I think you will find that THEFT won't get you off the hook when it comes to trade secrets.
If you stumbled (by reverse engineering, intelectual insight, etc...) onto one of their Trade Secrets you wouldn't have a problem. If you've used stolen code you would find yourself in some very hot water.
A company is required to protect its trade secrets. I'm sure a Firewall is a good example of protection steps. The use of passwords to access required resources would be as well.
The fact someone broke in and potentially stole them doesn't mean they are fair game.
The good thing is, according to Microsofts public statements they got nothing of any significant value. This is good. Now they shouldn't be able to use this against development like SAMBA, etc that may do some reverse engineering. (in the legal sense)
Definitly a PCMCIA card. I just checked the DVD of Enemy of the State I have. Quickly located the scene. (00:23:09) (removing from slot). by 00:23:17 the card has been swapped into the toy.
A desktop with a PCMCIA cardslot isn't that unusual. (Wish I had one for my digital camera. (the CompactFlash cards work very nicely in a PCMCIA adapter, once used the 8meg card I have to transfer an 8meg file between 2 laptops on the road.).
And it's funny, there have been a number of sites getting on MAPS lists which have *never* been used for spam.
While they may have multiple lists to try and keep these seperate, the problem is the users do not have control over which list is used.
Slashdot users start screaming and yelling the moment somebody wants to filter Internet access in public libraries; but they will happily sit back while somebody filters their e-mail.
For those people who think MAPS & friends abuse their power this stinks.
I know for a fact that some of these groups do network scans (which they often claim they do not do); since they do most of the scans via private network accounts they don't get caught in log files. I also know that regardless of the results of network scans that they will list servers which they think MIGHT exist but which they cannot test. (If they cannot test it from random net account it should be inaccessable to anybody wanting to use it for a relay, right? Doesn't matter. They will ban it anyway.)
Organizations playing god don't deserve to be on the internet.
I read the article. I'm sorry to say that what I got out of the article was not what Slashdot as a whole got out of it.
I'm a consultant working for a company which, for various reasons, always supplies source code to the client. It is the nature of the product we use, but it isn't considered an issue at all.
On the other hand, if it was closed source, well that wouldn't be a significant issue either. You get what you pay for, closed binary, or sourcecode. It's called business. *I* don't like to see a company in the positition where they are stuck having to call me in. I'd much rather they call me in because they like my work, and the company I work for, rather than because they feel like they are stuck between a rock and a hardplace.
But this article isn't about that.
This article was about how the city bought 1500+ machines, and only used 1000. Uhm. Guys, Thats NOT that unusual. No mention is made of how many of the remaining machines are scheduled to be installed. Nor how many will be kept as spares. (Lets see, install 250 over the next 2 months, leave 250 as quick replacements for defective/vandalized machines...)
Doesn't really seem so unreasonable.
The article discusses some of the issues with code changes, updates.
These are NOT to be taken lightly. Its a complex system, it should have some form of control process in place and takes time. Some changes could take 2 minutes if you had access to the source code... it could also take 12 months to clean up the mess if you fuck up. It happens.
I'm not saying this system wasn't more expensive that it should have been. I'm not saying the company was as responsive as they should be. I am saying that there is nothing special about the company, or the situation. (note: many companies will not honour waranties if you modify their code... why? because you may have screwed it up. Not their problem. Its yours.).
(Screw with my code and I might get upset too, especialy if it is an ongoing project.).
How much of a system like this should be open source? Well, how many such systems exist? Almost NONE. the Development of such a system is expensive. Even if the city decided to do it themselves it would cost them a lot of money to develop the software, and the hardware. Someone has to build it, and, most of it is one-of. 1500 machines? For that you don't get great deals on parts. 10,000 card readers and you might start getting deals...
The entire attitude in the article is offensive. (speak-and-spell interface). What would you prefer, mouse driven??
I haven't been to New York, so I haven't used their metrocard system. On the other hand Vancouver B.C. has ticket dispensers for their ALRT system. An idiot could use them... oh wait... thats the idea. Anybody can use them.
This article expresess multiple, conflicting, political opinions. A cheap shot at replacing people at ticket counters with machines, and a push to opensource it. Open source isn't a cure-all.
Go to BeBits and download BeCode. If it works send me e-mail. (I wrote it, but since I am in Canada I don't actually *have* a CueCat, someone please send me one...:)
There are others as well.
