*nix RPC runs on port 111. If I don't intend to have outside computers log in and run apps on my linux machine remotely, I shut down RPC, and uninstall it too, as well as blocking *ALL* privileged ports (0..1023) with iptables.
This is great for linux, not so great for Solaris. I frequently have to work with customers (yes, I'm a consluttant) where they need CDE (Common Desktop Environment) because they don't know how to use anything else. CDE requires RPC. RPC requires security vulnerabilities. The phrase "BOHICA" comes to mind.
For the curious: if you don't have the portmapper running when you try and login using CDE, the login session hangs after accepting the password and before starting anything that would let you cancel. And the hell of it is, CDE doesn't actually require any of the RPC services it is looking for, if you disable the services it works fine. But you must have the portmapper running. Microsoft isn't the only one with massive stupidity in software design.
Oh well, at least SunScreen Lite is now bundled with Sol8+, and full SunScreen with Sol9.
If you're caught with lockpicking tools, you were obviously up to no good.
Not exactly. Last I checked, in all 50 states in the USA (but not the District of Columbia, where you need to be a professional locksmith) the laws read that carrying lockpicks was fine, not possession of burglar's tools, as long as you don't plan to use them in furtherance of another crime.
I'm in New York State, and I researched the laws carefully before I started carrying around my own homemade lockpicks. Just for safety's sake, I also carry around a copy of the relevant penal code with the lockpicks just so I can keep a police officer who's not up on the law from confiscating them out of hand. (Easier than trying to get them back if wrongfully confiscated!)
The text of the law reads:
140.35 Possession of burglar's tools
A person is guilty of possession of burglar's tools when he possessed any tool, instrument or other article adapted, designed or commonly used for committing or facilitating offenses involving forcible entry into premises, or offenses involving larceny by a physical taking, or offenses involving theft of services as defined in subdivisions four, five, and six of section 165.15, under circumstances evincing an intent to use or knowledge that some person intends to use the same in the commission of an offense of such character.
Possession of burglar's tools is a class A misdemeanor.
Of course, if you're wandering around a building to which you have no legitimate access, you're still quite screwed, since that constitutes circumstances evincing an intent to commit a crime, breaking and entering. Or rather that you've already committed it, and then the possession is an additional misdemeanor charge. Fortunately, there are strong guidelines for when the courts can consider such an intent to be evinced.
For example:
Where circumstances surrounding defendant's possession of 12-inch screwdriver were as consistent with innocence as with guilt, it was error to find defendant guilty of possession of burglar's tools. The mere possession of a tool ordinarily used for legitimate purposes cannot be translated into posession or use condemned by this section in absence of circumstances evidencing intent to use it for unlawful purpose.
This is actually similar to the way in which security tends to function at some of the gov't agencies I deal with (I'm a security professional). The priority is definitely not oriented toward confidentiality; very little information is kept secret. On the contrary, they don't want the information because of FOIA, the Freedom of Information Act. My customers usually seek to keep all logs as short as is consistent with responsible systems administration, because they don't want the effort of having to dedicate someone to tracking down and collating tons of information in response to a FOIA request. Web browsing logs are usually kept to 30 days maximum, most firewall logs are kept similarly short, etc.
I wonder how short Verizon could safely go on DHCP/user logs?
> I don't think we can ever come up with a spam filter that catches all spam, but we can definitely get closer to that goal.
I did some thinking about this. To do that, you'd need a content-based filter. At that point, it needs to read (usually broken) english and understand it. And it needs to do that all day, every day, with every email you receive. Since the only reasonable way to do this is to create an AI that reads your email, you'd be condemning an intelligent entity to reading spam, day in, day out, forever.
Isn't that prohibited by the Geneva Convention?
Even if it wasn't, the solution would only last for a few days. The poor AI would be irretrievably insane within at most 50 hours.
--I need a.sig, somebody infect me with a.sig virus, please!
*wince* I wish you hadn't singled out lock-picking tools in this one. Last time I checked (about 3-4 years ago) lock-picking tools were illegal only in DC, where you have to be a professional locksmith to carry them. In every other jurisdiction I've checked, it is legal to carry them as long as you don't plan to use them in furtherance of another crime. In other words, lock picks are in the same category as we'd like to see DeCSS! (Legal to own and use as long as you don't use it to commit a crime, in which case possession becomes an additional crime.)
I'm in New York State, and I researched the laws carefully before I started carrying around my own homemade lockpicks. Just for safety's sake, I also carry around a copy of the relevant penal code with the lockpicks just so I can keep a police officer who's not up on the law from confiscating them out of hand. (Easier than trying to get them back if wrongfully confiscated!)
