What I'm trying to get at is that with Flash and similar technologies, I can just remove the plugin or disable it in the browser. But with an AJAX or any other interface that uses ECMAScript, it might well be possible to deliver attack code. People forget it's called JavaScript because it's a similar syntax, but it is NOT sandboxed like real Java applets.
Do others use such spam-bot blockers?
on
HTML Encoded Captchas
·
· Score: 2, Interesting
I've had sessions that took an inordinately long time to initialize with various web service providers (it's very noticeable on dial-up.) I'm wondering whether similar techniques might be used to attack rather than defend, possibly including rogue AJAX code.
I'm sure they are happy about it, as they're the ones paying for it.:)
No one mentioned it being corporate bandwidth or people surfing at work, did they?
Here in Saskatchewan GMail access was horrendously slow this morning, and access to other web sites has been very inconsistent and unreliable. Having to refresh pages a few times was not uncommon throughout the day, and has often been a problem throughout the holiday season.
Too many script kiddies on the 'net during the holidays around the world that harass people and damage systems for giggles; never mind the serious industrial espionage or government agents that could do some real damage while everyone thinks it's bored university students on vacation.
The point is not that they'd be "better" experts, but that they've proven their willingness to maintain secrecy. That is a big concern for companies that use a closed-source model.
Personally I think exposing code to legal system or government agencies in such a fashion might prove a far more effective means of dealing with IP infringement claims than expensive multi-year trials such as the SCO debacle.
Sometimes sensitive information is examined by experts behind closed doors, similar to a meeting in the Judge's chambers for a rape or abuse trial. There are many technology experts with security clearance for the military and other environments who have sworn and demonstrated their willingness to maintain silence.
Why not have them examine the code and submit a report?
What I envision are n-tier applications with data mirroring/backup nodes. You'd have a local database on your machine for performance, and some form of replication or detached synchronization process pushing changes to a corporate, ISP, or web service. If your node goes belly up, you reimage or reinstall and refresh from the archives.
Add in some of the peer redundancy that BitTorrent or financial systems use, and the corporate/ISP nodes could do a distributed backup as well. For example, sk.ca nodes might be backed up by mb.ca and ab.ca nodes. mb.ca might be backed up by sk.ca and on.ca, and so on. The actual peering would depend on the specifics of the data.
Of course that means the corporate/ISP nodes must implement very strong information privacy, encrypted backup tapes, and secure id systems.
As an added benefit, some business processes could be automated behind the scenes. Sales systems databases could have daily batch runs to submit EOD sales taxes and such. Inventory systems might automate ordering for warehouses, retailers, and manufacturing.
Do you realize that if the trucks stop delivering to a modern auto manufacturing plant, the entire production line stalls within 15-30 minutes? JIT means no parts warehouse, but it trades off the inventory expense for the risk of a supply line disruption.
What is wrong with different regions having local sports?
Hockey was predominantly a Canadian and northern US game that gradually spread in popularity. Basketball isn't an old game. Some catch on, some don't, but that doesn't mean that "failures" like arena football don't have their fans.
I prefer seeing sports that pit competitors one on one, or which otherwise test the individuals skills, like Olympic judging. But I can see the value of team sports and the comparison between US-style football and a variant on chess where the board is cleared/reset between each move/scrimmage.
And before anyone keeps ragging on the cheerleaders, they should take a look at what those ladies actually go through during auditions/tryouts, practice sessions, etc. I see no physical challenge difference between a professional cheerleading squad and most of the gymnastics in the Olympics. It's just a team version, and they even have competitions.
One fellow mentioned feeling guilty because the CFL cheerleaders are "kids" and "young girls." While a very few 17-18 year olds make it, the majority are in their twenties IIRC. Nor is it a bad business move for them -- Paula Abdul leveraged the exposure of cheerleading to build a tidy career for herself.
Transportation and urban planning are ever more important as the population density increases.
Click on over to Google earth and take a look at Brampton, Ontario. Much of the layout was done by one or a very few companies, incorporating a central mall complex, housing districts with traffic calming that doesn't require speed-bumps and lights, green spaces, parks, walk/bike paths, etc. You can actually bicycle through most of that area in the nicer seasons without actually being on the same road as motor vehicles.
