Answer: because the person who hired her lied about THEIR qualifications - they can't read. There are more than a few university graduates who can't write a 2-page letter, summarize an editorial, make a decent presentation or speech, formulate logical arguments,...oh.... BRIGHT... SHINY... THING...
Sure you are... you out and out stated that what he was doing was wrong in a "production network" and I told you to get real.
You said that the network is for whatever IT says its for, which is pretty damn pompous, and I said that is total bullshit, the whole "raison d'etre" of the network is the students, since they are the ones who are paying for it, and without them, the university would close their doors.
I also pointed out that what he did wan't harmful, and in fact was beneficial on several levels:
it helped avoid the antivirus monoculture that the badly configed CCA software was trying to enforce
it showed that there were many (at least 6) different ways to get around the system
it showed that he was reasonably responsible, since he did in fact give the code to one of his professors
it exposed the VP of IT (who is much despised by faculty and students) as being a total ass (again) who buys into the whole "security through obscurity" thing, and as such, should be terminated for cause (incompetency)
it brought out the "contol freaks" on slashdot who think that IT exists for the benefit of those running the network, and not those who pay for it
So tell me, why is helping IT promote an AV monoculture somehow "the right thing," when its bad in every other field. Or would you agree that, under the circumstances (an engineering department with half the computers not working, etc.), the VP of IT should be fired?
If this guy ever wants to move to Canada and he has a half-decent knowledge of c/c++, I know of at least one place where he'll get a chance to interview. He sounds like someone with initiative and curiosity.
Seriously, come off it... this guy did absolutely no harm, and probably a fair amount of good. The reaction of the "powers that be" was way overboard, and they need to stop doing so much crack, because its making them obscenely paranoid (and that's giving them the benefit of the doubt - if they act like this and they're NOT on crack, they're REALLY f*cked up and need to get some perspective - or they're so cowed by the people THEY report to that they will do the wrong thing, knowing its wrong, rather than piss off their bosses).
"The software never makes the common mistakes human beings make. For example, different "flavors" of the same size package of the same product should come out at the same price, and the unit price of a given item should go down as the amount bought increases. I can tell you that I have seen examples where humans have screwed this up this week. When there are two sizes of a given product, let's say a certain laundry detergent, then the price per weight of the larger package better be less than the price per weight of the smaller package, or there's never any incentive for the customer to buy the larger package. Still, I see examples where the pricers have gotten this wrong. I've even asked people at the stores if they were trying to move the smaller packages because of having too much of that size in stock or something, and they told me that no, they had no such problem."
Actually, this is quite common practice. A lot of people assume that just because the package is bigger, the "cost per gram" or "cost per ounce" MUST be lower - and they buy accordingly. Not only didn't the retailer screw up - he's making more by this "tax on ignorance."
A lot of people can't do the math in their head if one item isn't an exact multiple of another item. Others "can't be bothered" doing the math. And still others, they just make the aforementioned assumptions that "bigger == cheaper per unit". And in places where retailers are required by law to display the "per unit" price, people can't be bothered to look.
I've seen retailers take items that were dogs at $x per unit, bundle them 3 to a package and price them as "Clearance: $4x" and sell them out.
And I frequently see items that are cheaper when bought in smaller units. There's a whole "to-the-retailer" rebate thing you're missing in any such analysis - manufacturers or distributors will frequently offer retailers a rebate to promote a smaller size of an item as a way to get buyers to try out a particular brand as an impulse buy. The regular brand-loyal buyers just assume that bigger==cheaper, and don't stock up on the cheaper smaller size.
