1) Viruses can consume significant network resources as the propogate from machine to machine. Since students will usually have professors and other students high in their address book, you'll have combinatorical explosion. Alice infects Bob. Bob infects Carl. Carl tries to infect Alice. Carl infects Diane. Diane tries to infect Alice.
2) Viruses often contain DDoS code. The university, being responsible netizens, will block the forged IP packets... but a large number of infected systems can still generate enough traffic to take down its network.
3) Viruses often contain code to implement packet sniffing. Universities are notorious for old coo... esteemed professors who don't understand that security issues affect them as well. An infected system may allow access to systems essential to ongoing research.
None of this should be viewed as a concession that the university has the right to inspect the student's computer "at will." It does, however, have a legitimate interest in taking reasonable efforts to ensure that these systems remain uninfected.
It's trivial to filter for viruses embedded in other formats. All you have to do is process the message in stages. That's what I'm doing right now with a tool that scans NNTP feeds for "hijack" scripts. The walking dead might be using %nn encoding of HTML within uuencoded blocks, but my software peels the layers of the onion and still pulls out their "
As for the inconvenience and extra work, that is not what happens in practice. A standard notice that an attached executable (or HTML containing scripts or whatever) has been deleted suffices. Alternately, some products put the attachments into a "holding area" which requires explicit actions to retrieve, but I don't think they're actually used that much in practice.
I have a very hard time imagining even one user in 1000 preferring to lose internet connectivity once a month or so, as the University struggles with a viral infection, to being forced to use FTP or a different encoding to receive that rare legitimate executable image.
An important safety tip about LED flashlights, learned through experience.
If you're driving in an unfamiliar area, e.g., the Olympic Penisula, and pull over to the side of the road to figure out where everything else is (since you know exactly where you are, so many miles south of the National Park on the only major street in the area), do NOT use a red LED flashlight.
It makes major roads disappear from the map.
I got *very* confused, since I knew I had driven on some of those missing roads just days earlier. I swear I started to hear the music from the _Twilight Zone_. But turning on the overhead lights revealed the missing road. Red lines illuminated by a red light disappear, and presumably the same thing happens with the other colors as well.
Isn't this covered in some scientific urban legends page?
IIRC, the reason red light doesn't disturb night vision isn't because it's the "lowest energy wavelength," it's because the color receptors contain organic dyes that only respond to a band of frequencies. If the photon is out of that range, too low *or* too high, the receptor won't fire.
Red is outside of the frequency range of two dyes, and on the edge of the third. (If it weren't, we would see infrared and call *it* "red"). With high intensity red light those cells still fire, and other psychological changes would cause the (brain? eye?) to respond mostly with the color receptors. But with a dim red light the dye-free receptors dominate and there's no loss of night vision.
I know this is off the main topic, but what's behind that comment about "having to start over as a freshman" if the university does expel him?
Undergraduate credit at accredited universities usually transfers to other accredited universities. There might be some duplication of effort if the course content doesn't match well, but Mechanical Engineering is one of those areas where you won't see much divergence - there will probably be more time spent meeting residency requirements than retaking familiar courses.
Obviously it would be best to finish the current program, but it's not impossible to change programs. And if the university expelled you without following due process (SEE A LAWYER NOW) any settlement would reasonably include extra costs associated with finishing your degree elsewhere - out-of-state tuition until completion of the degree, relocation expenses, accured interest on student loans, etc. Even if they back off, the administration might have added in such bad faith that it's more reasonable to take the $20k (say) and finish the degree elsewhere than to stay there and risk someone putting a lot of effort into "proving" how they were right about you.
Maybe you just skipped it, but it sounds like the policy is missing an important issue.
What is the exposure to risk?
System-level root passwords need to be *hard*, if you use them at all. I generally create them with a recursive MD5 hash (with random salt mixed in) until I have a password with two uppercase, two lowercase, 2 punctuation, one digit, and one wildcard character. NOBODY will remember it, but nobody has to - these passwords are written onto a 3x5 card, sealed in an envelope, and locked up in a desk agaist truly dire circumstances.
Anyone with root access via sudo should be able to choose their own password intelligently. If their password is compromised, it's a mandatory written reprimand. This tends to make them careful about ensuring that they NEVER use unencrypted channels - no telnet, no ftp. This might seem harsh, but if a sysadmin is sloppy about choosing their password or tools then they're probably sloppy elsewhere, and repeated violations are grounds for serious concern.
As for everyone else - if an attacker can do much damage with these accounts then the finger still points at the sysadmins. The problem, in this case, isn't the bad password, it's the bad file permissions, unapplied security patches, etc.
