History shows that any "fence" or edifice to "security" is almost always, like the Great Wall designed to keep it's citizens in, rather than invaders out.
First, there is no consensus that the Great Wall was created to keep citizens in, as nice as a soundbyte as it makes. Second, history does not show what you claim it does. Off the top of my head, European castles, the Maginot Line, the fences around U.S. military bases in Vietnam, the fences Israel uses to restrict Palestinian access to Israel itself, and the fences that the U.S. attempts to use at the Mexican border to keep illegal immigrants out are all examples of fences designed to keep the "other" from coming in.
In fact, fences being used to keep _citizens_ in is relatively uncommon. They are most commonly used to keep the "other" out, to mark property lines, or to keep animals, livestock, or children within a certain area.
But in any case, what exactly is your point? That you can compare the actions of a feudal society's relationship to its people to basics of computer security in a pithy two sentence statement and be insightful? Would you also claim that the edifice of WSUS for patch management is another example of the man trying to keep the federal employees down? Your fence analogy doesn't even hold up - this is a _gate_ - designed for deliberate flow to and fro.
The article does specifically state that the monitoring systems are designed to keep certain information from leaving via the internet (whether intentionally or not) but that doesn't indicate that this is some feudal oppression system to choke the minds of federal employees. They are free to use whatever internet provider they wish when they get home, are they not? It's a firewall on steriods designed to protect government computers and data. Don't try to make it into something that it's not.
Sort of. While there would be fewer targets, in theory the gateways would have very high levels of connectivity, resources, and knowhow behind them that might not exist with smaller agencies doing their own thing.
More importantly, think in terms of what the attacker is trying to do with a DoS and what the US government is attempting to do with the network. DoS attacks are frequently used as an extortion technique. This obviously won't work against the US government - even if the attack worked, there's no way the administration would lose face by paying to have it ended.
Another common use is to attempt to do damage to the target's ability to do work. In this case, the government branches would still be able to communicate with each other, both through the non-internet secure networks and because they could cluster behind their series of gateways. Information flow to the internet might be interupted but the crucial data could still get through. They would also have the ability to bring up alternative connections to the internet from the gateways in order to restore outgoing access to the internet. It's relatively easy to DoS a small company's ability to do work by attacking their internet connection. When you're dealing with something the magnitude of the federal government and the number of alternative networks available, it's very hard to do the same level of damage. Many critical things have to be designed to still work if the internet were to go offline for whatever reason.
The "gateway" methodology splits the world into inside and outside, not a usefull split, since there are *always* bad guys on the inside.
The "gateway" methodology is the basis for pretty much all security, physical and computer. How do you think security on a military base works? You keep out people who aren't supposed to be there. It doesn't mean that someone who is supposed to be there isn't working contrary to your best interest, but it eliminates a bunch of the low hanging fruit so you can focus your effort on the really dangerous ones. The same thing applies keeping hostile external traffic out of your network. An approach doesn't have to be 100% effective to be a cost effective step nor can you say that it's bad to take a step against external attacks because it doesn't prevent internal attacks - it's not meant to. It's just one layer in proper defense in depth.
Paypal is one of the least secure financial sites on the internet. Not only are email addresses used as user names, there are no secondary passwords or pins for transactions
Then there is the issue of accounts being linked with eBay with passwords often matching.
That's a user/human problem, not something specific to E-bay and Paypal. While, in this case, because the two are the same company they could force consumers to have different passwords, it would negatively impact the user satisfaction and it wouldn't solve the problem that the same password is likely to work on the user's online banking as well.
The police need to investigate these crimes and send the bill to the sites where the crime occured.
Do you propose the same thing should apply to physical crimes as well?
They should also automatically fine the criminals 20x what they stole and charge them for rent for the time they lock them up (which can be as little as 3 days, I don't think this matters).
Many criminals are criminals because they don't have any money. Shall we lock them up if they are unable to pay? It's been tried already. Take away hope and you only force criminals into greater levels of dangerous activity.
If any credit card fraud occurs, even in the smallest amounts, these cases need to be processed by law enforcement and fines need to be handed out. Too many people know they can get away with it, and keep repeating the same crime.
All big business is a matter of risk analysis and risk assessment, and believe me, the credit card companies spend an awful lot of effort on the issue. There is a level of crime and fraud where the effort and more importantly cost to prevent and prosecute offenders is greater than the cost of just writing off the damage. And the biggest groups of criminals are aware of where that limit is and make sure that they stay under it. And given that a large amount of fraud and theft is overseas in countries where getting someone prosecuted is difficult if not impossible, how much time and money do you think is reasonable to spend trying to chase them?
Don't get me wrong, there are problems with the system that should be fixed, but it's not as simple as you make it out to be.
I personally make a distinction between non-commercial/educational use and use for commercial gain (the RIAA goes after private individuals who shared music with other private individuals non-commercially).
A key difference between music and [commercial, as in what the pictures in question are] photography is that the vast majority of the money involved in selling music is to private individuals. Saying, "No harm, no foul," if people want to use your images as a screensaver image or whatever is fine to your bottom line, as your income source from the photos is licensing them to a small number of people at a relatively high price.
With music, chances are that "non-commercial use" is your only source of income from a song. While it's true that you might get lucky and be able to get a big paycheck if someone decides to use it in an ad, movie, or TV show, don't hold your breath. Just because someone's not making money off of the work doesn't mean that it's not in reality depriving the content creator and rights holder of income.
