Nor by the fact that this has been about the worst year in a decade for a lot of other industries, too.
Or does RIAA think themselves exempt from a recession?
Well, I don't know about you, but when I am facing the doors of my company closing in two weeks, with no savings, a $2000 a month rent, and a tough struggle to find a new job looming bigger and bigger every day, there is only one thing on my mind...
Buying N'Sync's Greatest Hits at full retail price that may or may not play on my CD player!
FINALLY! Some congress-critters are beginning to think that the RIAA might not be the next best thing since apple-pie. I wonder if this is in any way the result of the wonderful efforts of this community and others like it. It is a nice thing to see when you see the Great Machine begin to slowly turn the right way...
But don't stop now. Not only should you continue to keep those letters and emails flowing, but you should also send new letters and email praising the efforts of those congress-folk who make a good descision, after all, they like to get a pat on the head as much as the next person...
Ah, but there are many who would turn you away, no matter what your "real" qualifications are. You may have singlehandedly built the next generation Linux.NET w/unhackable DRM in your sleep one night that will change the world forever, but if the guy interviewing you can't put a check mark in the "5-7 years of expierence" box, they you aren't "qualified".
Don't just say "You wouldn't want to work for him if he acts like that", becuase there is a good chance he is just the initial $25K-a-year door-stop interviewer that you have to get past before you actually get to the smart folks, and for him, common sense does not weigh nearly as heavily as "following procedure".
When you are dealing with people who don't understand the meanign or teh value of common sense, you sometimes have to do illogical and "wrong" things to get the job done...
I know it may sound unethical, but if he really does have talent and is a quick study, then there is no reason why having "official" expierence is any better than the expierence he has gained already. Just have him do some short-term contract work pretend that he has been programming all this time. All he needs is to get his foot in the door, and once he has some "official" expierence under his belt (assuming he does a good job, of course), then he'll be all set to take on the next big job.
Given that Tom Bombadil adds absolutely nothing to the storyline (other than providing the Hobbits with their weapons)
Weapons found a barrow down which were forged by the ancient kings of Numenor (sp?) which were specifically designed to defeat the Old Enemy (Sauron's master), which travels with Pippin to the gates of Gondor where it find itself buried in the knee of the King of the Nazgul (Thus fulfilling it's 10,000 year destiny) which distracts him long enough to get killed which distracts Sauron long enough to allow Frodo to reach Mt. Doom... Whew! Sounds pretty important to me, actually.
After years of playing games with my Karma (intentionally tolling a few days just to see how many points I could lose and how long it would take to get them back, etc.), I have finally been growing tired of posting to Slashdot...
...and along comes zoos and fan clubs to play with! Woot! My productivity at work has officially flatlined as of now!
If I want to set up a stand on my front lawn and tell everybody about how great my penis enlargement system works, I can.. because I have free speech. If I want to promote my penis enlargement system on my Web page, I can.. because I have free speech. If I want to rent a hotel convention center and hold a series of meetings raving about the effectiveness of my penis enlargement system, I can.. because, well, you get the idea. Spammers have, and always have had the right to free speech.
However, you can NOT throw rock through people windows with the message "I have a big schwang!" tried to them. This is the equivilent of what spammers are doing. They have the right to free speech, but not *anonymous* speech *at a cost to me* (by wasting my bandwidth).
Its no wonder that Sun is on the skids right now. You can get barely used, high end Sun servers for pennies on the dollar in the 2nd hand market. I just saw Sun E250s being sold for $1750 today that were $15,000 a year and half ago. Not a bad deal for the user, a major disaster for Sun.
You may be looking at my company's Suns, actually... I started working here just a few months ago to help with the "transition" into nothingness, and we literally have stacks and stacks of those Sun from floor to ceiling. Over $10M worth of computer equipment rotting away before it's eventually sold for less than $1M on ebay...
Clearly, the "evil corporation" is not to blame here. It is the actions of individuals. Unfortunately, the current state of law (and enforcement of that law) is such that individuals who run corporations or make strategic decisions, are not personally, morally, or ethically, responsible for the outcome of those decisions. THIS is the root of the problem.