For other reasons these users should still have reasonable passwords, but until you have shut off every single service that uses unencrypted or trivially encrypted traffic (telnet, ftp, pop3/imap, etc.) then you're just pissing in the wind if you're counting on them to protect your system. Check the password against cracklib to get users in the habit of choosing good passwords (e.g., no "bob2" passwords), but otherwise put your attention someplace where it will do some good.
That's a hack, barely one step above running SMTP over a SSH-forwarded port.
STARTTLS is much better since it is part of the SMTP protocol. This allows it to formalize behavior that a simple tunnel can't, e.g., to refuse to connect to a site because it fails to present the expected cert.
While the SSH layer *could* do this, there's no consistent way to handle this. E.g., if the connection at port 465 fails because of a bad cert, do you send (or accept) the mail anyway at port 23? If so, you've just lost all strong authentication.
End-to-end encryption requires the cooperation of both parties. If they think it's important, they'll figure out a way to make it work. If they don't think it's important, you can't cram it down their throat.
However, you aren't completely powerless. My system runs qmail patched to support STARTTLS - any outbound mail that connects to another site that supports STARTTLS will be encrypted. I'm twisting the arm of my ISP to do the same thing for my inbound mail. (My inbound and outbound mail follow separate paths.)
I believe that the latest versions of most MTAs support STARTTLS now - either directly or via patches. Personally, I consider this upgrade equivalent to a "serious security bug fix," but your package maintainers may disagree.:-)
This is NOT a complete solution - mail is still unencrypted on the disk, and according to a recent, and totally unfathomable, court ruling once mail is backed up to tape by your ISP it loses all ECPA protection. But it *will* stop packet sniffers, traffic analysis (at the user level), and with a bit more work also allows you to provide host-based authentication in addition to encryption.
Maybe I missed something, but why aren't you already using sudo or something similar?
In case you haven't heard of it before, sudo is a SUID program that gives you root access (or restricted root access, e.g., the ability shutdown the system or mount/umount disks, but no more) once you authenticate yourself with *your* password. You never use the actual root password.
Sudo also logs all commands executed. This can save you a *lot* of grief when you're trying to figure out what you did wrong.
Since each person must be named explicitly in a separate control file, it's easy to invalidate users as circumstances change. It's a lot easier to change one file on multiple systems than it is to get everyone to memorize new passwords.
As for the root password, I've found it unnecessary to provide *any* root password - just put a "*" in the/etc/passwd and/etc/shadow fields. The *only* place you really need the root password is if you're running in single-user mode because the fsck failed on boot - and in that case you'll probably want to use a boot/root rescue kit anyway.
If you want to keep a root password around anyway, it should never be routinely used. I personally favor the "write it on a card, put it in a sealed envelope, and (optionally) lock in in your boss's desk. Once you use it once, generate a new random password and repeat" approach.
As others pointed out, none of this will stop anyone from getting into the system their own root disk. But if fear of immediate termination doesn't scare them off, it's easy to remove the floppy and CD-ROM drives.
IANAL, but this happened to me last year. Their return address required a broken MSIE browser to parse, but my ISP was able to track them down.
A polite note, ISP-to-ISP, about facilitating criminal fraud through impersonation since they were accepting messages sent with bogus headers got quick results.
My position, which my ISP may have forwarded, is that I'm a reasonable person. I'm not looking for damages, I'm looking for LICENSING FEES. Specifically, the licensing fee required for retroactive permission to use my domain name in commercial solications by any entity other than my own business. (That business, technically, owns my domain, not me.)
Since I'm oh-so-reasonable, this retroactive permission costs $500 per message, $2k per bounce message. Unless documentation of all messages sent is provided, our contract assumes one bounce message out of every 100 messages, plus a 50% surcharge for failure to maintain adequate documentation. So, for 250 messages please remit:
TABLE DELETED BY SLASHDOT CENSORS
The spammer had no reasonable expectation of any company being indifferent to the misuse of its corporate property, so they either committed a criminal offense or agreed to be bound by the terms of a contract. Since they didn't bother to contact me prior to this use, they implicitly agreed to its terms.Of course, I never expected to collect $20 million. But any ISP with a grain of salt would realize that small charges, multiplied by thousands of acts, would be enough that a contigency based lawyer could decide it was worth it to file a suit naming that ISP as co-defendant. In this case, since I didn't have an active web site at the time, it might have been marginal. But now that I'm bringing a web site online it will definitely include a legal notice that sending forged message without prior written approval constitutes acceptance of a binding contract, arbitrated in *my* state, to pay licensing fees. Minimum $5 million retainer, in cash, non-negotiable.
Heck, for $5 million, I'll sell them my domain name.:-)
It might hold up in court, it might not, but it should scare the pants off of their attorneys because it clearly prior notification of a contract. Contracts don't require signatures, they only require an overt act indicating consent. Such as sending a forged email header, something explicitly covered in that contract as an indication of acceptance - and something which a reasonable person would never do by accident. Especially hundreds of times with different bogus users and message content.
