The folks at attrition have *always* had a policy of posting email to them. It's usually a great read (and this one started back in September, ISTR). It was only when Mr. Bright Guy was outed as a congressional aide that it hit the big time.
Normally I don't care, but I'd like to know how the parent is a "Troll" here?
How do you go about "unwittingly downloaded a keylogger program"? Even if you run Win OS and use IE at default settings it takes unpatched exploit and/or click of OK. After that keylogger needs to get past firewall to ring home to be of any use. So can someone explain how this can happen on a properly maintained computer?
The people who downloaded it were upset, and certainly not as aware as they should be. The firewall issue is separate, and I'd suggest that the fact it's a medical center makes it even more of a concern, but most users are just trying to do their job. "Properly maintained" is another matter. Users should not have the ability to download or install anything; that's why we call them "USERS" and not administrators.
I watch the Daily Show. One of the reasons I do so is to get actual news, as opposed to sound bites. It's interesting, topical, and hard hitting. For someone used to getting news from a newspaper (also a waste of time), it is a welcome relief from the horror that CNN has become, or the pathetic tool that Fox News is. I'm sorry it's only on four nights a week.
You want a shock? Try to find nightly news shows from the sixties and seventies, when there was still news on television. The current incessant reporting of faux news concerning this year's blonde, or what drugs are in vogue with the latest hollywood bad boy, leaves little time to provide information about the state of the world. The need to provide great images means that it's more likely you'll see pix of a fire somewhere, than your government in action (or inaction, as the case may be).
If you don't like a book, and you're not its target audience, then put it down and don't review it.
I found the review to be informative. I have to believe that the intended audience is programmers, no matter what the author says. Do you really think that non-programmers will buy such a book? Surely they are more interested in the latest novel, than in yet another vanity piece. The points that the book made needed to be addressed, and I thought that the reviewer did so.
It's a poorly written and misleading book; that's plain. The review saves those of us inclined to buy it from doing so. I doubt very much that the slashdot audience is composed of non-technical, mid-level managers. The review was intended for us, and it served the purpose.
How is it possible for anyone to discuss this? The article requires an account on the ACM website. I would have been happy to read it, but both PDF and HTML are unavailable to anyone who doesn't have access. Anyone who has that would do a kindness to the rest of us by posting some of the relevant bits here, please.
I continue to be amazed at the personal details shared across the internet. At one time, I put my phone number, office number, and alternate email addresses, in my signature. That changed significantly after AOL "joined" the internet, of course. With the panic in human resources about providing or receiving references (beyond the dates of employment), things like myspace provde an interesting adjunct to vetting future workers.
It isn't just the inappropriate pictures that will keep you from being employed. It's the evidence that you can't keep quiet about things, that you're not trustworthy, that you're not even very good with grammar and spelling (in the real world, spelling counts). Once upon a time you could move away from a bad reputation, or switch jobs to leave behind a bad experience or two. Now, with things like zabasearch and google hacks to track you down, youthful indescretion becomes a permanent and inescapable brand.
...managed to get by with little more than a 'team lead' position, but as our division grows, they are looking to hire a full-on engineering manager. I was one of the candidates, with my current boss's favorable recommendation, but I withdrew my resume when they told me the job was all paper and schedules; I'd never touch code or hardware again.
I see that you know something important, without having had to suffer to find it out. I've steadfastly resisted attempts to make me into management over the years, and have hired, or been involved in selecting, my own boss multiple times. Management is rewarding for those that like it, but a pit of misery if you really prefer doing the technical stuff.
There are a couple of questions you need to ask yourself, before going into this:
Do you want someone who was technical, and has now moved on?
How important are management skills in your company (traditional things, like interperson relationships, and organizational psychology)?
Will you be comfortable with someone much (older, younger, higher paid, lower paid) than you?
You will also want answers to general things (some of which you may have already thought of):
Is this someone who will support you, or want to direct you (more than you may be comfortable with)?
Why is this person leaving the current position (or why did they)?
What experience or knowledge do they have or your industry (this is more important in the case of someone who's not technical)?