Those ideas are still valid today. Why have so many cities gone back to boring and ineffective grids?
I agree. We shouldn't have to risk harassment from the *AA for exercising rights that have been granted to us by precendence in different countries, especially those which find their root in UK/Commonwealth legal systems.
It's unfair to expect the individual consumer to fend off such attacks, and insulting to the intent of law to allow the attacks to occur in the first place. The *AA and the various DRM fans are responsible for developing products and solutions/proposals that are compliant with the laws of their target markets, and should not be trying to shove their vision down our throats just to protect oligopoly and monopoly economic models.
The same goes for all industries. Why else has the EU so soundly rejected US proposals to make their patent database a global starting point for managing IP? It's stuffed with speculative junk patents.
Delta-V kills, not speed. The only exception are idiots who drive far too fast for road conditions. The GTA traffic often rips along at 120kph with a car length between vehicles (because dough-heads cut everyone off otherwise), with narry a collision. I hate following vans and SUVs because I can't see a few cars ahead to monitor for brake lights up ahead.
The deadliest highway I ever drove on a regular basis was I-4 in Florida. The traffic from Altamonte Springs to downtown Orlando was a nightmare mix of GTA/Montreal/New York style bumper-to-bumper drivers with mid-westerners who expect to have a quarter mile of clear highway ahead of them.
I learned to drive on Saskatchewan grid roads and multi-month ice on the highways. Why do you think virtually all race car drivers come from rural areas?
I think Feynman is on to something. Working with "fresh blood" means you hear a lot of out-of-the-box questions and ideas, any one of which could become the seed of future technology. Students who just study in isolation and miss out on the socialization of a campus don't get that cross-pollination of ideas.
Then there is the old adage by one of the American inventors about 1% inspiration and 99% perspiration. In an academic environment, researchers only take technology far enough to prove it can be done. In the real world, you have to exercise the boundary conditions to ensure that a solution actually works. That can take many more years than the initial research or concept did to develop.
While I knew that I could theoretically produce any non-column-delineated ASCII text as output, I wasn't satisfied with that. I did prototypes of C/C++, various RDBMS schema creation script bundles, Java 1.0-1.5, IDL skeletons, XSD skeletons, JDBC, J2EE5/EJB3, GNU makefiles, and ant scripts. Each experimented with slightly different architectural ideas so that I could also determine which approaches would be the most flexible for eventually defining a common CORBA/IDL data backbone with multiple client language accessors.
I'm still focusing on Java5/JDBC for the consolidation of the best-of-breed ideas from all those prototypes. Once that is done and working under an alpha project or two with Tomcat, then I can resume the J2EE5/EJB3 layer that allows n-tier distributed clusters. Anything more than that will have to be fleshed out by other people, as I'm just not egotistical enough to think I'm an expert in everything I've worked with.:)
Long term, I see the Java consortium as a good model for deployment, so that no one company can dominate the market and destroy competing economies.
If they act anything like Canadian Parliament used to, they should be embarassed. They're far too old to be acting like kindergarteners fighting over scraps of pork-barrel lunch.
Taxes from the general public pay the politicians and all government services. The people own the media, not some artificial corporation designed to get around FOI legislation.
Way back in University, I was sitting around and chatting with T.D., my lab partner for the University of Saskatchewan compiler course taught by J. P. Tremblay. Our project was written in C, and compiled an input language to a LISP output. One of us commented that in theory, one could compile anything to anything.
Over the years, my lab partner ended up becoming a full professor himself. He was part of a team that developed some impressive reverse engineering and refactoring software that ran on a cluster of Macs, taking a couple weeks to do about 85% of the conversion (or so he says.) I didn't even try to understand any details, and he was merciful enough not to try to explain. The resulting company ended up being tied up in legal hassles due to a greedy investor out for short term profits instead of long term vision or R&D.
Over the years, I kept banging away at that same tough nut of an anything to anything compiler, but I focused on a subset of the problem and used completely different approaches based on my own practical work experience as well as the solid foundation I'd received in University 300 and 400 level courses.
What is the "schedule" for such work, or for taking it to a near-production state? Even my corporation (created to allow tax writeoffs as a consultant, though I tried to come up with a more grandiose reason in some prototype websites) has no stake in a "project" that has taken twenty years and an uncounted number of failed attempts before I finally cracked the problem.
