Odd...I got my card almost a year before that, and it comes with software that can record to mpeg-1. I'll see if I can dredge up the original CDs (don't have the Hauppage software on that comp anymore - it's linux-only - still works like a charm) and see if there's a date on 'em, or at least a version number. It's possible it was a prerelease version, as you mentioned.
The patent is fairly specific in regards to the actual recording process - in that the input stream is encoded to mpeg-1 - I'm not entirely sure, but I doubt VCRs used mpeg-1 (although I've seen some VCRs that do a much worse job of recording, and some that do a much better job!)
The real question comes if Tivo tries to enforce their patent based on principle rather than process - claiming rights to ANY digital recording of one TV signal while watching another, regardless of medium or compression format used. That could become scary in the current legal climate in the US.
How many current TV cards (Hauppauge, etc...) are able to do this kind of encoding? How many of those can watch a second channel while you're recording from the first? I have an older Hauppauge card that can in fact do mpeg stream encoding, but it lacks the second tuner required to watch another channel. It wouldn't suprise me if one of the newer cards (from any company) had the second tuner - and if it predates Tivo's patent, that *could* be prior art, depending on the specifics.
...right =) CIPA is the "Children's Inline Protection Act" - proposed to protect our children from the perils of Inline Skates, which, as everone knows, can cause severe, lasting trauma in children, considered worse, even, than pr0n by some prominent physicians and psychologists that I will conveniently fail to mention by name. We must make sure it passes, so that we can protect the children from being scarred for life. We must outlaw the use of Inline Skates in public places, such as libraries, and schools! We must prevent the unauthorized sale of Inline Skates to those under the age of 30, by severely punishing those evil, EVIL storeowners who push their wares on our unsuspecting, innocent children!
This post has been rated;P by me, for poor humor and sarcasm.
They're not *quite* identical - pckeyboard's version has a "tall" return key, whilst the version in your shots has the more conventional "wide" return key. (which is the type I prefer)
Any chance you have it kicking around and could snag the model number for me?
I've always wondered about this as well - since I hardly ever use the keypad, I wouldn't mind not having it there (dark clouds, thunder) - unfortunately, I have yet to find a mechanical spring keyboard as well-constructed as the old IBM keyboard I currently use, that doesn't include a keypad.
The "Happy Hacking Keyboard" is close, but it's rubber-dome rather than spring-based.
Anyone know of a company putting out well-constructed spring keyboards without keypads at a reasonable price?
How about putting the cpu/memory in the stand for the monitor, and putting the heavy drives into the left-hand piece, leaving the right-hand one light enough to easily mouse with?
That way, you can throw a (small) fan into the base to dissipate heat from the cpu/memory, keep the drives in the stable left-hand portion, and the right-hand portion becomes the mouse.
Of course, if you start moving all the heavier parts (drives, etc...) into the base, you end up with something similar to the slim desktop Vaios...
Heh - if they made those keyboards with the old-style springs rather than cheapo rubber domes, I'd order one. As it is, I have a retro IBM keyboard I use with my laptop when I'm at home. It's big, heavy, and makes VERY loud clicking while typing. In short, it's wonderful to type with it on my lap - if it had a built-in trackpoint (nipple) or even a micro-trackball on the right-hand side, it'd be perfect. A lot moreso than the keyboard/trackpad on my laptop, where my palms always seem to activate the trackpad at inopportune times while I'm typing...
"But right now, I wouldn't even be able to let him go to the library alone because there are no controls installed there."
It's called "letting go". It's called "trust". If you teach your kids right from wrong, spend time with them, and show them how to do things the right way, there's a good chance they'll pick up on it.
But kids will be kids. They will get in trouble. They will do things they're not supposed to do. It's their way of exploring their environment and their society.
I remember when I was in middle school, we had an overnight party - there were maybe 8 of us there, all good, decent, upstanding kids. One of my friends "smuggled" one of his dad's pr0n videotapes out of the house, and we watched it. It was one of those "No! Turn it down! Joe's parents might hear us!" things. We knew it was "morally objectionable" to society, but we didn't know *why*, as society deigned to "protect" us from it. We watched it anyway. And you know what? Other than the shock factor, we weren't impressed. It didn't scar us for life, make us drop out of school, or turn us violent. It didn't turn us into womanizers or leches.
But these are the things that kids do. If something is "forbidden", or if they're "protected" from it, it just makes them more curious, if only to know *why* they're being protected from it. They'll find out about it eventually, whether it be from you as their parent, from their peers, or on their own.
Kids are also a lot smarter than we give them credit for. If they're determined enough (and kids can be VERY single-minded) they *will* find a way around any barriers thrown in their way.
The bottom line is that no matter how much you want to protect and shield them from everything "bad" in the world, you have to let kids be kids, and learn how to deal with these types of things on their own. Guidance is OK, but in some cases, the kid is going to go contrary to what *you* would want them to do. It's natural and perfectly normal. It's how they learn to deal with their world.
As long as you have taught them right from wrong, you've done your job. Now you have to trust them enough to let them go.
Then they make it work with ANY IM client - AIM, ICQ, Jabber, Yahoo, MSN, etc... (Jabber would probably be a good start here - port the existing infrastructure to a jabber-based model, then plug in other IMs at will =)
Of course, I'm sleep-deprived and running solely on caffeine, so this probably is a really, really stupid idea, since it sounds cool to me;)
The real motivation is that our Congress is comprised of wealthy, well-to-do people who have been wealthy and well-to-do all of their lives. They act out of a single purpose - to increase their personal wealth. Does helping the "common worker" get them wealthy? Nope. It gets them goodwill - which is worth exactly nothing in terms of cold, hard cash. Does helping a huge megacorp who pays you kickbacks (filtered through an appropriate "Special Interest Group", of course) get them wealthy? You bet.
