"In the mean time protect yourself. Run everything over encrypted tunnels, don't use your company's DNS servers, use a browser that allows you to save your cache to a safe location (USB hard drive,/dev/null, whatever), don't use work e-mail for anything other than work, don't use unencrypted webmail, don't assume that they aren't using keylogging, the list goes on..."
Ha. A good administrator (read: myself and most people in reasonable IT departments) have already disabled all these options. Everything is totally locked down.
You get the box you get, you use it the way the company wants. That doesn't mean we'll be rifling through your personal files, but if we have reason to (e.g. the CEO wants information) we abide). Biggest way to protect yourself: DON'T DO ANYTHING ON A BUSINESS COMPUTER YOU WANT PRIVATE!
Actually, it's a very efficient WiFi detector. I did my first scan last night in my suburban home and found 4 nearby networks -- 2 more than I ever found on my various laptops. Granted, the signals were extremely low, but I was impressed that this handheld were able to find them at all (and my laptops couldn't).
That said, once you get a connection there's not much you can do with the current system. Unless you hack.:)
I got my PSP 2 days ago, and got a chance to spend some time late last night going over it. I still don't have any games, so my thoughts are tempered by what I can get out of the hardware. On the whole I'm pretty impressed.
The good stuff:
* Engineering-wise, it's got every piece of hardware you can think of. 802.11, IR, analog stick, USB, memory card -- there really is a "kitchen sink" approach and I like exploring the device to find new stuff. I'm really tempted to take the thing apart.:) * The screen is phenomenial. I really think this'll be the screen that all portables will aspire to. If Apple ever makes a video iPod, this is the screen to use. I watched Spider Man 2 last night and it looked fantastic. * I've been "pleasantly surprised" by some extras. For example, Sony packages a wired remote and headphones in the box (something Apple charges an arm and a leg for). The battery life has been better than I expected: after about 120 minutes last night of watching the movie it was only down 20%. The interface is excellent. The USB port is great because Windows sees the device as just another USB drive. System files are stored on the memory card, so they should be easy to hack. The device makes a great Wi-Fi finder (it found 4 networks in my home, and gave a percentage of their strength.
Stuff I don't care for:
* The front of the chassis is well designed and looks beautiful -- the back looks like it was done by a totally different designer. In particular, it feels flimsy. The discs are inserted in a tray mechanism that pops out, similar to a video recorder. I'm going to be careful with mine, but I can easily imagine a kid dropping and breaking it the first day. * I'm not sold on the media (UMD - Universal Media Discs). They're essentially really tiny DVDs stored in a cartridge, similar to when CDs first came out. Space wise they're fine, as it really looks like you're watching a DVD, but the cartridge looks fragile. In particular, they look like optical disk versions of classic floppies -- without the protective flap that gets pulled away. In other words, it's fairly easy to scratch the disc. * Certain aspects of the system are gimped. You have 802.11 but no web browser: the system only checks for new firmware (no official one anyway; someone's already hacked together a simple browser -- look through various articles). Video needs to be in a very specific format to play off a memory card: MPEG4, 29.97 fps, exact resolution (the system is much more forgiving playing MP3s and photos). The analog stick could also use a little work.
I'll have a better idea tonight when I get the games (finally), but so far I likes what I sees.
So let me get this straight: there's a hypothetical country out there that accepts murder. I take a guy across the border, become one of their citizens, murder him, then come back home. I can't be held responsible in my home country? Bullshit. People get extradited for this kind of thing all the time.
Then that's the fault of the developer of a framework. When you're providing a service on a hostile network you're supposed to build your software to make sure someone can't just twiddle a few bits and break it.
The developer is not at "fault" in creating a proprietary version of their software. It's the reverse-engineer's "fault" to screw around with it. This isn't hardware: you're given a license to look but not touch. Whether you think that's "wrong" or "right" is irrevelant: the guy broke the EULA and deserves to be punished.
Umm, and that's different how to "I own it, I bought the software, it's on my machine"?
