The Mother of All Slashdottings!!
on
Lego Segway
·
· Score: 0, Redundant
From the link: Sorry, this site is temporarily unavailable! The web site you are trying to access has exceeded its allocated data transfer. Visit our help area for more information.
Access to this site will be restored within an hour. Please try again later.
that's not what this is about. This is about system to track ballistic fingerprints of every gun that gets made. Basically, gun manufacturers, upon shipping a gun to a shop or other distributor, records the ballistic markings from barrel in the DB. If the gun (at some point) gets passed on illegally, then used in a crime, the ballistic can be traced back to the gun, and to the person who last had it legally. Hence, it was this person who (most likely) illegally redistributed the weapon. That would get investigators of a crime a lot closer to a suspect than they would otherwise have been.
(BTW - If you really want me to go to Winter's, it's only a mile drive down the pike for me. I live in Clementon.)
good thought, but wouldnt that render the gun useless? all those little fragments would get left in the gun, not to mention that the bullet would have trouble getting some spin before it discharges.
MD and NY already have ballistics DBs. How they are set up I have no idea. I do know that one legal issue is that only artifacts recovered at crime scenes are kept in that database, not everyone who owns a gun in those states.
Rob Andrews of NJ has proposed a national database of all manufactured guns. It's come up before, and NRA lobbyists have always been successful in knocking it down.
Two issues already brought up by other posters: Yes, criminals will still get guns illegally. Such a system obviously won't protect against that, but it'll root out who's selling guns illegally. And yes, ballistics change over time the more a gun gets used. Modern guns, however, take thousands of rounds before a difference is noticeable, making this argument negligible.
As for technical issues, this looks like a problem similar to the DoJ's Fingerprint database. Basically, this DB, when given a print to search for, returns several possible matches, as perfect matching isn't possible. An investigator then takes those matches and performs a hand check of each to determine if the print he has has been seen before. This means the DoJ's agencies have to keep prints on hard-copy records in filing cabinets.
The major difference is that the DoJ DB doesnt contain every individual's fingerprint, while the proposed ballistics DB would contain the fingerprint of every manufactured gun made after the system goes live. If ballistics are non-deterministic like the DoJ fingerprints, then that means every used round would have to be physically kept somewhere, and it would quickly add up to a lot of space.
Best thing to do is to find out how MD and NY have their systems working.
Basically, the Philadelphia Daily News asked a top-notch local defense attorney if he would defend Osama bin Laden in court. The lawyer said "Sure! It'll be my easier acquittal! I'd tell the jury that if they convict him, he'd die a humane death in 30 years in prison. If they acquit, then the general populace would quickly take care of him."
yes, it did happen once. IIRC, he found (or was told of) a bug in filesystem permissions that allowed someone outside a uid/gid to gain access to a file.
Cox didnt publish details (ie - what the bug was or how to exploit it) because he believed it violated DMCA - as somewhere out there someone could be using UNIX file permissions as a "copy protection device," and the details to exploit it would be "circumventing a copy protection scheme." IIRC, Cox is not a US citizen, but he has to travel to the US a lot, and didnt want to lose that ability by publishing the exploit.
These stories (Cox's above and this current issue) are perfect examples of things to send over to that committee collecting comments on the DMCA. Here are software authors who are scared to publish vulnerability details about their own products!
PA cannot give Einhorn the death penalty under (1) conditions of extradition and (2) capital punishment was not available back when the crime occured (1977).
Also, it seems the jury will get the case tomorrow afternoon, closing arguments come tomorrow morning. (I live in Philly, and have been following the trial based on news reports.)
The AP article actually attributed slashdot for finding the stock photo of the person.
This story is the type of stuff Consumer Reports Magazine publishes in their "Selling It" column. Things like the same person in the exact same pose promoting two completely different products, with different names of themselves. Or (I like this better) the company that advertised the same thing in two different magazines about a few months apart with "Steve Johnson Uses X", but two different people were "Steve Johnson." I liked the CR headling the best - "Would the real Steve Johnson please stand up?"
CR would be in best position to publish this if MS published this as an ad in a magazine or newspaper, as they typically stick to glorifying published ads or physical products.
The algorithms and the source will not go "back in the can."
