You are right, as far as i remember these where really really minor ones, but i cant remember exactly. But since perl is an easy to debug language and for sure all perl scripts exhibit perfect orthogonality in the use of language construct and an perfect documentation i am sure these where easy to locate and fix.
that he managed to access in a bot-way 44000 profiles in 94 hours, roughly 500/hour or 8 per minute - around the clock.
Does the myspace website not have any heuristic real-time scanning of their logfiles for such automated accesses? At least a tar pit would be really good idea. If he can do that, so can anybody else and make wuite arbitrary automated queries.
I am lucky not to have a myspace account
Not before long and the by then "already existing(tm)" Database of GPS tracks of each single mobile phone will be used by homeland security to monitor the citizens, not the radiation. Isn't it practical that the radiation databae probably also will be hosted there? in that case thay do not even need to go in front of a court, but just "perform well considdered measures" which act on "readily available data sources" to "prevent terrorism".
Thanks, no. Its enough that google spys on my position everytime i use google maps.
At the time when OS/2 was created open source was not on the agenda. Also unlike UNIX, this was not some small moifications on top of sth. big, but it was a new operating system. Unlike othere here i do not believe there is one contract which binds them (e.g. to MS or the ecomstation) or something, but, looking at the bussiness practices at this time, i would guess that there is intellectual property licensed from hundreds (literally) of external sources. Probably a lot of drivers delivered with it have been done externally (i dont believe IBM had such a big in-house driver development).
actually not having to manage the licenses can be a really important point in a badly managed company....
I work for a company where they "forgot" the license number for a $10000 Software. (ok. in that category it is easy to call the support, and you are threted more kindly but nevertheless, it was annoying).
> What exactly stops you from buying whatever laptop you want and installing Linux yourself?
Support. I know linux, i work with linux, i can install it myself, but however, since i am working as a pysicist it is not my job to do so. I want to buy a computer and problems should be solved by calling the support.
A good programmer must listen very well. Not in the sense: I'll take notes and implement everything you say 100% as you said. He should stop you when you ask stupid things of him. He should try to understand what causes you to like a certain feature, definition, algorithm or datastructure. And finally he should be able to give contineus feedback.
I can only hope that there exists a button to manually override the system and say "We know we extracted it, but the scanner does not recognize it any more". Otherwise the following procedure will be standard: Check in, Check out, insert into patient.
IMHO always equip databases with the option to say "i dont know" or "i know" otherwise people will find funny devastating ways to abuse the system.
Especially for google. Why? Not because i think the concerncs about privacy etc. could not be settled legally in a binding way or because of the loss e-mail when the college looses connectivity. Just for a very simple reason: in recent times, if something can be done via google, responsibles turn their head to autopilot and stop thinking. And while for most of the users outsourced mail is ok, i would think that some, e.g. the Network administrators, an the board of the Institution need internal e-mail, as well as Hospitals connected to the Unioversity (In Germany these exist). No try to explain such things to somebody whose head was just turned off. The qustion: "Why cant we use gmail?" could be difficult to explain in this case.
> You are also wrong. All iPhones are GSM with EDGE for data transfer (2.75G). They're quad-band phones which allow them to operate on > the varying frequencies from region to region. The 'schemes' are identical, only the frequencies vary.
I did not know that a US-wide GSM coverage exists. Can i rely my GSM phone in the US (not an iphone)?
> it appears to be the handset, which is unusual since US users haven't reported similar problems. Some 02 customers report that > getting a replacement phone fixes things; others have had to do a software restore back to version 1.1.2 of the iPhone software."
It is not strange. I personally assume that the UK phones use GSM and the US phones do not, so they transmit over two completely different schemes. It is sad that this point was missed by the author of the article. Althoug I am not an expert, i remember that GSM is more sensitive to certain Problems.
I think these centers should be offered as a kind of "insurance" of the vendor against fire etc. or when you order a datacenter, which will be build in some time you get a portable one during that time. So the vendors couldhave a pool of these.
