I filter on any *@hotmail.com account that dosn't
come from their gateway server. (now MSN, I believe) same with yahoo, altavista, etc. If it dosn't come from their web interface, it's spam.
It's hard to spam efficiently USING the actual interface.
Unfortunately, the police
and other law enforcement agencies do not take DoS attacks seriously at all.
I'll bite at this. Actually, they DID take it seriously. Problem is, the internet community as a whole does _NOT_ take it seriously. I'll bet that 90% of the people posting to slashdot could (if they knew how) spoof their IP and slip it past the (crappy) packet filters of their upstreams. In fact, as an ISP I'm guilty as well to a limited extent: a user can forge the IP of another user on the same dialup unit. One of these days I'll fix that for modems. It is fixed for *DSL at least.
Until our core backbones take DoS attacks seriously (as in, tracing them back) why the hell should the FBI care? What can they do? Arrest the guy at 192.168.10.10? (Yes, I've gotten hit by UNROUTABLE DOS attacks. Hell, I've seen 127.0.0.x! That's SERIOUSLY misconfigured)
Sure, my routers drop that crap but my bandwidth is still toasted.
Wake me up when there's accountability on the internet. Until then it's nothing but a skript kiddy playground.
Ok, I found where to download just their kernel patches. Ye gods they play with a lot!
Looks like they made it public domain, at least.
Anyway, it looks like this will not be compatable
with the 'stock' kernel and always require extensive patching. What they're doing is creating a seperate VM/scheduler/etc for their
own purposes. I'm not really sure they NEED all
this junk in the kernel, either. Looks like they
decided to ignore existing functionality in order
to play games.... Yes, they might squeze a few more cycles out, but at the cost of having to forever play catch-up to the kernel (since it's going to break them with every patch)
Methinks they need to spend some time integrating
with the main kernel. I do note they have memory
limitations, so they expect the kernel in a specific location... That's one of the reasons they don't work with all bootloaders.
Seriously, we need to discourage people from doing these kinds of things as an add-on patch. They need to define what functionality they REALLY need from the kernel and leave it at that. I don't see
WHY they can't just use a module to load some extra syscalls. If there's a solid technical reason that they need to have their hooks deep
into VM/scheduling/signaling, then perhaps they
should talk to the core developers. However, there's already a vm86 layer in the kernel. They're aware of it, yet avoid using it (judging from the patch comments about making sure "They" catch vm86 traps instead of the original vm86 layer.)
Anyway, I'm not too thrilled about running this,
so I think I'll avoid it.
If you are running a custom kernel, you will want to apply the supplied source patch to enable Win4Lin support. You must apply the source patch
and build the enhanced kernel. Win4Lin supports the following versions of the Linux kernel.
Tell ya what, let's ignore this until they get their act together and turn their patches into loadable modules. It's not THAT difficult to do. I'm not dropping back to a 2.2.x kernel just to evaluate some software. (And all the hooks they need are in the kernel already dammit! dosemu got them there years ago. They need all this "because they can")
Come on folks, say it with me now: The correct thing to do is set umask 077 and chmod -R 700/home.
Ok, I'll repeat after you. "Palin has no idea what he's talking about. At all."
SSH happily creates.ssh/identity mode 0600.
The only thing I dislike is having authorized_keys
visible, but the end-user has to create that himself and if he's doing that he has enough clue
to set the mode right.
Having home directories set mode 0755 is extremely
useful to EVERYONE. For one, no complicated public_html setups with symlinks and rewrite rules. (I know, I have a server setup with seperate home and public_html. It's a royal pain in the ass.)
usergroups is braindead, and as such is in my stock "turn it the hell off" list when I install a debian system. It's nice that that list is short, though.
Thanks to hacking/etc/group? Are you really that stupid? If you have the ability to modify/etc/group you're gonna put yourself into something nice like say disk. And why are devices group readable and writeable? So the programs that need to read/write them only have to be setgid rather then setuid! Until ACLs/capabilites are in use (and well understood) it's much better to sgid programs then setuid'ing them.