Hmm, just wondering: Could I incorperate by myself and no longer be held accountable (except financially) for my actions? Could I go lie cheat and kill and get oof scott free with some monetary fines?
Corporate death penalty? What does that mean? It's not even a good catch-phrase. We should "kill" Monsanto for being "evil?" Does that mean we fire all its employees, and create a vast pool of unemployed? Not to mention the retirement funds and state investments staked in mutual funds. Not to mention tax revenues...
It means, I think, make the share-holder liable for damages. Not the corperation, the shareholders. Since a corporation is *always* acting in the best interest of the shareholders, it will definitly stop being evil and fast.
For me, it's bad becuase it terribly insulting. It basically conjures up the picture of George sitting in a black leather chair stroking a white cat muttering in a bad French accent,
"O? Jou vant to know how stupeeed *I* zink ze American people are? I vil show you..."
It's insulting every single time a marketroid thinks that people are literally nothing but pavlovian dogs who will salivate at the ring of a bell. ESPECIALLY considering the more "intelligent" demographic that enjoyed the original SW. I had planned on at least checking it out, but frankly, I am insulted now. I won't watch it even on video. Perhaps I will "pirate" it just so that Lucasfilm will lose the not-going-to-happen-but-pretend-it-would-have sale, but that's as far as I'd go.
It's very simple, folks. These artists chose to enter into an agreement that stated they gave up the right to market their work. That's the way business works - sometimes you make a good deal, sometimes you don't.
I wish folks would stop rationalizing theft in the name of some distorted notion of "freedom".
Name for me, please, the number of top 40 musicians who didn't sign contracts with the RIAA labels. No please, don't be shy, go ahead... So few? How about the number of those non-contracted bands have thier CDs in Blockbuster Music stores?
When you *must* sign a contract to get your music played on the radio and placed in the "popular" stores that isn't a real choice, my friend.
I wish folks would stop rationalizing theft in the name of some distorted notion of "capatalism".
Gimmie a break. Napster Took from Artists and gave NOTHING back to them. Maybe a few bands got some publicity, but that don't pay the rent.
Sorry, my friend, Napster took from the RECORDING INDUSTRY, not the artists. The RIAA had already raped all they could from the artists, so there really wasn't much left that Napster could take...
Just store every file in a huge table with two columns: Key and File. The key could be a URL, like "file:///usr/local/blah" and the file would be the file. Of course you'll need to text-index the keys do that you can search for "file:///user/*", but since you would only be making a single call (instead of call after call as you recuse down directory tables) it would make for a very simple system that would be fast as fast can be.
For any number of movie villians, simply typing the password "override" will get them full access to the system, including the parts of the building that aren't even connected to the network!
Sorry, but in this case you're wrong. I should have mentioned sooner that my ISP has excellent security policies and procedures. The original poster noted that his friend found a mistake in the permissions. You can have the best security system and policies in the world, but they are administered by people and PEOPLE MAKE MISTAKES. There's nothing you can do about it except deal with it and move on. However, when a breach does occur (and it will)*, it is a good idea to analyze what happened and see how bad the breach is. Is it merely the replacement of an HTML page, or is the page replacement merely a symptom of having been rooted?
A breach occoured becuase of either a lack of imagination on the part of the admins or a lack of dedication on the part of everyone. How hard is it really to put all of the system files on a un-alterable partition. It could be something like a CD, or simply cutting the black wire on the back of a hard drive and replacing that with a switch. When it's "on" you can write to the drive, and when it's off you physically can't. Sure, you need to write to some things, like log files and data stores, but when do you ever need to over-write 'ps' or 'login'? If these programs are being stored somewhere that they cannot be tampered with, then you are 90% safe already. Even with a wide-open system, you are still safe, since the only damage that can be done is to your data, which is being backed-up hourly right? How often does a small ISP need to update customer data? You could even put that data on the unwriteable drive and only change it once every few months or whenever a customer calls in to change his billing address or whatever.
We spent good money on our people and our systems. One of them made a mistake, and a skript kiddie took advantage of it before we discovered it (that's the joy of the internet - there are so many skript kiddies you have no margin for error; default installs last, what, four hours before they're hacked?). We spent money recovering from our mistake, and granted it was our mistake, but the fact that someone took advantage of it forced us to spend a lot more money determining exactly what happened.
