1. They're getting a good patent portfolio that they can use to defend their investment in YouTube with. They're fairly heavily invested in using ffmpeg which may have patent issues. 2. They're getting some very smart people and a user base that they can use to help steer the direction of video they way they want it to go. 3. VP7's being used for video chat by Skype and AIM - they might find it useful for their expanding telecommunications offerings.
Chances are it's gone unless you're willing to spend $2,000 or so on it.
First, try a different USB adapter - I've had some drives that did the same thing in one adapter but worked in others. The one possibility (short of sending it off to a drive recovery specialist) is swapping the drive's electronics with an identical working drive. But if you suspect physical damage to the platters, that's not going to help, and you run the risk of ruining not one but two drives. The legendary fix that circulates the internet (that I've never used) is that you can bring some dead drives back to life temporarily by freezing them. Like I said, I have no experience with it but if you're going to throw it out, it can't hurt other than wasting a little bit of your time.
I'm not a full time professional in data recovery but I am trained and certified in hard drive forensics.
I'm assuming you're talking about recovering data that is lost from corruption errors, not the drive itself dying.
There's a variety of free command line tools that are used for recovering data from corrupted hard drives that function at various levels (such as inodes), but really, unless you have training in them or need something really specific, the graphic (via web browser) frontend Autopsy is the way to go:
The key thing with either the commercial or non-commercial options is to avoid damaging the file system you're working on. This means that if you're attempting to mount the drive from a working machine that you do so read-only (if you get really into this, there are hard drive -> USB mounts that block all writes) and if possible you clone the drive into an image and work on that rather than the original. The free version to do that is dd. Be sure to use the noerror option on it to make sure that a bad sector doesn't cause the process to fail.
Also, clone the entire drive, not just the partition in case there's data that you need outside of the partition. In other words, do this:
If only it was _that_ easy. The braindead voicemail system my cell company forces me to use won't let you delete voicemails until you've listened to "enough" of them (~5 seconds). In other words, if you try to delete the car warranty scam messages without listening to them, you get told, "unable to delete unheard message."
Thank goodness for "features."
That said, I agree that voicemail is a useful part of communications if it's set up cluefully. The combination of the iPhone's visual voicemail, the Google Voice, and traditional voicemail would be great - see a text rendition of each voicemail on your phone and be able to easily delete the ones you don't need at all, read simple messages, or call in and listen to important ones.
Remember: get everything in writing and recorded. That includes statements and discussions about this "you need to extend your leave or we might not be so friendly".
That is one complete idea, which indicates that you should get all statements and discussions about the specific matter in writing and record it.
Then you wrote:
In an extreme case only, I would suggest stating that you are recording all conversations as is your privilege, and then do so (say with a digital camera or something).
That parses as a second idea, which is that you should record ALL conversations, not just the ones specifically related to leaving the company.
I made a small note that people should make sure that what they're doing is legal before doing it because some people don't know that creating an audio recording can be a crime. I didn't criticize what you wrote, just added a footnote. Chill.
P.S. I'm tired and writing in conversational English, but if you really want, pick out any punctuation or other issues if you want.
IANAL but I have had to deal with issues related to recording. Recording someone without their consent may violate state laws. Most states are single party consent but not all. This may or may not be worth hiring a lawyer to verify but at the very least, look up applicable state laws.
It's possible that in five years, ubiquitous LTE coverage will mean streaming radio to cars will suddenly start to become viable, but XM/Sirius has an opportunity to carve out a niche in the meantime, and at that point Sirius/XM will become more of a seller of streaming services than a satellite operator.
If they go bankrupt in the immediate future, they have no opportunity to carve out a niche. It doesn't just look bad for their future, it looks dire. Even if they do manage to survive, having the legacy of satellites will be a weight over their heads that newer competition won't have to worry about. Either they have to spend substantial amounts of money on maintaining the satellite capability or they risk alienating customers who don't want to switch away from satellite (and who will generate bad word of mouth for them if dropped).
Even when they do, you're going to have to find a streaming service worth listening to (hey, here's an idea, subscribe to Sirius!)
Assuming they don't go under as well, streaming services ala Pandora offer features that Sirius doesn't like customizable stations and the ability to skip tracks you don't like.
you've ignored the part of my comment where I pointed out Sirius-XM can exist without satellites.
The point of the article that this discussion is talking about was looking at technologies that the author expects to have financial problems this coming year. The fact that people like ad-free content is irrelevant if there's not enough people willing to pay what's required for a business to justify running it. From what I understand, part of the merger means they can't raise prices for three years, which means they have to increase the number of subscribers or substantially reduce costs. The former sounds challenging and the latter is hard to do without causing subscribers to drop their memberships.
