Start by attacking any ISP in the UK who offers internet service to this company. At this point, all it takes is threatening to file a law suit, and the ISP will yank their access. It is legitimate to use words such as 'libel', since they may in the near future try to claim someone a criminal, which could then be proven in court to be libelous. Words such as 'cracking attempts' and 'illegal probing' can also be tossed out truthfully. When netPD have exhausted all potential connections in the UK, they will be forced to move their entire operation to another country, and start over again. It will take some perseverence to take them down, but the community is large, and the number of ISPs willing to take a stand against baseless litigation is rapidly diminishing.
Complain to their upstream provider, about the excessive use of bandwidth caused by netPD. It might not get them blocked, but they could get bumped to a higher cost guaranteed bandwidth service, taking another chunk out of their revenue.
Track the methods they use to search napster, gnutella, and web sites. They are using some kind of spyder to crawl around and log hits based on their customer's heuristics. These bots/spyders could then be blocked at various points, freeing small sections of the internet from their insidious probing.
Enlist university administrators to help block netPD. Students who are running distributed file systems and fear being libeled or falsely accused by netPD should send a written request to the university network administrators to block outside access to netPD. Again, use carefully selected panic words 'illegal probing attempts', 'crack attack', and 'allowing netPD access could open the university to a lawsuit'. Tell them cracking/scanning attempts are coming from the subnet 62.254.209.128/25, and ask them to block it.
Create a standard template to exclude netPD from networks you control. Someone should write a one paragraph disclaimer which could be customised for each locale telling netPD to stay away, and promising to follow up any violations with a vigorous prosecution.
Bruce Ward, 23-year-old chief technology officer of NetPD sounds like this is a small failed Y2K pre-IPO company jumping onto a wave of free publicity. Not to put down 23-year-olds, but a company with an abrasive CTO like Bruse may not survive riding a big and dangerous tsunami very long, no matter how good surfers they think they are. He already rode another company into bankruptcy and several lawsuits.
He's been so bold as to register the address www.mp3police.com. "We fully expect to upset people and our site will probably get hacked," he says. This sounds likes a challenge to leave to the script kiddies. That server is physically located in a webhosting service in Dallas, Tx, USA, running a static page of Bruse's failed Y2K fixit company. Bruse has also registered mp3police.co.uk, which has been recorded scanning many legitimate sites, none of which are running napster or warez boards. Complaints have been circulating for a while, go scan deja for some more info. NetPD has even hit some totally innoculous honeypots and scanned them completely.
At this moment, netpd.com and netpd.net are still available from futuresite.register.com for a price:-) Any takers?
The challenge for those who want to see a free net is to attack netPD where it counts, their access, their financial well being, their status as vigilantes, and their reputation with any potential customers.
I run a number of honeypots spread around the internet, coupled with some additional active trackers to log probe activity. The goal is to identify script kiddies, and then use that information to block them from important sites. The honeypots are simple machines that look for any kind of network activity, and then signal that activity through a secondary channel. Active trackers in other locations then make a number of queries of the attacking machine, to figure out what it is running and possibly the identity of the luser. We also check with the NOC of the ISP, and they usually give us info on who was logged into that port at the time.
The amount of information collected is surprisingly easy to manage, and quite often turns up the same small group of wannabe crackers. It doesn't take much to rattle an upstream provider and get their connection yanked. When we get scans from schools, the administrators are usually very happy to help nail the idiot. We fight over who gets to be "detective chief inspector Gerry Fitzgerald of Scotland Yard" (a UK joke) when calling American uni's. The internet polices itself.
Many in the security world are building similar systems. Rumours have it the FBI's new cyber centre is building a large scale probe monitoring system. They have been quietly approaching a number of schools and large ISPs asking for names and addresses of certain users connected to cyber-crimes, exactly as we do. From my understanding of American law, this is perfectly legal for them to do during investigations, as long as they do not try to use this as evidence in a court case. They can collect any type of incriminating evidence and keep it forever, and will use it later to deny security clearances for stupid script kiddies who graduate and go looking for government jobs, or anonymously refer some to local authorities.
Honeypots and baiting services like ZeroPaid will increase in number. I don't expect one of them to become the next amazon or ebay, but there is a market out there for identifying crackers/script kiddies/pr0n addicts/alcoholics/junkies to law enforcement, employers and insurance societies.
I've tracked back some of the IP addresses they have posted. Some of them are dial up connections to ISPs, some trace back to.edu and seem to be static addresses.
Without matching the time and port to a specific user login at an ISP, this is mostly useless. But matching can be done quite easily, as most ISPs keep login records and will willingly give them over to law enforcement when asked or marketing research firms when paid.
This is good because it will make people a little nervous about using gnutella and similar distributed file systems to spread around questionable material. If it helps keep the worst pr0n and blatantly ripped copyrighted material off, then gnutella will be more acceptable in areas such as universities. PR stunts such as this will also raise the knowledge level of how anonymity on the internet is a rather dodgy concept. It is so very easy to track you through your IP address, but most of the clueless people believe the hype you are completely out of reach of repercussions when connected to the internet.
We'll have to see if other services like this one pop up, especially those who have an evil political agenda. Marketers who harvest IP info and match it up to other records in doubleclick to spam you more effectively. Imagine a company putting out files named "christs_love.txt", and seeing who DLs it, and then targeting them with religious ads. Or "suicide_help.doc", and then selling the results to insurance companies.
Yes, their web site is intentionally vague on the offerings.
You are right about the all the proprietary schemes they are using for the home offering. The modems use a proprietary windoze driver to connect to their servers, similar to how AOL works. Once you connect to theirs servers, then you can get access to the internet. Linux connections will not happen for a while, until someone gets desperate and hacks the protocols. They have some kind of proprietary authentication scheme as well, but I can't figure out when things get authed if the connection is always on.
The IP addressing is all on private IP numbers for now, and there is no direct routing to the internet. Its all NAT (ipmasq for the linux crowd), plus firewalls. What they wouldn't answer me was whether they would be actively scanning users machines for servers or any vulnerable open port. Its entirely possible this windoze driver does not allow a true IP connection anyways.
The Work service is also a joke, but at least they claim they will offer a 4 static IP addresses at some point in the future. You can NAT and hook up as many machines as you want for browsing and email. But there is still a firewall preventing any incoming sessions, so a company can't use this to set up a web server in their own building. The sales droids are now being trained on how to jump on any business customer who asks for this, and redirect them to a very expensive web hosting service.
Yes, we are stuck with this crap until OfTel gets some backbone and forces BT to behave like a responsible monopoly. Opening up the local loops hasn't killed any american RBOC, in fact their profits are the highest ever.
the AC
Re:I *won't* own a TiVo!...uh, wait...
on
Tivo Hacking?
·
· Score: 2
I doubted the claim of repo-men as well. But the wording indicated that the whole unit belonged to the company, or something to that effect. But this was all from memory from a couple of months ago, so I'll have to look again next visit.
But if the licensing of functionality can be 'repossessed' for non-compliance with the data harvesting of the unit, then that would be a bad thing. Is there anyone out there who has disconnected the unit from the phone line for a long period of time? Does it still work in manual mode?
If enough people have their units crippled, then a hack similar to the one starting this post would be a cool thing. An open source tivo that doesn't harvest data would certainly be just as valuable as a fully functional one. Plus the large disk hack for 160+ hours of storage would be cool, especially with a good indexing system. Then you could store a dozen of your favorite movies and watch them to death without wearing down your tapes.
As an aside, when I was a student in the US, the cable company would regularly send people around to try and reclaim their boxes. Mostly happened at the end of semesters, and the guys were pretty agressive about it. They'd knock and get into the apartment under any kind of pretense, and once inside they would demand pretty loudly the return of the box. It was kind of stupid, since we didn't have a TV in our place, just a computer and terminals. But a previous tennant had kept the box, and our address never got out of their system. The repo-men were pretty cool once we gave them a tour of the apartment, but one of them couldn't understand how anyone could live without TV. We had 1200 baud modems in those days, and would waste our evenings on multi-player ASCII trek games.
If you go and read "the cuckoo's egg" by Cliff Stoll, find the part where he mentions the cracker is looking for something called KeyHole 11.
The NSA guy goes pale when he hears that. Cliff asks him what it means, and the guy says that KH11 is the same as the Hubble, only it points at the earth. Cliff does the math for what the optical properties would be (badly, he later admitted, because he didn't take into account adaptive optics and a dozen other well known tricks), and comes up with the resolution for what a Hubble sized telescope could see on the ground, 8-15 cms.
Over on sci.military and alt.conspiracy the story maintains that in the 60's, the NRO had brought in some astronomers to create a telescope that could spy on the earth with great precision. The astronomers created at least 12 of them, each bigger and better than the last. But the optics and communications packages were made for looking downwards, and the astronomers were dying to point it at stars. They carefully leaked a lot of the design specs to others starting in the 70's. This got turned into congressional funding, and eventually the single Hubble was created. Rumour has it the hubble and keyhole satellites share an almost identical design, only the sensor packages and civilian communication packages are different.
the AC
Re:Because you don't own your TiVo!
on
Tivo Hacking?
