Legally, I can photocopy every page of a book that I own. I might want to do that to put it into a binder and make notes in the margins for a class. The MPAA thinks you don't have the right to do that with their content.
Might want to check on that; as far as just how much you can photocopy and for what purpose. A copy centre in a local college was recently shut down because they were 'turning their backs' while students photo-copied entire textbooks, both for personal use and for resale purposes.
The college has a copyright pamplet that mentioned 10% at a time, and for a specific purpose (ie; photocopy chapter 8 for a project, make your notes, etc..)
Of course, IANAL, but I do believe there's more to the picture than "making a backup/spare copy" of that book you just bought.
Did you read that portwalling draft that berzerke linked to? I quote:
[...]
It does not mention the need to prevent them from accessing one interface's IP from another interface.
It does, however, continue to state the need for a firewall in an effective protection setup;
With a firewall and patching, an attacker would first have to get through the firewall, then find another way to connect to service / get around the port walling, and then find an unpatched exploitable vulnerability on that service. Not too likely to happen.
The preceeding paragraph (that you've paraphrased) was worded very poorly, that I'll give you, but this is a) a "Draft", and b) Merely one of the hundreds of thousands of sites offering advice on the Internet. Even still, if a person follows this through to the letter, they'll be atleast partially protected. Of course they'll have to look elsewhere to find documentation for configuring their particular firewall package, as that was wisely left out of that 'draft'.
If Joe Ignorant Homeuser's whiz-bang three computer home LAN is infiltrated because he didn't even implement the most basic safeguards and software patches, well, that's his own fault and I feel no pity for him.
My home LAN uses port and firewalling for all internal services, and that's almost the way it should be. Ideally the only machine with more than one interface on a multi-homed network should be the firewall which, as I'm sure you're well aware, shouldn't be running any daemons.
First, I think it's reasonable to assume that nearly anyone with multiple interfaces will have IP routing enabled.
Not neccesarily. Sometimes computers are just on multiple networks.
Second, I'd guess most NetFilter configurations wouldn't stop this. You have to have a rule that denies anything coming in from the external interface for the internal IP.
That's part of any proper BOGON filter set, or any decent firewall. Much like I deny all connections claiming to be from/to 127.0.0.1, I deny incoming connections from/to the RFC1918 address space, from my local address space, and from/to any of the unassigned ARIN address space. Claiming that "most" NetFilter configurations don't have such safeguards is, IMHO, a little rash.
Binding only to "safe" interfaces is sometimes pointed to as an alternative to firewalling services, so it's important to point out where that can fail.
If I ever saw someone suggesting it as an alternative to firewalling, I'd call them on it. It's an additional security precaution; not a replacement. I thought it went without saying, but then again this is the world where MCSEs (and other similar paper-hatters) are administering corporate WANs (and by extension, speaking of BOGONs, why the 69.0.0.0/8 address space is presently largely unroutable.)
... about "weak end host". The short version is attackers can access the IP of one interface through another on Linux unless you go out of your way to prohibit it.
This relies, of course, on having IP routing enabled on the Linux box (disabled per default) without having the wherewithall to run NetFilter (or another suitable firewall).
Filtering connections to port 631 in mozilla/netscape would protect you from this, but it would also stop you being able to use the administration via http features of CUPS, which gives you the proverbial choice between dancing elephants and security, it seems.
Our LAN's CUPS configuration allows port 631 connections only from administrative workstations. IMHO, that's just common-sense security. This could be enforced with a combination firewall and switch/router ACLs that segregate IP sources. If administrators need to perform administrative tasks while 'on the run', they can always VPN to an administrative area.
As for a smaller LAN, just a simple ACL and firewall configuration should suffice. The biggest assumption, of course, is that those using the administrative workstations are clueful* enough to be wary about opening images in e-mail and what-not.
You MUST patch it to be protected. Firewalling also won't protect you from malicious local users getting root, and it won't stop you being hacked by yourself.
Oh, without question. Sadly, the CUPS website is severely lacking in documentation and security advisories. I tried to check the "More Info" for the December 19th release, but was returned to the homepage. So I've downloaded it and will check the ChangeLog instead.
The corporate downloads page doesn't always list the latest patches. The Technet Security page works for XP Pro too, but you'll have to click through the security bulletins and then scroll down to the download links, so it's a hassle. Try Software Update Services
That would work if not for our customer base; a lot of them (perhaps the majority) still run Windows 98/ME (don't want to pay, it works, etc.), and we wouldn't want to give public access to our server (for obvious reasons).
