They may be a minority, but in many cases they will be a minority that you _have_ to care about - eg. visually impaired users using screen readers (that you have to support under ADA / DDA or whatever).
Their browsers may be fully up-to-date but not support javascript.
No, it doesn't (anymore). The whole brand and company is "BT". They dropped the British bit (I forget when) when trying to become a global brand.
The full name of the company is "BT Group", but typically when naming companies you don't include the "group" or "plc / ltd. / llc" bits.
The website is also www.bt.com - check out the page, no mention of "British" whatsoever.
If you wanted to identify the company better, for folks that don't know it, you could say "BT - a major UK telco & ISP -..." or something like that, but identifying them as "British Telecom" is simply incorrect.
Not hard. There are proxies (eg. fiddler) which will do ssl MITM and generate certificates on the fly. Normally, these certificates will not be trusted, since they won't be signed by a trusted CA...
If, as you suggest, the attacker / watcher can install a trusted CA cert, then it's game over.
With http, multiple sites can share one IP address by using host-header to route the requests. This is very, very common.
With https, this isn't possible (unless you use the same wildcard certificate for all the sites), because the header is encrypted so you don't know which site to send it to (or which certificate to use to decrypt it).
Hence for https / ssl you need a dedicated IP address for the site.
I didn't mention inherent insecurity of any OS - precisely becuase it isn't relevant.
This month we have a mass Windows server compromise, last month Mac OS X was hacked first in pwn2own, and a month or so before that we have a mass Linux server compromise.
In at least the Windows and Linux cases (not sure about the Mac, but I'd bet on browser or email hole) the vulnerability was NOT in the OS.
If you believe that you are inherently secure because you run Linux, then you are sadly deluded, and almost certainly not paying enough attention to the security of the rest of your application stack and environment as a result.
> like having your ears pop in a fast elevator, only more so. Maybe like diving in the ocean. I can't remember any teleportation or time travel story that mentions this obvious thing.
I think Douglas Adams had it covered with the recommendation of a few pints of muscle relaxant...
> Actually, since the Japanese seem to have no problem with beef, it'd make more sense to have whales that tasted like beef.
They do have a problem with beef - not enough land to grow it on. Create a beef animal that lives in the ocean and can be harvested 20 tonnes at a time, sounds like a solution.
> Except that this wouldn't happen, since they'd prefer to continue hunting the endangered ones for political... sorry, "scientific" reasons anyway.
Maybe, or maybe they'd find it quite amusing to be able to go out and hunt large marine mammals with the IWC not even able to whinge about it, let alone "ban" it, because it's not a whale. The arguments for a "save the sea-cows" campaign would be interesting since most of the world happily kills land-cows (with harpoons, er sorry bolt-guns).
if it's your society's major delivery network. a few well-placed ticking bombs would bring you down
Hate to tell you this, but your society very likely already has a major delivery network in pipes underground. It just takes shit away rather than bringing it. If a "few well-placed bombs" could bring such a network down, then you'd have a big problem already.
The only people I have ever met who have that much stupidity and that much arrogance are the RIAA's lawyers.
I think other such people clearly exist, sadly:-(
There are several (in)famous miscarriages of justice that I can think of that were largely down to the stupidity / arrogance of expert witnesses.
Just to pick one: I believe that Skuse in the Birmingham Six trial used his own "modified" Greiss test and claimed a certainty of explosive residue detection that went well beyond scientific concensus on the standard test. He also then "misspoke" about his private recipe for the reagent when others were trying to test his results. http://www.newscientist.com/article/mg14719864.300-forensic-chemistry-in-the-dock.html.
For two: ear print identification.
It is (IMO) likely that these folks believed in their tools and results - just as I think it is also likely that the RIAA sincerely believe in theirs.
Sincerely held belief does not valid forensic science make - unfortunately it seems it can prove convincing to a court.
Why on earth would you have to pay money to Microsoft to read.doc ?
Microsoft themselves have free (as in no money) viewers available for download, and dozens of other packages (both free and not free, in either money or libre sense) will view.doc files.
If you don't want to install software, there are also dozens of online conversion services (some of which are free) that support.doc files as input.
seems to be same in uk, and I think it applies to landlines too (although at some point they will physically disconnect the wires, I believe that initially in the event of non-payment they will just stop outgoing calls but you can still call emergency services.
Oh, come on now. There's more than enough liability for both of them to be sued.
There is, but the user has a _contract_ with the ISP, what contract are they going to sue BPI under ? BPI would have to be libel = high-court = high costs, high risk. ISP would be breach of contract / unfair contract terms = small claims court = low cost, low risk. Users are going to sue the ISPs.
I'm sure under UK law there are provisions to fight 'unfair contracts'.
There are, and there is specific consumer protection legislation that could apply also. Moreover, it can be done in small claims court for little risk/cost to the user.
