Looks like some of the replies on the mailing list are also worried about the response Trident may get from Slashdot....
Re:How Dumb Do They Think We Are?
on
RIAA To Target CD-R
·
· Score: 2, Insightful
My conclusion is rather that Napster was virtually shut down, and therefore the music sales of CDs went down... althought the economic slowdown is also relevant.
The other difference is that you are probably competent enough to gather good evidence, and the ISP can verify it themselves. In the reported case, it seems like the MPAA did not provide any convincing details (after all the guy hasn't received any evidence whatsoever, except his IP address).
The link is slashdoted, but I believe it is the old ("old" as in been around for a while, from before the Michaelangelo scare) virus myth site which used to be at http://kumite.com. It is/was run by Rob Rosenberger, and it is a really good resource of finding out which is the latest fake scare, and what stupidities are being distributed via chain-mail...
The "False Authority Syndrome" article itself is at least 5 years old...
At the time I was in no position to go from Win98 to Linux because I didn't have the time to learn everything again. I have toyed around with Linux in the past, but not fully because I needed a system right then and there I could fully use to my knowledge.
This brings a topic that I have been wondering about for a while. Would you have spent $200 - $300 to move to Linix (or any other OS) by hiring someone knowledgable to do the following:
evaluate your software needs and find appropriate replacements in the new OS
setup your machine with the new OS
walk you through the basic tasks you need to perform to do your job
point you to the appropriate documentation where you can expand your knowledge about the new system
It should be possible (barring exotic hardware, etc) to do the switch in 2-3 days, and be able to do your work on the new system (which is why the first step is important). How many people would be interestd in such a service? Do you think Windows XP will push people towards getting this type of service?
You seem to think that this is a new case, so the defendant "should have known better." IIRC, this is the original DeCSS case (preceding the 2600 lawsuit). Also, it is not a DMCA case, it is for "stealing trade secrets" as the DVD CCA calls their encryption keys, and it is based on California state law.
This story is not actually about the whole case, it is about jurisdiction. The court is saying that a resident of Indiana can be sued based on California laws. This interpratation of the law is troubling, to say the least...
Re:Network traffic seems high - is this why?
on
Code Redux
·
· Score: 1
No, it isn't. At least according to the helpdesk drones. Level 2 support tries the old, "These are not the IPs you are looking for..." Jedi mindtrick.
Slightly better here (Charter@Home):
Saturday - "this is normal"
Sunday - "We know we have a problem and we are working on it."
Since there is no performance degradation (yet) I haven't even gone to level 2 support...
Re:Network traffic seems high - is this why?
on
Code Redux
·
· Score: 2, Informative
Yes - check the athome.* newsgroups for more details...
Basically the new, "improved", Code Red is scanning close-by IP addresses, thus trying to find machines that may not even exist, or which are turned off at the moment. In this case, the @home gateway sends an ARP broadcast packet trying to find the IP address in question. This broadcast traffic causes the "activity" light to blink constantly... In my area, there is no performance degradation, though (yet).
Hmm, if this issue is so important to you, you should have heard that the GPL V3 is supposed to address it. So a better question would be what the status of the next version of the GPL is...
You know that story a few days ago on/. about silicon valley using immigrant workers to keep salaries low? The story was actually circulated for publication 2 years ago, but no big paper would pick it up for fear of damaging themselves...
You mean the story, which told us that programmers don't use math? I'd say good for the editors for recognizing empty drivel for what it is...
Why should every domain has its own SMTP server? In my case, my ISP is selling a service, which includes an SMTP server access, when I am using that ISP (it is not Verizon). I cannot access that SMTP server when I am not connected to the ISP's network.
My web hosting provider is providing just that - hosting a domain, including a POP server for e-mails to that domain. It will be an added hassle to maintain an SMTP server which prevents relaying, and at the same time allows me and all the other users to use it from a whole different network. Of course if I need to send an e-mail from my web site via a script, I can use their SMTP server, because it is on the same network as the web site - no extra hassle for them, keeps the price extremely reasonalble, and the service stable. (BTW, check them out - www.npsis.com).