The sad truth is, there doesn't seem to be a way for a computer repair shops to update Windows without windowsupdate.microsoft.com. The nature of our business is either computers come in for a day (or two, or three) then leave again and sit behind dial-up, cable, DSL, or no Internet connection, else they're on company/home networks of varying degrees of complexity.
For 99% of the time, cacheing the updates with Squid seems to expediate the process, but like I said; it doesn't work when the site won't even let you scan for updates to apply.
Maybe you're just spoiled with the 3Mbit connection and all, but there's no reason to be downloading the same patches multiple times off the Internet.
We use a transparent (cacheing) HTTP proxy for the bench machines, so the vast majority of Windows Update is cached (the rest aren't "proxy friendly"); but I can't apply the updates if I can't get to the Windows Update site itself.
A local cache, unless I can store it on a CDROM, keep it updated daily with the latest patches (major hassle), and cart it around with me isn't going to do me any good on location for a customer's LAN.
If that's too much work, go into Windows Update Catalog in your Windows Update and put all that shit in your download basket.
If you know of a simplistic way that I can keep all up-to-date Windows Updates available without having dozens of executable files to run manually (or even with a three/four stage batch file, due to the fact that so many of them require reboots), I'm all ears. I looked at their corporate downloads page, but it didn't list any updates for Windows XP, and now it appears to re-direct me to their primary Windows Update site. (As a matter of fact, that was one facet of the article I tried to submit; how to keep updated without having to rely on windowsupdate.microsoft.com).
IMHO, automatic updating is a monumental disaster waiting to happen.
I tried to submit a story about the most recent Windows Update debacle, but for some unknown reason it was rejected (I really wish they'd inform users WHY submissions were rejected; even if only a one-word description, like "duplicate", "absurd", "false", "flamebait", etc.), but anyways; it appeared to me that when Microsoft announced their Java VM vulnerability, so many canned installs of Windows XP and the older variants with Automatic Update patches applied were actually DoS'ing the Microsoft Windows Update servers to the point where my 3Mbit connection couldn't even get as far as "Scanning for updates... ". It was a real nuisance, too, since I had six machines on the bench that day and a customer LAN with five machines that all required major updates (new installs of Win'98, ME, 2k, XP, and/or machines over 1-2 years old running v5 of everything, etc.)
Well, thanks to Microsoft I get to book another service call, likely for 2-3 hours on-site, where I'll update their machines (among other things, but the update will take time; 5 machines, all of them having to download and apply 20MB, requiring 4 re-boots, and there are no centralized images for such a small LAN).
>> why does Microsoft insist on treating each one of these issues as though it was a totally new problem instead of making a global change to secure the OS
Palladium
Oh wait, you don't want that.
So what do you want?
Palladium is an attempt to secure what we do with our OS/computer, not an attempt to secure the OS/computer itself. It's Microsoft's belief that in a society that goes to war with totalitarian nations, implementing a totalitarian system of checks and balances will somehow;
Work effectively to combat the evils facing our virtual world, and
Be socially, morally, as well as legally accepted.
In order to secure the OS itself (and thus allow for their 'DRM' format files to be immune from such buffer overflows) would require an exhaustive audit of the entire Windows codebase, with emphasis on security rather than functionality / new features.
I'm sure there are exploitable buffer overflows in Vorbis too but as the format is so little used (relatively), hackers ain't looking for them. The day Vorbis is more popular than mp3 is the day the hackers change what they're targeting.
Much like people used to claim in days of old that certain message base formats (BBS / FTN message 'echoes') were faster than others, this is also a bit of rubbish. The format doesn't contain vulnerabilities; the players that implement the format have vulnerabilities. It is, in point of fact, perfectly feasable to assume that the same, if only slightly different vulnerability could possibly be exploited with the Ogg Vorbis format.
Unchecked buffers (read: lazy/braindead programming and poor code audits) are at fault here. MP3 is merely the current carrier.
But you're right; it is a feeble excuse to switch formats. It would be more apt to suggest that people switch to a differentplayer, or use a differentoperatingsystem, but I'm not going to do that.
5. Annoyed customers listen to sales pitch, claim interest, request 1-800 number and company name, report US based company so that fines may be levied.
