Anyone want to start a pool for how long before Hew ends up in U.S. custody?
This guy is stupid enough to blatantly offer warez for years, so he will probably be stupid enough to accept a "free" offer to speak at a DefCon convention next year, or be interviewed for a perfect job. I'm betting he shows the world (or just/.) how stupid he really is and gets arrested at LAX within a year.
It goes further than this, though. He'll have to stay out of any country where he might be extradited without a hearing, such as the UK, the Philippines, Japan, Canada or Mexico. He'll have to avoid all long distance air travel where his plane might have to divert to a country with a looser extradition agreement with the U.S., avoid flights with stopovers or even refeuling stops in U.S. friendly countries.
Then again, with the Aussie PM currently doing a goatse and bending over for a right reaming of Australian sovreignity with U.S. trade and military control, it could just be a matter of time before Hew can be extradited without another hearing.
Given that he is only free for as long as he never sets foot outside of NSW, its kind of a prison sentence right there:-)
you could get your FCC license...and talk to anyone else in the world with a HAM rig
That limits you to talking to another group of people with essentially no lives, HAM operators.;-)
To be honest, most HAM operators these days tend to be older, highly technical people with a strong sense of community and civic responsiblity. They mostly also have a good sense of humour about themselves (please don't hurt my karma too much:-)
Most skript kiddies just don't have much technical abilities, certainly not enough to handle antenna design, RF propagation or analog electronics. They are restricted to very limited interaction with others of their kind, with only a cheap PC running windoze or linux, and a basic internet connection. Everything attached to their computers is easily purchased, off-the-shelf consumer electronics. They are incapable of showing technical competence, because they don't have any true mentors to guide them to bigger and more constructive pursuits.
many people who choose such illegal activities...don't do a cost/benefit analysis
Most of the skript kiddies / graffiti artists / vandals / arsonists tend to be acting out of anger, rage, helplessness, fear, and no sense of belonging. They're not intellectually developed enough to do CBA, they just want to destroy things to prove they can do something, anything. Its far easier to destroy using materials at hand than to create by collecting and using new materials.
You are confusing two completely separate issues, egress filtering of IP addresses, and MAIL FROM: addresses in email.
Vixie is talking about configuring the big border routers used by ISPs at the edge of the ASes to also filter packets based on source address. There is a big problem with this, in that none of the big iron routers (Foundry, Cisco, Juniper, etc) has the circuitry in place to filter on source address. Certainly you can do this for feeble traffic levels. But the moment you switch in an ACL, the packets stop being routed by efficient ASIC packet handlers, and touch the CPU in the router. Even a small percentage of the traffic can bring a large router to its knees. All modern ASIC switching/routing circuitry looks at destination address, as well as MPLS labels and VLAN tags, but not much more.
If it ever became a market necessity to move source address filtering into the ASICs, you would see products on the market within weeks. But this will require hardware upgrades on every box, not just a simple firmware patch. Until there is a major reason to offer such technology, such as poorly thought out legislation, it will be impossible to perform egress filtering.
I have seen some responsible ISPs filter at the luser access router (ingress), where the flow of traffic is miniscule and can be CPU filtered by each box. But a Cisco AS5300 with 60 installed modems becomes unstable if you put a complex ACL in its config. There are a number of ISPs I know who are now filtering on 127.0.0.1 as a source address, to prevent damages from the blaster worm, but in doing so they are uncovering all kinds of other problems. Adding an ACL which limits traffic from each PPP session to the assigned address would bog down all the access server CPUs, and result in a huge increase of customer complaints. So most ISPs just can't do source address filtering until there is kit which can do it as efficiently as needed.
Vixie's rant mentions only peering agreements, which tend to be only minimal amounts of traffic from one AS to another. Typically, traffic crossing a peer arrangement is not going to be routed to another AS. What he really meant to say is that Transit connections need to be filtered. Transit connections are what UUNet and other big carriers provide to many hundreds of other ASes. Its this high volume traffic which needs to be filtered.
I wish there were some students around here I could trust enough to pass off all the people who want me to install a virus checker on their win98 boxes.
Get some practice with the main virus scanning tools, anti-spyware cleaners, and other basic windoze utilities. Learn how each version of windoze does things like dial-up, and how the local cable or ADSL provider like user machines to be set up. Then print up some nice flyers and go around to all the computer stores in town and ask them if they'll promote your "summer job" business of doing all the crap work helping (l)users set up their systems and get on the internet.
Draw up a list of jobs you will do, a time estimate for each one, and the price you will charge for each job. Something like installing Norton Anti-Virus should take about an hour, and you should charge something around US$10 or $15. Installing a free firewall, with basic configuration should cost $10. Helping with an ADSL installation maybe $20.
Make sure you are up front that the person with the machine is going to be buying the software, like a commercial virus checker, and your fee will be on top of that. Add $5 if you are the one to run to the store and buy the software for them. Don't get tempted to try pirating commercial software, enough people will then be wary of you, and the recommendations will fall off. Make sure you explain how some of the software is free for personal use, like AdAware and ZoneAlarm, but some effective virus scanners cost $40 or $90.
Have your own collection of freeware utilities, on both a USB key and a CD, and maybe even a floppy with necessary drivers. You would be surprised how many old machines are out there still running win98 or NT, and don't have USB ports or a working CD drive. The owners don't care, since they have 33.6k dialup, AOL, and Word97. They don't really need much else, but the trojans and email virii are hurting their systems and they need somebody cheap to help them out, and the computer shops tend to want to charge large amounts per hour for basic installations.
By the end of the summer, you will have learned you never want to work in technical support again, and you will probably blow your hard earned cash on a high powered rifle and a case of hunting ammo.
The 419 scams were cracked down on in the Netherlands recently, sending the scammers mostly to Madrid and Barcelona. Its a whole community, the majority are no longer Nigerians, but a mix of eastern europeans and west africans. The africans work the front end of the scams, pulling in leads. The eastern europeans work the back end, setting up banking accounts, credit card processing scams, laundering the money and the like.
There are a bunch of network operators tracking the technical guys, who buy up space in Colo's to house their scam sites and ADSL connections for the apartments where the scammers operate from. Mostly they use hijacked machines spread all around the internet for their relay points and temporary (30-90 minutes) websites, but those tend to be controlled from a few central servers. These are scary people to deal with, the Albanians have a nasty reputation of just killing anyone who might cross them. We were warned repeatedly by the police to not confront them, but take notes and let the police deal with it. There are dozens of unsolved murders blamed on the Albanians, including some from the 419 scam gangs.
In the Benelux area, we're glad the police finally did their job, even though the investigation took more than a year. Now its the poor Spanish police's turn, and the scammers know they don't have an effective high-tech group. So expect the 419 scams to continue to grow.