Last week, for example:
8 boxes of 36-bag tea worked out to the same price as the large 216-bag box, which holds 72 fewer... (so I bought 10)
6 cans of 28 oz. tomatoes worked out a buck cheaper than buying the 160 oz jumbo can, which holds less... (so I bought 30)
375 ml jars of sparerib sauce were less than half the price of the same brand at 500 ml - (so I bought 15 - and 6 had an added 30 cents off coupon attached, for an extra bonus)
475ml bottles of soya sauce were almost 70% less than the jumbo 900ml bottles (so I bought 5)
20 jars of olives, same scenario
10 jars of gherkin pickles, ditto
same story for 6 bottles hunts of bbq sauce
... and mustard - 5 jars
... and relish - 6 jars
... tinned peaches, tinned pears, tinned fruit cocktail - same story (25 cans)
Added to the other stuff I bought on sale (10 kg of coffee, for example, at $2.60 less per kg), I easily saved between $100.00 and $150.00
The manufacturers do their price optimizations, the wholesalers and distributors do theirs, the retailers do theirs... and it all comes down to getting the consumer to give them the money instead of giving it to someone else.
Consumers who do their own "pricing optimizations" can save a bundle, especially if they're alert to the "bigger is not necessarily cheaper" scam, and are willing to buy a years' worth at a time. It gives a better return on investment (easily 25 to 50% per annum, tax-free) than any other investment you'll find out there.
I agree 100%. Thats why I said elsewhere that CCA is part of the problem, not part of the solution. As long as people continue to wste their time trying to make Windows a viable platform, we're all at risk from botnets. A university should be the best place for people to learn new, safer skills.
Instead, we're seeing universities giving credits for knowing how to use MS-Office, etc.
"I sell pet food and I'll say that Ol' Roy is one of the cheapest priced pet foods per bag. Sure there are some others cheaper per bag at feed stores which may or may not be a better deal. I know some feed stores that use loss leaders to beat Ol' Roy. But, when comparing Ol' Roy to premium pet food the price per feeding will beat Ol' Roy most every time. So, buying a $15 bag of feed per week is more expensive than buying a $26 bag of feed per month."
It depends on which "Ol' Roy." If you buy the cheaper, cornmeal-based products, you'll definitely spend more, and be picking up more poop - than the non-cornmeal ones - look for the bag with 27% protein, 21% fat - you'll be picking up 2/3 less poop, and it actually works out a LOT cheaper per feeding (note: when you have a St. Bernard, a Newfoundland, and a big mutt, having to buy 100 lbs. of dog food a month instead of 300 lbs. a month makes a big difference in what comes out the other end, but its a lot of sh*t no matter how you look at it:-)
"Because you need a story about a crisis if you want to make the front page of slashdot:)"
Actually, its a clever slashvertisement to convince everyone that, now that the oxygen is running out, we have to stock up on "Perri-Air" brand oxygen. http://www.girlontheright.com/perriair.jpg
... after all, "price optimization" has been done for centuries, but now its "with software" instead of a paper and pencil, or a calculator, or a gut feeling.
Seriously - this is NOT new. Not even in the software field.
The funny thing is we're looking for coders at my day job, and as someone who is obviously an independent thinker, curious, isn't willing to stop at the first "solution" (he found 6 different holes), etc., he'd have more of a chance than, for example, the VP of IT, who obviously "doesn't get it" (is "VP of IT" a code phrase for "I can't read or write code worth dick?")
It was probably this sort of thinking that got the student to thinking that maybe if he didn't say anything to too many people, he could leverage this display of talent into a summer job at Cisco. They obviously need him.
And really, what did he do that was "fraudulent?" Did he "steal" access by "forging credentials?" Nope:
In criminal law, fraud is the crime or offense of deliberately deceiving another in order to damage them - usually, to obtain property or services unjustly
He already had the right to those services - he had paid for access in his student fees.
So how about civil fraud>
A civil fraud typically involves the act of intentionally making a false representation of a material fact, with the intent to deceive, which is reasonably relied upon by another person to that person's detriment.
Again, any "forged credentials" to bypass the CCA software were not used to anyone's detriment, but rather, to obtain that which was already lawfully his - net access he had paid for.
He should look into filing a criminal complaint for slander (false statements) and libel (written statements). The uni would have to prove that they were harmed, AND that he obtained services he wasn't entitled to.