For sure you can not prevent that your child will run into an stupid faked indentity. But I will teach the following things: Online friends are online friends. Your online identity is not you. Never rely on the other person telling the truth before you can verify it. If you want to make friends or get a girlfriend/boyfriend please separate the online identity which does so from you other online identitites. Separate in an online identity which is for online-only friends. Never disclose any information which makes you easily identifiable on the identity only for online friends. On the identity which is for looking for real friends or in real live, never disclose your online-only identity to your real friends (ok, maybe your bests friends, maybe one if you are lucky).
If somebody approaches you in a way like the fake account approached Megan Meier, telling that he moved into the city and seems to get seriously in a "real" friendship (otherwise there is no reason to disclose any details about your whereabouts), but does not have a phone number and is otherwise also closed on meeting, shut down the relations. If i would have met a girl outside the net, which makes charmant compliments, but where it is impossible to verify anything, i would get suspicious. if there are gaps in the told CV which you dont get together, get suspicious. If somebody has consequently the most anonymous possibility for his identity (e.g. homeschooling boy disconnected from the telephone net - what is next? Light allergy? Member of a sect forbidding him to loock at virgins?), get suspicious. Before you have not met somebody more than once in Person (that is, without disclosing your address, and in a public place), he is not your friend. He may be "somebody you hav met", but not your friend. You may tell him who you are (real identity) OR what your problems are (online identityt). Keep that separate until he is your friend or you know at least that he exists - that is, you have seen him in reality.
You may now call me an disillusioned cynical paranoid asshole and maybe you are right. But at least i have a notation of the word "friend" which is different from "somebody who i know by clicking while i was bored on one button in his myspace profile with this photoshopped image and this stupid text tailored to get attention". It is hard to make friends and if you have more that five you are really lucky (or - more likely - stupidly sloppy about the term "friend").
I personaly find that the line between "promoting free press", a healty curiousity and outright voyeurism is blurred among the current generations. I am 32 right now. In the beginning of the web i had pointless naive dreams of telling about me. Luckily I did not do it. I used to read Harry Potter series (but stopped at some point) and i interpreted "Harry Potter and the Chamber of Secrets" in a slightly different sense as it may have been origianlly meant. The diary appearing there seemed to me very much like an allefoy to the "online friends" or "virtual friends" in social networks on the web. The warning in the book about talking to things of which you can not see the head seemed very timely to me back then (in 1999 social networks where maybe small, but ICQ clearly existed). Sadly now it is not only considered to be normal to tell personal thing about you, but, to some extend, expected in a certain generation, which means that today's 20year old got a quite different or no message of warning from this book, and we, respectively their parents failed miserably at pointing it out to them. I am, for sure nobody who is seeing the net "mainly as a danger" or "social networks" to be harmful to children. Teach them how to use it - not in the technological sense, but for their life - and everybody will be fine. Funnily this would involve that you sit doen with your 5 year old child and find online friends together with it. You can prevent bad things from happening by guiding your child, and when it is old and experienced enough it can go alone (like riding a bicycle in the traffic).
So what is so special about this case? The special thing is that an adult abused the net to harm a child. So yes, it was important to report it in the media to point out that not only bad pedophiles (adresses regularly publishe, probably soon having to be tatooed and wearing neon-brite clothing all the day or something like that), but just normal parent who, themselves not thinking about what it means, can abuse the net. And now we come to an interesting question - should we behave like "mux" in the german movie "muxmaeuschenstill" and try to uncover not only the fact about this "immoral behaviour", but also expose the ones involved in a kind af medieval punishment (and it is nothing else) to the public? I remember the witch-hunt on slashdot on an idiotic teenager who stole a mobile phone. Or should we not leave persecuting "crimes" to the police? Is it in the right scale of response to randomly "hunt down" people and expose them?