They might have put in a "(DSL?) hotel." That moves some of the gear from the CO to the other size of the fiber, but it requires money, space, money, available bandwidth on the fiber, money, equipment, and did I mention money?
Ironically, the odds of getting this are inversely proportional to how far the fiber runs. If fiber runs to your block (or building!), there's not enough potential customers to justify the expense. But if there's hundreds of potential customers, the phone company can be fairly confident that it can find customers to justify the investment.
What happens when the trains stop running? This is not an idle question - a lot of lines have been abandoned over the past few years. Some people have even claimed that the real value in many remaining rail lines is in the legal right-of-ways, not the rail itself. That's what makes this suit so ironic.
Right now, in many (most?) cases the landowner can rip out the track, plant a garden, dig a pool, whatever. He has full use of the land again.
But now, without any consideration offered, he's enjoined from any such use after the original contact lapses. He can't dig very deep - that would cut the cable. He can't build over the cable, since the fiber optic company would have the legal right to tear down his house to reach their cable. He might not even be able to farm it, depending on how deeply the cable is buried.
He can also anticipate ongoing access. It's unlikely that this was the last fiber optic cable that will ever be laid along this route. The digs might be mildly disruptive when there's an active rail line there, they'll be major disruptions once the rail is gone.
That's why I think the question of surface vs. subsurface misses the point. The real issue is a fundamental change in the nature of this commitment. It's not hard to imagine many (even most) rail lines being abandoned during my lifetime, but not a fiber-optic line. In a city, anticipating possible uses decades away is crazy. But in rural areas that have been farmed or ranched for generations, it's a real loss.
I bought a DDS-2 tape drive on eBay a while back for a few hundred dollars. The magic phrase to watch for is that they're selling the equipment because their own backup needs have changed, not because of any problems.
The company might have *started* as a criminal ripoff, but did it create any value of its own?
If so, then the corporate death penalty starts to sound uncomfortably like a suggestion to kill all of the children of rape. They might have grown up into a widely respected teacher or judge, but they are still ultimately the consequence of a violent criminal act.
Even if this company was nothing but a ripoff, the same argument can be applied to far more organizations than you might think. Is West Virginia a state? (The US Constitution clearly states that states can only be carved out of other states with the latter's consent, but West Virginia was born out of the Civil War.) Is Hawai'i a state? (It was an independent kingdom until American agitators created an excuse for annexation). What about the country as a whole - our "Founding Fathers" were all guilty of treason to the Crown.
Even if we only focus on corporations, how many of the Fortune 500 started out questionably? A lot of the uproar over global enforcement of IP rights reminds me of the old saying about the guy who checks under the bed for hiding lovers....
That said, I think that a corporate death penalty can be warranted by a company's ongoing bad acts. If a person continually puts himself above the law he can be jailed. But what can you do about a corporation? Given the choice of jailing all of the executives (many of whom will be powerless to change the behavior) and a clean corporate execution I prefer the latter.
"Snow," in this context, refers to solid precipitation out of the "atmosphere." That can refer to water ice on the surface the earth, iron flakes at the boundary of the inner and outer core, or hydrocarbons on the surface of Titan.
Nowhere does the article claim that Titan has water snow - it says "hydrocarbon rain and snow". The "hydrocarbon" applies to both.
I hate that analogy. It IS a crime once the other, reasonable, person believes that you really do intend to harm him. "Menacing," IIRC. This can occur long before the fist is anywhere near the nose.
A similar restriction applies to free speech issues. Your right to speak *does not* include the right to block me from the private enjoyment of life. This is why there are all sorts of "time, manner and place" restrictions - a speaker on a soapbox in a public park during a Sunday afternoon is a very different thing than, e.g., someone using a bullhorn to screech at your residence at 2 AM.
However, these restrictions should be based on "presentation" alone, not "content."
(Not a lawyer, but a serious student of civil liberties.)
Re:Astroturfers now define slashdot content
on
Mundie Responds
·
· Score: 5
You're right. It's inexcusable for the Slashdot editors to pay attention to what the readers find interesting!
They should decide what we will read, and when we will read it! AND WE SHOULD LIKE IT!
I mean, letting readers decide what's covered by the media is as silly as... as silly as letting users decide what features the OS and applications should have! That way lies anarchy! Madness! Declining Microsoft stock prices!
If the contract was terminated and the only question was whether to accept partial payment or fight for more, your analysis is reasonable.
But as I read the question, this guy is being asked to accept a unilateral, retroactive change to an existing *and ongoing* contract. If his company agrees, what's next? They'll have no grounds to complain when the company retroactively cuts payments in half again in 6 months, then again, then yet again. Having gotten away with it once, why on earth wouldn't the company try the same trick again?