·
· Score: 2
Well, this unit was bought in Virginia, the first state to pass the UCITA law overturning centuries of consumer protection laws. It seems it doesn't matter if they 'bought' the unit, they have 'licensed' the functionality, and the license can be revoked at any time leaving them a worthless box.
The box will only record shows that are listed by their service. I had difficulty getting it to record c-span and one of the local access shows (wayne's world lives) because the individual programs weren't coded in the national database.
the AC
Because you don't own your TiVo!
on
Tivo Hacking?
·
· Score: 2
Family members in the US just got a tivo. Neat little toy, even if the loss of picture quality grates on my nerves a little. Great for the quick rewind of live tv shows.
I looked through the documents that came with it, and realised they do not actually own the box, it is being licensed. The telephone connection is required to keep the box operating, and unplugging it for some length of time will render the box unusable. If the unit does not call in after a certain amount of time, they claim they will repossess the box. If any tampering is done to the box, criminal charges will be brought with no exceptions.
Heck of a bad time to buy my nephew a tool kit with secure torx wrenches:-)
I travel 40+ weeks each year, and I've always got my laptop with me. 'Course, its how I make a living:-) I sometimes carry other equipment, cameras, signal analysers or radios.
The one big advantage to traveling with a digital camera is that you will take tons of pictures of things you wouldn't waste film on. Especially if you can store hundreds of them to your hard disk, and email them to the friends you were thinking of when you saw the shot.
Customs agents the world over have the highest incidence of brain spasms you will ever see. Logic and common sense go out the window whenever they are presented with something out of the ordinary, and it can be a real hassle getting your equipment back. Twice in the last few years I've had my equipment seized flying into Paris, and once into Heathrow. It takes a lot of work over a period of days or weeks to convince the idiots to give back your equipment, and they will usually tack a on import duty. Less bureaucratic countries will just seize your stuff until you pay a random import duty 'ransom', which you can usually do in just a few minutes. Computers are starting to be accepted, but any accessories, especially digital cameras and mini-disc players, get snagged. You have to provide proof that the same camera is available for retail sale in the country, so avoid the latest and greatest.
Carry your expensive stuff in a battered looking small backpack, similar to a book bag. This hides the fact you have something heavy (==expensive) to attract thieves. DO NOT carry your equipment in heavy duty protective cases, especially Zero Haliburton or Pelican. Those cases attract a 100% response from the drug agents, and the dogs are often trained to sniff out drugs sealed inside those style of cases, so they sound just on visual and you will get strip searched. After a few times when it takes you 12 hours to cross a border and your friends crossed in 12 seconds, you will toss the expensive case.
My best suggestion is to travel with a cheap old laptop that you don't care if it gets stolen or smashed. Because on a 6 month trip, I'd say the odds of it returning in one piece are pretty low. Don't risk a brand new vaio. And buy the occasional disposable camera with a flash, for carrying to the beach or disco or other places where a valuable camera would be gone in an instant.
The disadvantages of traveling with a ton of film is that they all go through x-ray machines repeatedly. A few times and you can't see the fogging except in controlled tests, 10 times and the fogging is slightly noticible, 30 times and you will have trouble recognising half your shots. Just buy film during the trip, and get it processed locally and then mail the negatives back home. You can give away the prints to the pretty girls you meet along the way:-)
the AC So funny you would mention Kerouac, had a long discussion about him this weekend.
I'll second sdelmont's recomendations, with some clarifiers.
Avoid getting a cellular capable modem if you are going with the GSM option. Most GSM phones have a 'modem' built in, I put modem in quotes because what they are offering is a modem-like interface (ATDT+44171...) to the pure 9600 baud bitstream of GSM. Sometimes you can get 14400, but only in civilised countries:-) Any attempt to run a cell capable modem over GSM will result in 1200 or 2400 baud connections, quite a waste of bandwidth.
I swear by nokia phones right now, the 6150 is the best 2-bander on the market. You can do PPP connections through the IR port, but its best to get the serial port cable, do a quick search on the web for how to get the cable without paying for the windoze software.
There are 2 GSM phone regions, US/Japan, and everywhere else. So buy your phone at your first stop outside the US, don't even think of renting the cost will kill you. In some countries you have to buy a service plan with the phone, so shop around on the web before leaving. Best idea is to get a service plan from a cheap country, either norway or england. It might be impossible to get service in some countries without having a provable permanent address there (france, UK, germany).
The best thing about getting a GSM phone with an international roaming account is that you will have a phone with you at all times so you can give that number out to your family and a select few friends. Although the caller pays the first hop, if you are in another country besides the one of your service, you will pay the additional roaming hop, and that runs about $1/minute.
Avoid the 'no bills' pre-paid GSM cards you will see all over europe. None of them currently offer international roaming, so when you move on you'll be screwed. Most of them don't even allow the phone to be used in data mode. The nice thing about the pre-paid cards is that they have created a used phone market, and you can sell your GSM phone for 50%-75% of its original price when you are done with it.
Cybercafes are your best bet for most of the updating your website, at least for the text bits. The cost per hour is going to be a lot less than any dial in land line or GSM option. And you will have the leisure of filling out your hour by reading some/. stories. Some of the more clued in cafes run DHCP and have a few ethernet connections for travelers with their own laptops, and charge you the same per hour. Print out and laminate all the options for pump/dhcpd before leaving the house, know your tools. AND REMEMBER, don't log in as root on your home box from a cybercafe!
There are a lot of options for keeping connected when going walkies (walkabout for the antipodeans) so don't just restrict yourself to some cool but very expensive gizmo. And test your connection options before leaving, from a few cybercafes and libraries, you will learn that many machines will not have telnet or any other connection software except a filtered web browser.
Yes, the SMS services of GSM used to be free, back when it was almost unused and there were no gateways from the internet. I once had an almost continuous stream of messages going back and forth between a few phones as a security service, probably sent 39K messages total in 3 months. Remember the TCP over email tunnel? I had just started coding an IP over SMS driver for linux when SMS charges started. But now almost all GSM providers charge for SMS, and especially SMS email gateway functions, either for a fixed number per month or per message.
Belgacom and Proximus have anti-spam features in place on their internet --> SMS gateways, and are starting to block thousands of messages per day from spammers. They both block all messages from UUNET and AOL and a few other well known spam relays, and don't even bother to look for legitimate messages from there. There are hundreds of 'trigger' mailboxes of dead numbers that nobody should be sending messages to, which is a good method of stopping spam pretty quickly before the customer service lines start to light up.
France telecom (itineris) have no such protection measures in place except for extremely rude and untrained front line customer reps. But the SMS service is now an opt-in pay up front service, so very few mailboxes are actually enabled. But for those who have the email --> SMS gateway paid for, expect a few spam messages per week. This is outlawed in france, but there is no enforcement because france telecom refuses to track down the sources. Most of the french spam comes from within france, and is for french businesses, so it wouldn't be very hard to find them and make a few examples.
From the Raleigh NC News and Observer newspaper of 02/11/2000
Schools to get program aimed at violence
RALEIGH -- Gov. Jim Hunt announced Thursday a comprehensive violence prevention program in the state's public schools that will employ a toll-free student tip line, a Web site and an awareness campaign.
The program is called Working Against Violence Everywhere, or WAVE. It is the result of recommendations from the Governor's Task Force on Youth Violence and School Safety.
Pinkerton Services Group, a division of the international security firm Pinkerton Inc., will staff and operate the toll-free line, (888) 960-9600, on which any student, parent or school staff member can notify authorities of school violence concerns.
Pinkerton and the Raleigh-based Center for the Prevention of School Violence have developed a contact list of school and law enforcement personnel in each of the state's school district who can be contacted if needed because of hot-line tips.
For some reason when I first read this I thought it was a strange field for the world-known security company to be setting foot in. Pinkerton's Inc is the company that specialises in armored car cash delivery, security guards for concerts, and consulting services for heavy duty physical security. Pinkerton Corp is a much smaller company specialising in data processing fraud control, and seems to have products similar to WAVE. Jon, can you find out who exactly this company is?
I would think the upper management are already feeling the probes of a few high profile lawsuits, and are trying to feel out how bad it could come down on them. Perhaps their lawyers assured them the constitution of the US was repealed a few years ago, and this is perfectly legal. Perhaps they are being threatened with copyright infringement.
The shocking part of this program is offering incentives to kids to snitch out their classmates. Why stop at a few dollars or a T-shirt (I doubt they will be giving out Korn or Marilyn Manson shirts:-), why not let kids know they can get better grades by filing 20 reports during the school year. Hell, I didn't even think twice about helping my friends grow marijuana to make a few quid when I was young, and it was majorly illegal. A system like this which will give me a few dollars just for naming a name will be a no brainer.
Eventually you could make the system mandatory, every student has to make at least one anonymous claim against another before they can graduate. This was a basic skill taught in old communist East Germany by the Freie Deutsche Jugend, every student had to regularly make reports about fellow students, their families, and their neighbors. This action carried over into adulthood, making the entire country report on itself to the Stasi. Now this action is so ingrained in Ossies it is a big security problem for companies in Germany, and many companies have now instituted a no-ossie policy for all sensitive work, because corporate espionage is so easy with an ossie.