(Mine places the results into the clipboard to be readily pasted into any input field. )
As I understand it, the new optical mice use a ccd to grab an image about 1000/second, analys it and determin how much, and in which direction the mouse has moved. Why not allow the mouse to read, and decode barcodes too?
I admit, as scanners, the current crop of optical mice would not be particularly good. You have no specific idea where the sensor is. But, relocating the sensor to the (for example) top, left corner could make it viable.
Very true, except at what wavelengths? I have Foglights on my car. How are they supposed to do me any good? Simply, it is a wavelength that doesn't reflect back off the moisture and create more glare. Or atleast thats the theory. I'm sure you could pick a wavelength or two with a laser that would be even more effective.
"Forbes's attorney says he's made an arrangement with prosecutors in which Penenberg would be asked only to attest that his article is accurate..."
If he is not willing to stand by what he already wrote he should quit journalism.
There have been cases of journalists getting involved enough in the hacking community to think of them in terms like co-conspirator. I'm not saying this is the case, but, if it isn't why not stand by what he already wrote?
Forget any legal issues for a moment. (Irrelevent to this discussion).
Gnutella's protocol is pathetic. It gives the illusion of privacy; unfortunatly it is completly trackable with a hacked client and carefull planning.
First, you attach to the Gnutella network and log EVERYTHING. Then, you subvert it.
Any search request results that go through your node you re-write and make them look like they come from you. Now everybody wanting that data will link to you and not the original source. (You could proxy it so they stil get the data, but now you are recording all of it).
You log ALL IP address'. With a timestamp, an IP and support from an ISP you can track a user down. An ISP won't support an anonymous request, but, a Warrant should solve that.
The Worst part of all this... You can subvert the procol significantly enough that except for the nodes YOU are directly connected to NOBODY using an unhacked client would know it was you. (They could even use multiple -unique id's- to make search results look like they came from multiple sites.).
(If NetPD wants such a program they can contact me and for $60,000 I'd finish writing mine and give it to them. Source and all.)
We encrypt the data stream to/ from the client software. We LICENSE this to those parties we wish to support. (Macster? Rapster, etc..)
We refuse to license to any parties we feel like. (NetPD). We Sue NetPD in the event they produce another user list on the scale of the previous one. (No way to obtain it without violating the COPYRIGHT laws designed to protect organizations like MPAA). Now, If we Win the DVD case then Napster could lose such a lawsuit, but, if MPAA wins then Napster would win a suit against NetPD.
(What would be copyright would be the search results as processed by Napster.)
Britian, US, Australia and Canada have laws preventing agencies such as the NSA from monitoring their own citizens. No problem, pay a 3rd party to do it for you.
Canada monitors U.S. / Britian, U.S. monitors Canada / Britian, Britian monitors U.S. and Canada... toss Autralians into the mix someohow and you might just figure out there isn't a government on this planet worth trusting.
Course, since nobody trusts politicians why should this be a suprise?
Actually the CRTC made 2 statements in the last 18 months. (CRTC doesn't make law, they make regulations; there IS a difference)
1) They do not have any authority over the Internet.
2) As he is rebroadcasting an unmodified stream and he is doing so over the Internet CRTC does not have jurisdiction.
And yes. I am Canada. And yes, I paid close attention when CRTC made the first statement. They could have pass some BS regulations. Instead, they opted out.
IANAL... They cite 17 USCA 1201... Lets see what it REALLY says: (a) Violations regarding circumvention of technological measures.--(1)(A)No person shall circumvent a technological measure that effectively controls access to a work protected under this title. The prohibition contained in the preceding sentence shall take effect at the end of the 2-year period beginning on the date of the enactment of this chapter. (Oct. 28, 1998)
Ok, if it was enacted on Oct. 28, 1998 then that portion of the law fails to take effect until Oct 28, 2000. Right? or was this law in effect since 1996??!
Never, EVER leave security up to the individuals designing/programming/installing the application.
Security is a very different mindset and someone testing a site security should not know how, or why the software was designed the way it is. While it should be secure even if they know all the details it may prevent them from finding the holes since they may make assumptions that certain holes do not exist.
If a security audit could not easily determine the software and the configuration it is in I would be suprised anyway. But, assuming it couldn't that would be good as well. It would mean a hacker would have a difficult time trying to find a quick hole, but that would just slow them down.