My feeling is that bloggers, while pretending to be journalists and IMHO without doubt doing good and important work, sometimes lack the professional ethics of the journalists (some of the yellow press also does...). One of the rules is: Unless the person has already an exposed position (e.g. monarch, politician, company leader, pope, etc), do not publish their identity. You do this to prevent them from beeing hunted sown in the whole country and beeing findable in the archives. No doubt, the local teenagers in the social community probably, to some extend figured the thing out already. Still, without the identity revealed to a broader public, you can just move where nobody knows you. Having to move to flee something like this is - depending on what you did and how strongly you are connected to your hometown - already a quite severe punishment. But now, thanks to the bloggers, not only the local community knwos, but everybody, including a possible future employer will find this using google. So he will no need to be interested in social networks, he does not need to be interested in suicides to teens, he just does a standard procedure and he will finde something for which no sentence in front of a court was spoken. The same applies to the teenage daugther. I imagine that when i meet somebody on the net and i would like to find out who he is, if this thing pops up, i might prefer to stay away from him. If this does still go under "Justice for Megan Maier" as one blog openly admits it remains to be seem. T
4.6Billlion for a Band is IMHO to little. And my guess is that google will use it in the "Join the gphone movement, get a share of the cake" game agai... ahem with the the providers. What an asset if you want to kill Iphone 2.0.....
There are programs which make funny noises and play music on commodores floppy drive by bashing the read head into the end position. SO this bug just awakens some nostalgic feelings....
> Any web app that lets you see something you shouldn't see by guessing the ID is broken, period
No doubt about that! However, if somebody tries to attack in that way it is easier to fend of, because you can allow for a checksum. Instead of making a DB query for each hit, you make a DB query only if the ID lies in the codespace. So certain DOS attacks are more difficult.
> (not to say there aren't a lot of broken web apps).
Hell yeah!
> I gotta think Facebook's smarter than that.
Maybe they are smart enough to know that thay are a big company now and that not everybody in a big company is smart or every intern well supervised!
Slashdot Mirror
You are right, as far as i remember these where really really minor ones, but i cant remember exactly. But since perl is an easy to debug language and for sure all perl scripts exhibit perfect orthogonality in the use of language construct and an perfect documentation i am sure these where easy to locate and fix.
And i think perl 5 was compatible to perl 4 (AFAIR). Just adding things...
I really dont want to know ho perl will look in 20 years....
Now i know how the Cashier scans Meggy without a bar code.
that he managed to access in a bot-way 44000 profiles in 94 hours, roughly 500/hour or 8 per minute - around the clock. Does the myspace website not have any heuristic real-time scanning of their logfiles for such automated accesses? At least a tar pit would be really good idea. If he can do that, so can anybody else and make wuite arbitrary automated queries. I am lucky not to have a myspace account
Not before long and the by then "already existing(tm)" Database of GPS tracks of each single mobile phone will be used by homeland security to monitor the citizens, not the radiation. Isn't it practical that the radiation databae probably also will be hosted there? in that case thay do not even need to go in front of a court, but just "perform well considdered measures" which act on "readily available data sources" to "prevent terrorism". Thanks, no. Its enough that google spys on my position everytime i use google maps.
At the time when OS/2 was created open source was not on the agenda. Also unlike UNIX, this was not some small moifications on top of sth. big, but it was a new operating system. Unlike othere here i do not believe there is one contract which binds them (e.g. to MS or the ecomstation) or something, but, looking at the bussiness practices at this time, i would guess that there is intellectual property licensed from hundreds (literally) of external sources. Probably a lot of drivers delivered with it have been done externally (i dont believe IBM had such a big in-house driver development).
treated
actually not having to manage the licenses can be a really important point in a badly managed company.... I work for a company where they "forgot" the license number for a $10000 Software. (ok. in that category it is easy to call the support, and you are threted more kindly but nevertheless, it was annoying).
> What exactly stops you from buying whatever laptop you want and installing Linux yourself?
Support. I know linux, i work with linux, i can install it myself, but however, since i am working as a pysicist it is not my job to do so. I want to buy a computer and problems should be solved by calling the support.
