This Cyberwar story has been brewing for months in the media, now the governments are brewing it up to the point they can start to bring in controls, to help save us all from this "growing problem", as they so often call these kinds of manipulation stunts.
Months? Try years. Not only have the attacks themselves been ongoing for years but articles covering them go back several years as well. Try googling for Titan Rain.
There really is a problem. And it really needs to be fixed. And one of the ways you do that is to shed light on the issue an embarrass all parties involved. Nothing penetrates the think skin of bureaucracy like embarrassment. Its one motivation that every bureaucrat responds to - witness the attempts to cover these incidents up.
That's not to say the situation can't be abused. There are people who would take advantage of events to extend the power of their personal fiefdom. And there are also well-meaning but tragically misguided individuals who would do entirely inappropriate things to try and "fix" the situation as well. We would be well served to watch for these individuals at work and derail such attempts.
... so how long before the companies start offering to sell governments "solutions" to this problem. Then they can all get rich quick, setting up new government departments and expanding others etc..
Infosec is full of snakeoil and misguided tech. Government is a big buyer of tech so they'll inevitably be reviewing some of this snakeoil. My condolences to anyone in the trenches unable to refute these sales pitches (and management that are suckered by them).
Having said that - things DO need to be done. Infosec is very much like many other environments; I've learned that if you don't pay now - you pay later. At least one of the incidents described in this series of articles could have been avoided if management had listened to me and invested in some infrastructure I had been pressing for several years beforehand. They were instituting it shortly afterward (at a greater cost).
If you want me to believe that a real cyberwar (in this case more aptly named "computer espionage") is up and going you better give me or assure me that you have some sort of evidence (like captured transmissions showing that the attackers know what they are looking for in terms of intercepted/exfiltrated data) showing that you're actually being attacked by foreign governments or skilled people with an actual terrorist agenda. There is nothing in TFA except buzzwords, hyperbole and "x declined to comment".
Actually, if you check out some of the linked articles, you'll see that reporters have reviewed documents outlining the attacks. There is certainly assurance that these things are going on.
I've participated in some of the investigations mentioned in that article. I have a pretty good familiarity with how particular attacks happened and what information was transferred and to where (or at least the first hop). And nothing I read in that article counters the facts that I have first-hand knowledge on.
Having said that - I don't know it all. I know how data was handled and where it was handed off to. I don't know who was on the other end (or how many additional hops were involved after that first one). But I also do know that these attacks are really unlike many past "skiddie" (and even more sophisticated) attacks seen in the past. For one thing - the amount of data being transferred is something very new.
How about it's not a zero-sum game? Sure - print media has the concept of finite amount of story space. But this looks like its being "covered" in electronic media. And in that case, pixels are cheap. Along those lines, the people who are commenting on this that wouldn't comment on Obama's policies - again, nothing of value is lost. These are not people taking up their precious political insight time to disect the (future) President's choice in consumer electronics.
This is a non-issue. And your issue with it being a non-issue is, in itself, a non-issue.
As for the idea that someone MIGHT put more value to this? Sure. Quite likely. There are people who probably thought Obama was a better candidate when it was hinted he might be a Star Trek fan. Some people didn't approve of him because of his gender and / or ethnicity. Heck - some people voted straight party ticked. There's all kinds of crazy things people do. So what?
Apparently it always takes a raving ego maniac to do it, however.
It certainly takes some degree of ego and drive to do it. But whether it takes a sociopathic egomaniac is debatable. We certainly have history to show some examples of success. We also have examples of failures. The question is, in the cases of those successes, did it require those personalities or did they just seize the opportunity away from other qualified people?
So you think that the "Year of Linux on the Desktop" will arrive in bits and pieces.
If it does happen. I view Linux as being a potential disruptive technology. Linux could quite possibly be the second phase of commodity platforms, providing a commodity OS on top of the existing commodity hardware (look who gained and lost from hardware commoditization and who would gain / lose from the OS becoming a commodity). I couldn't say that it will happen. But if it does happen, it'll be over time. Or it has already happened.:)
That makes sense, I came to Linux via the PS2. I had read many stories about this "Linux thing" on Slashdot and bought a PS2 Linux kit to find out what it was all about. At that time I was a WebTV user, and it also turned by PS2 into a nifty little "computer" that was far more capable than that WebTV was. Got Linux on my PS3 now, still using Linux as a "Desktop", works pretty well for my desktop needs.
Wow. If you don't mind my saying, that strikes me as a very odd route. But very interesting.
I've been using microcomputers for years - my first being a TRS-80 Mod I my father purchased in 1980. I've always had a "home computer" to play with. In 1997 a friend of mine showed me Slackware with Enlightenment. It looked slick and I had to admit it seemed very cool. But I just couldn't see any reason to mess with it myself ("OK - Linux looks interesting. But what does it do?"). Then in 1998 I got the opportunity to be a Unix admin - so I used Linux and an old DX2-66 system to get myself up to speed enough for the job. Now I'm one of those guys who hopes Linux will be in the list of disruptive technologies he's witnessed first-hand.
The problem I have is that GitS does it poorly, and a lot of people see GitS without/before seeing Bladerunner/reading DADoES?. They then proclaim it to be the best, and think everything stole from it.
I don't agree that GitS is poorly done. But I do agree that folks need some perspective before they toss around terms like "steal." Not only should they have a better idea of history, but they should readdress the concept of inspiration and the very nature of story telling. On top of that, while I agree there's similarities in the two works (if you count DADoES and Bladerunner as the same), I find that they attack the theme from fairly different directions.