Let me get this straight - this measure will prevent Verizon's customers from forging their From: field when sending e-mail while using Verizon as an ISP? You are telling me Verizon doesn't know their customer's IP address when they connect to the SMTP server, or if they know it, that Verizon cannot enforce their AUP based on that information? They cannot detect an IP address sending hundreds of e-mails per second?
This has very little to do with spam prevention, and a lot to do with preventing Verizon's customers from using other hosting companies...
This is entirely Verizon's fault, and not your University's fault. Your university's approach is sensible, Verizon's is aiming to force its customers to host their domains with them...
You have a domain name hosted by XYZHostingCompany.com, but you connect to the internet from xyzISP.com. You have the domain myDomain.com and the email address me@myDomain.com.
Yep, and if I connect to the internet through xyzISP.com, they can confirm that I am a legitimate customer, since they gave me the IP address. This is not relaying! The From: address has nothing to do with stopping relaying.
XYZHostingCompany.com has a special relaying server setup for its clients at relay.XYZHostingCompany.com
Many hosting companies don't have a special relaying server. Besides, doesn't this mean that a spammer with forged From: address has just found an open-relay server?
xyzISP.com SHOULD NOT be letting you send mail as me@myDomain.com because they don't have anything to do with that domain, if they let that domain through, they would basically be letting everything through, which means they would be used to send lots and lots of SPAM (which would, of course, degrade the level of service for their valid clients).
This is BS. The ISP assigns the IP address to their customers, and don't allow anyone from an invalid IP address to connect to their SMTP servers. They don't have to rely on the domain of the From: field to stop relaying...
If this were to stop using their SMTP servers when you are not connected to the internet through Verizon Online, then this will be indeed OK. However, it sounds like even if you are dialed into the Verizon system, or connected via DSL, they are trying to prevent you from using their SMTP server, only because you are using an e-mail address from a domain not hosted by Verizon.
Usually an SMTP server is provided by your ISP, since you are part of their network when you are connected to their service, and they can contlrol who uses the SMTP servers based on IP address. POP and IMAP servers can be provided from any place. If you have your own domain, the hosting provider usually provides a pop server, so that you can have e-mail going to your domain.
There is no technical reason behind this decision, only an attempt to force the Verizon customers to host their domains with Verizon.
So you are saying that Adobe got interested in you only after they got in trouble themselves? Yes! Barnes&Noble stopped selling ellectronic books for 24 hours and announced that the Adobe format cannot provide adequate security. Adobe's actions started after that.
Recently in the US there was a similar case regarding a program to break DVD encryption. And they did win a case in court against people who were distributing DeCSS.
Yes, our story with eBook is closest to the DeCSS case: they created a program , which allows the viewing of DVD movies on Linux. But they are already winning similar cases, and filing counter-suits. After all, they were forbidden to publish the algorithms, and algorithms are scientific work, which cannot be prevented from distribution.
It is known that the FBI sometimes arrests hackers only to offer them freedom in return to collaboration. Is it possible that Dmitriy will be freed in this way? Well, they could have done this to me, since I studied at the KGB Institute once uppon a time. In Dmitriy'c case, I doubt it. Unless they invite him to work as a programmer...
But hasn't "Elcomsoft" already collaborated with the FBI? Yes, the main users of our password-cracking program are law enforcement agencies. That same FBI has bought these programs from us many times.
Wouldn't this help free Dmitriy? I don't know. These are different departments. I will try to call my contacts, of course.
From http://www.netoscope.ru/theme/2001/07/17/2925.html
They Handcuffed Dmitriy Right Away
Alexey Andreyev
lexa@spb.cityline.ru
7/17/2001
The president of "Elcomsoft" Aleksandr Katalov tells details about the arrest of the company's employee Dmitriy Sklyarov. The FBI arrested Dmitriy in Las Vegas after his presentation at Def Con of a [computer] science paper, part of his dissertation. In the USA, however, he is going to be tried as a malicious hacker.