If opportunity exists, it's most likely for someone who buys the satellites for dimes on the dollar after a Sirius bankruptcy, escaping the massive startup costs that they caused as well as overvalued contracts such as Howard Stern.
iPods contain a fixed collection of content that can only be updated when you're at a computer, with items you select in advance. I can't even begin to imagine why you'd bring them up as a Sirius-XM competitor.
Because most people who want to listen to something while they're driving don't really care what form their entertainment comes from - they just want to hear something that they enjoy. As belts get tightened, people will look at what redundancies exist in their life. How many of your friends who subscribe also have mp3 players? I'm not overly familiar with any of Sirius/XM stations other than Lucy, but from what I can tell, it could be pretty easily simulated with about 20GB (if that much) of mp3s. You don't get quite the variety, but you only have songs that you like and you gain the ability to do things like skip and pause. Unless you're a talk radio or sports devotee or for some reason really love one of the satellite radio stations, sticking your favourite mp3s (and maybe subscribing to some podcasts for variety) on an mp3 player make a fine replacement for radio. Personally, I don't like driving to music I don't know - I don't want to be distracted by new material.
I would also have a PR department telling me that it would be good to get some loud media attention for our Do No Evil motto the day after we just did a wee bit o' evil.
Letting employees who are not actively needed go is not evil. It's perhaps sad and unfortunate but it's not evil.
I don't really want to break into some guys windows machine (and what? steal his bookmarks and mp3 collection), I want to break into a commercial company's database and steal financial details
1. Many desktops in corporations have all kinds of financially interesting documents on the hard drive. Excel, Word, locally stored e-mail, etc. 2. Many desktops in corporations have all kinds of interesting passwords on the hard drive. Login procedures/passwords may be found in Word documents and e-mail, for example. Various user name and password combinations may be in the local password file as well as stored by FF/IE/Safari and the like. Chances are those same combinations will be used on other systems. 3. Many desktops in corporations have access to those servers that are not accessible to the outside world.
1. A person tells you that tobacco will do you no harm. 2. The person works for the tobacco industry and will not have a job if people do not buy tobacco.
If it is not valid, it should show up in the evidence, irrespective of the source.
Damage may still be done, regardless of truth or evidence. Witness the number of people who believe to this day that Obama is Muslim. I repeat, lack of consequences had a demonstrated tendency to cause people to act out.
The only time it would be valid is if you are unable to evaluate the evidence, such as national security reason.
Very little can ever be conclusively proven. Statistics are easily subtly twisted.
We should try to find ways to deal with the misbehavior anonymity can cause, without removing it, as removing it often not effective and cause other problems.
The statement that anonymity should be removed is a straw man of your own construction. As far as I can tell, no one in the article advocated removing anonymity.
The moderation system on slashdot works fairly well. I wish it was used more widely.
The moderation system works somewhat well. And I say that as someone with high karma who gets showered in mod points. However, the moderation system's primary advantage is by hiding most trolls and frist posts. Do you know how? By removing anonymity - very little AC content gets upmodded to the point that most people see it. On the other hand, it excels at promoting the/. groupthink.
Much of the time, by the point that a storefront chain puts out the "Going out of business liquidation sale" signs, the original company is dead and gone and a liquidation firm has purchased the assets and is doing business under the original company's name. A fairly standard practice is to raise the prices on everything then advertise "50% off everything in the store!" relying on consumer psychology to kick in. They're specialized in their little niche and keep doing it because it works.
It might be an ad hominem attack (for the definition of ad hominem attack you appear to be operating under). Ad hominem attacks are generally held to be an attempt to use irrelevant personal aspect to counter an argument or statement. Being ad hominem in and of itself is not necessarily fallacious. For example:
Person A: I don't think that smoking causes cancer. Person B: Well, you're male and more men than women smoke, so I don't believe you.
The above is a fallacious ad hominem attack.
Person A: I don't think that smoking causes cancer. Person B: Well, you work for Phillip Morris, so I don't believe you.
The above is ad hominem but not fallacious and so I would not describe it as an attack.
In this case, there's quite a bit of work that's been shows that anonymity has a substantial effect on behavior. Road rage would be a very physical example. In most first world countries, there are negative effects for speaking inappropriately, be it libel/slander lawsuits or simply having your peers and neighbors think less of you. Online communication has shown that when those kinds of accountability are removed, humans misbehave.
That's not to say that anonymity causes everyone to behave badly or that there aren't times that anonymous attacks are useful, but it is very valid to say that anonymous attacks are generally weaker than non-anonymous ones and that anonymity can cause people to behave in ways they otherwise wouldn't.
Or to put it another way, if you got a letter said that your $LOVED_RELATIVE had betrayed you, would you put more trust in it if it were signed (and you verified that the alleged sender was the person who had sent it) or completely anonymous? One of the corner stones of modern law is the right to confront your accuser.
Without IP spoofing attackers are more easily identified and blocked.