Anyway, your homework assignment for the day is to
"man 2 open" and explain how you create files securely.
However, I dont think most people have a clue what they install as the default. Sendmail setup as an open relay by default? When
your first learning unix do you know what sendmail is?
Sendmail is _NOT_ configured as an open relay by default on debian. You have to specifically add allowed-relays if you wish to smarthost.
Quite true. There is no "IP" shortage, there is
however a CPU shortage at core routers. IPv4
only fuels the problem because the minute amount
of free IPs left causes ARIN to assign multiple
seperate networks. That and the braindead configuration of 95% of the OSs out there makes renumbering extremely difficult.... so you end up, like me, with a/19 worth of IPs in 6 seperate allocations. (Down to a stupid/25!)
All of these have to be announced, leading to a multiplication of routing entries. Whee.
Of course, all the big guys are dragging their feet at IPv6. Stupid stupid stupid.
In fact, I can't really find much non-experimental deployment info. Perhaps if CISCO would implement IPv6 in a released platform we would see it.
Although name-based hosting works fine for webserving, my virtual services include a number
of protocols that have no way of stating the hostname. This includes: FTP, pop/imap, true virtual email (no internal relaying), virtualized
telnet... the list goes on.
To conserve IP space I use a l4 switch to shunt
port traffic to different virtual servers, so all
a domain's services may be on the same IP, but split over different boxes. So hosting virtual
www IPbased is simply a side effect.
The fact is, there's some good reasons to do it.
For one, it's exposure to multiple environments.
(And that's a good thing, despite what the anti-anything-but-linux trolls will tell you)
The world isn't linux centric, nor is it M$ centric. Knowing both is really important. Even
if you don't intend to develop with CodeWarrior
You'll probably run into code written in it that you'll need to maintain/contribute to. ESPECIALLY in entry-level/intern programming positions. I'm a unix admin/developer and i still end up working with M$ C (and various other development environments) on a fairly frequent basis.
Secondly: It's a kickstart to learning the language. I wouldn't reccommend attempting to map codewarrior quirks to gnu quirks in your first few programs, especially when you're trying to learn.
Lastly, to actually LEARN you can always develop on the unix boxes and port it to codewarrior. That's valuable practical experience in writing portable code.
I've set my personal sites (globally) to the
most extreme settings possible. Anyone who can't
make their own judgements dosn't need to be on the
net anyway. Fuck 'em. There's not that much "bad" content except a few flame pages. Mostly it's MUD development links, all the development docs on my system, and some friends personal home pages. All completely unviewable by anyone using censorware. If more of the net would voluntarilly block off USEFUL content, the whole issue would go away. The battle will be won if yahoo is the only site with a non-maxed rating. Sure, you can get lots of links, but they're all blocked. Yay!
I probably need to put some h0t pr0n thumbnails and some hate speech on a/blocked.html so I can get in all the BESS type filters, too.
The barrier to entry is essentially gone for any household with internet access, or any friend's house with internet access. And
everything I saw was tame (airbrushed nudity) compared to the graphic and violent depictions of sex that are available on the net. You
don't even have to go looking for it, because most internet users will innocently stumble across porn sites, they are so widespread (and
sometimes intentionally deceptive like whitehouse.com).
Whine whine whine. How about simply keeping in touch with your kids? I was a latchkey kid, and I'll tell you this: The things my parents absolutly forbid? I did. The things they gave me good reasons to avoid? I still do. Imagine that.
Given your stance on parenting, I guess you have some throwback sense of morality. I suggest you learn from the mistakes of the Christian diety, AKA "God". Try reading Genesis from the standpoint of father/children rather then god/creation. Gee, dosn't the whole thing look stupid? OF _COURSE_ they ate the apple. Why wouldn't they? Yet every parent does the same thing. Basically, they set their kids up to get into porn (or worse) by simply forbidding it.
Anyone with half a clue about child psychology would tell you that they're too curious to accept "Because I said so!" as an answer. Censorware is nothing but "Because I said so" and as such is doomed to fail.