All well and good, but like you said in your pervious post, you were basing a core component of your business on *not making mistakes*. You were paying back the customers an entire month of service if they could not connect. This policy is of your own choosing, so you have to live with it. If the power company is going to charge me for electricity, they actually have to provide electricity to me. If I order a pizza, I will *not* pay for it if it never gets delivered. If you are going to promise your customers 100% uptime, then it is your burden to deliver it. If someone gets into an accident with the pizza man's car on his way over, that guy is *not* responsible for paying for the undelivered pizza.
Is this likely what happened in the original poster's situation? I don't know. It's entirely possible (more likely, in fact) that the situation is as you describe. My point is simply that even a small internet-based business (like an ISP)could easily have costs in the range of $10K-$20K as a direct result of a hack, even one as simple as a web-page defacement, because you don't know if that's all it is until you've paid someone to look at it really carefully.
Where is this money coming from? You are already paying your admins (I hope), so why do they have to get paid again? Are you outsourcing "security consultants"? If so, then why didn't you call them in *before* you had a problem? That is what I mean by shifted costs. Since you didn't pay a security consultant to secure and test your netowrk before you started, you are paying for it now.
*No system is completely hackproof. If someone says "System X has never been hacked!" I would interpret that as meaning either the system is very young, or the person talking to me is a moron who can't recognize an intrusion.
This is a cliche and wrong. There are many "hack-proof" systems, but you probably won't buy them in a shrink-wrapped box. They are dedicated systems that serve specific purposes and are written by people who take security into account from the ground up, not as an after-thought when the system is "finished".
Actually, Word has been around since *before* windows. I remember in the old old old days when it was text-based. It used to be my favorite back then because you could highlight columns of text, not just rows. It made programming chores pretty easy. Like if you had:
int x = 0;
int y = 0;
int z = 0;
and you wanted to change them all to "= -1" you could highlight the column of 0's and replace them all with -1. Variable width fonts ruined this ability, but it was cool at the time.
And if you exempt software from market forces, quality IS going to go down the tube. Because we'll get fourty different office suites, a few thousand MP3 organising systems and toy window managers and programming languages and no central focus.
This is totally right. With Open Source, you get tons of incompatible versons of basically the same thing. With one corperate souce for your software, you will NEVER have this problem.
Considering office suites, with Open Source, you have Star Office, Applixware, KOffice, and many more to chose from. It's so confusing! and most of these are compatible, but not always 100% compatible. With Microsoft you only have a single one: Office XP, nothing else, it's easy!
...Oh, wait, I forgot, you also have Office 2000 still around...
...Um, hold on a second, some people are still using Office 97 and 95...
...Ah, and I forgot about those people using the various service packs and each of them, not to mention that some of those versions are "professional" editions and some are "home office" and "small buisness"...
And maybe some losers are still back in the stone ages with Windows 3.11, did that even HAVE office back then? But, BUT all of these office suites from Microsoft are 100% compatible. 100%!(in "save as text" mode)
... er... just as long as you are saving as "MS-DOS" text and not some other kind of text...
(1) Obviously, there's a security breach. How widespread is it? We need to audit the network and see how severe the breach is and what hole was unpatched. I've got to put either employees or consultants onto it.
No, this is just a shifted cost. Since you DIDN'T pay to secure your network at the beginning (either through poor-quality admins or by not paying for intrusion detection tools, whatever), you are paying now. This is not a cost that you are suddenly having to pay, this is a cost that you didn't pay in the past when you should have. If a resturant decides that they don't want to pay for a new oven, does that mean that the fire inspector "costs thier business" when he says it's out of code and needs to be replaced?
All of your arguments stem from the same problem. If you are going to base things on your security and up-time (such as your policy to pay back a month's salary to those who couldn't connect), then you had better damn well make sure that you *won't be going down*. If you have a business model *based* on security then you can't *skimp* on security, it's common sense.
So a small ISP like that loses $17,000 in business in 4 hours? Unlikely...