True enough. But people and all sorts of organizations have a responsibility to get the whole picture instead of taking fragments out of context. Otherwise their ire could lead them to stepping into a defamation suit.
The only difference between "social networking" on a forum or one of the Web 2.0 sites and the chit-chat in a local coffee shop is that everyone can hear the gossip and commentary unless the content is deleted. Even then, archive sites still sometimes keep copies of the "embarassing" content.
If you're not willing to take the heat of people looking for someone to blame or hate, don't post. And never, ever forget about issues like libel and slander, because even the best of wisecracking comedians get tagged as producing "hateful" material by people and groups that have a chip on their shoulder.
The site, run by a Robert Davis, provided links directly to live feeds of 'Supercross' events streaming from the SFX Motor Sports site.
In other words, the ruling was over streaming media, not static or dynamic page content. There were earlier rulings on the same type of issue for static and dynamic page content.
People forget there are expenses for the ISP to upload the content that users download. I worry more about whether there is any double-dip billing going on for the data transfers.
If someone is charged in one country for what is done with servers located in another country, it stands to reason they're liable for what they did in the origin country. International treaties specify information sharing between various security and police forces, so any company has to comply with such requests. If a country signs up to an international treaty, then the people and businesses in that country have to abide as best they can.
Think about it -- sysadmins and servers are scattered around the globe, but the corporations that manage them have to comply with the law in each country they have offices in. It doesn't matter whether that country has servers located elsewhere -- they're just tools.
I don't think I worked in the US pre-breakup, but over the years my landline phone services in both the US and Canada came down a lot in price. Internet prices in Canada have come down over time as the infrastructure got built out and less had to be collected to pay for capital investments.
Fortunately, our telcos and cable companies have remembered to include infrastructure maintenance and upgrade budgets, and used them properly.
Those requirements generally insist that companies offer service to all the residents in the town, rather than cherry-picking the profitable areas
One advantage of crown corporations, co-operative businesses, and similar structures is that the protectionism gets shifted to customer service and competition. If the US keeps going the way they are in this regard, I forsee them falling way, way behind the rest of the world.
Circumvention and trafficking circumvention tools are not copyright infringment, they are simply criminal.
Yes, a lovely little Catch-22 they've tried to set up there, but the earlier precedent should be a priority IMNSHO.
To my way of thinking, there are two directions to the legal timeline. Sometimes there legislation is added to clarify earlier situations, other times it's intended to replace existing legislation. But if there is no clear statement that earlier legislation is repealed, I would think that the earlier society has argued a case, the more important it was to society.
Subsequent legislation sometimes clarifies the positioning of new technologies, but like statistics, it's important to make reasonable comparisons.
The technology was funded via DARPA, but the infrastructure was built out by companies. As the taxpayer paid to create the technology, it was placed in the public domain so the whole of society could benefit.
That has nothing to do with whether mail is private or not, and precedence says (at least in Canada) that the post office can't just open mail without warrants or wartime measures in place. I see no difference between trusting the sysadmins of emails services and trusting the postal workers.
Your letter travels public highways in the postal service. Your email travels between nodes the same way. Just because someone could steam open an envelope never made it legal.
The disclaimers are just paranoid legal risk-covering.
I know a lot of people using Debian and other distros. With the OSS licensing, I don't see why Debian doesn't get more respect for focusing on stability.
Everyone knows DARPA kicked it off, the telcos carried it forward, and other carriers joined in. Publicly funded research and development like DARPA are usually shared around the world, just like ISO, ANSI, or POSIX standards. Just because a standard was funded by one government doesn't mean that they didn't intend to share.
Including phrasing that hints at restricting discussion or debate would make it illegal for New Zealanders to discuss such topics even on Slashdot. It is not a warrant to shut down a particular site, but any site with such discussions.
I don't recall Canada having a DMCA making it illegal to discuss how we are to exercise our rights to record personal media libraries from broadcasts, or how we are to exercise our rights to lend media to friends. (Share was an inaccurate phrasing.)
How are we to mail copies of DVD successor technologies as is our right? The nation of birth is the nation that defines the personal rights granted to an individual, is it not? The consulates are to help with those rights under the Geneva conventions, should they get in trouble on foreign soil.