What you're suggesting is only really useful against blocking some DoS attacks. Any serious attempt to hack a system can't be be done via spoofing unless you happen to have owned the switches in between the spoofing victim and the attack site. The exception would be if you can do the attack within the first SYN packet or via UDP. Otherwise you just get this:
1.1.1.1 (your real IP) sends a spoofed SYN packet labeled as 2.2.2.2 to victim 3.3.3.3 3.3.3.3 sends a SYN/ACK to 2.2.2.2 2.2.2.2 receives the packet (unless you also control the switches), doesn't know why it's getting an SYN/ACK and sends an RST 3.3.3.3 receives the RST and that's the end of that connection
ISPs should do reasonable restrictions on origination IP addresses but it won't address serious attacks.
Address space layout randomization is (according to MS) the reason why this is a critical update for 2K3 and prior but only important for Vista and is not a feature that users turn off.
And looking at SB08-294 there's a remotely exploitable flaw that a small number of servers have installed (that has already made it into Metasploit), the usual batch of Office flaws and local escalation of privileges, and a hard to do anything reliable with SMB flaw that requires the guest account to be turned on or having an account on the system.
Hardly the same as an on-by-default remotely and easily exploitable flaw.
This is the first major exploit for MS in several years that will enable trivial worm creation.
I believe the second definition is the relevant one. If an exploit is trivial - any moderately skilled script kiddy can create a worm and it's been added to metasploit, it is by definition known.
Microsoft has had something like this occur regularly enough that I found myself already skipping to the next story without even reading the complete heading.
Not any more they don't. This is the first major exploit for MS in several years that will enable trivial worm creation. The last notable one was Zotob in 2005, which was really comparatively minor - the last really big one was Sasser in 2004. Thus, this is important news.
If you read the post slowly and actually acknowledge what it says, it's saying that ever since the incarnation of Windows elite hackers from Russia (or anywhere else) have been able to steal files on any machine with no problem.
The same thing can be said about OpenSSL, BIND, Apache, Sendmail, Samba, and pretty much every major piece of software.
The underground top hackers have exploits that they guard with top secrecy and keep in their box of tricks when nothing else "known" is working.
That's why people who need to worry about top hackers also need to worry about defense in depth.
I still cannot understand why major corporations run Windows of any version in enterprise server farms.
Because it's non-trivial to completely switch platforms. Windows gained the desktop and office software marketshare and whether you think that MS did bad things to get there is irrelevant. Computers are simply a tool to most businesses. If the vast majority of the business software you need as a tool runs on one platform, you use that platform. And you develop your specific tools, generally for that platform. Thus, to support the desktop systems, you get the servers that support them.
And while I don't use them, the integration of the server, database, and programming environment that Microsoft provides is an incredibly good value proposition for some companies. Other than perhaps IBM, no one else can offer that level of coordination for development and server tools.
Microsoft never feels any repercussions of any of these incredible security holes. They don't even loose business over it!
Microsoft has invested heavily in improving their security. Vista is a far more secure piece of software than XP was. And MS has lost business over it - that's part of why Linux and OS X have been able to penetrate the professional and home computer worlds.
I am not a Microsoft fan but your statements don't really add anything to the dialog. Mindless MS bashing does no good.
I won't argue that Debian can't be used in corporate environments. But many commercial software products do not support anything other than RH and possibly SuSE. And there is much better commercial support for them than Debian. Sometimes one person's X year's experience isn't enough and having easy access to a large pool of specialists makes all the difference. A critical system going down can stall the entire company. Staff turnover is also a fact of life. A company can get an RH admin easily. Getting a Debian admin is harder, increasing risk.
Debian people use debian because its better and they are good enough to know why. Sounds like a safer hire, doesn't it?
Or possibly you'll get an "everything must be open" zealot who will yell at you anytime you say Firefox rather than Iceweasel. You'll find experts and idiots using pretty much every single distro out there.
The system was not ORIGINALLY intended to provide someone with a lifetime's worth of income.
While I don't disagree with you that the length of copyright has been made overly long, your premise is not entirely accurate. With a US-centric view, copyright was effectively 28 years from the beginning, at least if the author cared enough to renew the copyright. It's difficult to pinpoint average lifespan for working adults due to pollution of the data with childhood mortality rates, but the rates I can find suggest that if someone made it to 15-21, they could expect to live until 50 (with those in the aristocracy being higher at around 65). Thus, the average person would likely have the vast majority of their works (assuming that the ages of 25-35 were their most productive) covered for most if not all of their lives.
Also of note is that the Statute of Anne, generally thought of as the beginning of copyright law, specifically mentions the wellbeing of the author's family, not simply the author.
I wish the article had good suggestions for how to prevent phishing attacks.
But it does. Given that the miscreants are apparently posting information into public forums, simply enter your credit card number into a google search from time to time and see if it turns up. (Note for those without a sense of humor: don't do that.)