I can't see any kids wanting to wear a cap or T-shirt that would associate them with being a rat-fink, except for possibly a few misguided troublemakers. I can see an opportunity for knockoff shirts worn by the pranksters stating "I ratted out my friends for this T-shirt. Be nice to me or you are next"
What safeguards, checks and balances, neutral oversight, and legal penalties are in place to prevent abuse of the system, either by the government or students? If one of the Pinkerton Überwachen abuses the system for personal gain, will they face lengthy jail time? Will Pinkerton gather all the information on students in North Carolina (and maybe the whole US), and a few years down the road start selling that information to insurance companies or job research firms? If they do violate the law, will the president of Pinkertons go to jail? Somehow I doubt it.
Look further down the road after this system has students fearing to make a single misstep, and you can see this being used as a peer pressure tool by adolescents. "Suck me, you bimbo cheerleader bitch, or me and the whole football team will call WAVE and tell them about your suicidal tendancies" will have a lot of impact, especially on a young girl who may have already been put through the WAVE wringer because she is anorexic or once got depressed after a breakup.
A system whereby accusers can remain anonymous is wide open to abuse. On the internet we call it flamewars, trolling, spamming, sniping and a whole bunch of other bad names. We should know better, we can see how the internet is, which is why a system whose only output is to make students afraid is a very bad thing.
Fernando seems to have a rather limited understanding of the internet, routing, and DNS, and a little knowledge is a dangerous thing. But he has taken the right step by publishing and requesting the internet community to enhance it.
Here are a few points that make this proposal too simple for actually defeating Multi Sourced Denial of Service attacks, and puts an even greater strain on the internet. I also don't see any difference between an MSDoS and the slashdot effect.
DNS TTL=0 This defeats the purpose of caching, and would require all resolvers to pick up the A record from the authoritative DNS server of example.com for every new connection to the web site. Since no other DNS servers on the internet will cache a TTL=0, example.com's DNS machine had better be very beefy and have a huge pipe to the internet to handle the requests. Also, every client's resolver will cache the IP address for the duration of the connection, even TTL=0, so if the route changes then the connection breaks. Imagine if all customers of eBay or CNN had to reconnect every time some script-kiddy triggered the MSDoS protection mechanism. Meta DoS!
Don't tweak with the DNS system, it works pretty well as it is (ignoring TLD politics)
The ISP may also stop publishing the route to 10.0.0. This probably has a cost on BGP disaggregation and routing updates No, BGP route damping will kill this for all but route updates from adjacent ASes. It also means that every ISP has to keep two ranges of IPv4 addresses to drop one and switch to the other. Route aggregation will make this effect almost negligible more than 2 ASes away.
The internet runs on BGP, because it hides all the complexity of the internet from routers. So route flapping gets killed before it can be seen by neighbors.
For this technique to be effective, the ISP total bandwidth must be several times the bandwidth it sells to its customer ROTFL! This kills the proposal dead. Just try telling an ISP to keep their upstream bw several X what they re-sell to their customers. No, DoS attacks happen pretty rarely given the amount of use on the internet, so better and cheaper to let the FBI go out and bust a few script kiddies every once in a while.
example.com should change its network structure to Here the stub network is coming off of the ISP's main router, not example.com. So unless example has a good buddy relationship with its ISP to change router configurations on the fly, this won't work. I don't trust more than 2% of my customers to have the knowledge to set their own config on my kit. If they want a change, they come into my office and we sit down together and hash it out on test machines before committing anything. At the most, I might accept limited routing updates from them, but they would never be propagated into my BGP tables.
Perhaps you could show the stub coming off the border network. Cisco routers have a null device to drop packets into rather than wasting extra time trying to figure output routing. This is where the route to etoys.com used to go before they got smart:-)
Its identity can be hidden by making it unresponsive to ICMP This is done in many places, it still shows up as * * * in traceroutes, and the addresses can be pretty easy to figure out. Routers not implementing ICMP break the fundamentals of IP routing, which is a no-no but accepted as a deterrent to the stupidest skiddies on the net. Anyone with a little knowledge can figure out several ways to stealth ping a network device or to query adjacent devices. This has nothing to do with shunting MSDoS attacks.
Some slightly better solutions, generally recommended but not always followed
Anti-spoofing The key characteristic of skiddy attacks is to hide the origins of the MSDoS attack. It is recommended in RFC2267 that access points be secured from source address spoofing.
Really, this level of checking should be done at every access router. But thats another layer of complex commands the ISP net admin's sometimes don't support. Convincing them to do it will require an ISP to be held responsible in court (and pay damages) for not properly configuring a router behind a modem bank and allowing a skiddy to run a DoS from one of their dial in lines. I've already consulted for lawyers who were looking into doing just that, but they realised most ISPs and universities are so low-profit they couldn't make a ton of money from the case.
Customer and university routers should be checking anti-spoofing in both directions, for security and to make DoS from your own networks less likely. Most places only do anti-spoofing on packets coming from the internet, but leave the outgoing packets unfiltered.
Even BGP border routers should verify the source address of a packet actually belongs in their domain. This can be done for stub BGP regions but it can't reasonably be implemented at tier 1 and 2 level with transit BGP regions.
If it were truly an MSDoS attack from rooted hosts all over the internet, then the attack could just use the real IP addresses and routing happens normally. This is what has been seen lately with TTFN and Trinoo, and makes detection that much harder.
Anti-smurf Pretty much every router should not allow directed broadcasts to create a smurf flood, but many still do:-(
Route control and choke routers Any large customer along the lines of a Yahoo or CNN should be able to negotiate the purchase of an upstream choke router and an authenticated routing update mechanism for it. This would allow them to switch floods from their saturated link to a null device for a minute. They could then start to analyze what had just hit them, and create some quick-fix access lists for a special choke router.
Even smaller customers with some technical knowhow could be allowed to update their upstream router to shunt traffic to/dev/null for a while.
The latest attacks don't rely on spoofed source addresses, SYN attacks, or any other filterable packets, making it easy to create filters for the rooted hosts IP address.
Routing updates would go through a separate link dedicated to management and routing, and wouldn't carry regular traffic. If example.com is big enough to attract an MSDoS, they could afford an extra 64k link to their network managers office.
There is a lot of work going on behind the scenes to make the internet a little more secure so our quake match^H^H^H^H^H^H^H^H^He-commerce isn't interrupted.
Anonymity has always been outlawed in France, this is the summary of a bill before the french national assembly to codify a law banning all anonymity on any internet service physically on french territory.
As this article points out, the law is not yet final, but one more vote will make it final. The bill was unopposed by the clueless elected officials, because it merely confirms the internet must follow existing french law.
The new law will require all web hosting services to verify the identity of every person putting a web page on their servers, and must turn over that identity to any person who ask for it, including any cop or government official, as well as any private citizen. There is no requirement to publish the web authors information on the web page, merely to maintain a copy and to give it out when asked. It also says that if the web site owner can't or won't turn over the identity of a user, then its 6 months in prison.
The immediate downside of this law if it passes is that altern.org will have to kick off all users, and only let back on those who can prove their identity in one of the ways acceptable to the french government (carte d'identity, permis conduire (driving permit), or passport, as well as proof of residency of a current phone or electricity bill).
As Valentin points out, if this law passes in france, then it could quite well become law in all parts of the EU. That is frightening, but might happen.
The uncertain thing is what happens to people in other countries using french web hosting services and cant travel to france to prove their identity. As the law is currently written, french web hosting can only allow identified users on french soil, and all others must be kicked off.
I've worked in the US quite a number of years, and have now returned to europe to ply my trade over here. The euros *LOVE* anyone with silicon valley experience. The clued-in startups absolutely worship US/Canadian bred entrepreneurs.
I know quite a few americans who are working in europe in various hi-tech jobs. Most are doing it for the adventure and experience or because they met a special someone. None of them are doing it for the money. No pay scale in europe even comes close to what you can make in the US, and unless you are working for an american company, stock options are unheard of.
All of the 'merkins agree they are learning more and having more fun than if they stayed with their careers in the US. The biggest complaint is the lack of innovation and tendancy towards socialism over here. It doesn't matter how good or bad a job you do, everyone's careers plod along at the same pace. Any euro who wants to make a great leap in their career goes to the US.
If you get a few years of international experience under your belt on top of some US hi-tech, then you can always go back and write your own ticket. Many companies are desperate to expand their markets beyond the border, because they have to keep a 20% growth rate per year and they can't do that forever inside the US. So they look to places like europe and china, and if you walk in their door with a good proposal and some experience, they hire you to go develop the market.
I'm working a job right now where I travel 20 days per month around the world, in the office only about 1 week in 10. The pay is good, but I could be making twice as much in an american company. However, I get 7 weeks vacation per year, plus unbeatable healthcare (100% coverage and no HMO hassles) and belgian beer is cheap.
is to plead your case in front of the slashdot community. Ok, you've done that.
The next step is for the slashdot community to check out your claim, flame Jon Katz, moderate down firstposters, discuss trivial unrelated details, and finally come to a rough consensus.
If your claim seems just, we will rally to your defence, spreading the word of Coca-Cola Corporation's big bully tactics, mirroring your site on australian television, and attempting to correct clueless journalists on why you are right and why hacker!=cracker.