Think about whether you'd hire this person to work for you, or along side of you. Would you go out for a beer?
How will you feel at evaluation time? Is this someone you can respect, and will not resent when they make constructive criticism?
If I'd had more coffee, I'd have probably had more to say. Congratulations on making the right decision, and on having a management structure that supports your decision.
I'm posting my own translation, to clear up a couple of things.
> > It's a sad state of affairs, but not surprising. It's been a long time since the "CIFS is caca" paper...
> CIFS=Common Internet File System. This is a reference to the security flaws highlighted by Hobbit (from memory it was defcon 5, back in 1997) in the microsoft SMB (windows networking) products.
You're correct on which defcon, but I'd like to remind you that mudge and *hobbit* stood up there together. I was saddened to see how quickly mudge compromised his principles for cash. I have nothing but respect for *hobbit*, who has retained his.
> > and I lost respect for the l0pht back when *hobbit* was edged out. Mudge became "Dr. Mudge" (as if), and they all started running after the limelight. Sad, really. The Hacker News Network is long gone, and mudge is Pieter. It sucks for Dan, but it's just more of the same for the rest of us.
> L0pht Heavy Industries (creaters of the L0phtcrack suite Pwdump that allowed brute force cracking of windows NT user/passes) went though a period of internal discontent. I cannot provide any details on this.
It was more than just a bit of internal discontent. I'd say it was a basic separation into two camps; the old school hackers, and the group that felt it would be good to take advantage of the notoriety, and cash in. The original Back Orifice product was written by cult of the dead cow, and only ran on windows 95/98. It was a (soon to be) member of the l0pht that rewrote it to work on win NT. L0phtcrack was not the only thing interesting that came out of that group. Wish I'd made a mirror of the old site. There was plenty of MS bashing.
> > It takes a lot of nerve for Chris Wysopal to issue his little statement. Weld Pond would never have said something like that. Man, it's been a long path from BO2K to appeasing Microsoft. What a long, strange trip it's been. Sigh.
> I have to admit this part has me stumped. I assume he means that Chris Wysopal of @stake would answer differently to Weld Pond of Lopht. Since they are one and the same person I assume he means to highlight the change over time in Chris's opinions/loyalties... not really surprising in the context of articles like this (para. headed Who's Who).
Yeah, I was perfectly aware that Weld Pond == Chris Wysopal. The comment was expressing my sadness at just how much he's changed. Thanks for the link to the Register, I'd forgotten that article. That grouping never came off, BTW, but there's still the pay early version of CERT that doesn't much make me happy.
> It has indeed been a long and strange trip... no end in sight yet.
With a high paying open source company... oh wait, it's 2003, not 1998.
It's a sad state of affairs, but not surprising. It's been a long time since the "CIFS is caca" paper, and I lost respect for the l0pht back when *hobbit* was edged out. Mudge became "Dr. Mudge" (as if), and they all started running after the limelight. Sad, really. The Hacker News Network is long gone, and mudge is Pieter. It sucks for Dan, but it's just more of the same for the rest of us.
It takes a lot of nerve for Chris Wysopal to issue his little statement. Weld Pond would never have said something like that. Man, it's been a long path from BO2K to appeasing Microsoft. What a long, strange trip it's been. Sigh.
My mouth hit the floor when I saw your signature line. Letting the Interent be run primarily by companies that have the bottom line on their mind, is not the way to foster freedom on the Internet nor in anything else. Why do you advocate large corporate CONTROL of the net, if you want to maintain your liberties?
I don't ordinarily answer this sort of thing, but I suppose you deserve it. I can see that you are young, and that you may not have a clear idea of how things actually work. You are a user of the resources that make up the Internet proper. The Internet[tm] is "run primarily by companies that have the bottom line on their mind(sic)..." If it was not, who do you think would move those packets?
Certainly not the majority of the denizens on slash dot, amusing though most of them are. Freedom is measured larger than you are looking. I am far more concerned with the erosions of liberty in the US since 9/11 than I am about some silly turf war over who manages a TLD. Sure, I'd have liked to see Carl Malamud and company get the administration; I have a lot of respect for Carl. Still, life goes on.