Ha ha ha! If they would have let this kid deface thier page 24/7 for a year, they would have lost 37,230,000! Probably more than thier entire net worth...
Even if they were an expensive ISP, like say $100 a month. at 200 customers, they can only rake in a *maximum* of 240,000 a year... By my cont, it would have taken this kid a little bit over 56 hours days to completely put them out of business...
Maybe my experience was different from others', but - as a kid - I stopped experimenting with stupid things once I was caught. I kept doing bigger and more risky things until I finally got in trouble, and I realized that I wasn't the smartest guy in the world, and that rules weren't just for other people.
Nailing a kid for defacement now might mean that he doesn't need to be nailed for something much more serious later on.
And how did you enjoy your many years in the maximum security prision? What? Are you saying that when you got caught for *real* vandalism, you didn't go to prison for 5-50 years as a terrorist? You're kidding!?
If you want to slap a $100 fine on these kinds, sure, that's what a web-site defacement is worth, but if you are going to put them in jail, even a single night in jail, then no, this is not justified.
I wish virus/worm writers would write viruses that make statements rathar than viruses that just blunder around and piss people off. A "port-scan" worm would be great (one that, after it's done worming it's way into a network, it starts portscanning random IPs. It wouldn't do anything, but since port scanning is illegal, it would provide a nice cover for anyone who happened to get caught for doing it "for real"... "No sir, I wasn't port-scanning, I just caught a virus!") or even better a simple child-porn worm (You can go to jail for having anything that resembles "child-porn", even if the actors are above 18, even if it was faked, even if it's anime, and even if you *didn't know it was on your computer*, no questions asked...) and, of course, the "Terrorism" worm, that writes nasty letters to the gobment...
I've always wondered if gravity wasn't matter pulling on other matter, but space pushing on matter. After all, there is all the pent up zero-point energy, right? What if it is all pushing tightly against matter from all directions. When the space between two bits of matter is less than the space on the other side of teh two bits, then the net force would be to push those two bits together.
Slashdot Mirror
Nah...
Nor by the fact that this has been about the worst year in a decade for a lot of other industries, too.
Or does RIAA think themselves exempt from a recession?
Well, I don't know about you, but when I am facing the doors of my company closing in two weeks, with no savings, a $2000 a month rent, and a tough struggle to find a new job looming bigger and bigger every day, there is only one thing on my mind...
Buying N'Sync's Greatest Hits at full retail price that may or may not play on my CD player!
FINALLY! Some congress-critters are beginning to think that the RIAA might not be the next best thing since apple-pie. I wonder if this is in any way the result of the wonderful efforts of this community and others like it. It is a nice thing to see when you see the Great Machine begin to slowly turn the right way...
But don't stop now. Not only should you continue to keep those letters and emails flowing, but you should also send new letters and email praising the efforts of those congress-folk who make a good descision, after all, they like to get a pat on the head as much as the next person...
Ah, but there are many who would turn you away, no matter what your "real" qualifications are. You may have singlehandedly built the next generation Linux.NET w/unhackable DRM in your sleep one night that will change the world forever, but if the guy interviewing you can't put a check mark in the "5-7 years of expierence" box, they you aren't "qualified".
Don't just say "You wouldn't want to work for him if he acts like that", becuase there is a good chance he is just the initial $25K-a-year door-stop interviewer that you have to get past before you actually get to the smart folks, and for him, common sense does not weigh nearly as heavily as "following procedure".
When you are dealing with people who don't understand the meanign or teh value of common sense, you sometimes have to do illogical and "wrong" things to get the job done...
I know it may sound unethical, but if he really does have talent and is a quick study, then there is no reason why having "official" expierence is any better than the expierence he has gained already. Just have him do some short-term contract work pretend that he has been programming all this time. All he needs is to get his foot in the door, and once he has some "official" expierence under his belt (assuming he does a good job, of course), then he'll be all set to take on the next big job.
