Yeah, because racial discrimination is so much the same thing as not being allowed to be a glasshole in someone's business.
I understand that you didn't see the original point, so let me restate it in terms more favorable to understanding:
1. The "douchenozzle" who runs the establishment as if it is a private space, is probably misinformed. 2. The diner is a public space by virtue of the following, as EXEMPLIFIED by legal justifications on smoking in restaurants, and legal prohibitions of discrimination against customers based on race. "Public" spaces do not afford an "expectation of privacy," therefore "glassholes" should be able to photograph within because other patrons in this public space should not expect to have privacy. 3. I hope "Whiny Nick," despite being laughed at by the Internet, feels better for having drawn attention to his unfortunate experience, and it sounds as if the "douchenozzle" owner, while hopefully cleaning up after himself, will have clarified the policy in such a way that future Google Glass users will be informed before experiencing the unpleasantness of being confronted and ejected from a restaurant on the basis of technology they do not like.
Sure you can be a whiny douchenozzle all you want. The rest of the Internet will simply laugh at you.
Unlike you, apparently, I won't mind if the Internet laughs at me, or thinks I mismatched my clothes, or that my haircut isn't very good. But I will feel better for having expressed my righteous indignation at being kicked out of a restaurant (and their lost revenue,) over such a silly and juvenile reason.
Not by much, if at all. We're talking about this in as of a "right to privacy," and there is no such right in a public place, and a restaurant is considered a public, not private, place, even though it is a private business -- as established by these protected class statutes as well as health-related statutes.
See my response to AC regarding restaurants as public spaces. Another corollary might be restaurants being unable to discriminate based on race. That's why some "clubs" exist to skirt public regulations by imposing membership requirements. It is also clear to a random passer-by that an establishment is access-restricted. That is not the case with this diner.
A restaurant is not a public place. They can ask anyone to leave for any reason they so choose. Wearing Google Glass inside is no more a right than bringing in food from outside is a right.
This asshole would not have been embarrassed if he didn't act like an asshole. He was quietly and politely asked to take it off, at which point he threw a tantrum. This is not socially acceptable behavior, and he deserves every ounce of humiliation he's now getting. Maybe he won't act like a complete asshole next time, and will instead either take it off or quietly leave and never frequent the establishment again. His rights were not violated. Only a complete moron thinks that they have the right to bring anything they desire into a private establishment. Fucking entitled little bastard.
and also misinformed about the right to privacy in the USA (which doesn't afford anyone in public the right not to be photographed.) Some advocate belligerent behavior in response to Google Glass users, in a very Luddite-esque manner. And so many people so self-conscious of being recorded in some manner that they feel their rights extend over the top of the rights of others. Oh, the outrage, the fear, and the insults hurled at the new nerds.
Society's 'norms' once demanded signs that set an expectation of dress for patrons at restaurants, apparently. But wearing a camera on your head isn't as obviously antisocial as some claim (particularly on The Verge comments, but probably elsewhere, even with my social circle,) and if it's so egregious a violation of the decorum of a *diner* (no jacket required,) then it demands to be spelled out with as much clarity as a New York City letter grade so potential patrons can make a decision before they're inconvenienced, rejected, and embarrassed.
Finally, what is this overwhelming panic people feel about being recorded by others? Do they fear being made fun of on social networks? Do they really associate with people who might? And do they care about those around them who may? Few of us are so interesting or important, and those who are likely have obnoxious and obvious people photographing them often.
My right to use Google Glass (if I had such,) or a mobile phone, or a GoPro camera, or whatever may come is not an infringement of your right to be free of recording (for you have none outside your home,) nor is it terribly bright of you to denigrate them or their new toys when you'll likely enjoy something similar once they become openly sold and include some absolutely desirable software that happens to depend on the camera.
Nick was entitled to an respond in anger when he was confronted after being allowed in the restaurant, without a clue that he'd be embarrassed and rejected for something that few could reasonably anticipate. Respect for the customer begins at the front door.
When you travel with your laptop to a public wireless access point, and you probably do - it's visible to attackers. How do you address the dichotomy that you're uncomfortable with your home network being visible to attackers if you're comfortable traveling to public access points?