Since you'll eventualy have to contact them for the sale to go through, they can't win that game.
Odd. I keep getting telemarkets calling on my cell phone, and as a college student, that gets expensive (relatively) quite quickly.
I do believe that in Canada, and quite probably America, that is already illegal. Long and short of it is; they can't force you to utilize your per-minute airtime to listen to their sales pitch. It's legal with the telephone because these services are typically flat-rate unlimited.
Speak with their supervisor, and request compensation.
BTW - while I haven't received these calls myself (I've had three cell phones in the past six years), I've got friends who've received them while I've been around. You'd be surprised at how quickly they'll hang-up with the utterance of these five words;
"This is a cell phone."
CLICK! They can lose their shirts for ever having called you in the first place, and a lot of them damn-well know it.
To add to the previous respondents that also said you're wrong, I can give an example of what happens in small claims. My brother went through this and it took him a year to collect his money.
Wow.. Can you add any more variables to that case? Illegal immigrant, no license, nursery without sufficient funds to cover costs,...
I never said it would be a one-day, zero expense endeavour, but it certainly doesn't involve a Columbo-esque plot or a potential international incident.
Moreover; press attention would do wonders for this case. Yahoo! doesn't want their name smeared rightly across the headlines for something they could settle for $200. In all likelyhood they'd pay the money to get rid of you. They'll waste large amounts of legal funding on cases that matter.
Faking the original stamp is VERY easy. And, you can send registered mail in non-standard 'sealed' envelopes.
Post office. Seal. End of story.
Which doesn't answer the main point: All documents need to be testified to. If e 2 people testifyi one way, and you have an unsupported document stating the opposite, you lose.
While I'm not a lawyer, but atleast I have a rudimentary understanding of the law. Re-read my post and contact a professional.
Just another reason NOT to get a fancy phone with internet abilities - Phone Spam.
Nahh.. I've got a nice new phone from Telus which supports 1X, SMS, two-way text messaging and all the other cruft; but I didn't get it because of that, I got it despite all of those features. I couldn't care less about surfing the WWW or reading e-mail on this small screen (small for a computing device, large for a cellphone). I got the phone because it was inexpensive and came with four months' of free airtime and an additional $100 credit towards my bill for a very low rate ($129.99 plus tax) and free activation. When I activated the phone, I simply told the girl not to add any web/text features - period. If I do decide later down the road that I want (some of) them I'll have the option. I like having choice, and eliminating all the phones that are web, 1X, or text-message ready severely reduces my choice (to almost nothing; most new digital phones nowadays are capable of all these features)
Just call them each time you get a message, sooner or later they'll get tired.
Uhm, yes and no. Speaking as someone who's recently had to deal with a Very Large Company who'd over-billed me (to the tune of $200 over four months), I can tell you that yes, perseverance will pay off. Not, however, because they get 'tired', but because eventually you'll speak to someone with reason, you'll speak calmly and plainly about the situation and they'll get you fixed up. It took me over a month of phone calls; level 1, 2, and 3 before I finally got a supervisor in the billing department who was kind enough to help me out. Now that I've received the cheque, I'll have to remember to write an appropriate letter of thanks. (My sister works in a call centre so I know they hear about things like that. So if someone goes the extra mile or even helps you when others won't - let them know! The guy might get a bonus or something out of it, and it'll certainly brighten their day.)
1. Envelope can be opened, contents replaced, re-sealed (steam kettle, anyone?)
It's already been stated that the post office seals registered mail. (We're not talking about stock white Grand & Toy envelopes here)
Post office isn't required to keep tracking info on registered letters into perpetuity
Doesn't have to. Their seal and mark is a known trusted symbol.
If you're going to need a j.p. anyway, why not get them to witness and stamp the original sheets?
It becomes very expensive, time consuming, and aggravating to have someone authenticate potentially hundreds or thousands of sheets on a continuous basis.
A little sleight-of-hand and what seems like you removing the original contents, isn't. Ask any magician how they "seem" to get stuff out of sealed envelopes.
So hand it to the judge or bailiff or attourney or...
The original seal can be faked.
If you're going to go to the lengths to fake a registered letter, you might as well fake testimony from a witness. Perjury is far easier than forgery.
In the case of notaries, what kind of docs do they keep? That is, I could have a stack of paper with "My great of idea of this week is" and have it notarized, to later fill it in. Doesn't matter, pen or print.