Still, Clueleyless is right about most spam coming from US sources, despite their using hijacked machines all around the world. I haven't seen a spam recently that didn't have a US oriented payment method, US phone number, US mailing address. Its American spammers targeting American victims, and American law enforcement is afraid to do anything about it. I can't remember the last time, if ever, I saw a French, Spanish, Portuguese, or Dutch language spam. Or one in Euros.
Reply or moderate? Well, since shyster's post is already at +5, here I go...
My first reaction was that he has somehow managed to install RRAS. Its astonishing how many people have shit installed on their boxes they don't know how or when were installed.
A quick nmap of a default install win2k box shows only a handful of open ports: 135, 445, 1025, 1026. Turning on netBios over IP also opens ports 137, 138, 139. Beyond that, ports only get opened up by enabling or installing other software. RRAS will open up various ports, depending on which options you configure: 1723(pptp), 1701(l2tp), 520(rip) and if you configure OSPF or RIPv2, appropriate multicast addresses will appear. Installing Access, which installs ODBC/MSSQL, opens up port 1434, which unpatched allows the slammer worm to propagate.
Every network aware product you install on 'doze may leave ports open. Any moderately experienced system admin knows this, so if the OP wasn't able to get a response, that is because he didn't truly ask anyone knowlegable.
The OP was a troll, but this is/., where a good troll can always get a story posted.
I mentioned this to one of Monti's Minnions (the EU competition commissioner) over a drink one evening. In Brussels, alas, it is often what is said over a pint after work that carries more weight than a dozen daytime meetings, but not always. His response was that such an idea seeing the light of day would be shot down immediately, fought with such vigor that the FT would have its pages full for years.
Apparently a quite similar proposal was the first, and most obvious one, put forth at the beginning of Monti's defence of EU consumers. It even included clauses covering leasing companies and outsourced IT management companies like IBM Services and Cap Gemini. M$ rallied all of its captured companies to decry such a move, and it was quickly shelved. But privately, over beers after work, several reps from large PC retailers (Dell, Gateway, Vobis) agreed that having such a ban, even for a couple of years, would free them from the expense of the M$ tax.
Allowing any OS except M$ to be pre-installed would open up the door to several new linux distributions like Lindows, as well as real OSes like BeOS, and Slowlartis x86. Even a ban of a couple years would shake up the market, inform consumers about the true cost of M$, and create whole new markets for post-sales installation and tune-up.
Given the obvious benefits of such an idea, it was doomed to wither and die in cold, hard reality which is Brussels.
My guess, this is some of the source released to academic institutions for study. Lots of universities have access to a small portion of the windows source code, for use in various computer labs, and to create interoperable code. It comes on a single CD, and is not difficult to obtain.
I've studied one small section of M$'s source code, a single network module appearing in both NT4 and NT5.0, under NDA of course. I don't see it here. There are a lot of things I don't see here, and I'm still going through the tree. There are some things here that are clearly part of windoze, such as the source to regedit.
Some other things that make me suspicious this isn't all the source code: 1) lots of 0 length files, could all those.eml files be links to the original file? 2) the win2k source just happens to total 658MBytes, about the size of a CD 3) there are a number of 0 length files of people's names with the letters CV next to them. cv - vered mazafi.eml, ronen-cv.eml 4) all through the file listing are repeats of.eml files, like tcp-ip tutorial.eml. Would there really need to be a tutorial like this spread everywhere?
I think this is just a student prank, being trolled out of proportion. It's not just/. doing the trolling, this will probably hit the major news outlets tomorrow. No doubt, they will only quote the most pandering media whores around, to sensationalise the story. Any bets several major stories will point to/. as a culprit, or as a den of criminal hackers?
the AC I can't believe I'm admitting to extensive knowlege of windoze on/.
There are a number of reasons why I'm not renewing my CCIE. The biggest one is that with more than 30 years of experience, its pretty obvious to clients that I know my cisco. I'm known to all the carriers and ISPs in my area.
The only calls I've received in the last year were from recruiters looking for "free and clear" CCIEs who can go to work for a cisco partner. Never anything spectacular, they just need to keep 3 or 5 CCIEs on the payroll to keep their tier 2 or tier 1 status. Then I talked with one recruiter, who told me he received over 50 CVs from CCIEs in response to an ad he put on jobserve. Not all of them had not worked for a cisco partner in the last year, but he maybe had 20 to choose from. That was depressing in itself, it shows how many are out of work right now. The pay offered for London was pretty miserable considering how expensive the centre is. There was also cisco partners in the north and midlands of England, but I wouldn't want to move there just for a job.
I've found that many companies no longer care about certs, they want a specific skill, on a specific version of software on a specific platform. Any slight variation, and they aren't interested, since there are 200 more candidates to look at. I've gone back to consulting, where I sell my experience and ability to pick up on any technology rapidly. Consulting jobs are scarce right now, but its paying the mortgage.
Lastly, I would have to set up a study lab again, and spend a week or two reviewing all the new things on the exam, like MPLS and Multicast. I just don't see the point, all it does is get me invitations to Networkers.
I'm not worried about offshoring, most of those jobs are closer to entry level rather than retirement. But if I didn't have a university degree, I'd be in serious difficulty right now. The degree counts for much, much more than certs.
Firstly, congratulations on wanting to go with a real degree before jumping into the networking field. Its the way to go if you want to have any future beyond "button pushing lackey". Your entry level CCNA job has already been shipped to India, shoot higher.
There may not be a specific "Network Engineer" degree at all universities, what you want is to study Electical Engineering, add in some Mathematics (queue theory, statistics), and top it off with Physics (optics, particle physics). All of these elements are required to actually understand what is going on with networks. Specific topics to concentrate on include circuit design, transmission lines, antennas, material science, compiler design, signal processing, queue theory, and statistics, lots of statistics.
If you want to be the guy who actually writes new RFCs to be used by everybody else, gets hired by companies like Cisco to create new routers or protocols, and be the chief designer on world spanning networks, ignore the certificates for now. Concentrate on getting the background information necessary to understand all the aspects of network design, like speed of light limitations, electrical characteristics of transmission lines, radio circuits and complex mathematics. Picking up a cisco certificate will then take a week of your time when you are ready to join the workforce, and you'll know not just the HOW, but the WHY.
There are a ton of CCIEs on the market today, those without university degrees are flipping burgers or repairing PCs. The interesting work, such as creating optical switches or ultra efficient routers, can only be done by people with advanced degrees. The cert holders sit in the NOC at 3 AM, working their way through a never ending stream of trouble tickets, wishing they had a real degree to get a real job.