Huh? So you think that because he's a computer major, the _production_ network is his personal playground? NO. The production network is only for precisely whatever IT designates it for.
... and I said to get a grip, and stop being so pompous.
The "production network" in question is not for "whatever IT designates it for" - its for the use of the university and its students, who, by the way, PAY for it. The mis-configured CCA software promotes insecurity by requiring an antivirus monoculture; there are plenty of methods of defeating it, such as the firefox user-agent switcher, so even the CCA software is only "security through obscurity."
And while you're at it, why not leave trolling to the pros:-)
"'Looking at security' is something you do for a day or two." Running a program for six months is breaking security.
He's said he found 6 different ways to get around the CCA software. Do you believe that he should be able to find and test all of those in a day or two? Think about it - maybe given another 6 months, he'd find another 6 ways...
If "looking at security" is "something you do for a day or two" you've got a great future ahead of you as a coder at Microsoft.
When I'm rewriting code at work, I try to always keep in mind the usual suspects - memory allocations without corresponding frees, too-small buffers and buffer overruns, avoiding weird casts just to suppress compiler warnings, "clever tricks" that only give a marginal performance benefit but have too much chance of being misunderstood by others ( or myself 6 months later )... and all this is directly related to the security and stability of ANY program. And yes, this program has been running 24 hours a d ay for years... a 6 month timeframe,or any timeframe, is irrelevant.
As I pointed out, running an antivirus monoculture (which is what the university's misconfigured CCA program enforced) is breaking security. The program, which allowed people to report back that they were running Symantec when they may have been running McAfee or AVG or another antivirus, actually enhances security.
Rather than being suspended, its the VP of IT who should be fired for cause, because this is just another in a L-O-N-G series of snafus.
First, any computer user can get around CCA just by using Firefox and using the user agent switcher to say that its running Linux - and this is very well known, has been for a long time, so CCA isn't about security; its about promoting a cover-your-ass mentality.
Second, CCA is part of the problem, not part of the solution. CCA isn't a cure - it's a "feel good because we're doing something about it" thing. A cure, on the other hand, will only come about if people get cut off the network because their Windows box is p0wned. Then maybe they'll switch to a real operating system, and everyone will be ahead. The longer people continue to insist on their "right" to use a proven crappy toy operating system, and the longer its tolerated, the harder it gets to fix everything.
Third, nobody was asking the school IT department to support "any software package" - if you had bothered to follow all the links, and then do some more research, you'd have found out that the VP of IT is despised by students and faculty, in part because of the crappy "support" for essentials (like half the computers in engineering don't work, AND they're not available after hours), but still finding time to force everyone to use CCA spyware.
Fourth, he wasn't "hacking a production network." He wasn't trying to break into a database, or steal sensitive information, or access the network on conditions different from any mac or linux user... or any windows user running firefox and user agent switcher. Get a grip. Be less pompous. CCA is a piece of shit. Its KNOWN to be a piece of shit. Anyone who thinks they're secure because they run CCA is incompetent and should be fired - which is what a lot of people are saying about this particular VP of IT, for this and other problems.
Fifth, its a university network. If its not there for the student's education, WFT IS it there for? (aside from downloading pr0n, that is). Its already "insecure" (CCA is readily bypassable by the firefox user agent trick) so what's the harm of pointing out other ways that CCA fails in its purpose? Or are you one of those who actually believes "security through obscurity and SLAPP lawsuits" works?
Sixth, we already know that monocultures are a bad thing. Requiring that all Windows users use the same brand of antivirus is just f*cked up. This was a stupid decision, because CCA can be configured to accept a list of AV packages. Bypassing CCA in this case is necessary if you want to avoid the problems of a monoculture within a monoculture.
But he was an idiot for not coming forward with it sooner. It completely strips his "I was going to tell Cisco later!" argument of any credibility.
If you were a student, you'd have waited until you were ready to apply for a summer internship, that is, if you had any brains or business sense.
BTW - there were students who wre not required to run CCA - they were using macs or linux. There's a lesson there - Windows is not suited for use in schools.