I'm not too familiar with how the notary public system works; but couldn't said notary be fired, fined, have their notary status revoked, etc. for such an act?
This won't work. I could time-stamp a blank sheet of paper and print whatever I wanted to on it at a later date.
This sounds reasonable, but...
Same thing goes with those people who say "mail a registered letter to yourself". So I mailed myself an empty envelope and filled it later....
The original seal on that envelope is what matters. You file the sealed document away in a safe until the time arises when you might require it, then open it in the presence of a Justice of the Peace and witness(es).
I know a few people who still have a few sealed registered letters kicking around. Much of it is useless by now, but they keep it anyways.
Read back through all the nonsense from the parent of this comment tree and see if you don't get the same notion that these people are stroking their own ego with one hand and stroking their neighbor's with the other.
Elitism of one form or another is completely natural in any forum. Mechanics scoff at those who can't flush a radiator before their morning coffee, accountants laugh at people who can't balance their cheque books (letalone balance a company's budget), etc.. The geek community happens to harbour intelectual elitism.
It's a natural progression, too, since those attracted to the 'geeky' IT type professions tend to be of above average intellect (and quite often that results in sub-par social prowess; hence the stereotypes us hellishly cool geeks have to tolerate {cough} ), and many geeks take that for granted, some even get quite high and mighty over it. Hell, sometimes I've even been guilty of it. I doubt any of us are completely immune.
Now, as to whether the "Slashdot Community" is any form a representation of the true geek, or are somehow in a remarkable intellectual or career bracket; that's highly debateable. Slashdot has a definite reputation in the real (and even the uber-geek) world, and to a great extent it deserves it. This is an inflammatory forum frequented by many hot-tempered, lightening-tongue types who are quick to Google and use the dictionary and thesaurus in order to scald their opponants, and it puts forth a lot of arrogance. You'll never get an argument from me on that front. That's one reason for my philosophy of taking online forums with a very large particle of NaCl; Slashdot especially.
I have no idea if you were one of the people relegating everyone outside of the/. community the status of idiot
I tend to judge people on an independant basis; their Slashdot user ID is probably the furthest thing from my mind when doing so, let me assure you.
Do you tell your parents and grandparents that they are stupid or they are an idiot, how about a moron?
If they do stupid things, yes. Thankfully they don't often do stupid things (thanks in part to years of goading and conditioning, but I digress) so I don't have to.
Case in point; a friend of mine (who, incidentally, has about a decade more IT experience than I) recently was solicited by his father for some ISP advise. His father, upon hearing his advice, promptly went his own way. Havnig been a somewhat ongoing trend, he confronted his father about it, who had no response other than one to the effect of a shrug. See, my friend is the one who'll have to deal with his parents when their new ISP ("They're cheaper" was the justification) starts having technical difficulties - or worse - shuts down.
The point of my original reply was to show that a great many of the people we are calling idiots because they will likely fall for this evil market research scheme (or whatever the hell you wanna call it) will be those same people we hold dear and love -- our parents, grandparents, girlfriends and other friends & family that are not technically savy enough to keep up with the evil goings-on in the world of computers.
Much like mechanics will toss you a jug of water and a bag of cat litter, it's our job to educate those around us with the basic skillset that will help keep them safe out here in our turf. I try to keep my family abreast of the things they should watch out for, and as a result they no longer reply to "unsubscribe@spamemail.com" addresses, delete mail they know to be SPAM, don't forward chain letters or virus warnings, etc.
I don't teach them the OSI model or the structure of a TCP packet, I teach them the safeguards they should watch out for, and teach them the skills they need to answer questions they have on their own so they can broaden their knowledge and be more effective technologians.
A bonus is a special reward -- an employee did something really exceptional and their employer wanted to show their appreciation.
I do agree with your sentiment, however I also believe that the morale of a company suffers greatly when the employees are given some form of novelty item while management is lavished with fancy dinners, parties, cruises or other nicities and/or a celebratory raise to comemorate a good year. Employees are the cogs that make a company function; management are the people who (are supposed to) hold it all together (mostly, in my experience, they just hold (catered) meetings about how things are being held together.)
If a company is going to give some form of years-end bonus to their employees and management, they should either meet in the middle with moderate gifts for everyone, or not give anything at all.