But GitS fans tend to have some serious blinders on, and, as evidenced by some of the replies to my post, are extremely defensive of the movie/movies/series/manga/etc.
It might have something to do with the inflammatory nature of your post.:) Using terms like "trash" and other subjective declarations are likely to invoke similarly emotional responses - whether the fan base is overly defensive or not.
Rather than a plethora of computers to choose, from manufacturers as varied as Apple to Zenith, there was a "safe" choice.
One of the big questions about microcomputers was "what can it do?" As far as business went, there wasn't much a microcomputer could do for them (word processing was already very well handled by specific systems built for that use). That changed with Visicalc - the first spreadsheet. And Visicalc ran on the Apple II. Apple II was a part of the package that defined business use of microcomputers. That helped drive sales of Apple computers and turn microcomputers in to a multimillion dollar industry (of which Apple was a major part). And it was what caught IBM's attention who then introduced their PC.
Yeah, sure... there was always the "you'll never be fired for buying IBM" thing going on. But it was also IBM entering the market that got people wondering what was useful about microcomputers and even noticing that a revolution was going on around them. Picking IBM over Apple would become a factor later (to Apple's detriment).
But again - the point is that nailing down a particular "year of the microcomputer" isn't so easy. It was already happening before IBM took notice. It was already happening before TIME took notice. It wasn't yet happening until Compaq shipped their first product. It hadn't happened until the Internet gave home computers killer apps; email and the World Wide Web. The "year" of the microcomputer spans over a decade.
Likewise, Linux is intermixed in history. It's fun to poke at those who so badly want Linux to be a run-away success story of disruptive technology (akin to the microcomputer). But the meme is nonsense. Our tech history has never worked that way. It just seems like it does to those who one day wake up to a whole new world that appears to spring up around them like technical mushrooms.
But it does bring to mind something: when was the year of the microcomputer? The microcomputer was industry changing; world-changing even. But when was it called?
1982, when Time magazine named "The Computer", "Man of the Year"
Hmmm... OK. But is that it? Is Time the authority? What if something else stole away Time's attention in 1982? And were they even correct? Microcomputers were already changing the world when Time took notice. Maybe they were too late in their announcement. But at the same time, things were yet to come - maybe they were too early. Compaq doesn't enter the fray until 1983 and its then that the IBM clone rears its head - the initial brick on the road of commodity microcomputers which further disrupts things.
It tries to delve into identity, self awareness, etc. as well, but pales in comparison to any serious attempts (such as DADoES?, and of course Blade Runner).
And, of course, if it's been done once it can't be done again. It reminds me of a local restaurant owner. He's always talking about how various aspects of modern culture are pale comparisons to when the Greeks did it first (although he is right that the mall booth gyros hold nothing on what he makes).
I'm shocked to see this meme trotted out again. Shocked.:)
But it does bring to mind something: when was the year of the microcomputer? The microcomputer was industry changing; world-changing even. But when was it called?
I would note that microcomputers had impacted business well before the first IBM PC. Microcomputers as indispensible business equipment started with the Apple II and Visicalc. That got IBM's attention and changed its perception of the microcomputer from hobbiest toy to desirable market. Thus is born the IBM PC. And while IBM's entry in to the market did a lot to re-enforce (and in many cases introduce) the perception of the microcomputer's business use, IBM's entry lagged behind events.
And so IBM is officially jumping in to the desktop Linux market. As the lyric goes, " its all just a little bit of history repeating." The year of the microcomputer belongs to a period of history, not a date. Likewise, the year of Linux (if it ever is), will also not be televised; it will be reflected in history.
I would say you're spot-on. Not that any of this is really technically accurate. But rather, the perception is accurate. Many managers really do believe this.
Such is the nature of IT. I've seen pre-packaged, supported software completely screwed up and ineffective in practice. I've seen Uber-admins roll together some scripts that just did amazing things for years and nobody ever really had to worry about it. I've seen amazing stuff completely fall apart when the guy who knew how it all worked moved on to other things. I've seen people say something is "impossible" while ignoring the fact that not only can it be done in-house, but there's also several supported solutions being offered by big IT houses.
But at the end of the day, IT decisions are made on comfort alone. Sometimes that comfort comes from due diligence (experience and research). Often it comes from simple familiarity and a skewed perspective.
The nuances come from the computer DAC chip's ability to turn 1's and 0's into sound, and that's where audiophiles should spend their money, not on a $500 gold-plated cable.
I believe you missed this particularly helpful feature:
Additionally, signal directional markings are provided for optimum signal transfer.
Your 1's and 0's aren't getting anywhere without some directional markings to let them know which way they're going. Of course, Denon made a mistake by showing the directional marking (a double-sided arrow) in their product picture. Now all manner of hardware hackers will be simply using a magic marker to apply this wonderful feature to their bargain-basement cables. It won't work quite as well as the professional screen-printed version Denon provides. But then that level of quality is beyond the hardware hacker.
However, I want more detail about this "drive-by download" bit. There is a hole in my browser that will make it automatically download this addon, without prompting me? Give me a link. Give me the details. What versions have the hole? Has it been patched? Is there something I can do (other than "browse nothing") that will prevent this hole from being exploited? People need these details.
It sounds like they're just playing "what-if". If you've got a malicious Firefox addon, how do you get your victims to install it? Obviously the first step is to trick them in to installing it - a variation on the trojan (as named). The other way is to try and install it without user interaction. How to do that? Find an exploit in the browser, a helper application (Flash, Acrobat, Quicktime, etc.), or the OS itself to perform a generically-labled drive-by download.
