I quote, "No copyright violations will take place, these files will merely have arbitrary sizes similar to the length of a 3 to 4 minute MP3 audio file encoded at 128kbps. Clients which connect to our peer-to-peer clients, and then afterwards attempt to illegally access the network will be immediately blacklisted from Information Wave's network. The data collected will be actively maintained and distributed from our network operations site."
They're not listing OR blacklisting everyone who accesses their honeypot, just those that try to ATTACK it. Nowhere at all do they ever mention spying on their own users. You can't 'illegally access' an open network like a Gnutella honeypot unless you're doing something to disrupt it. (The difference between entering a library and entering a library whilst screaming and throwing molotov cocktails everywhere.)
They're blacklisting and posting people who ATTACK their honeypot. Not users who download the fake files.
No one says the ISP is spying on their customers. The RIAA can point fingers all they want, but (at least the theory goes) the RIAA has to prove that someone on your network is doing something illegal. Worst case scenario in the real world: RIAA supplies IP address, *then* ISP looks at that *specific* customer. Decent ISPs generally have neither resources nor interest in watching all their customers for "questionable" activity.
People can do whatever the heck they want (blocking-wise) on their own networks. Anyone who says otherwise is a complete and utter fool. To say that a private network can't block access to and from an organization THAT ACTIVELY ADMITS THEY WANT TO CRACK INTO END USERS' MACHINES is akin to saying you have to invite burglars in for crumpets and tea, give a tour, and give them a spare key on the way out. Absolutely stupid.
As for the ORBS list (or the one that was 'forced' to remove the blacklisted site), well, that was a bunk case. I can't remember the details; are you sure they won the suit? I do remember legitimate sites being removed from the list, but wasn't that because they fixed their mail relay? The spammers that sued... dang... they didn't actually win the case, did they?
Uh, I'd love to know what company has "50,000+" Windows machines on a single site. I work for a huge AFB with one of the largest on-site networks (I've been told) in the world... and it has a "meer" ~20,000 user machines. That said, hell yes you do it via remote management tools. Unfortunately, the tools in question cost in money and hardware.
Why do you need more than 384kbps up? If you wanna run a warez server, buy a T1.:P
The big deal should be whether or not they put restrictions on what you can do with that 384. (I have 128 and run a full suite of services, tho obviously I'm not serving more than a half-dozen people.) "Give us our 384 and begone!" should be our battlecry. Since an ISP is an Internet Service Provider, that's all they should do: take your money, give you the line, and shut up.
I might be showing my cluelessness here, but if this is done during the compilation, then this isn't as critical as it might be. I mean, I don't configure or compile any apps as root; so even if there is a remote shell opened on my machine, it only has luser access. (Which still sucks, but is not nearly as bad as a free root shell!)
I don't know what kind of system you're trying it out on, but I just finished compiling and installing not only openssl 0.9.6e on my mandrake server (shut up), but I also recompiled and reinstalled openssh 3.4.p1 for good measure.
I'm ssh'd through the server and back out to the slackware router right now, doing the same recompile/reinstall dance on it. Yes, I did kill the parent sshd process, ran the new binary, then logged off and back on.
DRM potentially affects all types of data -- ALL types. So, music, public documents, operating systems, videos (publicly available, etc.), games (i.e. backups of), and potentially even things you, the user, create!
I'm sort of waiting for the day when I get a call from a user who had to rebuild her/his PC, actually had backups(!!), and suddenly can't use the backups because "this is not the system on which these documents were created." Joy.
IDE ribbon cables piss me off, too. That's why I bought some round IDE cables from my friends at newegg.com. Inexpensive, and they work just fine. Apparently, they also help improve your airflow by not blocking it as ribbon cables tend to. All in all, it's a good way to spend $20 (for a set of two).
While I can respect the company's policy of only wanting to deal with "respected and proven" commercial software, many commercial apps critical to secure operations are not "proven". Even SSH is relatively far behind the development curve of OpenSSH, its open-source counterpart. Nor is it in use in as many types of environments.
It may sound silly to suggest it again, but consider mentioning OpenSSH in your spread of possibilities. Even though it did have a possible remote root exploit exposed recently, look how fast working updates and/or workarounds were released. You'd be very hard pressed to find that in a commercial product.
1984: Wow! Twenty megabytes! I'll never use all this space! 1988: Wow! Eighty megabytes! I'll never use all this space! 1994: Wow! A gigabyte! I'll never use all this space! 1999: Uh, wow. Twenty gigabytes? I don't think I'll ever use all this space. 2002: A hundred and twenty gigs? I... hm. 2005:... Ah, screw it.