Take the situation where you have two guys who want you to do something for them. One of them is a rather pathetic excuse for a human being, obviously in need of your help, but with nothing to give in return. The other is well dressed, and is offering you $100,000.00 to help him out. Who would you help? Most people would take the cash. Our Congress is no different, regardless of how they are *supposed* to work.
Another situation where something works very well in theory, but sucks in practice.
Hmmm...sounds a lot like Windows Update (*shudder*)
In *theory* Windows Update isn't such a bad idea. The main underlying issue is that it isn't full disclosure, and the patches themselves are closed - so you can't verify that they actually WILL do what they SAY they will do.
Windows Update reads from the registry to find out what you have installed, and what you don't. Considering how much information is stored in the registry, and the fact that it's closed, there's no way of knowing exactly what information it does send back to M$ about your system, besides the contents and their update status.
What would be cool would be to simply portscan (the same method the crackers use to get in) the machine in question, then act on those vulnerabilities only, reporting to the user exactly what is being done, and any holes that have been found/closed.
Basically Windows Update done right.
In *theory* it's a great idea. In practice, it may suck. Some people open things intentionally. Some people NEED (for whatever reason) to use an insecure version of [certain program].
There's also the possibility of infecting the base site, or it's mirrors - and having the infection spread exponentially.
Simple solution. Sterilize the worm. Make it non-replicating. That way, it goes in, innoculates, patches the hole, and then deletes itself, possibly sending an email to root saying "Hey, I noticed you were previously hacked, and undid the damage - logs attached - if you want to become a scanning node for this innoculator, contact [blah]"
That way, it still does the "nice" stuff, and leaves it up to the sysadmin as to whether or not to become a redistribution point for the fix.
If a burglar has already broken a jewelry store window, gone in, stolen some stuff, and left, it's OK to enter through the same broken window, as long as you are just picking up the broken glass.
I'm sure the cops would just LOVE to hear that explanation;P
Either way, it's still an intrusion, whether it's benign or not.
If it propagates itself in the same way (portscanning, etc...) then it's still using bandwidth without permission, even if it is for a good cause.
The problem is that it won't just affect previously compromised boxes - it will affect bandwidth. Bandwidth is not free - in fact, it can be quite expensive. All those portscans, successful or not, are still going to chew into the bandwidth of everyone on the subnet.
Now, if someone AGREES to become a scanning node, that's another matter. They're consenting to allowing their machine to portscan others. They're consenting to allowing the benevolent worm to use their bandwidth to propagate itself and help others. They're accepting responsibility.
If they didn't agree, then the worm has NO RIGHT to use their bandwidth, even if it is to help others, or clean up after malicious hackers. Unless someone has agreed to allow you to use their resources, it's stealing.
I think the concept is a good one, however. I think if the worm were "sterilized", so that it simply went in, innoculated, patched the hole, then quietly deleted itself - noone would have an issue. If the same worm emailed root@whatever.host with a url to download the propagation software, that would be cool too.
The problem with that last part is that the malicious worms could do the same thing, masquerading as "fixes".
...and you don't use proper grammar - should be "You're an idiot";P
The whole point is that A) Idiots dont secure there boxes. B) They won't be bothered to. C) Worms will hit them anyway. D) May as well make it so that when they do get hit, the hole is plugged.
A) I agree - there are many people who do not secure their boxes, even though it is tantamount to idiocy to not do so.
B) This is the kicker. If they're not even going to TRY, they deserve everything they get.
C) Given A and B, yes. I agree here as well.
D) I'm all for plugging security holes, wherever possible. I'm not all for use of other people's bandwidth without their permission, whether the use is benign or not.
So that makes you an idiot.
Maybe I was. I definitely was uninformed and ill-prepared. What I should have done was download the updated rpms from Windows, before beginning the install. Instead, I figured it would be "safe" to install, then download the updates. Live and learn.
The point is that I did something about it. I disconnected my system from the 'net, innoculated it, and downloaded the updates seperately, then updated before reconnecting to the 'net under linux. I wasn't totally helpless, and I knew how to diagnose and repair what was wrong. A lot of people don't.
For them, a simple modification of the "worm", to sterilize it, would work wonders. They'd just have to go to the site, and get scanned/innoculated. The innoculation process, because of the sterilization, wouldn't leave the worm itself on the user's system. It wouldn't suck up bandwith portscanning all their peers. It wouldn't break into other systems (previously cracked or not). It would simply innoculate, patch the hole, and delete itself.
To NOT be an idiot: 1) Read the article. 2) Repeat step 1 until you COMPREHEND the article's points, not just the title. 3) Read a few comments before you post.
I did read the article. I disagree with the use of other people's bandwidth without their permission, regardless of the purpose. If they give their permission to become a scanning node, that's fine. If they don't, it's not right to do it behind their back, even if you're just scanning for other, infected boxes, and spawning a fix.
Even if the bandwidth consumption is minimal for one machine, what happens when an entire corporate network gets infected? Several hundred machines constantly portscanning one another is COSTLY in terms of bandwidth.
Perhaps you should fully read comments before you respond and call someone an idiot.
Then again, you're a troll, so I suppose it's your job not to.;P
Well, I'm no expert...one of my boxes was hit by Ramen shortly after installation of RH6.2, before I could finish downloading the update rpms from RedHat's site - seems someone on my local cable node had already been infected, so as soon as I got it installed BLAMMO! there it was. Did the cleanup/innoculation myself, and learned quite a bit in the process. (switched to Debian later that week)
The thing that tipped me off to the worm's presence? My eth0 activity was sky-high, and I wasn't (to my knowledge) transferring anything.