I believe the proper & more accurate expression is "getting toothpaste back in the tube"
Also, he must think terrorists are idiots. If you knew that Country X required backdoors in crypto products, would you buy a crypto product made in Country X and then use it to hide plans about lauching attacks against Country X? It doesnt take much for terrorists to get their encryption products from more lenient sources - like Canada for example.
And like you said, it's already out there, and ain't goin back.
Frankly - I dont think his urging will go very far beyond discussions like these.
i realize it sucks. but this thing actually has some parallels to today's world. Take Amazon's dispute with Barnes&Noble over one-click. In the 1700s, you had inventor create something for use in a mill, then have another mill (a competitor) make their own and use it to generate profit. In the.com world, you have Amazon who creates one-click (ignore it's patentable merits for a moment) and have B&N use it on their site as part of generating profit.
See the parallels? Unfortunately - I see this as part of the business. Car manufacturers, for example, are constantly reverse engineering each other's designs and latest gizmos to place them into their own cars.
I'm taking a course this semester in History in Tech PErspective. One thing I found interesting is that during the 1700's in Britan - Inventors would develop something, patent it, but not get called on to make more of the machine, not leading to the riches they envisioned. Instead of collecting royalties, prospective buyers simply made their own version of the patented device.
Few examples: 1733 "flying shuttle" by John Kay, 1764 "spinning jinny" by James Hargreanes, and 1769 "water frame" by Richard Arkwright. All three (at the time) were major developments in cotton processing mills.
Similar happened with the development of the steam engine. Though the expertise required got the key players more royalties than their cotton processing counterparts.
At Drexel - We have to take a course in UNIX before most advanced courses - such as OOP, Operating System courses, etc. Shell scripting, makefiles, using gcc/g++, vi/emacs, grep, etc. is all covered. They basically only teach the basics of being a UNIX user and writing programs on a UNIX box, but nothing about sysadmining or installing your own Linux box. The CS dept provides a few Sun servers (donated by Sun) for student use.
The course is not explicitly required in order to take advanced courses - meaning it's a not a pre-requisite for any other course, except that not taking it might cause some trouble on the part of the student as many (all?) upper level profs generally require programs to run successfully on the CS dept Sun systems. This avoids the "well it worked on my machine" argument. In addition, the course is required for graduation.
The UNIX course is taught to sophomores. Freshman use Metrowerks CodeWarrior because of academic licensing and that it can run decently on both Macs and Windows. The Dept also realizes that of the 200-250 freshman CS majors each year, only about 100 are still CS as Sophomores. (The rest change to something less demanding or drop out.) So they dont want not-so-serious students using their Sun systems if they're not going to remain CS students, which I think is a good thing in the end.
For the guy asking about an RIAA listing of songs, etc.
Back right before Napster's death, they had a list to abide by. IIRC - The judge required the RIAA (more accurately, the labels) to provide those lists. So a list has once been made, and probably still lying around somewhere, albeit somewhat outdated. Very interesting they aren't interested in providing such a list any longer.
whoever modded that offtopic needs to taken out back and whacked up side the head.
that's a good question. the article doesnt seem to answer it either. normally, yes, there are 5 voters for FCC judgements. my guess: one voter did not participate due to affiliation with one of the groups, or was out sick today?
It's a chicken & egg type of problem. ISPs wont turn on multicast until there's demand for it, and streaming software developers (for both the server and clients) wont implement it until they know multicast is available for a reasonable chunk of the audience.
honestly - Many ISPs dont like having to set up their routers to handle multicast streams. Also, streaming software (both client and server) arent set for using multicast. I dont even know if they are programmed to handle using multicast anyway - as they all use unicast and unicast only. RIAA/whatever has nothing to do with it.
Like the AC said - it's a chicken & egg problem. ISPs wont turn on multicast until there's demand for it, streaming software developers wont implement it until they know multicast is available for a reasonable chunk of the audience.
multicast would be better for streaming media, not loading of webpages. In a case of a Sept 11 scale news event, local caching would be better, as the ISP could cache major news sites (CNN, Yahoo, MSNBC, etc) and serve those up, refreshing the cache something like every 5-10 minutes, forwarding requests to the real site for pages not being cached.