Get a little perspective on things. I survived the great renaming. Everything else is easy.
This is completely unprofessional. The Internet needs some guidance, but I don't see it coming from large corporations. I don't think an Internet run by the government is the best thing either. Any ideas people?
My, my, my. Yet another death of the internet as we know it moment. I don't necessarily agree with the choice made by ICANN, but it's not a popularity contest, folks. If you think that the Internet is something that works without large corporations, you need to pay attention a bit better.
Try a traceroute from somewhere to anywhere else. See all those funny names on the routers? Who do you think owns them? That's right, big corporations. I have a dot org, and I'm not worried in the slightest about anyone changing the rules. The world didn't fall over when some of the root servers moved out of the US, and it won't fall over if management of dot org is by a for-profit organization.
Hey, anything that's not Verisign is fine with me.
What's the point of taking a language that jumps through hoops to be "cross-platform" and cutting it's legs off?
It seems like you might not have read the article all the way through. It doesn't recommend only native compilation, but it does make a nice comparison between the two solutions. It points out when you might want to take advantage of native compilation, and when it doesn't help. You are always free to generate byte code in addition.
Much of the work I do would be nicer and easier in Java than in other languages, but Java is just too slow and large for my purposes. This gives me the chance to use a language that has a little elegance, without giving up the speed of execution that I require. C++ just doesn't cut it, and it's tough trying to write this kind of code in C (but not impossible, it just takes a little discipline).
Java isn't really cross platform anyway. Where's the JVM for MVS?
Employers are winning key legal victories against former workers who criticize them online.
I know that I will probably get slammed for this, but I am not sure that the article is really fair about most of the situations it's discussing. The case of the Intel employee emailing his grievances over and over to all the employees at Intel is a fine example. I don't see that what he was doing was any different than any other spammer, nor did some of the people who work there.
It's tough when people take advantage of anonymous posting to state things that they'd never be allowed to in print, since they'd be immediately sued for libel. There is no easy answer, of course, but companies should be able to stop truly libelous statements, and they should also be able to stop idiots like the Intel spammer. At least, they should be able to answer the detractors in the same public forum that the libel was stated.
I'd still rather see them able to just interleave the supposed libel with truth, which seems fair enough, rather than exposing anonymous posters. I truly prefer to protecct anonymity, even when abused, as some folk do, so that those few who truly need it will still find it available.
IMO, this is further indication that the internet is maturing as a communications medium. Until last year, the net was fairly new and its nature and content evolved every month. I think we are finally beginning to realize what we are going to do with it.
Say what? Until last year?
First, the hypertext transport protocol does not define the net (that's http to you youngsters).
Second, the net's been around for more than a quarter century, and shows no signs of slowing down.
Third, I think that you might want to hang around for a few years or so before you start to make pronouncements like this one. Check out the posts that Google has archived if you don't think your mistakes live forever. Mine sure do (and I left them there, why not?).
Fourth, the internet is indeed maturing. It will continue to change, and grow, just as it has in the past. Remember, the future is stranger than we can imagine.
give users the ability to run arbitrary shell commands
Well, sure, but did you bother to note the date that the problem occurred on? That advisory has a timestamp of: Date: Fri, 29 May 1998 16:24:28 -0700
I'm sure that it's probably filled with security holes, but it seems fair to point out that one was fixed long ago.
What Yahoo! does makes a lot of business sense. However they are forsaking a large amount of goodwill as they acquire and corrupt various sites that used to be very nice resources. Alas, that is the way of the capitalist. I can't say I'll feel sorry when it comes back and bites them later.
I still have a rocketmail account. I really miss rocketmail, which is one of the many things that yahoo swallowed. I think that they were interested more in acquiring the 411 database that came with rocketmail, than actually keeping most of the other services that came with it. I don't blame people for wanting to make money, but I wish that it was a little easier to leave a few little corners of ingenuity alone. Rocketmail, Geocities, 411, Webring...
I almost never read that account, but it's nice that it's still there. Guess I should be grateful that it didn't get thrown out along with everything else. Yahoo used to be a couple of fun guys in a trailer on campus. Times sure have changed.