I agree; even when someone tries to "hide" the fact they are cheating by setting aimbots to aim at the body and not locking on to people who are behind walls, an admin who knows how cheats work can tell when a person is reacting in strange ways to things they should not see or know about. It usually takes a few minutes of observation to be sure, tho.
Fortunately, the new camera options for HL/CS make this much easier! Go Valve!:)
Shoddy code is the reason OGC works? Hardly. You can NOT trust anything on the client, and yet if the client can perform all the aiming and shooting for the player, how can you tell who's doing what? That's the real problem, and reactive detection is the only practical way to deal with it at this point... That, or me standing behind you with a baseball bat at the ready while you play.;P
Valve left the Half-Life code more "open" for a reason. Counter-Strike is the biggest. Mods don't show up often if you try to lock down your client code too much.
You don't want to try it. Deionized water is not the same as 100% pure water. Absolutely pure water does not conduct electricity, true, but then again absolutely pure water is practically impossible to find.
Unless you feel like investing in the equivalent of a couple kilos of platinum, you'd be better off with a more conventional approach.:)
I've used variations of that script before to... stress test servers belonging to me or my buddies. In most cases, it will just use up all available memory, and can really cause performance problems. To say the least.:)
However, on my mandrake 8.2 system, I can only run about 20 child processes of the thing. It gets a little spammy, tho, with the "fork: resource not available". Performance is not affected, tho.
A word of warning
on
Disconnecting
·
· Score: 2, Informative
I've heard similar stories to this one, where it takes an obscene amount of time to get a human to say "okay, we'll terminate your service", but the bills (or charges, in most cases) keep coming! In perhaps one or two cases, these being rather rare, the persons eventually had their banks change their credit card numbers to rid themselves of the monthly charge.
Keep a close eye on your next two bank statements. Make sure they actually stopped taking money beofre you believe youeself safe.
Slashdot Mirror
I quote, "No copyright violations will take place, these files will merely have arbitrary sizes similar to the length of a 3 to 4 minute MP3 audio file encoded at 128kbps. Clients which connect to our peer-to-peer clients, and then afterwards attempt to illegally access the network will be immediately blacklisted from Information Wave's network. The data collected will be actively maintained and distributed from our network operations site."
They're not listing OR blacklisting everyone who accesses their honeypot, just those that try to ATTACK it. Nowhere at all do they ever mention spying on their own users. You can't 'illegally access' an open network like a Gnutella honeypot unless you're doing something to disrupt it. (The difference between entering a library and entering a library whilst screaming and throwing molotov cocktails everywhere.)
They're blacklisting and posting people who ATTACK their honeypot. Not users who download the fake files.
No one says the ISP is spying on their customers. The RIAA can point fingers all they want, but (at least the theory goes) the RIAA has to prove that someone on your network is doing something illegal.
Worst case scenario in the real world: RIAA supplies IP address, *then* ISP looks at that *specific* customer. Decent ISPs generally have neither resources nor interest in watching all their customers for "questionable" activity.
Stop trolling, please.
People can do whatever the heck they want (blocking-wise) on their own networks. Anyone who says otherwise is a complete and utter fool. To say that a private network can't block access to and from an organization THAT ACTIVELY ADMITS THEY WANT TO CRACK INTO END USERS' MACHINES is akin to saying you have to invite burglars in for crumpets and tea, give a tour, and give them a spare key on the way out.
Absolutely stupid.
As for the ORBS list (or the one that was 'forced' to remove the blacklisted site), well, that was a bunk case. I can't remember the details; are you sure they won the suit? I do remember legitimate sites being removed from the list, but wasn't that because they fixed their mail relay? The spammers that sued... dang... they didn't actually win the case, did they?
Uh, I'd love to know what company has "50,000+" Windows machines on a single site. I work for a huge AFB with one of the largest on-site networks (I've been told) in the world... and it has a "meer" ~20,000 user machines. That said, hell yes you do it via remote management tools. Unfortunately, the tools in question cost in money and hardware.
Why do you need more than 384kbps up? If you wanna run a warez server, buy a T1. :P
The big deal should be whether or not they put restrictions on what you can do with that 384. (I have 128 and run a full suite of services, tho obviously I'm not serving more than a half-dozen people.) "Give us our 384 and begone!" should be our battlecry. Since an ISP is an Internet Service Provider, that's all they should do: take your money, give you the line, and shut up.