If a lot of people are cut off, there is the possibility of a lot of cases and a consumer action campaign. You don't need to be a UK legal expert - This has already happened in the UK with the banks - just google something like uk bank charges small claims for loads of info, or see summaries like: http://www.guardian.co.uk/money/2007/jul/27/accounts.business.
Who would you think was the easier target to sue, a _bank_ or an ISP ? Now realise that ordinary people have been suing the banks, citing unfair T&Cs, and winning. The ISPs know this, they haven't got the resources of the banks, and they don't want to be in the same position.
The BPI may indeed be eventually (jointly) liable, however there is the question as to how you would sue them. The user has a contract with the ISP, and not with the BPI, and in addition the ISPs relationship with the user is under all the consumer protection legislation etc.
So the user has plenty of (relatively easy) ways to take action against the ISP, but not against the BPI. You would probably have to sue the BPI for libel or malicious falsehood - and in the UK that is much _much_ more expensive - requiring you to sue in the high court and with no prospect of legal aid.
Suing the ISP for breach of contract could be done in small claims court, for a _lot_ less money. And they know it. Costs are not awardable in small claims so it would cost the ISP in legal fees to fight any claim (win or lose), and they know they might be advised to just pay up instead. The ISPs may also not want the courts to start examining their TOSs too hard - in case they get ruled unfair. UK banks have been being sued a lot recently over penalty charges and settling many cases - totalling many millions - for just these sort of reasons (that one is now all on-hold pending a high-court test case). The ISPs don't have the deep pockets of the banks and they, quite rightly, don't trust that the BPI will be there to help when the crap hits the fan. They want a back-to-back contract to ensure they get reimbursed, before they take any action. So would I if I was in their position.
Slashdot Mirror
USB license dongle for the application software running on the VM.
Seriously. Last week.
They may be a minority, but in many cases they will be a minority that you _have_ to care about - eg. visually impaired users using screen readers (that you have to support under ADA / DDA or whatever).
Their browsers may be fully up-to-date but not support javascript.
> BT stands for "British Telecom,"
..." or something like that, but identifying them as "British Telecom" is simply incorrect.
No, it doesn't (anymore). The whole brand and company is "BT". They dropped the British bit (I forget when) when trying to become a global brand.
The full name of the company is "BT Group", but typically when naming companies you don't include the "group" or "plc / ltd. / llc" bits.
The website is also www.bt.com - check out the page, no mention of "British" whatsoever.
If you wanted to identify the company better, for folks that don't know it, you could say "BT - a major UK telco & ISP -
> The hard part is doing this for EVERY website,
Not hard. There are proxies (eg. fiddler) which will do ssl MITM and generate certificates on the fly. Normally, these certificates will not be trusted, since they won't be signed by a trusted CA...
If, as you suggest, the attacker / watcher can install a trusted CA cert, then it's game over.
Roughly (from somwhat vague memory):
With http, multiple sites can share one IP address by using host-header to route the requests. This is very, very common.
With https, this isn't possible (unless you use the same wildcard certificate for all the sites), because the header is encrypted so you don't know which site to send it to (or which certificate to use to decrypt it).
Hence for https / ssl you need a dedicated IP address for the site.
> How do you decide i have been missing against my will?
If you were missing deliberately, and had any kind of a clue, you'd have ditched your phone - so tracing it won't make any difference.
> Again, there is no logical reason why this hasn't been implemented before.
The word "girlfriend" should be a clue...
I didn't mention inherent insecurity of any OS - precisely becuase it isn't relevant.
This month we have a mass Windows server compromise, last month Mac OS X was hacked first in pwn2own, and a month or so before that we have a mass Linux server compromise.
In at least the Windows and Linux cases (not sure about the Mac, but I'd bet on browser or email hole) the vulnerability was NOT in the OS.
If you believe that you are inherently secure because you run Linux, then you are sadly deluded, and almost certainly not paying enough attention to the security of the rest of your application stack and environment as a result.
Not right now - I think they're taking a month or so off after the last few months running around in circles, see eg. http://computerworld.co.nz/news.nsf/scrt/E902A2095FEC1A23CC2573D60072888C
> Subvocal embedded comm links
as recently reported on your local news-for-nerds site: http://science.slashdot.org/article.pl?sid=08/03/12/2225204&from=rss
> like having your ears pop in a fast elevator, only more so. Maybe like diving in the ocean. I can't remember any teleportation or time travel story that mentions this obvious thing.
I think Douglas Adams had it covered with the recommendation of a few pints of muscle relaxant...
> Actually, since the Japanese seem to have no problem with beef, it'd make more sense to have whales that tasted like beef.
They do have a problem with beef - not enough land to grow it on. Create a beef animal that lives in the ocean and can be harvested 20 tonnes at a time, sounds like a solution.