Seriously, what did you expect from a two paragraph writeup (one of which isn't actually about phishing but sale of CCs) of a talk at a conference that says with a wink and a nudge that they cater to the bad guys? There's not actually enough information in the blog (not that there's supposed to be) to warrant getting on slashdot. There's a bunch of resources available discussing the subject if you really need information on the subject.
I think that's grounds for a lawsuit against the employer. They can't discriminate against you for something they found posted on the internet that may or may not have anything to do with you. How can they prove that a post on the internet is about you in the first place....
I re-iterate, if you were denied a job, or worse, lost a job due to something posted online, contact a lawyer about suing the company as well. There is no way an unsubstantiated claim that may or may not even be about you would stand up in court as anything other than wrongful termination or discrimination.
What on earth makes you think that? Other than a few specific protected areas (race, sex, pregnancy, religion, nationality, disability, age, and armed services related ares) that the Federal government carries, plus whatever else is added by state and local governments. You might find searching for "at-will employment" to be enlightening. In general, you can not be hired because your wore a green shirt, you ordered a hamburger at the interview lunch, the interviewer didn't like your personality, or because of your public reputation. Until it crosses over into one of the protected classes, it's at the employer's whim. If your job is to impress people that you're very capable and they should give your firm large amounts of money, what people looking you up on the internet find (true and false) is a very valid concern.
Free speech (within the United States) applies to government muzzles - it has never and should never apply to private areas that the public uses. Just as I have no guaranteed right to free speech in a mall, movie theatre, or someone's front yard, the same applies to online spaces. I'm a little puzzled why people would have legitimate reason to think that online freedom of speech would be guaranteed. They did read the ToS when they created the accounts, yes? (Yes, I know the answer to that question.)
Don't like the ToS? Then don't use the service. Ask the provider to fix the problems. But don't complain about "rights" being non-existent. The services being used are created and paid for by _someone_ - that someone gets to set the rules.
Part of what is great about an open web is that there is a very low bar to entry for people (at least those in first world countries, which the article primarily deals with) to create their own services and sites (limited only be laws). Most of the cases being cited are either free or very low fee sites. It's unrealistic to expect a lot of handholding and hands-on care if you're paying $10/year for photo hosting. If your artistic statement of kids smoking is so important that you have to make it, pony up for a web site someplace. If it's not important enough to the artist to pay $20-100/year for a cheap account why would a corporation be expected to pay the same amount in support costs on the user's behalf?
The second you plug one of these into the suspect's machine while it's running, you just set the criminal free. Reason being, you potentially just altered the original source of data and could have injected you own "evidence". Any lawyer would get you off in a heart beat.
Not at all. Doing a memory capture of running systems (if possible) is considered a standard operating procedure in computer forensics. You do so in a controlled manner using standard, well established tools in a documented manner and you're fine. In theory the latest research into dumping memory immediately after a quick reboot might be better, but that research is new enough that it's not worked its way into the legal system.
ALL digital forensics comes down to a matter of trust. There is no more proof that the version of dd I use to dump (pre-Vista) Window's memory is corrupting evidence than there is that it will reliably image a drive that's been mounted in write only mode. But if I say based on my industry best practices training (with accompanying certification), I used the Helix Live CD version foo (md5sum suchandsuch) to use dd for windows version bar(md5sum suchandsuch) with the command line of suchandsuch piped to nc (version baz, md5sum such and such) which transmitted the image to my acquisition server...
What you're describing is a contract, and contracts have certain qualifications that they must meet in order to be valid. It must be an agreement entered into between two parties and computer software can't operate as a party that can enter into and accept a contract. For example, I can't add Displaying this page in a web browser means you owe me a dollar to this comment, because you have not agreed to it. I can make a website that has a payment system and restricts access to certain pages until you conciously make a payment.
Contracts also have to be considered reasonable. If you could simply insert contracts into web pages that apply to the carrier, nothing would ever get delivered to the user, as someone would have to read each page to make sure there wasn't Copyright is hereby granted to Internet Service Providers to deliver the content of this page provided they give me a pony! or whatever added to the page. It would also go against well established precidents of proxying, ISPs that add compression of the HTML, or ISPs (wireless providers, for example) that compress images. There's a lot of very murky issues regarding copyright issues with web content but in general the courts have been very lenient once a general precedent has been set. For example, web browsers caching content could be considered a violation of 106 with a very reasonable reading of the law, but it's basically been accepted as OK.
Slashdot Mirror
1. They're getting a good patent portfolio that they can use to defend their investment in YouTube with. They're fairly heavily invested in using ffmpeg which may have patent issues.
2. They're getting some very smart people and a user base that they can use to help steer the direction of video they way they want it to go.
3. VP7's being used for video chat by Skype and AIM - they might find it useful for their expanding telecommunications offerings.
Chances are it's gone unless you're willing to spend $2,000 or so on it.