Now, I'm not saying a "good" worm is a bad thing - but I'm not entirely sure that it would be easy to tell the good from the bad at first glance. If these things propagate in the same way as the bad worms do, then people are still going to see their network card's usage jump up VERY high. People are still going to be portscanning other people's boxes, without knowing, and without other people's permission. It's still suspicious activity, regardless of the purpose.
I can see an alternative though. Set up a website (or better yet, a voluntary series of mirrored sites) where users can go, and ASK to have their computer portscanned, and fixed if necessary. Make the "good" worms "sterile" (IE: unable to reproduce) so if the machine is infected, it can be automatically innoculated and patched against further infection.
Want to know if you're infected? Just go to the site, and have it scan you, fix any problems it finds, and email you the results (or alternatively display them on the webpage). Have the same set of pages offer a tar.gz/deb/rpm of their site, including the scan/vaccination tools, so people can set up their own mirrors. Have the mirrors periodically checksum each other (say, weekly/monthly), to make sure they're all updated correctly, and that their payloads haven't changed.
By making the process voluntary, and the worms sterile, you're only providing the innoculation service, not another (benign) infection.
By allowing users with the disk space/bandwidth to set up their own mirrors, you eliminate the single-point-of-failure.
By periodically checksumming known mirrors' copies of the patches, you make sure people don't abuse the system to deliver malicious worms, rather than distribute the benign ones.
The trick is making sure users actually go to these sites, and scan their machines every once in a while. A few conspicuous links on security sites, and major *nix hubs would help there.
Possibly even a "reactive" script that would detect worm activity, and email root@source.ip.of.scan, suggesting they go get scanned...hrmm...on second thought, that one could be exploited by the "dark side" as well - send a false email to root@whatever saying "I think you're infected, go scan yourself here" where "here" actually points at a delivery system for a malicious worm...ok, so that part's not a good idea.
I'm just thinking here - second cup of coffee stuff;P
Hrmm..problem is the infrastructure is expensive and involves burying the cables, which is extremely poor for the environment, etc...etc...etc...
Wireless seemed like a good idea, but if what you say is true, traditional sattelite methods wouldn't work too well.
Sounds like we need something new to be able to do this well. Grr... And Alaska seemed so perfect a location for this type of thing. Maybe a giant spike at the rotational North Pole...nah;P
The idea of orbital datahavens still sounds good to me though - too bad it'll never happen.
Things like thousands of miles of data cables. Never mind that you might want to hook up not just to North America, but also to Asia and Europe. Enviromental factors in terms of the cold effect on equipment. Effects from Solar Storms (northern lights, etc)
Eh...ditch the thousands of miles of data cables and use a sattelite uplink. Encrypted, of course. The auroras might give some problems with this though - I'm no expert in that field, but it would seem to me that they might have some effect. Perhaps a way to utilize the periodic auroras could be found (ok, now I'm just getting silly and speculating)
Now that I'm thinking about it, why not start junking the old obsolete sattelites up there and replacing 'em with sattelite-based data storage...oh...wait...NASA's too busy watching coffee grow...dang.
We're definitely not getting the whole story here. Something else happened or was going on, and that something is most probably the root cause of what happened.
According to the mother, he left a note, saying he'd rather be dead than go to jail. I'm inclined to believe this part of the story, as it seems something that a 13 year old kid would write, and I don't see why the mother would falsify it.
What's also pretty much unquestioned is that the parents WANT to blame someone. They WANT to be able to vent their pain at something/someone, and the school is a VERY convenient target.
Now...we have a kid, who "hacked" a school computer ("hacked" being defined by the tight-lipped school district, who doesn't say exactly what the kid did, or exactly how severe the infringement was), and was given a 10 day out-of-school suspension (a VERY serious punishment - in my district, even excessively violent kids who physically wounded shool staff were at MAXIMUM given 5 days (AKA: one school week) suspension out-of-school). We have no idea what the crime was, exactly, or why the school district thought it necessary to administer such a severe punishment.
We also know (from the kid's note) that SOMEHOW he got an inkling that he WAS going to go to jail for what he did. This is a bright kid. Gifted both physically and mentally. Beginning puberty (which means that what's going on in his head probably doesn't quite add up - hormones are tricky things) - and most probably very curious. A kid like that isn't going to take "If you were an adult, this would be considered a crime, and could possibly carry some jail time" as "YOU ARE GOING TO JAIL". It's going to take something a bit more blunt to put that kind of idea in the kids head. I'm inclined to think someone spoke too harshly, or used an indirect threat that got taken out of context in the kid's mind, in combination with the severity of his punishment.
Most probably that comment came from whomever handed down the punishment to the kid. (I'm assuming the principal of the school)
Is he directly to blame for the kid's death? Absolutely not. Did he contribute to it? I'm inclined to say yes.
What we don't know is if there were other factors that may have contributed to this. Things like how the kid's social life at school was - was he bullied? Hated by his peers? (or *thought* his peers hated him) Any number of things could have been going on that may have contributed in part to this.
While I feel it's wrong to blame the school exclusively for the suicide, I *do* agree that there is a case for partial blame there.
The situation most probably could have been handled much more delicately. A *short* suspension, followed by possibly giving the kid an active project with the computer network could have been a good start.