Also, your comment about being forced to see pornography... Possibly. If you're surfing for warez, hax0rs, cheats, Mp3z. POSSIBLY if you're looking for pop bands. But anyone stupid enough to search for Britney spears deserves to have their computer infected by all the javascript lockins.
Sorry -- that name is already taken by the Python medusa module. Try again.:)
That's ok, Nautilus is already the name of a graphical mp3 player based on mpg123. (Nautilus/shell, get it? Har har.) At least they
don't call their email-reader "send mail" (two words)
"DeCSS is all about copying! DeCSS allows copying! Copying is piracy"... how long have we heard that rant?
So what happened to the counter to that... that large-scale piracy does NOT require decryption?
If I've got a DVD writer, I simply do a bit-perfect copy of a DVD. Encryption and all.
What do I care if it's encrypted? It will still
play, just like the original.
Run it through a labeler and boom, now I can
charge $25 for something that cost me a buck... perhaps two.
Yes, this happens quite a bit. Just not so much in the US as in places like Taiwan or Hong Kong.
No, the correct counter argument is this: "CSS is about region control. CSS is about price fixing. CSS is about forcing consumers to watch ads on movies they've already paid for. CSS has nothing to do with preventing copying."
Matt Ownby spewed thusly:
What would happen if a virus was loaded into your memory and you wanted to shutdown and wipe the virus from memory, but your
memory was permanent? I don't see that as a good thing at all.
... which shows why people sans clue shouldn't use computers.
main() { char *c=malloc(4096); int fd=open("virus.bin", O_RDONLY); read(fd, c, 4096);}
OH NO! MY COMPUTER HAS A VIRUS IN MEMORY! AAAH!
Here's a free clue for the clueless: memory is useless unless something refers to it. If you "reboot" a computer without powering down, the
RAM isn't cleared. (until the BIOS walks it). Not that it matters, since until something actually jumps to that memory location it never gets executed. What'll happen to your "virus in static ram!"? It'll get overridden by w0rd 2005 when it uses 3-4 gig of system memory, of course. Duh.
Do they actually TEACH you anything in school anymore?
As for the people that think that powering their computer down is safe... Hah! Only if you're sure
nobody gets to it for 20 minutes. If you use something more sensitive then a modern motherboard you can get bits off a chip for quite a while. Not that that's practical yet (not portable, so they'd have to get your SIMMS to a lab within 10-15 minutes) don't expect that to last forever.
At least memory isn't as bad as harddrives... when you overwrite memory it basically stays overwritten. Drives have some nasty ghosting of previous data that can be seen at high resolutions.
Besides, any security-concious app rewrites "critical" memory anyway. none of the OSs I've used zero memory before allocating it to a new process.... it's actually quite entertaining to malloc a few meg and read through it. memset(0) is so simple. Learn it. Love it.
Actually, all/.'ians complained loudly about the violation of the copyrights of musicians. Note the home-sattelite-act scandal. (Which is thankfully being reversed)
I think the tone I hear is fairly consistant: Individuals have rights. Corperations don't. Or at least, don't get rights that individuals don't.
So stealing from an artist is wrong. (Besides, RIAA dosn't like you stepping on their turf.) Stealing thesis papers is also wrong.
I personally support micropayments, and hope I'm
not the only one.
Um, you're completely confused on the purpose of
a VPN, then.
Running a VPN requires a remote server. Your
IP is part of their (physical) LAN, and is generally proxy-arped by your remote VPN endpoint.
So now you setup a VPN to your home system and put a ftp.idsoftware.com mirror on it. What exactly
will that accomplish? Your packets still have to end up at your server, back on that physical LAN,
and go out the internet connection there!
Unless @home is completely clueless and dosn't block source-forged packets (a possibility) in
which case you could simply set your default gateway to @home.
However, serving something up over a VPN is idiocy... you have to use your office bandwidth (TWICE!) and your personal bandwidth once.
Your correct, there is no way of blocking 100% of the sites correctly, but that doesn't mean nothing should be done. There are very few
things that can be done 100% correctly without any error. Should we stop prosecuting people for crimes, since we can't catch everyone,
and there will be times an innocent person is wrongfully convicted?
