Here in the US, they toss out all letters, faxes, emails and ignore phone calls. Congress has a very simple way to get their requests from lobbyists. Each "representative" hosts a "fund raiser" where the lobbyists have to pay thousands of dollars to get in. Each lobbyist gets a turn sitting next to the "representative" so he or she may discuss political issues "critical to the general public." No need to mess around with sorting through countless junk!;-)
The Internet is more than just the web and email. UDP does have it's uses. Some types of networking will just work better with it. How would you do multicasting with TCP? What about video games? I doubt they'd work as well with TCP. If you think games are useless, you are wrong. FPS are early generation virtual reality systems. I think the Internet will be a better place if the VR dream comes true.
This problem happened because Microsoft is made up of idiots. This port was open because of thier "easy to use" bullshit. There is no need to open a second fixed port you are unable to disable so that other systems can figure out which port the database server is on, and they had a buffer overflow in this code too! There is a reason there are both default ports and places you can specify ports in URLs and such. Why have a discovery service in the first place? Bad judgment.
Remember the MPlayer/Red Hat spat? MPlayer's authors refused to even deal with anyone using Red Hat 7.x because they claimed the compiler that shipped with Red Hat was buggy and problematic, when in fact it was their own code that was not up to the level of C compliance that the compiler required.
I'm a little late in this discussion, but I saw this post and had to respond.
You're talking about gcc "version 2.96", aren't you? WTF??? Red Hat deserved to get flamed into the ground for that. They just grabbed experimental gcc code and slapped it in their distro!!! It is just like if someone took the source tree from a 2.5.x Linux kernel, applied some experimental patches to it, and called it version "2.6.0"! If some distro did that, should application / library / kernel developers even consider supporting it? Such a stupid action will cause massive problems. Maybe their code wasn't up to specs, but the gcc "2.96" fiasco did cause countless problems. Maybe you should do some reading about it.
why doesn't this happen with Linux ? (or does it happen with Linux?)
Like other posters said, this does happen with Linux, but not as much. There are reasons why.
Many good Open Source projects will usually separate their releases into to branches: stable and experimental. For example, in the Linux kernel, if the second number is even (x.2.x or x.4.x), then it is a "stable" release. If the second number is odd (x.3.x or x.5.x), then it is an experimental release.
Most of the time new features are only put in the experimental release. There are features officially classified as experimental in the stable release, but you can only use them (or even see them) if you check the "prompt for development or incomplete drivers" option.
There have been mishaps where a feature was added in the middle of a stable release and caused problems. One such example is the changes to the virtual memory system in about 2.4.4.
Another reason this doesn't happen as often is many of the serious open source programmers do everything they can to prevent/fix bugs and are paranoid about security. Microsoft doesn't seem to care. When I run win98, there are always system crashes, settings being changed when I don't want them to, unstable programs (which are supposedly being made by professional companies) making other programs/the whole system unstable.
In Linux, these problems are virtually nonexistant. I haven't seen many programs which will bring Linux down, and most of those don't crash the kernel. A buggy SVGAlib[1] program will either screw up the video or screw up the keyboard and disable virtual console switching[2]. XFree86 doesn't have this problem. Most buggy programs in X don't seem to affect it at all--there are problems such as X crashing with huge font sizes, but the main system was running fine. I just had to restart X. A misconfigured X may screw up the display, but most of the time I can use Ctrl-Alt-Backspace to kill X, display restores, and I fix the problem. Also, when Ctrl-Alt-Delete still works, it will properly shutdown the system--unlike Windows.
Linux/open source has problems, but Microsoft has many more. In my twenty some years of using computers, I haven't seen anyone produce crappy software as Microsoft--except for script kiddies and the low end of shareware programmers.
I've always wondered why using fixes, new functions, patches, whatever, written by numerous different people hasn't turned Linux or other open source into a non-functioning morass of code
They do have project leaders and others who verify the patches. Open source projects don't accept just any old patch--there is a process of reviewing and testing submitted patches. This also varies from project to project. Some maintainters will just slap in anything, but the maintainers of very good and stable projects will try to understand what the patch is doing before even testing it out. It is a very long and arduous process to get a patch for a new feature into something like the Linux kernel. There are plenty of such patches floating around. For example, Openwall Linux is a kernel patch that adds security features. From what it sounds, it may never get into the official kernel...
Isn't an operating system more complicated (or at least more fundamental) than an application?