You obviously didn't read the articles. He did nothing that people with Macs or Linux or BSD on their computer are allowed to do. Its only Windows computers that they force users to run Cisco Clean Access... and they also force them to us Symantec Antivirus instead of letting them choose ther own AV product.
Considering that Symantec AV is not the only antivirus out there, if you were running a different antivirus, you would have to bypass CCA as well.
Check out the article - CCA was taking up to 20 minutes to load - who wouldn't bypass that?
Also, it is not clear that it "violates university policy" to write such a program, if you're a computer major, and your class work involves looking at vulnerabilities in software - which is what he learned in class. Then again, those who can, do - those who can't - teach.
FTFA:
Maass was charged with "violations of the Acceptable Use Policy, the Network Security Policy, disrespect for authority, disrespect for property, disorderly conduct and fraud," according to a letter he received from the University Judicial Board
"Disrespect for authority?" "Disorderly conduct?" Aren't they part of what yo go to university for - to question the "accepted wisdom"? Or are universities becoming enclaves where they'll start teaching that women have fewer teeth then men, because Aristotle taught that, and it must be true... (in this case Aristotle was clearly an idiot - he was married - twice - and never bothered to check!!! Sort of like the university's VP of IT, because they don't understand the difference between a program a student runs on his own computer, and "hacking their system.")
So, are they going to suspend every student who goes on a kegger? Flips the bird at a politician? Refuses to let their computer be hijacked by a buggy program? Sounds like a great place not to get an education.
BTW - his actions exactly suit his words - of course he'd withhold giving it to Cisco until he was ready to ask for a summer job / internship. Your uninformed criticism of him, on the other hand, shows you're real university administration material.
It prevents your body from producing a hormone telling you you're not hungry, so the more you eat and drink fructose, the more you want! No wonder soft drinks are fattening.
You got your peanut butter in my chocolate-y flavoured vegetable oil!
You got your chocolate-y flavoured vegetable oil in my peanut butter!
F*ing gross, dude! I ain't eating that sh*t...
Not to mention the "anal leakage" you'll get from eating too much "vegetable oil chocolatey junk".
"Again, I don't know the full merits of this case, because honestly, who the fuck follows the green party? If it's not PC, Liberal, NDP, or PQ it's pretty much off the radar for the majority of Cannucks." [sic]
In light of this, perhaps a good defense would be "the only thing worse than bad publicity is NO publicity."
... anyone who's followed the history of the Green Party in Canuckistan and their continual poor performance at the polls would have to agree... and wonder why the guy is just pushing the party further into the hinterlands...
This is one lawsuit that's doomed to fail from the get-go, if only because the plaintiff is a public/political figure due to his substantial campaign contributions, and the public has a definite interest in knowing about political party financing, and just loves a cat-fight, when former members will drag skeletons out of the closet. It won't be as good as "the night of the long knives", but then again, the Greenies aren't the PQ.
- don't get involved in politics if you have a fragile ego.
At the office, the only paper printout is our time sheets every 2 weeks (they have to be signed - otherwise, we'd just email them).
At home, my laser printer used up its cartridge last summer, and I haven't gotten around to replacing it - its not like I really need to print anything.
Of course, for really cheap printing, nothing beats a dot-matrix printer. A $7 ribbon will print 20,000 pages or more. That's 0.00035 cents per page, or almost 29 pages per penny.
The ink cartridges that come with cheap printers have only a small amount of ink in them.
So what. As the GP poster said, if the printer is $30 with a $30 rebate, all its costing you is a postage stamp. Do you really care if the "starter cartridge" is only half-full?
If we get bored we can always discuss the latest advancement in Soviet Russian Cell Phone technology. No batteries required - it burns coal. And you don't want to make calls on it, because in Soviet Russia, cell phone listens to YOU! All your calls are belong to KGB.
Speaking of which (obligatory Chernobyl reference), in Soviet Russia, atomic reactor nukes YOU!