Worse, by accepting this it's possible that his company is setting itself up for a lawsuit for "breech of contract" once it decides that enough is enough and tries to yank the ads before the end of the contract. Right now, it's likely that the other company has breeched the contract and his employer can yank the ads without risk. (The details, as always, are in the contract.) Once they've demonstrated a willingness to honor the contract despite non-payment, they might lose the right to consider non-payment a material breech in the future.
IANAL, and I'll be the first to admit that this is one of those cases where you need to bring one in. Not to tell you what assholes the other guys are, but to tell you what you need to do to keep your options open in the future.
P.S., if we are talking about an ongoing contract, the money at question isn't just the late payments. It's also half of every payment through the end of the contract. A lawyer might be able to make a good case that *this* is amount of money in question in any suit, plus treble damages for breech of contract.
The only problem with this analogy is that the precession of Mercury's perihelion occured in the area of the highest graviational field within 4 light years. This is where you would expect to find simplier theories to break down.
In contrast, the probes are in areas with a relatively small gravitational field. While the field is smaller than anything this side of Pluto's orbit, it's not that much smaller. (The contribution from the sun is lower, but the contribution from the entire Milky Way, and our gravitationally bound galactic cluster, is just as large.) A breakdown in the existing theory just doesn't make sense here - and even if it does break down, where does the energy come from?
As for the issue of the space of the universe... get a grip.:-) The shape of galaxies - and interactions of galaxies in clusters and super-clusters, shows that the universe is "flat" on the scale of many millions of light years. If you equate that to the size of the earth, then 1 meter represents about 1 LY, and the helipause will easily fit within a postage stamp. Or maybe the period at the end of this line. Something definitely "flat" by any reasonable definition.
Having studied both math and physics to the graduate level, the need for assistance varies with the level of the material.
First-year calculus is baby math. Computer assistance can help many students learn the concepts, but it's not really necessary.
But by the time you hit the highest math most engineering students see - vector analysis, matrix theory, differential equations, computers become valuable tools even if they do nothing but keep everything neat and tidy. If someone thinks it's cheating for the computer to do this rote stuff, I DEMAND that they say the same thing about all of those cheating students using MS Office instead of quill pens - the former includes spelling checkers, grammar checkers, a thesaurus and dictionary, etc.
(I do have concerns about these programs being used to actually solve the problem, but most (all?) can be used in an "editor" type mode.)
When you get into the heavy math - PDQ with boundary conditions, special functions, and (shudder) tensor analysis, you're at the point where you *will* be shelling out big bucks for your own copy of thick reference books. You can do this by hand (I did), but you can easily spend 30 minutes at each step just copying the information from one step to the next, carefully checking that you didn't transpose entries, convert a contravariant index to a covariant one, etc.
As an aside, I actually revisited my PDQ boundary problem class 15 years later in a parallel computing class. I had done the Fourier transforms analytically before, and could only handle very limited forcing functions. Doing it numerically (with FFTs) I could handle a much broader range of problem but I was the only person in the class who had a clue what was going on.
I'm a strong believer in the value of analytical techniques for getting the deep insights, but at the same time I think it's not an exaggeration to say that a quarter of my college experience was wasted in mindless rote work. At that time, a "small computer" was still a departmental PDP11/780, so it was probably unavoidable. But not today.
"Terrorists attacking beanstalks" is a very common theme. I've seen several short stories directly address the attacks, and indirect references in Friday (Robert Heinlein; Lima stalk) and the David Brin "Startide Rising" universe (where one character's last view of his wife was her losing her grip at the 20 km level... but I think that was just a partial stalk.
In fact, I believe the first story involving beanstalks involve an attack on one - the companion "science fact" article explained their physics. I'm sure I'll remember the name of the author just after I hit submit - probably either Benford or Sheffeld.
There's also that recently passed Federal law that recognizes "electronic signatures" based on key clicks and similiar trivial acts. As you can probably guess, I think that this bill goes too far because it's far too easy for action to not match intent (ever hit the wrong button?), to say nothing of the mischief possible with forged authorization.
On a related note to the prior post, the legal definition of "signature" is any tangible mark made by the hand. There's nothing about it being in "cursive," or even being your own name. That's why an "unsigned" check can still go through the system - the 'signature' is the rest of the check being filled out.
The authors are trying to balance brevity (shorter documents are more likely to be fully read and understood) and exhaustiveness.
RFC821 is obsolete and should not be the primary reference.
However, if you're using some obscure feature of 821, it's included by reference in 2821 and shouldn't be considered <i>prima facie</i> non-compliance.
Slashdot Mirror
Let's see...