A good programmer must listen very well. Not in the sense: I'll take notes and implement everything you say 100% as you said. He should stop you when you ask stupid things of him. He should try to understand what causes you to like a certain feature, definition, algorithm or datastructure. And finally he should be able to give contineus feedback.
yes, but at least you know when its pressed
I can only hope that there exists a button to manually override the system and say "We know we extracted it, but the scanner does not recognize it any more". Otherwise the following procedure will be standard: Check in, Check out, insert into patient.
IMHO always equip databases with the option to say "i dont know" or "i know" otherwise people will find funny devastating ways to abuse the system.
The terrorists can affort real personal computers already, i am sure about that.
Especially for google. Why? Not because i think the concerncs about privacy etc. could not be settled legally in a binding way or because of the loss e-mail when the college looses connectivity. Just for a very simple reason: in recent times, if something can be done via google, responsibles turn their head to autopilot and stop thinking. And while for most of the users outsourced mail is ok, i would think that some, e.g. the Network administrators, an the board of the Institution need internal e-mail, as well as Hospitals connected to the Unioversity (In Germany these exist). No try to explain such things to somebody whose head was just turned off. The qustion: "Why cant we use gmail?" could be difficult to explain in this case.
> You are also wrong. All iPhones are GSM with EDGE for data transfer (2.75G). They're quad-band phones which allow them to operate on > the varying frequencies from region to region. The 'schemes' are identical, only the frequencies vary. I did not know that a US-wide GSM coverage exists. Can i rely my GSM phone in the US (not an iphone)?
> it appears to be the handset, which is unusual since US users haven't reported similar problems. Some 02 customers report that
> getting a replacement phone fixes things; others have had to do a software restore back to version 1.1.2 of the iPhone software."
It is not strange. I personally assume that the UK phones use GSM and the US phones do not, so they transmit over two completely different schemes. It is sad that this point was missed by the author of the article. Althoug I am not an expert, i remember that GSM is more sensitive to certain Problems.
I think these centers should be offered as a kind of "insurance" of the vendor against fire etc. or when you order a datacenter, which will be build in some time you get a portable one during that time. So the vendors couldhave a pool of these.
I meant creates 161Gb of data.....
Thats more than i download.
> Internet users will create 161 exabytes of new data this year."
I seriously doubt that 10^18/10^9 = 10^9. Every Internet user "creates" 1Gb of data?
For sure you can not prevent that your child will run into an stupid faked indentity. But I will teach the following things: Online friends are online friends. Your online identity is not you. Never rely on the other person telling the truth before you can verify it. If you want to make friends or get a girlfriend/boyfriend please separate the online identity which does so from you other online identitites. Separate in an online identity which is for online-only friends. Never disclose any information which makes you easily identifiable on the identity only for online friends. On the identity which is for looking for real friends or in real live, never disclose your online-only identity to your real friends (ok, maybe your bests friends, maybe one if you are lucky).
If somebody approaches you in a way like the fake account approached Megan Meier, telling that he moved into the city and seems to get seriously in a "real" friendship (otherwise there is no reason to disclose any details about your whereabouts), but does not have a phone number and is otherwise also closed on meeting, shut down the relations. If i would have met a girl outside the net, which makes charmant compliments, but where it is impossible to verify anything, i would get suspicious. if there are gaps in the told CV which you dont get together, get suspicious. If somebody has consequently the most anonymous possibility for his identity (e.g. homeschooling boy disconnected from the telephone net - what is next? Light allergy? Member of a sect forbidding him to loock at virgins?), get suspicious. Before you have not met somebody more than once in Person (that is, without disclosing your address, and in a public place), he is not your friend. He may be "somebody you hav met", but not your friend. You may tell him who you are (real identity) OR what your problems are (online identityt). Keep that separate until he is your friend or you know at least that he exists - that is, you have seen him in reality.
You may now call me an disillusioned cynical paranoid asshole and maybe you are right. But at least i have a notation of the word "friend" which is different from "somebody who i know by clicking while i was bored on one button in his myspace profile with this photoshopped image and this stupid text tailored to get attention". It is hard to make friends and if you have more that five you are really lucky (or - more likely - stupidly sloppy about the term "friend").