Look out for these next russian new product announcements
caviar that glows in the dark!!!
smoke detectors that don't need americurium as a radiation source
"microwaves" that don't need a power source - just open the 100-pound lead door and throw your food in for a couple of minutes.
"Question is, why did it take 28 years?"
Answer: because the person who hired her lied about THEIR qualifications - they can't read. There are more than a few university graduates who can't write a 2-page letter, summarize an editorial, make a decent presentation or speech, formulate logical arguments, ...oh .... BRIGHT ... SHINY ... THING ...
Sure you are ... you out and out stated that what he was doing was wrong in a "production network" and I told you to get real.
You said that the network is for whatever IT says its for, which is pretty damn pompous, and I said that is total bullshit, the whole "raison d'etre" of the network is the students, since they are the ones who are paying for it, and without them, the university would close their doors.
I also pointed out that what he did wan't harmful, and in fact was beneficial on several levels:
So tell me, why is helping IT promote an AV monoculture somehow "the right thing," when its bad in every other field. Or would you agree that, under the circumstances (an engineering department with half the computers not working, etc.), the VP of IT should be fired?
If this guy ever wants to move to Canada and he has a half-decent knowledge of c/c++, I know of at least one place where he'll get a chance to interview. He sounds like someone with initiative and curiosity.
Seriously, come off it ... this guy did absolutely no harm, and probably a fair amount of good. The reaction of the "powers that be" was way overboard, and they need to stop doing so much crack, because its making them obscenely paranoid (and that's giving them the benefit of the doubt - if they act like this and they're NOT on crack, they're REALLY f*cked up and need to get some perspective - or they're so cowed by the people THEY report to that they will do the wrong thing, knowing its wrong, rather than piss off their bosses).
"The software never makes the common mistakes human beings make. For example, different "flavors" of the same size package of the same product should come out at the same price, and the unit price of a given item should go down as the amount bought increases. I can tell you that I have seen examples where humans have screwed this up this week. When there are two sizes of a given product, let's say a certain laundry detergent, then the price per weight of the larger package better be less than the price per weight of the smaller package, or there's never any incentive for the customer to buy the larger package. Still, I see examples where the pricers have gotten this wrong. I've even asked people at the stores if they were trying to move the smaller packages because of having too much of that size in stock or something, and they told me that no, they had no such problem."
Actually, this is quite common practice. A lot of people assume that just because the package is bigger, the "cost per gram" or "cost per ounce" MUST be lower - and they buy accordingly. Not only didn't the retailer screw up - he's making more by this "tax on ignorance."
A lot of people can't do the math in their head if one item isn't an exact multiple of another item. Others "can't be bothered" doing the math. And still others, they just make the aforementioned assumptions that "bigger == cheaper per unit". And in places where retailers are required by law to display the "per unit" price, people can't be bothered to look.
I've seen retailers take items that were dogs at $x per unit, bundle them 3 to a package and price them as "Clearance: $4x" and sell them out.
And I frequently see items that are cheaper when bought in smaller units. There's a whole "to-the-retailer" rebate thing you're missing in any such analysis - manufacturers or distributors will frequently offer retailers a rebate to promote a smaller size of an item as a way to get buyers to try out a particular brand as an impulse buy. The regular brand-loyal buyers just assume that bigger==cheaper, and don't stock up on the cheaper smaller size.
Last week, for example:
- 8 boxes of 36-bag tea worked out to the same price as the large 216-bag box, which holds 72 fewer
... (so I bought 10)
- 6 cans of 28 oz. tomatoes worked out a buck cheaper than buying the 160 oz jumbo can, which holds less
... (so I bought 30)
- 375 ml jars of sparerib sauce were less than half the price of the same brand at 500 ml - (so I bought 15 - and 6 had an added 30 cents off coupon attached, for an extra bonus)
- 475ml bottles of soya sauce were almost 70% less than the jumbo 900ml bottles (so I bought 5)
- 20 jars of olives, same scenario
- 10 jars of gherkin pickles, ditto
- same story for 6 bottles hunts of bbq sauce
- ... and mustard - 5 jars
- ... and relish - 6 jars
- ... tinned peaches, tinned pears, tinned fruit cocktail - same story (25 cans)
Added to the other stuff I bought on sale (10 kg of coffee, for example, at $2.60 less per kg), I easily saved between $100.00 and $150.00The manufacturers do their price optimizations, the wholesalers and distributors do theirs, the retailers do theirs ... and it all comes down to getting the consumer to give them the money instead of giving it to someone else.