YES.
If someone is wrongfully convicted, the entire system needs to be overhauled or thrown out. The ends do NOT justify the means.
And yes, I'm fully aware of how many times the US
injustice system has wrongfully convicted people because they are too poor/stupid to retain a good lawyer. My position on the future of the US justice system is therefore obvious.
OBTopic: Throw in some basic keyword filtering
for the obvious ones... 'cumshot', not 'cum' and simple scoring. And make sure the displays are prominantly visible from the rest of the establishment. The greatest deterrant to viewing porn is public humiliation.
As to the 'teenagers throwing up porn sites for kicks then leaving' argument, if you're leaving
these things unattended you're a moron anyway.
Even if they can't take 'em, gum or superglue on monitors makes a rather nice mess. So does soda
in the vent. I think you should direct their attention to vandalism (especially in poor urban areas) then "porn". If you have good safeguards
against vandalism, your porn problem sorts itself
out.
One of the biggest problems with freenet is the
incredible redundancy of information. And I'm not
talking local caches, I'm talking the same file
being stored a billion times.
Every MP3 of the same track is encoded slightly differently. Different rates, different filters, different noise on the ripper. Every recompressed
jpeg is different.
Yet all of these store the same information in
the end.
Look at gnutella. What's the single biggest problem on gnutella? "NO CARRIER". A lost download means someone is now sharing an incomplete file. Oops.
Freenet's lowest layer is (content-hashed blocks of data) is immune to that, of course. But the blocks are small, much smaller then the files.
So, how do I find out if a file really exists,
really is what it claims to be on the search, and
really is complete?
Borrow a trick from the warez kiddies: Trusted sources.
Digital signing of meta-directories, digital
signing of votes, etc. Falls right into the web
of trust you mentioned.
Biggest problem with a WoT is web pollution. A large spamhaus will generate umpteen thousand keys, and create a web of them. If you touch the
web, you've polluted yourself. With a system like
PGP, where the web has a small TTL, it's not a big deal. With a system like freenet, your web is likely to go fairly deep. You also run into the
problem of 'front' signers. Spammers who release
good data using a 'front' and sign their spammer
'nyms from it.
Also, per-reader voting dosn't stop bad data from
residing in the network. Too many people will
be tricked by it.
Actually, you missed the point. Unpopular information (= unrequested information) gets dropped from the REST of freenet. It dosn't mean that it's completely gone (since it's
still present on the originating node) and it makes sure nobody can 'fill' freenet with random
noise. Since nobody wants random noise, it dosn't
last (outside your system.)
Perhaps the comparason to a library is the problem. Freenet is a tool for current free speech. It's not a perfect archive.
Consider a library system. The system contains everything ever published. (Theoretically) It has
systems for archiving old periodicals and newspapers, and keeps them forever. Specific branches focus on keeping specific things. (perhaps each keeps copies of it's local newspapers and magazines)
Popular, frequently requested books are found at multiple branches of the library. If a book has to circulate the system often, more branches will get the book.
I think you can see the obvious analogy to freenet
at this point. As long as you keep all copies
of your publications on your node, it's never removed from freenet. It dosn't rule out the
possibility of a node-loss resulting in the loss
of unpopular information, in the same way a library fire may rob the world of the only copy of
the 1852 NYT.
That's the dirty little secret of spam-software companies: Spam doesn't work. It gets you kicked off your ISP, it
gets you tons of flame mail, it may even get you sued. In the beginning there was spam, and it was only a couple
of messages a week at most, and newbies who didn't know what it was figured it must be legit. Now even most
newbies know better, and if not they learn fast.
Sad fact of life: Spam _DOES_ work. Everytime I
nuke a spammer drop box, besides the flame there are idiots inquiring to the services. It really does fall into the same category as direct mail solicitation... send out a million snail mails, get 100 responses. Send out a million emails, get 5 responses. Email is a hell of a lot cheaper then meatspace marketing.
The only way to stop spam is to make it expensive.
Otherwise it will continue to attract new people.
The fortune 500 are starting to spam, and they've
got the resources to do it.