Given that Tom Bombadil adds absolutely nothing to the storyline (other than providing the Hobbits with their weapons)
Weapons found a barrow down which were forged by the ancient kings of Numenor (sp?) which were specifically designed to defeat the Old Enemy (Sauron's master), which travels with Pippin to the gates of Gondor where it find itself buried in the knee of the King of the Nazgul (Thus fulfilling it's 10,000 year destiny) which distracts him long enough to get killed which distracts Sauron long enough to allow Frodo to reach Mt. Doom... Whew! Sounds pretty important to me, actually.
After years of playing games with my Karma (intentionally tolling a few days just to see how many points I could lose and how long it would take to get them back, etc.), I have finally been growing tired of posting to Slashdot...
...and along comes zoos and fan clubs to play with! Woot! My productivity at work has officially flatlined as of now!
If I want to set up a stand on my front lawn and tell everybody about how great my penis enlargement system works, I can .. because I have free speech. If I want to promote my penis enlargement system on my Web page, I can .. because I have free speech. If I want to rent a hotel convention center and hold a series of meetings raving about the effectiveness of my penis enlargement system, I can .. because, well, you get the idea. Spammers have, and always have had the right to free speech.
However, you can NOT throw rock through people windows with the message "I have a big schwang!" tried to them. This is the equivilent of what spammers are doing. They have the right to free speech, but not *anonymous* speech *at a cost to me* (by wasting my bandwidth).
Its no wonder that Sun is on the skids right now. You can get barely used, high end Sun servers for pennies on the dollar in the 2nd hand market. I just saw Sun E250s being sold for $1750 today that were $15,000 a year and half ago. Not a bad deal for the user, a major disaster for Sun.
You may be looking at my company's Suns, actually... I started working here just a few months ago to help with the "transition" into nothingness, and we literally have stacks and stacks of those Sun from floor to ceiling. Over $10M worth of computer equipment rotting away before it's eventually sold for less than $1M on ebay...
Clearly, the "evil corporation" is not to blame here. It is the actions of individuals. Unfortunately, the current state of law (and enforcement of that law) is such that individuals who run corporations or make strategic decisions, are not personally, morally, or ethically, responsible for the outcome of those decisions. THIS is the root of the problem.
Hmm, just wondering: Could I incorperate by myself and no longer be held accountable (except financially) for my actions? Could I go lie cheat and kill and get oof scott free with some monetary fines?
Corporate death penalty? What does that mean? It's not even a good catch-phrase. We should "kill" Monsanto for being "evil?" Does that mean we fire all its employees, and create a vast pool of unemployed? Not to mention the retirement funds and state investments staked in mutual funds. Not to mention tax revenues...
It means, I think, make the share-holder liable for damages. Not the corperation, the shareholders. Since a corporation is *always* acting in the best interest of the shareholders, it will definitly stop being evil and fast.
For me, it's bad becuase it terribly insulting. It basically conjures up the picture of George sitting in a black leather chair stroking a white cat muttering in a bad French accent,
"O? Jou vant to know how stupeeed *I* zink ze American people are? I vil show you..."
It's insulting every single time a marketroid thinks that people are literally nothing but pavlovian dogs who will salivate at the ring of a bell. ESPECIALLY considering the more "intelligent" demographic that enjoyed the original SW. I had planned on at least checking it out, but frankly, I am insulted now. I won't watch it even on video. Perhaps I will "pirate" it just so that Lucasfilm will lose the not-going-to-happen-but-pretend-it-would-have sale, but that's as far as I'd go.
It's very simple, folks. These artists chose to enter into an agreement that stated they gave up the right to market their work. That's the way business works - sometimes you make a good deal, sometimes you don't.
I wish folks would stop rationalizing theft in the name of some distorted notion of "freedom".
Name for me, please, the number of top 40 musicians who didn't sign contracts with the RIAA labels. No please, don't be shy, go ahead... So few? How about the number of those non-contracted bands have thier CDs in Blockbuster Music stores?
When you *must* sign a contract to get your music played on the radio and placed in the "popular" stores that isn't a real choice, my friend.
I wish folks would stop rationalizing theft in the name of some distorted notion of "capatalism".
Gimmie a break. Napster Took from Artists and gave NOTHING back to them. Maybe a few bands got some publicity, but that don't pay the rent.