That said, from my experiences with US university grads, I'd recommend UC Berkeley, Purdue, CalTech, or UoWashington.
the AC who just let his CCIE expire, because its worthless in todays job market
I used to use gopher quite a bit in 1991-1993. By 1994, gopher use had almost ended, replaced by http. I didn't touch gopher again until a specific problem came up in late 1997. I haven't used it since then until tonight (and I'm having a great time poking around, the mozilla gopher client still works).
What I don't understand is why your sniversity is getting rid of UseNet. Dejagoogle might be ok for archival searches, but there is certainly a place for newsgroups in an academic setting. Slashdot and kuro5hin are about the closest web apps have come to duplicating the community feeling of UseNet, and that is not saying much. I spend a couple hours per week catching up on a wide variety of news in about 12 newsgroups. Without that quick update, I'd soon feel very left behind in my field. There is no place on the web where you can ask very technical questions, and have a good chance some technical expert has seen your problem before and can help solve your problem. UseNet is invaluable for people who have real jobs requiring lots of additional information.
Will your sniversity be a leader in trashing soon-to-be-obsolete protocols and block port 80 at the firewall next year? Or will they just make the logical next step and eliminate internet access, telephones, and all electrical appliances?
DMSO is good for disolving female hormone treatments. Grind up estrogen tablets (the first week of birth control pills), add a small amount of alcohol, then mix with DMSO.
For delivery, this can be disolved in a cup of cold water by adding a drop of dish washing detergent (DMSO is an oil). Dump this mix on the victim, where the estrogen/DMSO mix would soak the clothing and remain in contact with the skin for a prolonged period of time. This would result in a small but effective amount of estrogen reaching the bloodstream.
Estrogen poisoning of a large, testosterone filled guy, in this example weighing 240 lbs, would cause all kinds of medical problems for a period of months. Voice change, loss of sexual function, enlarged nipple erectile tissue and enlarging of the fatty deposits in the breasts, hair loss, persistent diarrhea, headaches, and vision problems.
That I am conversant with such a procedure and the resultant effects is a good reason why you should not fuck with my mail servers.
I think you have just found/.'s replacement for goatse.
Another thing I'm going to have to be careful of from now on. I'm off to wash my eyeballs.
the AC
Re:Well actually...
on
SCO Offline
·
· Score: 5, Informative
Not yet. I just checked all 4 of their name servers:
AUTHORITY SECTION: sco.com. 6H IN NS ns.calderasystems.com. sco.com. 6H IN NS ns2.calderasystems.com. sco.com. 6H IN NS nsca.sco.com. sco.com. 6H IN NS c7ns1.center7.com.
and all of them return www.sco.com. 1M IN A 216.250.128.12
So their name servers are still up and running, and pointing to a valid address. Reasonably, they have a 1 minute TTL, which will give them a quick response if they do decide to point it at 127.0.0.1 or 66.35.250.150.
the AC
the slashdot crud filter doesn't like double semi-colons in posts
The original version of the worm had a bug that didn't perform any DDoS of SCO. After having bugs in the code pointed out to them by the ever willing Open Source Community and the Security Research Community, the authors of the worm have helpfully provided several updates that do actually perform the DDoS against both SCO and M$.
Apparently, the code does not perform a complete TCP handshake before trying again. It doesn't wait around for the first TCP SYN+ACK packet, it sends a TCP SYN packet every second. If, by chance, the SCO address responds with a SYN+ACK packet, then the worm sends the initial GET / HTTP/1.1\r\nHost: www.sco.com\r\n\r\n. Its difficult to tell from the decompiles if it even bothers to close the connection, or just abndons the local TCP stack to deal with closing the connection at some later time. In an internet simulator testbed, not providing SYN+ACK packets back to a worm infected microsoft machine, the TCP stack stops sending unbalanced SYN packets after 63 attempts. As a friend helpfully pointed out, you can increase this number by changing a registry setting in windoze.
I personally don't think the current management of SCO cares about their website, they certainly don't have any revenue producing features that need to be maintained. Most SCO clients rarely go to the SCO site for anything, since most maintenance is done by intermediaries like IBM Services Group, which have their own internal distribution of support and patches.
I have a few copies on my Solaris box. They aren't doing much, so I'm working on a port.
I've gotten the DDoS bits working, but the rest of the code will have to wait for when I have more time. I'll have to get what I have out to all my servers on big, fat pipes, so the performance is better than behind my little E1 connection.
the AC I had a lot more fun today with DuMaru.Y infected machines. fsckers!
The battle to get your current IP/netblock removed from blacklists will be long, difficult, and in the end, futile.
You need to realize your only choice is to find another ISP/Colo. Avoid choosing known spam friendly colos like rackspace, and get your machine moved. It doesn't take too much effort cruising through NANAE archives and some googling to discover if an ISP is mostly blocked or relatively well respected.
That said, if you do move to a respected section of the internet, then by all means make sure your box is completely locked down. Hire a security consultant if you don't understand all the things you have to check out before putting the box into production in the new place. Since your machine was once a spam host, that tarnish will stay with it until you can prove to the network admins of the world that you are a resposible sysadmin.
When you get your satellite connection set up, put your home server on it and post the link to the front page of/. For extra added incentive, link to photos of Nathalie Portman or your wife. If we don't knock the bird out of the sky, you'll know what kind of bandwidth you can sustain:-)
In a slightly more serious vein, and back to the original topic, have you done some googling for T1 connectivity in Ann Arbor? From looking at some networking maps, there is a ton of excess capacity running through Ann Arbor, the UoM has a number of OC48 links to internet-2, there must have been excess capacity pulled through the city which some local ISPs have leased. A T1, if it doesn't cross a LATA boundary, is supposed to be dirt cheap in the U.S.
For someone like you, with two hardcore geeks in the house, a permanently on T1 connection to an ISP with an almost-everyting-permitted AUP would probably not cost much more than the satellite connection. A/28 or/27 block of permanent IP addresses, maybe even IPv6, and you'll never be able to go back to dialup again. After a few months of paying US$150-$250/month, you'll justify it as a necessary luxury expense.
In some countries, old-style HR droids expect all CVs to have a current photo attached. France is one of the worst offenders of this outdated practice, but I've seen it all over Europe and the far east.
I've worked in a few places where the HR people started by throwing out all the CVs which didn't have a photo and a block of personal information (age, marital status, children, hometown, primary school, hobbies). Then they sort the photos for good looking people. After they have a small pile of applicants who will look good in the hallways and the cafeteria, then they start looking at qualifications. I've sat in a droids office while she did this, and pointed out repeatedly to her and her boss that we really needed to find a specific engineering talent, and we couldn't care less what they looked like. I was overridden because the local HR policy forbid hiring a candidate if they couldn't make a visual pre-judgement. Someone later pointed out to me, it was obvious in hindsight, there wasn't one blonde person or short person in the company, since the two HR women preferred tall, dark haired men.