An OS is the most fundamental part of the software. Any bug in the OS will often cause major problems everywhere. As to an OS being more complicated, it depends on the system and what you choose to define as the OS. Some people consider only the kernel/core part as the OS, and others include "essential" libraries--the definition of essential can vary greatly. Still some others include basic utility programs part of the OS.
Why doesn't (or how often) does fixing one bug in Linux create two new ones?
Any change in a project can cause a new bug, but as I said, they review and test the patches, so this doesn't happen as much as you seem to think it would. The problem with Microsoft bug fixes is they don't seem to test their changes very well, and they often bundle new (and possibly unwanted) features/modifications with these fixes. These features/ mods may have bugs or cause other problems. The high-end open source projects shy away from this practice. That is why they have a different branch marked experimental (or unstable)-- people who want to test (or use) the bleeding edge features can do so without affecting the stable branch.
Footnotes:
[1] SVGAlib is a library which allows a program to draw graphics on the screen with a virtual console. This library is dangerous because it requires the program to run as root (often suid root, which means any user will have root access with the program until the program drops privileges). The framebuffer is slightly safer because it is a kernel driver and you don't have to run it as root. Both of these can easily leave the video card in a messed up state if the program doesn't use them properly.
[2] The virtual console is a part of the Linux kernel which handles the video display. In Linux there are multiple of these virtual consoles, and one can switch between them freely using the Alt key plus the arrows/function keys. Alt+F1 will switch to virtual console # 1. Alt+2 #2, and so on. A problem arises if a program sets raw keyboard mode (such as many SVGAlib/framebuffer programs do) as this disables the kernel from recognizing an Alt+function key as a request to change consoles.
I think you are wrong. Remote root exploits are caused by much bigger errors than "0.1 degrees". Oversimplifying, such security bugs can be set into two classes:
No bounds checking. Buffer overflows and unknown strings in printf's format parameter are more like the architect is off by 45 degrees, assumes the beam can take twice it's rated load, and
only takes the building's weight into account. So if a cat jumps on the roof, then the whole ceiling will collapse.
Silly stupid mistakes like "off by one" errors. This is the same as if an architect made a single beam 1 foot shorter than it should be. Assuming redundancy and an otherwise good design, the cat jumping on the roof probably won't cause a problem. There may be a problem if someone places an object that weighs the same as the architect designed for, but if she overcompensated on the design such that, say the roof was rated for 2200 lbs, but designed for 3000 lbs (as should be done), then there may not be a problem. These errors will cause problems (like crashing after a syscall is made 2 billion times), but are not nearly as bad.
The first problem should never happen with an experienced and competent programer. That kind of "mistake" is reckless programming. The second does happen, but designing the entire system properly will minimize the damage these errors can cause.
The heap and stack pages should not be allocated executable by default. If a special program needs the ability to write and execute code itself, it should use a special memory allocation routine. Executable code pages should not be marked as writeable. All programs should not be run as root, or if need be, run as root and drop to normal user status as soon as possible. For those programs that do require root, the kernel should be evaluated to see if a permission system can be used to eliminate this need. That way, a program which needs raw access to the video card can't mess with critical files or deactivate the door locks to your top secret room.
The kernel needs similar checks. High level things such as the TCP/IP stack should not be able to modify any I/O ports or hardware memory, only the network card driver should. If possible, hardware drivers should not be able to access any device they don't cover. For example, the network card driver shouldn't have access to video memory. In fact, a permission system should be applied to parts of the kernel. TCP/IP, network card drivers, video card drivers don't need to access hard drives, filesystems, or door locks at all, therefore they should be denied access wherever possible.
Architects and various engineers all design so that one minor mistake or unexpected event will not cause their building/device/whatever to come crashing down. Sometimes a manufactured part doesn't exactly conform to spec, many engineers know this. If your calculation shows a point will have 100lbs of stress, you can't expect a bolt rated for 100 lbs to be good enough. It may have a defect where it will only hold 90 lbs. Someone may put 110 lbs of stress on it. All sorts of variables can and do happen. That is why a good engineer will design beyond the spec. Software needs to be the same way. Yes, doing these precautions will cost extra memory, cpu time, and coding time, just like these precautions cost extra money, space, and design time in other fields.