Sounds good until you're the one at risk of being shot by a trigger-happy psychopath under protection of the US Government. I don't think any of us are concerned about answering a nastygram about some contrived DMCA violation. We're concerned about having our homes invaded because someone thought it was a good idea to attack non-violent crimes with violent reactions in the USA.
Our ancestors had a less ambiguous case of right and wrong to rally around. Here the waters are clouded by crimes many or most of us generally want to fight, but we don't agree with the methods used to fight them. It's a lot more difficult to rally around my right to leave an open access point in my house without fear of being shot by the police than it is to rally around one's right to equality or relief from a distant oppressive government.
I think many of us are overwhelmed by the general idea that law enforcement is abusing the general public out of malice of incompetence, and as a result we become hooked on each one of these incidents as examples of a dangerous slide into a police state.
There's more to the story of law enforcement relating to the public, and it would be good to have or participate in a discourse on some of the root causes and hack out solutions to them.
Trust is a foundation of governance, as you point out. The system, and it's administrators, will work to maintain that trust. In places where the trust breaks down, and I think we have examples of that globally, the populace is subject to great chaos and uncertainty.
I don't think we can have that sort of discourse here, in this forum, and perhaps it's appropriate to have it at a very localized level in a community, but as hackers, geeks, and intelligent people - we can do something about this.
Standing offer remains - I'll buy you a beer if you're available in Manhattan anytime. Also, standing offer for technical services. You need computer help, you contact me, I supported a number of other law offices in the past, so I'm not inexperienced in this area (including document management s/w, SANS, etc.)
You could stop watching the show. It's not an entitlement.
There are other businesses to support with your attention. That's my point. But breaking the US law (no matter how unfair the law is, and assuming you're in the US) shouldn't be the alternative. It isn't working. It's not a form of civil disobedience that seems to have the effect we need in order to call attention to unfair/unjust law.
Aside from the poor analogy - another problem comes up: When there are people who intentionally leave access points open for anyone to use, how do you distinguish them from access points that are unintentionally left open for anyone to use? It is impractical to query every Access Point owner of their intention (especially when you cannot locate the access point) and it is very compelling to make use of the open access point. In this case, I would say that the compulsion to use the access point overrides the belief that it is ethical to err on the side of cautious belief that the owner would not want you to use the access point.
So the law exists, and that is unfortunate but is reality - and the ambiguity exists, also unfortuate reality. And lastly, the reality that security by decree is a dangerous illusion - which, in my mind, justifies a belief that we should encourage lawmakers to avoid legislating such punative statutes and instead put the responsibility on society to learn to secure access points. The criminals who seek to exploit others will not be observant of laws, but effective access controls will make compliance with the law unnecessary.
Whether it is ethical to use the bandwidth, or whether the law is productive for society or not, the real crime is ignorance - on the part of the accused.
We all know a myriad of ways to use willing wireless network appliances to signal our ideas and the ideas of others (or patterns of bits, or the motion of electromagnetic fields, or whatever realistic description of what you're actually doing by interacting with a wireless networking device - not consuming someone's water or walking into their house - both of which are unrelated and inappropriate scenarios to compare the act of communication with.)
We also know a myriad of ways to do this at a distance, without detection, and without drawing undue attention to ourselves. And that is fine, and well, and good, and righteous - for it is never a crime, or a sin, or an immoral act, to know how to do something.
The gentleman arrested for "theft" or "unlawful access" or whatever they'll settle this as is guilty of ignorance. It is unlikely he was aware that a statute on the books prohibited operating his computer in this manner - a manner which consumes nothing but electromotive force and the materials used to invoke that force. The imposition of arbitrary or calculated "quotas" on service consumption is an arrangement entered by the owner of the networking device, and probably ill considered when paired with the promiscuously behaving software that runs inside of it, allowing anyone who to manipulate the bits in the *standard, accepted, and published method of signaling in response to an advertisement of service availability known as the SSID and beacon*.
The second act of ignorance, other than ignorance of the statute (which is assumed in this case, but only partially used to justify this point,) is the ignorance of practice which would have placed him outside the attention of both law enforcement and the equipment owner. This would involve, but is not limited to, sitting out of the range of attention of the owner, sitting on his own property in range of the owner, using an arbitrary Media Access Control (MAC) address which would not uniquely identify his machine after a reboot, or using an antenna which would make it impractical to locate his computer in a neighborhood of many computers where triangulation of the signal would require more resources than are justified by the contrived "damages" of the so-called "crime."