I've seen worse. At the European HQ of a large american company, I was asked for handwriting samples for a graphology report, my exact birthplace and time for a horoscope, and then the HR woman did a phrenology exam of my skull. I received a formal written apology from the head of HR in the states after I wrote up a fairly humourous rant about the process which made the rounds of some of their internal mailing lists. By the time the apology and job offer came in, I already had another job.
Years ago a makeup artist friend gave me a whole makeover, and then took my photo wearing a suit and tie. The good looking chap in the photo bears only a slight resemblance to me. I actually used it on a few CVs when I decided I wanted a career track again, which is what led to the interview with the big american company. Ever since, I've left my CV without a photo, and maintain a blacklist of companies who still require either a photo or a handwriting sample before being considered for a job.
These days, all my work comes from contacts, and I don't need to send out CVs any more. Networking is far more important to getting the first contact behind the HR filter than trying the usual way of adding your CV to the huge pile they already have. But having a spiff looking CV for the interviews is absolutely essential, because they will be reading it during the times you are not in their presence, and the CV has to be selling you when you can't be there personally to do it.
And a good one at that. More than 40 responses as people go off on Krog's wild goose chase. That deserves declaring Krog as either a foe or a friend, hard to decide.
Probably just a list of pingable addresses generated by nmap -iR 532 -sP. Too many of these addresses are outside the U.S., and too many of them seem to be resolving to hosts that are easily tracked down without needing to go through an ISP. mail.samaritanbethany.com? Come on, that one doesn't require a subpoena, just a whois lookup or a visit to their site. Its a retirement home in Rochester Minn. If the RIAA were going after them, they wouldn't waste their time with Verizon in NY when the provider is Qworst.
Has anyone else seen a copy of the lawsuit yet? It may show up on some court's website tomorrow, but there isn't a copy of the suit on the RIAA's site. I have written to the press contacts at the RIAA asking for a copy of the lawsuit, but I haven't yet received a response.
However, I *really* worry that the information could be subpoenad[sic]
If you are working in a security environment, there must be a written security policy guiding your efforts. Right? RIGHT???
Into this written security policy document you will insert a whole section detailing log retention. Place it under the heading of Risk Mitigation From External Legal Threats. Pick a reasonable sounding number, like 30 days, or whatever is the longest you've ever had a problem resolution require. Then code a tool to automagically scrub your logs from all computers and backup tapes (you make regular backups, right? RIGHT?? Thought so.)
This regular purging of all log files should be a required function of your audit/troubleshooting tool to ensure that later when the excrement comes your way, your ventilation device can deflect it properly. Start coding, and updating that security policy. The log purge code should be finished, tested, and being used before you finish the rest of the tool.
So can you get copier paper with this symbol in a watermark?
Yes, as I noted in another post in this thread. At CeBIT last year there was a company showing off a variety of security related products. They had a number of different kinds of paper and special printers and inks, aimed at companies who need to distribute trackable copies of sensitive things. There was a box of what looked like plain white photocopier paper, except it had thin wavy blue lines printed in quarter circles around each corner, and the little pale yellow circles all over the page. The thin blue lines are generated by an analog engraving process, which ensures that there are many frequency components to a moire pattern when scanned by a digital scanner. An FFT will pick up the large number of frequencies, and interpret the mark as coming from currency, triggering the anti-counterfeiting circuit in photocopiers.
The sales droid identified the yellow circles as "Digimarc circles", and I've been using that assumption ever since. The paper was expensive, at something like 2 euros/sheet for a box of 25 sheets. Now I want a copy of those yellow circles so I can make my own watermark to stick behind my own documents. I just isolated the circles on a 20 euro note, now I have to clean up the image and make it repeat all over a page and then find a copy of photoshop to see what happens.
Also at CeBIT was a whole collection of photocopier manufacturers, all of whom prominently listed anti-counterfeiting as a feature to comply with various national laws. I didn't see any try to hide the fact you couldn't photocopy money, but most of them wouldn't allow anyone to test it because the reset procedure was too difficult.
As an ancap, I believe this is completely legitimate for the private companies... The day could come when it is enforced by government
I'm beginning to believe anarchist is just another word for ignorant. Every anarchist I've met recently seems to be completely ignorant of every aspect of an issue, most are just protesting for the sake of protesting. As one put it at the software patent protests in Brussels last year, "I protest against everything, but mostly I do this to meet chicks".
Since you weren't paying attention, Adobe's product director Kevin Smith admitted they put this code into their product under pressure from the U.S. Department of the Treasury and the Department of Fath^WHomeland Defense. They willingly took a chunk of binary code developed by Digimarc and IBM under a contract to the G20 central banks (including the US Federal Reserve), and placed it directly into their product. This code is called at every manipulation of an image, copying to clipboard, pasting, opening a file, saving a file, rotations, etc. It is not a module or a plugin that can be removed, but built into the main PS code.
Although I have yet to see a thorough analysis from reverse engineering the code, I know that Omron, the company that makes the currency detection components used in many photocopiers and printers, promotes three algorithms which are used to detect bills. The most obvious is Digimarc's single color channel circles. The circles can be one of several colors, to blend in with scheme used on the bill. The second requires running Fast Fourier Transforms on the horizontal and vertical slices crossing each curved line on a bill, where each line has a slightly different radius to its bend, and slightly different spacing to the next line. The FFT's output "blows up" into a large, unprocessable value very quickly when it hits a patch of curvy lines. The third has to do with moire patterns, but the detection algoritm is unknown to me.
So there are two main complaints, the first to do with photoshop now running much slower because every manipulation gets passed through the government approval software before happening.
The more vocal complaints are about how the a number of governments have now convinced a bunch of companies to include untested, unknown, "black box" software in their products. Today the extra software is just running a few FFT and pattern matching algorithms which trigger an alert pointing the user to a Euro CentralBank run website. Tomorrow, various governments could require much more intrusive software to be installed in all products or in the operating system itself as a precursor to gently and slowly outlawing "untrustworthy" software. Indeed, the ECB is already contemplating legislation requiring all digital equipment and software that can store or process images to include this software. That includes all camera phones, digital cameras, computers, operating systems, scanners, printers, free software projects like the GIMP, etc.
Slashdot Mirror
Anyone want to start a pool for how long before Hew ends up in U.S. custody?
/.) how stupid he really is and gets arrested at LAX within a year.
