dual standard that exists - if you or I made a disk that silently installed a software snippet that modified a machine's behavior - we'd go to jail. If a corporation does it... culturally, they are held harmless for the exact same act. Funny... a floppy-borne virus from 15 years ago vs a CD borne "DRM" virus last month - same end result, same mechanism, same intent - totally different perception of the actions. It's time for us to make them the same.
We are neither interested in "Quick" nor "Discrete", and we regret that we are not interested in your services at this time. However, if you wish to refer any of your associates who specialize in "Slow" and "Highly Visible", we'd be most pleased to hear from them.
Their disk defrag, for example, was THE DUMBEST piece of crap on the planet. Check out this brilliant strategy that I got to witness one weekend:
I've got a 180 meg disk, DOS 6, and I'm running Norton Defrag on it. It has a 50 meg file on it, in two contiguous chunks. There's a 49 meg "free space" up top when Norton Defrag reaches this file.
It moves it, sector by sector, into this 49 meg space... runs out of space, and moves it back. chunk, chunk, chunk, chunk. It moves the next file into the start of this free space, and succeeds. It then... tries to move this 50 meg file... into this (now smaller) space. chunk, chunk, chunk... Fails, moves it back (chunk, chunk, chunk...), tries with the next file and succeeds (making the free space smaller), tries the 50 meg file again (chunk, chunk, chunk...), fails, moves it back (chunk, chunk, chunk... )
And I'm being generous with all of this "chunk, chunk, chunk" stuff. In truth, it was about a 4 minute process to move the file (and fail), one-way. Then another 4 to move it back.
Oh, immediately at the tail of this "free space" is a single cluster that's in use, followed by 60 megs of contiguous free space.
F*ing brilliant... 27 hours to defrag a 180 meg drive with less than 170 files on it.
Sorry, Norton Utils had some cute *looking* tools, but in truth... they were useless "feel good" eye candy, amateur knock-offs of real stuff. With the exception of their sector editor, that is. The picture of some guy with a white shirt and tie, and his sleeves rolled up... is supposed to inspire confidence? Is this the moron who wrote this defrag strategy? He's clued...
So, I've not touched Norton (or Symantec) products since that date. They simply follow the buzzword-du-jour, and their products have no actual merit. They look really good in the box on the shelf, though... but sadly, that's where it stops.
Last time I checked, the Govt's rights were specifically enumerated; anything not specifically stated was not within their scope. And I thought that last time I checked, our abilities were NOT enumerated; anything NOT specifically prohibited was fine. Because you know, the Const doesn't specifically say I have the right to walk. Did I miss something, here?
It'll depend on the state; here, we spend a lot of effort to work with the various rental companies (Home-Depot is a prime example). They throw our big "Call First" stickers on their tools, and verbally inform the renter about it. A few rental places will NOT rent unless the homeowner produces a ticket_ID from us.
So, there's some progress in this particular area... depending on which state you live in.
>...while machines (i.e., computers) make excellent symbol manipulation devices, only minds have the additional capacity to ascribe semantics to symbols."
should actually read,
"Because ***I*** am too stupid to figure out how to make a machine ascibe semantics to symbols, only minds have the additional capacity to ascribe semantics to symbols."
Arrogance is a wonderful thing. "I'm too stupid to figure it out, therefore it cannot be done."
Being from the north-northeast, I haven't figured that one out either. But Sandy (the exec dir of AZBlueStake) said... the DOT and DPWs must call before they're allowed to plow the roads!
Maybe they're sand-plows instead of snow-plows, who knows:)
Or, it was buried 6' down when your housing area was started... and then 6 months later, this big "Grade-All" came through to make this "Lawn" thing...
You're on drugs. NO utility gives depth info, and I'm not aware of any major one-call center that TAKES depth info from the caller. I know for a fact that we don't.
Depth is useless; in Arizona, for example, snow-plows are required to "call before they plow". Why? Soil erosion.
Here in my state, depth is likewise useless; not as much from erosion as it is from grading. Infrastructure goes in first; landscape happens last. It is QUITE common for a 48" deep line to be 24" from the surface after several years.
And that isn't accounting for things that were discovered when trying to bury the lines in the first place; intersections with other plant means you change height at that location. Hitting Bedrock... means you change height.