I worked for a company which wanted to gets it's database online. The project died because I was unwilling to assert that it was secure. I was very vocal about the fact I had no reason to believe it was secure. The company the server was purchased from never got around to running its own audit on the server. (I wouldn't have trusted their opinion anyway, a third party would have been a better choice).
@Home is not an ISP. @Home is a brand. My ISP is Shaw(.ca), yet I'm part of @home.
I shall make no comments as to shaws position on spam, I don't know what it is, because to me it has not been an issue. But, I believe it is a serious injustice to cut off home.com when it is an umbrela for what are really a large number of independant ISP's with an agreement on content. Even the AUP is not entirly consistant between ISPs.
Any attempt to block home.com news is inappropriate and should rather be done on a specific ISP basis.
Neuromancer was written by an author incapable of writing anything of value. His later works are significatly better. Pat Cadigan is one of the few authors of the genre who really seems to be able to write about the ideas effectly in a humanstic sense. (I'm a gadget freak, but showing a little humanity in a piece has far more value that showing NONE like Bruce Sterling and Gibson.)
Re:Ender's Game a children's book?
on
Ender's Shadow
·
· Score: 1
If context was never considered you would be right.
There are many books which contain very violent subplots, without an appropriate context to the violence then it has no meaning or value.
Those scenes within Ender's Game are full of personal conflict of the main character, as well as deep contextual issues.
Keep in mind of course that at first, Ender isn't even aware he killed the kid.
Personally I find Orson Scott Card to be a little preachy with religious issues, but even then, it is seldom without enough context to see the point o view.
You have read Lord of the Flies right? My personal opinion is that book has few redeeming qualities except its accuracy. It is a clear depection of a possible, and likely scenario of an event. It is exceptionally violent. Yet we give it to kids to read every day.
And, for about the same price as that remote control you can buy yourself a PalmPilot with IR port and do the same thing.
Never mind you can keep phonenumbers, address, appointments, games, etc on it.
Of course, the funny thing is, the interface for the remote is very close to PalmOS, they must have spent a lot of time trimming all the crap out of WinCE to make it usable on such a device.
Re:Law of Supp/Demand
on
Digital VCRs
·
· Score: 1
Let me see, does a typical consumer care what operating system is running on his VCR like device? No.
What the typical consumer wants is the functionality. So, while Supply/Demand may rule the day Microsoft marketing won't.
The people who have to be impressed are the technical people who will be implementing the device.
It seems to me as well that the licensing of Linux would be a lot cheaper than WinCE for such a device.:)
Slashdot Mirror
Pick which 18hrs a day you wish to work.
If you stumbled (by reverse engineering, intelectual insight, etc...) onto one of their Trade Secrets you wouldn't have a problem. If you've used stolen code you would find yourself in some very hot water.
A company is required to protect its trade secrets. I'm sure a Firewall is a good example of protection steps. The use of passwords to access required resources would be as well.
The fact someone broke in and potentially stole them doesn't mean they are fair game.
The good thing is, according to Microsofts public statements they got nothing of any significant value. This is good. Now they shouldn't be able to use this against development like SAMBA, etc that may do some reverse engineering. (in the legal sense)
A desktop with a PCMCIA cardslot isn't that unusual. (Wish I had one for my digital camera. (the CompactFlash cards work very nicely in a PCMCIA adapter, once used the 8meg card I have to transfer an 8meg file between 2 laptops on the road.).
And it's funny, there have been a number of sites getting on MAPS lists which have *never* been used for spam.
While they may have multiple lists to try and keep these seperate, the problem is the users do not have control over which list is used.
Slashdot users start screaming and yelling the moment somebody wants to filter Internet access in public libraries; but they will happily sit back while somebody filters their e-mail.
(posted here as multiple people responded with the same question/response)
For those people who think MAPS & friends abuse their power this stinks.
I know for a fact that some of these groups do network scans (which they often claim they do not do); since they do most of the scans via private network accounts they don't get caught in log files. I also know that regardless of the results of network scans that they will list servers which they think MIGHT exist but which they cannot test. (If they cannot test it from random net account it should be inaccessable to anybody wanting to use it for a relay, right? Doesn't matter. They will ban it anyway.)
Organizations playing god don't deserve to be on the internet.
I'm a consultant working for a company which, for various reasons, always supplies source code to the client. It is the nature of the product we use, but it isn't considered an issue at all.