1) Viruses can consume significant network resources as the propogate from machine to machine. Since students will usually have professors and other students high in their address book, you'll have combinatorical explosion. Alice infects Bob. Bob infects Carl. Carl tries to infect Alice. Carl infects Diane. Diane tries to infect Alice.
2) Viruses often contain DDoS code. The university, being responsible netizens, will block the forged IP packets... but a large number of infected systems can still generate enough traffic to take down its network.
3) Viruses often contain code to implement packet sniffing. Universities are notorious for old coo... esteemed professors who don't understand that security issues affect them as well. An infected system may allow access to systems essential to ongoing research.
None of this should be viewed as a concession that the university has the right to inspect the student's computer "at will." It does, however, have a legitimate interest in taking reasonable efforts to ensure that these systems remain uninfected.
It's trivial to filter for viruses embedded in other formats. All you have to do is process the message in stages. That's what I'm doing right now with a tool that scans NNTP feeds for "hijack" scripts. The walking dead might be using %nn encoding of HTML within uuencoded blocks, but my software peels the layers of the onion and still pulls out their "
As for the inconvenience and extra work, that is not what happens in practice. A standard notice that an attached executable (or HTML containing scripts or whatever) has been deleted suffices. Alternately, some products put the attachments into a "holding area" which requires explicit actions to retrieve, but I don't think they're actually used that much in practice.
I have a very hard time imagining even one user in 1000 preferring to lose internet connectivity once a month or so, as the University struggles with a viral infection, to being forced to use FTP or a different encoding to receive that rare legitimate executable image.
An important safety tip about LED flashlights, learned through experience.
If you're driving in an unfamiliar area, e.g., the Olympic Penisula, and pull over to the side of the road to figure out where everything else is (since you know exactly where you are, so many miles south of the National Park on the only major street in the area), do NOT use a red LED flashlight.
It makes major roads disappear from the map.
I got *very* confused, since I knew I had driven on some of those missing roads just days earlier. I swear I started to hear the music from the _Twilight Zone_. But turning on the overhead lights revealed the missing road. Red lines illuminated by a red light disappear, and presumably the same thing happens with the other colors as well.
Isn't this covered in some scientific urban legends page?
IIRC, the reason red light doesn't disturb night vision isn't because it's the "lowest energy wavelength," it's because the color receptors contain organic dyes that only respond to a band of frequencies. If the photon is out of that range, too low *or* too high, the receptor won't fire.
Red is outside of the frequency range of two dyes, and on the edge of the third. (If it weren't, we would see infrared and call *it* "red"). With high intensity red light those cells still fire, and other psychological changes would cause the (brain? eye?) to respond mostly with the color receptors. But with a dim red light the dye-free receptors dominate and there's no loss of night vision.
I know this is off the main topic, but what's behind that comment about "having to start over as a freshman" if the university does expel him?
Undergraduate credit at accredited universities usually transfers to other accredited universities. There might be some duplication of effort if the course content doesn't match well, but Mechanical Engineering is one of those areas where you won't see much divergence - there will probably be more time spent meeting residency requirements than retaking familiar courses.
Obviously it would be best to finish the current program, but it's not impossible to change programs. And if the university expelled you without following due process (SEE A LAWYER NOW) any settlement would reasonably include extra costs associated with finishing your degree elsewhere - out-of-state tuition until completion of the degree, relocation expenses, accured interest on student loans, etc. Even if they back off, the administration might have added in such bad faith that it's more reasonable to take the $20k (say) and finish the degree elsewhere than to stay there and risk someone putting a lot of effort into "proving" how they were right about you.
Maybe you just skipped it, but it sounds like the policy is missing an important issue.
What is the exposure to risk?
System-level root passwords need to be *hard*, if you use them at all. I generally create them with a recursive MD5 hash (with random salt mixed in) until I have a password with two uppercase, two lowercase, 2 punctuation, one digit, and one wildcard character. NOBODY will remember it, but nobody has to - these passwords are written onto a 3x5 card, sealed in an envelope, and locked up in a desk agaist truly dire circumstances.
Anyone with root access via sudo should be able to choose their own password intelligently. If their password is compromised, it's a mandatory written reprimand. This tends to make them careful about ensuring that they NEVER use unencrypted channels - no telnet, no ftp. This might seem harsh, but if a sysadmin is sloppy about choosing their password or tools then they're probably sloppy elsewhere, and repeated violations are grounds for serious concern.
As for everyone else - if an attacker can do much damage with these accounts then the finger still points at the sysadmins. The problem, in this case, isn't the bad password, it's the bad file permissions, unapplied security patches, etc.
