Think of it this way. I'm not going to put any firewall rules blocking people from my webserver, but if you ever access a port on my machine, set up by me, for my purposes, using
bandwidth I paid for by me, I'll find you and throw your ass in jail.
Put that way, it would never hold up in court. ------
That's not that hard, really. A program owned by some user will never have more permissions than that user, right? So just have a permissions mask for every program, as well as every user. ------
Some people blame faults in TCP/IP for the creation of WAP. However, IPv6 is already being deploted, and explicitly solves mobility problems. Since IPv4-over-IPv6 is a given, and since IPv6 will likely be the dominant protocol within a few years, I think it would be wise to go with an IPv6-based solution. ------
Please... if you're qualified to discuss audio compression, how about the basics? Do you know how to compute an
FFT? Do you know why you wouldn't use an FFT for audio or video compression? What about a DCT? MDCT? What do
you know about quanization schemes? The advantages/disadvantages to storing quantized data with huffman encoding vs.
arithmatic encoding? Have you ever written a single signal processing function? (I've written a whole library). Do you
know anything about the subject at all?
I'd like to step in and ask: where I can find that information? ------
I should go to bed now. It's late and I'm putting commas before my prepositions. Ugh!
And Slashdot's lameness filter and 2-minute comment limit is really starting to piss me off... It should be pulled, or at least for people with a high enough karma. grrr... ------
Possibly because that wasn't my argument. I quote myself:
The problem with many of today's programmers is they don't know how a computer actually works internally. They never deal with memory allocation, pointers, explicit variable declaration, abstract datatypes, locking, etc. When you don't know about these things, you make design decisions that result in inefficiency, buggy programs (including security problems), and ugly-looking code.
Nowhere in there do I mention C coding. All I said is doing C coding helps you understand the computer, so you'll be a better coder in other languages, when you use them. ------
No, that's APOP. SSL encrypts the entire session between you and the SMTP server. After that, however, the SMTP server usually sends the mail in a non-encrypted fashion. ------
What the hell is the point in learning C before C++?
Because it's easier than learning assembly language before C++.
The problem with many of today's programmers is they don't know how a computer actually works internally. They never deal with memory allocation, pointers, explicit variable declaration, abstract datatypes, locking, etc. When you don't know about these things, you make design decisions that result in inefficiency, buggy programs (including security problems), and ugly-looking code.
The best high-level programmers I've met are the ones who are good at writing low-level code. I don't suggest that people never learn C++, but I do suggest that they learn C (or assembly, if they can handle it) so they'll know what they're doing when they write code in other languages.
When you get experienced enough, you can learn any programming language in a matter of days. However, you'll only get this far if you've done both high-level AND low-level programming, and a lot in between. Since Josh Berkus has already learned a high-level language (VB), I am now suggesting a low-level language. I strongly suggest it because I've seen too many people who think "C++ is the best for everything", yet who have never actually made an effort to learn other languages.
Regarding your insult to C programmers, you are plainly wrong. Every language has its benefits and weaknesses. I also challenge you to write a Unix-like kernel in C++. ------
Port scanning isn't trying to break into a bank. It's pulling on the doors when the bank is closed to see if they're unlocked. There's nothing illegal about that. ------
The idea behind proposing that protocol was to show how silly it would be to suggest another method of finding out what is allowed when there is already such a method available (namely ICMP destination port unreachable).
What's scary is someone will eventually propose such a system, and be serious about it, and lawmakers will gobble it up.
I think the problem here is a bunch of networking newbies who think suspicious activity equals illegal activity. They're running BlackIce (or some other intrusion detection software), and as soon as they get an alert, they scream "Oh my God! Someone's trying to hack my computer!" They get scared and think that anything picked up by an IDS must be illegal.
Realistically, the only things that should be unarguably illegal are DoS attacks, since there's no technical measure to prevent being attacked by them. All other security breaches are either the programmer's fault, the sysadmin's fault, or the trusted user's fault. ------
You would, and so would I, but try calling a Windows-centric tech support line. ("Let me talk to my supervisor... HOLD... HOLD... HOLD... I'm sorry, we don't allow spamming from our networks. Oh. You want to do what, again?... HOLD...") ------
It's only "Staff Only" if there's a sign that explicitly says "Staff Only".
The "Staff Only" analogy refers to exploting the services offered on the various public ports to gain additional access you shouldn't (like using the IIS/5.0 exploit to get a shell). It does not refer to simply accessing a port other than #80.