He implied that it was charitible work, which it certainly sounded like. That still doesn't answer the question of what operating system is needed, and what applications. It also doesn't answer the question of exactly how it would get there.
Nice that you're offering to take the risk, but your employer is going to ask harder questions than I did, and then they'll still say no. I have laptops, and would be willing to send one off if I could see that it was really going to what the poster asked for.
You may think I'm being cynical, but I know that the world abounds with scoundrels, and would like to understand how Johannes thinks that the cost of sending a laptop overseas would be any less than just giving him the money. I hope that the person who offered to hand carry it can come through, myself, because I don't hold out much hope for any other methods.
.
You don't say what operating system you need, or what software you need to run on it. For example, do you require a specific version of Microsoft OS, are there issues with software you are using that will keep you from using a later version of that OS? Are you planning on installing a Linux of *BSD OS? Do you need a modem? Do you need network?
You also need to provide details about the charity. In the US I could look up the details to make sure that this wasn't a scam. Sorry to say that, but it's always a possibility, you know. Do you have some sort of evidence that you are a charity? Is there someone who can vouch for you?
Please reply publically. These are questions that a lot of people will be asking themselves, and it may help you to get what you need.
I'd really like to know what originally motivated you to start this. How about a brief bio, with the event (or events) that inspired you to take the FOIA to new heights. I've known of you for a few years, but you were already well on your way by the time I discovered jya.
Really. Post how much. I'd be happy to pay a subscription fee. I also liked the idea of another poster about modding the advertisement up or down. Advertisers should be thrilled with that kind of feedback.
Moderators, I'd have given this post higher than 0, even if it is an AC post. Until I read the WHOLE article, I didn't know that it wasn't quicktime they were selling. Hey, I'm not a mac user, but I've heard of quicktime. Why didn't they use something a little more unique (or else why wasn't there mention in the macslash or slashdot reports that it wasn't quicktime)?
I dunno. I'd have been more excited if it had been quicktime, myself.
>Uh, FYI, Sameer is not the "S" in RSA. He was, >however, the founder of C2Net software,
You know, I knew that. Oops. Still, he's certainly one to be trusted (and not to run from a little controversy).
>I'm horribly biased, since I work at Securify...
Ok, you've got to guess what I'm going to ask next. Confidence Remains High? Keep or toss? How about the most fabulous collection of computer/unix humor ever? Keep or toss? I'm sure that there's other stuff I'll miss, I just don't remember what it is right now. C'mon, fess up. You must have some ideas.
Of course it won't be the same PacketStorm, and we have the little twit at Antionline to thank for it. The only reason that Harvard didn't wipe all of Ken's info (and that includes his schoolwork) is because of the thousands of emails from security professionals protesting the jump to conclusions, and the terrible loss of all Ken's work.
Ken's site has been a major one for me for a very long time, and I considered it to be a tragic loss. The lies that were told by Vranesivich to Harvard should not have been believed without verification, but there you have it. They were frightened into jumping, and then (I suspect) felt that they couldn't back down.
On the other hand, I've always known Ken to be an honest person. If he says that Securify is going to keep it the same, then I have to believe that they'll try. Don't forget who actually founded Securify. They are not exactly a bunch of conservatives, nor are they cowards.
Sameer Parekh (the S in RSA), Jon Callas (OpenPGP), and the man in charge of the original Securify, Taher Elgamal (I really don't have to explain that, do I?). Sameer was one of the featured speakers at Defcon 7 this past July.
I have hopes, and I hope that Ken does really well whereever he is. He certainly deserves a little success (and it must really annoy JP).
Of course we should continue to use the word hacker. I coninue to use it to describe myself. I have also been called a "house wizard,"(*) which I consider _different_ than the word hacker.
While I believe that both of them describe me, I do not think they mean the same thing. I recently wrote an article for an in-house publication, and I suggested forming a team of hackers (and that is the word I used) that would be short-term on any assignment, meant to rescue and fight fires, not meant to work long-term on anything. Although there was some suggestion initially that I make clear what I meant by hacker, no one asked me not to use the word, or to replace it with something more PC.