I say that his crime is of ignorance, because had he been informed of the statute and the methods above he would have been able to continue communicating with other computers or individuals without being persecuted for his actions - which do not appear on their face to harm society or another individual.
The point in making this lengthy post is to stake a flag of reason in a sea of irrational thought. The analogy that communicating through a network is a form of "theft" is irrational and does not on its face make sense. If there is a resource constraint due to the implementation of the technology or the imposition of an artificial resource "quota," than the unfortunate act of leaving the access point in a promiscuous state is the liability of the owner, not of those who may use the access device to communicate patterns of grouped binary values with others.
It is further complicated by the belief that one can "trespass" on any device that is capable of automated signaling, doubly so if that device is capable of signaling wirelessly, and at a distance which might permit such signaling to take place from your own fixed property. Indeed, if I am able to, as I am now, lie in my own bed, in my rented apartment, and yet have the ability to cause to be signaled a pattern of binary values from my personal computer to a network device that I do not own and that does not exist on my own property, then I must assume - from a sound mind and rational position - that this is both harmless to society and to the individual who, through action or inaction, makes this service available to be signaled. That it is construe
After considering this for a bit, I believe it is a good idea. I'm all for anything that enables the hacking class to more easily assume control of the non-hacking class.
Think about it. Do you really, really want to trust your life to incompetent IT administrators?
Did you see "The Net?" Seemed implausible at the time. Less so today.
Consider the impact of perfect memory and omniscience of a select group of individuals over everyone's movements within a city or region. *That* is new. And *that* is subject to abuse or incompetence.
You don't have anything to hide today, but you might have something to hide tomorrow.
I live in NYC, Manhattan specifically - midtown west.
And there is one thing that they fail to calculate - that living in Manhattan, NY is nothing like living in Manhattan, KS or virtually anywhere else in the USA.
Consequently, you pay dearly, but it's worth every penny.
Perhaps he was busy doing schoolwork, living a life, or otherwise busy. This simply isn't a major issue for him, and shouldn't be for anyone in his position. It really isn't a critical component, and he has no obligations or deadlines.
CCA is one tool in a toolbox that a competent IT department would employ to protect a network. Its compromise should not by itself lead to a less "safe" network, which isn't really a good use of "safe," but rather a less predictable population of networked clients. The risk posture will change, but the network will not become "wide open" as a result of failure. What will happen is that a population of computers that represent themselves as presenting a level of protection may not actually live up to that claim. If they don't, in theory, the network access devices would not have admitted them to the network, and perhaps that is where the real issue is.
If the school's policies demand that attached clients present credentials that claim their computers meet minimum requirements for admission to the network, and this student faked the credentials for one reason or another, he may be in the wrong with regard to their policy. Violation of policy itself is the reason for suspension, possibly along the same lines as academic integrity. I don't agree with that stance since I do not equate the university networks as important as academic integrity -- university residence networks are often subject to bizarre and experimental traffic which may saturate available bandwidth -- and they should be engineered to cope with that, not to stifle students with security policy. "Policy" is what corporations use to balance a reasonable cost of protection (personnel, equipment, software,) against the needs of the business to consume IT resources in a manner which may risk the stability of those resources. In a college, where students are learning the consequences of their actions - the consequences should not be the result of a violation of "Policy" but rather the primary consequences of their actions, with regard to computer resources. A computer network is not the equivalent of academic fraud or risking one's own life or the lives of others. It is a collection of devices which forms a semi-shared utility, and one that now has effective and robust mechanisms for maintaining availability despite unreasonable loads.
Therefore, while I believe the student did nothing technically wrong, he is probably viewed as acting dishonestly with regard to the published policy. I don't agree with that policy, but I don't believe the IT community should be looking at him askance because he exploited a weakness in one component of the university's network. This knee-jerk reaction is all too common and damages our overall security by reinforcing the idea that those who threaten the network will be discouraged by the threat of retribution rather than a network which does not fail under attack.
Focus your energy on making resilient networks, not on damaging smart kids.