Whether any of this is actually happening or not is a big question. Actual case examples would be interesting. However, such details tend to get lost in the Corporate filter.
All kidding aside... malware writers do not have mystical ninja powers. Absolute statements like "anything can be compromised" are as baseless as claiming something is "un-hackable." The actual situation depends a lot on the details and shouldn't be glossed over with tough-talk fluff.
The claim that "if you're on the internet, you're vulnerable" sounds good as it appears to fall in line with a history of bugs, exploits, and infamous examples of exploits being acted on in various ways. However, one is not actually vulnerable until that vulnerability that affects you is discovered. There's certainly a risk of such a thing happening. But there are also practices that tend to mitigate those risks. Following those practices (as well as looking for additional ways to mitigate risk) are a lot more productive than snide remarks about theoretical vulnerability.
If you're on the internet, you're vulnerable. Period.
You're so right. Hackers really have true digital power. If you don't believe hackers have true digital power, you better get a life right now or they'll hack your computer off the Internet! Hackers flip out and hack computers ALL the time. They are also mammals.
As a criminal, let's say that it's going to cost me $10,000 to hire some eastern european hacker to develop malware for my criminal enterprise (number totally made up). I get to chose which platform I have the hacker target - I can target Windows with 90% of the market, I can target OSX with 8% of the market or I can target Linux with 2% of the market (market share numbers also made up, but probably in the right ballpark).
That means that if I'm interested in profit (and this IS a criminal enterprise, so profit is the primary motive), I want to have my hacker target the platform with the highest ROI. That means that the hacker's going to go after Windows and ignore OSX and Linux.
As the Mac's market share increases, it is going to be an increasingly more attractive target for hackers, because the ROI is higher.
Sure - market share is one factor on ROI. But it's not the only factor. Another big part of ROI is how long you get to keep control of your target. If the target doesn't remain compromised very long, then you've wasted your resources (unless of course you only needed a short window - but that's implying a targeted attack and is beyond the scope of this conversation). The thing is, if you look at malware in the wild, you'll find that there are plenty of examples for Unix malware but they just don't survive long (with one exception - more on that shortly). This makes Unix platform poor ROI performers for bot herders to target.
Yet that 8% of the market issue still persists. Is that a significant enough number to warrant interest from malware producers? I don't see why not. An 8% market still a sizable number of potential hosts - far larger than most botnets. The Witty worm demonstrated that not only will small numbers be targeted, but doing so can be very successful. If the Mac's 8% were fertile territory, it would be very much in a botnet herder's interests to target it.
We know 8% market share is suitable because botnet herders are going after smaller targets; namely the 2% Linux market. But there's some caveats to this. First - we're dealing with a very different mode of attack. Researchers at Sophos believe that the attack involves a 6yr-old piece of malware - a virus called Linux/Rst-B. But the interesting thing is that if the virus is being used, it's as something of a simplified rootkit. Hosts are either being intentionally infected by this virus to provide a quick root shell or the attackers are moving around tools that are unintentionally infected. In either case, the existence of this malware is due to an already bad situation. Secondly, we're probably not really dealing with 2% - its more like ~12% of the server market. So we're dealing with a larger market share but hardly the largest (still a strike against marketshare driving attacks).
So what is making Linux worth the ROI? Smaller numbers. Compromised Linux hosts are providing stable controllers for botnets. As one needs fewer controllers than zombies in a botnet, Linux fits the bill nicely. All one needs is a mismanaged server on a stable link and a controller is gained.
So what do we get with all this? Marketshare isn't the driver that people make it out to be. Numbers are important. But there are additional factors that add weight to that importance. In the end, it's all about ROI. And that determines whether a platform makes a good target.
All viruses require a reasonable level of market share to operate, because one of the principles they rely upon is a network effect, and you just plain cannot get a network effect without a decent market share. So marketshare is, very much, a pre-requisite for a successful virus. It's not the only one, but when people say "Mac OS X hasn't been attacked yet because it doesn't have enough marketshare", they're right. That's one fundamental reason. And unless you can show that any other reasons apply, it's likely to be the only reason.
Fair point. However, Mac OS X has far more market share than something like Aros. We're talking somewhere above 8% of the market right now. That's an appreciable install base and certainly worth targeting. By comparison, the Witty worm targeted (and infected) an install base of only 12,000 systems. So sure - install base might be a factor. But it is hardly the only one.
There's little reason to believe that Mac OS X is protected from viruses by anything other than its low market share at this point. There's not a large enough group of users for network effects to take over. It is not an inherently secure operating system. The default user is generally set up with administration privileges, and it just takes a buffer overflow or other ordinary vulnerability in a client application like a web browser plug-in for a virus or worm to have complete access to the user's files, and enough access to be able to modify many of the applications the user is likely to run.
Fundamentally, Mac OS X has the same problem as Windows, and the same problem the "run-everything-as-root" Unixes did in the eighties and early nineties: too much functionality available to the default user. To fix this, you need to change the model somewhat. The very least Apple could do is set Mac OS X up so that the installer actively discourages setting up the default user as an administrator.
Wait a minute here. Correct me if I'm wrong, but my impression is that the "administrator" setting of an account allowed sudo access. That's a little different than running as root. Is there something else going on in the Mac userland?