If you are nothing more than a domain squatter looking for sympathy, then you are TSOL (except for a handful of hotgritters who will believe anything:-)
-=0=-
Jumping to the tools immediately at hand, we find the following facts to start a proper/. thread...
DNS shows no current IP address for coke.ch or www.coke.ch, so you have no website up for us to take a look at. Thus all other tools like traceroute and netcraft are useless.
WhoIs produces
Domain name: coke.ch
Holder of domain name: Somjad Puangngern S Spring APT- C 1142 US-62704 Springfield, IL United States
Technical contact: Somjad Puangngern S Spring APT- C 1142 US-62704 Springfield, IL United States
Date of last registration: 07.05.1999
I'll leave it to other/.ers to dig further into the registrar databases to see the other domains you have taken, and then we'll decide whether you are a squatter or a noble cause.
silicon.com, advocates for closed source software! I knew there had to be one out there.
I was looking at these ads too, but now I'll look at them with a different point of view.
Check out their website, you'll need to log on to see anything interesting (hint, the anti-cypher is your friend) to see these gems
UK employees happy with big brother watching We like being spied on, says study by monitoring software company.
Microsoft UK MD blames Win2000 bugs on rivals But win2000 is closed souce, so how did those rivals plant those bugs in there?
Eric Raymond backs Linux profiteers Go ESR!
Consider this to be news lite. Nothing more than a handful of overworked and underinformed journalists who reformat press releases and trim them down into bite size newsbits. So this is where all those ex-Dennis people ended up (bring back Zero!)
If you have the patience, try loading one of their streaming videos. They are under a permanent slashdot effect, so the videos are best viewed by copying locally. The little chats they have with industry 'experts' can be quite hilarious, they are really nothing more than info-mercials.
Bandless wireless? I can type that fast sometimes:-)
I've installed and am testing GPRS for a project. I even got to choose some of the cell sites to upgrade, so naturally the best one just happens to serve my house:-) and the other my office, and since there is no billing on my circuit I can keep a 14kbps channel open from home to work all the time. It just supplements my other wireless project, and an ISDN circuit.
We're still using WAP over GPRS, because the business model means that every little bit of use is going to be charged for. All WDP packets are routed into a local WAP gateway machine, and only WAP traffic is allowed to pass from internet to handsets. There is also a pure data pipe application for companies, which BT/cellnet are already testing in the City.
I'm also trying to implement free (as in open source) versions of WAP/WDP, so that I can plug a linux box into my nokia and have a permanent IP connection. That would be useful for having email delivered instead of dialing up with fetchmail, xntpd could get stable, the works. I'm also hammering on the suits to make a very low cost or flat rate permanent GPRS so many people in remote locations can have a semblance of a permanent net presence. Then they could charge for the bursty traffic that a user would need occasionally. But suits have no vision, even if the figures are good and solid.
If you are looking to make a lot of money, get into the billing application business. BT, Boygues, and all the other GSM operators are trying to figure out how to charge for every packet crossing the ether, with extremely expensive packages for bandwidth hogs.
This cellnet offer will first be in the City, all the pico cell sites are in place and wired. But expect the suits to dither around for quite a while trying to figure out how to make the maximum $$$ (should be pound signs) out of early adopters. They are also going to use this offer as a big stick to extract many favors from OfTel before allowing the public to have it. BT is trying hard to make everyone hate them.
Are there any/. readers who were at the last WAP forum meeting last week which led to the fallout of GeoDorks with the rest of the forum? If you were there, email me, I need some good hard info to help put some pressure on the WAP forum to free up the protocols once and for all.
I've heard rumours that the meeting got really ugly, when the GeoFucks reps announced they were going back on their long standing promise to leave the protocol open and free. Last year the forum was told that GeoCracks had quietly sought patents on a lot of work done by all the members of the forum. There was a resolution passed requiring all members of the forum to disclose which parts of their work was going to be covered by IPR, patents, trade or service marks or anything else which would harm the status of a "free and open" protocol. I guess this is their announcement, I wonder if they wore eye patches and raised a pirate flag and threatened the others with cutlasses:-)
I heard that some of the big industry reps announced they are all leaving the forum if GeoSucks starts asking for any money. So if anyone has any inside info, let me know.
This could also mean that any attempt at creating OpenSource WML/WAP/WDP applications or drivers for L*nux or BSD could result in lawsuits like the DeCSS shit going on right now. Yes, this affects me directly, and those of us working on a free/illegal (choose one) version of the protocols.
There was just a report circulating (sorry, no URLs, this was a dead tree report I saw) from the ICAO Universal Safety Oversight Audit Programme discussing the banning of potentially explosive or flammable consumer electronics goods from all commercial flights. This report was just out in December, and all countries are required to show proposed laws by the next meeting sometime this year.
The report discussed the offer from a company (can't remember which) that makes the explosives detectors used in many airports. These are the machines which a security droid wipes the handle of your bag with a swab and sticks it inside a little detector. This company has developed a range of hand-held detectors to look for butane cigarette lighters and the exact same fuel-cells being developed by Motorola. They have petitioned the Safety Oversight Committee to create some regulations banning fuel cells and certain types of cigarette lighters. That way they can sell thousands of these detectors the moment the laws go into effect in a country.
Since there is money behind this, I would bet on their being some rules in place against fuel cells before the computer industry starts using them in any large quantity. A few years ago the portable computer manufacturers got together and forced the ICAO to drop a proposed international rule outlawing all portable computers from use in cabin. It was a close battle, since the portable computer industry didn't exist when the rules were first proposed, but the ICAO takes years to get all nations to adopt their new rules as law. It was literally at the last minute the manufacturers got together and fought.
There are still some countries (like switzerland) which require all passengers to check all electronics. Its a pain in the ass if you don't have a good solid computer bag, because your screen will tend to get broken. Now the main airlines flying out of Geneve have special handling for laptop computers, and will place all the laptops on a little cart behind the desk and store them in a special compartment in the hold.
I'd love to have a computer which would run for all 12+ hours of a long flight. I could work my way through most of a game of CivIII-CTP, or maybe even get some work done:-)
There are a lot of issues at stake with internet voting, and just because some people can make simple credit card purchases over the net doesn't mean something important like voting can just pop into existence without a lot of thought.
There are issues with ensuring only registered voters get to cast votes. Any simple system (SS number and Drivers License number) would be trashed in an instant by/.ers and any other rational person. It will require mailing a physical token to each registered voter who signs up for web-voting, at a minimum.
There are issues ensuring a registered voter only votes once, and their first vote stands. Vote early and vote often is humour everywhere outside of Chicago:-) That is why there is a physical voter list at each polling station and a requirement that the numbers balance with the number of ballots in the box.
Then there is the issue of anonymity. What happens if someone manages to collect a copy all the incoming votes, and can make a match between a vote and a person? It doesn't matter how strong the encryption is, at some point it has to be decrypted to be counted. Lets say someone compiles a list of all the people who voted one way on an emotional issue like a new imigration law, or a business issue like insurance reform, and then sold that list to insurance companies, employers, or credit research companies. All/.ers are certain that data would be mis-used at some point, its guaranteed to be abused if money is involved.
I think there will eventually be technical solutions to every one of the problems on the list, but it will take time to create good stable systems to withstand fraud and abuse. I agree that large scale internet voting should take a wait-and-see attitude, lets start with a few small municipal elections and thoroughly debug everything over a long period of time, then make it easier and easier to use before rolling it out.
the AC
Must hit submit now, there is a woman in the next office building doing a strip-tease, and a large crowd is forming around my desk. Who's got a digital camera when you need one?:-)
Several times I've been above fireworks shows in an airplane, and the fireworks just are not that spectacular from above.
The displays are designed for maximum effect of the audience on the ground near the show, both for lighting and acoustic effects. When viewed from a few miles away and a few thousand feet in altitude, the fireworks don't appear much brighter than all the city lights around them. And the effects only last a few seconds at a time.
There is an international pyrotechnics festival every summer on the French riviera, which allows nuts^H^H^H^Hfans like myself to watch fireworks from all different angles. Each show is launched from a barge anchored off the coast of different towns about once per week all summer. I've seen them from a boat directly under the bursts (the absolute best), from shore, from a small airplane nearby, from a commercial flight coming into Nice (good altitude), and from the mountains many kms inland. Once you get more than a few kms up and away from the bursts, they are mostly lost against any background city lights. If you are up in the mountains, and there is ocean behind the show, it still doesn't look all that good, but you can pick out the bursts. And if you are at 20,000 feet in a big plane, you really have to strain your eyes to see anytyhing.
The best photos would come from aerial photos, I doubt that even the best spy satellites would have a good enough resolution (rumoured to be 10-15 cm) to pick up individual stars in a burst (stars are usually 1-3 cm). But it would be a fun thing to try out:-)
Slashdot Mirror
Start by attacking any ISP in the UK who offers internet service to this company. At this point, all it takes is threatening to file a law suit, and the ISP will yank their access. It is legitimate to use words such as 'libel', since they may in the near future try to claim someone a criminal, which could then be proven in court to be libelous. Words such as 'cracking attempts' and 'illegal probing' can also be tossed out truthfully. When netPD have exhausted all potential connections in the UK, they will be forced to move their entire operation to another country, and start over again. It will take some perseverence to take them down, but the community is large, and the number of ISPs willing to take a stand against baseless litigation is rapidly diminishing.