How do you think DRM works??? Unless the computer is restricted somehow, you can copy any file, any network packet, or any type of data you want. Doesn't matter if it's some proprietary format that uses a special "DRM enabled" player program or if it's encrypted. Anyone can copy the file (or if it's streamed video, capture the packets). Even if the player uses a special handshake sequence where the client and server exchange unique information each time, someone will just crack the player client.
For DRM to even have a chance of working, it will need hardware that guarantees only approved OSs run on it, an OS that guaranteed only approved binaries have access to the DRM data, and a analog watermarking system that guarantees no one can record DRM audio/video by holding a microphone to the speaker and pointing a camera at the screen--or just take away all mics and camcorders.
I don't want them to take away all mics and camcorders! DRM eneabled ones will be almost as bad. Think about it. Every time a tv, billboard or some guy's t-shirt gets in your viewfinder, the camcorder will shut off. Everytime your neighbor cranks up her stereo, you can't use the mic on your computer. In fact, hollywood wants DRM in everything (check out the CBDTPA), so you could be walking down the street, and your cellphone will cut out because someone nearby is listening to music!
I won't even go into how this will allow the software and entertainment cartels to lock out everyone else who wishes to distribute content.
It does, but it also uses UDP port 1434 (which you can't turn off). Read this report to see how it works.
Did the service patch for this problem just barely come out a week ago? That's what another poster said. This report says Microsoft was notified on 17 May 2002--several months ago. Not good.
I was just about to post the same thing! Moderators: mod this one up! People need to read this otherwise they'll think their cracked box is safe!
From securiteam.com:..It can be configured such that clients can use named pipes over a NetBIOS session (TCP port 139/445) or sockets with clients connecting to TCP port 1433 or both. Whichever method is used the SQL Server will always listen on UDP port 1434. This port is designated as the Microsoft SQL Monitor port and clients will send a message to this port to dynamically discover how the client should connect to the Server.
Read further into the report. The exploits use the vulnerability in the code which listens to UDP port 1434. You can't turn this off!
Some people have pointed out that Palladium hardware as it is created now doesn't require you to use a Palladium OS, but how long will it be before MS requires all Palladium compliant hardware to only run Windows? They weren't convicted of antitrust violations for nothing. It probably won't be tomorrow. It may not be a year from now, but if left unchecked, it could easily happen within the next decade.
How about the name a previous poster made up: Windows Secure User eXtensions? Shortened to WinSUX! To bring the point home write it like this: Windows Secure [against] User eXtenstions.
Microsofts own pics show documents being "trusted" to view on a pc.
That can be circumvented by an every day, run of the mill, film based camera. Doesn't Gates watch spy movies?
4)... My guess is even the hard drive will be palladium ready to make sure the user can't read it.
I'm not sure you got it with this one, and I think it should be clarified for those who don't: this will work fine with any normal hard drive because all the data stored on it will be encrypted--no one will be able to recover that encrypted information (except maybe Microsoft-- perhaps not even then) no matter what they do (unless they steal the hidden keys on the motherboard somehow). I see no reason where they will need to create a special Windows Secure User eXtensions drive.
This will also cause problems for data recovery. Imagine you have some important files on the drive and the head crashes. A professional may be able to restore most of the encrypted information on the drive, but how are they supposed to decode it?
Hell, coding for your digital cable box might be easier then coding for your palladium machine.
Maybe, maybe not. Microsoft is so careless, I wouldn't be surprised if someone stole their certified keys and posted them on the internet. Remember the stories about Microsoft getting hacked, and the stories about some guys who cracked MS's signature keys. I serously doubt MS will keep the people from doing the same things they are today-- creating worms and viri, copying music / movies w/o perm from copyright holder, stealing credit card / bank account info, etc...
Security my ass. WinSUX!
Why should one person have to own 2 computers?
on
DDoS for Fun and Profit
·
· Score: 4, Insightful
Are you saying he should have 2 computers when he only needs one???? Not everyone can throw around money.
The Microsoft servers are a different story. They should have lots of backup systems running because they serve millions of people. Not to mention this is caused by a security flaw they carelessly created.
You missed something. Read the CNet article. Your "Track. Subpoena. Litigate." step is really "Track. Find real address. Do whatever you want to the poor sap."
But this doesn't establish any safeguard against abuse by the RIAA, corporations, or some creep who wants to find a user, rape his/her children, and kill his/her family. A proper lawsuit would, and the RIAA always had that option. They just never used it.