Consumers who do their own "pricing optimizations" can save a bundle, especially if they're alert to the "bigger is not necessarily cheaper" scam, and are willing to buy a years' worth at a time. It gives a better return on investment (easily 25 to 50% per annum, tax-free) than any other investment you'll find out there.
I agree 100%. Thats why I said elsewhere that CCA is part of the problem, not part of the solution. As long as people continue to wste their time trying to make Windows a viable platform, we're all at risk from botnets. A university should be the best place for people to learn new, safer skills.
Instead, we're seeing universities giving credits for knowing how to use MS-Office, etc.
That's a farce. Higher education me arse! :-)
"Funny, that's NOT the quote you gave the first time around. Wave your hands all you want, it doesn't make your lies truth."
Try following the "parent" links up the chain. You'll eventually get back to where you said it here
My post (that you now accuse me of misquoting you) is the first one under it.
You might want to leave the trolling to the pros. You're really, really, really not any good at it.
"I sell pet food and I'll say that Ol' Roy is one of the cheapest priced pet foods per bag. Sure there are some others cheaper per bag at feed stores which may or may not be a better deal. I know some feed stores that use loss leaders to beat Ol' Roy. But, when comparing Ol' Roy to premium pet food the price per feeding will beat Ol' Roy most every time. So, buying a $15 bag of feed per week is more expensive than buying a $26 bag of feed per month."
It depends on which "Ol' Roy." If you buy the cheaper, cornmeal-based products, you'll definitely spend more, and be picking up more poop - than the non-cornmeal ones - look for the bag with 27% protein, 21% fat - you'll be picking up 2/3 less poop, and it actually works out a LOT cheaper per feeding (note: when you have a St. Bernard, a Newfoundland, and a big mutt, having to buy 100 lbs. of dog food a month instead of 300 lbs. a month makes a big difference in what comes out the other end, but its a lot of sh*t no matter how you look at it :-)
"Because you need a story about a crisis if you want to make the front page of slashdot :)"
Actually, its a clever slashvertisement to convince everyone that, now that the oxygen is running out, we have to stock up on "Perri-Air" brand oxygen. http://www.girlontheright.com/perriair.jpg
Seriously - this is NOT new. Not even in the software field.
The funny thing is we're looking for coders at my day job, and as someone who is obviously an independent thinker, curious, isn't willing to stop at the first "solution" (he found 6 different holes), etc., he'd have more of a chance than, for example, the VP of IT, who obviously "doesn't get it" (is "VP of IT" a code phrase for "I can't read or write code worth dick?")
It was probably this sort of thinking that got the student to thinking that maybe if he didn't say anything to too many people, he could leverage this display of talent into a summer job at Cisco. They obviously need him.
And really, what did he do that was "fraudulent?" Did he "steal" access by "forging credentials?" Nope:
He already had the right to those services - he had paid for access in his student fees.
So how about civil fraud>
Again, any "forged credentials" to bypass the CCA software were not used to anyone's detriment, but rather, to obtain that which was already lawfully his - net access he had paid for.
He should look into filing a criminal complaint for slander (false statements) and libel (written statements). The uni would have to prove that they were harmed, AND that he obtained services he wasn't entitled to.
BTW, my quoting you was 100% accurate:
You wrote:
The "production network" in question is not for "whatever IT designates it for" - its for the use of the university and its students, who, by the way, PAY for it. The mis-configured CCA software promotes insecurity by requiring an antivirus monoculture; there are plenty of methods of defeating it, such as the firefox user-agent switcher, so even the CCA software is only "security through obscurity."