> had the major fiber carrier in the area... assured him it was 6' down
Not likely. The moron sent to locate the cable may have mentioned the depth in passing, but I work with these "major carriers" and their locators every day, and there is no way in hell they'd say "you're fine to use your backhoe directly on top of my wire up to 5 feet 11 inches deep". Most "Major Carriers", on a long-haul line, will physically PUT A BODY on-site during the dig to enforce the protection of their cables by hand digging over it. If it's an issue, or a very high-value asset, they'll even go so far as to hand-expose it, themselves. They do not, ever, say "sure! Just dig right on top of it".
Ever.
What I'd suggest is that you ask your contractor friend to define what he means by "assure". And as you do this, remember that he's getting sued for being at fault... he won't do anything to deflect responsibility, at all... he certainly won't exaggerate what was said, for certain.
I agree, totally - we played with that concept over a decade ago using a protype I'd built. We went so far as GETTING board-approval for the concept.
It didn't work; GPS is good for 20 feet usually, whereas excavators need to know within a bucket-width (24"). That means that the GPS error, combined with OUR error, must be less than 24". Not gonna happen, especially since we're dealing with junk that was buried over a century ago.
The second reason it didn't work was because retards would transpose digits while entering them.
The third reason it didn't work was because GPS units do not work in multi-path areas (heavy metro) or tunnels, etc.
The final reason it didn't work is because it requires every human who is capable of digging to have one of these GPS units, and have the realization that they need to enter it into my server, and then have that ability to enter this data into my server. Sorry, but no home-owner is going to get one of these devices just so they can throw up a fence post, or till a new flower bed.
For now, the best bet appears to be GPR (ground penetrating radar)... if it ever matures to a useful and cost-effective product.
> First off - setting up "811" as a nationwide Utility Locating service isn't a bad idea. I just have to wonder who gets to pay for the routing system? Is it going to be one of those extra charges on my phone bill? Also, 8 is very close to 9 on the keypad - how many calls to 911 will occur because people fatfingered the 8? I'd rather make the number "711" - but could see it playing havoc w/some PBX's...
There is no routing system; the various LECs in our territory will simply treat "811" as a speed-dial for our existing 800 number. No new (additional) charges are required for this simple setup.
We'll not be doing that, however, since our fine state is surrounded by other states... and those states have other call centers, and people wishing to contact those centers (via 811) within our territory would get us. Instead, we'll actually point 811 to a phone maze, which will (1) deal with the 911 misdial issue, (2) verify they want us, and (3) send them where they need to go. This more fancy, "caller friendly" system does cost money... but again, our purpose is that it'll be a free call so that people will use it. The cost will be paid for in our ticket-price to the utilities, as everything else currently is.
> promoted by the telco's not wanting to report outages Between you and me, Telcos don't want to report outages because they attract the state Public Service Comission. Most have refused to even give us even sanitized statistics for geographic Promotion/Educational targeting; typically only Gas is required to report to such state agencies.
>OR, keep riding until you see a big steel cover with SPRINT or AT&T or MCI emblazoned on it.. Or, just call in a stake-out request; the utilities will try to locate the line for you, to within 24".
Mmmm... in re-reading my post, I wasn't too clear... my bad. Perhaps I should phrase it this way...
If being exposed on an ad-hoc is a problem, then you're screwed no matter what.
The point of my original "re-title" was to point out the implication of TFA... that adhocs pose more of a risk than an established infrastructure, and it's bull@#$. What should be clarified... if you can survive on the typical public infrastructure, then an ad-hoc is irrelevent; there's nothing exposed there that isn't exposed on the infrastructure. Likewise, if someone CAN gain a foothold over this ad-hoc, they can do exactly the same thing over an infrastructure. From the admin perspective, *unless* the admin expects that the laptop will ONLY connect to a specific bastion infrastructure... this entire "ad-hoc" threat is moot, and is merely the same case as the typical infrastructure.
is any more of a threat than one on an Infrastructure?
Packets are packets. This article should have been titled, "DANGER: WiFi at Hotels and Starbucks are safe, ad-hocs are not."...Unless you've configged your laptop to always assume it will be constrained behind a NAT, exposed to a subnet of trusted hosts only. Yeah, right.
Heh, I wasn't actually going to post that, but I had a thought... if we patented the dumbest mistakes out there (buffer overflows, etc)... what company would want to prove "prior art" ?
> Unfortunately, Ilfak's patch is, in a real sense, a non-starter.
Nah, no twiddle required - just download and run, and MSI takes care of it per normal. I do agree that telling people to pull and install an arbitrary file is a bit of a bad contradiction, however... I haven't quite resolved this yet, which is why I'm not telling people to do it.