Aleksandr, how was Dmitriy arrested? DefCon was on Sunday, and Dmitriy was presenting our paper "eBook Security: Theory and Practice." On Monday morning, he, and another of our employees, Andrey, were leaving the hotel for the airport. Two individuals stopped them at the exit. They showed them FBI badges, and handcuffed Dmitriy right away. Dmitriy and Andrey were led to different rooms. The just had a discussion with Andrey - asked him this and that for about half an hour, then let him go. He tried to call me several times, but couldn't reach me. Then he called the Moscow office around 10:30, and they sent us an [e-]mail about the arrest.
Was Dmitriy Sklyarov the only author of the program "Advanced eBook Processor" (because of which he was arrested)? Of course not! Also, he was responsible for the scientific, research part of the project, he is the author of the algorithms. This is part of his dissertation. At least three employees of our company have worked on this program, and it is distributed under the "Elcomsoft" brand. But now the Americans, most likely, will try to represent this as a break-in, perpetrated by some lone Russian hacker.
So it turns out, they "took away" Dmitriy, only because he did a presentation at DefCon? It looks like it, yes. Although at the beginning of his presentation he announced that he is employed by "Elcomsoft", the company which developed this program.
What do your lawyers say? Our lawyers learned about the arrest in the evening, after everything was already closed. Here is what happened: after I got the message about the arrest, I immediately called the Russian consulate. They suggested that I wait until noon - maybe he would be placed on the flight to LA, and from there on the Aeroflot flight home. However, he didn't show up at the airport. After that the consulate started preparing an official inquiry for the American authorities. They were dealing with that until about 2 pm, when the check-in for the flight was over - it was clear the Dmitriy hadn't left. On top of that, we had no idea where he was. Around 2 the consulate made the inquiry but until the end of the work day - 6 pm - there was no response. In other words, on Monday there was no information whatsoever.
On Tuesday morning, when our Moscow office openned, Dmitriy's wife called. She told them that she was called and informed through a translator that her husband was arrested. They didn't let her talk to him personally. This happened around 4 am Moscow time - so here it was still around 3 pm on Monday. Turns out that they didn't inform the consulate that day.
Have they filed charges? From what I understood from Dmitriy's wife (and she wasn't clear on everything under these circumstances, she also has a two-month old child) - yesterday was when he was arraigned. And it was decided that until the trial Dmitriy will stay in jail, because there is no one here to post bail for him. Further more, they did not tell anyone [who could post bail] about the arrest - not us, not the consulate. Obviously, we couldn't do anything yesterday.
After this case, and the arrest of another Russian hacker earlier, one could think that the FBI has established a new operating procedure: lure Russain hackers to the US, and arrest them there, "according to their laws." Have your employees traveled before to meetings like DefCon? Were there no similar stories?
Also according to Gartner:
Some 724 U.S.-based respondents had answered questions over the phone for the survey, he said, ranging from small organizations with fewer than 50 PCs to large companies with more than 500 computers, as well as educational institutions, Internet service providers and application service providers.
There is no indication of how these respondents were selected, and how representative they were. I am sure anyone can pick 700 respondents who will show 100% Linux or BSD loaded on new servers.
If tax dollars are funding a project, then the results of that development should be available to everyone and not just people who use one particular license.
What do you mean by available? Obviously Microsoft wants to be able to take publicly funded software, and use it in its proprietary system. What are the chances that they won't tweek the code to be incompatible with the publicly available version (c.f. Kerberos)? Given their current monopoly on the desktop, this means that our tax dollars went to provide R&D and to increase the market cap of Microsoft!
I think this should not be considered proper use of public funds, and I think the GPL is a better guarantee that the software developed with public funds will benefit all of the public, not just a mega-corporation....
But what really gives this guy away is that "there can be only one" [immortal] and everybody knows Connor McLeod has already won, so the guy must be a phoney.
I bet he is, or Connor would've kicked his butt long ago. I reckon...
No, no, no - it is Duncan McLeod who is left now - Connor sacrificed himself so that their combined strength would defeat the bad immortal...
Redistribution and
use in source and binary forms are permitted...
I don't know about you, but for me the primary use of the "source form" would be to modify it, and since that use has not been explicitly forbidden, then modifications should be OK.
Slashdot Mirror
Looks like some of the replies on the mailing list are also worried about the response Trident may get from Slashdot....