:-)
This guy is stupid enough to blatantly offer warez for years, so he will probably be stupid enough to accept a "free" offer to speak at a DefCon convention next year, or be interviewed for a perfect job. I'm betting he shows the world (or just
It goes further than this, though. He'll have to stay out of any country where he might be extradited without a hearing, such as the UK, the Philippines, Japan, Canada or Mexico. He'll have to avoid all long distance air travel where his plane might have to divert to a country with a looser extradition agreement with the U.S., avoid flights with stopovers or even refeuling stops in U.S. friendly countries.
Then again, with the Aussie PM currently doing a goatse and bending over for a right reaming of Australian sovreignity with U.S. trade and military control, it could just be a matter of time before Hew can be extradited without another hearing.
Given that he is only free for as long as he never sets foot outside of NSW, its kind of a prison sentence right there
the AC
you could get your FCC license...and talk to anyone else in the world with a HAM rig
;-)
:-)
That limits you to talking to another group of people with essentially no lives, HAM operators.
To be honest, most HAM operators these days tend to be older, highly technical people with a strong sense of community and civic responsiblity. They mostly also have a good sense of humour about themselves (please don't hurt my karma too much
Most skript kiddies just don't have much technical abilities, certainly not enough to handle antenna design, RF propagation or analog electronics. They are restricted to very limited interaction with others of their kind, with only a cheap PC running windoze or linux, and a basic internet connection. Everything attached to their computers is easily purchased, off-the-shelf consumer electronics. They are incapable of showing technical competence, because they don't have any true mentors to guide them to bigger and more constructive pursuits.
many people who choose such illegal activities...don't do a cost/benefit analysis
Most of the skript kiddies / graffiti artists / vandals / arsonists tend to be acting out of anger, rage, helplessness, fear, and no sense of belonging. They're not intellectually developed enough to do CBA, they just want to destroy things to prove they can do something, anything. Its far easier to destroy using materials at hand than to create by collecting and using new materials.
the AC
You are confusing two completely separate issues, egress filtering of IP addresses, and MAIL FROM: addresses in email.
Vixie is talking about configuring the big border routers used by ISPs at the edge of the ASes to also filter packets based on source address. There is a big problem with this, in that none of the big iron routers (Foundry, Cisco, Juniper, etc) has the circuitry in place to filter on source address. Certainly you can do this for feeble traffic levels. But the moment you switch in an ACL, the packets stop being routed by efficient ASIC packet handlers, and touch the CPU in the router. Even a small percentage of the traffic can bring a large router to its knees. All modern ASIC switching/routing circuitry looks at destination address, as well as MPLS labels and VLAN tags, but not much more.
If it ever became a market necessity to move source address filtering into the ASICs, you would see products on the market within weeks. But this will require hardware upgrades on every box, not just a simple firmware patch. Until there is a major reason to offer such technology, such as poorly thought out legislation, it will be impossible to perform egress filtering.
I have seen some responsible ISPs filter at the luser access router (ingress), where the flow of traffic is miniscule and can be CPU filtered by each box. But a Cisco AS5300 with 60 installed modems becomes unstable if you put a complex ACL in its config. There are a number of ISPs I know who are now filtering on 127.0.0.1 as a source address, to prevent damages from the blaster worm, but in doing so they are uncovering all kinds of other problems. Adding an ACL which limits traffic from each PPP session to the assigned address would bog down all the access server CPUs, and result in a huge increase of customer complaints. So most ISPs just can't do source address filtering until there is kit which can do it as efficiently as needed.
Vixie's rant mentions only peering agreements, which tend to be only minimal amounts of traffic from one AS to another. Typically, traffic crossing a peer arrangement is not going to be routed to another AS. What he really meant to say is that Transit connections need to be filtered. Transit connections are what UUNet and other big carriers provide to many hundreds of other ASes. Its this high volume traffic which needs to be filtered.
the AC
I wish there were some students around here I could trust enough to pass off all the people who want me to install a virus checker on their win98 boxes.
Get some practice with the main virus scanning tools, anti-spyware cleaners, and other basic windoze utilities. Learn how each version of windoze does things like dial-up, and how the local cable or ADSL provider like user machines to be set up. Then print up some nice flyers and go around to all the computer stores in town and ask them if they'll promote your "summer job" business of doing all the crap work helping (l)users set up their systems and get on the internet.
Draw up a list of jobs you will do, a time estimate for each one, and the price you will charge for each job. Something like installing Norton Anti-Virus should take about an hour, and you should charge something around US$10 or $15. Installing a free firewall, with basic configuration should cost $10. Helping with an ADSL installation maybe $20.
Make sure you are up front that the person with the machine is going to be buying the software, like a commercial virus checker, and your fee will be on top of that. Add $5 if you are the one to run to the store and buy the software for them. Don't get tempted to try pirating commercial software, enough people will then be wary of you, and the recommendations will fall off. Make sure you explain how some of the software is free for personal use, like AdAware and ZoneAlarm, but some effective virus scanners cost $40 or $90.
Have your own collection of freeware utilities, on both a USB key and a CD, and maybe even a floppy with necessary drivers. You would be surprised how many old machines are out there still running win98 or NT, and don't have USB ports or a working CD drive. The owners don't care, since they have 33.6k dialup, AOL, and Word97. They don't really need much else, but the trojans and email virii are hurting their systems and they need somebody cheap to help them out, and the computer shops tend to want to charge large amounts per hour for basic installations.
By the end of the summer, you will have learned you never want to work in technical support again, and you will probably blow your hard earned cash on a high powered rifle and a case of hunting ammo.
the AC
The 419 scams were cracked down on in the Netherlands recently, sending the scammers mostly to Madrid and Barcelona. Its a whole community, the majority are no longer Nigerians, but a mix of eastern europeans and west africans. The africans work the front end of the scams, pulling in leads. The eastern europeans work the back end, setting up banking accounts, credit card processing scams, laundering the money and the like.
There are a bunch of network operators tracking the technical guys, who buy up space in Colo's to house their scam sites and ADSL connections for the apartments where the scammers operate from. Mostly they use hijacked machines spread all around the internet for their relay points and temporary (30-90 minutes) websites, but those tend to be controlled from a few central servers. These are scary people to deal with, the Albanians have a nasty reputation of just killing anyone who might cross them. We were warned repeatedly by the police to not confront them, but take notes and let the police deal with it. There are dozens of unsolved murders blamed on the Albanians, including some from the 419 scam gangs.
In the Benelux area, we're glad the police finally did their job, even though the investigation took more than a year. Now its the poor Spanish police's turn, and the scammers know they don't have an effective high-tech group. So expect the 419 scams to continue to grow.