I don't think their bot software looks at anything more than filenames. If everyone did that, the cartel will sue everyone, and for those in the US, will win. (Don't worry! You won't be left out if they were all text files or recordings of your farts!) Then the cartel will have all our money and garnish 50% of our wages! Gotta love living in a "free" country!;-)
If its invocation of the DMCA is upheld on appeal, music industry investigators would have the power to identify hundreds or thousands of music pirates at a time without going to court first.
This means they don't need to go to court and show evidence to get someone's name. This also means anyone can get a user's name just by filing a DMCA complaint without any proof. THis is a very bad thing. Copyright owners can and should go to court to get someone who has been infringing their copyrights, but they should not be able to get anyone's name without any scrutiny.
There is accountability for those breaking the law, but with this case, there is little or no accountability for those who are trying to get your private information. Also, why don't you look at the report the ACLU put out about DMCA complaints. The "industry" uses bots to find supposed "pirates" and those bots don't work well. So if you have a file named harry_potter_book_report.rtf or britney_spears_sucks.mp3 both works created by you, you may find yourself on their list regardless of whether or not you violated copyright law.
I think Speak Freely may be what you are looking for. I haven't tried it, but I did look into it. It seemed like a lot of trouble to get working, but if you're already using ALSA sound drivers, you're probably halfway there. I don't think the OSS drivers are able to do full duplex (playing and recording at the same time), so you probably won't be able to use the program very well with OSS drivers.
Hardware random # generators don't need seed values. Many software ones need the seed value because they just use an equation to generate the numbers and the seed tells it where to start. Hardware ones get their data from component noise or measuring other random phenomenon.
Most likely you won't be able to transfer anything--including software. The DRM encoded music/movies/software can also have a time bomb so you may have to repurchase it every so often (even if you don't use it). They can also put a limit of how many hours the program can be run. Technicly software can do this now, but they don't do it because: A) on current systems anyone can mess around with the computer's clock to defeat it, and B) most home users won't accept this, but after years of being screwed over by DRM, they eventually will.
You may have heard about some of the nightmares with software in the commercial Unix world. "We were working all Friday night on a project and we used up all the time on our license. It was the weekend so we couldn't contact the vendor for a renewal. We needed that project finished by Monday!" The way it sounded, for every hundred or so hours of use, they had to pay some expensive license fee. I'm glad I've been lucky enough that the places I worked don't use this software. Must be a real pain.
This is one of the major reasons the "tech" companies are trying to push this. They are trying to smokescreen it as being forced upon them by the MPAA because they know their customers don't want it. Believe me, they do!
This is a declaration of war, but not by the United States. This declaration was made by the entertainment cartel against all others. Look at how they are trying to corrupt the governments to take away the freedoms of their citizens. Soon we may no longer have the right to freely use such things as computers, telephones and the internet.
People of the world unite! We must defend ourselves!
Slashdot Mirror
You fool! Hillary Rosen doesn't have a soul! (looks around) Oh my God! Run before she envelops us all! Aaaaaaaaa.....
Okay, how about a web server? Your professor can run a web browser, can't he?
You almost had it, but not quite.
Here in the US, they toss out all letters, faxes, emails and ignore phone calls. Congress has a very simple way to get their requests from lobbyists. Each "representative" hosts a "fund raiser" where the lobbyists have to pay thousands of dollars to get in. Each lobbyist gets a turn sitting next to the "representative" so he or she may discuss political issues "critical to the general public." No need to mess around with sorting through countless junk! ;-)
The Internet is more than just the web and email. UDP does have it's uses. Some types of networking will just work better with it. How would you do multicasting with TCP? What about video games? I doubt they'd work as well with TCP. If you think games are useless, you are wrong. FPS are early generation virtual reality systems. I think the Internet will be a better place if the VR dream comes true.
This problem happened because Microsoft is made up of idiots. This port was open because of thier "easy to use" bullshit. There is no need to open a second fixed port you are unable to disable so that other systems can figure out which port the database server is on, and they had a buffer overflow in this code too! There is a reason there are both default ports and places you can specify ports in URLs and such. Why have a discovery service in the first place? Bad judgment.
I'm a little late in this discussion, but I saw this post and had to respond.
You're talking about gcc "version 2.96", aren't you? WTF??? Red Hat deserved to get flamed into the ground for that. They just grabbed experimental gcc code and slapped it in their distro!!! It is just like if someone took the source tree from a 2.5.x Linux kernel, applied some experimental patches to it, and called it version "2.6.0"! If some distro did that, should application / library / kernel developers even consider supporting it? Such a stupid action will cause massive problems. Maybe their code wasn't up to specs, but the gcc "2.96" fiasco did cause countless problems. Maybe you should do some reading about it.