It references a fabulous paper, published in "First Monday," which is entitled "Technology and Pleasure: Considering Hacking Constructive" (http://firstmonday.org/issues/issue4_2/gisle/).
Many words have multiple meanings. Call a person an animal in a rude tone of voice, and the pejorative meaning is obvious. Say it affectionately to a very close friend, and the meaning changes. There is no reason that we cannot continue to use the word hacker to describe ourselves, since it should be apparent in context that we are speaking in a positive rather than negative manner.
[the email address is fake. the right one is easy to figure out.]
(*) House Wizard: [prob. from ad-agency tradetalk, "house freak"] n. A hacker occupying a technical-specialist, R&D, or systems position at a commercial shop. A really effective house wizard can have influence out of all proportion to his/her ostensible rank and still not have to wear a suit. Used esp. of UNIX wizards. The term house guru is equivalent. (from the Hacker's Dictionary)
Slashdot Mirror
More curious as to whether posting is possible than caring about this particular subject...
The folks at attrition have *always* had a policy of posting email to them. It's usually a great read (and this one started back in September, ISTR). It was only when Mr. Bright Guy was outed as a congressional aide that it hit the big time.
I love the smell of napalm in December.
Normally I don't care, but I'd like to know how the parent is a "Troll" here?
How do you go about "unwittingly downloaded a keylogger program"? Even if you run Win OS and use IE at default settings it takes unpatched exploit and/or click of OK. After that keylogger needs to get past firewall to ring home to be of any use. So can someone explain how this can happen on a properly maintained computer?
The people who downloaded it were upset, and certainly not as aware as they should be. The firewall issue is separate, and I'd suggest that the fact it's a medical center makes it even more of a concern, but most users are just trying to do their job. "Properly maintained" is another matter. Users should not have the ability to download or install anything; that's why we call them "USERS" and not administrators.
There were multiple failures here.
I watch the Daily Show. One of the reasons I do so is to get actual news, as opposed to sound bites. It's interesting, topical, and hard hitting. For someone used to getting news from a newspaper (also a waste of time), it is a welcome relief from the horror that CNN has become, or the pathetic tool that Fox News is. I'm sorry it's only on four nights a week.
You want a shock? Try to find nightly news shows from the sixties and seventies, when there was still news on television. The current incessant reporting of faux news concerning this year's blonde, or what drugs are in vogue with the latest hollywood bad boy, leaves little time to provide information about the state of the world. The need to provide great images means that it's more likely you'll see pix of a fire somewhere, than your government in action (or inaction, as the case may be).
If you don't like a book, and you're not its target audience, then put it down and don't review it.
I found the review to be informative. I have to believe that the intended audience is programmers, no matter what the author says. Do you really think that non-programmers will buy such a book? Surely they are more interested in the latest novel, than in yet another vanity piece. The points that the book made needed to be addressed, and I thought that the reviewer did so.
It's a poorly written and misleading book; that's plain. The review saves those of us inclined to buy it from doing so. I doubt very much that the slashdot audience is composed of non-technical, mid-level managers. The review was intended for us, and it served the purpose.
How is it possible for anyone to discuss this? The article requires an account on the ACM website. I would have been happy to read it, but both PDF and HTML are unavailable to anyone who doesn't have access. Anyone who has that would do a kindness to the rest of us by posting some of the relevant bits here, please.
I continue to be amazed at the personal details shared across the internet. At one time, I put my phone number, office number, and alternate email addresses, in my signature. That changed significantly after AOL "joined" the internet, of course. With the panic in human resources about providing or receiving references (beyond the dates of employment), things like myspace provde an interesting adjunct to vetting future workers.
It isn't just the inappropriate pictures that will keep you from being employed. It's the evidence that you can't keep quiet about things, that you're not trustworthy, that you're not even very good with grammar and spelling (in the real world, spelling counts). Once upon a time you could move away from a bad reputation, or switch jobs to leave behind a bad experience or two. Now, with things like zabasearch and google hacks to track you down, youthful indescretion becomes a permanent and inescapable brand.
No second chances. Sad.
