You have to tell mgmt what is going on and tell them they need to purchase licensees. If they don't, they are liable for all sorts of headaches. If they don't want to believe you, then ask them to talk to your lawyers.
Under no circumstances should you continue to support or install pirated software. That puts you at legal risk and you can't CYA with a letter stating that mgmt is OK with breaking the law. If you do it, then you are liable.
If mgmt doesn't want to pay for licenses. Leave. Cause if they get caught, you will be the one to pay the price as the IT manager.
I am a Verizon customer and I have opted out of sharing CPNI. I don't know what the new privacy statements are, my privacy policy hasn't been updated in the last six months, but I bet it has to do with CPNI. Here is the section from VZW's customer agreement.
What is confusing is whether "personal information" is limited to Name, number, address, etc, or also includes CPNI (the non-identifiable info).
Your Privacy â" IMPORTANT INFORMATION â" PLEASE READ CAREFULLY BEFORE MAKING YOUR PURCHASE DECISION
In the course of providing services to you, we may collect certain information that is made available to us solely by virtue of our relationship with you, such as information about the quantity, technical configuration, type, destination and amount of your use of the telecommunications services you purchase. This information and related billing information is known as Customer Proprietary Network Information, or CPNI. (CPNI does not include your name, address and wireless phone number.) Further, except as provided in this agreement, we won't intentionally share personal information about you without your permission. SUBJECT TO THE FOREGOING, WE MAY USE AND SHARE INFORMATION ABOUT YOU AND HOW YOU USE ANY OF OUR SERVICES: (A) SO WE CAN PROVIDE OUR GOODS OR SERVICES TO YOU; (B) SO OTHERS CAN PROVIDE GOODS OR SERVICES TO US OR TO YOU ON OUR BEHALF; (C) SO WE OR OUR AFFILIATES IN THE VERIZON FAMILY OF COMPANIES CAN COMMUNICATE WITH YOU ABOUT GOODS OR SERVICES THAT ANY OF US OFFER; (D) TO PROTECT OURSELVES; OR (E) AS REQUIRED BY LAW, LEGAL PROCESS OR EXIGENT CIRCUMSTANCES.
IN ADDITION, WE MAY INCLUDE OUR OWN OR THIRDâ"PARTY ADVERTISING IN THE SERVICES YOU PURCHASE FROM US, AND WE MAY COLLECT NONâ"PERSONALLY IDENTIFIABLE INFORMATION ABOUT YOU AND YOUR USE OF THOSE SERVICES. WE MAY SHARE THAT NONâ"PERSONALLY IDENTIFIABLE INFORMATION WITH OTHER VERIZON COMPANIES, VENDORS AND THIRD PARTIES TO PROVIDE RELEVANT ADVERTISING. IF YOU DO NOT WANT US TO COLLECT OR USE SUCH NONâ"PERSONALLY IDENTIFIABLE INFORMATION FOR THIS PURPOSE, YOU SHOULD NOT USE OUR SERVICES; BY USING THE SERVICES, YOU EXPRESSLY AUTHORIZE US TO USE YOUR INFORMATION FOR THIS PURPOSE.
Dunno about music, but with books, the copyright holder is the author who licenses the rights of their work to a publisher. The contract should have language in it about how or when the rights revert back to the author.
Also the scarcity of ammunition and large amount of enemies makes it difficult if not impossible to kill them all by simply shooting them.
I am sure some of you can kill everything in Ravenholm with the crowbar, I can not.:)
This nails Ravenholm. Even though I have replayed that level several times, it still creeps me out becuase I am always making a decision about when to fight and when to run--and then what am I running into? I know what is coming, but I have to be ready. The constant decision making is what makes Ravenholm so much fun.
I also like that most of ravenholm is bright. Extended scenes that rely on obfuscated darkness to up the "scare factor" is distracting.
Some people steal (yes, pirating is stealing and let's not quibble over the definition) what they can't have. Some people don't have the cranial capacity to understand that downloading stuff off the web is theft. The more that happens, the less money publishers and writers don't make.