It should also be noted that we've heard these warnings before. The doomsday scenario has yet to come to pass. And while I agree that some of the perception of imperviousness is misplaced, I am also inclined to believe there's a bit more at work here than some critics want to believe.
Ford didn't start out with expensive fancy cars that no one could afford, they changed the industry with a cheap car, built the base and then started making luxury models.
Tesla will be a niche, like Porsche, Lambo, Ferrari, Aston Martin are.
Actually - not quite. Ford's first models were not the industry-changing (if not world-changing) Model T. That comes several years later in Ford's history. And even the first Model T's weren't produced with the manufacturing technology that made it a historical icon. And it should be noted that before the Model T, there was also a very high-end luxury Model K in Ford's lineup. What Tesla is doing isn't THAT far out of line of what Ford did; introduce new technology to the public while using advances in technology (both product and manufactoring) to lower prices on future models.
When you compare Telsa to Ford, you have to look at the big difference in history. Ford entered a fairly young market with a technology that really didn't have an equivalent other than others producing similar technologies. That is, the automobile competed only with other automobiles. Telsa is entering a market with an automobile using a very different power system that has to compete in a market already saturated with conventional powered automobiles. Not only do they have to develop technology and come up with a profitable way to sell that technology, but they also have to capture the attention of the market and distinguish themselves from the conventional competition. Tough market. Especially when "electric car" has an emotional response similar to "golf cart" (and lets not kid ourselves - the car market is very much driven by emotion).
Will Telsa remain a niche? Sure - if they keep producing roadsters. But then... who would have seen Ford producing the Model T back in their early history of the Model A and Model K?
Actually it seems exactly like that. From what I have read and heard it seems like it was the culmination of things that pushed this girl over the edge. I know my mom would never turn down me or any of my siblings for support no matter how badly we disobeyed her orders. Especially if we were to the point of tears. This girl was being attacked from every angle, including her mom. It's no wonder she reacted the way she did especially when she is on medication with a reported side effect of suicidal tendencies.
Again - I'm sure the mother wishes she could relive that moment and handle the situation differently. But handling the situation badly is not the same thing as being inattentive. And it's not the same thing as being unavailable.
I'd further point out that the problem here wasn't the advice. It was spot-on. The mother was available to give that advice and she was aware of the situation enough to give the right advice. The problem was in the delivery.
As a husband and a father, I know that being "there" is a difficult job. Sometimes you're there to advise. Sometimes you just need to commiserate. Trying to read the situation and act accordingly is often difficult and you don't always get it right.
This has nothing to do with registering under a pseudonym. This has to do with psychological stalking and trauma. Please pull your head out of your ass. I'm sure it's hard to breathe up there.
This is sort of an interesting part of the case. I had first thought you were completely wrong on this point. But it turns out, I misled myself.
My initial reaction is that this isn't a murder case. In fact, there was even contention whether the girl's suicide should even be mentioned in the case. The judge eventually allowed it despite the Defense's protests. Defense attorney H. Dean Steward even called the girl's mother's testimony about the girl and her suicide "totally improper in a computer fraud case."
But having said that - stalking was very much part of the case. The Prosecution was going after Drew for violating MySpace's TOS prohibiting users from using fraudulent registration information, using accounts to obtain personal information about juvenile members and using MySpace to "harass, abuse or harm other members".
So in the end, the actual case isn't really about pseudonyms. It is, in fact, about harrassment and following a site's TOS. Although I can certainly understand someone using a pseudonym might be concerned that this case might be abused by another lawyer in another case.
True. But where were her parents? Pretty sad the girl lived in a household where she couldn't talk to her folks about what was going on.
I'm usually on the side of parents taking responsibility for the welfare of their children. It bothers me to no end when parents seem to think others should assume that responsibility. However, I'm not so sure this is one of those situations.
Then on October 15, Josh sent Megan a message saying that he didn't want to be friends anymore. The next day, Josh told her he'd heard she wasn't nice to her friends, and that's why he wanted to sever their ties.
Megan became upset and Meier, who had to leave the house to take her other daughter to an orthodontist appointment, told Megan to shut down the computer. Megan didn't do as she was told, however, and got embroiled in an electronic brawl when at least two other people began attacking her online, culminating in the final message from "Josh".
When Meier came home she found Megan still online and in tears. When she appealed to her mother for support, Meier chastised her for being on the computer when she'd been instructed to shut it down, and suggested that Megan had brought some of the attacks on herself by continuing to communicate with her attackers.
Megan, in mental anguish at this point, told her mother, "You're supposed to be my mom. You're supposed to be on my side."
I'm sure the mother wishes she could have had that moment back; handled it differently. However, this certainly doesn't seem like a case of an inattentive parent who didn't communicate with their children.
And be subject to unreasonable and unwarranted search and seizure, I wouldn't have served in the Army.
Were you DNA tagged for identification? It always made me nervous - a DNA record possibly subject to a Freedom of Information Act request (albeit somewhat far-fetched). Good intentions with lots of abuse potential.
FYI to all, the link appears to be an episode of a show called "Burn Notice" about "How to protect your home from thieves", apparently they ask a thief to get advice. (i've got no sound or interest to watch the whole thing)
Just to clarify... Burn Notice is actually about a former spy. One of the mechanics of the show is the main character (shown in this clip) explaining some spy-related concept via voice-over as it is being implemented. These monologues are of an instructional style similar to the linked video. They talk a good talk - I couldn't say how accurate the are.
Slashdot Mirror
This Cyberwar story has been brewing for months in the media, now the governments are brewing it up to the point they can start to bring in controls, to help save us all from this "growing problem", as they so often call these kinds of manipulation stunts.