There are artists who freely encourage people to share their music as much as desired - that's their choice. I recommend it to quite a few of the artists I work with. But the key word is choice.
The article has very little to do with what you're describing - simple common name/password attacks - which have been going on for years. Iif [sic] you use non-attack-dictionary passwords, these aren't a threat. They just sit there and try things like root/password, root/passw0rd, etc.
These attacks are so common that no one tracks them anymore. SANS has a system that you can submit your firewall logs to but not the detailed syslog information. You can attempt to report the attacks to the appropriate parties - the ISP in the case of home users, the admins of servers, etc. Sometimes you'll get results, often you won't.
Have you disabled root logins for ssh? If not, so so. If you want to reduce the chatter that fills up your log files, change ssh to a different port. You can get various software to automagically firewall off offending systems, but be careful in configuring them - if you're not careful you could end up accidentally blocking out yourself or your users (or allowing someone else to do so).
The web is not just HTML at this point. Both QuickTime and RealPlayer have had notable exploits in the past few months. Acrobat and Flash have had major security holes as well. Just relying on the fact that you're using Firefox doesn't mean that you're not vulnerable.
I just read a study (yes, lacking a study and my search-fu is failing at the moment) where right mouse actions were shown to significantly enhance a large majority of business use in computers. There's some users who have issues with two+ mouse buttons, but as new generations emerge with computer use as a standard, those users will become a smaller and smaller portion of users. Should they be served by the industry? Yes. Should they be allowed to hold back the general populace? No. There's nothing wrong with non-power users having a simple appliance that caters to their needs. A PS3 controller would confuse most people in their sixties, that doesn't mean that the industry should stick to Atari 2600 single button controllers.
I work for a university and the vast majority of the students are proficient with the basics of technology. A right mouse button doesn't confuse the generation that grew up with Playstations as the basic videogame system, who send dozens of SMS texts a day, and who started IMing at an age when most people in my generation didn't have an e-mail account. Quite a few of them that I know hate Macs and cite the single mouse button as part of that. And the ones I know who do own and love Macs didn't buy them because of single buttons.
As far as Apple, adding a meta-key to the keyboard doesn't remove the problem, it just moves it and changes it slightly. To many users, right clicking something is far more intuitive than having to hit something on the keyboard and click at the same time. Which then introduces the question of whether they want to hit shift, control, alt, or command and click.
And the mighty mouse is not a major win. First, the "everything is a button" drives people like me crazy - we put enough pressure down on the mouse that it inadvertently triggers a click. And the side located alternate mouse buttons drive me crazy as well between the placement and inadvertently triggering them while just trying to move the mouse around. Perhaps if they were the only thing I ever used I could adapt, but the fact is I live in a Windows/Linux/OS X integrated world. And it doesn't address the fact that the laptops still ship with one mouse button (and no, the software workarounds are not as good as two physical buttons). There's a simple enough fix - put two buttons on it, map both to the main button if the user can't handle two buttons and configures the system for single button use in System Preferences.
Rape psychologically destroys the victim for the rest of his/her life.
I know people who were molested as children (both incest and non), people who were date raped, and people who were raped by strangers as adults. They have by and large gone on to have meaningful relationships and lives. Do some suffer from depression or have bad relationships? Yes, but not meaningfully more than the people I know who weren't raped.
Because no one wants another pandemic like the one that killed more people than WWI. No one wants to be responsible for that, so they use the tools they have available--antibiotics. Those tools become less effective every day, but when it's all you have it's all you have.
The WWI era pandemic was an influenza virus pandemic and antibiotics do not affect it. People who think that antibiotics work against the flu are part of why they become less effective every day.
You had posted saying that expecting a business to cater to you reflects a sense of entitlement and that the only way to get what you want is to run your own business. That simply isn't true - employees often seek perks (contractual and not) and if they deliver a desired value to the company, they get them. There are plenty of benefits to negotiating such things rather than being a contractor. My friends at Google get some quite nice benefits, for example, but it they approached Google as an S-Corp of one they would not get the job.
If you're good enough (and can demonstrate and prove your worth), you can get almost any benefit/perk as either an employee or contractor. If your demands are greater than your benefit to the company or there is someone of similar capability but less cost, you can't get them, no matter how you approach it. The problem with the sense of entitlement is not that employees want flex hours (or whatever) but when they don't have the capabilities to make themselves worth it to the company
One problem is that DDoS attacks sometimes use spoofed packets and many ISPs still allow client computers to send packets that they have no legitimate reason to do so.
Let's say that I'm an attacker at 1.2.3.4 and wanting to hit your box at 2.3.4.5 while using some random person's (or possibly a second DDoS target) IP of 3.4.5.6. If my bot's ISP were set up in the ideal manner, the bot could only send packets that are labeled as coming from 1.2.3.4. The reality is that many ISPs aren't, so I send a SYN packet that appears to be coming from 3.4.5.6 to your server. Your server dutifully sends a SYN/ACK packet to 3.4.5.6 which has no idea what your server is talking about and sends a reset packet. The only information in either system's logs refers to 2.3.4.5 and 3.4.5.6 leaving the attacker to continue to have fun.
But beyond that, what you suggest is true of any botnet. They often leave traces and evidence that can be used to shut down individual nodes. The problem is getting ISPs and their customers to actually fix the problem. It's often hard to get ISPs to act on direct, provable things like hosting phishing sites let alone "here's two packets that we believe contributed to a DDoS attack." The current system does not provide strong enough incentives for either the ISP or the consumers to take care of the problem.