Steps around the real issue. MS has "persuaded" hardware companies to develop their drivers ONLY for Windows. Whether due to market share (Windows has 90% of the desktop market, *nix about 5-7% - supporting *nix doesn't help the bottom line, while not supporting Windows hurts the bottom line signifigantly), or due to strongarm tactics (exclusivity contracts), or due to architectural design (winmodems), Microsoft has made it tough for manufacturers to support another OS, whether they want to or not.
The other big issue is "Intellectual Property" and the clash between it, and the *nix tradition of "rolling your own" drivers.
There are plenty of people who are fully willing to spend the time to write good drivers for new hardware under *nix. They have the skills to do so, and most probably would purchase the hardware themselves, in order to test their drivers.
Manufacturers, on the other hand, are either bound by exclusivity contract to only allow driver development for Windows, or have so totally shut up their hardware's specs behind closed doors (NDAs, etc...) that it's impossible for them to give out the specs to a developer, in order to have this thrid party driver for a third party OS written.
So it's nearly impossible for potential device driver writers to get their hands on the specs for hardware tha they have purchased and wish to use under a different OS. THeir only option is to try to reverse-engineer through legal means the methods by which to operate their hardware.
This takes time.
A lot of time.
And a lot of patience.
This is why *nix's device driver base is so far behind. Without the specs for the hardware, and with companies that are unable or unwilling to provide specs for their hardware, and who possibly threaten driver developers with lawsuits or worse -- it takes a VERY long time to get decent drivers "out the door", so to speak.
SO we look at the situation. On the Windows side, we have developers being paid by the manufacturer of the hardware, with full disclosure and access to the specs of the hardware they're developing a driver for.
On the *nix side, we have some talented, dedicated volunteers that tear their hair out trying to figure out how to access hardware that the manufacturer won't tell them anything about.
You tell me which side is going to get drivers out faster!
Now, some of this could be helped if the *nix community didn't insist that everything be made open. Look at all the flak that nvidia has taken for their binary-only releases. Admittedly, they require the use of a kernel module - which allows their video driver to have low-level access to the hardware - but it also allows that video driver to potentially crash the system (same type of thing that happens under Windows) -- but the point is that they have at least TRIED to provide the *nix community with a working set of drivers. While I agree that it would be better if they were to open their hardware specs, at least on their older boards, so that the community could write decent drivers that don't require a kernel module, I applaud them for at least doing more than most.
Both sides have to give for this to get better. Both sides want total control. Both sides quibble about baby steps in the "right direction". This ain't the way to get things done.
Developers can find security weaknesses very easily with Linux. The same is not true with Microsoft Windows.
Taken one way, this could mean "It's easy to find weaknesses in Linux! Any developer can do it! All you have to do is look at the source code, and you can get in! Windows closes their source off - so there's no way a developer could know how to get in!" (Standard MS FUD)
Taken another way (and the way most people familiar with the Linux development model would take it) it could mean "Developers are able to find (and fix) security vulnerabilities easily in Linux, since they have direct access to the source code. Anyone with the time and skill can find and fix bugs. Not so with Windows - until MS or a security firm tells you about it, you have no way of knowing."
As always, MS proves they can lie out their ass without actually saying anything untrue - by implying a vague statement to lean in one direction, they create FUD, while their statement is true in the opposite direction.
If I go to a CD store (Let's say Borders, for sake of argument) with a pad and a pen (or a palm), and physically write down the album title, artist, track titles, copyright date, publisher, etc... what I've done is perfectly legal (although I might get some weird looks while I'm doing it) because this information is publically available.
Is my list on my pad considered a database? It could be. (a very crude, rudimentary one, but a database nonetheless) If I'd done it on a palm, I'd certainly consider it a database.
Now, I take this database of publically available information, and type it into/upload it to my computer, and import it into a MySQL database.
I've still done nothing wrong. I've gone and gathered publically available information, and I'm storing it in an easily searchable format.
Now, I make a web interface to search it. I can now go to this webpage and search for any artist, album title, publisher, track title, etc... and get any matches that might be in my database.
Still nothing wrong - all I've done is add an access method.
Well, I decide that as complete as my listing of CDs is, it doesn't include every CD out there (Borders could have been out of a certain album, or might not carry foreign CDs). So, I make a web interface to allow other people to add the information from the CDs in their collection (or that they've gained in a similar method, going to their local CD shop, and gathering information). I publicize my database on a few mailing lists, my website, Slashdot, etc... and people come to my site, and add their collections.
Pretty soon, the DB is rather large, and a lot of people are using it.
Now, Gracenote would like to say that what I've done is wrong. That people can come to my site and get CD info for free, whereas people would have to pay to get it from Gracenote.
I made mine using publically accessible information, and grew it with information from the public. Nothing in my database couldn't be obtained for free by visiting the appropriate cd store, or contacting the appropriate CD publisher.
Gracenote acquired a similar, open project, and closed it up. Does that somehow give them a monopoly on publically available information? I don't think it does.
I'd say this wouldn't hold up in court, and could EASILY be thrown out. I'd agree that it's main purpose was to damage Roxio's reputation, and possibly deplete their resources to the point that they could not stay in business. I'd even go so far as to say that Gracenote KNOWS they have no chance of winning in court - this is a rather ludicrous lawsuit.
Otherwise, disseminating publically available information for free becomes a crime.
Conceivably, it could be considered illegal for me to tell my friend the title of track 1 on a given CD - as Gracenote sells that information, and me giving it for free would be "wrong".
Slashdot Mirror
Odd...I got my card almost a year before that, and it comes with software that can record to mpeg-1. I'll see if I can dredge up the original CDs (don't have the Hauppage software on that comp anymore - it's linux-only - still works like a charm) and see if there's a date on 'em, or at least a version number. It's possible it was a prerelease version, as you mentioned.