The text of the law reads:
140.35 Possession of burglar's tools
A person is guilty of possession of burglar's tools when he possessed any tool, instrument or other article adapted, designed or commonly used for committing or facilitating offenses involving forcible entry into premises, or offenses involving larceny by a physical taking, or offenses involving theft of services as defined in subdivisions four, five, and six of section 165.15, under circumstances evincing an intent to use or knowledge that some person intends to use the same in the commission of an offense of such character.
Possession of burglar's tools is a class A misdemeanor.
The more I look at it, the more I think that this is the route that the DMCA should have taken.... We've said that the act of copyright infringement should be criminalized, not possession of the tools to do it. I wouldn't have any objections to criminalizing the possession of the tools under such circumstances as clearly demonstrate an intent to use them for copyright infringement. Yes, this could still be abused, but it isn't usually a problem with possession of burglar's tools - there are strong guidelines for when you can consider such an intent to be evinced.
For example:
Where circumstances surrounding defendant's possession of 12-inch screwdriver were as consistent with innocence as with guilt, it was error to find defendant guilty of possession of burglar's tools. The mere possession of a tool ordinarily used for legitimate purposes cannot be translated into posession or use condemned by this section in absence of circumstances evidencing intent to use it for unlawful purpose.
People v Perez (1958) 7 AD2d 633, 179 NYS2d 877.
Why, oh why, couldn't the DMCA have gone this way?????
-Need a.sig - somebody infect me with a.sig virus?
So when a copyright holder sends a threatening letter to an ISP over a user's alleged copyright infringement, if there is no copyright infringement they should be subject to severe penalties. It shouldn't be a matter of civil law either, requiring the offended party to bear the cost of challenging his accusers, they should simply be able to report it to the police (subject to penalties for false accusation themselves, of course).
You could call the crime "legal thuggery" or something like that, and define it as "manipulation through the insincere threat of baseless litigation."
IIRC, there already is a civil means of obtaining some satisfaction in a "legal thuggery" situation. If you're threatened with a lawsuit and you take steps such as hiring a lawyer, etc., and you incur legal expenses and are not thereafter sued as threatened, you have some recourse to recoup your expenses. It's been a long time since I ran across this one, does anybody know anything about it that's not based on early teen-age memories of an explanation of why you never threaten to sue someone, you just do it?
--Somebody infect me with a.sig virus, please - I'm too lazy to create my own.sig!
The only way I see that the DMCA will get any seriously bad press and pressure for modification is if a big-money corp gets hurt. Until then, the DMCA is a wonderful way to get their own way.
However.... What will happen when, someday down the line, BigCorp, Inc. relies on an inferior encryption product that hasn't been properly tested by industry experts? And puts important, damaging, confidential information under it's protection? Then Joe Cracker - an admitted criminal - comes along and violates them every which way from sunday. Suddenly BigCorp cares a lot. They may even sue the company that made the product - IANAL, but I'm sure there has to be something in product liability laws to cover this. We do, after all, live in a country where you can sue McDonald's after spilling coffee in your lap.
The problem I see is that I don't know if BigCorp will see the causal relationship between the DMCA's chilling effect on research and the fact that they got burned. Maybe we'll get a new law requiring new encryption products to pass through a panel of experts before they can be legally sold. Another day, another law. Welcome to the United States of America, the land of the free and the home of the brave!
Slashdot Mirror
This is great for linux, not so great for Solaris. I frequently have to work with customers (yes, I'm a consluttant) where they need CDE (Common Desktop Environment) because they don't know how to use anything else. CDE requires RPC. RPC requires security vulnerabilities. The phrase "BOHICA" comes to mind.
For the curious: if you don't have the portmapper running when you try and login using CDE, the login session hangs after accepting the password and before starting anything that would let you cancel. And the hell of it is, CDE doesn't actually require any of the RPC services it is looking for, if you disable the services it works fine. But you must have the portmapper running. Microsoft isn't the only one with massive stupidity in software design.
Oh well, at least SunScreen Lite is now bundled with Sol8+, and full SunScreen with Sol9.
Not exactly. Last I checked, in all 50 states in the USA (but not the District of Columbia, where you need to be a professional locksmith) the laws read that carrying lockpicks was fine, not possession of burglar's tools, as long as you don't plan to use them in furtherance of another crime.