I see that you know something important, without having had to suffer to find it out. I've steadfastly resisted attempts to make me into management over the years, and have hired, or been involved in selecting, my own boss multiple times. Management is rewarding for those that like it, but a pit of misery if you really prefer doing the technical stuff.
There are a couple of questions you need to ask yourself, before going into this:
You will also want answers to general things (some of which you may have already thought of):
If I'd had more coffee, I'd have probably had more to say. Congratulations on making the right decision, and on having a management structure that supports your decision.
I'm posting my own translation, to clear up a couple of things.
> > It's a sad state of affairs, but not surprising. It's been a long time since the "CIFS is caca" paper...
> CIFS=Common Internet File System. This is a reference to the security flaws highlighted by Hobbit (from memory it was defcon 5, back in 1997) in the microsoft SMB (windows networking) products.
You're correct on which defcon, but I'd like to remind you that mudge and *hobbit* stood up there together. I was saddened to see how quickly mudge compromised his principles for cash. I have nothing but respect for *hobbit*, who has retained his.
> > and I lost respect for the l0pht back when *hobbit* was edged out. Mudge became "Dr. Mudge" (as if), and they all started running after the limelight. Sad, really. The Hacker News Network is long gone, and mudge is Pieter. It sucks for Dan, but it's just more of the same for the rest of us.
> L0pht Heavy Industries (creaters of the L0phtcrack suite Pwdump that allowed brute force cracking of windows NT user/passes) went though a period of internal discontent. I cannot provide any details on this.
It was more than just a bit of internal discontent. I'd say it was a basic separation into two camps; the old school hackers, and the group that felt it would be good to take advantage of the notoriety, and cash in. The original Back Orifice product was written by cult of the dead cow, and only ran on windows 95/98. It was a (soon to be) member of the l0pht that rewrote it to work on win NT. L0phtcrack was not the only thing interesting that came out of that group. Wish I'd made a mirror of the old site. There was plenty of MS bashing.
> > It takes a lot of nerve for Chris Wysopal to issue his little statement. Weld Pond would never have said something like that. Man, it's been a long path from BO2K to appeasing Microsoft. What a long, strange trip it's been. Sigh.
> I have to admit this part has me stumped. I assume he means that Chris Wysopal of @stake would answer differently to Weld Pond of Lopht. Since they are one and the same person I assume he means to highlight the change over time in Chris's opinions/loyalties... not really surprising in the context of articles like this (para. headed Who's Who).
Yeah, I was perfectly aware that Weld Pond == Chris Wysopal. The comment was expressing my sadness at just how much he's changed. Thanks for the link to the Register, I'd forgotten that article. That grouping never came off, BTW, but there's still the pay early version of CERT that doesn't much make me happy.
> It has indeed been a long and strange trip... no end in sight yet.
It's a sad state of affairs, but not surprising. It's been a long time since the "CIFS is caca" paper, and I lost respect for the l0pht back when *hobbit* was edged out. Mudge became "Dr. Mudge" (as if), and they all started running after the limelight. Sad, really. The Hacker News Network is long gone, and mudge is Pieter. It sucks for Dan, but it's just more of the same for the rest of us.
It takes a lot of nerve for Chris Wysopal to issue his little statement. Weld Pond would never have said something like that. Man, it's been a long path from BO2K to appeasing Microsoft. What a long, strange trip it's been. Sigh.
I don't ordinarily answer this sort of thing, but I suppose you deserve it. I can see that you are young, and that you may not have a clear idea of how things actually work. You are a user of the resources that make up the Internet proper. The Internet[tm] is "run primarily by companies that have the bottom line on their mind(sic)..." If it was not, who do you think would move those packets?
Certainly not the majority of the denizens on slash dot, amusing though most of them are. Freedom is measured larger than you are looking. I am far more concerned with the erosions of liberty in the US since 9/11 than I am about some silly turf war over who manages a TLD. Sure, I'd have liked to see Carl Malamud and company get the administration; I have a lot of respect for Carl. Still, life goes on.
Get a little perspective on things. I survived the great renaming. Everything else is easy.