The patent is fairly specific in regards to the actual recording process - in that the input stream is encoded to mpeg-1 - I'm not entirely sure, but I doubt VCRs used mpeg-1 (although I've seen some VCRs that do a much worse job of recording, and some that do a much better job!)
The real question comes if Tivo tries to enforce their patent based on principle rather than process - claiming rights to ANY digital recording of one TV signal while watching another, regardless of medium or compression format used. That could become scary in the current legal climate in the US.
How many current TV cards (Hauppauge, etc...) are able to do this kind of encoding? How many of those can watch a second channel while you're recording from the first? I have an older Hauppauge card that can in fact do mpeg stream encoding, but it lacks the second tuner required to watch another channel. It wouldn't suprise me if one of the newer cards (from any company) had the second tuner - and if it predates Tivo's patent, that *could* be prior art, depending on the specifics.
...right =) CIPA is the "Children's Inline Protection Act" - proposed to protect our children from the perils of Inline Skates, which, as everone knows, can cause severe, lasting trauma in children, considered worse, even, than pr0n by some prominent physicians and psychologists that I will conveniently fail to mention by name. We must make sure it passes, so that we can protect the children from being scarred for life. We must outlaw the use of Inline Skates in public places, such as libraries, and schools! We must prevent the unauthorized sale of Inline Skates to those under the age of 30, by severely punishing those evil, EVIL storeowners who push their wares on our unsuspecting, innocent children!
;P by me, for poor humor and sarcasm.
This post has been rated
Doh!
They're not *quite* identical - pckeyboard's version has a "tall" return key, whilst the version in your shots has the more conventional "wide" return key. (which is the type I prefer)
Any chance you have it kicking around and could snag the model number for me?
NICE!
That's *exactly* what I was talking about!
Thank you! (Also thanks to the poster above, I have a place I can order one from!)
I've always wondered about this as well - since I hardly ever use the keypad, I wouldn't mind not having it there (dark clouds, thunder) - unfortunately, I have yet to find a mechanical spring keyboard as well-constructed as the old IBM keyboard I currently use, that doesn't include a keypad.
The "Happy Hacking Keyboard" is close, but it's rubber-dome rather than spring-based.
Anyone know of a company putting out well-constructed spring keyboards without keypads at a reasonable price?
How about putting the cpu/memory in the stand for the monitor, and putting the heavy drives into the left-hand piece, leaving the right-hand one light enough to easily mouse with?
That way, you can throw a (small) fan into the base to dissipate heat from the cpu/memory, keep the drives in the stable left-hand portion, and the right-hand portion becomes the mouse.
Of course, if you start moving all the heavier parts (drives, etc...) into the base, you end up with something similar to the slim desktop Vaios...
Heh - if they made those keyboards with the old-style springs rather than cheapo rubber domes, I'd order one. As it is, I have a retro IBM keyboard I use with my laptop when I'm at home. It's big, heavy, and makes VERY loud clicking while typing. In short, it's wonderful to type with it on my lap - if it had a built-in trackpoint (nipple) or even a micro-trackball on the right-hand side, it'd be perfect. A lot moreso than the keyboard/trackpad on my laptop, where my palms always seem to activate the trackpad at inopportune times while I'm typing...
"But right now, I wouldn't even be able to let him go to the library alone because there are no controls installed there."
It's called "letting go". It's called "trust". If you teach your kids right from wrong, spend time with them, and show them how to do things the right way, there's a good chance they'll pick up on it.
But kids will be kids. They will get in trouble. They will do things they're not supposed to do. It's their way of exploring their environment and their society.
I remember when I was in middle school, we had an overnight party - there were maybe 8 of us there, all good, decent, upstanding kids. One of my friends "smuggled" one of his dad's pr0n videotapes out of the house, and we watched it. It was one of those "No! Turn it down! Joe's parents might hear us!" things. We knew it was "morally objectionable" to society, but we didn't know *why*, as society deigned to "protect" us from it. We watched it anyway. And you know what? Other than the shock factor, we weren't impressed. It didn't scar us for life, make us drop out of school, or turn us violent. It didn't turn us into womanizers or leches.
But these are the things that kids do. If something is "forbidden", or if they're "protected" from it, it just makes them more curious, if only to know *why* they're being protected from it. They'll find out about it eventually, whether it be from you as their parent, from their peers, or on their own.
Kids are also a lot smarter than we give them credit for. If they're determined enough (and kids can be VERY single-minded) they *will* find a way around any barriers thrown in their way.
The bottom line is that no matter how much you want to protect and shield them from everything "bad" in the world, you have to let kids be kids, and learn how to deal with these types of things on their own. Guidance is OK, but in some cases, the kid is going to go contrary to what *you* would want them to do. It's natural and perfectly normal. It's how they learn to deal with their world.
As long as you have taught them right from wrong, you've done your job. Now you have to trust them enough to let them go.
So the solution for them is to just drop the A.
;)
Then they make it work with ANY IM client - AIM, ICQ, Jabber, Yahoo, MSN, etc... (Jabber would probably be a good start here - port the existing infrastructure to a jabber-based model, then plug in other IMs at will =)
Of course, I'm sleep-deprived and running solely on caffeine, so this probably is a really, really stupid idea, since it sounds cool to me
(parent mod: +1 funny if I had mod points)
;)
That's the funniest thing I've read all day. Cool part is I can actually see the campchaos guys doing something like that
We can only hope
They're not that smart.