First, try a different USB adapter - I've had some drives that did the same thing in one adapter but worked in others. The one possibility (short of sending it off to a drive recovery specialist) is swapping the drive's electronics with an identical working drive. But if you suspect physical damage to the platters, that's not going to help, and you run the risk of ruining not one but two drives. The legendary fix that circulates the internet (that I've never used) is that you can bring some dead drives back to life temporarily by freezing them. Like I said, I have no experience with it but if you're going to throw it out, it can't hurt other than wasting a little bit of your time.
I'm not a full time professional in data recovery but I am trained and certified in hard drive forensics.
I'm assuming you're talking about recovering data that is lost from corruption errors, not the drive itself dying.
There's a variety of free command line tools that are used for recovering data from corrupted hard drives that function at various levels (such as inodes), but really, unless you have training in them or need something really specific, the graphic (via web browser) frontend Autopsy is the way to go:
http://www.sleuthkit.org/autopsy/
If I'm looking for a specific type of file, sometimes I'll use Foremost:
http://foremost.sourceforge.net/
As far as commercial software, EnCase commonly used but pricey compared to Autopsy.
http://www.guidancesoftware.com/
The key thing with either the commercial or non-commercial options is to avoid damaging the file system you're working on. This means that if you're attempting to mount the drive from a working machine that you do so read-only (if you get really into this, there are hard drive -> USB mounts that block all writes) and if possible you clone the drive into an image and work on that rather than the original. The free version to do that is dd. Be sure to use the noerror option on it to make sure that a bad sector doesn't cause the process to fail.
Also, clone the entire drive, not just the partition in case there's data that you need outside of the partition. In other words, do this:
dd if=/dev/hda of=/forensics/image.dd conv=noerror,sync
Rather than this:
dd if=/dev/hda1 of=/forensics/image.dd conv=noerror,sync
1: Delete by quickly pressing 1 key,
If only it was _that_ easy. The braindead voicemail system my cell company forces me to use won't let you delete voicemails until you've listened to "enough" of them (~5 seconds). In other words, if you try to delete the car warranty scam messages without listening to them, you get told, "unable to delete unheard message."
Thank goodness for "features."
That said, I agree that voicemail is a useful part of communications if it's set up cluefully. The combination of the iPhone's visual voicemail, the Google Voice, and traditional voicemail would be great - see a text rendition of each voicemail on your phone and be able to easily delete the ones you don't need at all, read simple messages, or call in and listen to important ones.
IANALBIAAW. I am not a lawyer but I am a writer.
If you really want to go into it, you wrote:
Remember: get everything in writing and recorded. That includes statements and discussions about this "you need to extend your leave or we might not be so friendly".
That is one complete idea, which indicates that you should get all statements and discussions about the specific matter in writing and record it.
Then you wrote:
In an extreme case only, I would suggest stating that you are recording all conversations as is your privilege, and then do so (say with a digital camera or something).
That parses as a second idea, which is that you should record ALL conversations, not just the ones specifically related to leaving the company.
I made a small note that people should make sure that what they're doing is legal before doing it because some people don't know that creating an audio recording can be a crime. I didn't criticize what you wrote, just added a footnote. Chill.
P.S. I'm tired and writing in conversational English, but if you really want, pick out any punctuation or other issues if you want.
Remember: get everything in writing and recorded.
IANAL but I have had to deal with issues related to recording. Recording someone without their consent may violate state laws. Most states are single party consent but not all. This may or may not be worth hiring a lawyer to verify but at the very least, look up applicable state laws.
It's possible that in five years, ubiquitous LTE coverage will mean streaming radio to cars will suddenly start to become viable, but XM/Sirius has an opportunity to carve out a niche in the meantime, and at that point Sirius/XM will become more of a seller of streaming services than a satellite operator.
If they go bankrupt in the immediate future, they have no opportunity to carve out a niche. It doesn't just look bad for their future, it looks dire. Even if they do manage to survive, having the legacy of satellites will be a weight over their heads that newer competition won't have to worry about. Either they have to spend substantial amounts of money on maintaining the satellite capability or they risk alienating customers who don't want to switch away from satellite (and who will generate bad word of mouth for them if dropped).
Even when they do, you're going to have to find a streaming service worth listening to (hey, here's an idea, subscribe to Sirius!)
Assuming they don't go under as well, streaming services ala Pandora offer features that Sirius doesn't like customizable stations and the ability to skip tracks you don't like.
you've ignored the part of my comment where I pointed out Sirius-XM can exist without satellites.
The point of the article that this discussion is talking about was looking at technologies that the author expects to have financial problems this coming year. The fact that people like ad-free content is irrelevant if there's not enough people willing to pay what's required for a business to justify running it. From what I understand, part of the merger means they can't raise prices for three years, which means they have to increase the number of subscribers or substantially reduce costs. The former sounds challenging and the latter is hard to do without causing subscribers to drop their memberships.