Here is a side effect of pirating books. Publishers are prone to market conditions too. When the market goes south, publishers tighten up and stop taking on new writers. They also start knocking off low performing writers (low performing compared to others in the stable.) Every book that is pirated, and to the same degree where a book is swapped on an internet site, means one less sale to the author which means less money in their pocket, 6-8% of the cover price AND one less sale in their numbers column. Under performers are cut.
Pirating is NOT new, but the SCALE at which it can occur on the Internet is new. Back when vinyl was copied to cassettes, I bet the total impact was less than 1% of album sales because there really wasn't a big distribution channel, at least not in the US for illegal album copies.
But you know as well as I that with electronic copies, the barriers are completely removed.
That is why publishers want DRM. And, I think what killed the music industry and put Apple on top was NOT DRM, but the stakeholders--labels, distributors, and sellers--to come up with an *interoperable* format and method so that any song could be played on any device while still enforcing DRM.
The solution to this problem is simple, and I'm surprised browsers don't do this already: add fake '/' character isn't in the IDN blacklist. In Firefox, network.IDN.blacklist_chars already contains plenty of things that look like '/'. Maybe other browsers need to follow its example.
Do you know if FF will detect blacklist characters for all TLD's or just the non-IDN TLD's like.com and.net?
SSL is NOT broken. It is still an effective way to encrypt network traffic.
The attack breaks down two ways. Proxying web traffic between a user and a sensitive site like a bank and/or repsenting a URL to a user that looks legitimate but isn't.
The indicators that you are on an SSL site are varied. A lock in the lower right of the window (FF3), to the right of an address bar (IE 6 and below), or a green address bar (IE7 EV cert) or a green indicator to the left of the address bar (FF3). All except the EV SSL certs are pretty subtle. The success relies on the fact that there are so many varied ways that SSL protection is presented to the user, can you keep track of it all. Quick, which sites use EV certs? You don't know so you don't know what to expect.
So, the attack does a couple of things to fool you. First it proxies your web traffic to secure sites re-writing urls that start with HTTPS to HTTP. The only indicator in browsers is no lock. If you are not looking for it, then you probably won't miss it. But wait, since we are rewriting URL's, why not replace the favicon with a lock. Yummy.
The second type of attack is to proxy HTTPS to HTTPS, but this time the SSL session between you and the proxy is enabled with a valid and trusted SSL certificate. No SSL dialog boxes. Here is how it works. IDN is used so that countries can represent URL in their native character sets. Some non-ascii characters look like characters. So use them to fool the user. These are called homographs. Browsers will convert some IDN based on the TLD. But other TLD, like country codes TLD, the browser won't. The assumption being a.com hostname should be ASCII while a TLD for China should be IDN.
Knowing that, get a hostname in a CC TLD. Get a certificate for your hostname. Then create a really long hostname using IDN so that the TLD portion will be pushed off the end of the address bar. You can forge any legitimate web site this way and the only indicator is either examining the certificate or looking at the TLD in the URL. There are IDN that look like slashes, so making a "path" is easy.
Apparently this only affects those who don't pay attention...nothing to see here.
Can you make the claim you are 100% vigilant 100% of the time?
It's more subtle than that. It takes away one of the biggest indicators that there is an SSL problem--the dialogs. Watch the presentation video. It's pretty cool. What Moxie shows is that often the indicators of SSL enabled and not enabled are practically non-existent. It's easy to see how most users, even tech savvy ones, could be fooled.
Why? Because this doesn't allow victims to harass their abusive partners anonymously?
spoken like a true 'tard. Is that the only reason you can see for wanting to hide your number? so that you can harass someone?
never been abused or threatened, have you? Maybe a case is made because someone wants to call a person who is abusive and you don't want them to call you back? Say, you have an abusive spouse but you have to share custody. You need to call them but don't want them calling you and abusing you? Hrm, maybe that's a good idea.
Abusive people will go along way to make others lives miserable.
There are many commonly known ones. Some even made it into 688(I) Hunter/Killer. There were a few scenarios where you had to hunt a corridor. Pretty cool stuff.
Russians used to do what were called "Crazy Ivans." If you are running at high speed, you can't hear squat, so to check for chasers, they'd do a 180 course change and run back down their track. You can't get precise position using passive means--there is always room for error, so the chasing sub would move out of the way, quickly and often noisily telling the Russian sub it was being followed.