My, my, my. Yet another death of the internet as we know it moment. I don't necessarily agree with the choice made by ICANN, but it's not a popularity contest, folks. If you think that the Internet is something that works without large corporations, you need to pay attention a bit better.
Try a traceroute from somewhere to anywhere else. See all those funny names on the routers? Who do you think owns them? That's right, big corporations. I have a dot org, and I'm not worried in the slightest about anyone changing the rules. The world didn't fall over when some of the root servers moved out of the US, and it won't fall over if management of dot org is by a for-profit organization.
Hey, anything that's not Verisign is fine with me.
It seems like you might not have read the article all the way through. It doesn't recommend only native compilation, but it does make a nice comparison between the two solutions. It points out when you might want to take advantage of native compilation, and when it doesn't help. You are always free to generate byte code in addition.
Much of the work I do would be nicer and easier in Java than in other languages, but Java is just too slow and large for my purposes. This gives me the chance to use a language that has a little elegance, without giving up the speed of execution that I require. C++ just doesn't cut it, and it's tough trying to write this kind of code in C (but not impossible, it just takes a little discipline).
Java isn't really cross platform anyway. Where's the JVM for MVS?
I know that I will probably get slammed for this, but I am not sure that the article is really fair about most of the situations it's discussing. The case of the Intel employee emailing his grievances over and over to all the employees at Intel is a fine example. I don't see that what he was doing was any different than any other spammer, nor did some of the people who work there.
It's tough when people take advantage of anonymous posting to state things that they'd never be allowed to in print, since they'd be immediately sued for libel. There is no easy answer, of course, but companies should be able to stop truly libelous statements, and they should also be able to stop idiots like the Intel spammer. At least, they should be able to answer the detractors in the same public forum that the libel was stated.
I'd still rather see them able to just interleave the supposed libel with truth, which seems fair enough, rather than exposing anonymous posters. I truly prefer to protecct anonymity, even when abused, as some folk do, so that those few who truly need it will still find it available.
Say what? Until last year?
First, the hypertext transport protocol does not define the net (that's http to you youngsters).
Second, the net's been around for more than a quarter century, and shows no signs of slowing down.
Third, I think that you might want to hang around for a few years or so before you start to make pronouncements like this one. Check out the posts that Google has archived if you don't think your mistakes live forever. Mine sure do (and I left them there, why not?).
Fourth, the internet is indeed maturing. It will continue to change, and grow, just as it has in the past. Remember, the future is stranger than we can imagine.
I'm sure that it's probably filled with security holes, but it seems fair to point out that one was fixed long ago.
I still have a rocketmail account. I really miss rocketmail, which is one of the many things that yahoo swallowed. I think that they were interested more in acquiring the 411 database that came with rocketmail, than actually keeping most of the other services that came with it. I don't blame people for wanting to make money, but I wish that it was a little easier to leave a few little corners of ingenuity alone. Rocketmail, Geocities, 411, Webring...
I almost never read that account, but it's nice that it's still there. Guess I should be grateful that it didn't get thrown out along with everything else. Yahoo used to be a couple of fun guys in a trailer on campus. Times sure have changed.
He implied that it was charitible work, which it certainly sounded like. That still doesn't answer the question of what operating system is needed, and what applications. It also doesn't answer the question of exactly how it would get there.
Nice that you're offering to take the risk, but your employer is going to ask harder questions than I did, and then they'll still say no. I have laptops, and would be willing to send one off if I could see that it was really going to what the poster asked for.
You may think I'm being cynical, but I know that the world abounds with scoundrels, and would like to understand how Johannes thinks that the cost of sending a laptop overseas would be any less than just giving him the money. I hope that the person who offered to hand carry it can come through, myself, because I don't hold out much hope for any other methods.
.
You don't say what operating system you need, or what software you need to run on it. For example, do you require a specific version of Microsoft OS, are there issues with software you are using that will keep you from using a later version of that OS? Are you planning on installing a Linux of *BSD OS? Do you need a modem? Do you need network?