And slavery would be legal, voting rights would be severely restricted, most commonly practiced sexual acts would be illegal (but it would be impossible to rape one's wife, even if she said no, in many states), and in many states the activities you could do on Sundays would be severely restricted. The Indian Intercourse Act, created in the same year as the copyright act you refer to, designates the majority of the land in the current United States as "The Indian Territory." So what exactly is your point?
There are many interesting and insightful things that can be said about the damage done by overextension of copyright periods. Just complaining that things were "better in the old days" is not one of them. Law changes and evolves for better and worse. A simple fact about life over two hundred years ago without supporting facts and analysis does not actually add anything other than placate the "I want everything to be free" crowd.
I'm not sure Flashblock will help in this case. As far as I can tell, it goes back after the page has finished loading and removes the Flash rather than keeping it from loading in the first place. That could be easily be long enough for an exploit to take effect. I believe NoScript's Flash blocking would work but can't say for certain.
Think in terms of not just tagging books, but individual chapters and sections, being able to drill down directly to the really useful parts based on other people's experiences. Or being able to find completely off the wall matches like finding art books that are surprisingly applicable to an HCI course or whatever.
Also, student tagging would have the benefit of allowing much harsher commentary than the current standards of professionalism in librarians allows. This would be both a good and bad thing.
The videogame route is going to lead to clunky Secondlife-esque attempts to reproduce the physical library which gives the worst of both the digital and physical worlds. If any concept needs to be applied to renovating library systems for "digital natives" it's the social networking and recommendation systems. Videogames might represent how the current generation of kids relax, but social networking represents how they gather and spread information.
Being able to see what other people who have taken the same class before have read and found useful would be an example or a shared tagging system. There's some obvious problems that would need to be addressed though. The first obviously being privacy. The second being that most people aren't likely to blog/otherwise document things that aren't that interesting. And the third being that there would be some artificial inflation if they thought other people would be looking ("Of _course_ I read Gödel, Escher, and Bach the first week I got to college.")
Some of the article is just plain common sense like expanding support hours and using IMs/SMS. Other parts lean into bad ideas like the LAN parties. And then there's ideas like this:
With video games, "you can play while you are inept," he said. There is also an assumption that players of games are rewarded for "exploring," even if they don't achieve the goal they have set out to achieve. "Lowered consequences of failure" is a key value to embrace, he said.
There's only so much coddling that young people should get. The world and the workplace do not embrace "lowered consequences of failure" - producing graduates who have that expectation does not do them any favours. Don't get me wrong, I'm all for well designed user interfaces and there's no reason that a user shouldn't be able to sit down at a computer and use an electronic card catalog for 90% of its functionality with no training assuming they've grown up using computers. Sadly, there are some truly terrible ones out there. But there's nothing wrong with a system that requires some effort and some learning in order to get the best results.
There have been dozens (at least, and excluding dupes) of stories covering systems that can lift the last ten layers of disk content off a drive.
Writing a one or zero to a hard drive leaves a pretty solid magnetic print. Magnetic media has a fair amount of memory, but that mostly comes into play with analog signals where there's a range rather than hard off or on. Given that hard drives have no built in way to recover data like you suggest, you would theoretically need to move the disks to a special reader in a clean room, ensure that the hard drive platters were compatable with your special reader, and then painstakingly go through a bit by bit recover the data. We're talking about an extremely long, still hypothetical process. It's one thing to develop technology that might be able to extract wiped bits - recovering gigabytes of data is another matter. Maybe the NSA has something worked out but it's not going to be brought into play for a matter like this. If the data is erased, it's gone.
I'm not sure I would trust a technologically-ignorant group to run a critical service.
Not to be too much of a jerk, but reading something on slashdot doesn't mean it's true or that you are technologically informed. Here's my instructor who stated that magnetic recovery is very unlikely. Can you show an equally reliable source that says that it is?
unless using special hardware like one of those USB-to-USB network dongles
That's the great thing about the fact that Apple controls all the hardware manufacturing - they could just build that functionality into each system they ship.
A dead or dying Macintosh can be rebooted into target disk mode and all its data transferred to another machine via that Firewire port. Or you can use it for TCP/IP at 400 mbits/second, or to attach a port-powered bootable hard disk.
None of those uses is insignificant, nor can USB be considered a suitable substitute.
Target disk mode is indeed nice, but there's no reason Apple couldn't make it work with USB as well. Enterprises aren't using Firewire for TCP/IP for desktops. TCP/IP over firewire is a very, very small market. Port powered hard drives are vaguely nice, but not an overwhelming issue. For one thing, I can make an OS X bootable USB key at this point. For another, I can get USB powered hard drives. Further, carrying an extra adaptor is not a huge issue to me. But most importantly, most of my firewire powered capable drives come with an external supply and a recommendation to use them.
Or to phrase it another way, if Firewire is that important, why can't I buy a current model iPod that uses it?
As far as the zoom button, iTunes toggles between the miniplayer (which also throws a wrench in that it changes the layout of the close/zoom/dockify buttons) and the normal player. I don't know of too many inconsistancies with Apple software and the zoom button, but there is a lot of confusion in third party software and development environments as far as how to handle it.
With the closing/don't close issue, what exactly is a document? Terminal continues to run but iWeb doesn't? Garageband goes to the project selection page? That doesn't make logical sense to me.