I personaly find that the line between "promoting free press", a healty curiousity and outright voyeurism is blurred among the current generations. I am 32 right now. In the beginning of the web i had pointless naive dreams of telling about me. Luckily I did not do it. I used to read Harry Potter series (but stopped at some point) and i interpreted "Harry Potter and the Chamber of Secrets" in a slightly different sense as it may have been origianlly meant. The diary appearing there seemed to me very much like an allefoy to the "online friends" or "virtual friends" in social networks on the web. The warning in the book about talking to things of which you can not see the head seemed very timely to me back then (in 1999 social networks where maybe small, but ICQ clearly existed). Sadly now it is not only considered to be normal to tell personal thing about you, but, to some extend, expected in a certain generation, which means that today's 20year old got a quite different or no message of warning from this book, and we, respectively their parents failed miserably at pointing it out to them. I am, for sure nobody who is seeing the net "mainly as a danger" or "social networks" to be harmful to children. Teach them how to use it - not in the technological sense, but for their life - and everybody will be fine. Funnily this would involve that you sit doen with your 5 year old child and find online friends together with it. You can prevent bad things from happening by guiding your child, and when it is old and experienced enough it can go alone (like riding a bicycle in the traffic).
So what is so special about this case? The special thing is that an adult abused the net to harm a child. So yes, it was important to report it in the media to point out that not only bad pedophiles (adresses regularly publishe, probably soon having to be tatooed and wearing neon-brite clothing all the day or something like that), but just normal parent who, themselves not thinking about what it means, can abuse the net. And now we come to an interesting question - should we behave like "mux" in the german movie "muxmaeuschenstill" and try to uncover not only the fact about this "immoral behaviour", but also expose the ones involved in a kind af medieval punishment (and it is nothing else) to the public? I remember the witch-hunt on slashdot on an idiotic teenager who stole a mobile phone. Or should we not leave persecuting "crimes" to the police? Is it in the right scale of response to randomly "hunt down" people and expose them?
My feeling is that bloggers, while pretending to be journalists and IMHO without doubt doing good and important work, sometimes lack the professional ethics of the journalists (some of the yellow press also does...). One of the rules is: Unless the person has already an exposed position (e.g. monarch, politician, company leader, pope, etc), do not publish their identity. You do this to prevent them from beeing hunted sown in the whole country and beeing findable in the archives. No doubt, the local teenagers in the social community probably, to some extend figured the thing out already. Still, without the identity revealed to a broader public, you can just move where nobody knows you. Having to move to flee something like this is - depending on what you did and how strongly you are connected to your hometown - already a quite severe punishment. But now, thanks to the bloggers, not only the local community knwos, but everybody, including a possible future employer will find this using google. So he will no need to be interested in social networks, he does not need to be interested in suicides to teens, he just does a standard procedure and he will finde something for which no sentence in front of a court was spoken. The same applies to the teenage daugther. I imagine that when i meet somebody on the net and i would like to find out who he is, if this thing pops up, i might prefer to stay away from him. If this does still go under "Justice for Megan Maier" as one blog openly admits it remains to be seem. T
Thanks for the hint! My native language is not English!
4.6Billlion for a Band is IMHO to little. And my guess is that google will use it in the "Join the gphone movement, get a share of the cake" game agai... ahem with the the providers. What an asset if you want to kill Iphone 2.0.....
There are programs which make funny noises and play music on commodores floppy drive by bashing the read head into the end position. SO this bug just awakens some nostalgic feelings....
> Any web app that lets you see something you shouldn't see by guessing the ID is broken, period
No doubt about that! However, if somebody tries to attack in that way it is easier to fend of, because you can allow for a checksum. Instead of making a DB query for each hit, you make a DB query only if the ID lies in the codespace. So certain DOS attacks are more difficult.
> (not to say there aren't a lot of broken web apps).
Hell yeah!
> I gotta think Facebook's smarter than that.
Maybe they are smart enough to know that thay are a big company now and that not everybody in a big company is smart or every intern well supervised!