You never own commercial software. That's the difference. Philosophy aside, all commercial software comes with licenses. The license for the MSN stuff specifically prohibits against this. Whether you think that's "wrong" or "right" is irrelevant: the law says what the law says.
It is called clean room reverse engineering. Instead of disassembling the codec you treat the codec as a black box encoding known values and examining the output. What he did is known as dirty room reverse engineering and has some legal issues in the USA.
Exactly. And, quite frankly, I have a lot more respect for the clean route. Intelligent people code from scratch -- unintelligent steal from others.
A less trivial (and possibly more legal) undertaking would have been to code a new framework from scratch
1. There is no legal problem here - it's completely legal to reverse engineer for interoperability.
There's a big difference between reverse engineering, learning from the assembly and crafting your code vs. reverse engineering and basically using the assembly in your source. Look at his code.
2. How exactly is your "new framework" going to interact with existing (closed) systems? Or are you expecting the likes of Microsoft to implement a new open protocol so they can interact with the FOSS community?
Look at his code. He isn't interacting with the closed system disassembly: he's copying. And on top of that, who says we want to interact with Microsoft's code to begin with?
we complain that MS "embraces and extends" all the time -- how is this any different?
Microsoft does "embrace and extend" on well defined open protocols and screws everyone over because of their market position (which basically forces everyone else to adopt their extensions). This is simply "embracing" (not extending) a propriatory system so we can interoperate with it - no protocols are being broken here.
No, most people view Microsoft's tact vs. Mac as "embracing and extending". Copy the usable stuff from Mac OS, add their own -- bam, Windows. FOSS doesn't have the "market position", but it certainly is using the tactic.
I much prefer *actual* open source projects. Not open source derived from disassembly of closed source.
Like it or not, when interacting with propriatory systems you have to reverse engineer them because the propriators are sure as hell not going to give you the specs. The same is true of hardware drivers, etc. (an aweful lot of the hardware drivers in Linux were reverse engineered by looking at how the Windows drivers interacted with the hardware). How would you suggest doing it?
There's a big difference with hardware reverse-engineering: I own it. I bought the hardware, it's on my machine, I can break stuff off and sodder connections if I feel like it. We're talking about a network framework stored on an MS server somewhere: big difference. I don't own the framework, and if I make changes that fundamentally screw it up, I can have a negative effect on everyone else who uses it. Your analogy is critically flawed.
Wrong analogy. TCP is a basic framework, standards driven, written to write on most hardware. Video isn't. Most companies take existing codecs and "mold" them around their hardware to get the most out of it (move a pointer here, remove arbitrary lines of code there, etc). It's more akin to the millions of document formats out there.
That said, this is NOT The right to go about this (disassemblying closed source, creating open source from it). It's the same shit DivX got in trouble with early on, and they're lucky to have survived. I give much more praise to guys who can write this stuff totally from scratch.
A less trivial (and possibly more legal) undertaking would have been to code a new framework from scratch. As it stands right now, this looks to be on very tenuous ground: not only is it questionale from a legal standpoint but it plain old looks bad (we complain that MS "embraces and extends" all the time -- how is this any different?).
I much prefer *actual* open source projects. Not open source derived from disassembly of closed source. If we want this movement to gain more traction, this is NOT the way to do it.
Crow: Hey Mike! Tom: Hi Mike! Mike: What's going on? Tom: EXTREME! That's what's going on Mike! Crow: Yeah, Mike! You should try it! Mike: Extreme what exactly? Crow: Well, take me for example. I'm into extreme Yoga... SURRRRRRGE!!!! Tom: And I'm into philatily. I own you Venezulea 1947! Extreeeme postage! Woo! Crow: Now have you thought about what you'd like to be extreme about, Mike? Tom: No fear, Miguel. Mike: I'm not really extre...oh, you know what? I really like rice. Crow: Ahh, well, EXTREME... RICE!! Tom: Rice! Thermo nuclear protection! Wooo! Crow: Yeah! See, Mike. Isn't rice better when it's extreme? Mike: Sure is, uh, we'll be right back. Crow: WAAAOOO!! Tom: Haaaaaa!!