There's also been some heated discussions on whether Apple has abused their guidelines as far as when to use brushed metal.
once you're using the "mixed environment OS X", you're bound to one supplier (Apple) once and forever.
A very good point. Related - Apple is very dependent on Steve Jobs as a figurehead and visionary. If something should happen to him, I suspect Apple would take a massive plunge.
I think the new servers made everyone take notice in the business world.
Not really. There's one version of the server. They made a bunch of mistakes in the hardware design (turning off the USB and Firewire ports when you locked the drives in, for example). It took them several revisions of the hardware to add redundant PSUs.
Tellingly, there was a lot of press when Virginia Tech created the first XServe supercomputer. But look how few people followed in the same footsteps.
(As a note - I _am_ an OS X (and Linux and Windows) user and admin. I have dozens of Apples ranging from G4s, G5s, Mac Pros, Powerbooks, MPros, and Xserves.)
The learning curve and disparity of Linux distributions is too high for easy general office use.
As someone else noted already, dismissing Linux with a single line is a little silly. Ubunutu is starting to gather desktop momentum. But I'll ignore the Linux factor. There is also a learning curve for moving from Windows to OS X, some of which Apple refuses to deal with. Many users are very used to AND prefer keyboard shortcuts to access pulldown menus, for example. The lack of consistancy for what the green window size button does is fustrating. Even Apple's own software fails to consistantly follow their own UI guidelines. Again, for example, a few applications quit entirely when you close the window while the majorty close the window but the program continue to run.
Many corporate applications have been ported to W3-compliant Web services that are OS-agnostic
Um... yeah. Sure. Which Enterprises are these again? Most Enterprises run tons of legacy software that's connected to via local software (often written in VB) or IE only frontends. Part of being an Enterprise level business is that you have years and decades worth of IT cruft that's built up.
Because Macs work with Microsoft's directory, enterprise administrators can now more easily manage Macs alongside Windows machines.
OS X works with _some_ parts of AD. There is still no viable replacement for Outlook on OS X. Whether you like Outlook with Exchange or not (I don't), there's very little that can do everything it can, and most Enterprise scale businesses are wrapped around it. Remember, it's not just a mail client or a personal scheduler, it's a foundation that many other companies have built on top of the scheduling features.
Yes, you can add virtualization, but then you're back to the problems of running Windows, plus now you have additional administration overhead of running and managing two OSes on each system plus additional user training and problems.
I'm also unaware of a way that I can push updates and settings to OS via Group Policies without using third party software. This is a key factor to Enterprises. A huge factor in deciding whether to shift OSes is the fact that the IT staff must be trained and experienced in what they're going to move to. If they've put years into developing internal tools to manage and deal with Windows, the cost of moving to OS grows.
We find that most PCs that are sold as enterprise desktops are actually stripped-down, lightweight versions of the computers the same companies sell to home users. These machines lack the basic technologies needed in the modern enterprise. Apple, on the other hand, simply doesn't sell a minimalist computer whose predominant 'feature' is its price point, aimed at businesses or any other market."
For instance, you can't buy a Mac without at least 512MB of RAM, Bluetooth, 802.11g Wi-Fi networking, Gigabit Ethernet, FireWire and even a remote control..."
My last big batch of Windows desktops were purchased nearly 3 years ago and have 1GB RAM, gigabit ethernet, and have been just fine.
Firewire? Why do enterprise desktop users need firewire? The only reason you need it is for digital video and audio or extremely fast file transfers. Not desktop use. WiFi? I don't want desktop users using WiFi. That's why we have millions of dollars of copper and fiber infrastructure with security features and VLANs. Wireless is great for some things, but it does not scale and it is inherently less secure than hardwire. Even just having 802.11 means that every single desktop is a potential rogue WiFi station letting people inside the firewall. Great. Bluetooth? Sort of neat, but again, desktop users don't need it and it opens up security issues. And I can't believe they even tried to cite having a remote control
Get a FUCKING CLUE you goddamned prudish religious freaks.
Um, what was that line about physician heal thyself? Allow me to impart the clue. Here's what the flamewar that you decided to pile onto consisted of:
WebHostingGuy pointed out that the financial donations were quite small in the large scheme of things. Dr. Spork claimed that the vaccine was likely to be a 100% cure for cervical cancer, which if you are a doctor, you know if false. There were some other statements about cancer being bad and so on. Jhon disagreed with the 100% statement, pointing out that the vaccine only covers the dominant strains of HPV and noting that there are non-HPV related cervical cancers. WebHostingGuy claimed that eliminating the Merck covered strains would be 100% effective. Jhon once again noted that there are many strains of HPV, but concludes with, "You're statement that "only those few types of HPV cause cervical cancer" is untrue. There are many. It would, however, be true to say that most hpv-linked cancers are casued by 4 different strains of HPV." AC ("I'm a pathologist!!1!") goes off on a straw man, claiming that because Jhon pointed out that the vaccine won't stop all cervical cancer that he obviously wants people to have cancer, and then proceeds to go with an specious ad homimem attack claiming that Jhon follows primitive superstitions. You then add your "clue" by ranting about how unpleasant cancer is, concluding with your contribution to the specious religion attack. Thanks so much for adding your wisdom. Perhaps you should read for context first next time?
Slashdot Mirror
History shows that any "fence" or edifice to "security" is almost always, like the Great Wall designed to keep it's citizens in, rather than invaders out.