Like other posters said, this does happen with Linux, but not as much. There are reasons why.
Many good Open Source projects will usually separate their releases into to branches: stable and experimental. For example, in the Linux kernel, if the second number is even (x.2.x or x.4.x), then it is a "stable" release. If the second number is odd (x.3.x or x.5.x), then it is an experimental release.
Most of the time new features are only put in the experimental release. There are features officially classified as experimental in the stable release, but you can only use them (or even see them) if you check the "prompt for development or incomplete drivers" option. There have been mishaps where a feature was added in the middle of a stable release and caused problems. One such example is the changes to the virtual memory system in about 2.4.4.
Another reason this doesn't happen as often is many of the serious open source programmers do everything they can to prevent/fix bugs and are paranoid about security. Microsoft doesn't seem to care. When I run win98, there are always system crashes, settings being changed when I don't want them to, unstable programs (which are supposedly being made by professional companies) making other programs/the whole system unstable.
In Linux, these problems are virtually nonexistant. I haven't seen many programs which will bring Linux down, and most of those don't crash the kernel. A buggy SVGAlib[1] program will either screw up the video or screw up the keyboard and disable virtual console switching[2]. XFree86 doesn't have this problem. Most buggy programs in X don't seem to affect it at all--there are problems such as X crashing with huge font sizes, but the main system was running fine. I just had to restart X. A misconfigured X may screw up the display, but most of the time I can use Ctrl-Alt-Backspace to kill X, display restores, and I fix the problem. Also, when Ctrl-Alt-Delete still works, it will properly shutdown the system--unlike Windows.
Linux/open source has problems, but Microsoft has many more. In my twenty some years of using computers, I haven't seen anyone produce crappy software as Microsoft--except for script kiddies and the low end of shareware programmers.
They do have project leaders and others who verify the patches. Open source projects don't accept just any old patch--there is a process of reviewing and testing submitted patches. This also varies from project to project. Some maintainters will just slap in anything, but the maintainers of very good and stable projects will try to understand what the patch is doing before even testing it out. It is a very long and arduous process to get a patch for a new feature into something like the Linux kernel. There are plenty of such patches floating around. For example, Openwall Linux is a kernel patch that adds security features. From what it sounds, it may never get into the official kernel...
An OS is the most fundamental part of the software. Any bug in the OS will often cause major problems everywhere. As to an OS being more complicated, it depends on the system and what you choose to define as the OS. Some people consider only the kernel/core part as the OS, and others include "essential" libraries--the definition of essential can vary greatly. Still some others include basic utility programs part of the OS.
Any change in a project can cause a new bug, but as I said, they review and test the patches, so this doesn't happen as much as you seem to think it would. The problem with Microsoft bug fixes is they don't seem to test their changes very well, and they often bundle new (and possibly unwanted) features/modifications with these fixes. These features/ mods may have bugs or cause other problems. The high-end open source projects shy away from this practice. That is why they have a different branch marked experimental (or unstable)-- people who want to test (or use) the bleeding edge features can do so without affecting the stable branch.
Footnotes:
[1] SVGAlib is a library which allows a program to draw graphics on the screen with a virtual console. This library is dangerous because it requires the program to run as root (often suid root, which means any user will have root access with the program until the program drops privileges). The framebuffer is slightly safer because it is a kernel driver and you don't have to run it as root. Both of these can easily leave the video card in a messed up state if the program doesn't use them properly.
[2] The virtual console is a part of the Linux kernel which handles the video display. In Linux there are multiple of these virtual consoles, and one can switch between them freely using the Alt key plus the arrows/function keys. Alt+F1 will switch to virtual console # 1. Alt+2 #2, and so on. A problem arises if a program sets raw keyboard mode (such as many SVGAlib/framebuffer programs do) as this disables the kernel from recognizing an Alt+function key as a request to change consoles.
I think you are wrong. Remote root exploits are caused by much bigger errors than "0.1 degrees". Oversimplifying, such security bugs can be set into two classes:
The first problem should never happen with an experienced and competent programer. That kind of "mistake" is reckless programming. The second does happen, but designing the entire system properly will minimize the damage these errors can cause.