At my last job, it was really refreshing when management would order pizza for us (to show appreciation for the hard work we'd been doing for the past few weeks), but it was especially nice that they sat with us and ate the same food we were eating. No caviar, finger foods, or imported seafood; just Pizza Pizza; some vegetarian, some meat, some pepperoni. It made them seem more human to us, and helped us continue slaving away for them in the weeks that followed.
Total cost; about $200 for our department. Net gain; priceless.
Maybe your "common sense" is a non-sens for some other people. I guess all of those you find stupid think the same thing of you. Maybe it's just people don't have the same priorities and values. Just a question of perception.
I'm not talking about (stateful) firewalls; I wouldn't expect my family, friends, or other average users to understand those concepts. I was talking in a somewhat more general sense (the thread was about "average idiots", no?).
What I was referring to is the sheer number of people who routinely do stupid things. Be it work-related, traffic, personal (social), or other; people do not think things through. People who use hair dryers in the shower, who apply make-up, eat, read a newspaper, use their laptop, etc. while driving 100KM/h on the freeway, or those who can't understand that smoking while filling their car's gas tank isn't a terribly good idea, and that creating personal rocket projection systems to propell themselves into their cottage lake is probably inadviseable, or that standing in the middle of a doorway, contemplating life and their surroundings in a busy hallway isn't quite considerate or practical, or that speaking loudly on a cell phone in a movie theatre, exclaiming things like "Sorry, the sound is too loud, I can't hear you!" will probably incite rage in the other movie goers, or all the ladies (term used loosely, if you'll pardon the pun) who get surprised that, after having unprotected sex with several men and find themselves either sporting a child or an STD (nb; it's entirely common that the surprise child will be the second, third, or fourth), or the people who don't 'get' that drinking a pair of 40oz bottles of [insert favourite alcoholic beverage here] will quite possibly find them in the hospital spitting up blood and fragments of their stomach.
There are, of course, infinitely more examples, but I think they limit the upper size of these comments somewhere (and $DEITY forbid I should create a database size overflow or something.;) )
But to get back to this thread - people who do not understand [cars|computers|electronics|mechanical devices] yet who insist upon taking them apart and/or servicing themselves, then blaming the manufacturer/retailer for selling them defective equipment. Or worse - people who don't understand these things and go against the advise of a trained professional and cause serious detriment for themselves and/or others around them.
As to the above references to my parents/grandparents; I do tell them what I think when they try to crack their computers and/or administer the installed software. It took me about five years, but my family finally understands that when they do something to the computer, it generally goes wrong and they need my help to fix it. When I do something to the computer, it works, because I do this for a living and know what I'm doing. Generally they feed me and keep my [coffee|beer] [cup|glass] full for my trouble, and everybody's happy.
The difference being, of course, my family smartened up - other people don't.
One of the higher standards I try to hold people to, and I realize it sounds horribly cliche, is to know one's limitations. For example, I know that I can change my oil (and filter), top up my fluids, and perform other small routine maintainance tasks on my car. I probably could figure my way through brakes or other aspects, but I don't. Instead, I leave it up to the trained mechanics who have years of experience and industry certifications that say they can do the job properly.
Another standard I hold people to, for those who are definately literate, is to read atleast the basic instructions before desperately phoning for help. I can't count the times I've had to help people (or been asked and refused) because they wouldn't open the fold-out "Step By Step" instruction set that came with their new purchase. The fact that many of the installations I've performed were insultingly simple is beside the point; the instructions spelled it out so clearly that a child could figure it out. This excuse adults use that technology is so complex that only the younger generations have a chance is complete rhetoric, and complete nonsense. If a University educated individual can't figure out how to connect something with colour-coded, size-differentiated connectors that are labelled at both ends and comes with a step-by-step instruction manual; something's wrong.
So no, I don't expect that people will understand stateful packet inspection, ingres/egres filtering, bogon filters, application versus network versus physical layer differentiation, or any of the other industry specific jargon I could name; but I do expect people to be able to perform in real life without their hands being held, lest they should manage to kill or maim themselves or someone around them in the process.
Slashdot Mirror
Might want to check on that; as far as just how much you can photocopy and for what purpose. A copy centre in a local college was recently shut down because they were 'turning their backs' while students photo-copied entire textbooks, both for personal use and for resale purposes.
The college has a copyright pamplet that mentioned 10% at a time, and for a specific purpose (ie; photocopy chapter 8 for a project, make your notes, etc..)