First, there is no consensus that the Great Wall was created to keep citizens in, as nice as a soundbyte as it makes. Second, history does not show what you claim it does. Off the top of my head, European castles, the Maginot Line, the fences around U.S. military bases in Vietnam, the fences Israel uses to restrict Palestinian access to Israel itself, and the fences that the U.S. attempts to use at the Mexican border to keep illegal immigrants out are all examples of fences designed to keep the "other" from coming in.
In fact, fences being used to keep _citizens_ in is relatively uncommon. They are most commonly used to keep the "other" out, to mark property lines, or to keep animals, livestock, or children within a certain area.
But in any case, what exactly is your point? That you can compare the actions of a feudal society's relationship to its people to basics of computer security in a pithy two sentence statement and be insightful? Would you also claim that the edifice of WSUS for patch management is another example of the man trying to keep the federal employees down? Your fence analogy doesn't even hold up - this is a _gate_ - designed for deliberate flow to and fro.
The article does specifically state that the monitoring systems are designed to keep certain information from leaving via the internet (whether intentionally or not) but that doesn't indicate that this is some feudal oppression system to choke the minds of federal employees. They are free to use whatever internet provider they wish when they get home, are they not? It's a firewall on steriods designed to protect government computers and data. Don't try to make it into something that it's not.
Wouldn't this make DoS easier, not harder?
Sort of. While there would be fewer targets, in theory the gateways would have very high levels of connectivity, resources, and knowhow behind them that might not exist with smaller agencies doing their own thing.
More importantly, think in terms of what the attacker is trying to do with a DoS and what the US government is attempting to do with the network. DoS attacks are frequently used as an extortion technique. This obviously won't work against the US government - even if the attack worked, there's no way the administration would lose face by paying to have it ended.
Another common use is to attempt to do damage to the target's ability to do work. In this case, the government branches would still be able to communicate with each other, both through the non-internet secure networks and because they could cluster behind their series of gateways. Information flow to the internet might be interupted but the crucial data could still get through. They would also have the ability to bring up alternative connections to the internet from the gateways in order to restore outgoing access to the internet. It's relatively easy to DoS a small company's ability to do work by attacking their internet connection. When you're dealing with something the magnitude of the federal government and the number of alternative networks available, it's very hard to do the same level of damage. Many critical things have to be designed to still work if the internet were to go offline for whatever reason.
The "gateway" methodology splits the world into inside and outside, not a usefull split, since there are *always* bad guys on the inside.
The "gateway" methodology is the basis for pretty much all security, physical and computer. How do you think security on a military base works? You keep out people who aren't supposed to be there. It doesn't mean that someone who is supposed to be there isn't working contrary to your best interest, but it eliminates a bunch of the low hanging fruit so you can focus your effort on the really dangerous ones. The same thing applies keeping hostile external traffic out of your network. An approach doesn't have to be 100% effective to be a cost effective step nor can you say that it's bad to take a step against external attacks because it doesn't prevent internal attacks - it's not meant to. It's just one layer in proper defense in depth.
Paypal is one of the least secure financial sites on the internet. Not only are email addresses used as user names, there are no secondary passwords or pins for transactions
You mean like this?
Then there is the issue of accounts being linked with eBay with passwords often matching.
That's a user/human problem, not something specific to E-bay and Paypal. While, in this case, because the two are the same company they could force consumers to have different passwords, it would negatively impact the user satisfaction and it wouldn't solve the problem that the same password is likely to work on the user's online banking as well.
The police need to investigate these crimes and send the bill to the sites where the crime occured.
Do you propose the same thing should apply to physical crimes as well?
They should also automatically fine the criminals 20x what they stole and charge them for rent for the time they lock them up (which can be as little as 3 days, I don't think this matters).
Many criminals are criminals because they don't have any money. Shall we lock them up if they are unable to pay? It's been tried already. Take away hope and you only force criminals into greater levels of dangerous activity.
If any credit card fraud occurs, even in the smallest amounts, these cases need to be processed by law enforcement and fines need to be handed out. Too many people know they can get away with it, and keep repeating the same crime.
All big business is a matter of risk analysis and risk assessment, and believe me, the credit card companies spend an awful lot of effort on the issue. There is a level of crime and fraud where the effort and more importantly cost to prevent and prosecute offenders is greater than the cost of just writing off the damage. And the biggest groups of criminals are aware of where that limit is and make sure that they stay under it. And given that a large amount of fraud and theft is overseas in countries where getting someone prosecuted is difficult if not impossible, how much time and money do you think is reasonable to spend trying to chase them?
Don't get me wrong, there are problems with the system that should be fixed, but it's not as simple as you make it out to be.
I personally make a distinction between non-commercial/educational use and use for commercial gain (the RIAA goes after private individuals who shared music with other private individuals non-commercially).
A key difference between music and [commercial, as in what the pictures in question are] photography is that the vast majority of the money involved in selling music is to private individuals. Saying, "No harm, no foul," if people want to use your images as a screensaver image or whatever is fine to your bottom line, as your income source from the photos is licensing them to a small number of people at a relatively high price.
With music, chances are that "non-commercial use" is your only source of income from a song. While it's true that you might get lucky and be able to get a big paycheck if someone decides to use it in an ad, movie, or TV show, don't hold your breath. Just because someone's not making money off of the work doesn't mean that it's not in reality depriving the content creator and rights holder of income.