The heap and stack pages should not be allocated executable by default. If a special program needs the ability to write and execute code itself, it should use a special memory allocation routine. Executable code pages should not be marked as writeable. All programs should not be run as root, or if need be, run as root and drop to normal user status as soon as possible. For those programs that do require root, the kernel should be evaluated to see if a permission system can be used to eliminate this need. That way, a program which needs raw access to the video card can't mess with critical files or deactivate the door locks to your top secret room.
The kernel needs similar checks. High level things such as the TCP/IP stack should not be able to modify any I/O ports or hardware memory, only the network card driver should. If possible, hardware drivers should not be able to access any device they don't cover. For example, the network card driver shouldn't have access to video memory. In fact, a permission system should be applied to parts of the kernel. TCP/IP, network card drivers, video card drivers don't need to access hard drives, filesystems, or door locks at all, therefore they should be denied access wherever possible.
Architects and various engineers all design so that one minor mistake or unexpected event will not cause their building/device/whatever to come crashing down. Sometimes a manufactured part doesn't exactly conform to spec, many engineers know this. If your calculation shows a point will have 100lbs of stress, you can't expect a bolt rated for 100 lbs to be good enough. It may have a defect where it will only hold 90 lbs. Someone may put 110 lbs of stress on it. All sorts of variables can and do happen. That is why a good engineer will design beyond the spec. Software needs to be the same way. Yes, doing these precautions will cost extra memory, cpu time, and coding time, just like these precautions cost extra money, space, and design time in other fields.
How do you think DRM works??? Unless the computer is restricted somehow, you can copy any file, any network packet, or any type of data you want. Doesn't matter if it's some proprietary format that uses a special "DRM enabled" player program or if it's encrypted. Anyone can copy the file (or if it's streamed video, capture the packets). Even if the player uses a special handshake sequence where the client and server exchange unique information each time, someone will just crack the player client.
For DRM to even have a chance of working, it will need hardware that guarantees only approved OSs run on it, an OS that guaranteed only approved binaries have access to the DRM data, and a analog watermarking system that guarantees no one can record DRM audio/video by holding a microphone to the speaker and pointing a camera at the screen--or just take away all mics and camcorders.
I don't want them to take away all mics and camcorders! DRM eneabled ones will be almost as bad. Think about it. Every time a tv, billboard or some guy's t-shirt gets in your viewfinder, the camcorder will shut off. Everytime your neighbor cranks up her stereo, you can't use the mic on your computer. In fact, hollywood wants DRM in everything (check out the CBDTPA), so you could be walking down the street, and your cellphone will cut out because someone nearby is listening to music!
I won't even go into how this will allow the software and entertainment cartels to lock out everyone else who wishes to distribute content.
Holy shit! Who's bot puked this up? Judging from the poor cut and paste job, I'd say either an AOLbot or a Billy Gates Bot.
It does, but it also uses UDP port 1434 (which you can't turn off). Read this report to see how it works.
Did the service patch for this problem just barely come out a week ago? That's what another poster said. This report says Microsoft was notified on 17 May 2002--several months ago. Not good.
I was just about to post the same thing! Moderators: mod this one up! People need to read this otherwise they'll think their cracked box is safe!
From securiteam.com: ..It can be configured such that clients can use named pipes over a NetBIOS session (TCP port 139/445) or sockets with clients connecting to TCP port 1433 or both. Whichever method is used the SQL Server will always listen on UDP port 1434. This port is designated as the Microsoft SQL Monitor port and clients will send a message to this port to dynamically discover how the client should connect to the Server.
Read further into the report. The exploits use the vulnerability in the code which listens to UDP port 1434. You can't turn this off!
Some people have pointed out that Palladium hardware as it is created now doesn't require you to use a Palladium OS, but how long will it be before MS requires all Palladium compliant hardware to only run Windows? They weren't convicted of antitrust violations for nothing. It probably won't be tomorrow. It may not be a year from now, but if left unchecked, it could easily happen within the next decade.
WinSUX...I like that name. use it everywhere!
How about a T-shirt that says: Next-generation Windows Secure [against] User eXtenstions -- WinSUX! ;-)
How about the name a previous poster made up: Windows Secure User eXtensions? Shortened to WinSUX! To bring the point home write it like this: Windows Secure [against] User eXtenstions.
That can be circumvented by an every day, run of the mill, film based camera. Doesn't Gates watch spy movies?