The only driver I think most people would need to install is ethernet, and that can come on a CD. I certainly don't know anyone that installs ethernet drivers on fresh boxes using the network (if you can, show me how to perform that magic;) ).
That said, what it'd probably do is show the new user dialog, go to the site and bail out. I haven't tested what happens when the network card isn't properly installed.
"I'm really at a loss of words to describe this brilliance. Just think of it, closing all open ports from incoming traffic by default now. Wow. Why didn't anyone else come up with this great idea before?"
It's not what you're thinking of - I don't think you're getting it. This isn't a firewall that gets turned on. Rather, the user can't do anything on the network until the system is up-to-date. It basically sandboxes the user from all internet traffic but the update site. I don't know of a single other OS that does this.
Not quite. During the boot procedure, all traffic is blocked, but while the opening user dialog is running for the first time, traffic is open. The user is also given a choice if the firewall is enabled or not. They're also given the choice to have Windows download updates or not. They can turn down both choices.
In this new system, all traffic is blocked and the user is shuttled off to the Windows Update site. They can disable settings later if they want. This way, it's secure out of the box.
Well, not quite. Service Pack 2 for XP blocks all incoming traffic during the boot procedure, but it didn't block all traffic once you reached the opening user configuration dialog. Also, you weren't directed to the Windows Update site -- you were asked if you wanted to have Windows download updates automatically. Between the time the dialog starts and the time Windows decided to download updates, you're vulnerable.
True, but they have a few excellent ideas in there. I'm a little "meh" about the "security configuration wizard" (personally, if you're using a wizard to configure security you probably shouldn't be admining a server in the first place.
The PSSU feature, though (as I mentioned in another post), that blocks incoming traffic on first boot and immediately directs the user to download updates is awesome. Why other companies haven't thought about this, I have no idea. I really hope this gets put into the next consumer version of Windows.
In all seriousness, I definitely like the new "PSSU" (Post-Setup Security Updates) feature. Awful name, but it does the following when someone first installs Windows 2003:
1.) Blocks all incoming traffic. 2.) Immediately guides the first person who logs on through downloading updates.
This would be such a terrific blessing for new XP users: block traffic and immediately send them off to the update site. Excellent idea.
"Now if data is compromised fault could arguably lie with mom and pop rather than a Microsoft server."
It's a classic situation of "damned if you do, damned if you don't".
Microsoft releases Passport, "secure online identity system", onus on MS not to screw things up (legally liable). Everyone hates it.
Microsoft releases new system, "secure offline identity system", onus on user not to screw things up (legally liable). Everyone hates it.
I don't think there's anyway for MS (or any other company) to "win" this battle. Personally, I think the onus of responsibility should be on the computer user. MS, Apple, etc gives you the tools to be secure (as long as you stay up-to-date with the patches), and people continue to ignore them.
Just the other day someone said their home computer was flashing "notes by the clock" that "their system needed to be updated". Did they update, I asked. No. Did they want MS to install things without asking? No. Now who's responsibility is it here when the machine gets hacked?
That said, it's still more economical to get it with a new system. $129 for a CD or $500 for the CD + computer (Mac Mini). I own an iBook -- and I'll probably take the second tact.
Forget Linux -- how about getting the system back together again? Did you see what he had at the end of the article? A pile of parts.
I mean, I don't mind that (I'd take the same tack with him -- see if I could hack better Wi-Fi, new input devices, etc.) but I can imagine the average guy getting to step 6 with a pile of parts on his desk reading "tune in next week...". *AW CRAP!*
Slashdot Mirror
Hmm... that actually makes the 20" fairly reasonable, price-wise. Dell sells their 21" 4:3 for what, $750? Not bad.
"In the mean time protect yourself. Run everything over encrypted tunnels, don't use your company's DNS servers, use a browser that allows you to save your cache to a safe location (USB hard drive, /dev/null, whatever), don't use work e-mail for anything other than work, don't use unencrypted webmail, don't assume that they aren't using keylogging, the list goes on..."