> Except that this wouldn't happen, since they'd prefer to continue hunting the endangered ones for political... sorry, "scientific" reasons anyway.
Maybe, or maybe they'd find it quite amusing to be able to go out and hunt large marine mammals with the IWC not even able to whinge about it, let alone "ban" it, because it's not a whale. The arguments for a "save the sea-cows" campaign would be interesting since most of the world happily kills land-cows (with harpoons, er sorry bolt-guns).
Dude, you know there are only 12 Zodiac signs, right?
There was a thirteenth "sarcasm" - but it got lost somewhere on the way...
ah, but we do know the answer to that one... or at least we do if we read the books.
if it's your society's major delivery network. a few well-placed ticking bombs would bring you down
Hate to tell you this, but your society very likely already has a major delivery network in pipes underground. It just takes shit away rather than bringing it. If a "few well-placed bombs" could bring such a network down, then you'd have a big problem already.
...which doesn't change the fact that this Slashdot news item is poorly reported and inciting a massive flame fest,
/. - isn't having flame fests on poorly reported news the entire point ?
Er, this is
I see a lot of stuff about "managed code"... the myth that signing code makes it somehow safer.... which just isn't so.
Code signing has nothing to do with managed code. Maybe you need to actually read some of the "stuff" you see.
The only people I have ever met who have that much stupidity and that much arrogance are the RIAA's lawyers.
:-(
I think other such people clearly exist, sadly
There are several (in)famous miscarriages of justice that I can think of that were largely down to the stupidity / arrogance of expert witnesses.
Just to pick one: I believe that Skuse in the Birmingham Six trial used his own "modified" Greiss test and claimed a certainty of explosive residue detection that went well beyond scientific concensus on the standard test. He also then "misspoke" about his private recipe for the reagent when others were trying to test his results. http://www.newscientist.com/article/mg14719864.300-forensic-chemistry-in-the-dock.html.
For two: ear print identification.
It is (IMO) likely that these folks believed in their tools and results - just as I think it is also likely that the RIAA sincerely believe in theirs.
Sincerely held belief does not valid forensic science make - unfortunately it seems it can prove convincing to a court.
the brethalyzer is an "approved" devise for measuring blood alcohol.
The RIAA isn't using an "approved" device - that is a big difference, and why they are being asked to provide details of the device.
Why on earth would you have to pay money to Microsoft to read
Microsoft themselves have free (as in no money) viewers available for download, and dozens of other packages (both free and not free, in either money or libre sense) will view
If you don't want to install software, there are also dozens of online conversion services (some of which are free) that support
Or better still, offer to print someone else's tax return (or other document)...
seems to be same in uk, and I think it applies to landlines too (although at some point they will physically disconnect the wires, I believe that initially in the event of non-payment they will just stop outgoing calls but you can still call emergency services.
There is, but the user has a _contract_ with the ISP, what contract are they going to sue BPI under ? BPI would have to be libel = high-court = high costs, high risk. ISP would be breach of contract / unfair contract terms = small claims court = low cost, low risk. Users are going to sue the ISPs.
There are, and there is specific consumer protection legislation that could apply also. Moreover, it can be done in small claims court for little risk/cost to the user.
If a lot of people are cut off, there is the possibility of a lot of cases and a consumer action campaign. You don't need to be a UK legal expert - This has already happened in the UK with the banks - just google something like uk bank charges small claims for loads of info, or see summaries like: http://www.guardian.co.uk/money/2007/jul/27/accounts.business.
Who would you think was the easier target to sue, a _bank_ or an ISP ? Now realise that ordinary people have been suing the banks, citing unfair T&Cs, and winning. The ISPs know this, they haven't got the resources of the banks, and they don't want to be in the same position.
The BPI may indeed be eventually (jointly) liable, however there is the question as to how you would sue them. The user has a contract with the ISP, and not with the BPI, and in addition the ISPs relationship with the user is under all the consumer protection legislation etc.
So the user has plenty of (relatively easy) ways to take action against the ISP, but not against the BPI. You would probably have to sue the BPI for libel or malicious falsehood - and in the UK that is much _much_ more expensive - requiring you to sue in the high court and with no prospect of legal aid.
Suing the ISP for breach of contract could be done in small claims court, for a _lot_ less money. And they know it. Costs are not awardable in small claims so it would cost the ISP in legal fees to fight any claim (win or lose), and they know they might be advised to just pay up instead. The ISPs may also not want the courts to start examining their TOSs too hard - in case they get ruled unfair. UK banks have been being sued a lot recently over penalty charges and settling many cases - totalling many millions - for just these sort of reasons (that one is now all on-hold pending a high-court test case). The ISPs don't have the deep pockets of the banks and they, quite rightly, don't trust that the BPI will be there to help when the crap hits the fan. They want a back-to-back contract to ensure they get reimbursed, before they take any action. So would I if I was in their position.