Just a thought on the "surprising that anyone seriously doing forensics..." part - if the interface costs 5-15k, it's probably not in the hands of the smaller businesses that cranked up the forensics market. Perhaps you have a first-mover advantage in the forensic software business here?;) I'll invest $500 if I can save $4500.
This is the second post I've seen on the Internet denouncing her work as "lousy research." I have yet to see a reason to consider it "lousy."
Can you point out a reason why it would NOT work today? And what mechanisms are in place today to ensure that this trickery does not occur?
Either rebut the core argument, that hardware-based memory retrieval is subject to manipulation by malware, or join a discourse. But to dismiss out of hand has no merit. Whether the mechanisms for remapping I/O space are legitimate or not isn't in question. The question is whether we have a legitimate hole in our use of RAM dumps as forensic evidence.
Well, I *do* happen to live in your town, and if you want to meet up at Stout for a beer or perhaps something on the East side of Manhattan, drop me a line. I'm buying.
If you RTFA, and then RTFA the article from which the Newsforge article is derived, you'll find that the source is beyond biased - the news they post makes Fox look "fair and balanced," which I don't believe Fox is.
Newsforge, please allow John Dvorak to do his job. Riling up the geeks is easy to do, but the market isn't that big and John needs to make his paycheck. If John hasn't spouted off about how OLPC will do nothing for the developing world, you can expect him to do so.
$970 for a laptop. That is one hell of a total cost of ownership (TCO) argument. The number is preposterous, and in my experience, most total cost of ownership arguments are bunk because the cost estimates are so inaccurate as to be useless.
Slashdot Mirror
Not by much, if at all.
Yeah, because racial discrimination is so much the same thing as not being allowed to be a glasshole in someone's business.
I understand that you didn't see the original point, so let me restate it in terms more favorable to understanding:
1. The "douchenozzle" who runs the establishment as if it is a private space, is probably misinformed.
2. The diner is a public space by virtue of the following, as EXEMPLIFIED by legal justifications on smoking in restaurants, and legal prohibitions of discrimination against customers based on race. "Public" spaces do not afford an "expectation of privacy," therefore "glassholes" should be able to photograph within because other patrons in this public space should not expect to have privacy.
3. I hope "Whiny Nick," despite being laughed at by the Internet, feels better for having drawn attention to his unfortunate experience, and it sounds as if the "douchenozzle" owner, while hopefully cleaning up after himself, will have clarified the policy in such a way that future Google Glass users will be informed before experiencing the unpleasantness of being confronted and ejected from a restaurant on the basis of technology they do not like.
Thanks for the lively discussion.
Sure you can be a whiny douchenozzle all you want. The rest of the Internet will simply laugh at you.
Unlike you, apparently, I won't mind if the Internet laughs at me, or thinks I mismatched my clothes, or that my haircut isn't very good. But I will feel better for having expressed my righteous indignation at being kicked out of a restaurant (and their lost revenue,) over such a silly and juvenile reason.
Not by much, if at all. We're talking about this in as of a "right to privacy," and there is no such right in a public place, and a restaurant is considered a public, not private, place, even though it is a private business -- as established by these protected class statutes as well as health-related statutes.
And I can be angry about it, justifiably I think considering I wasn't informed beforehand.
https://yourlogicalfallacyis.com/no-true-scotsman
Only a complete moron?
See my response to AC regarding restaurants as public spaces. Another corollary might be restaurants being unable to discriminate based on race. That's why some "clubs" exist to skirt public regulations by imposing membership requirements. It is also clear to a random passer-by that an establishment is access-restricted. That is not the case with this diner.
A restaurant is not a public place. They can ask anyone to leave for any reason they so choose. Wearing Google Glass inside is no more a right than bringing in food from outside is a right.
This asshole would not have been embarrassed if he didn't act like an asshole. He was quietly and politely asked to take it off, at which point he threw a tantrum. This is not socially acceptable behavior, and he deserves every ounce of humiliation he's now getting. Maybe he won't act like a complete asshole next time, and will instead either take it off or quietly leave and never frequent the establishment again. His rights were not violated. Only a complete moron thinks that they have the right to bring anything they desire into a private establishment. Fucking entitled little bastard.
I disagree, they are public spaces.