And while you're at it, why not leave trolling to the pros :-)
"'Looking at security' is something you do for a day or two." Running a program for six months is breaking security.
He's said he found 6 different ways to get around the CCA software. Do you believe that he should be able to find and test all of those in a day or two? Think about it - maybe given another 6 months, he'd find another 6 ways ...
If "looking at security" is "something you do for a day or two" you've got a great future ahead of you as a coder at Microsoft.
When I'm rewriting code at work, I try to always keep in mind the usual suspects - memory allocations without corresponding frees, too-small buffers and buffer overruns, avoiding weird casts just to suppress compiler warnings, "clever tricks" that only give a marginal performance benefit but have too much chance of being misunderstood by others ( or myself 6 months later ) ... and all this is directly related to the security and stability of ANY program. And yes, this program has been running 24 hours a d ay for years ... a 6 month timeframe,or any timeframe, is irrelevant.
As I pointed out, running an antivirus monoculture (which is what the university's misconfigured CCA program enforced) is breaking security. The program, which allowed people to report back that they were running Symantec when they may have been running McAfee or AVG or another antivirus, actually enhances security.
Rather than being suspended, its the VP of IT who should be fired for cause, because this is just another in a L-O-N-G series of snafus.
First, any computer user can get around CCA just by using Firefox and using the user agent switcher to say that its running Linux - and this is very well known, has been for a long time, so CCA isn't about security; its about promoting a cover-your-ass mentality.
Second, CCA is part of the problem, not part of the solution. CCA isn't a cure - it's a "feel good because we're doing something about it" thing. A cure, on the other hand, will only come about if people get cut off the network because their Windows box is p0wned. Then maybe they'll switch to a real operating system, and everyone will be ahead. The longer people continue to insist on their "right" to use a proven crappy toy operating system, and the longer its tolerated, the harder it gets to fix everything.
Third, nobody was asking the school IT department to support "any software package" - if you had bothered to follow all the links, and then do some more research, you'd have found out that the VP of IT is despised by students and faculty, in part because of the crappy "support" for essentials (like half the computers in engineering don't work, AND they're not available after hours), but still finding time to force everyone to use CCA spyware.
Fourth, he wasn't "hacking a production network." He wasn't trying to break into a database, or steal sensitive information, or access the network on conditions different from any mac or linux user ... or any windows user running firefox and user agent switcher. Get a grip. Be less pompous. CCA is a piece of shit. Its KNOWN to be a piece of shit. Anyone who thinks they're secure because they run CCA is incompetent and should be fired - which is what a lot of people are saying about this particular VP of IT, for this and other problems.
Fifth, its a university network. If its not there for the student's education, WFT IS it there for? (aside from downloading pr0n, that is). Its already "insecure" (CCA is readily bypassable by the firefox user agent trick) so what's the harm of pointing out other ways that CCA fails in its purpose? Or are you one of those who actually believes "security through obscurity and SLAPP lawsuits" works?
Sixth, we already know that monocultures are a bad thing. Requiring that all Windows users use the same brand of antivirus is just f*cked up. This was a stupid decision, because CCA can be configured to accept a list of AV packages. Bypassing CCA in this case is necessary if you want to avoid the problems of a monoculture within a monoculture.
"But, he should have come forward to a professor or administrator first"
Well, he did give it to one of his professors. Looks like the professor also found it useful to get around the hassles of CCA ...
"And, is windows really suited for use anywhere else?"
I highly recommend all sorts of windows - casement, sliding, patio, even X Windows (or just "X") ... just not Microsoft Windows.
How is it malicious? Because he didn't give it to the GP posters buddy, who could have made some $$$ selling it!
If you were a student, you'd have waited until you were ready to apply for a summer internship, that is, if you had any brains or business sense.
BTW - there were students who wre not required to run CCA - they were using macs or linux. There's a lesson there - Windows is not suited for use in schools.