Ha. A good administrator (read: myself and most people in reasonable IT departments) have already disabled all these options. Everything is totally locked down.
You get the box you get, you use it the way the company wants. That doesn't mean we'll be rifling through your personal files, but if we have reason to (e.g. the CEO wants information) we abide). Biggest way to protect yourself: DON'T DO ANYTHING ON A BUSINESS COMPUTER YOU WANT PRIVATE!
"You'll be able to count the number of Gamecube torrents on your fingers."
Well... you can also count the number of good GameCube titles on your fingers...
Wow, what a dick.
Actually, it's a very efficient WiFi detector. I did my first scan last night in my suburban home and found 4 nearby networks -- 2 more than I ever found on my various laptops. Granted, the signals were extremely low, but I was impressed that this handheld were able to find them at all (and my laptops couldn't).
:)
That said, once you get a connection there's not much you can do with the current system. Unless you hack.
I got my PSP 2 days ago, and got a chance to spend some time late last night going over it. I still don't have any games, so my thoughts are tempered by what I can get out of the hardware. On the whole I'm pretty impressed.
:)
The good stuff:
* Engineering-wise, it's got every piece of hardware you can think of. 802.11, IR, analog stick, USB, memory card -- there really is a "kitchen sink" approach and I like exploring the device to find new stuff. I'm really tempted to take the thing apart.
* The screen is phenomenial. I really think this'll be the screen that all portables will aspire to. If Apple ever makes a video iPod, this is the screen to use. I watched Spider Man 2 last night and it looked fantastic.
* I've been "pleasantly surprised" by some extras. For example, Sony packages a wired remote and headphones in the box (something Apple charges an arm and a leg for). The battery life has been better than I expected: after about 120 minutes last night of watching the movie it was only down 20%. The interface is excellent. The USB port is great because Windows sees the device as just another USB drive. System files are stored on the memory card, so they should be easy to hack. The device makes a great Wi-Fi finder (it found 4 networks in my home, and gave a percentage of their strength.
Stuff I don't care for:
* The front of the chassis is well designed and looks beautiful -- the back looks like it was done by a totally different designer. In particular, it feels flimsy. The discs are inserted in a tray mechanism that pops out, similar to a video recorder. I'm going to be careful with mine, but I can easily imagine a kid dropping and breaking it the first day.
* I'm not sold on the media (UMD - Universal Media Discs). They're essentially really tiny DVDs stored in a cartridge, similar to when CDs first came out. Space wise they're fine, as it really looks like you're watching a DVD, but the cartridge looks fragile. In particular, they look like optical disk versions of classic floppies -- without the protective flap that gets pulled away. In other words, it's fairly easy to scratch the disc.
* Certain aspects of the system are gimped. You have 802.11 but no web browser: the system only checks for new firmware (no official one anyway; someone's already hacked together a simple browser -- look through various articles). Video needs to be in a very specific format to play off a memory card: MPEG4, 29.97 fps, exact resolution (the system is much more forgiving playing MP3s and photos). The analog stick could also use a little work.
I'll have a better idea tonight when I get the games (finally), but so far I likes what I sees.
I'm deaf, dumb and blind, you insensitive clod!
Oh, com'on, who are you? Tommy?
So let me get this straight: there's a hypothetical country out there that accepts murder. I take a guy across the border, become one of their citizens, murder him, then come back home. I can't be held responsible in my home country? Bullshit. People get extradited for this kind of thing all the time.
Then that's the fault of the developer of a framework. When you're providing a service on a hostile network you're supposed to build your software to make sure someone can't just twiddle a few bits and break it.
The developer is not at "fault" in creating a proprietary version of their software. It's the reverse-engineer's "fault" to screw around with it. This isn't hardware: you're given a license to look but not touch. Whether you think that's "wrong" or "right" is irrevelant: the guy broke the EULA and deserves to be punished.