If opportunity exists, it's most likely for someone who buys the satellites for dimes on the dollar after a Sirius bankruptcy, escaping the massive startup costs that they caused as well as overvalued contracts such as Howard Stern.
iPods contain a fixed collection of content that can only be updated when you're at a computer, with items you select in advance. I can't even begin to imagine why you'd bring them up as a Sirius-XM competitor.
Because most people who want to listen to something while they're driving don't really care what form their entertainment comes from - they just want to hear something that they enjoy. As belts get tightened, people will look at what redundancies exist in their life. How many of your friends who subscribe also have mp3 players? I'm not overly familiar with any of Sirius/XM stations other than Lucy, but from what I can tell, it could be pretty easily simulated with about 20GB (if that much) of mp3s. You don't get quite the variety, but you only have songs that you like and you gain the ability to do things like skip and pause. Unless you're a talk radio or sports devotee or for some reason really love one of the satellite radio stations, sticking your favourite mp3s (and maybe subscribing to some podcasts for variety) on an mp3 player make a fine replacement for radio. Personally, I don't like driving to music I don't know - I don't want to be distracted by new material.
I would also have a PR department telling me that it would be good to get some loud media attention for our Do No Evil motto the day after we just did a wee bit o' evil.
Letting employees who are not actively needed go is not evil. It's perhaps sad and unfortunate but it's not evil.
I don't really want to break into some guys windows machine (and what? steal his bookmarks and mp3 collection), I want to break into a commercial company's database and steal financial details
1. Many desktops in corporations have all kinds of financially interesting documents on the hard drive. Excel, Word, locally stored e-mail, etc.
2. Many desktops in corporations have all kinds of interesting passwords on the hard drive. Login procedures/passwords may be found in Word documents and e-mail, for example. Various user name and password combinations may be in the local password file as well as stored by FF/IE/Safari and the like. Chances are those same combinations will be used on other systems.
3. Many desktops in corporations have access to those servers that are not accessible to the outside world.
You have but two facts:
1. A person tells you that tobacco will do you no harm.
2. The person works for the tobacco industry and will not have a job if people do not buy tobacco.
If it is not valid, it should show up in the evidence, irrespective of the source.
Damage may still be done, regardless of truth or evidence. Witness the number of people who believe to this day that Obama is Muslim. I repeat, lack of consequences had a demonstrated tendency to cause people to act out.
The only time it would be valid is if you are unable to evaluate the evidence, such as national security reason.
Very little can ever be conclusively proven. Statistics are easily subtly twisted.
We should try to find ways to deal with the misbehavior anonymity can cause, without removing it, as removing it often not effective and cause other problems.
The statement that anonymity should be removed is a straw man of your own construction. As far as I can tell, no one in the article advocated removing anonymity.
The moderation system on slashdot works fairly well. I wish it was used more widely.
The moderation system works somewhat well. And I say that as someone with high karma who gets showered in mod points. However, the moderation system's primary advantage is by hiding most trolls and frist posts. Do you know how? By removing anonymity - very little AC content gets upmodded to the point that most people see it. On the other hand, it excels at promoting the /. groupthink.
Much of the time, by the point that a storefront chain puts out the "Going out of business liquidation sale" signs, the original company is dead and gone and a liquidation firm has purchased the assets and is doing business under the original company's name. A fairly standard practice is to raise the prices on everything then advertise "50% off everything in the store!" relying on consumer psychology to kick in. They're specialized in their little niche and keep doing it because it works.
It might be an ad hominem attack (for the definition of ad hominem attack you appear to be operating under). Ad hominem attacks are generally held to be an attempt to use irrelevant personal aspect to counter an argument or statement. Being ad hominem in and of itself is not necessarily fallacious. For example:
Person A: I don't think that smoking causes cancer.
Person B: Well, you're male and more men than women smoke, so I don't believe you.
The above is a fallacious ad hominem attack.
Person A: I don't think that smoking causes cancer.
Person B: Well, you work for Phillip Morris, so I don't believe you.
The above is ad hominem but not fallacious and so I would not describe it as an attack.
In this case, there's quite a bit of work that's been shows that anonymity has a substantial effect on behavior. Road rage would be a very physical example. In most first world countries, there are negative effects for speaking inappropriately, be it libel/slander lawsuits or simply having your peers and neighbors think less of you. Online communication has shown that when those kinds of accountability are removed, humans misbehave.
That's not to say that anonymity causes everyone to behave badly or that there aren't times that anonymous attacks are useful, but it is very valid to say that anonymous attacks are generally weaker than non-anonymous ones and that anonymity can cause people to behave in ways they otherwise wouldn't.
Or to put it another way, if you got a letter said that your $LOVED_RELATIVE had betrayed you, would you put more trust in it if it were signed (and you verified that the alleged sender was the person who had sent it) or completely anonymous? One of the corner stones of modern law is the right to confront your accuser.