I'm still trying to figure out why RIAA would have the gall to mention "America's knowledge-intensive intellectual property-based goods and services", and if they actually consider themselves to be relevent to "our greatest economic assets".
...using the money argument when a cashier asks for too much. Face it - typical information collection at a cash register (as an example) is big bucks - and when someone crosses a line, I answer that I'll be happy to sell them the information.
The result is the typical baffled look, since it isn't the typical "paranoid" response. I then ask them how much their company paid for the "collection module" for their POS software - I know it isn't cheap. I then ask what they paid to have it setup, and have the results of this current campaign implemented. That isn't cheap either.
I then ask how long it takes the average cashier to gather the desired information. 15 seconds? How long does the average cash transaction take without this? 30 seconds? By gathering this info, we've effectively cut the cashier throughput - meaning to maintain that throughput, the store needs to increase its cashier staff by that amount... a full third in this example. That is NOT cheap.
Clearly my zipcode is worth an assload of money, I conclude... and if they are willing to spend THAT kind of money to get it, then I'm an idiot to just GIVE AWAY something they deem so valuable.
That's the general concept, at least... and it is quite effective as it cannot be argued against. This information clearly has significant value; Paranoid has nothing to do with it.
Slashdot Mirror
Heh... name your price :)
I'd agree, but add this -
The real crime here was the characterization of the actions in these articles. "Makes the computer slow and less productive", "Annoying", etc.
This is SO WRONG - and THIS perception is what we are SELLING to the public... THIS is the mantra that a "victim" will chant. "It's wrong because it is an inconvenience!"
No, sorry - these are all acts of felony tampering... from the initial install of the adware, to each popup that appears: insertion of data; theft of service; unauthorized access; you name it.
This continued misdirection IS the cause of the current situation. If we'd start selling the public on the concept of what these actions *really* are... we'd start seeing people (the public, then the law makers, then the law enforcement) take it more seriously... and we'd start seeing the offenders (180solutions, along with their ad clients) being held accountable.
Perhaps it is time for us in our industry to start highlighting, and exacerbating, the dual standard that exists - if you or I made a disk that silently installed a software snippet that modified a machine's behavior - we'd go to jail. If a corporation does it... culturally, they are held harmless for the exact same act. Funny... a floppy-borne virus from 15 years ago vs a CD borne "DRM" virus last month - same end result, same mechanism, same intent - totally different perception of the actions. It's time for us to make them the same.
Dear sir:
We are neither interested in "Quick" nor "Discrete", and we regret that we are not interested in your services at this time. However, if you wish to refer any of your associates who specialize in "Slow" and "Highly Visible", we'd be most pleased to hear from them.
Eh, they were not that great.
Their disk defrag, for example, was THE DUMBEST piece of crap on the planet. Check out this brilliant strategy that I got to witness one weekend:
I've got a 180 meg disk, DOS 6, and I'm running Norton Defrag on it. It has a 50 meg file on it, in two contiguous chunks. There's a 49 meg "free space" up top when Norton Defrag reaches this file.
It moves it, sector by sector, into this 49 meg space... runs out of space, and moves it back. chunk, chunk, chunk, chunk. It moves the next file into the start of this free space, and succeeds. It then... tries to move this 50 meg file... into this (now smaller) space. chunk, chunk, chunk... Fails, moves it back (chunk, chunk, chunk...), tries with the next file and succeeds (making the free space smaller), tries the 50 meg file again (chunk, chunk, chunk...), fails, moves it back (chunk, chunk, chunk... )
And I'm being generous with all of this "chunk, chunk, chunk" stuff. In truth, it was about a 4 minute process to move the file (and fail), one-way. Then another 4 to move it back.
Oh, immediately at the tail of this "free space" is a single cluster that's in use, followed by 60 megs of contiguous free space.
F*ing brilliant... 27 hours to defrag a 180 meg drive with less than 170 files on it.
Sorry, Norton Utils had some cute *looking* tools, but in truth... they were useless "feel good" eye candy, amateur knock-offs of real stuff. With the exception of their sector editor, that is. The picture of some guy with a white shirt and tie, and his sleeves rolled up... is supposed to inspire confidence? Is this the moron who wrote this defrag strategy? He's clued...
So, I've not touched Norton (or Symantec) products since that date. They simply follow the buzzword-du-jour, and their products have no actual merit. They look really good in the box on the shelf, though... but sadly, that's where it stops.
"SymEvent", anyone?
Yeah, I was sort of on that same track.