Umm, and that's different how to "I own it, I bought the software, it's on my machine"?
You never own commercial software. That's the difference. Philosophy aside, all commercial software comes with licenses. The license for the MSN stuff specifically prohibits against this. Whether you think that's "wrong" or "right" is irrelevant: the law says what the law says.
It is called clean room reverse engineering. Instead of disassembling the codec you treat the codec as a black box encoding known values and examining the output. What he did is known as dirty room reverse engineering and has some legal issues in the USA.
Exactly. And, quite frankly, I have a lot more respect for the clean route. Intelligent people code from scratch -- unintelligent steal from others.
I call troll...
A less trivial (and possibly more legal) undertaking would have been to code a new framework from scratch
1. There is no legal problem here - it's completely legal to reverse engineer for interoperability.
There's a big difference between reverse engineering, learning from the assembly and crafting your code vs. reverse engineering and basically using the assembly in your source. Look at his code.
2. How exactly is your "new framework" going to interact with existing (closed) systems? Or are you expecting the likes of Microsoft to implement a new open protocol so they can interact with the FOSS community?
Look at his code. He isn't interacting with the closed system disassembly: he's copying. And on top of that, who says we want to interact with Microsoft's code to begin with?
we complain that MS "embraces and extends" all the time -- how is this any different?
Microsoft does "embrace and extend" on well defined open protocols and screws everyone over because of their market position (which basically forces everyone else to adopt their extensions). This is simply "embracing" (not extending) a propriatory system so we can interoperate with it - no protocols are being broken here.
No, most people view Microsoft's tact vs. Mac as "embracing and extending". Copy the usable stuff from Mac OS, add their own -- bam, Windows. FOSS doesn't have the "market position", but it certainly is using the tactic.
I much prefer *actual* open source projects. Not open source derived from disassembly of closed source.
Like it or not, when interacting with propriatory systems you have to reverse engineer them because the propriators are sure as hell not going to give you the specs. The same is true of hardware drivers, etc. (an aweful lot of the hardware drivers in Linux were reverse engineered by looking at how the Windows drivers interacted with the hardware). How would you suggest doing it?
There's a big difference with hardware reverse-engineering: I own it. I bought the hardware, it's on my machine, I can break stuff off and sodder connections if I feel like it. We're talking about a network framework stored on an MS server somewhere: big difference. I don't own the framework, and if I make changes that fundamentally screw it up, I can have a negative effect on everyone else who uses it. Your analogy is critically flawed.
Wrong analogy. TCP is a basic framework, standards driven, written to write on most hardware. Video isn't. Most companies take existing codecs and "mold" them around their hardware to get the most out of it (move a pointer here, remove arbitrary lines of code there, etc). It's more akin to the millions of document formats out there.
That said, this is NOT The right to go about this (disassemblying closed source, creating open source from it). It's the same shit DivX got in trouble with early on, and they're lucky to have survived. I give much more praise to guys who can write this stuff totally from scratch.
A less trivial (and possibly more legal) undertaking would have been to code a new framework from scratch. As it stands right now, this looks to be on very tenuous ground: not only is it questionale from a legal standpoint but it plain old looks bad (we complain that MS "embraces and extends" all the time -- how is this any different?).
I much prefer *actual* open source projects. Not open source derived from disassembly of closed source. If we want this movement to gain more traction, this is NOT the way to do it.
Kind of reminds me of the old MST3K skit.
Crow: Hey Mike!
Tom: Hi Mike!
Mike: What's going on?
Tom: EXTREME! That's what's going on Mike!
Crow: Yeah, Mike! You should try it!
Mike: Extreme what exactly?
Crow: Well, take me for example. I'm into extreme Yoga... SURRRRRRGE!!!!
Tom: And I'm into philatily. I own you Venezulea 1947! Extreeeme postage! Woo!
Crow: Now have you thought about what you'd like to be extreme about, Mike?
Tom: No fear, Miguel.
Mike: I'm not really extre...oh, you know what? I really like rice.