What I'm trying to get at is that with Flash and similar technologies, I can just remove the plugin or disable it in the browser. But with an AJAX or any other interface that uses ECMAScript, it might well be possible to deliver attack code. People forget it's called JavaScript because it's a similar syntax, but it is NOT sandboxed like real Java applets.
I've had sessions that took an inordinately long time to initialize with various web service providers (it's very noticeable on dial-up.) I'm wondering whether similar techniques might be used to attack rather than defend, possibly including rogue AJAX code.
I'm sure they are happy about it, as they're the ones paying for it. :)
No one mentioned it being corporate bandwidth or people surfing at work, did they?
Here in Saskatchewan GMail access was horrendously slow this morning, and access to other web sites has been very inconsistent and unreliable. Having to refresh pages a few times was not uncommon throughout the day, and has often been a problem throughout the holiday season.
Too many script kiddies on the 'net during the holidays around the world that harass people and damage systems for giggles; never mind the serious industrial espionage or government agents that could do some real damage while everyone thinks it's bored university students on vacation.
The point is not that they'd be "better" experts, but that they've proven their willingness to maintain secrecy. That is a big concern for companies that use a closed-source model.
Personally I think exposing code to legal system or government agencies in such a fashion might prove a far more effective means of dealing with IP infringement claims than expensive multi-year trials such as the SCO debacle.
Sometimes sensitive information is examined by experts behind closed doors, similar to a meeting in the Judge's chambers for a rape or abuse trial. There are many technology experts with security clearance for the military and other environments who have sworn and demonstrated their willingness to maintain silence.
Why not have them examine the code and submit a report?
What I envision are n-tier applications with data mirroring/backup nodes. You'd have a local database on your machine for performance, and some form of replication or detached synchronization process pushing changes to a corporate, ISP, or web service. If your node goes belly up, you reimage or reinstall and refresh from the archives.
Add in some of the peer redundancy that BitTorrent or financial systems use, and the corporate/ISP nodes could do a distributed backup as well. For example, sk.ca nodes might be backed up by mb.ca and ab.ca nodes. mb.ca might be backed up by sk.ca and on.ca, and so on. The actual peering would depend on the specifics of the data.
Of course that means the corporate/ISP nodes must implement very strong information privacy, encrypted backup tapes, and secure id systems.
As an added benefit, some business processes could be automated behind the scenes. Sales systems databases could have daily batch runs to submit EOD sales taxes and such. Inventory systems might automate ordering for warehouses, retailers, and manufacturing.
Do you realize that if the trucks stop delivering to a modern auto manufacturing plant, the entire production line stalls within 15-30 minutes? JIT means no parts warehouse, but it trades off the inventory expense for the risk of a supply line disruption.
It also means that even if physical evidence is seized, the people won't be able to get at the data necessary to prove graft or corruption. :(
The governments wanted a repository of keys, a back door to spy on the population. Turn about is fair play.
Bend over.
What is wrong with different regions having local sports?
Hockey was predominantly a Canadian and northern US game that gradually spread in popularity. Basketball isn't an old game. Some catch on, some don't, but that doesn't mean that "failures" like arena football don't have their fans.
I prefer seeing sports that pit competitors one on one, or which otherwise test the individuals skills, like Olympic judging. But I can see the value of team sports and the comparison between US-style football and a variant on chess where the board is cleared/reset between each move/scrimmage.
And before anyone keeps ragging on the cheerleaders, they should take a look at what those ladies actually go through during auditions/tryouts, practice sessions, etc. I see no physical challenge difference between a professional cheerleading squad and most of the gymnastics in the Olympics. It's just a team version, and they even have competitions.
One fellow mentioned feeling guilty because the CFL cheerleaders are "kids" and "young girls." While a very few 17-18 year olds make it, the majority are in their twenties IIRC. Nor is it a bad business move for them -- Paula Abdul leveraged the exposure of cheerleading to build a tidy career for herself.
Transportation and urban planning are ever more important as the population density increases.
Click on over to Google earth and take a look at Brampton, Ontario. Much of the layout was done by one or a very few companies, incorporating a central mall complex, housing districts with traffic calming that doesn't require speed-bumps and lights, green spaces, parks, walk/bike paths, etc. You can actually bicycle through most of that area in the nicer seasons without actually being on the same road as motor vehicles.
