Once someone starts making predictions from data aggregation more effective, the race will be on to duplicate or improve on it, and then nobody's prediction algorithms will work.
It'll work on badly organised people, such as riots, because they won't check if their behaviour can be predicted by psychohistory before acting.
Huh? Entropy may be synonymous to "disorder", but "chaos" is a completely different thing. Chaotic systems are characterised by the fact that arbitrarily small differences in initial conditions will eventually propagate into large differences. That's not something you find in the typical high-entropy system (like a bucket of air at room temperature and pressure).
> On the gripping hand, what the fuck are we actually doing over there anyway?
We are enforcing Afghanistan's 1941 signing of the Declaration of Universal Right of Man. Hopefully by providing an environment where an alternative to the Taliban can establish power we will provide a lasting buffer against their tyranny.
For those who say it isn't our business to protect the rights of others, that line of thinking was invalidated by WWII and previously in the Civil war.
When you invaded Afghanistan, you said it was because they were harbouring terrorists (presumably because they had a connection to the 9/11 attacks). There are many other countries where human rights violations on the same scale have been committed, that you haven't intervened military in.
Pulling out of Afghanistan means the country will probably be in chaos for a long time, which not only means lots of human rights violations, but also that it'll remain a breeding ground for Islamistic terrorism. So I think you have good reasons, both idealistic and practical, to stay in Afghanistan until order is restored (if it ever wiill).
But it may be hard to look around the memory space using the code you can fit into a specific buffer under/overrun.
Turning attacks into system crashes is a good thing, because it means the admin will notice something is wrong, and it'll take ages for the attacker to succeed (which means the attacker will probably realise it's pointless and not try, which means no crashes).
I think the problem is trying to standardise and certify things which can't be.
We should start with the small things which can be standardised. For example, every programmer should know how to sanitise database inputs from the user, and check that buffers can't overflow, and always apply that knowledge if they want to be considered competent.
Who cares about that shit anyway, they scoffed. We're here to do low-quality work at the lowest price...you think we're building this software to last?
Precisely. Who's still going to use programs written in Cobol in the year 2000?
How did this get modded troll? Someone on google's android team must have a slashdot account...
It was so off the mark, the moderator must have thought it was a joke.
Memory layout randomisation means intentionally loading code at random locations, to make it as hard as possible for the hacker. The GP is confusing this with not having fixed locations for code, which means it *may* be loaded at different locations (but usually is loaded to a location close to the previous one). The latter has been around for decades, but the former has only become common during the last decade.
It's like the difference between having 365 different castles to sleep in (but not caring which one you choose), which makes it slighty harder for an assassin to get at you, and intentionally choosing a castle at random every night, which makes it much harder for the assassin.
Finding memory locations with fingerprints doesn't get you far in itself, since you need to find the location of code in memory space that belongs to *root* or *other users*, and that memory is read/write-protected.
The OP is trying to apply his (admittedly valid) knowledge about hacking gaming systems or old versions of Windows to modern operating systems.
It's not "security through obscurity" any more than, say, encryption is. With encryption, you can also get the right answer by guessing enough times.
Memory layout randomisation is actually worse for the attacker, because every failed attempt at running the malicious code will cause the app to crash, so someone will notice something is wrong (or simply uninstall the app) long before it succeeds.
Yes, something like that. But I think the DOJ has gone out of its way to find something nefarious in MegaUpload's correspondence, and are now having difficulty proceeding with the case.
I'm not sure they even want to proceed -- perhaps they just want to drag it out until MegaUpload is bankrupt, or until the whole issue is moot because some other filesharing technology has taken over.
Both MegaUpload and ISPs knowingly help people distribute copyrighted works. ISPs monitor traffic for technical reasons, and can see that a very large part of their load is BitTorrent traffic, which is mostly used for illegal filesharing. They can also monitor which sites are most visited (thepiratebay.se, for example), and yet do nothing to block those sites.
To be liable, you need to intentionally help people distribute copyrighted works. And that's what I believe will be hard to prove. The DOJ's evidence seems to be mostly circumstantial.