Crow: Ahh, well, EXTREME... RICE!!
Tom: Rice! Thermo nuclear protection! Wooo!
Crow: Yeah! See, Mike. Isn't rice better when it's extreme?
Mike: Sure is, uh, we'll be right back.
Crow: WAAAOOO!!
Tom: Haaaaaa!!
Dell sends me boxes all the time that ask if I want the firewall enabled. It's usually the first question I'm asked after agreeing to Dell's EULA.
The only driver I think most people would need to install is ethernet, and that can come on a CD. I certainly don't know anyone that installs ethernet drivers on fresh boxes using the network (if you can, show me how to perform that magic ;) ).
That said, what it'd probably do is show the new user dialog, go to the site and bail out. I haven't tested what happens when the network card isn't properly installed.
"I'm really at a loss of words to describe this brilliance.
Just think of it, closing all open ports from incoming traffic by default now. Wow. Why didn't anyone else come up with this great idea before?"
It's not what you're thinking of - I don't think you're getting it. This isn't a firewall that gets turned on. Rather, the user can't do anything on the network until the system is up-to-date. It basically sandboxes the user from all internet traffic but the update site. I don't know of a single other OS that does this.
Not quite. During the boot procedure, all traffic is blocked, but while the opening user dialog is running for the first time, traffic is open. The user is also given a choice if the firewall is enabled or not. They're also given the choice to have Windows download updates or not. They can turn down both choices.
In this new system, all traffic is blocked and the user is shuttled off to the Windows Update site. They can disable settings later if they want. This way, it's secure out of the box.
Well, not quite. Service Pack 2 for XP blocks all incoming traffic during the boot procedure, but it didn't block all traffic once you reached the opening user configuration dialog. Also, you weren't directed to the Windows Update site -- you were asked if you wanted to have Windows download updates automatically. Between the time the dialog starts and the time Windows decided to download updates, you're vulnerable.
True, but they have a few excellent ideas in there. I'm a little "meh" about the "security configuration wizard" (personally, if you're using a wizard to configure security you probably shouldn't be admining a server in the first place.
The PSSU feature, though (as I mentioned in another post), that blocks incoming traffic on first boot and immediately directs the user to download updates is awesome. Why other companies haven't thought about this, I have no idea. I really hope this gets put into the next consumer version of Windows.
In all seriousness, I definitely like the new "PSSU" (Post-Setup Security Updates) feature. Awful name, but it does the following when someone first installs Windows 2003:
1.) Blocks all incoming traffic.
2.) Immediately guides the first person who logs on through downloading updates.
This would be such a terrific blessing for new XP users: block traffic and immediately send them off to the update site. Excellent idea.
"Now if data is compromised fault could arguably lie with mom and pop rather than a Microsoft server."
It's a classic situation of "damned if you do, damned if you don't".
Microsoft releases Passport, "secure online identity system", onus on MS not to screw things up (legally liable). Everyone hates it.
Microsoft releases new system, "secure offline identity system", onus on user not to screw things up (legally liable). Everyone hates it.
I don't think there's anyway for MS (or any other company) to "win" this battle. Personally, I think the onus of responsibility should be on the computer user. MS, Apple, etc gives you the tools to be secure (as long as you stay up-to-date with the patches), and people continue to ignore them.
Just the other day someone said their home computer was flashing "notes by the clock" that "their system needed to be updated". Did they update, I asked. No. Did they want MS to install things without asking? No. Now who's responsibility is it here when the machine gets hacked?
That said, it's still more economical to get it with a new system. $129 for a CD or $500 for the CD + computer (Mac Mini). I own an iBook -- and I'll probably take the second tact.
Forget Linux -- how about getting the system back together again? Did you see what he had at the end of the article? A pile of parts.
I mean, I don't mind that (I'd take the same tack with him -- see if I could hack better Wi-Fi, new input devices, etc.) but I can imagine the average guy getting to step 6 with a pile of parts on his desk reading "tune in next week...". *AW CRAP!*