If the Russian didn't detect the follower, the evasion tactic was enough to make the following captain cautious.
Maybe if you read two sentenced into the deck, you would have seen this little gem "The three-app rule includes applications running in the background but excludes antivirus," [emphasis mine]
I am not affiliated with these guys, but from the faq and the site, here is what I get.
Memory in all computers is mapped to address space.
Right, but you, the programmer, don't worry about memory allocation or de-allocation in the same way. You don't do pointer math or any of that shit. The OS does it for you (which is what an OS should do). Think how Java manages memory is different than now C does. Hopefully, the OS manages memory well.
Nobody needs files? How, exactly, can I retrieve a document then? This FA is damned short on details.
Well, yes, there are "files" managed by the OS, but not directly reachable by a program. You treat a file like an object and just use it. No open, no close, no worrying about the proggie crashing and losing the unwritten data. The OS handles it.
Same with processes. It seems cool. Not sure it has legs, but seems cool indeed.
It doesn't even take into account WHAT Windows 7 installs and WHAT Ubuntu installs.
This is a very interesting point. An Unbuntu install has just about everything you need for most common desktop tasks installed and ready to roll. The time it would take to install similar software in Windows--any version--would be hours (I know, I have rebuilt my laptop a few times.)
Now it's down to how things are "inconsistent" or how it's not easy to get software in the manner of your choosing (rather than using the method provided by the OS).
I hope you are joking. Let's see, Unbuntu has two package managers? What, one is not enough? There must be two? A default install takes 4 GB of drive space? 4GB with no easy options to trim that down?
Oh, yeah, and that pesky install and dependency issues that all Linux distros suffer from.
I have been a Linux user since 1994 and they all suck on one way or another. The desktop versions of Unbuntu and Fedora have come a long, long way and the people who have worked on them should be proud of what they have accomplished. But there is still much more work to do.
Admit it, Word can not hold text more than one chapter in one file. MS Word is simply not-good-enough for anything that is longer than 10 pages.
Bzzzzzt. Wrong, Mr Nikolag. I write for a living and I use Word since that is what is required for production, I regularly turn in 20 pages single spaced. My wife writes novels in the 85-100K word range in Word, regularly. Word handles them just fine.
Search Google for.docs and you will see hundred page files (and larger) in Word.
They are not allowed to tax Amazon because amazon does not lie within New York's jurisdiction. Ditto if I were to sell an item to you directly - I'm in Pennsylvania and not bound by NY Laws and therefore not obligated to collect tax to pay the NY Legislature. The NY politicians can kiss my shiny-metal ass.
Sigh, until a case is made to a higher court, yes, NY State can and does tax on-line orders.
Re:Asheron's Call already had this quest...
on
Torture in Games
·
· Score: 1
just like every other animal in the world, we teach ourselves through playing.
Right, and having to torture an NPC teaches you what? How to torture and that doing so is acceptable?
The intent may, and I am making a big assumption here, may be trying to teach the "horrors of torture", but some will take it as a lesson plan for acceptable behavior. Whoever did this in WoW didn't think it through and is irresponsible.
an alternative interpretation is that in a world that Gibson envisioned where data is fleeting and we are deluged with it, there are times when you need to pay attention.
This poem, for all intents and purposes self destructs after the first reading. Therefore, you should pay attention the first time--you won't get another chance.
That was, I think, the intent. Whether he could have written a program that would have enforced that intent better is beside the point (apparently it was "broken"). For the average reader, you'd get one shot.
Mod parent Insightful. In Sprokets comment, I can replace "Linux" with "Microsoft" in every case. Just because someone is a Microsoft Admin makes them a monkey. Just because you use L-I-N-U-X doesn't make you a computer God. Sheesh.
An admin is skilled because they are, *gasp*, skilled in the environment they work in. I have met my fair share of Linux admins who couldn't do diddly without X being installed and couldn't install a program from source.
Slashdot Mirror
You have to tell mgmt what is going on and tell them they need to purchase licensees. If they don't, they are liable for all sorts of headaches. If they don't want to believe you, then ask them to talk to your lawyers.