I'm in New York State, and I researched the laws carefully before I started carrying around my own homemade lockpicks. Just for safety's sake, I also carry around a copy of the relevant penal code with the lockpicks just so I can keep a police officer who's not up on the law from confiscating them out of hand. (Easier than trying to get them back if wrongfully confiscated!)
The text of the law reads:
Of course, if you're wandering around a building to which you have no legitimate access, you're still quite screwed, since that constitutes circumstances evincing an intent to commit a crime, breaking and entering. Or rather that you've already committed it, and then the possession is an additional misdemeanor charge. Fortunately, there are strong guidelines for when the courts can consider such an intent to be evinced.
For example:
This is actually similar to the way in which security tends to function at some of the gov't agencies I deal with (I'm a security professional). The priority is definitely not oriented toward confidentiality; very little information is kept secret. On the contrary, they don't want the information because of FOIA, the Freedom of Information Act. My customers usually seek to keep all logs as short as is consistent with responsible systems administration, because they don't want the effort of having to dedicate someone to tracking down and collating tons of information in response to a FOIA request. Web browsing logs are usually kept to 30 days maximum, most firewall logs are kept similarly short, etc.
I wonder how short Verizon could safely go on DHCP/user logs?
> I don't think we can ever come up with a spam filter that catches all spam, but we can definitely get closer to that goal.
I did some thinking about this. To do that, you'd need a content-based filter. At that point, it needs to read (usually broken) english and understand it. And it needs to do that all day, every day, with every email you receive. Since the only reasonable way to do this is to create an AI that reads your email, you'd be condemning an intelligent entity to reading spam, day in, day out, forever.
Isn't that prohibited by the Geneva Convention?
Even if it wasn't, the solution would only last for a few days. The poor AI would be irretrievably insane within at most 50 hours.
.sig, somebody infect me with a .sig virus, please!
--I need a
*wince* I wish you hadn't singled out lock-picking tools in this one. Last time I checked (about 3-4 years ago) lock-picking tools were illegal only in DC, where you have to be a professional locksmith to carry them. In every other jurisdiction I've checked, it is legal to carry them as long as you don't plan to use them in furtherance of another crime. In other words, lock picks are in the same category as we'd like to see DeCSS! (Legal to own and use as long as you don't use it to commit a crime, in which case possession becomes an additional crime.)
I'm in New York State, and I researched the laws carefully before I started carrying around my own homemade lockpicks. Just for safety's sake, I also carry around a copy of the relevant penal code with the lockpicks just so I can keep a police officer who's not up on the law from confiscating them out of hand. (Easier than trying to get them back if wrongfully confiscated!)
The text of the law reads:
The more I look at it, the more I think that this is the route that the DMCA should have taken.... We've said that the act of copyright infringement should be criminalized, not possession of the tools to do it. I wouldn't have any objections to criminalizing the possession of the tools under such circumstances as clearly demonstrate an intent to use them for copyright infringement. Yes, this could still be abused, but it isn't usually a problem with possession of burglar's tools - there are strong guidelines for when you can consider such an intent to be evinced.
For example:
Why, oh why, couldn't the DMCA have gone this way?????
-Need a
IIRC, there already is a civil means of obtaining some satisfaction in a "legal thuggery" situation. If you're threatened with a lawsuit and you take steps such as hiring a lawyer, etc., and you incur legal expenses and are not thereafter sued as threatened, you have some recourse to recoup your expenses. It's been a long time since I ran across this one, does anybody know anything about it that's not based on early teen-age memories of an explanation of why you never threaten to sue someone, you just do it?
.sig virus, please - I'm too lazy to create my own .sig!
--Somebody infect me with a
The only way I see that the DMCA will get any seriously bad press and pressure for modification is if a big-money corp gets hurt. Until then, the DMCA is a wonderful way to get their own way.
However.... What will happen when, someday down the line, BigCorp, Inc. relies on an inferior encryption product that hasn't been properly tested by industry experts? And puts important, damaging, confidential information under it's protection? Then Joe Cracker - an admitted criminal - comes along and violates them every which way from sunday. Suddenly BigCorp cares a lot. They may even sue the company that made the product - IANAL, but I'm sure there has to be something in product liability laws to cover this. We do, after all, live in a country where you can sue McDonald's after spilling coffee in your lap.
The problem I see is that I don't know if BigCorp will see the causal relationship between the DMCA's chilling effect on research and the fact that they got burned. Maybe we'll get a new law requiring new encryption products to pass through a panel of experts before they can be legally sold. Another day, another law. Welcome to the United States of America, the land of the free and the home of the brave!