:-) Any takers?
Complain to their upstream provider, about the excessive use of bandwidth caused by netPD. It might not get them blocked, but they could get bumped to a higher cost guaranteed bandwidth service, taking another chunk out of their revenue.
Track the methods they use to search napster, gnutella, and web sites. They are using some kind of spyder to crawl around and log hits based on their customer's heuristics. These bots/spyders could then be blocked at various points, freeing small sections of the internet from their insidious probing.
Enlist university administrators to help block netPD. Students who are running distributed file systems and fear being libeled or falsely accused by netPD should send a written request to the university network administrators to block outside access to netPD. Again, use carefully selected panic words 'illegal probing attempts', 'crack attack', and 'allowing netPD access could open the university to a lawsuit'. Tell them cracking/scanning attempts are coming from the subnet 62.254.209.128/25, and ask them to block it.
Create a standard template to exclude netPD from networks you control. Someone should write a one paragraph disclaimer which could be customised for each locale telling netPD to stay away, and promising to follow up any violations with a vigorous prosecution.
Bruce Ward, 23-year-old chief technology officer of NetPD sounds like this is a small failed Y2K pre-IPO company jumping onto a wave of free publicity. Not to put down 23-year-olds, but a company with an abrasive CTO like Bruse may not survive riding a big and dangerous tsunami very long, no matter how good surfers they think they are. He already rode another company into bankruptcy and several lawsuits.
He's been so bold as to register the address www.mp3police.com.
"We fully expect to upset people and our site will probably get hacked," he says.
This sounds likes a challenge to leave to the script kiddies. That server is physically located in a webhosting service in Dallas, Tx, USA, running a static page of Bruse's failed Y2K fixit company. Bruse has also registered mp3police.co.uk, which has been recorded scanning many legitimate sites, none of which are running napster or warez boards. Complaints have been circulating for a while, go scan deja for some more info. NetPD has even hit some totally innoculous honeypots and scanned them completely.
At this moment, netpd.com and netpd.net are still available from futuresite.register.com for a price
The challenge for those who want to see a free net is to attack netPD where it counts, their access, their financial well being, their status as vigilantes, and their reputation with any potential customers.
the AC
I run a number of honeypots spread around the internet, coupled with some additional active trackers to log probe activity. The goal is to identify script kiddies, and then use that information to block them from important sites. The honeypots are simple machines that look for any kind of network activity, and then signal that activity through a secondary channel. Active trackers in other locations then make a number of queries of the attacking machine, to figure out what it is running and possibly the identity of the luser. We also check with the NOC of the ISP, and they usually give us info on who was logged into that port at the time.
The amount of information collected is surprisingly easy to manage, and quite often turns up the same small group of wannabe crackers. It doesn't take much to rattle an upstream provider and get their connection yanked. When we get scans from schools, the administrators are usually very happy to help nail the idiot. We fight over who gets to be "detective chief inspector Gerry Fitzgerald of Scotland Yard" (a UK joke) when calling American uni's. The internet polices itself.
Many in the security world are building similar systems. Rumours have it the FBI's new cyber centre is building a large scale probe monitoring system. They have been quietly approaching a number of schools and large ISPs asking for names and addresses of certain users connected to cyber-crimes, exactly as we do. From my understanding of American law, this is perfectly legal for them to do during investigations, as long as they do not try to use this as evidence in a court case. They can collect any type of incriminating evidence and keep it forever, and will use it later to deny security clearances for stupid script kiddies who graduate and go looking for government jobs, or anonymously refer some to local authorities.
Honeypots and baiting services like ZeroPaid will increase in number. I don't expect one of them to become the next amazon or ebay, but there is a market out there for identifying crackers/script kiddies/pr0n addicts/alcoholics/junkies to law enforcement, employers and insurance societies.
the AC
I've tracked back some of the IP addresses they have posted. Some of them are dial up connections to ISPs, some trace back to .edu and seem to be static addresses.
Without matching the time and port to a specific user login at an ISP, this is mostly useless. But matching can be done quite easily, as most ISPs keep login records and will willingly give them over to law enforcement when asked or marketing research firms when paid.
This is good because it will make people a little nervous about using gnutella and similar distributed file systems to spread around questionable material. If it helps keep the worst pr0n and blatantly ripped copyrighted material off, then gnutella will be more acceptable in areas such as universities. PR stunts such as this will also raise the knowledge level of how anonymity on the internet is a rather dodgy concept. It is so very easy to track you through your IP address, but most of the clueless people believe the hype you are completely out of reach of repercussions when connected to the internet.
We'll have to see if other services like this one pop up, especially those who have an evil political agenda. Marketers who harvest IP info and match it up to other records in doubleclick to spam you more effectively. Imagine a company putting out files named "christs_love.txt", and seeing who DLs it, and then targeting them with religious ads. Or "suicide_help.doc", and then selling the results to insurance companies.
Expect to see more of this in the near future.
the AC
That should hold us for a while. Maybe until next year.
:-)
Of course, you can always have more than 1 disk. If you can't fit your boot loader onto a 2 Tb partition, you must be running an inferior OS
the AC
Yes, their web site is intentionally vague on the offerings.
You are right about the all the proprietary schemes they are using for the home offering. The modems use a proprietary windoze driver to connect to their servers, similar to how AOL works. Once you connect to theirs servers, then you can get access to the internet. Linux connections will not happen for a while, until someone gets desperate and hacks the protocols. They have some kind of proprietary authentication scheme as well, but I can't figure out when things get authed if the connection is always on.
The IP addressing is all on private IP numbers for now, and there is no direct routing to the internet. Its all NAT (ipmasq for the linux crowd), plus firewalls. What they wouldn't answer me was whether they would be actively scanning users machines for servers or any vulnerable open port. Its entirely possible this windoze driver does not allow a true IP connection anyways.
The Work service is also a joke, but at least they claim they will offer a 4 static IP addresses at some point in the future. You can NAT and hook up as many machines as you want for browsing and email. But there is still a firewall preventing any incoming sessions, so a company can't use this to set up a web server in their own building. The sales droids are now being trained on how to jump on any business customer who asks for this, and redirect them to a very expensive web hosting service.
Yes, we are stuck with this crap until OfTel gets some backbone and forces BT to behave like a responsible monopoly. Opening up the local loops hasn't killed any american RBOC, in fact their profits are the highest ever.
the AC
I doubted the claim of repo-men as well. But the wording indicated that the whole unit belonged to the company, or something to that effect. But this was all from memory from a couple of months ago, so I'll have to look again next visit.
But if the licensing of functionality can be 'repossessed' for non-compliance with the data harvesting of the unit, then that would be a bad thing. Is there anyone out there who has disconnected the unit from the phone line for a long period of time? Does it still work in manual mode?
If enough people have their units crippled, then a hack similar to the one starting this post would be a cool thing. An open source tivo that doesn't harvest data would certainly be just as valuable as a fully functional one. Plus the large disk hack for 160+ hours of storage would be cool, especially with a good indexing system. Then you could store a dozen of your favorite movies and watch them to death without wearing down your tapes.
As an aside, when I was a student in the US, the cable company would regularly send people around to try and reclaim their boxes. Mostly happened at the end of semesters, and the guys were pretty agressive about it. They'd knock and get into the apartment under any kind of pretense, and once inside they would demand pretty loudly the return of the box. It was kind of stupid, since we didn't have a TV in our place, just a computer and terminals. But a previous tennant had kept the box, and our address never got out of their system. The repo-men were pretty cool once we gave them a tour of the apartment, but one of them couldn't understand how anyone could live without TV. We had 1200 baud modems in those days, and would waste our evenings on multi-player ASCII trek games.
the AC
If you go and read "the cuckoo's egg" by Cliff Stoll, find the part where he mentions the cracker is looking for something called KeyHole 11.
The NSA guy goes pale when he hears that. Cliff asks him what it means, and the guy says that KH11 is the same as the Hubble, only it points at the earth. Cliff does the math for what the optical properties would be (badly, he later admitted, because he didn't take into account adaptive optics and a dozen other well known tricks), and comes up with the resolution for what a Hubble sized telescope could see on the ground, 8-15 cms.
Over on sci.military and alt.conspiracy the story maintains that in the 60's, the NRO had brought in some astronomers to create a telescope that could spy on the earth with great precision. The astronomers created at least 12 of them, each bigger and better than the last. But the optics and communications packages were made for looking downwards, and the astronomers were dying to point it at stars. They carefully leaked a lot of the design specs to others starting in the 70's. This got turned into congressional funding, and eventually the single Hubble was created. Rumour has it the hubble and keyhole satellites share an almost identical design, only the sensor packages and civilian communication packages are different.
the AC
Well, this unit was bought in Virginia, the first state to pass the UCITA law overturning centuries of consumer protection laws. It seems it doesn't matter if they 'bought' the unit, they have 'licensed' the functionality, and the license can be revoked at any time leaving them a worthless box.