--Dan
Re:Since the site's slashdotted already...
on
Gnutella Vs. SPAM
·
· Score: 1
ShareZilla is network abuse and Gnutella itself isn't? That's rich. (I'm one of those annoying gits who think that
tcp/80 ought to be used for http and if you're running something other than http over that port, then you're abusing
the network. Gnutella shouldn't let users bind below tcp/1024. It's that simple.)
And I'm one of those annoying 'gits' who actually takes the 30 seconds needed to determine... wow,
gnutella is running http with extensions! Imagine that!
In fact, you can point a webbrowser there and fetch a URL. (which is how the gnutella-webproxy works. It searches, and returns links to the
URLS of the finds. You connect directly.)
If you want to prevent network abuse you have to design the network to resist
tampering by abusers.
This I completely agree on. Freenet is much better designed and it still has abuse potential.
Although most of the ways I can see to abuse it
stem from the cryptography not being fully 'there'... hashes of strings 'labelling' data is inherently abusable. Simply collide the string, or return arbritrary data for the string. The intended data-hash label method is cryptographically difficult to abuse. Then all you have to do is trust the person giving you the
data tag. (Another problem entirely)
It's a sad society that can't do simple math.
McD's coffee was over 40 hotter then what is
regularly served everywhere else. NORMAL
coffee dosn't cause 3rd degree burns in 3-7 seconds. It hurts like hell, it stains your clothes, and generally ruins your morning. It dosn't cause perminant disfigurement at the point of contact.
If I sold you "sugar" that was really arsenic, I'd be responsible. The same applies here. They're calling "bitter extremely dangerous beverage" coffee and people are not expecting this new "McDictionary" word.
Also, the reason for the punative damages wasn't even that. It was they attempted to block her claim for MEDICAL EXPENSES. Which is all she sued for. (Reasonable, under the circumstances)
It was their arrogance that prompted the jury to
impose punative damages. (Which were later overturned)
Slashdot Mirror
I filter on any *@hotmail.com account that dosn't come from their gateway server. (now MSN, I believe) same with yahoo, altavista, etc. If it dosn't come from their web interface, it's spam.
It's hard to spam efficiently USING the actual interface.
I'll bite at this. Actually, they DID take it seriously. Problem is, the internet community as a whole does _NOT_ take it seriously. I'll bet that 90% of the people posting to slashdot could (if they knew how) spoof their IP and slip it past the (crappy) packet filters of their upstreams. In fact, as an ISP I'm guilty as well to a limited extent: a user can forge the IP of another user on the same dialup unit. One of these days I'll fix that for modems. It is fixed for *DSL at least.
Until our core backbones take DoS attacks seriously (as in, tracing them back) why the hell should the FBI care? What can they do? Arrest the guy at 192.168.10.10? (Yes, I've gotten hit by UNROUTABLE DOS attacks. Hell, I've seen 127.0.0.x! That's SERIOUSLY misconfigured)
Sure, my routers drop that crap but my bandwidth is still toasted.
Wake me up when there's accountability on the internet. Until then it's nothing but a skript kiddy playground.
--Dan
Looks like they made it public domain, at least.
Anyway, it looks like this will not be compatable with the 'stock' kernel and always require extensive patching. What they're doing is creating a seperate VM/scheduler/etc for their own purposes. I'm not really sure they NEED all this junk in the kernel, either. Looks like they decided to ignore existing functionality in order to play games.... Yes, they might squeze a few more cycles out, but at the cost of having to forever play catch-up to the kernel (since it's going to break them with every patch)
Methinks they need to spend some time integrating with the main kernel. I do note they have memory limitations, so they expect the kernel in a specific location... That's one of the reasons they don't work with all bootloaders.
Seriously, we need to discourage people from doing these kinds of things as an add-on patch. They need to define what functionality they REALLY need from the kernel and leave it at that. I don't see WHY they can't just use a module to load some extra syscalls. If there's a solid technical reason that they need to have their hooks deep into VM/scheduling/signaling, then perhaps they should talk to the core developers. However, there's already a vm86 layer in the kernel. They're aware of it, yet avoid using it (judging from the patch comments about making sure "They" catch vm86 traps instead of the original vm86 layer.)