My conclusion is rather that Napster was virtually shut down, and therefore the music sales of CDs went down... althought the economic slowdown is also relevant.
The other difference is that you are probably competent enough to gather good evidence, and the ISP can verify it themselves. In the reported case, it seems like the MPAA did not provide any convincing details (after all the guy hasn't received any evidence whatsoever, except his IP address).
The link is slashdoted, but I believe it is the old ("old" as in been around for a while, from before the Michaelangelo scare) virus myth site which used to be at http://kumite.com. It is/was run by Rob Rosenberger, and it is a really good resource of finding out which is the latest fake scare, and what stupidities are being distributed via chain-mail...
The "False Authority Syndrome" article itself is at least 5 years old...
This brings a topic that I have been wondering about for a while. Would you have spent $200 - $300 to move to Linix (or any other OS) by hiring someone knowledgable to do the following:
- evaluate your software needs and find appropriate replacements in the new OS
- setup your machine with the new OS
- walk you through the basic tasks you need to perform to do your job
- point you to the appropriate documentation where you can expand your knowledge about the new system
It should be possible (barring exotic hardware, etc) to do the switch in 2-3 days, and be able to do your work on the new system (which is why the first step is important). How many people would be interestd in such a service? Do you think Windows XP will push people towards getting this type of service?You seem to think that this is a new case, so the defendant "should have known better." IIRC, this is the original DeCSS case (preceding the 2600 lawsuit). Also, it is not a DMCA case, it is for "stealing trade secrets" as the DVD CCA calls their encryption keys, and it is based on California state law.
This story is not actually about the whole case, it is about jurisdiction. The court is saying that a resident of Indiana can be sued based on California laws. This interpratation of the law is troubling, to say the least...
No, it isn't. At least according to the helpdesk drones. Level 2 support tries the old, "These are not the IPs you are looking for..." Jedi mindtrick.
Slightly better here (Charter@Home):
Saturday - "this is normal"
Sunday - "We know we have a problem and we are working on it."
Since there is no performance degradation (yet) I haven't even gone to level 2 support...
Yes - check the athome.* newsgroups for more details...
Basically the new, "improved", Code Red is scanning close-by IP addresses, thus trying to find machines that may not even exist, or which are turned off at the moment. In this case, the @home gateway sends an ARP broadcast packet trying to find the IP address in question. This broadcast traffic causes the "activity" light to blink constantly... In my area, there is no performance degradation, though (yet).
Hmm, if this issue is so important to you, you should have heard that the GPL V3 is supposed to address it. So a better question would be what the status of the next version of the GPL is...
Wow! The first time I see the "*BSD/Linux is dying" troll applied to the FSF.
FSF business plan! FSF capitalization! FSF dwindling revenues! LOL!
You know that story a few days ago on /. about silicon valley using immigrant workers to keep salaries low? The story was actually circulated for publication 2 years ago, but no big paper would pick it up for fear of damaging themselves...
You mean the story, which told us that programmers don't use math? I'd say good for the editors for recognizing empty drivel for what it is...
Why should every domain has its own SMTP server? In my case, my ISP is selling a service, which includes an SMTP server access, when I am using that ISP (it is not Verizon). I cannot access that SMTP server when I am not connected to the ISP's network.
My web hosting provider is providing just that - hosting a domain, including a POP server for e-mails to that domain. It will be an added hassle to maintain an SMTP server which prevents relaying, and at the same time allows me and all the other users to use it from a whole different network. Of course if I need to send an e-mail from my web site via a script, I can use their SMTP server, because it is on the same network as the web site - no extra hassle for them, keeps the price extremely reasonalble, and the service stable. (BTW, check them out - www.npsis.com).
Please, let us know what you think once Verizon blocks port 25 on your own mail server (as Earthlink already does)...
Let me get this straight - this measure will prevent Verizon's customers from forging their From: field when sending e-mail while using Verizon as an ISP? You are telling me Verizon doesn't know their customer's IP address when they connect to the SMTP server, or if they know it, that Verizon cannot enforce their AUP based on that information? They cannot detect an IP address sending hundreds of e-mails per second?