The box will only record shows that are listed by their service. I had difficulty getting it to record c-span and one of the local access shows (wayne's world lives) because the individual programs weren't coded in the national database.
the AC
Family members in the US just got a tivo. Neat little toy, even if the loss of picture quality grates on my nerves a little. Great for the quick rewind of live tv shows.
:-)
I looked through the documents that came with it, and realised they do not actually own the box, it is being licensed. The telephone connection is required to keep the box operating, and unplugging it for some length of time will render the box unusable. If the unit does not call in after a certain amount of time, they claim they will repossess the box. If any tampering is done to the box, criminal charges will be brought with no exceptions.
Heck of a bad time to buy my nephew a tool kit with secure torx wrenches
the AC
I travel 40+ weeks each year, and I've always got my laptop with me. 'Course, its how I make a living :-) I sometimes carry other equipment, cameras, signal analysers or radios.
:-)
The one big advantage to traveling with a digital camera is that you will take tons of pictures of things you wouldn't waste film on. Especially if you can store hundreds of them to your hard disk, and email them to the friends you were thinking of when you saw the shot.
Customs agents the world over have the highest incidence of brain spasms you will ever see. Logic and common sense go out the window whenever they are presented with something out of the ordinary, and it can be a real hassle getting your equipment back. Twice in the last few years I've had my equipment seized flying into Paris, and once into Heathrow. It takes a lot of work over a period of days or weeks to convince the idiots to give back your equipment, and they will usually tack a on import duty. Less bureaucratic countries will just seize your stuff until you pay a random import duty 'ransom', which you can usually do in just a few minutes. Computers are starting to be accepted, but any accessories, especially digital cameras and mini-disc players, get snagged. You have to provide proof that the same camera is available for retail sale in the country, so avoid the latest and greatest.
Carry your expensive stuff in a battered looking small backpack, similar to a book bag. This hides the fact you have something heavy (==expensive) to attract thieves. DO NOT carry your equipment in heavy duty protective cases, especially Zero Haliburton or Pelican. Those cases attract a 100% response from the drug agents, and the dogs are often trained to sniff out drugs sealed inside those style of cases, so they sound just on visual and you will get strip searched. After a few times when it takes you 12 hours to cross a border and your friends crossed in 12 seconds, you will toss the expensive case.
My best suggestion is to travel with a cheap old laptop that you don't care if it gets stolen or smashed. Because on a 6 month trip, I'd say the odds of it returning in one piece are pretty low. Don't risk a brand new vaio. And buy the occasional disposable camera with a flash, for carrying to the beach or disco or other places where a valuable camera would be gone in an instant.
The disadvantages of traveling with a ton of film is that they all go through x-ray machines repeatedly. A few times and you can't see the fogging except in controlled tests, 10 times and the fogging is slightly noticible, 30 times and you will have trouble recognising half your shots. Just buy film during the trip, and get it processed locally and then mail the negatives back home. You can give away the prints to the pretty girls you meet along the way
the AC
So funny you would mention Kerouac, had a long discussion about him this weekend.
I'll second sdelmont's recomendations, with some clarifiers.
:-) Any attempt to run a cell capable modem over GSM will result in 1200 or 2400 baud connections, quite a waste of bandwidth.
/. stories. Some of the more clued in cafes run DHCP and have a few ethernet connections for travelers with their own laptops, and charge you the same per hour. Print out and laminate all the options for pump/dhcpd before leaving the house, know your tools. AND REMEMBER, don't log in as root on your home box from a cybercafe!
Avoid getting a cellular capable modem if you are going with the GSM option. Most GSM phones have a 'modem' built in, I put modem in quotes because what they are offering is a modem-like interface (ATDT+44171...) to the pure 9600 baud bitstream of GSM. Sometimes you can get 14400, but only in civilised countries
I swear by nokia phones right now, the 6150 is the best 2-bander on the market. You can do PPP connections through the IR port, but its best to get the serial port cable, do a quick search on the web for how to get the cable without paying for the windoze software.
There are 2 GSM phone regions, US/Japan, and everywhere else. So buy your phone at your first stop outside the US, don't even think of renting the cost will kill you. In some countries you have to buy a service plan with the phone, so shop around on the web before leaving. Best idea is to get a service plan from a cheap country, either norway or england. It might be impossible to get service in some countries without having a provable permanent address there (france, UK, germany).
The best thing about getting a GSM phone with an international roaming account is that you will have a phone with you at all times so you can give that number out to your family and a select few friends. Although the caller pays the first hop, if you are in another country besides the one of your service, you will pay the additional roaming hop, and that runs about $1/minute.
Avoid the 'no bills' pre-paid GSM cards you will see all over europe. None of them currently offer international roaming, so when you move on you'll be screwed. Most of them don't even allow the phone to be used in data mode. The nice thing about the pre-paid cards is that they have created a used phone market, and you can sell your GSM phone for 50%-75% of its original price when you are done with it.
Cybercafes are your best bet for most of the updating your website, at least for the text bits. The cost per hour is going to be a lot less than any dial in land line or GSM option. And you will have the leisure of filling out your hour by reading some
There are a lot of options for keeping connected when going walkies (walkabout for the antipodeans) so don't just restrict yourself to some cool but very expensive gizmo. And test your connection options before leaving, from a few cybercafes and libraries, you will learn that many machines will not have telnet or any other connection software except a filtered web browser.
the AC
Yes, the SMS services of GSM used to be free, back when it was almost unused and there were no gateways from the internet. I once had an almost continuous stream of messages going back and forth between a few phones as a security service, probably sent 39K messages total in 3 months. Remember the TCP over email tunnel? I had just started coding an IP over SMS driver for linux when SMS charges started. But now almost all GSM providers charge for SMS, and especially SMS email gateway functions, either for a fixed number per month or per message.
Belgacom and Proximus have anti-spam features in place on their internet --> SMS gateways, and are starting to block thousands of messages per day from spammers. They both block all messages from UUNET and AOL and a few other well known spam relays, and don't even bother to look for legitimate messages from there. There are hundreds of 'trigger' mailboxes of dead numbers that nobody should be sending messages to, which is a good method of stopping spam pretty quickly before the customer service lines start to light up.
France telecom (itineris) have no such protection measures in place except for extremely rude and untrained front line customer reps. But the SMS service is now an opt-in pay up front service, so very few mailboxes are actually enabled. But for those who have the email --> SMS gateway paid for, expect a few spam messages per week. This is outlawed in france, but there is no enforcement because france telecom refuses to track down the sources. Most of the french spam comes from within france, and is for french businesses, so it wouldn't be very hard to find them and make a few examples.
the AC
From the Raleigh NC News and Observer newspaper of
02/11/2000
Schools to get program aimed at violence
RALEIGH -- Gov. Jim Hunt announced Thursday a comprehensive violence prevention program in the state's public schools that will employ a toll-free student tip line, a Web site and an awareness campaign.
The program is called Working Against Violence Everywhere, or WAVE. It is the result of recommendations from the Governor's Task Force on Youth Violence and School Safety.
Pinkerton Services Group, a division of the international security firm Pinkerton Inc., will staff and operate the toll-free line, (888) 960-9600, on which any student, parent or school staff member can notify authorities of school violence concerns.
Pinkerton and the Raleigh-based Center for the Prevention of School Violence have developed a contact list of school and law enforcement personnel in each of the state's school district who can be contacted if needed because of hot-line tips.
the AC
For some reason when I first read this I thought it was a strange field for the world-known security company to be setting foot in. Pinkerton's Inc is the company that specialises in armored car cash delivery, security guards for concerts, and consulting services for heavy duty physical security. Pinkerton Corp is a much smaller company specialising in data processing fraud control, and seems to have products similar to WAVE. Jon, can you find out who exactly this company is?
:-), why not let kids know they can get better grades by filing 20 reports during the school year. Hell, I didn't even think twice about helping my friends grow marijuana to make a few quid when I was young, and it was majorly illegal. A system like this which will give me a few dollars just for naming a name will be a no brainer.
I would think the upper management are already feeling the probes of a few high profile lawsuits, and are trying to feel out how bad it could come down on them. Perhaps their lawyers assured them the constitution of the US was repealed a few years ago, and this is perfectly legal. Perhaps they are being threatened with copyright infringement.
The shocking part of this program is offering incentives to kids to snitch out their classmates. Why stop at a few dollars or a T-shirt (I doubt they will be giving out Korn or Marilyn Manson shirts
Eventually you could make the system mandatory, every student has to make at least one anonymous claim against another before they can graduate. This was a basic skill taught in old communist East Germany by the Freie Deutsche Jugend, every student had to regularly make reports about fellow students, their families, and their neighbors. This action carried over into adulthood, making the entire country report on itself to the Stasi. Now this action is so ingrained in Ossies it is a big security problem for companies in Germany, and many companies have now instituted a no-ossie policy for all sensitive work, because corporate espionage is so easy with an ossie.