Still, Clueleyless is right about most spam coming from US sources, despite their using hijacked machines all around the world. I haven't seen a spam recently that didn't have a US oriented payment method, US phone number, US mailing address. Its American spammers targeting American victims, and American law enforcement is afraid to do anything about it. I can't remember the last time, if ever, I saw a French, Spanish, Portuguese, or Dutch language spam. Or one in Euros.
the AC
Reply or moderate? Well, since shyster's post is already at +5, here I go...
/., where a good troll can always get a story posted.
My first reaction was that he has somehow managed to install RRAS. Its astonishing how many people have shit installed on their boxes they don't know how or when were installed.
A quick nmap of a default install win2k box shows only a handful of open ports: 135, 445, 1025, 1026. Turning on netBios over IP also opens ports 137, 138, 139. Beyond that, ports only get opened up by enabling or installing other software. RRAS will open up various ports, depending on which options you configure: 1723(pptp), 1701(l2tp), 520(rip) and if you configure OSPF or RIPv2, appropriate multicast addresses will appear. Installing Access, which installs ODBC/MSSQL, opens up port 1434, which unpatched allows the slammer worm to propagate.
Every network aware product you install on 'doze may leave ports open. Any moderately experienced system admin knows this, so if the OP wasn't able to get a response, that is because he didn't truly ask anyone knowlegable.
The OP was a troll, but this is
the AC
I mentioned this to one of Monti's Minnions (the EU competition commissioner) over a drink one evening. In Brussels, alas, it is often what is said over a pint after work that carries more weight than a dozen daytime meetings, but not always. His response was that such an idea seeing the light of day would be shot down immediately, fought with such vigor that the FT would have its pages full for years.
Apparently a quite similar proposal was the first, and most obvious one, put forth at the beginning of Monti's defence of EU consumers. It even included clauses covering leasing companies and outsourced IT management companies like IBM Services and Cap Gemini. M$ rallied all of its captured companies to decry such a move, and it was quickly shelved. But privately, over beers after work, several reps from large PC retailers (Dell, Gateway, Vobis) agreed that having such a ban, even for a couple of years, would free them from the expense of the M$ tax.
Allowing any OS except M$ to be pre-installed would open up the door to several new linux distributions like Lindows, as well as real OSes like BeOS, and Slowlartis x86. Even a ban of a couple years would shake up the market, inform consumers about the true cost of M$, and create whole new markets for post-sales installation and tune-up.
Given the obvious benefits of such an idea, it was doomed to wither and die in cold, hard reality which is Brussels.
the AC
Bitter, moi?
My guess, this is some of the source released to academic institutions for study. Lots of universities have access to a small portion of the windows source code, for use in various computer labs, and to create interoperable code. It comes on a single CD, and is not difficult to obtain.
.eml files be links to the original file? .eml files, like tcp-ip tutorial.eml. Would there really need to be a tutorial like this spread everywhere?
/. doing the trolling, this will probably hit the major news outlets tomorrow. No doubt, they will only quote the most pandering media whores around, to sensationalise the story. Any bets several major stories will point to /. as a culprit, or as a den of criminal hackers?
/.
I've studied one small section of M$'s source code, a single network module appearing in both NT4 and NT5.0, under NDA of course. I don't see it here. There are a lot of things I don't see here, and I'm still going through the tree. There are some things here that are clearly part of windoze, such as the source to regedit.
Some other things that make me suspicious this isn't all the source code:
1) lots of 0 length files, could all those
2) the win2k source just happens to total 658MBytes, about the size of a CD
3) there are a number of 0 length files of people's names with the letters CV next to them. cv - vered mazafi.eml, ronen-cv.eml
4) all through the file listing are repeats of
I think this is just a student prank, being trolled out of proportion. It's not just
the AC
I can't believe I'm admitting to extensive knowlege of windoze on
There are a number of reasons why I'm not renewing my CCIE. The biggest one is that with more than 30 years of experience, its pretty obvious to clients that I know my cisco. I'm known to all the carriers and ISPs in my area.
The only calls I've received in the last year were from recruiters looking for "free and clear" CCIEs who can go to work for a cisco partner. Never anything spectacular, they just need to keep 3 or 5 CCIEs on the payroll to keep their tier 2 or tier 1 status. Then I talked with one recruiter, who told me he received over 50 CVs from CCIEs in response to an ad he put on jobserve. Not all of them had not worked for a cisco partner in the last year, but he maybe had 20 to choose from. That was depressing in itself, it shows how many are out of work right now. The pay offered for London was pretty miserable considering how expensive the centre is. There was also cisco partners in the north and midlands of England, but I wouldn't want to move there just for a job.
I've found that many companies no longer care about certs, they want a specific skill, on a specific version of software on a specific platform. Any slight variation, and they aren't interested, since there are 200 more candidates to look at. I've gone back to consulting, where I sell my experience and ability to pick up on any technology rapidly. Consulting jobs are scarce right now, but its paying the mortgage.
Lastly, I would have to set up a study lab again, and spend a week or two reviewing all the new things on the exam, like MPLS and Multicast. I just don't see the point, all it does is get me invitations to Networkers.
I'm not worried about offshoring, most of those jobs are closer to entry level rather than retirement. But if I didn't have a university degree, I'd be in serious difficulty right now. The degree counts for much, much more than certs.
the AC
Firstly, congratulations on wanting to go with a real degree before jumping into the networking field. Its the way to go if you want to have any future beyond "button pushing lackey". Your entry level CCNA job has already been shipped to India, shoot higher.
There may not be a specific "Network Engineer" degree at all universities, what you want is to study Electical Engineering, add in some Mathematics (queue theory, statistics), and top it off with Physics (optics, particle physics). All of these elements are required to actually understand what is going on with networks. Specific topics to concentrate on include circuit design, transmission lines, antennas, material science, compiler design, signal processing, queue theory, and statistics, lots of statistics.
If you want to be the guy who actually writes new RFCs to be used by everybody else, gets hired by companies like Cisco to create new routers or protocols, and be the chief designer on world spanning networks, ignore the certificates for now. Concentrate on getting the background information necessary to understand all the aspects of network design, like speed of light limitations, electrical characteristics of transmission lines, radio circuits and complex mathematics. Picking up a cisco certificate will then take a week of your time when you are ready to join the workforce, and you'll know not just the HOW, but the WHY.
There are a ton of CCIEs on the market today, those without university degrees are flipping burgers or repairing PCs. The interesting work, such as creating optical switches or ultra efficient routers, can only be done by people with advanced degrees. The cert holders sit in the NOC at 3 AM, working their way through a never ending stream of trouble tickets, wishing they had a real degree to get a real job.