There are artists who freely encourage people to share their music as much as desired - that's their choice. I recommend it to quite a few of the artists I work with. But the key word is choice.
The article has very little to do with what you're describing - simple common name/password attacks - which have been going on for years. Iif [sic] you use non-attack-dictionary passwords, these aren't a threat. They just sit there and try things like root/password, root/passw0rd, etc.
These attacks are so common that no one tracks them anymore. SANS has a system that you can submit your firewall logs to but not the detailed syslog information. You can attempt to report the attacks to the appropriate parties - the ISP in the case of home users, the admins of servers, etc. Sometimes you'll get results, often you won't.
Have you disabled root logins for ssh? If not, so so. If you want to reduce the chatter that fills up your log files, change ssh to a different port. You can get various software to automagically firewall off offending systems, but be careful in configuring them - if you're not careful you could end up accidentally blocking out yourself or your users (or allowing someone else to do so).
The web is not just HTML at this point. Both QuickTime and RealPlayer have had notable exploits in the past few months. Acrobat and Flash have had major security holes as well. Just relying on the fact that you're using Firefox doesn't mean that you're not vulnerable.
I just read a study (yes, lacking a study and my search-fu is failing at the moment) where right mouse actions were shown to significantly enhance a large majority of business use in computers. There's some users who have issues with two+ mouse buttons, but as new generations emerge with computer use as a standard, those users will become a smaller and smaller portion of users. Should they be served by the industry? Yes. Should they be allowed to hold back the general populace? No. There's nothing wrong with non-power users having a simple appliance that caters to their needs. A PS3 controller would confuse most people in their sixties, that doesn't mean that the industry should stick to Atari 2600 single button controllers.
I work for a university and the vast majority of the students are proficient with the basics of technology. A right mouse button doesn't confuse the generation that grew up with Playstations as the basic videogame system, who send dozens of SMS texts a day, and who started IMing at an age when most people in my generation didn't have an e-mail account. Quite a few of them that I know hate Macs and cite the single mouse button as part of that. And the ones I know who do own and love Macs didn't buy them because of single buttons.
As far as Apple, adding a meta-key to the keyboard doesn't remove the problem, it just moves it and changes it slightly. To many users, right clicking something is far more intuitive than having to hit something on the keyboard and click at the same time. Which then introduces the question of whether they want to hit shift, control, alt, or command and click.
And the mighty mouse is not a major win. First, the "everything is a button" drives people like me crazy - we put enough pressure down on the mouse that it inadvertently triggers a click. And the side located alternate mouse buttons drive me crazy as well between the placement and inadvertently triggering them while just trying to move the mouse around. Perhaps if they were the only thing I ever used I could adapt, but the fact is I live in a Windows/Linux/OS X integrated world. And it doesn't address the fact that the laptops still ship with one mouse button (and no, the software workarounds are not as good as two physical buttons). There's a simple enough fix - put two buttons on it, map both to the main button if the user can't handle two buttons and configures the system for single button use in System Preferences.
Rape psychologically destroys the victim for the rest of his/her life.
I know people who were molested as children (both incest and non), people who were date raped, and people who were raped by strangers as adults. They have by and large gone on to have meaningful relationships and lives. Do some suffer from depression or have bad relationships? Yes, but not meaningfully more than the people I know who weren't raped.
Because no one wants another pandemic like the one that killed more people than WWI. No one wants to be responsible for that, so they use the tools they have available--antibiotics. Those tools become less effective every day, but when it's all you have it's all you have.
The WWI era pandemic was an influenza virus pandemic and antibiotics do not affect it. People who think that antibiotics work against the flu are part of why they become less effective every day.
You had posted saying that expecting a business to cater to you reflects a sense of entitlement and that the only way to get what you want is to run your own business. That simply isn't true - employees often seek perks (contractual and not) and if they deliver a desired value to the company, they get them. There are plenty of benefits to negotiating such things rather than being a contractor. My friends at Google get some quite nice benefits, for example, but it they approached Google as an S-Corp of one they would not get the job.
If you're good enough (and can demonstrate and prove your worth), you can get almost any benefit/perk as either an employee or contractor. If your demands are greater than your benefit to the company or there is someone of similar capability but less cost, you can't get them, no matter how you approach it. The problem with the sense of entitlement is not that employees want flex hours (or whatever) but when they don't have the capabilities to make themselves worth it to the company
One problem is that DDoS attacks sometimes use spoofed packets and many ISPs still allow client computers to send packets that they have no legitimate reason to do so.
Let's say that I'm an attacker at 1.2.3.4 and wanting to hit your box at 2.3.4.5 while using some random person's (or possibly a second DDoS target) IP of 3.4.5.6. If my bot's ISP were set up in the ideal manner, the bot could only send packets that are labeled as coming from 1.2.3.4. The reality is that many ISPs aren't, so I send a SYN packet that appears to be coming from 3.4.5.6 to your server. Your server dutifully sends a SYN/ACK packet to 3.4.5.6 which has no idea what your server is talking about and sends a reset packet. The only information in either system's logs refers to 2.3.4.5 and 3.4.5.6 leaving the attacker to continue to have fun.
But beyond that, what you suggest is true of any botnet. They often leave traces and evidence that can be used to shut down individual nodes. The problem is getting ISPs and their customers to actually fix the problem. It's often hard to get ISPs to act on direct, provable things like hosting phishing sites let alone "here's two packets that we believe contributed to a DDoS attack." The current system does not provide strong enough incentives for either the ISP or the consumers to take care of the problem.