Anyway, I'm not too thrilled about running this, so I think I'll avoid it.
--Dan
Tell ya what, let's ignore this until they get their act together and turn their patches into loadable modules. It's not THAT difficult to do. I'm not dropping back to a 2.2.x kernel just to evaluate some software. (And all the hooks they need are in the kernel already dammit! dosemu got them there years ago. They need all this "because they can")
--Dan
Ok, I'll repeat after you. "Palin has no idea what he's talking about. At all."
SSH happily creates .ssh/identity mode 0600.
The only thing I dislike is having authorized_keys
visible, but the end-user has to create that himself and if he's doing that he has enough clue
to set the mode right.
Having home directories set mode 0755 is extremely useful to EVERYONE. For one, no complicated public_html setups with symlinks and rewrite rules. (I know, I have a server setup with seperate home and public_html. It's a royal pain in the ass.)
usergroups is braindead, and as such is in my stock "turn it the hell off" list when I install a debian system. It's nice that that list is short, though.
Thanks to hacking /etc/group? Are you really that stupid? If you have the ability to modify /etc/group you're gonna put yourself into something nice like say disk. And why are devices group readable and writeable? So the programs that need to read/write them only have to be setgid rather then setuid! Until ACLs/capabilites are in use (and well understood) it's much better to sgid programs then setuid'ing them.
Anyway, your homework assignment for the day is to "man 2 open" and explain how you create files securely.
--Dan
Sendmail is _NOT_ configured as an open relay by default on debian. You have to specifically add allowed-relays if you wish to smarthost.
--Dan
All of these have to be announced, leading to a multiplication of routing entries. Whee.
Of course, all the big guys are dragging their feet at IPv6. Stupid stupid stupid.
In fact, I can't really find much non-experimental deployment info. Perhaps if CISCO would implement IPv6 in a released platform we would see it.
--Dan
To conserve IP space I use a l4 switch to shunt port traffic to different virtual servers, so all a domain's services may be on the same IP, but split over different boxes. So hosting virtual www IPbased is simply a side effect.
--Dan
Yea, we all switched to vim ages ago.
--Dan, religeous user of the 994 editor.
Secondly: It's a kickstart to learning the language. I wouldn't reccommend attempting to map codewarrior quirks to gnu quirks in your first few programs, especially when you're trying to learn.
Lastly, to actually LEARN you can always develop on the unix boxes and port it to codewarrior. That's valuable practical experience in writing portable code.
And tell the TA you're doing it, too.
--Dan
I've set my personal sites (globally) to the most extreme settings possible. Anyone who can't make their own judgements dosn't need to be on the net anyway. Fuck 'em. There's not that much "bad" content except a few flame pages. Mostly it's MUD development links, all the development docs on my system, and some friends personal home pages. All completely unviewable by anyone using censorware. If more of the net would voluntarilly block off USEFUL content, the whole issue would go away. The battle will be won if yahoo is the only site with a non-maxed rating. Sure, you can get lots of links, but they're all blocked. Yay!
I probably need to put some h0t pr0n thumbnails and some hate speech on a /blocked.html so I can get in all the BESS type filters, too.
--Dan
Whine whine whine. How about simply keeping in touch with your kids? I was a latchkey kid, and I'll tell you this: The things my parents absolutly forbid? I did. The things they gave me good reasons to avoid? I still do. Imagine that.
Given your stance on parenting, I guess you have some throwback sense of morality. I suggest you learn from the mistakes of the Christian diety, AKA "God". Try reading Genesis from the standpoint of father/children rather then god/creation. Gee, dosn't the whole thing look stupid? OF _COURSE_ they ate the apple. Why wouldn't they? Yet every parent does the same thing. Basically, they set their kids up to get into porn (or worse) by simply forbidding it.
Anyone with half a clue about child psychology would tell you that they're too curious to accept "Because I said so!" as an answer. Censorware is nothing but "Because I said so" and as such is doomed to fail.