Under no circumstances should you continue to support or install pirated software. That puts you at legal risk and you can't CYA with a letter stating that mgmt is OK with breaking the law. If you do it, then you are liable.
If mgmt doesn't want to pay for licenses. Leave. Cause if they get caught, you will be the one to pay the price as the IT manager.
Save your self time and pain of automating ip lookups. Make your landing page a login box only adn force users to authenticate prior to any access.
Set-up a script to auto block IP addresses for a time period that fail to login 3 times.
this is not hard.
What is confusing is whether "personal information" is limited to Name, number, address, etc, or also includes CPNI (the non-identifiable info).
Your Privacy â" IMPORTANT INFORMATION â" PLEASE READ CAREFULLY BEFORE MAKING YOUR PURCHASE DECISION
In the course of providing services to you, we may collect certain information that is made available to us solely by virtue of our relationship with you, such as information about the quantity, technical configuration, type, destination and amount of your use of the telecommunications services you purchase. This information and related billing information is known as Customer Proprietary Network Information, or CPNI. (CPNI does not include your name, address and wireless phone number.) Further, except as provided in this agreement, we won't intentionally share personal information about you without your permission. SUBJECT TO THE FOREGOING, WE MAY USE AND SHARE INFORMATION ABOUT YOU AND HOW YOU USE ANY OF OUR SERVICES: (A) SO WE CAN PROVIDE OUR GOODS OR SERVICES TO YOU; (B) SO OTHERS CAN PROVIDE GOODS OR SERVICES TO US OR TO YOU ON OUR BEHALF; (C) SO WE OR OUR AFFILIATES IN THE VERIZON FAMILY OF COMPANIES CAN COMMUNICATE WITH YOU ABOUT GOODS OR SERVICES THAT ANY OF US OFFER; (D) TO PROTECT OURSELVES; OR (E) AS REQUIRED BY LAW, LEGAL PROCESS OR EXIGENT CIRCUMSTANCES.
IN ADDITION, WE MAY INCLUDE OUR OWN OR THIRDâ"PARTY ADVERTISING IN THE SERVICES YOU PURCHASE FROM US, AND WE MAY COLLECT NONâ"PERSONALLY IDENTIFIABLE INFORMATION ABOUT YOU AND YOUR USE OF THOSE SERVICES. WE MAY SHARE THAT NONâ"PERSONALLY IDENTIFIABLE INFORMATION WITH OTHER VERIZON COMPANIES, VENDORS AND THIRD PARTIES TO PROVIDE RELEVANT ADVERTISING. IF YOU DO NOT WANT US TO COLLECT OR USE SUCH NONâ"PERSONALLY IDENTIFIABLE INFORMATION FOR THIS PURPOSE, YOU SHOULD NOT USE OUR SERVICES; BY USING THE SERVICES, YOU EXPRESSLY AUTHORIZE US TO USE YOUR INFORMATION FOR THIS PURPOSE.
Dunno about music, but with books, the copyright holder is the author who licenses the rights of their work to a publisher. The contract should have language in it about how or when the rights revert back to the author.
Also the scarcity of ammunition and large amount of enemies makes it difficult if not impossible to kill them all by simply shooting them.
:)
I am sure some of you can kill everything in Ravenholm with the crowbar, I can not.
This nails Ravenholm. Even though I have replayed that level several times, it still creeps me out becuase I am always making a decision about when to fight and when to run--and then what am I running into? I know what is coming, but I have to be ready. The constant decision making is what makes Ravenholm so much fun.
I also like that most of ravenholm is bright. Extended scenes that rely on obfuscated darkness to up the "scare factor" is distracting.
Nope, Honesty is what it is all about.
Some people steal (yes, pirating is stealing and let's not quibble over the definition) what they can't have. Some people don't have the cranial capacity to understand that downloading stuff off the web is theft. The more that happens, the less money publishers and writers don't make.
Here is a side effect of pirating books. Publishers are prone to market conditions too. When the market goes south, publishers tighten up and stop taking on new writers. They also start knocking off low performing writers (low performing compared to others in the stable.) Every book that is pirated, and to the same degree where a book is swapped on an internet site, means one less sale to the author which means less money in their pocket, 6-8% of the cover price AND one less sale in their numbers column. Under performers are cut.