And slavery would be legal, voting rights would be severely restricted, most commonly practiced sexual acts would be illegal (but it would be impossible to rape one's wife, even if she said no, in many states), and in many states the activities you could do on Sundays would be severely restricted. The Indian Intercourse Act, created in the same year as the copyright act you refer to, designates the majority of the land in the current United States as "The Indian Territory." So what exactly is your point?
There are many interesting and insightful things that can be said about the damage done by overextension of copyright periods. Just complaining that things were "better in the old days" is not one of them. Law changes and evolves for better and worse. A simple fact about life over two hundred years ago without supporting facts and analysis does not actually add anything other than placate the "I want everything to be free" crowd.
I'm not sure Flashblock will help in this case. As far as I can tell, it goes back after the page has finished loading and removes the Flash rather than keeping it from loading in the first place. That could be easily be long enough for an exploit to take effect. I believe NoScript's Flash blocking would work but can't say for certain.
Think in terms of not just tagging books, but individual chapters and sections, being able to drill down directly to the really useful parts based on other people's experiences. Or being able to find completely off the wall matches like finding art books that are surprisingly applicable to an HCI course or whatever.
Also, student tagging would have the benefit of allowing much harsher commentary than the current standards of professionalism in librarians allows. This would be both a good and bad thing.
The videogame route is going to lead to clunky Secondlife-esque attempts to reproduce the physical library which gives the worst of both the digital and physical worlds. If any concept needs to be applied to renovating library systems for "digital natives" it's the social networking and recommendation systems. Videogames might represent how the current generation of kids relax, but social networking represents how they gather and spread information.
Being able to see what other people who have taken the same class before have read and found useful would be an example or a shared tagging system. There's some obvious problems that would need to be addressed though. The first obviously being privacy. The second being that most people aren't likely to blog/otherwise document things that aren't that interesting. And the third being that there would be some artificial inflation if they thought other people would be looking ("Of _course_ I read Gödel, Escher, and Bach the first week I got to college.")
Some of the article is just plain common sense like expanding support hours and using IMs/SMS. Other parts lean into bad ideas like the LAN parties. And then there's ideas like this:
With video games, "you can play while you are inept," he said. There is also an assumption that players of games are rewarded for "exploring," even if they don't achieve the goal they have set out to achieve. "Lowered consequences of failure" is a key value to embrace, he said.
There's only so much coddling that young people should get. The world and the workplace do not embrace "lowered consequences of failure" - producing graduates who have that expectation does not do them any favours. Don't get me wrong, I'm all for well designed user interfaces and there's no reason that a user shouldn't be able to sit down at a computer and use an electronic card catalog for 90% of its functionality with no training assuming they've grown up using computers. Sadly, there are some truly terrible ones out there. But there's nothing wrong with a system that requires some effort and some learning in order to get the best results.
There have been dozens (at least, and excluding dupes) of stories covering systems that can lift the last ten layers of disk content off a drive.
Writing a one or zero to a hard drive leaves a pretty solid magnetic print. Magnetic media has a fair amount of memory, but that mostly comes into play with analog signals where there's a range rather than hard off or on. Given that hard drives have no built in way to recover data like you suggest, you would theoretically need to move the disks to a special reader in a clean room, ensure that the hard drive platters were compatable with your special reader, and then painstakingly go through a bit by bit recover the data. We're talking about an extremely long, still hypothetical process. It's one thing to develop technology that might be able to extract wiped bits - recovering gigabytes of data is another matter. Maybe the NSA has something worked out but it's not going to be brought into play for a matter like this. If the data is erased, it's gone.
I'm not sure I would trust a technologically-ignorant group to run a critical service.
Not to be too much of a jerk, but reading something on slashdot doesn't mean it's true or that you are technologically informed. Here's my instructor who stated that magnetic recovery is very unlikely. Can you show an equally reliable source that says that it is?
How do you make (or plan to make) your living?
unless using special hardware like one of those USB-to-USB network dongles
That's the great thing about the fact that Apple controls all the hardware manufacturing - they could just build that functionality into each system they ship.
A dead or dying Macintosh can be rebooted into target disk
mode and all its data transferred to another machine via that Firewire port. Or you can
use it for TCP/IP at 400 mbits/second, or to attach a port-powered bootable hard disk.
None of those uses is insignificant, nor can USB be considered a suitable substitute.
Target disk mode is indeed nice, but there's no reason Apple couldn't make it work with USB as well. Enterprises aren't using Firewire for TCP/IP for desktops. TCP/IP over firewire is a very, very small market. Port powered hard drives are vaguely nice, but not an overwhelming issue. For one thing, I can make an OS X bootable USB key at this point. For another, I can get USB powered hard drives. Further, carrying an extra adaptor is not a huge issue to me. But most importantly, most of my firewire powered capable drives come with an external supply and a recommendation to use them.
Or to phrase it another way, if Firewire is that important, why can't I buy a current model iPod that uses it?
As far as the zoom button, iTunes toggles between the miniplayer (which also throws a wrench in that it changes the layout of the close/zoom/dockify buttons) and the normal player. I don't know of too many inconsistancies with Apple software and the zoom button, but there is a lot of confusion in third party software and development environments as far as how to handle it.