You also need to provide details about the charity. In the US I could look up the details to make sure that this wasn't a scam. Sorry to say that, but it's always a possibility, you know. Do you have some sort of evidence that you are a charity? Is there someone who can vouch for you?
Please reply publically. These are questions that a lot of people will be asking themselves, and it may help you to get what you need.
I'd really like to know what originally motivated you to start this. How about a brief bio, with the event (or events) that inspired you to take the FOIA to new heights. I've known of you for a few years, but you were already well on your way by the time I discovered jya.
Thanks for everything.
Really. Post how much. I'd be happy to pay a subscription fee. I also liked the idea of another poster about modding the advertisement up or down. Advertisers should be thrilled with that kind of feedback.
Please, please, please. No pop up ads.
Moderators, I'd have given this post higher than 0, even if it is an AC post. Until I read the WHOLE article, I didn't know that it wasn't quicktime they were selling. Hey, I'm not a mac user, but I've heard of quicktime. Why didn't they use something a little more unique (or else why wasn't there mention in the macslash or slashdot reports that it wasn't quicktime)?
I dunno. I'd have been more excited if it had been quicktime, myself.
>Uh, FYI, Sameer is not the "S" in RSA. He was,
>however, the founder of C2Net software,
You know, I knew that. Oops. Still, he's certainly one to be trusted (and not to run from a little controversy).
>I'm horribly biased, since I work at Securify...
Ok, you've got to guess what I'm going to ask next. Confidence Remains High? Keep or toss? How about the most fabulous collection of computer/unix humor ever? Keep or toss? I'm sure that there's other stuff I'll miss, I just don't remember what it is right now. C'mon, fess up. You must have some ideas.
-me-
Of course it won't be the same PacketStorm, and we have the little twit at Antionline to thank for it. The only reason that Harvard didn't wipe all of Ken's info (and that includes his schoolwork) is because of the thousands of emails from security professionals protesting the jump to conclusions, and the terrible loss of all Ken's work.
Ken's site has been a major one for me for a very long time, and I considered it to be a tragic loss. The lies that were told by Vranesivich to Harvard should not have been believed without verification, but there you have it. They were frightened into jumping, and then (I suspect) felt that they couldn't back down.
On the other hand, I've always known Ken to be an honest person. If he says that Securify is going to keep it the same, then I have to believe that they'll try. Don't forget who actually founded Securify. They are not exactly a bunch of conservatives, nor are they cowards.
Sameer Parekh (the S in RSA), Jon Callas (OpenPGP), and the man in charge of the original Securify, Taher Elgamal (I really don't have to explain that, do I?). Sameer was one of the featured speakers at Defcon 7 this past July.
I have hopes, and I hope that Ken does really well whereever he is. He certainly deserves a little success (and it must really annoy JP).
-me-
Of course we should continue to use the word hacker. I coninue to use it to describe myself. I have also been called a "house wizard,"(*) which I consider _different_ than the word hacker.
While I believe that both of them describe me, I do not think they mean the same thing. I recently wrote an article for an in-house publication, and I suggested forming a team of hackers (and that is the word I used) that would be short-term on any assignment, meant to rescue and fight fires, not meant to work long-term on anything. Although there was some suggestion initially that I make clear what I meant by hacker, no one asked me not to use the word, or to replace it with something more PC.
It references a fabulous paper, published in "First Monday," which is entitled "Technology and Pleasure: Considering Hacking Constructive" (http://firstmonday.org/issues/issue4_2/gisle/).
Many words have multiple meanings. Call a person an animal in a rude tone of voice, and the pejorative meaning is obvious. Say it affectionately to a very close friend, and the meaning changes. There is no reason that we cannot continue to use the word hacker to describe ourselves, since it should be apparent in context that we are speaking in a positive rather than negative manner.
[the email address is fake. the right one is easy to figure out.]
(*)
House Wizard: [prob. from ad-agency tradetalk, "house freak"] n. A hacker occupying a technical-specialist, R&D, or systems position at a commercial shop. A really effective house wizard can have influence out of all proportion to his/her ostensible rank and still not have to wear a suit. Used esp. of UNIX wizards. The term house guru is equivalent. (from the Hacker's Dictionary)