Of course, IANAL, but I do believe there's more to the picture than "making a backup/spare copy" of that book you just bought.
It does, however, continue to state the need for a firewall in an effective protection setup;
The preceeding paragraph (that you've paraphrased) was worded very poorly, that I'll give you, but this is a) a "Draft", and b) Merely one of the hundreds of thousands of sites offering advice on the Internet. Even still, if a person follows this through to the letter, they'll be atleast partially protected. Of course they'll have to look elsewhere to find documentation for configuring their particular firewall package, as that was wisely left out of that 'draft'.
If Joe Ignorant Homeuser's whiz-bang three computer home LAN is infiltrated because he didn't even implement the most basic safeguards and software patches, well, that's his own fault and I feel no pity for him.
My home LAN uses port and firewalling for all internal services, and that's almost the way it should be. Ideally the only machine with more than one interface on a multi-homed network should be the firewall which, as I'm sure you're well aware, shouldn't be running any daemons.
Not neccesarily. Sometimes computers are just on multiple networks.
That's part of any proper BOGON filter set, or any decent firewall. Much like I deny all connections claiming to be from/to 127.0.0.1, I deny incoming connections from/to the RFC1918 address space, from my local address space, and from/to any of the unassigned ARIN address space. Claiming that "most" NetFilter configurations don't have such safeguards is, IMHO, a little rash.
If I ever saw someone suggesting it as an alternative to firewalling, I'd call them on it. It's an additional security precaution; not a replacement. I thought it went without saying, but then again this is the world where MCSEs (and other similar paper-hatters) are administering corporate WANs (and by extension, speaking of BOGONs, why the 69.0.0.0/8 address space is presently largely unroutable.)
This relies, of course, on having IP routing enabled on the Linux box (disabled per default) without having the wherewithall to run NetFilter (or another suitable firewall).
Our LAN's CUPS configuration allows port 631 connections only from administrative workstations. IMHO, that's just common-sense security. This could be enforced with a combination firewall and switch/router ACLs that segregate IP sources. If administrators need to perform administrative tasks while 'on the run', they can always VPN to an administrative area.
As for a smaller LAN, just a simple ACL and firewall configuration should suffice. The biggest assumption, of course, is that those using the administrative workstations are clueful* enough to be wary about opening images in e-mail and what-not.
Oh, without question. Sadly, the CUPS website is severely lacking in documentation and security advisories. I tried to check the "More Info" for the December 19th release, but was returned to the homepage. So I've downloaded it and will check the ChangeLog instead.
* (I can't believe I just used that term!)
That would work if not for our customer base; a lot of them (perhaps the majority) still run Windows 98/ME (don't want to pay, it works, etc.), and we wouldn't want to give public access to our server (for obvious reasons).
The sad truth is, there doesn't seem to be a way for a computer repair shops to update Windows without windowsupdate.microsoft.com. The nature of our business is either computers come in for a day (or two, or three) then leave again and sit behind dial-up, cable, DSL, or no Internet connection, else they're on company/home networks of varying degrees of complexity.
For 99% of the time, cacheing the updates with Squid seems to expediate the process, but like I said; it doesn't work when the site won't even let you scan for updates to apply.
We use a transparent (cacheing) HTTP proxy for the bench machines, so the vast majority of Windows Update is cached (the rest aren't "proxy friendly"); but I can't apply the updates if I can't get to the Windows Update site itself.
A local cache, unless I can store it on a CDROM, keep it updated daily with the latest patches (major hassle), and cart it around with me isn't going to do me any good on location for a customer's LAN.
If you know of a simplistic way that I can keep all up-to-date Windows Updates available without having dozens of executable files to run manually (or even with a three/four stage batch file, due to the fact that so many of them require reboots), I'm all ears. I looked at their corporate downloads page, but it didn't list any updates for Windows XP, and now it appears to re-direct me to their primary Windows Update site. (As a matter of fact, that was one facet of the article I tried to submit; how to keep updated without having to rely on windowsupdate.microsoft.com).