See this article regarding justification for smoking bans: http://trib.com/news/opinion/blogs/byer/why-restaurants-and-bars-are-public-places/article_ae80681f-3098-5b53-be02-ebb145b95b8b.html
and also misinformed about the right to privacy in the USA (which doesn't afford anyone in public the right not to be photographed.)
Restaurants are private property, not public space. Public vs private refers to the who owns the place, not how many people happen to be around you.
Augmented reality applications would be disabled by the lack of a camera. Is that worth it?
and also misinformed about the right to privacy in the USA (which doesn't afford anyone in public the right not to be photographed.) Some advocate belligerent behavior in response to Google Glass users, in a very Luddite-esque manner. And so many people so self-conscious of being recorded in some manner that they feel their rights extend over the top of the rights of others. Oh, the outrage, the fear, and the insults hurled at the new nerds.
Society's 'norms' once demanded signs that set an expectation of dress for patrons at restaurants, apparently. But wearing a camera on your head isn't as obviously antisocial as some claim (particularly on The Verge comments, but probably elsewhere, even with my social circle,) and if it's so egregious a violation of the decorum of a *diner* (no jacket required,) then it demands to be spelled out with as much clarity as a New York City letter grade so potential patrons can make a decision before they're inconvenienced, rejected, and embarrassed.
Finally, what is this overwhelming panic people feel about being recorded by others? Do they fear being made fun of on social networks? Do they really associate with people who might? And do they care about those around them who may? Few of us are so interesting or important, and those who are likely have obnoxious and obvious people photographing them often.
My right to use Google Glass (if I had such,) or a mobile phone, or a GoPro camera, or whatever may come is not an infringement of your right to be free of recording (for you have none outside your home,) nor is it terribly bright of you to denigrate them or their new toys when you'll likely enjoy something similar once they become openly sold and include some absolutely desirable software that happens to depend on the camera.
Nick was entitled to an respond in anger when he was confronted after being allowed in the restaurant, without a clue that he'd be embarrassed and rejected for something that few could reasonably anticipate. Respect for the customer begins at the front door.
When you travel with your laptop to a public wireless access point, and you probably do - it's visible to attackers. How do you address the dichotomy that you're uncomfortable with your home network being visible to attackers if you're comfortable traveling to public access points?
Sounds good until you're the one at risk of being shot by a trigger-happy psychopath under protection of the US Government. I don't think any of us are concerned about answering a nastygram about some contrived DMCA violation. We're concerned about having our homes invaded because someone thought it was a good idea to attack non-violent crimes with violent reactions in the USA.
in case you need a refresher: http://www.npr.org/templates/story/story.php?storyId=135680995
Our ancestors had a less ambiguous case of right and wrong to rally around. Here the waters are clouded by crimes many or most of us generally want to fight, but we don't agree with the methods used to fight them. It's a lot more difficult to rally around my right to leave an open access point in my house without fear of being shot by the police than it is to rally around one's right to equality or relief from a distant oppressive government.
Well put. I'm impressed.
I think many of us are overwhelmed by the general idea that law enforcement is abusing the general public out of malice of incompetence, and as a result we become hooked on each one of these incidents as examples of a dangerous slide into a police state.
There's more to the story of law enforcement relating to the public, and it would be good to have or participate in a discourse on some of the root causes and hack out solutions to them.
Trust is a foundation of governance, as you point out. The system, and it's administrators, will work to maintain that trust. In places where the trust breaks down, and I think we have examples of that globally, the populace is subject to great chaos and uncertainty.
I don't think we can have that sort of discourse here, in this forum, and perhaps it's appropriate to have it at a very localized level in a community, but as hackers, geeks, and intelligent people - we can do something about this.
Other than the Post's general issues with content, how is the article wrong?
(Please post citations and sources for your conclusion.)
Note that the article quotes GoDaddy's general counsel as saying "We decided we didn't want to be agents of China."
Standing offer remains - I'll buy you a beer if you're available in Manhattan anytime. Also, standing offer for technical services. You need computer help, you contact me, I supported a number of other law offices in the past, so I'm not inexperienced in this area (including document management s/w, SANS, etc.)
W
Keep it up guys. This is the best debate I've seen in ages!
W
You could stop watching the show. It's not an entitlement.