The real motivation is that our Congress is comprised of wealthy, well-to-do people who have been wealthy and well-to-do all of their lives. They act out of a single purpose - to increase their personal wealth. Does helping the "common worker" get them wealthy? Nope. It gets them goodwill - which is worth exactly nothing in terms of cold, hard cash. Does helping a huge megacorp who pays you kickbacks (filtered through an appropriate "Special Interest Group", of course) get them wealthy? You bet.
Take the situation where you have two guys who want you to do something for them. One of them is a rather pathetic excuse for a human being, obviously in need of your help, but with nothing to give in return. The other is well dressed, and is offering you $100,000.00 to help him out. Who would you help? Most people would take the cash. Our Congress is no different, regardless of how they are *supposed* to work.
Another situation where something works very well in theory, but sucks in practice.
Hmmm...sounds a lot like Windows Update (*shudder*)
In *theory* Windows Update isn't such a bad idea. The main underlying issue is that it isn't full disclosure, and the patches themselves are closed - so you can't verify that they actually WILL do what they SAY they will do.
Windows Update reads from the registry to find out what you have installed, and what you don't. Considering how much information is stored in the registry, and the fact that it's closed, there's no way of knowing exactly what information it does send back to M$ about your system, besides the contents and their update status.
What would be cool would be to simply portscan (the same method the crackers use to get in) the machine in question, then act on those vulnerabilities only, reporting to the user exactly what is being done, and any holes that have been found/closed.
Basically Windows Update done right.
In *theory* it's a great idea. In practice, it may suck. Some people open things intentionally. Some people NEED (for whatever reason) to use an insecure version of [certain program].
There's also the possibility of infecting the base site, or it's mirrors - and having the infection spread exponentially.
Right - Windows Update just tells you what M$ says the patch is supposed to do. It doesn't actually let you read the patch.
So the linux collary would basically be an extention to apt that allows you to grab some information (changelogs) about the updates it's about to do?
That's a *nice* idea.
Simple solution. Sterilize the worm. Make it non-replicating. That way, it goes in, innoculates, patches the hole, and then deletes itself, possibly sending an email to root saying "Hey, I noticed you were previously hacked, and undid the damage - logs attached - if you want to become a scanning node for this innoculator, contact [blah]"
That way, it still does the "nice" stuff, and leaves it up to the sysadmin as to whether or not to become a redistribution point for the fix.
Hmm...taking that example out of context...
;P
If a burglar has already broken a jewelry store window, gone in, stolen some stuff, and left, it's OK to enter through the same broken window, as long as you are just picking up the broken glass.
I'm sure the cops would just LOVE to hear that explanation
Either way, it's still an intrusion, whether it's benign or not.
If it propagates itself in the same way (portscanning, etc...) then it's still using bandwidth without permission, even if it is for a good cause.
Cool concept, Poorly thought-out execution.
The problem is that it won't just affect previously compromised boxes - it will affect bandwidth. Bandwidth is not free - in fact, it can be quite expensive. All those portscans, successful or not, are still going to chew into the bandwidth of everyone on the subnet.
Now, if someone AGREES to become a scanning node, that's another matter. They're consenting to allowing their machine to portscan others. They're consenting to allowing the benevolent worm to use their bandwidth to propagate itself and help others. They're accepting responsibility.
If they didn't agree, then the worm has NO RIGHT to use their bandwidth, even if it is to help others, or clean up after malicious hackers. Unless someone has agreed to allow you to use their resources, it's stealing.
I think the concept is a good one, however. I think if the worm were "sterilized", so that it simply went in, innoculated, patched the hole, then quietly deleted itself - noone would have an issue. If the same worm emailed root@whatever.host with a url to download the propagation software, that would be cool too.
The problem with that last part is that the malicious worms could do the same thing, masquerading as "fixes".
::cracks knuckles:: Time to feed the trolls...
;P
;P
Subject: Your an idiot
...and you don't use proper grammar - should be "You're an idiot"
The whole point is that A) Idiots dont secure there boxes. B) They won't be bothered to. C) Worms will hit them anyway. D) May as well make it so that when they do get hit, the hole is plugged.
A) I agree - there are many people who do not secure their boxes, even though it is tantamount to idiocy to not do so.
B) This is the kicker. If they're not even going to TRY, they deserve everything they get.
C) Given A and B, yes. I agree here as well.
D) I'm all for plugging security holes, wherever possible. I'm not all for use of other people's bandwidth without their permission, whether the use is benign or not.
So that makes you an idiot.
Maybe I was. I definitely was uninformed and ill-prepared. What I should have done was download the updated rpms from Windows, before beginning the install. Instead, I figured it would be "safe" to install, then download the updates. Live and learn.
The point is that I did something about it. I disconnected my system from the 'net, innoculated it, and downloaded the updates seperately, then updated before reconnecting to the 'net under linux. I wasn't totally helpless, and I knew how to diagnose and repair what was wrong. A lot of people don't.
For them, a simple modification of the "worm", to sterilize it, would work wonders. They'd just have to go to the site, and get scanned/innoculated. The innoculation process, because of the sterilization, wouldn't leave the worm itself on the user's system. It wouldn't suck up bandwith portscanning all their peers. It wouldn't break into other systems (previously cracked or not). It would simply innoculate, patch the hole, and delete itself.
To NOT be an idiot: 1) Read the article. 2) Repeat step 1 until you COMPREHEND the article's points, not just the title. 3) Read a few comments before you post.
I did read the article. I disagree with the use of other people's bandwidth without their permission, regardless of the purpose. If they give their permission to become a scanning node, that's fine. If they don't, it's not right to do it behind their back, even if you're just scanning for other, infected boxes, and spawning a fix.