Sorry, my friend, Napster took from the RECORDING INDUSTRY, not the artists. The RIAA had already raped all they could from the artists, so there really wasn't much left that Napster could take...
Just store every file in a huge table with two columns: Key and File. The key could be a URL, like "file:///usr/local/blah" and the file would be the file. Of course you'll need to text-index the keys do that you can search for "file:///user/*", but since you would only be making a single call (instead of call after call as you recuse down directory tables) it would make for a very simple system that would be fast as fast can be.
A whole new twist on drive-by wireless hackings... War Flying!
For any number of movie villians, simply typing the password "override" will get them full access to the system, including the parts of the building that aren't even connected to the network!
Sorry, but in this case you're wrong. I should have mentioned sooner that my ISP has excellent security policies and procedures. The original poster noted that his friend found a mistake in the permissions. You can have the best security system and policies in the world, but they are administered by people and PEOPLE MAKE MISTAKES. There's nothing you can do about it except deal with it and move on. However, when a breach does occur (and it will)*, it is a good idea to analyze what happened and see how bad the breach is. Is it merely the replacement of an HTML page, or is the page replacement merely a symptom of having been rooted?
A breach occoured becuase of either a lack of imagination on the part of the admins or a lack of dedication on the part of everyone. How hard is it really to put all of the system files on a un-alterable partition. It could be something like a CD, or simply cutting the black wire on the back of a hard drive and replacing that with a switch. When it's "on" you can write to the drive, and when it's off you physically can't. Sure, you need to write to some things, like log files and data stores, but when do you ever need to over-write 'ps' or 'login'? If these programs are being stored somewhere that they cannot be tampered with, then you are 90% safe already. Even with a wide-open system, you are still safe, since the only damage that can be done is to your data, which is being backed-up hourly right? How often does a small ISP need to update customer data? You could even put that data on the unwriteable drive and only change it once every few months or whenever a customer calls in to change his billing address or whatever.
We spent good money on our people and our systems. One of them made a mistake, and a skript kiddie took advantage of it before we discovered it (that's the joy of the internet - there are so many skript kiddies you have no margin for error; default installs last, what, four hours before they're hacked?). We spent money recovering from our mistake, and granted it was our mistake, but the fact that someone took advantage of it forced us to spend a lot more money determining exactly what happened.
All well and good, but like you said in your pervious post, you were basing a core component of your business on *not making mistakes*. You were paying back the customers an entire month of service if they could not connect. This policy is of your own choosing, so you have to live with it. If the power company is going to charge me for electricity, they actually have to provide electricity to me. If I order a pizza, I will *not* pay for it if it never gets delivered. If you are going to promise your customers 100% uptime, then it is your burden to deliver it. If someone gets into an accident with the pizza man's car on his way over, that guy is *not* responsible for paying for the undelivered pizza.
Is this likely what happened in the original poster's situation? I don't know. It's entirely possible (more likely, in fact) that the situation is as you describe. My point is simply that even a small internet-based business (like an ISP)could easily have costs in the range of $10K-$20K as a direct result of a hack, even one as simple as a web-page defacement, because you don't know if that's all it is until you've paid someone to look at it really carefully.
Where is this money coming from? You are already paying your admins (I hope), so why do they have to get paid again? Are you outsourcing "security consultants"? If so, then why didn't you call them in *before* you had a problem? That is what I mean by shifted costs. Since you didn't pay a security consultant to secure and test your netowrk before you started, you are paying for it now.
*No system is completely hackproof. If someone says "System X has never been hacked!" I would interpret that as meaning either the system is very young, or the person talking to me is a moron who can't recognize an intrusion.
This is a cliche and wrong. There are many "hack-proof" systems, but you probably won't buy them in a shrink-wrapped box. They are dedicated systems that serve specific purposes and are written by people who take security into account from the ground up, not as an after-thought when the system is "finished".
Actually, Word has been around since *before* windows. I remember in the old old old days when it was text-based. It used to be my favorite back then because you could highlight columns of text, not just rows. It made programming chores pretty easy. Like if you had:
int x = 0;
int y = 0;
int z = 0;
and you wanted to change them all to "= -1" you could highlight the column of 0's and replace them all with -1. Variable width fonts ruined this ability, but it was cool at the time.