That said, from my experiences with US university grads, I'd recommend UC Berkeley, Purdue, CalTech, or UoWashington.
the AC
who just let his CCIE expire, because its worthless in todays job market
I used to use gopher quite a bit in 1991-1993. By 1994, gopher use had almost ended, replaced by http. I didn't touch gopher again until a specific problem came up in late 1997. I haven't used it since then until tonight (and I'm having a great time poking around, the mozilla gopher client still works).
What I don't understand is why your sniversity is getting rid of UseNet. Dejagoogle might be ok for archival searches, but there is certainly a place for newsgroups in an academic setting. Slashdot and kuro5hin are about the closest web apps have come to duplicating the community feeling of UseNet, and that is not saying much. I spend a couple hours per week catching up on a wide variety of news in about 12 newsgroups. Without that quick update, I'd soon feel very left behind in my field. There is no place on the web where you can ask very technical questions, and have a good chance some technical expert has seen your problem before and can help solve your problem. UseNet is invaluable for people who have real jobs requiring lots of additional information.
Will your sniversity be a leader in trashing soon-to-be-obsolete protocols and block port 80 at the firewall next year? Or will they just make the logical next step and eliminate internet access, telephones, and all electrical appliances?
the AC
He's a fake!
A real member of the United Counterfeiters of North America would not have misspelled the name of our glorious and patriotic organization.
The United Counterfitters of North America are dedicated to advancing the rights of people who install kitchen surfaces. Down the hall on your left.
the AC
DMSO is good for disolving female hormone treatments. Grind up estrogen tablets (the first week of birth control pills), add a small amount of alcohol, then mix with DMSO.
For delivery, this can be disolved in a cup of cold water by adding a drop of dish washing detergent (DMSO is an oil). Dump this mix on the victim, where the estrogen/DMSO mix would soak the clothing and remain in contact with the skin for a prolonged period of time. This would result in a small but effective amount of estrogen reaching the bloodstream.
Estrogen poisoning of a large, testosterone filled guy, in this example weighing 240 lbs, would cause all kinds of medical problems for a period of months. Voice change, loss of sexual function, enlarged nipple erectile tissue and enlarging of the fatty deposits in the breasts, hair loss, persistent diarrhea, headaches, and vision problems.
That I am conversant with such a procedure and the resultant effects is a good reason why you should not fuck with my mail servers.
the AC
I think you have just found /.'s replacement for goatse.
Another thing I'm going to have to be careful of from now on. I'm off to wash my eyeballs.
the AC
Not yet. I just checked all 4 of their name servers:
AUTHORITY SECTION:
sco.com. 6H IN NS ns.calderasystems.com.
sco.com. 6H IN NS ns2.calderasystems.com.
sco.com. 6H IN NS nsca.sco.com.
sco.com. 6H IN NS c7ns1.center7.com.
and all of them return
www.sco.com. 1M IN A 216.250.128.12
So their name servers are still up and running, and pointing to a valid address. Reasonably, they have a 1 minute TTL, which will give them a quick response if they do decide to point it at 127.0.0.1 or 66.35.250.150.
the AC
the slashdot crud filter doesn't like double semi-colons in posts
The original version of the worm had a bug that didn't perform any DDoS of SCO. After having bugs in the code pointed out to them by the ever willing Open Source Community and the Security Research Community, the authors of the worm have helpfully provided several updates that do actually perform the DDoS against both SCO and M$.
Apparently, the code does not perform a complete TCP handshake before trying again. It doesn't wait around for the first TCP SYN+ACK packet, it sends a TCP SYN packet every second. If, by chance, the SCO address responds with a SYN+ACK packet, then the worm sends the initial GET / HTTP/1.1\r\nHost: www.sco.com\r\n\r\n. Its difficult to tell from the decompiles if it even bothers to close the connection, or just abndons the local TCP stack to deal with closing the connection at some later time. In an internet simulator testbed, not providing SYN+ACK packets back to a worm infected microsoft machine, the TCP stack stops sending unbalanced SYN packets after 63 attempts. As a friend helpfully pointed out, you can increase this number by changing a registry setting in windoze.
I personally don't think the current management of SCO cares about their website, they certainly don't have any revenue producing features that need to be maintained. Most SCO clients rarely go to the SCO site for anything, since most maintenance is done by intermediaries like IBM Services Group, which have their own internal distribution of support and patches.
the AC
They're just much more hobbier than you. Thats all.
the AC
I have a few copies on my Solaris box. They aren't doing much, so I'm working on a port.
I've gotten the DDoS bits working, but the rest of the code will have to wait for when I have more time. I'll have to get what I have out to all my servers on big, fat pipes, so the performance is better than behind my little E1 connection.
the AC
I had a lot more fun today with DuMaru.Y infected machines. fsckers!
The battle to get your current IP/netblock removed from blacklists will be long, difficult, and in the end, futile.
You need to realize your only choice is to find another ISP/Colo. Avoid choosing known spam friendly colos like rackspace, and get your machine moved. It doesn't take too much effort cruising through NANAE archives and some googling to discover if an ISP is mostly blocked or relatively well respected.
That said, if you do move to a respected section of the internet, then by all means make sure your box is completely locked down. Hire a security consultant if you don't understand all the things you have to check out before putting the box into production in the new place. Since your machine was once a spam host, that tarnish will stay with it until you can prove to the network admins of the world that you are a resposible sysadmin.
the AC
CT,
/. For extra added incentive, link to photos of Nathalie Portman or your wife. If we don't knock the bird out of the sky, you'll know what kind of bandwidth you can sustain :-)
/28 or /27 block of permanent IP addresses, maybe even IPv6, and you'll never be able to go back to dialup again. After a few months of paying US$150-$250/month, you'll justify it as a necessary luxury expense.
When you get your satellite connection set up, put your home server on it and post the link to the front page of
In a slightly more serious vein, and back to the original topic, have you done some googling for T1 connectivity in Ann Arbor? From looking at some networking maps, there is a ton of excess capacity running through Ann Arbor, the UoM has a number of OC48 links to internet-2, there must have been excess capacity pulled through the city which some local ISPs have leased. A T1, if it doesn't cross a LATA boundary, is supposed to be dirt cheap in the U.S.
For someone like you, with two hardcore geeks in the house, a permanently on T1 connection to an ISP with an almost-everyting-permitted AUP would probably not cost much more than the satellite connection. A
the AC
In some countries, old-style HR droids expect all CVs to have a current photo attached. France is one of the worst offenders of this outdated practice, but I've seen it all over Europe and the far east.