Those ideas are still valid today. Why have so many cities gone back to boring and ineffective grids?
I agree. We shouldn't have to risk harassment from the *AA for exercising rights that have been granted to us by precendence in different countries, especially those which find their root in UK/Commonwealth legal systems.
It's unfair to expect the individual consumer to fend off such attacks, and insulting to the intent of law to allow the attacks to occur in the first place. The *AA and the various DRM fans are responsible for developing products and solutions/proposals that are compliant with the laws of their target markets, and should not be trying to shove their vision down our throats just to protect oligopoly and monopoly economic models.
The same goes for all industries. Why else has the EU so soundly rejected US proposals to make their patent database a global starting point for managing IP? It's stuffed with speculative junk patents.
Delta-V kills, not speed. The only exception are idiots who drive far too fast for road conditions. The GTA traffic often rips along at 120kph with a car length between vehicles (because dough-heads cut everyone off otherwise), with narry a collision. I hate following vans and SUVs because I can't see a few cars ahead to monitor for brake lights up ahead.
The deadliest highway I ever drove on a regular basis was I-4 in Florida. The traffic from Altamonte Springs to downtown Orlando was a nightmare mix of GTA/Montreal/New York style bumper-to-bumper drivers with mid-westerners who expect to have a quarter mile of clear highway ahead of them.
I learned to drive on Saskatchewan grid roads and multi-month ice on the highways. Why do you think virtually all race car drivers come from rural areas?
I think Feynman is on to something. Working with "fresh blood" means you hear a lot of out-of-the-box questions and ideas, any one of which could become the seed of future technology. Students who just study in isolation and miss out on the socialization of a campus don't get that cross-pollination of ideas.
Then there is the old adage by one of the American inventors about 1% inspiration and 99% perspiration. In an academic environment, researchers only take technology far enough to prove it can be done. In the real world, you have to exercise the boundary conditions to ensure that a solution actually works. That can take many more years than the initial research or concept did to develop.
While I knew that I could theoretically produce any non-column-delineated ASCII text as output, I wasn't satisfied with that. I did prototypes of C/C++, various RDBMS schema creation script bundles, Java 1.0-1.5, IDL skeletons, XSD skeletons, JDBC, J2EE5/EJB3, GNU makefiles, and ant scripts. Each experimented with slightly different architectural ideas so that I could also determine which approaches would be the most flexible for eventually defining a common CORBA/IDL data backbone with multiple client language accessors.
I'm still focusing on Java5/JDBC for the consolidation of the best-of-breed ideas from all those prototypes. Once that is done and working under an alpha project or two with Tomcat, then I can resume the J2EE5/EJB3 layer that allows n-tier distributed clusters. Anything more than that will have to be fleshed out by other people, as I'm just not egotistical enough to think I'm an expert in everything I've worked with. :)
Long term, I see the Java consortium as a good model for deployment, so that no one company can dominate the market and destroy competing economies.
If they act anything like Canadian Parliament used to, they should be embarassed. They're far too old to be acting like kindergarteners fighting over scraps of pork-barrel lunch.
Taxes from the general public pay the politicians and all government services. The people own the media, not some artificial corporation designed to get around FOI legislation.
Way back in University, I was sitting around and chatting with T.D., my lab partner for the University of Saskatchewan compiler course taught by J. P. Tremblay. Our project was written in C, and compiled an input language to a LISP output. One of us commented that in theory, one could compile anything to anything.
Over the years, my lab partner ended up becoming a full professor himself. He was part of a team that developed some impressive reverse engineering and refactoring software that ran on a cluster of Macs, taking a couple weeks to do about 85% of the conversion (or so he says.) I didn't even try to understand any details, and he was merciful enough not to try to explain. The resulting company ended up being tied up in legal hassles due to a greedy investor out for short term profits instead of long term vision or R&D.
Over the years, I kept banging away at that same tough nut of an anything to anything compiler, but I focused on a subset of the problem and used completely different approaches based on my own practical work experience as well as the solid foundation I'd received in University 300 and 400 level courses.