On the other hand, if it was closed source, well that wouldn't be a significant issue either. You get what you pay for, closed binary, or sourcecode. It's called business. *I* don't like to see a company in the positition where they are stuck having to call me in. I'd much rather they call me in because they like my work, and the company I work for, rather than because they feel like they are stuck between a rock and a hardplace.
But this article isn't about that.
This article was about how the city bought 1500+ machines, and only used 1000. Uhm. Guys, Thats NOT that unusual. No mention is made of how many of the remaining machines are scheduled to be installed. Nor how many will be kept as spares. (Lets see, install 250 over the next 2 months, leave 250 as quick replacements for defective/vandalized machines...)
Doesn't really seem so unreasonable.
The article discusses some of the issues with code changes, updates.
These are NOT to be taken lightly. Its a complex system, it should have some form of control process in place and takes time. Some changes could take 2 minutes if you had access to the source code... it could also take 12 months to clean up the mess if you fuck up. It happens.
I'm not saying this system wasn't more expensive that it should have been. I'm not saying the company was as responsive as they should be. I am saying that there is nothing special about the company, or the situation. (note: many companies will not honour waranties if you modify their code... why? because you may have screwed it up. Not their problem. Its yours.).
(Screw with my code and I might get upset too, especialy if it is an ongoing project.).
How much of a system like this should be open source? Well, how many such systems exist? Almost NONE. the Development of such a system is expensive. Even if the city decided to do it themselves it would cost them a lot of money to develop the software, and the hardware. Someone has to build it, and, most of it is one-of. 1500 machines? For that you don't get great deals on parts. 10,000 card readers and you might start getting deals...
The entire attitude in the article is offensive. (speak-and-spell interface). What would you prefer, mouse driven??
I haven't been to New York, so I haven't used their metrocard system. On the other hand Vancouver B.C. has ticket dispensers for their ALRT system. An idiot could use them... oh wait... thats the idea. Anybody can use them.
This article expresess multiple, conflicting, political opinions. A cheap shot at replacing people at ticket counters with machines, and a push to opensource it. Open source isn't a cure-all.
In Code39, or Bar128 : FUCUECAT.
There are others as well.
(Mine places the results into the clipboard to be readily pasted into any input field. )
topham@home.com
As I understand it, the new optical mice use a ccd to grab an image about 1000/second, analys it and determin how much, and in which direction the mouse has moved. Why not allow the mouse to read, and decode barcodes too?
I admit, as scanners, the current crop of optical mice would not be particularly good. You have no specific idea where the sensor is. But, relocating the sensor to the (for example) top, left corner could make it viable.
Very true, except at what wavelengths? I have Foglights on my car. How are they supposed to do me any good? Simply, it is a wavelength that doesn't reflect back off the moisture and create more glare. Or atleast thats the theory. I'm sure you could pick a wavelength or two with a laser that would be even more effective.
And of course, you all remember when Microsoft was REQUIRING companies to sell Windows (or atleast purchase) for *each* PC sold.
So, let me get this straight. They required it be sold, and, they double dip corporate clients.
nice.
If he is not willing to stand by what he already wrote he should quit journalism.
There have been cases of journalists getting involved enough in the hacking community to think of them in terms like co-conspirator. I'm not saying this is the case, but, if it isn't why not stand by what he already wrote?
As is.
Forget any legal issues for a moment. (Irrelevent to this discussion).
Gnutella's protocol is pathetic. It gives the illusion of privacy; unfortunatly it is completly trackable with a hacked client and carefull planning.
First, you attach to the Gnutella network and log EVERYTHING. Then, you subvert it.
Any search request results that go through your node you re-write and make them look like they come from you. Now everybody wanting that data will link to you and not the original source. (You could proxy it so they stil get the data, but now you are recording all of it).
You log ALL IP address'. With a timestamp, an IP and support from an ISP you can track a user down. An ISP won't support an anonymous request, but, a Warrant should solve that.
The Worst part of all this... You can subvert the procol significantly enough that except for the nodes YOU are directly connected to NOBODY using an unhacked client would know it was you. (They could even use multiple -unique id's- to make search results look like they came from multiple sites.).
(If NetPD wants such a program they can contact me and for $60,000 I'd finish writing mine and give it to them. Source and all.)
We encrypt the data stream to/ from the client software. We LICENSE this to those parties we wish to support. (Macster? Rapster, etc..)