For other reasons these users should still have reasonable passwords, but until you have shut off every single service that uses unencrypted or trivially encrypted traffic (telnet, ftp, pop3/imap, etc.) then you're just pissing in the wind if you're counting on them to protect your system. Check the password against cracklib to get users in the habit of choosing good passwords (e.g., no "bob2" passwords), but otherwise put your attention someplace where it will do some good.
That's a hack, barely one step above running SMTP over a SSH-forwarded port.
STARTTLS is much better since it is part of the SMTP protocol. This allows it to formalize behavior that a simple tunnel can't, e.g., to refuse to connect to a site because it fails to present the expected cert.
While the SSH layer *could* do this, there's no consistent way to handle this. E.g., if the connection at port 465 fails because of a bad cert, do you send (or accept) the mail anyway at port 23? If so, you've just lost all strong authentication.
End-to-end encryption requires the cooperation of both parties. If they think it's important, they'll figure out a way to make it work. If they don't think it's important, you can't cram it down their throat.
:-)
However, you aren't completely powerless. My system runs qmail patched to support STARTTLS - any outbound mail that connects to another site that supports STARTTLS will be encrypted. I'm twisting the arm of my ISP to do the same thing for my inbound mail. (My inbound and outbound mail follow separate paths.)
I believe that the latest versions of most MTAs support STARTTLS now - either directly or via patches. Personally, I consider this upgrade equivalent to a "serious security bug fix," but your package maintainers may disagree.
This is NOT a complete solution - mail is still unencrypted on the disk, and according to a recent, and totally unfathomable, court ruling once mail is backed up to tape by your ISP it loses all ECPA protection. But it *will* stop packet sniffers, traffic analysis (at the user level), and with a bit more work also allows you to provide host-based authentication in addition to encryption.
Maybe I missed something, but why aren't you already using sudo or something similar?
/etc/passwd and /etc/shadow fields. The *only* place you really need the root password is if you're running in single-user mode because the fsck failed on boot - and in that case you'll probably want to use a boot/root rescue kit anyway.
In case you haven't heard of it before, sudo is a SUID program that gives you root access (or restricted root access, e.g., the ability shutdown the system or mount/umount disks, but no more) once you authenticate yourself with *your* password. You never use the actual root password.
Sudo also logs all commands executed. This can save you a *lot* of grief when you're trying to figure out what you did wrong.
Since each person must be named explicitly in a separate control file, it's easy to invalidate users as circumstances change. It's a lot easier to change one file on multiple systems than it is to get everyone to memorize new passwords.
As for the root password, I've found it unnecessary to provide *any* root password - just put a "*" in the
If you want to keep a root password around anyway, it should never be routinely used. I personally favor the "write it on a card, put it in a sealed envelope, and (optionally) lock in in your boss's desk. Once you use it once, generate a new random password and repeat" approach.
As others pointed out, none of this will stop anyone from getting into the system their own root disk. But if fear of immediate termination doesn't scare them off, it's easy to remove the floppy and CD-ROM drives.
IANAL, but this happened to me last year. Their return address required a broken MSIE browser to parse, but my ISP was able to track them down. A polite note, ISP-to-ISP, about facilitating criminal fraud through impersonation since they were accepting messages sent with bogus headers got quick results. My position, which my ISP may have forwarded, is that I'm a reasonable person. I'm not looking for damages, I'm looking for LICENSING FEES. Specifically, the licensing fee required for retroactive permission to use my domain name in commercial solications by any entity other than my own business. (That business, technically, owns my domain, not me.) Since I'm oh-so-reasonable, this retroactive permission costs $500 per message, $2k per bounce message. Unless documentation of all messages sent is provided, our contract assumes one bounce message out of every 100 messages, plus a 50% surcharge for failure to maintain adequate documentation. So, for 250 messages please remit: TABLE DELETED BY SLASHDOT CENSORS The spammer had no reasonable expectation of any company being indifferent to the misuse of its corporate property, so they either committed a criminal offense or agreed to be bound by the terms of a contract. Since they didn't bother to contact me prior to this use, they implicitly agreed to its terms.Of course, I never expected to collect $20 million. But any ISP with a grain of salt would realize that small charges, multiplied by thousands of acts, would be enough that a contigency based lawyer could decide it was worth it to file a suit naming that ISP as co-defendant. In this case, since I didn't have an active web site at the time, it might have been marginal. But now that I'm bringing a web site online it will definitely include a legal notice that sending forged message without prior written approval constitutes acceptance of a binding contract, arbitrated in *my* state, to pay licensing fees. Minimum $5 million retainer, in cash, non-negotiable. Heck, for $5 million, I'll sell them my domain name. :-)
It might hold up in court, it might not, but it should scare the pants off of their attorneys because it clearly prior notification of a contract. Contracts don't require signatures, they only require an overt act indicating consent. Such as sending a forged email header, something explicitly covered in that contract as an indication of acceptance - and something which a reasonable person would never do by accident. Especially hundreds of times with different bogus users and message content.