This article explains some of the problems with the indictment. (Techdirt)
Law professor James Grimmelmann of New York Law School tells Ars, "If proven at trial, there's easily enough in the indictment to prove criminal copyright infringement many times over. But much of what the indictment details are legitimate business strategies many websites use to increase their traffic and revenues: offering premium subscriptions, running ads, rewarding active users.
The key word here is "if". The analysis assumes the allegations can be proven. Remember that the indictment is written to cast the accused in the worst possible light.
P.S. The situation is similar to when someone sells a product that is used for illegal purposes in 99% of the cases (for example, equipment that can be used to bypass cable TV encryption). They may be aware that most of their income comes from illegal uses of their product, but as long as they don't have the stated purpose to facilitate crime, they're legally in the clear.
I've read a few of the summaries (with excerpts from the indictment), and in the case of the Dexter show, it seems Dotcom was just using a file with the Dexter show as an example of a playback problem that affected many video files (legal or illegal).
Depending on where the uploader lived, even the Dexter file itself may have been completely legal, since many countries allow you to rip DVDs (i.e, format-shift) and share them with friends and family (fair use).
Of course, the odds are in favour of the file being illegally uploaded, but MegaUpload can't assume that it was, and has no legal obligation to check it up.
My point is that it's not illegal. A service provider is not liable just because their service is used for something illegal.
The case against MegaUpload hinges on trying to establish criminal intent by interpreting the staff's private correspondence in the most nefarious way possible.
MegaUpload took down the material it received DMCA requests for (although, if the same material had been uploaded by multiple users, they only removed access for the users they had received complains for, since the same material may be legal for some users to share and illegal for others).
But yeah, if you think it's immoral to profiteer from other people's creations, then MegaUpload was immoral. Personally, I'm not sure the creators really lose anything by having their products shared for free. When people pirate, they tend to use the "saved" money to buy other music or films, not save it up (which would explain how the music, games and film industry can continue to increase their revenues year after year, despite the huge "lost sales" caused by piracy).
Both parties may be scumbags, but the media compaines are the dangerous scumbags with lots of power, while Kim Dotcom is the harmless scumbag who, in my opinion, also happened to provide a useful service that had a positive net effect on society.
I'm only following his case through this fine forum. So I'm curious, does King Dotcom have all his funds stashed away in some US bank? Or does the US have the ability to put a hold order on money stoned in another country?
In this particular case, the USA got the New Zealand government to raid MegaUpload, arrest Kim Dotcom and some of his associates, and freeze their assets, with the help of the extradition agreement between the two countries.
Right now, it's uncertain if the charges will stick long enough for Dotcom to actually be extradited.
Well, duh. MegaUpload hired well-known artists, and paid them, to produce an original music video, and was planning to release more original songs as legal downloads. (YouTube)
Incidentally, the RIAA responded by taking the video down, using YouTube's DMCA take-down system, and when MegaUpload sued them for abusing the DMCA system, they RIAA defended themselves by claiming that they never made a formal DMCA take-down reqeust; they just pushed the button that YouTube gave them to take down videos.
It quotes extensively from correspondence among the defendants, who work for Megaupload and its related sites. The correspondence, the indictment says, shows that the operators knew the site contained unauthorized content.
That's not illegal in the slightest. A provider of a service is not liable for what their users do with it, and has no obligation to put a stop to it until they get a court order handed to them, not even if they know about it. Otherwise, you could hold a power company liable for selling electricity to criminals, or hold a gun manufacturer liable for selling guns to people who had committed crimes.
The indictment cites an e-mail from last February, for example, in which three members of the group discussed an article about how to stop the government from seizing domain names.
Once again, not illegal, or even suspicious. Any company who risks having their domain seized would discuss how to avoid it.
Slashdot Mirror
Once someone starts making predictions from data aggregation more effective, the race will be on to duplicate or improve on it, and then nobody's prediction algorithms will work.