Also, your comment about being forced to see pornography... Possibly. If you're surfing for warez, hax0rs, cheats, Mp3z. POSSIBLY if you're looking for pop bands. But anyone stupid enough to search for Britney spears deserves to have their computer infected by all the javascript lockins.
--Dan
That's ok, Nautilus is already the name of a graphical mp3 player based on mpg123. (Nautilus/shell, get it? Har har.) At least they don't call their email-reader "send mail" (two words)
--Dan
So what happened to the counter to that... that large-scale piracy does NOT require decryption?
If I've got a DVD writer, I simply do a bit-perfect copy of a DVD. Encryption and all. What do I care if it's encrypted? It will still play, just like the original. Run it through a labeler and boom, now I can charge $25 for something that cost me a buck... perhaps two.
Yes, this happens quite a bit. Just not so much in the US as in places like Taiwan or Hong Kong.
No, the correct counter argument is this: "CSS is about region control. CSS is about price fixing. CSS is about forcing consumers to watch ads on movies they've already paid for. CSS has nothing to do with preventing copying."
--Dan
Mmm, magnetic core. Core wars. Non protected mode. God, those were the days.
Anyone have a good place to send the kids to show them what CORE really was? Most of them have no idea what drum memory was...
--Dan
What would happen if a virus was loaded into your memory and you wanted to shutdown and wipe the virus from memory, but your memory was permanent? I don't see that as a good thing at all.
main() { char *c=malloc(4096); int fd=open("virus.bin", O_RDONLY); read(fd, c, 4096);}
OH NO! MY COMPUTER HAS A VIRUS IN MEMORY! AAAH!
Here's a free clue for the clueless: memory is useless unless something refers to it. If you "reboot" a computer without powering down, the RAM isn't cleared. (until the BIOS walks it). Not that it matters, since until something actually jumps to that memory location it never gets executed. What'll happen to your "virus in static ram!"? It'll get overridden by w0rd 2005 when it uses 3-4 gig of system memory, of course. Duh.
Do they actually TEACH you anything in school anymore?
As for the people that think that powering their computer down is safe... Hah! Only if you're sure nobody gets to it for 20 minutes. If you use something more sensitive then a modern motherboard you can get bits off a chip for quite a while. Not that that's practical yet (not portable, so they'd have to get your SIMMS to a lab within 10-15 minutes) don't expect that to last forever.
At least memory isn't as bad as harddrives... when you overwrite memory it basically stays overwritten. Drives have some nasty ghosting of previous data that can be seen at high resolutions.
Besides, any security-concious app rewrites "critical" memory anyway. none of the OSs I've used zero memory before allocating it to a new process.... it's actually quite entertaining to malloc a few meg and read through it. memset(0) is so simple. Learn it. Love it.
--Dan
I think the tone I hear is fairly consistant:
Individuals have rights. Corperations don't.
Or at least, don't get rights that individuals don't.
So stealing from an artist is wrong. (Besides, RIAA dosn't like you stepping on their turf.) Stealing thesis papers is also wrong.
I personally support micropayments, and hope I'm not the only one.
What's inconsistant about that?
--Dan
Running a VPN requires a remote server. Your IP is part of their (physical) LAN, and is generally proxy-arped by your remote VPN endpoint.
So now you setup a VPN to your home system and put a ftp.idsoftware.com mirror on it. What exactly will that accomplish? Your packets still have to end up at your server, back on that physical LAN, and go out the internet connection there!
Unless @home is completely clueless and dosn't block source-forged packets (a possibility) in which case you could simply set your default gateway to @home.
However, serving something up over a VPN is idiocy... you have to use your office bandwidth (TWICE!) and your personal bandwidth once.
Serving up for intra office use is more likely.
--Dan
YES.
If someone is wrongfully convicted, the entire system needs to be overhauled or thrown out. The ends do NOT justify the means.
And yes, I'm fully aware of how many times the US injustice system has wrongfully convicted people because they are too poor/stupid to retain a good lawyer. My position on the future of the US justice system is therefore obvious.