They might have put in a "(DSL?) hotel." That moves some of the gear from the CO to the other size of the fiber, but it requires money, space, money, available bandwidth on the fiber, money, equipment, and did I mention money?
Ironically, the odds of getting this are inversely proportional to how far the fiber runs. If fiber runs to your block (or building!), there's not enough potential customers to justify the expense. But if there's hundreds of potential customers, the phone company can be fairly confident that it can find customers to justify the investment.
What happens when the trains stop running? This is not an idle question - a lot of lines have been abandoned over the past few years. Some people have even claimed that the real value in many remaining rail lines is in the legal right-of-ways, not the rail itself. That's what makes this suit so ironic.
Right now, in many (most?) cases the landowner can rip out the track, plant a garden, dig a pool, whatever. He has full use of the land again.
But now, without any consideration offered, he's enjoined from any such use after the original contact lapses. He can't dig very deep - that would cut the cable. He can't build over the cable, since the fiber optic company would have the legal right to tear down his house to reach their cable. He might not even be able to farm it, depending on how deeply the cable is buried.
He can also anticipate ongoing access. It's unlikely that this was the last fiber optic cable that will ever be laid along this route. The digs might be mildly disruptive when there's an active rail line there, they'll be major disruptions once the rail is gone.
That's why I think the question of surface vs. subsurface misses the point. The real issue is a fundamental change in the nature of this commitment. It's not hard to imagine many (even most) rail lines being abandoned during my lifetime, but not a fiber-optic line. In a city, anticipating possible uses decades away is crazy. But in rural areas that have been farmed or ranched for generations, it's a real loss.
I bought a DDS-2 tape drive on eBay a while back for a few hundred dollars. The magic phrase to watch for is that they're selling the equipment because their own backup needs have changed, not because of any problems.
The company might have *started* as a criminal ripoff, but did it create any value of its own?
If so, then the corporate death penalty starts to sound uncomfortably like a suggestion to kill all of the children of rape. They might have grown up into a widely respected teacher or judge, but they are still ultimately the consequence of a violent criminal act.
Even if this company was nothing but a ripoff, the same argument can be applied to far more organizations than you might think. Is West Virginia a state? (The US Constitution clearly states that states can only be carved out of other states with the latter's consent, but West Virginia was born out of the Civil War.) Is Hawai'i a state? (It was an independent kingdom until American agitators created an excuse for annexation). What about the country as a whole - our "Founding Fathers" were all guilty of treason to the Crown.
Even if we only focus on corporations, how many of the Fortune 500 started out questionably? A lot of the uproar over global enforcement of IP rights reminds me of the old saying about the guy who checks under the bed for hiding lovers....
That said, I think that a corporate death penalty can be warranted by a company's ongoing bad acts. If a person continually puts himself above the law he can be jailed. But what can you do about a corporation? Given the choice of jailing all of the executives (many of whom will be powerless to change the behavior) and a clean corporate execution I prefer the latter.
Has she checked with the state's Dept. of Labor and Employment, or whatever it's called locally?
(This assumes she was legally an employee, but if they promised insurance that seems to be a given.)
The real question is if Whistler will support more than 26 partitions on a single disk.
"Snow," in this context, refers to solid precipitation out of the "atmosphere." That can refer to water ice on the surface the earth, iron flakes at the boundary of the inner and outer core, or hydrocarbons on the surface of Titan.
Nowhere does the article claim that Titan has water snow - it says "hydrocarbon rain and snow". The "hydrocarbon" applies to both.
I hate that analogy. It IS a crime once the other, reasonable, person believes that you really do intend to harm him. "Menacing," IIRC. This can occur long before the fist is anywhere near the nose.
A similar restriction applies to free speech issues. Your right to speak *does not* include the right to block me from the private enjoyment of life. This is why there are all sorts of "time, manner and place" restrictions - a speaker on a soapbox in a public park during a Sunday afternoon is a very different thing than, e.g., someone using a bullhorn to screech at your residence at 2 AM.
However, these restrictions should be based on "presentation" alone, not "content."
(Not a lawyer, but a serious student of civil liberties.)
You're right. It's inexcusable for the Slashdot editors to pay attention to what the readers find interesting!
They should decide what we will read, and when we will read it! AND WE SHOULD LIKE IT!
I mean, letting readers decide what's covered by the media is as silly as... as silly as letting users decide what features the OS and applications should have! That way lies anarchy! Madness! Declining Microsoft stock prices!
If the contract was terminated and the only question was whether to accept partial payment or fight for more, your analysis is reasonable.