Re:The secret of ./'s success....
on
Slashdot Turns 5
·
· Score: 1
They also didnt (initially) register as a.com. They now have a.com, but only bought after they were established, and it redirects to the.org address anyway.
ok, i think i get what you're saying. DoS attacks are any attack that degrades the performance or excessively consumes resources of a system or prevents users from making use of a system's services.
A few examples:
A few years ago, Apache had some processing algorithm that was poorly implemented. As a result, an attack could send malicious HTTP requests that would cause the box to sit there for a few minutes, blocking out processing for other connections. Sending a flood of these would prevent other users from using the httpd on the box.
Various versions of Wu-FTPD had a bug that could cause a segfault. Sending a packet to force the code to reach the segfault would crash the ftpd, preventing others from reaching the ftp server.
The classic packet flood, either by one host or from many (a DDoS). Here, the routers preceding the target box get overwhelmed and start dropping packets, and similar troubles occur at the target machine. Legit packets also get caught in the flood, making many if not all legit packets get dropped, killing connections and preventing new ones for anyone using that router.
Given comments by RIAA/MPAA reps, I dont think they realize that third bullet, and most likely congress doesnt either. But I do think that Congress can be convinced more easily than the *AAs will. Fully convincing them wont even be necessary, because even they dont understand, they'll know that someone tried to tell them that any attack would affect other users, despite the clause in the legislation.
that's a very good point. on some p2p nets, someone may not be sharing anything of interest to the RIAA, but may actually be relaying stuff between two other p2p users. And likewise, someone sharing RIAA material is passing relaying stuff for other users, whether they be what the RIAA considers legal or not. Going after that p2p node (user) affects the users who didnt know they were relying on him for their own p2p uses.
A lot of bills right now are like that. IIRC, Holling's CBDTPA Act also got nothing but negative correspondence to reps. Good to hear the kind of feedback they're getting. Good work to you and everyone else thats making calls.
that's already happening, and is the type of stuff Representative Boucher is calling attention to during these hearings (see the CNN article). The MPAA pointed a finger at a UUNet user for hosting "Harry Potter." They wanted the user kicked offline. It turned out to be a book report. Now how they thought a 10KB "Harry Potter.doc" file was a 200MB "Harry Potter.mpg" I have no idea.
Unfortunately, knowing the RIAA/MPAA, they'll ask for something like this to be added: "copyright holder must postively verify violation before taking action."
From the article: The recording industry offered a glimpse into its tactics, which include blocking transfers
Blocking transfer is a type of DoS. The service, downloading a file, is blocked, therefore denied. Hence the phrase "Denial of Service." Not all DoS attacks are the type where you flood useless packets to a single network node.
Slashdot Mirror
From the link:
Sorry, this site is temporarily unavailable!
The web site you are trying to access has exceeded its allocated data transfer. Visit our help area for more information.
Access to this site will be restored within an hour. Please try again later.
that's not what this is about. This is about system to track ballistic fingerprints of every gun that gets made. Basically, gun manufacturers, upon shipping a gun to a shop or other distributor, records the ballistic markings from barrel in the DB. If the gun (at some point) gets passed on illegally, then used in a crime, the ballistic can be traced back to the gun, and to the person who last had it legally. Hence, it was this person who (most likely) illegally redistributed the weapon. That would get investigators of a crime a lot closer to a suspect than they would otherwise have been.
(BTW - If you really want me to go to Winter's, it's only a mile drive down the pike for me. I live in Clementon.)
good thought, but wouldnt that render the gun useless? all those little fragments would get left in the gun, not to mention that the bullet would have trouble getting some spin before it discharges.
MD and NY already have ballistics DBs. How they are set up I have no idea. I do know that one legal issue is that only artifacts recovered at crime scenes are kept in that database, not everyone who owns a gun in those states.
Rob Andrews of NJ has proposed a national database of all manufactured guns. It's come up before, and NRA lobbyists have always been successful in knocking it down.
Two issues already brought up by other posters: Yes, criminals will still get guns illegally. Such a system obviously won't protect against that, but it'll root out who's selling guns illegally. And yes, ballistics change over time the more a gun gets used. Modern guns, however, take thousands of rounds before a difference is noticeable, making this argument negligible.
As for technical issues, this looks like a problem similar to the DoJ's Fingerprint database. Basically, this DB, when given a print to search for, returns several possible matches, as perfect matching isn't possible. An investigator then takes those matches and performs a hand check of each to determine if the print he has has been seen before. This means the DoJ's agencies have to keep prints on hard-copy records in filing cabinets.