I'm not sure you got it with this one, and I think it should be clarified for those who don't: this will work fine with any normal hard drive because all the data stored on it will be encrypted--no one will be able to recover that encrypted information (except maybe Microsoft-- perhaps not even then) no matter what they do (unless they steal the hidden keys on the motherboard somehow). I see no reason where they will need to create a special Windows Secure User eXtensions drive.
This will also cause problems for data recovery. Imagine you have some important files on the drive and the head crashes. A professional may be able to restore most of the encrypted information on the drive, but how are they supposed to decode it?
Maybe, maybe not. Microsoft is so careless, I wouldn't be surprised if someone stole their certified keys and posted them on the internet. Remember the stories about Microsoft getting hacked, and the stories about some guys who cracked MS's signature keys. I serously doubt MS will keep the people from doing the same things they are today-- creating worms and viri, copying music / movies w/o perm from copyright holder, stealing credit card / bank account info, etc...
Security my ass. WinSUX!
Are you saying he should have 2 computers when he only needs one???? Not everyone can throw around money.
The Microsoft servers are a different story. They should have lots of backup systems running because they serve millions of people. Not to mention this is caused by a security flaw they carelessly created.
This guy is hardly being hypocritical.
You missed something. Read the CNet article. Your "Track. Subpoena. Litigate." step is really "Track. Find real address. Do whatever you want to the poor sap."
But this doesn't establish any safeguard against abuse by the RIAA, corporations, or some creep who wants to find a user, rape his/her children, and kill his/her family. A proper lawsuit would, and the RIAA always had that option. They just never used it.
I don't think their bot software looks at anything more than filenames. If everyone did that, the cartel will sue everyone, and for those in the US, will win. (Don't worry! You won't be left out if they were all text files or recordings of your farts!) Then the cartel will have all our money and garnish 50% of our wages! Gotta love living in a "free" country! ;-)
From the CNet article:
This means they don't need to go to court and show evidence to get someone's name. This also means anyone can get a user's name just by filing a DMCA complaint without any proof. THis is a very bad thing. Copyright owners can and should go to court to get someone who has been infringing their copyrights, but they should not be able to get anyone's name without any scrutiny.
There is accountability for those breaking the law, but with this case, there is little or no accountability for those who are trying to get your private information. Also, why don't you look at the report the ACLU put out about DMCA complaints. The "industry" uses bots to find supposed "pirates" and those bots don't work well. So if you have a file named harry_potter_book_report.rtf or britney_spears_sucks.mp3 both works created by you, you may find yourself on their list regardless of whether or not you violated copyright law.
I think Speak Freely may be what you are looking for. I haven't tried it, but I did look into it. It seemed like a lot of trouble to get working, but if you're already using ALSA sound drivers, you're probably halfway there. I don't think the OSS drivers are able to do full duplex (playing and recording at the same time), so you probably won't be able to use the program very well with OSS drivers.
Hardware random # generators don't need seed values. Many software ones need the seed value because they just use an equation to generate the numbers and the seed tells it where to start. Hardware ones get their data from component noise or measuring other random phenomenon.
You are probably correct. I don't know about the C64, but my Atari 130XE had one. ...and I don't drink Robitussin. ;-)
Most likely you won't be able to transfer anything--including software. The DRM encoded music/movies/software can also have a time bomb so you may have to repurchase it every so often (even if you don't use it). They can also put a limit of how many hours the program can be run. Technicly software can do this now, but they don't do it because: A) on current systems anyone can mess around with the computer's clock to defeat it, and B) most home users won't accept this, but after years of being screwed over by DRM, they eventually will.
You may have heard about some of the nightmares with software in the commercial Unix world. "We were working all Friday night on a project and we used up all the time on our license. It was the weekend so we couldn't contact the vendor for a renewal. We needed that project finished by Monday!" The way it sounded, for every hundred or so hours of use, they had to pay some expensive license fee. I'm glad I've been lucky enough that the places I worked don't use this software. Must be a real pain.
This is one of the major reasons the "tech" companies are trying to push this. They are trying to smokescreen it as being forced upon them by the MPAA because they know their customers don't want it. Believe me, they do!
This is a declaration of war, but not by the United States. This declaration was made by the entertainment cartel against all others. Look at how they are trying to corrupt the governments to take away the freedoms of their citizens. Soon we may no longer have the right to freely use such things as computers, telephones and the internet.
People of the world unite! We must defend ourselves!