Months? Try years. Not only have the attacks themselves been ongoing for years but articles covering them go back several years as well. Try googling for Titan Rain.
There really is a problem. And it really needs to be fixed. And one of the ways you do that is to shed light on the issue an embarrass all parties involved. Nothing penetrates the think skin of bureaucracy like embarrassment. Its one motivation that every bureaucrat responds to - witness the attempts to cover these incidents up.
That's not to say the situation can't be abused. There are people who would take advantage of events to extend the power of their personal fiefdom. And there are also well-meaning but tragically misguided individuals who would do entirely inappropriate things to try and "fix" the situation as well. We would be well served to watch for these individuals at work and derail such attempts.
... so how long before the companies start offering to sell governments "solutions" to this problem. Then they can all get rich quick, setting up new government departments and expanding others etc..
Infosec is full of snakeoil and misguided tech. Government is a big buyer of tech so they'll inevitably be reviewing some of this snakeoil. My condolences to anyone in the trenches unable to refute these sales pitches (and management that are suckered by them).
Having said that - things DO need to be done. Infosec is very much like many other environments; I've learned that if you don't pay now - you pay later. At least one of the incidents described in this series of articles could have been avoided if management had listened to me and invested in some infrastructure I had been pressing for several years beforehand. They were instituting it shortly afterward (at a greater cost).
If you want me to believe that a real cyberwar (in this case more aptly named "computer espionage") is up and going you better give me or assure me that you have some sort of evidence (like captured transmissions showing that the attackers know what they are looking for in terms of intercepted/exfiltrated data) showing that you're actually being attacked by foreign governments or skilled people with an actual terrorist agenda. There is nothing in TFA except buzzwords, hyperbole and "x declined to comment".
Actually, if you check out some of the linked articles, you'll see that reporters have reviewed documents outlining the attacks. There is certainly assurance that these things are going on.
I've participated in some of the investigations mentioned in that article. I have a pretty good familiarity with how particular attacks happened and what information was transferred and to where (or at least the first hop). And nothing I read in that article counters the facts that I have first-hand knowledge on.
Having said that - I don't know it all. I know how data was handled and where it was handed off to. I don't know who was on the other end (or how many additional hops were involved after that first one). But I also do know that these attacks are really unlike many past "skiddie" (and even more sophisticated) attacks seen in the past. For one thing - the amount of data being transferred is something very new.
How about it's not a zero-sum game? Sure - print media has the concept of finite amount of story space. But this looks like its being "covered" in electronic media. And in that case, pixels are cheap. Along those lines, the people who are commenting on this that wouldn't comment on Obama's policies - again, nothing of value is lost. These are not people taking up their precious political insight time to disect the (future) President's choice in consumer electronics.
This is a non-issue. And your issue with it being a non-issue is, in itself, a non-issue.
As for the idea that someone MIGHT put more value to this? Sure. Quite likely. There are people who probably thought Obama was a better candidate when it was hinted he might be a Star Trek fan. Some people didn't approve of him because of his gender and / or ethnicity. Heck - some people voted straight party ticked. There's all kinds of crazy things people do. So what?
Apparently it always takes a raving ego maniac to do it, however.
It certainly takes some degree of ego and drive to do it. But whether it takes a sociopathic egomaniac is debatable. We certainly have history to show some examples of success. We also have examples of failures. The question is, in the cases of those successes, did it require those personalities or did they just seize the opportunity away from other qualified people?
C'mon. You think if that really was Jobs, he'd post anonymously? And miss another chance to have his name appear somewhere?
So you think that the "Year of Linux on the Desktop" will arrive in bits and pieces.
If it does happen. I view Linux as being a potential disruptive technology. Linux could quite possibly be the second phase of commodity platforms, providing a commodity OS on top of the existing commodity hardware (look who gained and lost from hardware commoditization and who would gain / lose from the OS becoming a commodity). I couldn't say that it will happen. But if it does happen, it'll be over time. Or it has already happened. :)
That makes sense, I came to Linux via the PS2. I had read many stories about this "Linux thing" on Slashdot and bought a PS2 Linux kit to find out what it was all about. At that time I was a WebTV user, and it also turned by PS2 into a nifty little "computer" that was far more capable than that WebTV was. Got Linux on my PS3 now, still using Linux as a "Desktop", works pretty well for my desktop needs.
Wow. If you don't mind my saying, that strikes me as a very odd route. But very interesting.
I've been using microcomputers for years - my first being a TRS-80 Mod I my father purchased in 1980. I've always had a "home computer" to play with. In 1997 a friend of mine showed me Slackware with Enlightenment. It looked slick and I had to admit it seemed very cool. But I just couldn't see any reason to mess with it myself ("OK - Linux looks interesting. But what does it do?"). Then in 1998 I got the opportunity to be a Unix admin - so I used Linux and an old DX2-66 system to get myself up to speed enough for the job. Now I'm one of those guys who hopes Linux will be in the list of disruptive technologies he's witnessed first-hand.
The problem I have is that GitS does it poorly, and a lot of people see GitS without/before seeing Bladerunner/reading DADoES?. They then proclaim it to be the best, and think everything stole from it.
I don't agree that GitS is poorly done. But I do agree that folks need some perspective before they toss around terms like "steal." Not only should they have a better idea of history, but they should readdress the concept of inspiration and the very nature of story telling. On top of that, while I agree there's similarities in the two works (if you count DADoES and Bladerunner as the same), I find that they attack the theme from fairly different directions.