But as I read the question, this guy is being asked to accept a unilateral, retroactive change to an existing *and ongoing* contract. If his company agrees, what's next? They'll have no grounds to complain when the company retroactively cuts payments in half again in 6 months, then again, then yet again. Having gotten away with it once, why on earth wouldn't the company try the same trick again?
Worse, by accepting this it's possible that his company is setting itself up for a lawsuit for "breech of contract" once it decides that enough is enough and tries to yank the ads before the end of the contract. Right now, it's likely that the other company has breeched the contract and his employer can yank the ads without risk. (The details, as always, are in the contract.) Once they've demonstrated a willingness to honor the contract despite non-payment, they might lose the right to consider non-payment a material breech in the future.
IANAL, and I'll be the first to admit that this is one of those cases where you need to bring one in. Not to tell you what assholes the other guys are, but to tell you what you need to do to keep your options open in the future.
P.S., if we are talking about an ongoing contract, the money at question isn't just the late payments. It's also half of every payment through the end of the contract. A lawyer might be able to make a good case that *this* is amount of money in question in any suit, plus treble damages for breech of contract.
The only problem with this analogy is that the precession of Mercury's perihelion occured in the area of the highest graviational field within 4 light years. This is where you would expect to find simplier theories to break down.
:-) The shape of galaxies - and interactions of galaxies in clusters and super-clusters, shows that the universe is "flat" on the scale of many millions of light years. If you equate that to the size of the earth, then 1 meter represents about 1 LY, and the helipause will easily fit within a postage stamp. Or maybe the period at the end of this line. Something definitely "flat" by any reasonable definition.
In contrast, the probes are in areas with a relatively small gravitational field. While the field is smaller than anything this side of Pluto's orbit, it's not that much smaller. (The contribution from the sun is lower, but the contribution from the entire Milky Way, and our gravitationally bound galactic cluster, is just as large.) A breakdown in the existing theory just doesn't make sense here - and even if it does break down, where does the energy come from?
As for the issue of the space of the universe... get a grip.
Having studied both math and physics to the graduate level, the need for assistance varies with the level of the material.
First-year calculus is baby math. Computer assistance can help many students learn the concepts, but it's not really necessary.
But by the time you hit the highest math most engineering students see - vector analysis, matrix theory, differential equations, computers become valuable tools even if they do nothing but keep everything neat and tidy. If someone thinks it's cheating for the computer to do this rote stuff, I DEMAND that they say the same thing about all of those cheating students using MS Office instead of quill pens - the former includes spelling checkers, grammar checkers, a thesaurus and dictionary, etc.
(I do have concerns about these programs being used to actually solve the problem, but most (all?) can be used in an "editor" type mode.)
When you get into the heavy math - PDQ with boundary conditions, special functions, and (shudder) tensor analysis, you're at the point where you *will* be shelling out big bucks for your own copy of thick reference books. You can do this by hand (I did), but you can easily spend 30 minutes at each step just copying the information from one step to the next, carefully checking that you didn't transpose entries, convert a contravariant index to a covariant one, etc.
As an aside, I actually revisited my PDQ boundary problem class 15 years later in a parallel computing class. I had done the Fourier transforms analytically before, and could only handle very limited forcing functions. Doing it numerically (with FFTs) I could handle a much broader range of problem but I was the only person in the class who had a clue what was going on.
I'm a strong believer in the value of analytical techniques for getting the deep insights, but at the same time I think it's not an exaggeration to say that a quarter of my college experience was wasted in mindless rote work. At that time, a "small computer" was still a departmental PDP11/780, so it was probably unavoidable. But not today.
"Terrorists attacking beanstalks" is a very common theme. I've seen several short stories directly address the attacks, and indirect references in Friday (Robert Heinlein; Lima stalk) and the David Brin "Startide Rising" universe (where one character's last view of his wife was her losing her grip at the 20 km level... but I think that was just a partial stalk.
In fact, I believe the first story involving beanstalks involve an attack on one - the companion "science fact" article explained their physics. I'm sure I'll remember the name of the author just after I hit submit - probably either Benford or Sheffeld.
There's also that recently passed Federal law that recognizes "electronic signatures" based on key clicks and similiar trivial acts. As you can probably guess, I think that this bill goes too far because it's far too easy for action to not match intent (ever hit the wrong button?), to say nothing of the mischief possible with forged authorization.
On a related note to the prior post, the legal definition of "signature" is any tangible mark made by the hand. There's nothing about it being in "cursive," or even being your own name. That's why an "unsigned" check can still go through the system - the 'signature' is the rest of the check being filled out.
The authors are trying to balance brevity (shorter documents are more likely to be fully read and understood) and exhaustiveness.
RFC821 is obsolete and should not be the primary reference.
However, if you're using some obscure feature of 821, it's included by reference in 2821 and shouldn't be considered <i>prima facie</i> non-compliance.