The major difference is that the DoJ DB doesnt contain every individual's fingerprint, while the proposed ballistics DB would contain the fingerprint of every manufactured gun made after the system goes live. If ballistics are non-deterministic like the DoJ fingerprints, then that means every used round would have to be physically kept somewhere, and it would quickly add up to a lot of space.
Best thing to do is to find out how MD and NY have their systems working.
Reminds me of a joke I heard shortly after 9/11.
Basically, the Philadelphia Daily News asked a top-notch local defense attorney if he would defend Osama bin Laden in court. The lawyer said "Sure! It'll be my easier acquittal! I'd tell the jury that if they convict him, he'd die a humane death in 30 years in prison. If they acquit, then the general populace would quickly take care of him."
yes, it did happen once. IIRC, he found (or was told of) a bug in filesystem permissions that allowed someone outside a uid/gid to gain access to a file.
Cox didnt publish details (ie - what the bug was or how to exploit it) because he believed it violated DMCA - as somewhere out there someone could be using UNIX file permissions as a "copy protection device," and the details to exploit it would be "circumventing a copy protection scheme." IIRC, Cox is not a US citizen, but he has to travel to the US a lot, and didnt want to lose that ability by publishing the exploit.
These stories (Cox's above and this current issue) are perfect examples of things to send over to that committee collecting comments on the DMCA. Here are software authors who are scared to publish vulnerability details about their own products!
that is correct.
PA cannot give Einhorn the death penalty under (1) conditions of extradition and (2) capital punishment was not available back when the crime occured (1977).
Also, it seems the jury will get the case tomorrow afternoon, closing arguments come tomorrow morning. (I live in Philly, and have been following the trial based on news reports.)
The AP article actually attributed slashdot for finding the stock photo of the person.
This story is the type of stuff Consumer Reports Magazine publishes in their "Selling It" column. Things like the same person in the exact same pose promoting two completely different products, with different names of themselves. Or (I like this better) the company that advertised the same thing in two different magazines about a few months apart with "Steve Johnson Uses X", but two different people were "Steve Johnson." I liked the CR headling the best - "Would the real Steve Johnson please stand up?"
CR would be in best position to publish this if MS published this as an ad in a magazine or newspaper, as they typically stick to glorifying published ads or physical products.
The algorithms and the source will not go "back in the can."
I believe the proper & more accurate expression is "getting toothpaste back in the tube"
Also, he must think terrorists are idiots. If you knew that Country X required backdoors in crypto products, would you buy a crypto product made in Country X and then use it to hide plans about lauching attacks against Country X? It doesnt take much for terrorists to get their encryption products from more lenient sources - like Canada for example.
And like you said, it's already out there, and ain't goin back.
Frankly - I dont think his urging will go very far beyond discussions like these.
i realize it sucks. but this thing actually has some parallels to today's world. Take Amazon's dispute with Barnes&Noble over one-click. In the 1700s, you had inventor create something for use in a mill, then have another mill (a competitor) make their own and use it to generate profit. In the .com world, you have Amazon who creates one-click (ignore it's patentable merits for a moment) and have B&N use it on their site as part of generating profit.
See the parallels? Unfortunately - I see this as part of the business. Car manufacturers, for example, are constantly reverse engineering each other's designs and latest gizmos to place them into their own cars.
I'm taking a course this semester in History in Tech PErspective. One thing I found interesting is that during the 1700's in Britan - Inventors would develop something, patent it, but not get called on to make more of the machine, not leading to the riches they envisioned. Instead of collecting royalties, prospective buyers simply made their own version of the patented device.
Few examples: 1733 "flying shuttle" by John Kay, 1764 "spinning jinny" by James Hargreanes, and 1769 "water frame" by Richard Arkwright. All three (at the time) were major developments in cotton processing mills.
Similar happened with the development of the steam engine. Though the expertise required got the key players more royalties than their cotton processing counterparts.
At Drexel - We have to take a course in UNIX before most advanced courses - such as OOP, Operating System courses, etc. Shell scripting, makefiles, using gcc/g++, vi/emacs, grep, etc. is all covered. They basically only teach the basics of being a UNIX user and writing programs on a UNIX box, but nothing about sysadmining or installing your own Linux box. The CS dept provides a few Sun servers (donated by Sun) for student use.