This has very little to do with spam prevention, and a lot to do with preventing Verizon's customers from using other hosting companies...
This is entirely Verizon's fault, and not your University's fault. Your university's approach is sensible, Verizon's is aiming to force its customers to host their domains with them...
Wrong.
You have a domain name hosted by XYZHostingCompany.com, but you connect to the internet from xyzISP.com. You have the domain myDomain.com and the email address me@myDomain.com.
Yep, and if I connect to the internet through xyzISP.com, they can confirm that I am a legitimate customer, since they gave me the IP address. This is not relaying! The From: address has nothing to do with stopping relaying.
XYZHostingCompany.com has a special relaying server setup for its clients at relay.XYZHostingCompany.com
Many hosting companies don't have a special relaying server. Besides, doesn't this mean that a spammer with forged From: address has just found an open-relay server?
xyzISP.com SHOULD NOT be letting you send mail as me@myDomain.com because they don't have anything to do with that domain, if they let that domain through, they would basically be letting everything through, which means they would be used to send lots and lots of SPAM (which would, of course, degrade the level of service for their valid clients).
This is BS. The ISP assigns the IP address to their customers, and don't allow anyone from an invalid IP address to connect to their SMTP servers. They don't have to rely on the domain of the From: field to stop relaying...
If this were to stop using their SMTP servers when you are not connected to the internet through Verizon Online, then this will be indeed OK. However, it sounds like even if you are dialed into the Verizon system, or connected via DSL, they are trying to prevent you from using their SMTP server, only because you are using an e-mail address from a domain not hosted by Verizon.
Usually an SMTP server is provided by your ISP, since you are part of their network when you are connected to their service, and they can contlrol who uses the SMTP servers based on IP address. POP and IMAP servers can be provided from any place. If you have your own domain, the hosting provider usually provides a pop server, so that you can have e-mail going to your domain.
There is no technical reason behind this decision, only an attempt to force the Verizon customers to host their domains with Verizon.
[See the parrent for the first part]
So you are saying that Adobe got interested in you only after they got in trouble themselves?
Yes! Barnes&Noble stopped selling ellectronic books for 24 hours and announced that the Adobe format cannot provide adequate security. Adobe's actions started after that.
Recently in the US there was a similar case regarding a program to break DVD encryption. And they did win a case in court against people who were distributing DeCSS.
Yes, our story with eBook is closest to the DeCSS case: they created a program , which allows the viewing of DVD movies on Linux. But they are already winning similar cases, and filing counter-suits. After all, they were forbidden to publish the algorithms, and algorithms are scientific work, which cannot be prevented from distribution.
It is known that the FBI sometimes arrests hackers only to offer them freedom in return to collaboration. Is it possible that Dmitriy will be freed in this way?
Well, they could have done this to me, since I studied at the KGB Institute once uppon a time. In Dmitriy'c case, I doubt it. Unless they invite him to work as a programmer...
But hasn't "Elcomsoft" already collaborated with the FBI?
Yes, the main users of our password-cracking program are law enforcement agencies. That same FBI has bought these programs from us many times.
Wouldn't this help free Dmitriy?
I don't know. These are different departments. I will try to call my contacts, of course.
From http://www.netoscope.ru/theme/2001/07/17/2925.html
They Handcuffed Dmitriy Right Away
Alexey Andreyev
lexa@spb.cityline.ru
7/17/2001
The president of "Elcomsoft" Aleksandr Katalov tells details about the arrest of the company's employee Dmitriy Sklyarov. The FBI arrested Dmitriy in Las Vegas after his presentation at Def Con of a [computer] science paper, part of his dissertation. In the USA, however, he is going to be tried as a malicious hacker.
Aleksandr, how was Dmitriy arrested?
DefCon was on Sunday, and Dmitriy was presenting our paper "eBook Security: Theory and Practice." On Monday morning, he, and another of our employees, Andrey, were leaving the hotel for the airport. Two individuals stopped them at the exit. They showed them FBI badges, and handcuffed Dmitriy right away. Dmitriy and Andrey were led to different rooms. The just had a discussion with Andrey - asked him this and that for about half an hour, then let him go. He tried to call me several times, but couldn't reach me. Then he called the Moscow office around 10:30, and they sent us an [e-]mail about the arrest.