OBTopic: Throw in some basic keyword filtering for the obvious ones... 'cumshot', not 'cum' and simple scoring. And make sure the displays are prominantly visible from the rest of the establishment. The greatest deterrant to viewing porn is public humiliation.
As to the 'teenagers throwing up porn sites for kicks then leaving' argument, if you're leaving these things unattended you're a moron anyway.
Even if they can't take 'em, gum or superglue on monitors makes a rather nice mess. So does soda in the vent. I think you should direct their attention to vandalism (especially in poor urban areas) then "porn". If you have good safeguards against vandalism, your porn problem sorts itself out.
--Dan
Every MP3 of the same track is encoded slightly differently. Different rates, different filters, different noise on the ripper. Every recompressed jpeg is different.
Yet all of these store the same information in the end.
Look at gnutella. What's the single biggest problem on gnutella? "NO CARRIER". A lost download means someone is now sharing an incomplete file. Oops.
Freenet's lowest layer is (content-hashed blocks of data) is immune to that, of course. But the blocks are small, much smaller then the files.
So, how do I find out if a file really exists, really is what it claims to be on the search, and really is complete?
Borrow a trick from the warez kiddies: Trusted sources.
Digital signing of meta-directories, digital signing of votes, etc. Falls right into the web of trust you mentioned.
Biggest problem with a WoT is web pollution. A large spamhaus will generate umpteen thousand keys, and create a web of them. If you touch the web, you've polluted yourself. With a system like PGP, where the web has a small TTL, it's not a big deal. With a system like freenet, your web is likely to go fairly deep. You also run into the problem of 'front' signers. Spammers who release good data using a 'front' and sign their spammer 'nyms from it.
Also, per-reader voting dosn't stop bad data from residing in the network. Too many people will be tricked by it.
--Dan
Perhaps the comparason to a library is the problem. Freenet is a tool for current free speech. It's not a perfect archive.
Consider a library system. The system contains everything ever published. (Theoretically) It has systems for archiving old periodicals and newspapers, and keeps them forever. Specific branches focus on keeping specific things. (perhaps each keeps copies of it's local newspapers and magazines)
Popular, frequently requested books are found at multiple branches of the library. If a book has to circulate the system often, more branches will get the book.
I think you can see the obvious analogy to freenet at this point. As long as you keep all copies of your publications on your node, it's never removed from freenet. It dosn't rule out the possibility of a node-loss resulting in the loss of unpopular information, in the same way a library fire may rob the world of the only copy of the 1852 NYT.
--Dan
The only way to stop spam is to make it expensive. Otherwise it will continue to attract new people. The fortune 500 are starting to spam, and they've got the resources to do it.
--Dan
And I'm one of those annoying 'gits' who actually takes the 30 seconds needed to determine... wow, gnutella is running http with extensions! Imagine that!
In fact, you can point a webbrowser there and fetch a URL. (which is how the gnutella-webproxy works. It searches, and returns links to the URLS of the finds. You connect directly.)
If you want to prevent network abuse you have to design the network to resist tampering by abusers.
This I completely agree on. Freenet is much better designed and it still has abuse potential. Although most of the ways I can see to abuse it stem from the cryptography not being fully 'there'... hashes of strings 'labelling' data is inherently abusable. Simply collide the string, or return arbritrary data for the string. The intended data-hash label method is cryptographically difficult to abuse. Then all you have to do is trust the person giving you the data tag. (Another problem entirely)
--Dan
2 point fonts tend to be unreadable. Like, Duh.
Thank god for w3m, eh?
Can we make a point of not posting articles that are illegible to everyone not using M$ products? Just like we don't post Quicktime movies.
--Dan
If I sold you "sugar" that was really arsenic, I'd be responsible. The same applies here. They're calling "bitter extremely dangerous beverage" coffee and people are not expecting this new "McDictionary" word.
Also, the reason for the punative damages wasn't even that. It was they attempted to block her claim for MEDICAL EXPENSES. Which is all she sued for. (Reasonable, under the circumstances)
It was their arrogance that prompted the jury to impose punative damages. (Which were later overturned)
--Dan