There are other businesses to support with your attention. That's my point. But breaking the US law (no matter how unfair the law is, and assuming you're in the US) shouldn't be the alternative. It isn't working. It's not a form of civil disobedience that seems to have the effect we need in order to call attention to unfair/unjust law.
W
Aside from the poor analogy - another problem comes up: When there are people who intentionally leave access points open for anyone to use, how do you distinguish them from access points that are unintentionally left open for anyone to use? It is impractical to query every Access Point owner of their intention (especially when you cannot locate the access point) and it is very compelling to make use of the open access point. In this case, I would say that the compulsion to use the access point overrides the belief that it is ethical to err on the side of cautious belief that the owner would not want you to use the access point.
So the law exists, and that is unfortunate but is reality - and the ambiguity exists, also unfortuate reality. And lastly, the reality that security by decree is a dangerous illusion - which, in my mind, justifies a belief that we should encourage lawmakers to avoid legislating such punative statutes and instead put the responsibility on society to learn to secure access points. The criminals who seek to exploit others will not be observant of laws, but effective access controls will make compliance with the law unnecessary.
Whether it is ethical to use the bandwidth, or whether the law is productive for society or not, the real crime is ignorance - on the part of the accused.
We all know a myriad of ways to use willing wireless network appliances to signal our ideas and the ideas of others (or patterns of bits, or the motion of electromagnetic fields, or whatever realistic description of what you're actually doing by interacting with a wireless networking device - not consuming someone's water or walking into their house - both of which are unrelated and inappropriate scenarios to compare the act of communication with.)
We also know a myriad of ways to do this at a distance, without detection, and without drawing undue attention to ourselves. And that is fine, and well, and good, and righteous - for it is never a crime, or a sin, or an immoral act, to know how to do something.
The gentleman arrested for "theft" or "unlawful access" or whatever they'll settle this as is guilty of ignorance. It is unlikely he was aware that a statute on the books prohibited operating his computer in this manner - a manner which consumes nothing but electromotive force and the materials used to invoke that force. The imposition of arbitrary or calculated "quotas" on service consumption is an arrangement entered by the owner of the networking device, and probably ill considered when paired with the promiscuously behaving software that runs inside of it, allowing anyone who to manipulate the bits in the *standard, accepted, and published method of signaling in response to an advertisement of service availability known as the SSID and beacon*.
The second act of ignorance, other than ignorance of the statute (which is assumed in this case, but only partially used to justify this point,) is the ignorance of practice which would have placed him outside the attention of both law enforcement and the equipment owner. This would involve, but is not limited to, sitting out of the range of attention of the owner, sitting on his own property in range of the owner, using an arbitrary Media Access Control (MAC) address which would not uniquely identify his machine after a reboot, or using an antenna which would make it impractical to locate his computer in a neighborhood of many computers where triangulation of the signal would require more resources than are justified by the contrived "damages" of the so-called "crime."
I say that his crime is of ignorance, because had he been informed of the statute and the methods above he would have been able to continue communicating with other computers or individuals without being persecuted for his actions - which do not appear on their face to harm society or another individual.
The point in making this lengthy post is to stake a flag of reason in a sea of irrational thought. The analogy that communicating through a network is a form of "theft" is irrational and does not on its face make sense. If there is a resource constraint due to the implementation of the technology or the imposition of an artificial resource "quota," than the unfortunate act of leaving the access point in a promiscuous state is the liability of the owner, not of those who may use the access device to communicate patterns of grouped binary values with others.
It is further complicated by the belief that one can "trespass" on any device that is capable of automated signaling, doubly so if that device is capable of signaling wirelessly, and at a distance which might permit such signaling to take place from your own fixed property. Indeed, if I am able to, as I am now, lie in my own bed, in my rented apartment, and yet have the ability to cause to be signaled a pattern of binary values from my personal computer to a network device that I do not own and that does not exist on my own property, then I must assume - from a sound mind and rational position - that this is both harmless to society and to the individual who, through action or inaction, makes this service available to be signaled. That it is construe
After considering this for a bit, I believe it is a good idea. I'm all for anything that enables the hacking class to more easily assume control of the non-hacking class.
Think about it. Do you really, really want to trust your life to incompetent IT administrators?
Did you see "The Net?" Seemed implausible at the time. Less so today.