And if you exempt software from market forces, quality IS going to go down the tube. Because we'll get fourty different office suites, a few thousand MP3 organising systems and toy window managers and programming languages and no central focus.
... just as long as you are saving as "MS-DOS" text and not some other kind of text...
This is totally right. With Open Source, you get tons of incompatible versons of basically the same thing. With one corperate souce for your software, you will NEVER have this problem.
Considering office suites, with Open Source, you have Star Office, Applixware, KOffice, and many more to chose from. It's so confusing! and most of these are compatible, but not always 100% compatible. With Microsoft you only have a single one: Office XP, nothing else, it's easy!
...Oh, wait, I forgot, you also have Office 2000 still around...
...Um, hold on a second, some people are still using Office 97 and 95...
...Ah, and I forgot about those people using the various service packs and each of them, not to mention that some of those versions are "professional" editions and some are "home office" and "small buisness"...
And maybe some losers are still back in the stone ages with Windows 3.11, did that even HAVE office back then? But, BUT all of these office suites from Microsoft are 100% compatible. 100%! (in "save as text" mode)
... er
My ISP business website has been defaced.
(1) Obviously, there's a security breach. How widespread is it? We need to audit the network and see how severe the breach is and what hole was unpatched. I've got to put either employees or consultants onto it.
No, this is just a shifted cost. Since you DIDN'T pay to secure your network at the beginning (either through poor-quality admins or by not paying for intrusion detection tools, whatever), you are paying now. This is not a cost that you are suddenly having to pay, this is a cost that you didn't pay in the past when you should have. If a resturant decides that they don't want to pay for a new oven, does that mean that the fire inspector "costs thier business" when he says it's out of code and needs to be replaced?
All of your arguments stem from the same problem. If you are going to base things on your security and up-time (such as your policy to pay back a month's salary to those who couldn't connect), then you had better damn well make sure that you *won't be going down*. If you have a business model *based* on security then you can't *skimp* on security, it's common sense.
So a small ISP like that loses $17,000 in business in 4 hours? Unlikely...
Ha ha ha! If they would have let this kid deface thier page 24/7 for a year, they would have lost 37,230,000! Probably more than thier entire net worth...
Even if they were an expensive ISP, like say $100 a month. at 200 customers, they can only rake in a *maximum* of 240,000 a year... By my cont, it would have taken this kid a little bit over 56 hours days to completely put them out of business...
Maybe my experience was different from others', but - as a kid - I stopped experimenting with stupid things once I was caught. I kept doing bigger and more risky things until I finally got in trouble, and I realized that I wasn't the smartest guy in the world, and that rules weren't just for other people.
Nailing a kid for defacement now might mean that he doesn't need to be nailed for something much more serious later on.
And how did you enjoy your many years in the maximum security prision? What? Are you saying that when you got caught for *real* vandalism, you didn't go to prison for 5-50 years as a terrorist? You're kidding!?
If you want to slap a $100 fine on these kinds, sure, that's what a web-site defacement is worth, but if you are going to put them in jail, even a single night in jail, then no, this is not justified.
I wish virus/worm writers would write viruses that make statements rathar than viruses that just blunder around and piss people off. A "port-scan" worm would be great (one that, after it's done worming it's way into a network, it starts portscanning random IPs. It wouldn't do anything, but since port scanning is illegal, it would provide a nice cover for anyone who happened to get caught for doing it "for real"... "No sir, I wasn't port-scanning, I just caught a virus!") or even better a simple child-porn worm (You can go to jail for having anything that resembles "child-porn", even if the actors are above 18, even if it was faked, even if it's anime, and even if you *didn't know it was on your computer*, no questions asked...) and, of course, the "Terrorism" worm, that writes nasty letters to the gobment...
From Man to Machine to Code, it's your one stop shop!
I've always wondered if gravity wasn't matter pulling on other matter, but space pushing on matter. After all, there is all the pent up zero-point energy, right? What if it is all pushing tightly against matter from all directions. When the space between two bits of matter is less than the space on the other side of teh two bits, then the net force would be to push those two bits together.