Pirating is NOT new, but the SCALE at which it can occur on the Internet is new. Back when vinyl was copied to cassettes, I bet the total impact was less than 1% of album sales because there really wasn't a big distribution channel, at least not in the US for illegal album copies.
But you know as well as I that with electronic copies, the barriers are completely removed.
That is why publishers want DRM. And, I think what killed the music industry and put Apple on top was NOT DRM, but the stakeholders--labels, distributors, and sellers--to come up with an *interoperable* format and method so that any song could be played on any device while still enforcing DRM.
The solution to this problem is simple, and I'm surprised browsers don't do this already: add fake '/' character isn't in the IDN blacklist. In Firefox, network.IDN.blacklist_chars already contains plenty of things that look like '/'. Maybe other browsers need to follow its example.
.com and .net?
Do you know if FF will detect blacklist characters for all TLD's or just the non-IDN TLD's like
SSL is NOT broken. It is still an effective way to encrypt network traffic.
.com hostname should be ASCII while a TLD for China should be IDN.
Knowing that, get a hostname in a CC TLD. Get a certificate for your hostname. Then create a really long hostname using IDN so that the TLD portion will be pushed off the end of the address bar. You can forge any legitimate web site this way and the only indicator is either examining the certificate or looking at the TLD in the URL. There are IDN that look like slashes, so making a "path" is easy.
The attack breaks down two ways. Proxying web traffic between a user and a sensitive site like a bank and/or repsenting a URL to a user that looks legitimate but isn't.
The indicators that you are on an SSL site are varied. A lock in the lower right of the window (FF3), to the right of an address bar (IE 6 and below), or a green address bar (IE7 EV cert) or a green indicator to the left of the address bar (FF3). All except the EV SSL certs are pretty subtle. The success relies on the fact that there are so many varied ways that SSL protection is presented to the user, can you keep track of it all. Quick, which sites use EV certs? You don't know so you don't know what to expect.
So, the attack does a couple of things to fool you. First it proxies your web traffic to secure sites re-writing urls that start with HTTPS to HTTP. The only indicator in browsers is no lock. If you are not looking for it, then you probably won't miss it. But wait, since we are rewriting URL's, why not replace the favicon with a lock. Yummy.
The second type of attack is to proxy HTTPS to HTTPS, but this time the SSL session between you and the proxy is enabled with a valid and trusted SSL certificate. No SSL dialog boxes. Here is how it works. IDN is used so that countries can represent URL in their native character sets. Some non-ascii characters look like characters. So use them to fool the user. These are called homographs. Browsers will convert some IDN based on the TLD. But other TLD, like country codes TLD, the browser won't. The assumption being a
Moxies video is pretty clear.
Apparently this only affects those who don't pay attention...nothing to see here.
Can you make the claim you are 100% vigilant 100% of the time?
It's more subtle than that. It takes away one of the biggest indicators that there is an SSL problem--the dialogs. Watch the presentation video. It's pretty cool. What Moxie shows is that often the indicators of SSL enabled and not enabled are practically non-existent. It's easy to see how most users, even tech savvy ones, could be fooled.
No
Why? Because this doesn't allow victims to harass their abusive partners anonymously?
spoken like a true 'tard. Is that the only reason you can see for wanting to hide your number? so that you can harass someone?
never been abused or threatened, have you? Maybe a case is made because someone wants to call a person who is abusive and you don't want them to call you back? Say, you have an abusive spouse but you have to share custody. You need to call them but don't want them calling you and abusing you? Hrm, maybe that's a good idea.
Abusive people will go along way to make others lives miserable.
Good for you junior. I lived it. sheesh. Is anyone over 20 on /. any more?
There are many commonly known ones. Some even made it into 688(I) Hunter/Killer. There were a few scenarios where you had to hunt a corridor. Pretty cool stuff.
Russians used to do what were called "Crazy Ivans." If you are running at high speed, you can't hear squat, so to check for chasers, they'd do a 180 course change and run back down their track. You can't get precise position using passive means--there is always room for error, so the chasing sub would move out of the way, quickly and often noisily telling the Russian sub it was being followed.