Last time I checked, the Govt's rights were specifically enumerated; anything not specifically stated was not within their scope. And I thought that last time I checked, our abilities were NOT enumerated; anything NOT specifically prohibited was fine. Because you know, the Const doesn't specifically say I have the right to walk. Did I miss something, here?
Oh the funny part - there's no need to reverse engineer it; the guts would be fully described in the resulting Software Patent.
Worst case, pull an SCO and sue them for violating your stuff, and demand un-obfuscated *everything* during discovery.
On the fun side, wait until RIAA/MPAA gets their agenda piggybacked into these little boxes.
...or he could wake up in 300 million years, only to discover that Cockroaches do not USE currency.
It'll depend on the state; here, we spend a lot of effort to work with the various rental companies (Home-Depot is a prime example). They throw our big "Call First" stickers on their tools, and verbally inform the renter about it. A few rental places will NOT rent unless the homeowner produces a ticket_ID from us.
So, there's some progress in this particular area... depending on which state you live in.
> ...while machines (i.e., computers) make excellent symbol manipulation devices, only minds have the additional capacity to ascribe semantics to symbols."
should actually read,
"Because ***I*** am too stupid to figure out how to make a machine ascibe semantics to symbols, only minds have the additional capacity to ascribe semantics to symbols."
Arrogance is a wonderful thing. "I'm too stupid to figure it out, therefore it cannot be done."
Being from the north-northeast, I haven't figured that one out either. But Sandy (the exec dir of AZBlueStake) said... the DOT and DPWs must call before they're allowed to plow the roads!
:)
Maybe they're sand-plows instead of snow-plows, who knows
Or, it was buried 6' down when your housing area was started... and then 6 months later, this big "Grade-All" came through to make this "Lawn" thing...
You're on drugs. NO utility gives depth info, and I'm not aware of any major one-call center that TAKES depth info from the caller. I know for a fact that we don't.
Depth is useless; in Arizona, for example, snow-plows are required to "call before they plow". Why? Soil erosion.
Here in my state, depth is likewise useless; not as much from erosion as it is from grading. Infrastructure goes in first; landscape happens last. It is QUITE common for a 48" deep line to be 24" from the surface after several years.
And that isn't accounting for things that were discovered when trying to bury the lines in the first place; intersections with other plant means you change height at that location. Hitting Bedrock... means you change height.
> had the major fiber carrier in the area... assured him it was 6' down
Not likely. The moron sent to locate the cable may have mentioned the depth in passing, but I work with these "major carriers" and their locators every day, and there is no way in hell they'd say "you're fine to use your backhoe directly on top of my wire up to 5 feet 11 inches deep". Most "Major Carriers", on a long-haul line, will physically PUT A BODY on-site during the dig to enforce the protection of their cables by hand digging over it. If it's an issue, or a very high-value asset, they'll even go so far as to hand-expose it, themselves. They do not, ever, say "sure! Just dig right on top of it".
Ever.
What I'd suggest is that you ask your contractor friend to define what he means by "assure". And as you do this, remember that he's getting sued for being at fault... he won't do anything to deflect responsibility, at all... he certainly won't exaggerate what was said, for certain.
I *wish* I had mod points... +2 informative, NOT funny :)
I agree, totally - we played with that concept over a decade ago using a protype I'd built. We went so far as GETTING board-approval for the concept.
It didn't work; GPS is good for 20 feet usually, whereas excavators need to know within a bucket-width (24"). That means that the GPS error, combined with OUR error, must be less than 24". Not gonna happen, especially since we're dealing with junk that was buried over a century ago.
The second reason it didn't work was because retards would transpose digits while entering them.
The third reason it didn't work was because GPS units do not work in multi-path areas (heavy metro) or tunnels, etc.
The final reason it didn't work is because it requires every human who is capable of digging to have one of these GPS units, and have the realization that they need to enter it into my server, and then have that ability to enter this data into my server. Sorry, but no home-owner is going to get one of these devices just so they can throw up a fence post, or till a new flower bed.
For now, the best bet appears to be GPR (ground penetrating radar)... if it ever matures to a useful and cost-effective product.
That product (not RFID, but a version of your concept that'd actually work) has been available for almost half a decade.
Of course, the bulk of what's buried was buried long, long before that product was released... and will remain that way until time-travel is invented.
> First off - setting up "811" as a nationwide Utility Locating service isn't a bad idea. I just have to wonder who gets to pay for the routing system? Is it going to be one of those extra charges on my phone bill? Also, 8 is very close to 9 on the keypad - how many calls to 911 will occur because people fatfingered the 8? I'd rather make the number "711" - but could see it playing havoc w/some PBX's...