But GitS fans tend to have some serious blinders on, and, as evidenced by some of the replies to my post, are extremely defensive of the movie/movies/series/manga/etc.
It might have something to do with the inflammatory nature of your post. :) Using terms like "trash" and other subjective declarations are likely to invoke similarly emotional responses - whether the fan base is overly defensive or not.
Rather than a plethora of computers to choose, from manufacturers as varied as Apple to Zenith, there was a "safe" choice.
One of the big questions about microcomputers was "what can it do?" As far as business went, there wasn't much a microcomputer could do for them (word processing was already very well handled by specific systems built for that use). That changed with Visicalc - the first spreadsheet. And Visicalc ran on the Apple II. Apple II was a part of the package that defined business use of microcomputers. That helped drive sales of Apple computers and turn microcomputers in to a multimillion dollar industry (of which Apple was a major part). And it was what caught IBM's attention who then introduced their PC.
Yeah, sure... there was always the "you'll never be fired for buying IBM" thing going on. But it was also IBM entering the market that got people wondering what was useful about microcomputers and even noticing that a revolution was going on around them. Picking IBM over Apple would become a factor later (to Apple's detriment).
But again - the point is that nailing down a particular "year of the microcomputer" isn't so easy. It was already happening before IBM took notice. It was already happening before TIME took notice. It wasn't yet happening until Compaq shipped their first product. It hadn't happened until the Internet gave home computers killer apps; email and the World Wide Web. The "year" of the microcomputer spans over a decade.
Likewise, Linux is intermixed in history. It's fun to poke at those who so badly want Linux to be a run-away success story of disruptive technology (akin to the microcomputer). But the meme is nonsense. Our tech history has never worked that way. It just seems like it does to those who one day wake up to a whole new world that appears to spring up around them like technical mushrooms.
1982, when Time magazine named "The Computer", "Man of the Year"
Hmmm... OK. But is that it? Is Time the authority? What if something else stole away Time's attention in 1982? And were they even correct? Microcomputers were already changing the world when Time took notice. Maybe they were too late in their announcement. But at the same time, things were yet to come - maybe they were too early. Compaq doesn't enter the fray until 1983 and its then that the IBM clone rears its head - the initial brick on the road of commodity microcomputers which further disrupts things.
It tries to delve into identity, self awareness, etc. as well, but pales in comparison to any serious attempts (such as DADoES?, and of course Blade Runner).
And, of course, if it's been done once it can't be done again. It reminds me of a local restaurant owner. He's always talking about how various aspects of modern culture are pale comparisons to when the Greeks did it first (although he is right that the mall booth gyros hold nothing on what he makes).
I'm shocked to see this meme trotted out again. Shocked. :)
But it does bring to mind something: when was the year of the microcomputer? The microcomputer was industry changing; world-changing even. But when was it called?
I would note that microcomputers had impacted business well before the first IBM PC. Microcomputers as indispensible business equipment started with the Apple II and Visicalc. That got IBM's attention and changed its perception of the microcomputer from hobbiest toy to desirable market. Thus is born the IBM PC. And while IBM's entry in to the market did a lot to re-enforce (and in many cases introduce) the perception of the microcomputer's business use, IBM's entry lagged behind events.
And so IBM is officially jumping in to the desktop Linux market. As the lyric goes, " its all just a little bit of history repeating." The year of the microcomputer belongs to a period of history, not a date. Likewise, the year of Linux (if it ever is), will also not be televised; it will be reflected in history.
I would say you're spot-on. Not that any of this is really technically accurate. But rather, the perception is accurate. Many managers really do believe this.
Such is the nature of IT. I've seen pre-packaged, supported software completely screwed up and ineffective in practice. I've seen Uber-admins roll together some scripts that just did amazing things for years and nobody ever really had to worry about it. I've seen amazing stuff completely fall apart when the guy who knew how it all worked moved on to other things. I've seen people say something is "impossible" while ignoring the fact that not only can it be done in-house, but there's also several supported solutions being offered by big IT houses.
But at the end of the day, IT decisions are made on comfort alone. Sometimes that comfort comes from due diligence (experience and research). Often it comes from simple familiarity and a skewed perspective.
The nuances come from the computer DAC chip's ability to turn 1's and 0's into sound, and that's where audiophiles should spend their money, not on a $500 gold-plated cable.
I believe you missed this particularly helpful feature:
Your 1's and 0's aren't getting anywhere without some directional markings to let them know which way they're going. Of course, Denon made a mistake by showing the directional marking (a double-sided arrow) in their product picture. Now all manner of hardware hackers will be simply using a magic marker to apply this wonderful feature to their bargain-basement cables. It won't work quite as well as the professional screen-printed version Denon provides. But then that level of quality is beyond the hardware hacker.
However, I want more detail about this "drive-by download" bit. There is a hole in my browser that will make it automatically download this addon, without prompting me? Give me a link. Give me the details. What versions have the hole? Has it been patched? Is there something I can do (other than "browse nothing") that will prevent this hole from being exploited? People need these details.
It sounds like they're just playing "what-if". If you've got a malicious Firefox addon, how do you get your victims to install it? Obviously the first step is to trick them in to installing it - a variation on the trojan (as named). The other way is to try and install it without user interaction. How to do that? Find an exploit in the browser, a helper application (Flash, Acrobat, Quicktime, etc.), or the OS itself to perform a generically-labled drive-by download.