I can't see any kids wanting to wear a cap or T-shirt that would associate them with being a rat-fink, except for possibly a few misguided troublemakers. I can see an opportunity for knockoff shirts worn by the pranksters stating "I ratted out my friends for this T-shirt. Be nice to me or you are next"
What safeguards, checks and balances, neutral oversight, and legal penalties are in place to prevent abuse of the system, either by the government or students? If one of the Pinkerton Überwachen abuses the system for personal gain, will they face lengthy jail time? Will Pinkerton gather all the information on students in North Carolina (and maybe the whole US), and a few years down the road start selling that information to insurance companies or job research firms? If they do violate the law, will the president of Pinkertons go to jail? Somehow I doubt it.
Look further down the road after this system has students fearing to make a single misstep, and you can see this being used as a peer pressure tool by adolescents. "Suck me, you bimbo cheerleader bitch, or me and the whole football team will call WAVE and tell them about your suicidal tendancies" will have a lot of impact, especially on a young girl who may have already been put through the WAVE wringer because she is anorexic or once got depressed after a breakup.
A system whereby accusers can remain anonymous is wide open to abuse. On the internet we call it flamewars, trolling, spamming, sniping and a whole bunch of other bad names. We should know better, we can see how the internet is, which is why a system whose only output is to make students afraid is a very bad thing.
the AC
Fernando seems to have a rather limited understanding of the internet, routing, and DNS, and a little knowledge is a dangerous thing. But he has taken the right step by publishing and requesting the internet community to enhance it.
:-)
:-(
/dev/null for a while.
Here are a few points that make this proposal too simple for actually defeating Multi Sourced Denial of Service attacks, and puts an even greater strain on the internet. I also don't see any difference between an MSDoS and the slashdot effect.
DNS TTL=0
This defeats the purpose of caching, and would require all resolvers to pick up the A record from the authoritative DNS server of example.com for every new connection to the web site. Since no other DNS servers on the internet will cache a TTL=0, example.com's DNS machine had better be very beefy and have a huge pipe to the internet to handle the requests. Also, every client's resolver will cache the IP address for the duration of the connection, even TTL=0, so if the route changes then the connection breaks.
Imagine if all customers of eBay or CNN had to reconnect every time some script-kiddy triggered the MSDoS protection mechanism. Meta DoS!
Don't tweak with the DNS system, it works pretty well as it is (ignoring TLD politics)
The ISP may also stop publishing the route to 10.0.0. This probably has a cost on BGP disaggregation and routing updates
No, BGP route damping will kill this for all but route updates from adjacent ASes. It also means that every ISP has to keep two ranges of IPv4 addresses to drop one and switch to the other. Route aggregation will make this effect almost negligible more than 2 ASes away.
The internet runs on BGP, because it hides all the complexity of the internet from routers. So route flapping gets killed before it can be seen by neighbors.
For this technique to be effective, the ISP total bandwidth must be several times the bandwidth it sells to its customer
ROTFL! This kills the proposal dead. Just try telling an ISP to keep their upstream bw several X what they re-sell to their customers. No, DoS attacks happen pretty rarely given the amount of use on the internet, so better and cheaper to let the FBI go out and bust a few script kiddies every once in a while.
example.com should change its network structure to
Here the stub network is coming off of the ISP's main router, not example.com. So unless example has a good buddy relationship with its ISP to change router configurations on the fly, this won't work. I don't trust more than 2% of my customers to have the knowledge to set their own config on my kit. If they want a change, they come into my office and we sit down together and hash it out on test machines before committing anything. At the most, I might accept limited routing updates from them, but they would never be propagated into my BGP tables.
Perhaps you could show the stub coming off the border network. Cisco routers have a null device to drop packets into rather than wasting extra time trying to figure output routing. This is where the route to etoys.com used to go before they got smart
Its identity can be hidden by making it unresponsive to ICMP
This is done in many places, it still shows up as * * * in traceroutes, and the addresses can be pretty easy to figure out. Routers not implementing ICMP break the fundamentals of IP routing, which is a no-no but accepted as a deterrent to the stupidest skiddies on the net. Anyone with a little knowledge can figure out several ways to stealth ping a network device or to query adjacent devices. This has nothing to do with shunting MSDoS attacks.
Some slightly better solutions, generally recommended but not always followed
Anti-spoofing
The key characteristic of skiddy attacks is to hide the origins of the MSDoS attack. It is recommended in RFC2267 that access points be secured from source address spoofing.
Really, this level of checking should be done at every access router. But thats another layer of complex commands the ISP net admin's sometimes don't support. Convincing them to do it will require an ISP to be held responsible in court (and pay damages) for not properly configuring a router behind a modem bank and allowing a skiddy to run a DoS from one of their dial in lines. I've already consulted for lawyers who were looking into doing just that, but they realised most ISPs and universities are so low-profit they couldn't make a ton of money from the case.
Customer and university routers should be checking anti-spoofing in both directions, for security and to make DoS from your own networks less likely. Most places only do anti-spoofing on packets coming from the internet, but leave the outgoing packets unfiltered.
Even BGP border routers should verify the source address of a packet actually belongs in their domain. This can be done for stub BGP regions but it can't reasonably be implemented at tier 1 and 2 level with transit BGP regions.
If it were truly an MSDoS attack from rooted hosts all over the internet, then the attack could just use the real IP addresses and routing happens normally. This is what has been seen lately with TTFN and Trinoo, and makes detection that much harder.
Anti-smurf
Pretty much every router should not allow directed broadcasts to create a smurf flood, but many still do
Route control and choke routers
Any large customer along the lines of a Yahoo or CNN should be able to negotiate the purchase of an upstream choke router and an authenticated routing update mechanism for it. This would allow them to switch floods from their saturated link to a null device for a minute. They could then start to analyze what had just hit them, and create some quick-fix access lists for a special choke router.
Even smaller customers with some technical knowhow could be allowed to update their upstream router to shunt traffic to
The latest attacks don't rely on spoofed source addresses, SYN attacks, or any other filterable packets, making it easy to create filters for the rooted hosts IP address.
Routing updates would go through a separate link dedicated to management and routing, and wouldn't carry regular traffic. If example.com is big enough to attract an MSDoS, they could afford an extra 64k link to their network managers office.
There is a lot of work going on behind the scenes to make the internet a little more secure so our quake match^H^H^H^H^H^H^H^H^He-commerce isn't interrupted.
the AC
Anonymity has always been outlawed in France, this is the summary of a bill before the french national assembly to codify a law banning all anonymity on any internet service physically on french territory.
As this article points out, the law is not yet final, but one more vote will make it final. The bill was unopposed by the clueless elected officials, because it merely confirms the internet must follow existing french law.
The new law will require all web hosting services to verify the identity of every person putting a web page on their servers, and must turn over that identity to any person who ask for it, including any cop or government official, as well as any private citizen. There is no requirement to publish the web authors information on the web page, merely to maintain a copy and to give it out when asked. It also says that if the web site owner can't or won't turn over the identity of a user, then its 6 months in prison.
The immediate downside of this law if it passes is that altern.org will have to kick off all users, and only let back on those who can prove their identity in one of the ways acceptable to the french government (carte d'identity, permis conduire (driving permit), or passport, as well as proof of residency of a current phone or electricity bill).
As Valentin points out, if this law passes in france, then it could quite well become law in all parts of the EU. That is frightening, but might happen.
The uncertain thing is what happens to people in other countries using french web hosting services and cant travel to france to prove their identity. As the law is currently written, french web hosting can only allow identified users on french soil, and all others must be kicked off.
ahhh, c'est les francais
the AC
I've worked in the US quite a number of years, and have now returned to europe to ply my trade over here. The euros *LOVE* anyone with silicon valley experience. The clued-in startups absolutely worship US/Canadian bred entrepreneurs.
I know quite a few americans who are working in europe in various hi-tech jobs. Most are doing it for the adventure and experience or because they met a special someone. None of them are doing it for the money. No pay scale in europe even comes close to what you can make in the US, and unless you are working for an american company, stock options are unheard of.
All of the 'merkins agree they are learning more and having more fun than if they stayed with their careers in the US. The biggest complaint is the lack of innovation and tendancy towards socialism over here. It doesn't matter how good or bad a job you do, everyone's careers plod along at the same pace. Any euro who wants to make a great leap in their career goes to the US.
If you get a few years of international experience under your belt on top of some US hi-tech, then you can always go back and write your own ticket. Many companies are desperate to expand their markets beyond the border, because they have to keep a 20% growth rate per year and they can't do that forever inside the US. So they look to places like europe and china, and if you walk in their door with a good proposal and some experience, they hire you to go develop the market.
I'm working a job right now where I travel 20 days per month around the world, in the office only about 1 week in 10. The pay is good, but I could be making twice as much in an american company. However, I get 7 weeks vacation per year, plus unbeatable healthcare (100% coverage and no HMO hassles) and belgian beer is cheap.
the AC
is to plead your case in front of the slashdot community. Ok, you've done that.
:-)
/. thread...
/.ers to dig further into the registrar databases to see the other domains you have taken, and then we'll decide whether you are a squatter or a noble cause.
The next step is for the slashdot community to check out your claim, flame Jon Katz, moderate down firstposters, discuss trivial unrelated details, and finally come to a rough consensus.