The course is not explicitly required in order to take advanced courses - meaning it's a not a pre-requisite for any other course, except that not taking it might cause some trouble on the part of the student as many (all?) upper level profs generally require programs to run successfully on the CS dept Sun systems. This avoids the "well it worked on my machine" argument. In addition, the course is required for graduation.
The UNIX course is taught to sophomores. Freshman use Metrowerks CodeWarrior because of academic licensing and that it can run decently on both Macs and Windows. The Dept also realizes that of the 200-250 freshman CS majors each year, only about 100 are still CS as Sophomores. (The rest change to something less demanding or drop out.) So they dont want not-so-serious students using their Sun systems if they're not going to remain CS students, which I think is a good thing in the end.
For the guy asking about an RIAA listing of songs, etc.
Back right before Napster's death, they had a list to abide by. IIRC - The judge required the RIAA (more accurately, the labels) to provide those lists. So a list has once been made, and probably still lying around somewhere, albeit somewhat outdated. Very interesting they aren't interested in providing such a list any longer.
so does that mean there's currently one unfilled seat? What if a 2-2 vote were to come up? Who casts the deciding tally?
whoever modded that offtopic needs to taken out back and whacked up side the head.
that's a good question. the article doesnt seem to answer it either. normally, yes, there are 5 voters for FCC judgements. my guess: one voter did not participate due to affiliation with one of the groups, or was out sick today?
It's a chicken & egg type of problem. ISPs wont turn on multicast until there's demand for it, and streaming software developers (for both the server and clients) wont implement it until they know multicast is available for a reasonable chunk of the audience.
honestly - Many ISPs dont like having to set up their routers to handle multicast streams. Also, streaming software (both client and server) arent set for using multicast. I dont even know if they are programmed to handle using multicast anyway - as they all use unicast and unicast only. RIAA/whatever has nothing to do with it.
Like the AC said - it's a chicken & egg problem. ISPs wont turn on multicast until there's demand for it, streaming software developers wont implement it until they know multicast is available for a reasonable chunk of the audience.
multicast would be better for streaming media, not loading of webpages. In a case of a Sept 11 scale news event, local caching would be better, as the ISP could cache major news sites (CNN, Yahoo, MSNBC, etc) and serve those up, refreshing the cache something like every 5-10 minutes, forwarding requests to the real site for pages not being cached.
ok then, if I'm blind, how do I highlight the discussion?
grep "\.gov" http_access_log
They also didnt (initially) register as a .com. They now have a .com, but only bought after they were established, and it redirects to the .org address anyway.
A few examples:
Given comments by RIAA/MPAA reps, I dont think they realize that third bullet, and most likely congress doesnt either. But I do think that Congress can be convinced more easily than the *AAs will. Fully convincing them wont even be necessary, because even they dont understand, they'll know that someone tried to tell them that any attack would affect other users, despite the clause in the legislation.
that's a very good point. on some p2p nets, someone may not be sharing anything of interest to the RIAA, but may actually be relaying stuff between two other p2p users. And likewise, someone sharing RIAA material is passing relaying stuff for other users, whether they be what the RIAA considers legal or not. Going after that p2p node (user) affects the users who didnt know they were relying on him for their own p2p uses.
A lot of bills right now are like that. IIRC, Holling's CBDTPA Act also got nothing but negative correspondence to reps. Good to hear the kind of feedback they're getting. Good work to you and everyone else thats making calls.
that's already happening, and is the type of stuff Representative Boucher is calling attention to during these hearings (see the CNN article). The MPAA pointed a finger at a UUNet user for hosting "Harry Potter." They wanted the user kicked offline. It turned out to be a book report. Now how they thought a 10KB "Harry Potter.doc" file was a 200MB "Harry Potter.mpg" I have no idea.
Unfortunately, knowing the RIAA/MPAA, they'll ask for something like this to be added: "copyright holder must postively verify violation before taking action."
From the article:
The recording industry offered a glimpse into its tactics, which include blocking transfers
Blocking transfer is a type of DoS. The service, downloading a file, is blocked, therefore denied. Hence the phrase "Denial of Service." Not all DoS attacks are the type where you flood useless packets to a single network node.