We refuse to license to any parties we feel like. (NetPD). We Sue NetPD in the event they produce another user list on the scale of the previous one. (No way to obtain it without violating the COPYRIGHT laws designed to protect organizations like MPAA). Now, If we Win the DVD case then Napster could lose such a lawsuit, but, if MPAA wins then Napster would win a suit against NetPD.
(What would be copyright would be the search results as processed by Napster.)
Britian, US, Australia and Canada have laws preventing agencies such as the NSA from monitoring their own citizens. No problem, pay a 3rd party to do it for you.
Canada monitors U.S. / Britian, U.S. monitors Canada / Britian, Britian monitors U.S. and Canada... toss Autralians into the mix someohow and you might just figure out there isn't a government on this planet worth trusting.
Course, since nobody trusts politicians why should this be a suprise?
That would be 4hrs * minimum wage lacky
Actually the CRTC made 2 statements in the last 18 months.
(CRTC doesn't make law, they make regulations; there IS a difference)
1) They do not have any authority over the Internet.
2) As he is rebroadcasting an unmodified stream and he is doing so over the Internet CRTC does not have jurisdiction.
And yes. I am Canada. And yes, I paid close attention when CRTC made the first statement. They could have pass some BS regulations. Instead, they opted out.
Ok, if it was enacted on Oct. 28, 1998 then that portion of the law fails to take effect until Oct 28, 2000. Right? or was this law in effect since 1996??!
The other mistake...
Never, EVER leave security up to the individuals designing/programming/installing the application.
Security is a very different mindset and someone testing a site security should not know how, or why the software was designed the way it is. While it should be secure even if they know all the details it may prevent them from finding the holes since they may make assumptions that certain holes do not exist.
If a security audit could not easily determine the software and the configuration it is in I would be suprised anyway. But, assuming it couldn't that would be good as well. It would mean a hacker would have a difficult time trying to find a quick hole, but that would just slow them down.
Security experts don't write applications, application experts don't write operating systems, etc.
I worked for a company which wanted to gets it's database online. The project died because I was unwilling to assert that it was secure. I was very vocal about the fact I had no reason to believe it was secure. The company the server was purchased from never got around to running its own audit on the server. (I wouldn't have trusted their opinion anyway, a third party would have been a better choice).
@Home is not an ISP. @Home is a brand. My ISP is Shaw(.ca), yet I'm part of @home.
I shall make no comments as to shaws position on spam, I don't know what it is, because to me it has not been an issue. But, I believe it is a serious injustice to cut off home.com when it is an umbrela for what are really a large number of independant ISP's with an agreement on content. Even the AUP is not entirly consistant between ISPs.
Any attempt to block home.com news is inappropriate and should rather be done on a specific ISP basis.
Neuromancer was written by an author incapable of writing anything of value.
His later works are significatly better.
Pat Cadigan is one of the few authors of the genre who really seems to be able to write about the ideas effectly in a humanstic sense.
(I'm a gadget freak, but showing a little humanity in a piece has far more value that showing NONE like Bruce Sterling and Gibson.)
There are many books which contain very violent subplots, without an appropriate context to the violence then it has no meaning or value.
Those scenes within Ender's Game are full of personal conflict of the main character, as well as deep contextual issues.
Keep in mind of course that at first, Ender isn't even aware he killed the kid.
Personally I find Orson Scott Card to be a little preachy with religious issues, but even then, it is seldom without enough context to see the point o view.
You have read Lord of the Flies right? My personal opinion is that book has few redeeming qualities except its accuracy. It is a clear depection of a possible, and likely scenario of an event. It is exceptionally violent. Yet we give it to kids to read every day.
And, for about the same price as that remote control you can buy yourself a PalmPilot with IR port and do the same thing.
Never mind you can keep phonenumbers, address, appointments, games, etc on it.
Of course, the funny thing is, the interface for the remote is very close to PalmOS, they must have spent a lot of time trimming all the crap out of WinCE to make it usable on such a device.
Let me see, does a typical consumer care what operating system is running on his VCR like device? No.
:)
What the typical consumer wants is the functionality. So, while Supply/Demand may rule the day Microsoft marketing won't.
The people who have to be impressed are the technical people who will be implementing the device.
It seems to me as well that the licensing of Linux would be a lot cheaper than WinCE for such a device.