There is no routing system; the various LECs in our territory will simply treat "811" as a speed-dial for our existing 800 number. No new (additional) charges are required for this simple setup.
We'll not be doing that, however, since our fine state is surrounded by other states... and those states have other call centers, and people wishing to contact those centers (via 811) within our territory would get us. Instead, we'll actually point 811 to a phone maze, which will (1) deal with the 911 misdial issue, (2) verify they want us, and (3) send them where they need to go. This more fancy, "caller friendly" system does cost money... but again, our purpose is that it'll be a free call so that people will use it. The cost will be paid for in our ticket-price to the utilities, as everything else currently is.
> promoted by the telco's not wanting to report outages
Between you and me, Telcos don't want to report outages because they attract the state Public Service Comission. Most have refused to even give us even sanitized statistics for geographic Promotion/Educational targeting; typically only Gas is required to report to such state agencies.
>OR, keep riding until you see a big steel cover with SPRINT or AT&T or MCI emblazoned on it..
Or, just call in a stake-out request; the utilities will try to locate the line for you, to within 24".
Oh well.
Mmmm... in re-reading my post, I wasn't too clear... my bad. Perhaps I should phrase it this way...
If being exposed on an ad-hoc is a problem, then you're screwed no matter what.
The point of my original "re-title" was to point out the implication of TFA... that adhocs pose more of a risk than an established infrastructure, and it's bull@#$. What should be clarified... if you can survive on the typical public infrastructure, then an ad-hoc is irrelevent; there's nothing exposed there that isn't exposed on the infrastructure. Likewise, if someone CAN gain a foothold over this ad-hoc, they can do exactly the same thing over an infrastructure. From the admin perspective, *unless* the admin expects that the laptop will ONLY connect to a specific bastion infrastructure... this entire "ad-hoc" threat is moot, and is merely the same case as the typical infrastructure.
Phew!
is any more of a threat than one on an Infrastructure?
...Unless you've configged your laptop to always assume it will be constrained behind a NAT, exposed to a subnet of trusted hosts only. Yeah, right.
Packets are packets. This article should have been titled, "DANGER: WiFi at Hotels and Starbucks are safe, ad-hocs are not."
Yep, sorry guys... this flaw is patented. Pay up!
Heh, I wasn't actually going to post that, but I had a thought... if we patented the dumbest mistakes out there (buffer overflows, etc)... what company would want to prove "prior art" ?
> Unfortunately, Ilfak's patch is, in a real sense, a non-starter.
Nah, no twiddle required - just download and run, and MSI takes care of it per normal. I do agree that telling people to pull and install an arbitrary file is a bit of a bad contradiction, however... I haven't quite resolved this yet, which is why I'm not telling people to do it.
I've spent the past decade putting those "Intel Inside" stickers onto EVERY trash can and waste bin in my building! Now I've got to start over?
I'm still trying to figure out why RIAA would have the gall to mention "America's knowledge-intensive intellectual property-based goods and services", and if they actually consider themselves to be relevent to "our greatest economic assets".
Somebody's doing too much coke.
...using the money argument when a cashier asks for too much. Face it - typical information collection at a cash register (as an example) is big bucks - and when someone crosses a line, I answer that I'll be happy to sell them the information.
The result is the typical baffled look, since it isn't the typical "paranoid" response. I then ask them how much their company paid for the "collection module" for their POS software - I know it isn't cheap. I then ask what they paid to have it setup, and have the results of this current campaign implemented. That isn't cheap either.
I then ask how long it takes the average cashier to gather the desired information. 15 seconds? How long does the average cash transaction take without this? 30 seconds? By gathering this info, we've effectively cut the cashier throughput - meaning to maintain that throughput, the store needs to increase its cashier staff by that amount... a full third in this example. That is NOT cheap.
Clearly my zipcode is worth an assload of money, I conclude... and if they are willing to spend THAT kind of money to get it, then I'm an idiot to just GIVE AWAY something they deem so valuable.
That's the general concept, at least... and it is quite effective as it cannot be argued against. This information clearly has significant value; Paranoid has nothing to do with it.
e**, phrase it better next time -
> What's the big deal. If you are doing nothing wrong who cares.
The big deal is that if I am doing nothing wrong, they have no right to look.
> The downside is that anyone working for that company also loses all of their jobs.
:(
In other words, one more challenge with accountability is that the corporation is effectively holding any "honest employees" as hostages.
It's a trainwreck, any way you slice it.