If the Russian didn't detect the follower, the evasion tactic was enough to make the following captain cautious.
good times, good times.
Maybe if you read two sentenced into the deck, you would have seen this little gem "The three-app rule includes applications running in the background but excludes antivirus," [emphasis mine]
while a million Ubuntu licenses running Wine where Windows apps are really needed = $0.
hahahahahahahaha. Wait let me stop laughing long enough to respond. hahahahahaha, nope can't do it. hahahahahahah
I am not affiliated with these guys, but from the faq and the site, here is what I get.
Memory in all computers is mapped to address space.
Right, but you, the programmer, don't worry about memory allocation or de-allocation in the same way. You don't do pointer math or any of that shit. The OS does it for you (which is what an OS should do). Think how Java manages memory is different than now C does. Hopefully, the OS manages memory well.
Nobody needs files? How, exactly, can I retrieve a document then? This FA is damned short on details.
Well, yes, there are "files" managed by the OS, but not directly reachable by a program. You treat a file like an object and just use it. No open, no close, no worrying about the proggie crashing and losing the unwritten data. The OS handles it.
Same with processes. It seems cool. Not sure it has legs, but seems cool indeed.
It doesn't even take into account WHAT Windows 7 installs and WHAT Ubuntu installs.
This is a very interesting point. An Unbuntu install has just about everything you need for most common desktop tasks installed and ready to roll. The time it would take to install similar software in Windows--any version--would be hours (I know, I have rebuilt my laptop a few times.)
Now it's down to how things are "inconsistent" or how it's not easy to get software in the manner of your choosing (rather than using the method provided by the OS).
I hope you are joking. Let's see, Unbuntu has two package managers? What, one is not enough? There must be two? A default install takes 4 GB of drive space? 4GB with no easy options to trim that down?
Oh, yeah, and that pesky install and dependency issues that all Linux distros suffer from.
I have been a Linux user since 1994 and they all suck on one way or another. The desktop versions of Unbuntu and Fedora have come a long, long way and the people who have worked on them should be proud of what they have accomplished. But there is still much more work to do.
here ya go
Admit it, Word can not hold text more than one chapter in one file. MS Word is simply not-good-enough for anything that is longer than 10 pages.
.docs and you will see hundred page files (and larger) in Word.
Bzzzzzt. Wrong, Mr Nikolag. I write for a living and I use Word since that is what is required for production, I regularly turn in 20 pages single spaced. My wife writes novels in the 85-100K word range in Word, regularly. Word handles them just fine.
Search Google for
>>>with NY State already taxing Amazon purchases
They are not allowed to tax Amazon because amazon does not lie within New York's jurisdiction. Ditto if I were to sell an item to you directly - I'm in Pennsylvania and not bound by NY Laws and therefore not obligated to collect tax to pay the NY Legislature. The NY politicians can kiss my shiny-metal ass.
Sigh, until a case is made to a higher court, yes, NY State can and does tax on-line orders.
just like every other animal in the world, we teach ourselves through playing.
Right, and having to torture an NPC teaches you what? How to torture and that doing so is acceptable?
The intent may, and I am making a big assumption here, may be trying to teach the "horrors of torture", but some will take it as a lesson plan for acceptable behavior. Whoever did this in WoW didn't think it through and is irresponsible.
an alternative interpretation is that in a world that Gibson envisioned where data is fleeting and we are deluged with it, there are times when you need to pay attention.
This poem, for all intents and purposes self destructs after the first reading. Therefore, you should pay attention the first time--you won't get another chance.
That was, I think, the intent. Whether he could have written a program that would have enforced that intent better is beside the point (apparently it was "broken"). For the average reader, you'd get one shot.
It's still a compelling thought.
Mod parent Insightful. In Sprokets comment, I can replace "Linux" with "Microsoft" in every case. Just because someone is a Microsoft Admin makes them a monkey. Just because you use L-I-N-U-X doesn't make you a computer God. Sheesh.
An admin is skilled because they are, *gasp*, skilled in the environment they work in. I have met my fair share of Linux admins who couldn't do diddly without X being installed and couldn't install a program from source.