Whether any of this is actually happening or not is a big question. Actual case examples would be interesting. However, such details tend to get lost in the Corporate filter.
All kidding aside... malware writers do not have mystical ninja powers. Absolute statements like "anything can be compromised" are as baseless as claiming something is "un-hackable." The actual situation depends a lot on the details and shouldn't be glossed over with tough-talk fluff.
The claim that "if you're on the internet, you're vulnerable" sounds good as it appears to fall in line with a history of bugs, exploits, and infamous examples of exploits being acted on in various ways. However, one is not actually vulnerable until that vulnerability that affects you is discovered. There's certainly a risk of such a thing happening. But there are also practices that tend to mitigate those risks. Following those practices (as well as looking for additional ways to mitigate risk) are a lot more productive than snide remarks about theoretical vulnerability.
If you're on the internet, you're vulnerable. Period.
You're so right. Hackers really have true digital power. If you don't believe hackers have true digital power, you better get a life right now or they'll hack your computer off the Internet! Hackers flip out and hack computers ALL the time. They are also mammals.
As a criminal, let's say that it's going to cost me $10,000 to hire some eastern european hacker to develop malware for my criminal enterprise (number totally made up). I get to chose which platform I have the hacker target - I can target Windows with 90% of the market, I can target OSX with 8% of the market or I can target Linux with 2% of the market (market share numbers also made up, but probably in the right ballpark).
That means that if I'm interested in profit (and this IS a criminal enterprise, so profit is the primary motive), I want to have my hacker target the platform with the highest ROI. That means that the hacker's going to go after Windows and ignore OSX and Linux.
As the Mac's market share increases, it is going to be an increasingly more attractive target for hackers, because the ROI is higher.
Sure - market share is one factor on ROI. But it's not the only factor. Another big part of ROI is how long you get to keep control of your target. If the target doesn't remain compromised very long, then you've wasted your resources (unless of course you only needed a short window - but that's implying a targeted attack and is beyond the scope of this conversation). The thing is, if you look at malware in the wild, you'll find that there are plenty of examples for Unix malware but they just don't survive long (with one exception - more on that shortly). This makes Unix platform poor ROI performers for bot herders to target.
Yet that 8% of the market issue still persists. Is that a significant enough number to warrant interest from malware producers? I don't see why not. An 8% market still a sizable number of potential hosts - far larger than most botnets. The Witty worm demonstrated that not only will small numbers be targeted, but doing so can be very successful. If the Mac's 8% were fertile territory, it would be very much in a botnet herder's interests to target it.
We know 8% market share is suitable because botnet herders are going after smaller targets; namely the 2% Linux market. But there's some caveats to this. First - we're dealing with a very different mode of attack. Researchers at Sophos believe that the attack involves a 6yr-old piece of malware - a virus called Linux/Rst-B. But the interesting thing is that if the virus is being used, it's as something of a simplified rootkit. Hosts are either being intentionally infected by this virus to provide a quick root shell or the attackers are moving around tools that are unintentionally infected. In either case, the existence of this malware is due to an already bad situation. Secondly, we're probably not really dealing with 2% - its more like ~12% of the server market. So we're dealing with a larger market share but hardly the largest (still a strike against marketshare driving attacks).
So what is making Linux worth the ROI? Smaller numbers. Compromised Linux hosts are providing stable controllers for botnets. As one needs fewer controllers than zombies in a botnet, Linux fits the bill nicely. All one needs is a mismanaged server on a stable link and a controller is gained.
So what do we get with all this? Marketshare isn't the driver that people make it out to be. Numbers are important. But there are additional factors that add weight to that importance. In the end, it's all about ROI. And that determines whether a platform makes a good target.
All viruses require a reasonable level of market share to operate, because one of the principles they rely upon is a network effect, and you just plain cannot get a network effect without a decent market share. So marketshare is, very much, a pre-requisite for a successful virus. It's not the only one, but when people say "Mac OS X hasn't been attacked yet because it doesn't have enough marketshare", they're right. That's one fundamental reason. And unless you can show that any other reasons apply, it's likely to be the only reason.
Fair point. However, Mac OS X has far more market share than something like Aros. We're talking somewhere above 8% of the market right now. That's an appreciable install base and certainly worth targeting. By comparison, the Witty worm targeted (and infected) an install base of only 12,000 systems. So sure - install base might be a factor. But it is hardly the only one.
There's little reason to believe that Mac OS X is protected from viruses by anything other than its low market share at this point. There's not a large enough group of users for network effects to take over. It is not an inherently secure operating system. The default user is generally set up with administration privileges, and it just takes a buffer overflow or other ordinary vulnerability in a client application like a web browser plug-in for a virus or worm to have complete access to the user's files, and enough access to be able to modify many of the applications the user is likely to run.
Fundamentally, Mac OS X has the same problem as Windows, and the same problem the "run-everything-as-root" Unixes did in the eighties and early nineties: too much functionality available to the default user. To fix this, you need to change the model somewhat. The very least Apple could do is set Mac OS X up so that the installer actively discourages setting up the default user as an administrator.
Wait a minute here. Correct me if I'm wrong, but my impression is that the "administrator" setting of an account allowed sudo access. That's a little different than running as root. Is there something else going on in the Mac userland?
It should also be noted that we've heard these warnings before. The doomsday scenario has yet to come to pass. And while I agree that some of the perception of imperviousness is misplaced, I am also inclined to believe there's a bit more at work here than some critics want to believe.
Ford didn't start out with expensive fancy cars that no one could afford, they changed the industry with a cheap car, built the base and then started making luxury models.