Was Dmitriy Sklyarov the only author of the program "Advanced eBook Processor" (because of which he was arrested)?
Of course not! Also, he was responsible for the scientific, research part of the project, he is the author of the algorithms. This is part of his dissertation. At least three employees of our company have worked on this program, and it is distributed under the "Elcomsoft" brand. But now the Americans, most likely, will try to represent this as a break-in, perpetrated by some lone Russian hacker.
So it turns out, they "took away" Dmitriy, only because he did a presentation at DefCon?
It looks like it, yes. Although at the beginning of his presentation he announced that he is employed by "Elcomsoft", the company which developed this program.
What do your lawyers say?
Our lawyers learned about the arrest in the evening, after everything was already closed. Here is what happened: after I got the message about the arrest, I immediately called the Russian consulate. They suggested that I wait until noon - maybe he would be placed on the flight to LA, and from there on the Aeroflot flight home. However, he didn't show up at the airport. After that the consulate started preparing an official inquiry for the American authorities. They were dealing with that until about 2 pm, when the check-in for the flight was over - it was clear the Dmitriy hadn't left. On top of that, we had no idea where he was. Around 2 the consulate made the inquiry but until the end of the work day - 6 pm - there was no response. In other words, on Monday there was no information whatsoever.
On Tuesday morning, when our Moscow office openned, Dmitriy's wife called. She told them that she was called and informed through a translator that her husband was arrested. They didn't let her talk to him personally. This happened around 4 am Moscow time - so here it was still around 3 pm on Monday. Turns out that they didn't inform the consulate that day.
Have they filed charges?
From what I understood from Dmitriy's wife (and she wasn't clear on everything under these circumstances, she also has a two-month old child) - yesterday was when he was arraigned. And it was decided that until the trial Dmitriy will stay in jail, because there is no one here to post bail for him. Further more, they did not tell anyone [who could post bail] about the arrest - not us, not the consulate. Obviously, we couldn't do anything yesterday.
After this case, and the arrest of another Russian hacker earlier, one could think that the FBI has established a new operating procedure: lure Russain hackers to the US, and arrest them there, "according to their laws." Have your employees traveled before to meetings like DefCon? Were there no similar stories?
This is a site that has listings for sale by owner - there are local sites like that as well (e.g. http://www.fsbomadison.com/). Happy house-shopping!
Also according to Gartner:
Some 724 U.S.-based respondents had answered questions over the phone for the survey, he said, ranging from small organizations with fewer than 50 PCs to large companies with more than 500 computers, as well as educational institutions, Internet service providers and application service providers.
There is no indication of how these respondents were selected, and how representative they were. I am sure anyone can pick 700 respondents who will show 100% Linux or BSD loaded on new servers.
If tax dollars are funding a project, then the results of that development should be available to everyone and not just people who use one particular license.
What do you mean by available? Obviously Microsoft wants to be able to take publicly funded software, and use it in its proprietary system. What are the chances that they won't tweek the code to be incompatible with the publicly available version (c.f. Kerberos)? Given their current monopoly on the desktop, this means that our tax dollars went to provide R&D and to increase the market cap of Microsoft!
I think this should not be considered proper use of public funds, and I think the GPL is a better guarantee that the software developed with public funds will benefit all of the public, not just a mega-corporation....
Or we can just point them to this: http://www.gnu.org/events/rms-nyu-2001-transcript. txt
If you haven't read or heard RMS' explanation of the FSF philosophy, you should read it...
But what really gives this guy away is that "there can be only one" [immortal] and everybody knows Connor McLeod has already won, so the guy must be a phoney. ...
I bet he is, or Connor would've kicked his butt long ago. I reckon
No, no, no - it is Duncan McLeod who is left now - Connor sacrificed himself so that their combined strength would defeat the bad immortal...
You are right about the ass-kicking, though...
I don't know about you, but for me the primary use of the "source form" would be to modify it, and since that use has not been explicitly forbidden, then modifications should be OK.