With the closing/don't close issue, what exactly is a document? Terminal continues to run but iWeb doesn't? Garageband goes to the project selection page? That doesn't make logical sense to me.
There's also been some heated discussions on whether Apple has abused their guidelines as far as when to use brushed metal.
once you're using the "mixed environment OS X", you're bound to one supplier (Apple) once and forever.
A very good point. Related - Apple is very dependent on Steve Jobs as a figurehead and visionary. If something should happen to him, I suspect Apple would take a massive plunge.
I think the new servers made everyone take notice in the business world.
Not really. There's one version of the server. They made a bunch of mistakes in the hardware design (turning off the USB and Firewire ports when you locked the drives in, for example). It took them several revisions of the hardware to add redundant PSUs.
Tellingly, there was a lot of press when Virginia Tech created the first XServe supercomputer. But look how few people followed in the same footsteps.
(As a note - I _am_ an OS X (and Linux and Windows) user and admin. I have dozens of Apples ranging from G4s, G5s, Mac Pros, Powerbooks, MPros, and Xserves.)
The learning curve and disparity of Linux distributions is too high for easy general office use.
As someone else noted already, dismissing Linux with a single line is a little silly. Ubunutu is starting to gather desktop momentum. But I'll ignore the Linux factor. There is also a learning curve for moving from Windows to OS X, some of which Apple refuses to deal with. Many users are very used to AND prefer keyboard shortcuts to access pulldown menus, for example. The lack of consistancy for what the green window size button does is fustrating. Even Apple's own software fails to consistantly follow their own UI guidelines. Again, for example, a few applications quit entirely when you close the window while the majorty close the window but the program continue to run.
Many corporate applications have been ported to W3-compliant Web services that are OS-agnostic
Um... yeah. Sure. Which Enterprises are these again? Most Enterprises run tons of legacy software that's connected to via local software (often written in VB) or IE only frontends. Part of being an Enterprise level business is that you have years and decades worth of IT cruft that's built up.
Because Macs work with Microsoft's directory, enterprise administrators can now more easily manage Macs alongside Windows machines.
OS X works with _some_ parts of AD. There is still no viable replacement for Outlook on OS X. Whether you like Outlook with Exchange or not (I don't), there's very little that can do everything it can, and most Enterprise scale businesses are wrapped around it. Remember, it's not just a mail client or a personal scheduler, it's a foundation that many other companies have built on top of the scheduling features.
Yes, you can add virtualization, but then you're back to the problems of running Windows, plus now you have additional administration overhead of running and managing two OSes on each system plus additional user training and problems.
I'm also unaware of a way that I can push updates and settings to OS via Group Policies without using third party software. This is a key factor to Enterprises. A huge factor in deciding whether to shift OSes is the fact that the IT staff must be trained and experienced in what they're going to move to. If they've put years into developing internal tools to manage and deal with Windows, the cost of moving to OS grows.
We find that most PCs that are sold as enterprise desktops are actually stripped-down, lightweight versions of the computers the same companies sell to home users. These machines lack the basic technologies needed in the modern enterprise. Apple, on the other hand, simply doesn't sell a minimalist computer whose predominant 'feature' is its price point, aimed at businesses or any other market."
For instance, you can't buy a Mac without at least 512MB of RAM, Bluetooth, 802.11g Wi-Fi networking, Gigabit Ethernet, FireWire and even a remote control..."
My last big batch of Windows desktops were purchased nearly 3 years ago and have 1GB RAM, gigabit ethernet, and have been just fine.
Firewire? Why do enterprise desktop users need firewire? The only reason you need it is for digital video and audio or extremely fast file transfers. Not desktop use.
WiFi? I don't want desktop users using WiFi. That's why we have millions of dollars of copper and fiber infrastructure with security features and VLANs. Wireless is great for some things, but it does not scale and it is inherently less secure than hardwire. Even just having 802.11 means that every single desktop is a potential rogue WiFi station letting people inside the firewall. Great.
Bluetooth? Sort of neat, but again, desktop users don't need it and it opens up security issues.
And I can't believe they even tried to cite having a remote control
Get a FUCKING CLUE you goddamned prudish religious freaks.
Um, what was that line about physician heal thyself? Allow me to impart the clue. Here's what the flamewar that you decided to pile onto consisted of:
WebHostingGuy pointed out that the financial donations were quite small in the large scheme of things.
Dr. Spork claimed that the vaccine was likely to be a 100% cure for cervical cancer, which if you are a doctor, you know if false. There were some other statements about cancer being bad and so on.
Jhon disagreed with the 100% statement, pointing out that the vaccine only covers the dominant strains of HPV and noting that there are non-HPV related cervical cancers.
WebHostingGuy claimed that eliminating the Merck covered strains would be 100% effective.
Jhon once again noted that there are many strains of HPV, but concludes with, "You're statement that "only those few types of HPV cause cervical cancer" is untrue. There are many. It would, however, be true to say that most hpv-linked cancers are casued by 4 different strains of HPV."
AC ("I'm a pathologist!!1!") goes off on a straw man, claiming that because Jhon pointed out that the vaccine won't stop all cervical cancer that he obviously wants people to have cancer, and then proceeds to go with an specious ad homimem attack claiming that Jhon follows primitive superstitions.
You then add your "clue" by ranting about how unpleasant cancer is, concluding with your contribution to the specious religion attack. Thanks so much for adding your wisdom. Perhaps you should read for context first next time?