Tesla will be a niche, like Porsche, Lambo, Ferrari, Aston Martin are.
Actually - not quite. Ford's first models were not the industry-changing (if not world-changing) Model T. That comes several years later in Ford's history. And even the first Model T's weren't produced with the manufacturing technology that made it a historical icon. And it should be noted that before the Model T, there was also a very high-end luxury Model K in Ford's lineup. What Tesla is doing isn't THAT far out of line of what Ford did; introduce new technology to the public while using advances in technology (both product and manufactoring) to lower prices on future models.
When you compare Telsa to Ford, you have to look at the big difference in history. Ford entered a fairly young market with a technology that really didn't have an equivalent other than others producing similar technologies. That is, the automobile competed only with other automobiles. Telsa is entering a market with an automobile using a very different power system that has to compete in a market already saturated with conventional powered automobiles. Not only do they have to develop technology and come up with a profitable way to sell that technology, but they also have to capture the attention of the market and distinguish themselves from the conventional competition. Tough market. Especially when "electric car" has an emotional response similar to "golf cart" (and lets not kid ourselves - the car market is very much driven by emotion).
Will Telsa remain a niche? Sure - if they keep producing roadsters. But then... who would have seen Ford producing the Model T back in their early history of the Model A and Model K?
Actually it seems exactly like that. From what I have read and heard it seems like it was the culmination of things that pushed this girl over the edge. I know my mom would never turn down me or any of my siblings for support no matter how badly we disobeyed her orders. Especially if we were to the point of tears. This girl was being attacked from every angle, including her mom. It's no wonder she reacted the way she did especially when she is on medication with a reported side effect of suicidal tendencies.
Again - I'm sure the mother wishes she could relive that moment and handle the situation differently. But handling the situation badly is not the same thing as being inattentive. And it's not the same thing as being unavailable.
I'd further point out that the problem here wasn't the advice. It was spot-on. The mother was available to give that advice and she was aware of the situation enough to give the right advice. The problem was in the delivery.
As a husband and a father, I know that being "there" is a difficult job. Sometimes you're there to advise. Sometimes you just need to commiserate. Trying to read the situation and act accordingly is often difficult and you don't always get it right.
This has nothing to do with registering under a pseudonym. This has to do with psychological stalking and trauma. Please pull your head out of your ass. I'm sure it's hard to breathe up there.
This is sort of an interesting part of the case. I had first thought you were completely wrong on this point. But it turns out, I misled myself.
My initial reaction is that this isn't a murder case. In fact, there was even contention whether the girl's suicide should even be mentioned in the case. The judge eventually allowed it despite the Defense's protests. Defense attorney H. Dean Steward even called the girl's mother's testimony about the girl and her suicide "totally improper in a computer fraud case."
But having said that - stalking was very much part of the case. The Prosecution was going after Drew for violating MySpace's TOS prohibiting users from using fraudulent registration information, using accounts to obtain personal information about juvenile members and using MySpace to "harass, abuse or harm other members".
So in the end, the actual case isn't really about pseudonyms. It is, in fact, about harrassment and following a site's TOS. Although I can certainly understand someone using a pseudonym might be concerned that this case might be abused by another lawyer in another case.
True. But where were her parents? Pretty sad the girl lived in a household where she couldn't talk to her folks about what was going on.
I'm usually on the side of parents taking responsibility for the welfare of their children. It bothers me to no end when parents seem to think others should assume that responsibility. However, I'm not so sure this is one of those situations.
From the Wired blog:
Then on October 15, Josh sent Megan a message saying that he didn't want to be friends anymore. The next day, Josh told her he'd heard she wasn't nice to her friends, and that's why he wanted to sever their ties.
Megan became upset and Meier, who had to leave the house to take her other daughter to an orthodontist appointment, told Megan to shut down the computer. Megan didn't do as she was told, however, and got embroiled in an electronic brawl when at least two other people began attacking her online, culminating in the final message from "Josh".
When Meier came home she found Megan still online and in tears. When she appealed to her mother for support, Meier chastised her for being on the computer when she'd been instructed to shut it down, and suggested that Megan had brought some of the attacks on herself by continuing to communicate with her attackers.
Megan, in mental anguish at this point, told her mother, "You're supposed to be my mom. You're supposed to be on my side."
Thirty minutes later, Megan hanged herself, Meier testified.
I'm sure the mother wishes she could have had that moment back; handled it differently. However, this certainly doesn't seem like a case of an inattentive parent who didn't communicate with their children.
It is likewise natural for a player to say, "I punched an enemy soldier," when in reality, she punched no one. All she did was press a button.'"
Likewise, I could say "I punched the monkey" when in reality, all I did was install a keylogger.
And be subject to unreasonable and unwarranted search and seizure, I wouldn't have served in the Army.
Were you DNA tagged for identification? It always made me nervous - a DNA record possibly subject to a Freedom of Information Act request (albeit somewhat far-fetched). Good intentions with lots of abuse potential.
FYI to all, the link appears to be an episode of a show called "Burn Notice" about "How to protect your home from thieves", apparently they ask a thief to get advice. (i've got no sound or interest to watch the whole thing)
Just to clarify... Burn Notice is actually about a former spy. One of the mechanics of the show is the main character (shown in this clip) explaining some spy-related concept via voice-over as it is being implemented. These monologues are of an instructional style similar to the linked video. They talk a good talk - I couldn't say how accurate the are.
That said - its a fun show. I'd recommend it.