Even if the bandwidth consumption is minimal for one machine, what happens when an entire corporate network gets infected? Several hundred machines constantly portscanning one another is COSTLY in terms of bandwidth.
Perhaps you should fully read comments before you respond and call someone an idiot.
Then again, you're a troll, so I suppose it's your job not to.
...so what harm can it do?
;P
Well, I'm no expert...one of my boxes was hit by Ramen shortly after installation of RH6.2, before I could finish downloading the update rpms from RedHat's site - seems someone on my local cable node had already been infected, so as soon as I got it installed BLAMMO! there it was. Did the cleanup/innoculation myself, and learned quite a bit in the process. (switched to Debian later that week)
The thing that tipped me off to the worm's presence? My eth0 activity was sky-high, and I wasn't (to my knowledge) transferring anything.
Now, I'm not saying a "good" worm is a bad thing - but I'm not entirely sure that it would be easy to tell the good from the bad at first glance. If these things propagate in the same way as the bad worms do, then people are still going to see their network card's usage jump up VERY high. People are still going to be portscanning other people's boxes, without knowing, and without other people's permission. It's still suspicious activity, regardless of the purpose.
I can see an alternative though. Set up a website (or better yet, a voluntary series of mirrored sites) where users can go, and ASK to have their computer portscanned, and fixed if necessary. Make the "good" worms "sterile" (IE: unable to reproduce) so if the machine is infected, it can be automatically innoculated and patched against further infection.
Want to know if you're infected? Just go to the site, and have it scan you, fix any problems it finds, and email you the results (or alternatively display them on the webpage). Have the same set of pages offer a tar.gz/deb/rpm of their site, including the scan/vaccination tools, so people can set up their own mirrors. Have the mirrors periodically checksum each other (say, weekly/monthly), to make sure they're all updated correctly, and that their payloads haven't changed.
By making the process voluntary, and the worms sterile, you're only providing the innoculation service, not another (benign) infection.
By allowing users with the disk space/bandwidth to set up their own mirrors, you eliminate the single-point-of-failure.
By periodically checksumming known mirrors' copies of the patches, you make sure people don't abuse the system to deliver malicious worms, rather than distribute the benign ones.
The trick is making sure users actually go to these sites, and scan their machines every once in a while. A few conspicuous links on security sites, and major *nix hubs would help there.
Possibly even a "reactive" script that would detect worm activity, and email root@source.ip.of.scan, suggesting they go get scanned...hrmm...on second thought, that one could be exploited by the "dark side" as well - send a false email to root@whatever saying "I think you're infected, go scan yourself here" where "here" actually points at a delivery system for a malicious worm...ok, so that part's not a good idea.
I'm just thinking here - second cup of coffee stuff
Hrmm..problem is the infrastructure is expensive and involves burying the cables, which is extremely poor for the environment, etc...etc...etc...
;P
Wireless seemed like a good idea, but if what you say is true, traditional sattelite methods wouldn't work too well.
Sounds like we need something new to be able to do this well. Grr... And Alaska seemed so perfect a location for this type of thing. Maybe a giant spike at the rotational North Pole...nah
The idea of orbital datahavens still sounds good to me though - too bad it'll never happen.
Things like thousands of miles of data cables. Never mind that you might want to hook up not just to North America, but also to Asia and Europe. Enviromental factors in terms of the cold effect on equipment. Effects from Solar Storms (northern lights, etc)
Eh...ditch the thousands of miles of data cables and use a sattelite uplink. Encrypted, of course. The auroras might give some problems with this though - I'm no expert in that field, but it would seem to me that they might have some effect. Perhaps a way to utilize the periodic auroras could be found (ok, now I'm just getting silly and speculating)
Now that I'm thinking about it, why not start junking the old obsolete sattelites up there and replacing 'em with sattelite-based data storage...oh...wait...NASA's too busy watching coffee grow...dang.
We're definitely not getting the whole story here. Something else happened or was going on, and that something is most probably the root cause of what happened.
According to the mother, he left a note, saying he'd rather be dead than go to jail. I'm inclined to believe this part of the story, as it seems something that a 13 year old kid would write, and I don't see why the mother would falsify it.
What's also pretty much unquestioned is that the parents WANT to blame someone. They WANT to be able to vent their pain at something/someone, and the school is a VERY convenient target.
Now...we have a kid, who "hacked" a school computer ("hacked" being defined by the tight-lipped school district, who doesn't say exactly what the kid did, or exactly how severe the infringement was), and was given a 10 day out-of-school suspension (a VERY serious punishment - in my district, even excessively violent kids who physically wounded shool staff were at MAXIMUM given 5 days (AKA: one school week) suspension out-of-school). We have no idea what the crime was, exactly, or why the school district thought it necessary to administer such a severe punishment.
We also know (from the kid's note) that SOMEHOW he got an inkling that he WAS going to go to jail for what he did. This is a bright kid. Gifted both physically and mentally. Beginning puberty (which means that what's going on in his head probably doesn't quite add up - hormones are tricky things) - and most probably very curious. A kid like that isn't going to take "If you were an adult, this would be considered a crime, and could possibly carry some jail time" as "YOU ARE GOING TO JAIL". It's going to take something a bit more blunt to put that kind of idea in the kids head. I'm inclined to think someone spoke too harshly, or used an indirect threat that got taken out of context in the kid's mind, in combination with the severity of his punishment.
Most probably that comment came from whomever handed down the punishment to the kid. (I'm assuming the principal of the school)
Is he directly to blame for the kid's death? Absolutely not. Did he contribute to it? I'm inclined to say yes.