Bill
Consider the impact of perfect memory and omniscience of a select group of individuals over everyone's movements within a city or region. *That* is new. And *that* is subject to abuse or incompetence.
You don't have anything to hide today, but you might have something to hide tomorrow.
W
I live in NYC, Manhattan specifically - midtown west.
And there is one thing that they fail to calculate - that living in Manhattan, NY is nothing like living in Manhattan, KS or virtually anywhere else in the USA.
Consequently, you pay dearly, but it's worth every penny.
W
Perhaps he was busy doing schoolwork, living a life, or otherwise busy. This simply isn't a major issue for him, and shouldn't be for anyone in his position. It really isn't a critical component, and he has no obligations or deadlines.
CCA is one tool in a toolbox that a competent IT department would employ to protect a network. Its compromise should not by itself lead to a less "safe" network, which isn't really a good use of "safe," but rather a less predictable population of networked clients. The risk posture will change, but the network will not become "wide open" as a result of failure. What will happen is that a population of computers that represent themselves as presenting a level of protection may not actually live up to that claim. If they don't, in theory, the network access devices would not have admitted them to the network, and perhaps that is where the real issue is.
If the school's policies demand that attached clients present credentials that claim their computers meet minimum requirements for admission to the network, and this student faked the credentials for one reason or another, he may be in the wrong with regard to their policy. Violation of policy itself is the reason for suspension, possibly along the same lines as academic integrity. I don't agree with that stance since I do not equate the university networks as important as academic integrity -- university residence networks are often subject to bizarre and experimental traffic which may saturate available bandwidth -- and they should be engineered to cope with that, not to stifle students with security policy. "Policy" is what corporations use to balance a reasonable cost of protection (personnel, equipment, software,) against the needs of the business to consume IT resources in a manner which may risk the stability of those resources. In a college, where students are learning the consequences of their actions - the consequences should not be the result of a violation of "Policy" but rather the primary consequences of their actions, with regard to computer resources. A computer network is not the equivalent of academic fraud or risking one's own life or the lives of others. It is a collection of devices which forms a semi-shared utility, and one that now has effective and robust mechanisms for maintaining availability despite unreasonable loads.
Therefore, while I believe the student did nothing technically wrong, he is probably viewed as acting dishonestly with regard to the published policy. I don't agree with that policy, but I don't believe the IT community should be looking at him askance because he exploited a weakness in one component of the university's network. This knee-jerk reaction is all too common and damages our overall security by reinforcing the idea that those who threaten the network will be discouraged by the threat of retribution rather than a network which does not fail under attack.
Focus your energy on making resilient networks, not on damaging smart kids.
Just a thought on the "surprising that anyone seriously doing forensics..." part - if the interface costs 5-15k, it's probably not in the hands of the smaller businesses that cranked up the forensics market. Perhaps you have a first-mover advantage in the forensic software business here? ;) I'll invest $500 if I can save $4500.
W
This is the second post I've seen on the Internet denouncing her work as "lousy research." I have yet to see a reason to consider it "lousy."
Can you point out a reason why it would NOT work today? And what mechanisms are in place today to ensure that this trickery does not occur?
Either rebut the core argument, that hardware-based memory retrieval is subject to manipulation by malware, or join a discourse. But to dismiss out of hand has no merit. Whether the mechanisms for remapping I/O space are legitimate or not isn't in question. The question is whether we have a legitimate hole in our use of RAM dumps as forensic evidence.
Well, I *do* happen to live in your town, and if you want to meet up at Stout for a beer or perhaps something on the East side of Manhattan, drop me a line. I'm buying.
If you RTFA, and then RTFA the article from which the Newsforge article is derived, you'll find that the source is beyond biased - the news they post makes Fox look "fair and balanced," which I don't believe Fox is.
Newsforge, please allow John Dvorak to do his job. Riling up the geeks is easy to do, but the market isn't that big and John needs to make his paycheck. If John hasn't spouted off about how OLPC will do nothing for the developing world, you can expect him to do so.
$970 for a laptop. That is one hell of a total cost of ownership (TCO) argument. The number is preposterous, and in my experience, most total cost of ownership arguments are bunk because the cost estimates are so inaccurate as to be useless.
W