You obviously didn't read the articles. He did nothing that people with Macs or Linux or BSD on their computer are allowed to do. Its only Windows computers that they force users to run Cisco Clean Access ... and they also force them to us Symantec Antivirus instead of letting them choose ther own AV product.
Considering that Symantec AV is not the only antivirus out there, if you were running a different antivirus, you would have to bypass CCA as well.
Check out the article - CCA was taking up to 20 minutes to load - who wouldn't bypass that?
Also, it is not clear that it "violates university policy" to write such a program, if you're a computer major, and your class work involves looking at vulnerabilities in software - which is what he learned in class. Then again, those who can, do - those who can't - teach.
FTFA:
"Disrespect for authority?" "Disorderly conduct?" Aren't they part of what yo go to university for - to question the "accepted wisdom"? Or are universities becoming enclaves where they'll start teaching that women have fewer teeth then men, because Aristotle taught that, and it must be true... (in this case Aristotle was clearly an idiot - he was married - twice - and never bothered to check!!! Sort of like the university's VP of IT, because they don't understand the difference between a program a student runs on his own computer, and "hacking their system.")
So, are they going to suspend every student who goes on a kegger? Flips the bird at a politician? Refuses to let their computer be hijacked by a buggy program? Sounds like a great place not to get an education.
BTW - his actions exactly suit his words - of course he'd withhold giving it to Cisco until he was ready to ask for a summer job / internship. Your uninformed criticism of him, on the other hand, shows you're real university administration material.
"Congressman Dennis Kucinich is invited to go hunting with Cheney."
It prevents your body from producing a hormone telling you you're not hungry, so the more you eat and drink fructose, the more you want! No wonder soft drinks are fattening.
I hope this doesn't fly ...
You got your peanut butter in my chocolate-y flavoured vegetable oil! ...
You got your chocolate-y flavoured vegetable oil in my peanut butter!
F*ing gross, dude! I ain't eating that sh*t
Not to mention the "anal leakage" you'll get from eating too much "vegetable oil chocolatey junk".
"Again, I don't know the full merits of this case, because honestly, who the fuck follows the green party? If it's not PC, Liberal, NDP, or PQ it's pretty much off the radar for the majority of Cannucks." [sic]
In light of this, perhaps a good defense would be "the only thing worse than bad publicity is NO publicity."
This is one lawsuit that's doomed to fail from the get-go, if only because the plaintiff is a public/political figure due to his substantial campaign contributions, and the public has a definite interest in knowing about political party financing, and just loves a cat-fight, when former members will drag skeletons out of the closet. It won't be as good as "the night of the long knives", but then again, the Greenies aren't the PQ.
- don't get involved in politics if you have a fragile ego.
At the office, the only paper printout is our time sheets every 2 weeks (they have to be signed - otherwise, we'd just email them).
At home, my laser printer used up its cartridge last summer, and I haven't gotten around to replacing it - its not like I really need to print anything.
Of course, for really cheap printing, nothing beats a dot-matrix printer. A $7 ribbon will print 20,000 pages or more. That's 0.00035 cents per page, or almost 29 pages per penny.
People think they need color for some reason. Why I'm not exactly sure. Wow, you're still using an amber or green CRT? Wicked retro man!
You nouveau geek types. Everyone knows that teletype ribbons come in one color - black! Why anyone would need more than one color ... or a TV tube ...
"that's because ink is stored in a vacuum"
No its not. Its sealed, but not at a vacuum.
The ink cartridges that come with cheap printers have only a small amount of ink in them. So what. As the GP poster said, if the printer is $30 with a $30 rebate, all its costing you is a postage stamp. Do you really care if the "starter cartridge" is only half-full?
If we get bored we can always discuss the latest advancement in Soviet Russian Cell Phone technology. No batteries required - it burns coal. And you don't want to make calls on it, because in Soviet Russia, cell phone listens to YOU! All your calls are belong to KGB.
Speaking of which (obligatory Chernobyl reference), in Soviet Russia, atomic reactor nukes YOU!
Look out for these next russian new product announcements