Slashdot Mirror
Put that way, it would never hold up in court.
------
That's not that hard, really. A program owned by some user will never have more permissions than that user, right? So just have a permissions mask for every program, as well as every user.
------
Some people blame faults in TCP/IP for the creation of WAP. However, IPv6 is already being deploted, and explicitly solves mobility problems. Since IPv4-over-IPv6 is a given, and since IPv6 will likely be the dominant protocol within a few years, I think it would be wise to go with an IPv6-based solution.
------
Relinquishing my +1 bonus because I didn't read the article.
------
Also: I live in a van down by the river! :)
------
Eww... I'd never use DirectX for Linux.
------
I'd like to step in and ask: where I can find that information?
------
GSM is patented, I think.
------
I said it helps you understand the computer, not it causes you to understand the computer fully.
------
I should go to bed now. It's late and I'm putting commas before my prepositions. Ugh!
And Slashdot's lameness filter and 2-minute comment limit is really starting to piss me off... It should be pulled, or at least for people with a high enough karma. grrr...
------
The problem with many of today's programmers is they don't know how a computer actually works internally. They never deal with memory allocation, pointers, explicit variable declaration, abstract datatypes, locking, etc. When you don't know about these things, you make design decisions that result in inefficiency, buggy programs (including security problems), and ugly-looking code.
Nowhere in there do I mention C coding. All I said is doing C coding helps you understand the computer, so you'll be a better coder in other languages, when you use them.
------
It helps to remove some of the most blatently clueless companies from my list.
------
No, that's APOP. SSL encrypts the entire session between you and the SMTP server. After that, however, the SMTP server usually sends the mail in a non-encrypted fashion.
------
Because it's easier than learning assembly language before C++.
The problem with many of today's programmers is they don't know how a computer actually works internally. They never deal with memory allocation, pointers, explicit variable declaration, abstract datatypes, locking, etc. When you don't know about these things, you make design decisions that result in inefficiency, buggy programs (including security problems), and ugly-looking code.
The best high-level programmers I've met are the ones who are good at writing low-level code. I don't suggest that people never learn C++, but I do suggest that they learn C (or assembly, if they can handle it) so they'll know what they're doing when they write code in other languages.
When you get experienced enough, you can learn any programming language in a matter of days. However, you'll only get this far if you've done both high-level AND low-level programming, and a lot in between. Since Josh Berkus has already learned a high-level language (VB), I am now suggesting a low-level language. I strongly suggest it because I've seen too many people who think "C++ is the best for everything", yet who have never actually made an effort to learn other languages.
Regarding your insult to C programmers, you are plainly wrong. Every language has its benefits and weaknesses. I also challenge you to write a Unix-like kernel in C++.
------
Maybe, but that gives rise to the false notion that port scanning is passive. That analogy is more like packet sniffing.
------
Port scanning isn't trying to break into a bank. It's pulling on the doors when the bank is closed to see if they're unlocked. There's nothing illegal about that.
------
Yes, but so does pinging or accessing an HTTP server. That doesn't make them inherently illegal.
------
This is a faulty analogy that is almost a troll. Port scanning doesn't damage anything, but smashing a window does.
------
The idea behind proposing that protocol was to show how silly it would be to suggest another method of finding out what is allowed when there is already such a method available (namely ICMP destination port unreachable).
What's scary is someone will eventually propose such a system, and be serious about it, and lawmakers will gobble it up.
I think the problem here is a bunch of networking newbies who think suspicious activity equals illegal activity. They're running BlackIce (or some other intrusion detection software), and as soon as they get an alert, they scream "Oh my God! Someone's trying to hack my computer!" They get scared and think that anything picked up by an IDS must be illegal.
Realistically, the only things that should be unarguably illegal are DoS attacks, since there's no technical measure to prevent being attacked by them. All other security breaches are either the programmer's fault, the sysadmin's fault, or the trusted user's fault.
------
THANK YOU! I was hoping someone would say that.
------
You would, and so would I, but try calling a Windows-centric tech support line. ("Let me talk to my supervisor... HOLD ... HOLD ... HOLD ... I'm sorry, we don't allow spamming from our networks. Oh. You want to do what, again? ... HOLD ...")
------
Maybe what's needed is a `System Policy Information Protocol' with a standard way of specifying what is and is not allowed on a specific host.
------
What about taking the platters out (in a clean room), zapping those several times, and replacing them?
------
------
There's no reason why I should have to phone 30 WSPs prior to scanning a public interface.
------