Without IP spoofing attackers are more easily identified and blocked.
What you're suggesting is only really useful against blocking some DoS attacks. Any serious attempt to hack a system can't be be done via spoofing unless you happen to have owned the switches in between the spoofing victim and the attack site. The exception would be if you can do the attack within the first SYN packet or via UDP. Otherwise you just get this:
1.1.1.1 (your real IP) sends a spoofed SYN packet labeled as 2.2.2.2 to victim 3.3.3.3
3.3.3.3 sends a SYN/ACK to 2.2.2.2
2.2.2.2 receives the packet (unless you also control the switches), doesn't know why it's getting an SYN/ACK and sends an RST
3.3.3.3 receives the RST and that's the end of that connection
ISPs should do reasonable restrictions on origination IP addresses but it won't address serious attacks.
Address space layout randomization is (according to MS) the reason why this is a critical update for 2K3 and prior but only important for Vista and is not a feature that users turn off.
And looking at SB08-294 there's a remotely exploitable flaw that a small number of servers have installed (that has already made it into Metasploit), the usual batch of Office flaws and local escalation of privileges, and a hard to do anything reliable with SMB flaw that requires the guest account to be turned on or having an account on the system.
Hardly the same as an on-by-default remotely and easily exploitable flaw.
This is the first major exploit for MS in several years that will enable trivial worm creation.
I believe the second definition is the relevant one. If an exploit is trivial - any moderately skilled script kiddy can create a worm and it's been added to metasploit, it is by definition known.
Microsoft has had something like this occur regularly enough that I found myself already skipping to the next story without even reading the complete heading.
Not any more they don't. This is the first major exploit for MS in several years that will enable trivial worm creation. The last notable one was Zotob in 2005, which was really comparatively minor - the last really big one was Sasser in 2004. Thus, this is important news.
If you read the post slowly and actually acknowledge what it says, it's saying that ever since the incarnation of Windows elite hackers from Russia (or anywhere else) have been able to steal files on any machine with no problem.
The same thing can be said about OpenSSL, BIND, Apache, Sendmail, Samba, and pretty much every major piece of software.
The underground top hackers have exploits that they guard with top secrecy and keep in their box of tricks when nothing else "known" is working.
That's why people who need to worry about top hackers also need to worry about defense in depth.
I still cannot understand why major corporations run Windows of any version in enterprise server farms.
Because it's non-trivial to completely switch platforms. Windows gained the desktop and office software marketshare and whether you think that MS did bad things to get there is irrelevant. Computers are simply a tool to most businesses. If the vast majority of the business software you need as a tool runs on one platform, you use that platform. And you develop your specific tools, generally for that platform. Thus, to support the desktop systems, you get the servers that support them.
And while I don't use them, the integration of the server, database, and programming environment that Microsoft provides is an incredibly good value proposition for some companies. Other than perhaps IBM, no one else can offer that level of coordination for development and server tools.
Microsoft never feels any repercussions of any of these incredible security holes. They don't even loose business over it!
Microsoft has invested heavily in improving their security. Vista is a far more secure piece of software than XP was. And MS has lost business over it - that's part of why Linux and OS X have been able to penetrate the professional and home computer worlds.
I am not a Microsoft fan but your statements don't really add anything to the dialog. Mindless MS bashing does no good.
In speakers, these things are all happening because the membranes react to EM fields
...
I'm amazed at how often people mistake their ignorance for knowledge.
Indeed.
I won't argue that Debian can't be used in corporate environments. But many commercial software products do not support anything other than RH and possibly SuSE. And there is much better commercial support for them than Debian. Sometimes one person's X year's experience isn't enough and having easy access to a large pool of specialists makes all the difference. A critical system going down can stall the entire company. Staff turnover is also a fact of life. A company can get an RH admin easily. Getting a Debian admin is harder, increasing risk.
Debian people use debian because its better and they are good enough to know why. Sounds like a safer hire, doesn't it?
Or possibly you'll get an "everything must be open" zealot who will yell at you anytime you say Firefox rather than Iceweasel. You'll find experts and idiots using pretty much every single distro out there.
The system was not ORIGINALLY intended to provide someone with a lifetime's worth of income.
While I don't disagree with you that the length of copyright has been made overly long, your premise is not entirely accurate. With a US-centric view, copyright was effectively 28 years from the beginning, at least if the author cared enough to renew the copyright. It's difficult to pinpoint average lifespan for working adults due to pollution of the data with childhood mortality rates, but the rates I can find suggest that if someone made it to 15-21, they could expect to live until 50 (with those in the aristocracy being higher at around 65). Thus, the average person would likely have the vast majority of their works (assuming that the ages of 25-35 were their most productive) covered for most if not all of their lives.