It'll work on badly organised people, such as riots, because they won't check if their behaviour can be predicted by psychohistory before acting.
lol
The EU is often pushed as a "peace project", but I'm not sure if anyone actually believes in it or it's just propaganda.
Huh? Entropy may be synonymous to "disorder", but "chaos" is a completely different thing. Chaotic systems are characterised by the fact that arbitrarily small differences in initial conditions will eventually propagate into large differences. That's not something you find in the typical high-entropy system (like a bucket of air at room temperature and pressure).
That was interesting. Do you have a handy reference?
Btw, I hope you get modded Informative.
> On the gripping hand, what the fuck are we actually doing over there anyway?
We are enforcing Afghanistan's 1941 signing of the Declaration of Universal Right of Man. Hopefully by providing an environment where an alternative to the Taliban can establish power we will provide a lasting buffer against their tyranny.
For those who say it isn't our business to protect the rights of others, that line of thinking was invalidated by WWII and previously in the Civil war.
When you invaded Afghanistan, you said it was because they were harbouring terrorists (presumably because they had a connection to the 9/11 attacks). There are many other countries where human rights violations on the same scale have been committed, that you haven't intervened military in.
Pulling out of Afghanistan means the country will probably be in chaos for a long time, which not only means lots of human rights violations, but also that it'll remain a breeding ground for Islamistic terrorism. So I think you have good reasons, both idealistic and practical, to stay in Afghanistan until order is restored (if it ever wiill).
But it may be hard to look around the memory space using the code you can fit into a specific buffer under/overrun.
Turning attacks into system crashes is a good thing, because it means the admin will notice something is wrong, and it'll take ages for the attacker to succeed (which means the attacker will probably realise it's pointless and not try, which means no crashes).
I think the problem is trying to standardise and certify things which can't be.
We should start with the small things which can be standardised. For example, every programmer should know how to sanitise database inputs from the user, and check that buffers can't overflow, and always apply that knowledge if they want to be considered competent.
Who cares about that shit anyway, they scoffed. We're here to do low-quality work at the lowest price...you think we're building this software to last?
Precisely. Who's still going to use programs written in Cobol in the year 2000?
How did this get modded troll? Someone on google's android team must have a slashdot account...
It was so off the mark, the moderator must have thought it was a joke.
Memory layout randomisation means intentionally loading code at random locations, to make it as hard as possible for the hacker. The GP is confusing this with not having fixed locations for code, which means it *may* be loaded at different locations (but usually is loaded to a location close to the previous one). The latter has been around for decades, but the former has only become common during the last decade.
It's like the difference between having 365 different castles to sleep in (but not caring which one you choose), which makes it slighty harder for an assassin to get at you, and intentionally choosing a castle at random every night, which makes it much harder for the assassin.
Finding memory locations with fingerprints doesn't get you far in itself, since you need to find the location of code in memory space that belongs to *root* or *other users*, and that memory is read/write-protected.
The OP is trying to apply his (admittedly valid) knowledge about hacking gaming systems or old versions of Windows to modern operating systems.
It's not "security through obscurity" any more than, say, encryption is. With encryption, you can also get the right answer by guessing enough times.
Memory layout randomisation is actually worse for the attacker, because every failed attempt at running the malicious code will cause the app to crash, so someone will notice something is wrong (or simply uninstall the app) long before it succeeds.
Let me guess: They're in for computer crimes?
even Matrix 3 is better
You lost all credibility right there.
Exactly. Everyone knows there was only one Matrix movie ever made.
Just. One. Movie. Made.
Yes, something like that. But I think the DOJ has gone out of its way to find something nefarious in MegaUpload's correspondence, and are now having difficulty proceeding with the case.
I'm not sure they even want to proceed -- perhaps they just want to drag it out until MegaUpload is bankrupt, or until the whole issue is moot because some other filesharing technology has taken over.
Both MegaUpload and ISPs knowingly help people distribute copyrighted works. ISPs monitor traffic for technical reasons, and can see that a very large part of their load is BitTorrent traffic, which is mostly used for illegal filesharing. They can also monitor which sites are most visited (thepiratebay.se, for example), and yet do nothing to block those sites.