What we don't know is if there were other factors that may have contributed to this. Things like how the kid's social life at school was - was he bullied? Hated by his peers? (or *thought* his peers hated him) Any number of things could have been going on that may have contributed in part to this.
While I feel it's wrong to blame the school exclusively for the suicide, I *do* agree that there is a case for partial blame there.
The situation most probably could have been handled much more delicately. A *short* suspension, followed by possibly giving the kid an active project with the computer network could have been a good start.
Yep - "Limited Device Driver Support".
Steps around the real issue. MS has "persuaded" hardware companies to develop their drivers ONLY for Windows. Whether due to market share (Windows has 90% of the desktop market, *nix about 5-7% - supporting *nix doesn't help the bottom line, while not supporting Windows hurts the bottom line signifigantly), or due to strongarm tactics (exclusivity contracts), or due to architectural design (winmodems), Microsoft has made it tough for manufacturers to support another OS, whether they want to or not.
The other big issue is "Intellectual Property" and the clash between it, and the *nix tradition of "rolling your own" drivers.
There are plenty of people who are fully willing to spend the time to write good drivers for new hardware under *nix. They have the skills to do so, and most probably would purchase the hardware themselves, in order to test their drivers.
Manufacturers, on the other hand, are either bound by exclusivity contract to only allow driver development for Windows, or have so totally shut up their hardware's specs behind closed doors (NDAs, etc...) that it's impossible for them to give out the specs to a developer, in order to have this thrid party driver for a third party OS written.
So it's nearly impossible for potential device driver writers to get their hands on the specs for hardware tha they have purchased and wish to use under a different OS. THeir only option is to try to reverse-engineer through legal means the methods by which to operate their hardware.
This takes time.
A lot of time.
And a lot of patience.
This is why *nix's device driver base is so far behind. Without the specs for the hardware, and with companies that are unable or unwilling to provide specs for their hardware, and who possibly threaten driver developers with lawsuits or worse -- it takes a VERY long time to get decent drivers "out the door", so to speak.
SO we look at the situation. On the Windows side, we have developers being paid by the manufacturer of the hardware, with full disclosure and access to the specs of the hardware they're developing a driver for.
On the *nix side, we have some talented, dedicated volunteers that tear their hair out trying to figure out how to access hardware that the manufacturer won't tell them anything about.
You tell me which side is going to get drivers out faster!
Now, some of this could be helped if the *nix community didn't insist that everything be made open. Look at all the flak that nvidia has taken for their binary-only releases. Admittedly, they require the use of a kernel module - which allows their video driver to have low-level access to the hardware - but it also allows that video driver to potentially crash the system (same type of thing that happens under Windows) -- but the point is that they have at least TRIED to provide the *nix community with a working set of drivers. While I agree that it would be better if they were to open their hardware specs, at least on their older boards, so that the community could write decent drivers that don't require a kernel module, I applaud them for at least doing more than most.
Both sides have to give for this to get better. Both sides want total control. Both sides quibble about baby steps in the "right direction". This ain't the way to get things done.
Developers can find security weaknesses very easily with Linux. The same is not true with Microsoft Windows.
As always, MS proves they can lie out their ass without actually saying anything untrue - by implying a vague statement to lean in one direction, they create FUD, while their statement is true in the opposite direction.
This could set a rather disturbing prescedent...
If I go to a CD store (Let's say Borders, for sake of argument) with a pad and a pen (or a palm), and physically write down the album title, artist, track titles, copyright date, publisher, etc... what I've done is perfectly legal (although I might get some weird looks while I'm doing it) because this information is publically available.
Is my list on my pad considered a database? It could be. (a very crude, rudimentary one, but a database nonetheless) If I'd done it on a palm, I'd certainly consider it a database.
Now, I take this database of publically available information, and type it into/upload it to my computer, and import it into a MySQL database.
I've still done nothing wrong. I've gone and gathered publically available information, and I'm storing it in an easily searchable format.
Now, I make a web interface to search it. I can now go to this webpage and search for any artist, album title, publisher, track title, etc... and get any matches that might be in my database.
Still nothing wrong - all I've done is add an access method.
Well, I decide that as complete as my listing of CDs is, it doesn't include every CD out there (Borders could have been out of a certain album, or might not carry foreign CDs). So, I make a web interface to allow other people to add the information from the CDs in their collection (or that they've gained in a similar method, going to their local CD shop, and gathering information). I publicize my database on a few mailing lists, my website, Slashdot, etc... and people come to my site, and add their collections.
Pretty soon, the DB is rather large, and a lot of people are using it.
Now, Gracenote would like to say that what I've done is wrong. That people can come to my site and get CD info for free, whereas people would have to pay to get it from Gracenote.
I made mine using publically accessible information, and grew it with information from the public. Nothing in my database couldn't be obtained for free by visiting the appropriate cd store, or contacting the appropriate CD publisher.
Gracenote acquired a similar, open project, and closed it up. Does that somehow give them a monopoly on publically available information? I don't think it does.
I'd say this wouldn't hold up in court, and could EASILY be thrown out. I'd agree that it's main purpose was to damage Roxio's reputation, and possibly deplete their resources to the point that they could not stay in business. I'd even go so far as to say that Gracenote KNOWS they have no chance of winning in court - this is a rather ludicrous lawsuit.
Otherwise, disseminating publically available information for free becomes a crime.
Conceivably, it could be considered illegal for me to tell my friend the title of track 1 on a given CD - as Gracenote sells that information, and me giving it for free would be "wrong".
Complete bull.