I've worked in a few places where the HR people started by throwing out all the CVs which didn't have a photo and a block of personal information (age, marital status, children, hometown, primary school, hobbies). Then they sort the photos for good looking people. After they have a small pile of applicants who will look good in the hallways and the cafeteria, then they start looking at qualifications. I've sat in a droids office while she did this, and pointed out repeatedly to her and her boss that we really needed to find a specific engineering talent, and we couldn't care less what they looked like. I was overridden because the local HR policy forbid hiring a candidate if they couldn't make a visual pre-judgement. Someone later pointed out to me, it was obvious in hindsight, there wasn't one blonde person or short person in the company, since the two HR women preferred tall, dark haired men.
I've seen worse. At the European HQ of a large american company, I was asked for handwriting samples for a graphology report, my exact birthplace and time for a horoscope, and then the HR woman did a phrenology exam of my skull. I received a formal written apology from the head of HR in the states after I wrote up a fairly humourous rant about the process which made the rounds of some of their internal mailing lists. By the time the apology and job offer came in, I already had another job.
Years ago a makeup artist friend gave me a whole makeover, and then took my photo wearing a suit and tie. The good looking chap in the photo bears only a slight resemblance to me. I actually used it on a few CVs when I decided I wanted a career track again, which is what led to the interview with the big american company. Ever since, I've left my CV without a photo, and maintain a blacklist of companies who still require either a photo or a handwriting sample before being considered for a job.
These days, all my work comes from contacts, and I don't need to send out CVs any more. Networking is far more important to getting the first contact behind the HR filter than trying the usual way of adding your CV to the huge pile they already have. But having a spiff looking CV for the interviews is absolutely essential, because they will be reading it during the times you are not in their presence, and the CV has to be selling you when you can't be there personally to do it.
the AC
And a good one at that. More than 40 responses as people go off on Krog's wild goose chase. That deserves declaring Krog as either a foe or a friend, hard to decide.
Probably just a list of pingable addresses generated by nmap -iR 532 -sP. Too many of these addresses are outside the U.S., and too many of them seem to be resolving to hosts that are easily tracked down without needing to go through an ISP. mail.samaritanbethany.com? Come on, that one doesn't require a subpoena, just a whois lookup or a visit to their site. Its a retirement home in Rochester Minn. If the RIAA were going after them, they wouldn't waste their time with Verizon in NY when the provider is Qworst.
Has anyone else seen a copy of the lawsuit yet? It may show up on some court's website tomorrow, but there isn't a copy of the suit on the RIAA's site. I have written to the press contacts at the RIAA asking for a copy of the lawsuit, but I haven't yet received a response.
the AC
However, I *really* worry that the information could be subpoenad[sic]
If you are working in a security environment, there must be a written security policy guiding your efforts. Right? RIGHT???
Into this written security policy document you will insert a whole section detailing log retention. Place it under the heading of Risk Mitigation From External Legal Threats. Pick a reasonable sounding number, like 30 days, or whatever is the longest you've ever had a problem resolution require. Then code a tool to automagically scrub your logs from all computers and backup tapes (you make regular backups, right? RIGHT?? Thought so.)
This regular purging of all log files should be a required function of your audit/troubleshooting tool to ensure that later when the excrement comes your way, your ventilation device can deflect it properly. Start coding, and updating that security policy. The log purge code should be finished, tested, and being used before you finish the rest of the tool.
the AC
So can you get copier paper with this symbol in a watermark?
Yes, as I noted in another post in this thread. At CeBIT last year there was a company showing off a variety of security related products. They had a number of different kinds of paper and special printers and inks, aimed at companies who need to distribute trackable copies of sensitive things. There was a box of what looked like plain white photocopier paper, except it had thin wavy blue lines printed in quarter circles around each corner, and the little pale yellow circles all over the page. The thin blue lines are generated by an analog engraving process, which ensures that there are many frequency components to a moire pattern when scanned by a digital scanner. An FFT will pick up the large number of frequencies, and interpret the mark as coming from currency, triggering the anti-counterfeiting circuit in photocopiers.
The sales droid identified the yellow circles as "Digimarc circles", and I've been using that assumption ever since. The paper was expensive, at something like 2 euros/sheet for a box of 25 sheets. Now I want a copy of those yellow circles so I can make my own watermark to stick behind my own documents. I just isolated the circles on a 20 euro note, now I have to clean up the image and make it repeat all over a page and then find a copy of photoshop to see what happens.
Also at CeBIT was a whole collection of photocopier manufacturers, all of whom prominently listed anti-counterfeiting as a feature to comply with various national laws. I didn't see any try to hide the fact you couldn't photocopy money, but most of them wouldn't allow anyone to test it because the reset procedure was too difficult.
the AC
As an ancap, I believe this is completely legitimate for the private companies ... The day could come when it is enforced by government
/.
I'm beginning to believe anarchist is just another word for ignorant. Every anarchist I've met recently seems to be completely ignorant of every aspect of an issue, most are just protesting for the sake of protesting. As one put it at the software patent protests in Brussels last year, "I protest against everything, but mostly I do this to meet chicks".
Since you weren't paying attention, Adobe's product director Kevin Smith admitted they put this code into their product under pressure from the U.S. Department of the Treasury and the Department of Fath^WHomeland Defense. They willingly took a chunk of binary code developed by Digimarc and IBM under a contract to the G20 central banks (including the US Federal Reserve), and placed it directly into their product. This code is called at every manipulation of an image, copying to clipboard, pasting, opening a file, saving a file, rotations, etc. It is not a module or a plugin that can be removed, but built into the main PS code.
Although I have yet to see a thorough analysis from reverse engineering the code, I know that Omron, the company that makes the currency detection components used in many photocopiers and printers, promotes three algorithms which are used to detect bills. The most obvious is Digimarc's single color channel circles. The circles can be one of several colors, to blend in with scheme used on the bill. The second requires running Fast Fourier Transforms on the horizontal and vertical slices crossing each curved line on a bill, where each line has a slightly different radius to its bend, and slightly different spacing to the next line. The FFT's output "blows up" into a large, unprocessable value very quickly when it hits a patch of curvy lines. The third has to do with moire patterns, but the detection algoritm is unknown to me.
So there are two main complaints, the first to do with photoshop now running much slower because every manipulation gets passed through the government approval software before happening.
The more vocal complaints are about how the a number of governments have now convinced a bunch of companies to include untested, unknown, "black box" software in their products. Today the extra software is just running a few FFT and pattern matching algorithms which trigger an alert pointing the user to a Euro CentralBank run website. Tomorrow, various governments could require much more intrusive software to be installed in all products or in the operating system itself as a precursor to gently and slowly outlawing "untrustworthy" software. Indeed, the ECB is already contemplating legislation requiring all digital equipment and software that can store or process images to include this software. That includes all camera phones, digital cameras, computers, operating systems, scanners, printers, free software projects like the GIMP, etc.
Get with the panic, this is
the AC