To be liable, you need to intentionally help people distribute copyrighted works. And that's what I believe will be hard to prove. The DOJ's evidence seems to be mostly circumstantial.
This article explains some of the problems with the indictment. (Techdirt)
From the article:
Law professor James Grimmelmann of New York Law School tells Ars, "If proven at trial, there's easily enough in the indictment to prove criminal copyright infringement many times over. But much of what the indictment details are legitimate business strategies many websites use to increase their traffic and revenues: offering premium subscriptions, running ads, rewarding active users.
The key word here is "if". The analysis assumes the allegations can be proven. Remember that the indictment is written to cast the accused in the worst possible light.
P.S. The situation is similar to when someone sells a product that is used for illegal purposes in 99% of the cases (for example, equipment that can be used to bypass cable TV encryption). They may be aware that most of their income comes from illegal uses of their product, but as long as they don't have the stated purpose to facilitate crime, they're legally in the clear.
I've read a few of the summaries (with excerpts from the indictment), and in the case of the Dexter show, it seems Dotcom was just using a file with the Dexter show as an example of a playback problem that affected many video files (legal or illegal).
Depending on where the uploader lived, even the Dexter file itself may have been completely legal, since many countries allow you to rip DVDs (i.e, format-shift) and share them with friends and family (fair use).
Of course, the odds are in favour of the file being illegally uploaded, but MegaUpload can't assume that it was, and has no legal obligation to check it up.
My point is that it's not illegal. A service provider is not liable just because their service is used for something illegal.
The case against MegaUpload hinges on trying to establish criminal intent by interpreting the staff's private correspondence in the most nefarious way possible.
MegaUpload took down the material it received DMCA requests for (although, if the same material had been uploaded by multiple users, they only removed access for the users they had received complains for, since the same material may be legal for some users to share and illegal for others).
But yeah, if you think it's immoral to profiteer from other people's creations, then MegaUpload was immoral. Personally, I'm not sure the creators really lose anything by having their products shared for free. When people pirate, they tend to use the "saved" money to buy other music or films, not save it up (which would explain how the music, games and film industry can continue to increase their revenues year after year, despite the huge "lost sales" caused by piracy).
Both parties may be scumbags, but the media compaines are the dangerous scumbags with lots of power, while Kim Dotcom is the harmless scumbag who, in my opinion, also happened to provide a useful service that had a positive net effect on society.
Also, in some countries, filesharing in general is legal.
I'm only following his case through this fine forum. So I'm curious, does King Dotcom have all his funds stashed away in some US bank? Or does the US have the ability to put a hold order on money stoned in another country?
In this particular case, the USA got the New Zealand government to raid MegaUpload, arrest Kim Dotcom and some of his associates, and freeze their assets, with the help of the extradition agreement between the two countries.
Right now, it's uncertain if the charges will stick long enough for Dotcom to actually be extradited.
Well, duh. MegaUpload hired well-known artists, and paid them, to produce an original music video, and was planning to release more original songs as legal downloads. (YouTube)
Incidentally, the RIAA responded by taking the video down, using YouTube's DMCA take-down system, and when MegaUpload sued them for abusing the DMCA system, they RIAA defended themselves by claiming that they never made a formal DMCA take-down reqeust; they just pushed the button that YouTube gave them to take down videos.
It quotes extensively from correspondence among the defendants, who work for Megaupload and its related sites. The correspondence, the indictment says, shows that the operators knew the site contained unauthorized content.
That's not illegal in the slightest. A provider of a service is not liable for what their users do with it, and has no obligation to put a stop to it until they get a court order handed to them, not even if they know about it. Otherwise, you could hold a power company liable for selling electricity to criminals, or hold a gun manufacturer liable for selling guns to people who had committed crimes.
The indictment cites an e-mail from last February, for example, in which three members of the group discussed an article about how to stop the government from seizing domain names.
Once again, not illegal, or even suspicious. Any company who risks having their domain seized would discuss how to avoid it.