What is the "schedule" for such work, or for taking it to a near-production state? Even my corporation (created to allow tax writeoffs as a consultant, though I tried to come up with a more grandiose reason in some prototype websites) has no stake in a "project" that has taken twenty years and an uncounted number of failed attempts before I finally cracked the problem.
True enough. But people and all sorts of organizations have a responsibility to get the whole picture instead of taking fragments out of context. Otherwise their ire could lead them to stepping into a defamation suit.
Can you network the robodeer so that a herd jumps across the road in front of you?
How many jumps per second does a beowulf cluster of deer produce? :p
The only difference between "social networking" on a forum or one of the Web 2.0 sites and the chit-chat in a local coffee shop is that everyone can hear the gossip and commentary unless the content is deleted. Even then, archive sites still sometimes keep copies of the "embarassing" content.
If you're not willing to take the heat of people looking for someone to blame or hate, don't post. And never, ever forget about issues like libel and slander, because even the best of wisecracking comedians get tagged as producing "hateful" material by people and groups that have a chip on their shoulder.
In other words, the ruling was over streaming media, not static or dynamic page content. There were earlier rulings on the same type of issue for static and dynamic page content.
People forget there are expenses for the ISP to upload the content that users download. I worry more about whether there is any double-dip billing going on for the data transfers.
If someone is charged in one country for what is done with servers located in another country, it stands to reason they're liable for what they did in the origin country. International treaties specify information sharing between various security and police forces, so any company has to comply with such requests. If a country signs up to an international treaty, then the people and businesses in that country have to abide as best they can.
Think about it -- sysadmins and servers are scattered around the globe, but the corporations that manage them have to comply with the law in each country they have offices in. It doesn't matter whether that country has servers located elsewhere -- they're just tools.
I don't think I worked in the US pre-breakup, but over the years my landline phone services in both the US and Canada came down a lot in price. Internet prices in Canada have come down over time as the infrastructure got built out and less had to be collected to pay for capital investments.
Fortunately, our telcos and cable companies have remembered to include infrastructure maintenance and upgrade budgets, and used them properly.
One advantage of crown corporations, co-operative businesses, and similar structures is that the protectionism gets shifted to customer service and competition. If the US keeps going the way they are in this regard, I forsee them falling way, way behind the rest of the world.
Yes, a lovely little Catch-22 they've tried to set up there, but the earlier precedent should be a priority IMNSHO.
To my way of thinking, there are two directions to the legal timeline. Sometimes there legislation is added to clarify earlier situations, other times it's intended to replace existing legislation. But if there is no clear statement that earlier legislation is repealed, I would think that the earlier society has argued a case, the more important it was to society.
Subsequent legislation sometimes clarifies the positioning of new technologies, but like statistics, it's important to make reasonable comparisons.
The technology was funded via DARPA, but the infrastructure was built out by companies. As the taxpayer paid to create the technology, it was placed in the public domain so the whole of society could benefit.
That has nothing to do with whether mail is private or not, and precedence says (at least in Canada) that the post office can't just open mail without warrants or wartime measures in place. I see no difference between trusting the sysadmins of emails services and trusting the postal workers.
Your letter travels public highways in the postal service. Your email travels between nodes the same way. Just because someone could steam open an envelope never made it legal.
The disclaimers are just paranoid legal risk-covering.
I know a lot of people using Debian and other distros. With the OSS licensing, I don't see why Debian doesn't get more respect for focusing on stability.
Everyone knows DARPA kicked it off, the telcos carried it forward, and other carriers joined in. Publicly funded research and development like DARPA are usually shared around the world, just like ISO, ANSI, or POSIX standards. Just because a standard was funded by one government doesn't mean that they didn't intend to share.
Including phrasing that hints at restricting discussion or debate would make it illegal for New Zealanders to discuss such topics even on Slashdot. It is not a warrant to shut down a particular site, but any site with such discussions.
I don't recall Canada having a DMCA making it illegal to discuss how we are to exercise our rights to record personal media libraries from broadcasts, or how we are to exercise our rights to lend media to friends. (Share was an inaccurate phrasing.)
How are we to mail copies of DVD successor technologies as is our right? The nation of birth is the nation that defines the personal rights granted to an individual, is it not? The consulates are to help with those rights under the Geneva conventions, should they get in trouble on foreign soil.