If your claim seems just, we will rally to your defence, spreading the word of Coca-Cola Corporation's big bully tactics, mirroring your site on australian television, and attempting to correct clueless journalists on why you are right and why hacker!=cracker.
If you are nothing more than a domain squatter looking for sympathy, then you are TSOL (except for a handful of hotgritters who will believe anything
-=0=-
Jumping to the tools immediately at hand, we find the following facts to start a proper
DNS shows no current IP address for coke.ch or www.coke.ch, so you have no website up for us to take a look at. Thus all other tools like traceroute and netcraft are useless.
WhoIs produces
Domain name:
coke.ch
Holder of domain name:
Somjad Puangngern
S Spring APT- C 1142
US-62704 Springfield, IL
United States
Technical contact:
Somjad Puangngern
S Spring APT- C 1142
US-62704 Springfield, IL
United States
Date of last registration:
07.05.1999
I'll leave it to other
the AC
silicon.com, advocates for closed source software! I knew there had to be one out there.
I was looking at these ads too, but now I'll look at them with a different point of view.
Check out their website, you'll need to log on to see anything interesting (hint, the anti-cypher is your friend) to see these gems
UK employees happy with big brother watching
We like being spied on, says study by monitoring software company.
Microsoft UK MD blames Win2000 bugs on rivals
But win2000 is closed souce, so how did those rivals plant those bugs in there?
Eric Raymond backs Linux profiteers
Go ESR!
Consider this to be news lite. Nothing more than a handful of overworked and underinformed journalists who reformat press releases and trim them down into bite size newsbits. So this is where all those ex-Dennis people ended up (bring back Zero!)
If you have the patience, try loading one of their streaming videos. They are under a permanent slashdot effect, so the videos are best viewed by copying locally. The little chats they have with industry 'experts' can be quite hilarious, they are really nothing more than info-mercials.
the AC
Bandless wireless? I can type that fast sometimes :-)
:-) and the other my office, and since there is no billing on my circuit I can keep a 14kbps channel open from home to work all the time. It just supplements my other wireless project, and an ISDN circuit.
I've installed and am testing GPRS for a project. I even got to choose some of the cell sites to upgrade, so naturally the best one just happens to serve my house
We're still using WAP over GPRS, because the business model means that every little bit of use is going to be charged for. All WDP packets are routed into a local WAP gateway machine, and only WAP traffic is allowed to pass from internet to handsets. There is also a pure data pipe application for companies, which BT/cellnet are already testing in the City.
I'm also trying to implement free (as in open source) versions of WAP/WDP, so that I can plug a linux box into my nokia and have a permanent IP connection. That would be useful for having email delivered instead of dialing up with fetchmail, xntpd could get stable, the works. I'm also hammering on the suits to make a very low cost or flat rate permanent GPRS so many people in remote locations can have a semblance of a permanent net presence. Then they could charge for the bursty traffic that a user would need occasionally. But suits have no vision, even if the figures are good and solid.
If you are looking to make a lot of money, get into the billing application business. BT, Boygues, and all the other GSM operators are trying to figure out how to charge for every packet crossing the ether, with extremely expensive packages for bandwidth hogs.
This cellnet offer will first be in the City, all the pico cell sites are in place and wired. But expect the suits to dither around for quite a while trying to figure out how to make the maximum $$$ (should be pound signs) out of early adopters. They are also going to use this offer as a big stick to extract many favors from OfTel before allowing the public to have it. BT is trying hard to make everyone hate them.
the AC
Are there any /. readers who were at the last WAP forum meeting last week which led to the fallout of GeoDorks with the rest of the forum? If you were there, email me, I need some good hard info to help put some pressure on the WAP forum to free up the protocols once and for all.
:-)
I've heard rumours that the meeting got really ugly, when the GeoFucks reps announced they were going back on their long standing promise to leave the protocol open and free. Last year the forum was told that GeoCracks had quietly sought patents on a lot of work done by all the members of the forum. There was a resolution passed requiring all members of the forum to disclose which parts of their work was going to be covered by IPR, patents, trade or service marks or anything else which would harm the status of a "free and open" protocol. I guess this is their announcement, I wonder if they wore eye patches and raised a pirate flag and threatened the others with cutlasses
I heard that some of the big industry reps announced they are all leaving the forum if GeoSucks starts asking for any money. So if anyone has any inside info, let me know.
This could also mean that any attempt at creating OpenSource WML/WAP/WDP applications or drivers for L*nux or BSD could result in lawsuits like the DeCSS shit going on right now. Yes, this affects me directly, and those of us working on a free/illegal (choose one) version of the protocols.
the AC
There was just a report circulating (sorry, no URLs, this was a dead tree report I saw) from the ICAO Universal Safety Oversight Audit Programme discussing the banning of potentially explosive or flammable consumer electronics goods from all commercial flights. This report was just out in December, and all countries are required to show proposed laws by the next meeting sometime this year.
:-)
The report discussed the offer from a company (can't remember which) that makes the explosives detectors used in many airports. These are the machines which a security droid wipes the handle of your bag with a swab and sticks it inside a little detector. This company has developed a range of hand-held detectors to look for butane cigarette lighters and the exact same fuel-cells being developed by Motorola. They have petitioned the Safety Oversight Committee to create some regulations banning fuel cells and certain types of cigarette lighters. That way they can sell thousands of these detectors the moment the laws go into effect in a country.
Since there is money behind this, I would bet on their being some rules in place against fuel cells before the computer industry starts using them in any large quantity. A few years ago the portable computer manufacturers got together and forced the ICAO to drop a proposed international rule outlawing all portable computers from use in cabin. It was a close battle, since the portable computer industry didn't exist when the rules were first proposed, but the ICAO takes years to get all nations to adopt their new rules as law. It was literally at the last minute the manufacturers got together and fought.
There are still some countries (like switzerland) which require all passengers to check all electronics. Its a pain in the ass if you don't have a good solid computer bag, because your screen will tend to get broken. Now the main airlines flying out of Geneve have special handling for laptop computers, and will place all the laptops on a little cart behind the desk and store them in a special compartment in the hold.
I'd love to have a computer which would run for all 12+ hours of a long flight. I could work my way through most of a game of CivIII-CTP, or maybe even get some work done
the AC
Ladies and Gentlemen, the next president of the United States is:
:-)
Hemos the Hamster
who just beat out Hank, the Angry, Drunken Dwarf, by 1.2% of the vote
Bwahahahahahahahaha
Ok, someone has to get back to work now
the AC
There's never enough moderator points around for all the good humourous posts
There are a lot of issues at stake with internet voting, and just because some people can make simple credit card purchases over the net doesn't mean something important like voting can just pop into existence without a lot of thought.
/.ers and any other rational person. It will require mailing a physical token to each registered voter who signs up for web-voting, at a minimum.
:-) That is why there is a physical voter list at each polling station and a requirement that the numbers balance with the number of ballots in the box.
/.ers are certain that data would be mis-used at some point, its guaranteed to be abused if money is involved.
:-)
There are issues with ensuring only registered voters get to cast votes. Any simple system (SS number and Drivers License number) would be trashed in an instant by
There are issues ensuring a registered voter only votes once, and their first vote stands. Vote early and vote often is humour everywhere outside of Chicago
Then there is the issue of anonymity. What happens if someone manages to collect a copy all the incoming votes, and can make a match between a vote and a person? It doesn't matter how strong the encryption is, at some point it has to be decrypted to be counted.
Lets say someone compiles a list of all the people who voted one way on an emotional issue like a new imigration law, or a business issue like insurance reform, and then sold that list to insurance companies, employers, or credit research companies. All
I think there will eventually be technical solutions to every one of the problems on the list, but it will take time to create good stable systems to withstand fraud and abuse. I agree that large scale internet voting should take a wait-and-see attitude, lets start with a few small municipal elections and thoroughly debug everything over a long period of time, then make it easier and easier to use before rolling it out.
the AC
Must hit submit now, there is a woman in the next office building doing a strip-tease, and a large crowd is forming around my desk. Who's got a digital camera when you need one?
Several times I've been above fireworks shows in an airplane, and the fireworks just are not that spectacular from above.
:-)
The displays are designed for maximum effect of the audience on the ground near the show, both for lighting and acoustic effects. When viewed from a few miles away and a few thousand feet in altitude, the fireworks don't appear much brighter than all the city lights around them. And the effects only last a few seconds at a time.
There is an international pyrotechnics festival every summer on the French riviera, which allows nuts^H^H^H^Hfans like myself to watch fireworks from all different angles. Each show is launched from a barge anchored off the coast of different towns about once per week all summer. I've seen them from a boat directly under the bursts (the absolute best), from shore, from a small airplane nearby, from a commercial flight coming into Nice (good altitude), and from the mountains many kms inland. Once you get more than a few kms up and away from the bursts, they are mostly lost against any background city lights. If you are up in the mountains, and there is ocean behind the show, it still doesn't look all that good, but you can pick out the bursts. And if you are at 20,000 feet in a big plane, you really have to strain your eyes to see anytyhing.
The best photos would come from aerial photos, I doubt that even the best spy satellites would have a good enough resolution (rumoured to be 10-15 cm) to pick up individual stars in a burst (stars are usually 1-3 cm). But it would be a fun thing to try out
the AC