I might be showing my cluelessness here, but if this is done during the compilation, then this isn't as critical as it might be. I mean, I don't configure or compile any apps as root; so even if there is a remote shell opened on my machine, it only has luser access. (Which still sucks, but is not nearly as bad as a free root shell!)
Friends don't let friends compile as root.
I don't know what kind of system you're trying it out on, but I just finished compiling and installing not only openssl 0.9.6e on my mandrake server (shut up), but I also recompiled and reinstalled openssh 3.4.p1 for good measure.
:P
I'm ssh'd through the server and back out to the slackware router right now, doing the same recompile/reinstall dance on it. Yes, I did kill the parent sshd process, ran the new binary, then logged off and back on.
In other words, it works for me!
Any chance that your former principal was fresh out of a military career? ;)
DRM potentially affects all types of data -- ALL types. So, music, public documents, operating systems, videos (publicly available, etc.), games (i.e. backups of), and potentially even things you, the user, create!
I'm sort of waiting for the day when I get a call from a user who had to rebuild her/his PC, actually had backups(!!), and suddenly can't use the backups because "this is not the system on which these documents were created." Joy.
IDE ribbon cables piss me off, too. That's why I bought some round IDE cables from my friends at newegg.com. Inexpensive, and they work just fine. Apparently, they also help improve your airflow by not blocking it as ribbon cables tend to. All in all, it's a good way to spend $20 (for a set of two).
While I can respect the company's policy of only wanting to deal with "respected and proven" commercial software, many commercial apps critical to secure operations are not "proven". Even SSH is relatively far behind the development curve of OpenSSH, its open-source counterpart. Nor is it in use in as many types of environments.
It may sound silly to suggest it again, but consider mentioning OpenSSH in your spread of possibilities. Even though it did have a possible remote root exploit exposed recently, look how fast working updates and/or workarounds were released. You'd be very hard pressed to find that in a commercial product.
Mirrored glasses. :)
Soon, all humans must upgrade their "fiber channel" from eyeball to brain to take advantage of this new technology.
Things to upgrade:
Vid card
CPU
Monitor
Eyeballs
Brain
1984: Wow! Twenty megabytes! I'll never use all this space! ... Ah, screw it.
1988: Wow! Eighty megabytes! I'll never use all this space!
1994: Wow! A gigabyte! I'll never use all this space!
1999: Uh, wow. Twenty gigabytes? I don't think I'll ever use all this space.
2002: A hundred and twenty gigs? I... hm.
2005:
I agree; even when someone tries to "hide" the fact they are cheating by setting aimbots to aim at the body and not locking on to people who are behind walls, an admin who knows how cheats work can tell when a person is reacting in strange ways to things they should not see or know about. It usually takes a few minutes of observation to be sure, tho.
:)
Fortunately, the new camera options for HL/CS make this much easier! Go Valve!
Shoddy code is the reason OGC works? Hardly. You can NOT trust anything on the client, and yet if the client can perform all the aiming and shooting for the player, how can you tell who's doing what? That's the real problem, and reactive detection is the only practical way to deal with it at this point... ;P
That, or me standing behind you with a baseball bat at the ready while you play.
Valve left the Half-Life code more "open" for a reason. Counter-Strike is the biggest. Mods don't show up often if you try to lock down your client code too much.
You don't want to try it. Deionized water is not the same as 100% pure water. Absolutely pure water does not conduct electricity, true, but then again absolutely pure water is practically impossible to find.
:)
Unless you feel like investing in the equivalent of a couple kilos of platinum, you'd be better off with a more conventional approach.
Not quite unbreakable.
Look here, or select QNX from the drop down.
Ouch
... damn. Too late. :( Guess I'll have to wait until December to play now. You people are EVIL! :)
waaay too much said.
Actually, they'd be the Pittsburgh Stealers.
and I get some twisted schmuck who likes killing of his Sims in some silly manner or another...
:)
No, I don't kill my Sims. Probably because I'm still waiting for the prices to come down in my local store.
I've used variations of that script before to ... stress test servers belonging to me or my buddies. In most cases, it will just use up all available memory, and can really cause performance problems. To say the least. :)
However, on my mandrake 8.2 system, I can only run about 20 child processes of the thing. It gets a little spammy, tho, with the "fork: resource not available". Performance is not affected, tho.
I've heard similar stories to this one, where it takes an obscene amount of time to get a human to say "okay, we'll terminate your service", but the bills (or charges, in most cases) keep coming! In perhaps one or two cases, these being rather rare, the persons eventually had their banks change their credit card numbers to rid themselves of the monthly charge.
Keep a close eye on your next two bank statements. Make sure they actually stopped taking money beofre you believe youeself safe.