Also of note is that the Statute of Anne, generally thought of as the beginning of copyright law, specifically mentions the wellbeing of the author's family, not simply the author.
I wish the article had good suggestions for how to prevent phishing attacks.
But it does. Given that the miscreants are apparently posting information into public forums, simply enter your credit card number into a google search from time to time and see if it turns up. (Note for those without a sense of humor: don't do that.)
Seriously, what did you expect from a two paragraph writeup (one of which isn't actually about phishing but sale of CCs) of a talk at a conference that says with a wink and a nudge that they cater to the bad guys? There's not actually enough information in the blog (not that there's supposed to be) to warrant getting on slashdot. There's a bunch of resources available discussing the subject if you really need information on the subject.
I think that's grounds for a lawsuit against the employer. They can't discriminate against you for something they found posted on the internet that may or may not have anything to do with you. How can they prove that a post on the internet is about you in the first place. ...
I re-iterate, if you were denied a job, or worse, lost a job due to something posted online, contact a lawyer about suing the company as well. There is no way an unsubstantiated claim that may or may not even be about you would stand up in court as anything other than wrongful termination or discrimination.
What on earth makes you think that? Other than a few specific protected areas (race, sex, pregnancy, religion, nationality, disability, age, and armed services related ares) that the Federal government carries, plus whatever else is added by state and local governments. You might find searching for "at-will employment" to be enlightening. In general, you can not be hired because your wore a green shirt, you ordered a hamburger at the interview lunch, the interviewer didn't like your personality, or because of your public reputation. Until it crosses over into one of the protected classes, it's at the employer's whim. If your job is to impress people that you're very capable and they should give your firm large amounts of money, what people looking you up on the internet find (true and false) is a very valid concern.
Free speech (within the United States) applies to government muzzles - it has never and should never apply to private areas that the public uses. Just as I have no guaranteed right to free speech in a mall, movie theatre, or someone's front yard, the same applies to online spaces. I'm a little puzzled why people would have legitimate reason to think that online freedom of speech would be guaranteed. They did read the ToS when they created the accounts, yes? (Yes, I know the answer to that question.)
Don't like the ToS? Then don't use the service. Ask the provider to fix the problems. But don't complain about "rights" being non-existent. The services being used are created and paid for by _someone_ - that someone gets to set the rules.
Part of what is great about an open web is that there is a very low bar to entry for people (at least those in first world countries, which the article primarily deals with) to create their own services and sites (limited only be laws). Most of the cases being cited are either free or very low fee sites. It's unrealistic to expect a lot of handholding and hands-on care if you're paying $10/year for photo hosting. If your artistic statement of kids smoking is so important that you have to make it, pony up for a web site someplace. If it's not important enough to the artist to pay $20-100/year for a cheap account why would a corporation be expected to pay the same amount in support costs on the user's behalf?
The second you plug one of these into the suspect's machine while it's running, you just set the criminal free. Reason being, you potentially just altered the original source of data and could have injected you own "evidence". Any lawyer would get you off in a heart beat.
Not at all. Doing a memory capture of running systems (if possible) is considered a standard operating procedure in computer forensics. You do so in a controlled manner using standard, well established tools in a documented manner and you're fine. In theory the latest research into dumping memory immediately after a quick reboot might be better, but that research is new enough that it's not worked its way into the legal system.
ALL digital forensics comes down to a matter of trust. There is no more proof that the version of dd I use to dump (pre-Vista) Window's memory is corrupting evidence than there is that it will reliably image a drive that's been mounted in write only mode. But if I say based on my industry best practices training (with accompanying certification), I used the Helix Live CD version foo (md5sum suchandsuch) to use dd for windows version bar(md5sum suchandsuch) with the command line of suchandsuch piped to nc (version baz, md5sum such and such) which transmitted the image to my acquisition server...
It holds up.
IANAL.
What you're describing is a contract, and contracts have certain qualifications that they must meet in order to be valid. It must be an agreement entered into between two parties and computer software can't operate as a party that can enter into and accept a contract. For example, I can't add Displaying this page in a web browser means you owe me a dollar to this comment, because you have not agreed to it. I can make a website that has a payment system and restricts access to certain pages until you conciously make a payment.
Contracts also have to be considered reasonable. If you could simply insert contracts into web pages that apply to the carrier, nothing would ever get delivered to the user, as someone would have to read each page to make sure there wasn't Copyright is hereby granted to Internet Service Providers to deliver the content of this page provided they give me a pony! or whatever added to the page. It would also go against well established precidents of proxying, ISPs that add compression of the HTML, or ISPs (wireless providers, for example) that compress images. There's a lot of very murky issues regarding copyright issues with web content but in general the courts have been very lenient once a general precedent has been set. For example, web browsers caching content could be considered a violation of 106 with a very reasonable reading of the law, but it's basically been accepted as OK.