I tried to submit a story about the most recent Windows Update debacle, but for some unknown reason it was rejected (I really wish they'd inform users WHY submissions were rejected; even if only a one-word description, like "duplicate", "absurd", "false", "flamebait", etc.), but anyways; it appeared to me that when Microsoft announced their Java VM vulnerability, so many canned installs of Windows XP and the older variants with Automatic Update patches applied were actually DoS'ing the Microsoft Windows Update servers to the point where my 3Mbit connection couldn't even get as far as "Scanning for updates ... ". It was a real nuisance, too, since I had six machines on the bench that day and a customer LAN with five machines that all required major updates (new installs of Win'98, ME, 2k, XP, and/or machines over 1-2 years old running v5 of everything, etc.)
Well, thanks to Microsoft I get to book another service call, likely for 2-3 hours on-site, where I'll update their machines (among other things, but the update will take time; 5 machines, all of them having to download and apply 20MB, requiring 4 re-boots, and there are no centralized images for such a small LAN).
Anyhoo.. </RANT>
Palladium is an attempt to secure what we do with our OS/computer, not an attempt to secure the OS/computer itself. It's Microsoft's belief that in a society that goes to war with totalitarian nations, implementing a totalitarian system of checks and balances will somehow;
In order to secure the OS itself (and thus allow for their 'DRM' format files to be immune from such buffer overflows) would require an exhaustive audit of the entire Windows codebase, with emphasis on security rather than functionality / new features.
Much like people used to claim in days of old that certain message base formats (BBS / FTN message 'echoes') were faster than others, this is also a bit of rubbish. The format doesn't contain vulnerabilities; the players that implement the format have vulnerabilities. It is, in point of fact, perfectly feasable to assume that the same, if only slightly different vulnerability could possibly be exploited with the Ogg Vorbis format.
Unchecked buffers (read: lazy/braindead programming and poor code audits) are at fault here. MP3 is merely the current carrier.
But you're right; it is a feeble excuse to switch formats. It would be more apt to suggest that people switch to a different player, or use a different operating system, but I'm not going to do that.
5. Annoyed customers listen to sales pitch, claim interest, request 1-800 number and company name, report US based company so that fines may be levied.
Since you'll eventualy have to contact them for the sale to go through, they can't win that game.
I do believe that in Canada, and quite probably America, that is already illegal. Long and short of it is; they can't force you to utilize your per-minute airtime to listen to their sales pitch. It's legal with the telephone because these services are typically flat-rate unlimited.
Speak with their supervisor, and request compensation.
BTW - while I haven't received these calls myself (I've had three cell phones in the past six years), I've got friends who've received them while I've been around. You'd be surprised at how quickly they'll hang-up with the utterance of these five words;
"This is a cell phone."
CLICK! They can lose their shirts for ever having called you in the first place, and a lot of them damn-well know it.
Wow.. Can you add any more variables to that case? Illegal immigrant, no license, nursery without sufficient funds to cover costs, ...
I never said it would be a one-day, zero expense endeavour, but it certainly doesn't involve a Columbo-esque plot or a potential international incident.
Moreover; press attention would do wonders for this case. Yahoo! doesn't want their name smeared rightly across the headlines for something they could settle for $200. In all likelyhood they'd pay the money to get rid of you. They'll waste large amounts of legal funding on cases that matter.
They're Yahoo! - they're not likely to pick up and relocate.
You wanna grow a set and say that with your user ID?
Post office. Seal. End of story.
While I'm not a lawyer, but atleast I have a rudimentary understanding of the law. Re-read my post and contact a professional.
Fin.
Nahh.. I've got a nice new phone from Telus which supports 1X, SMS, two-way text messaging and all the other cruft; but I didn't get it because of that, I got it despite all of those features. I couldn't care less about surfing the WWW or reading e-mail on this small screen (small for a computing device, large for a cellphone). I got the phone because it was inexpensive and came with four months' of free airtime and an additional $100 credit towards my bill for a very low rate ($129.99 plus tax) and free activation. When I activated the phone, I simply told the girl not to add any web/text features - period. If I do decide later down the road that I want (some of) them I'll have the option. I like having choice, and eliminating all the phones that are web, 1X, or text-message ready severely reduces my choice (to almost nothing; most new digital phones nowadays are capable of all these features)
Uhm, yes and no. Speaking as someone who's recently had to deal with a Very Large Company who'd over-billed me (to the tune of $200 over four months), I can tell you that yes, perseverance will pay off. Not, however, because they get 'tired', but because eventually you'll speak to someone with reason, you'll speak calmly and plainly about the situation and they'll get you fixed up. It took me over a month of phone calls; level 1, 2, and 3 before I finally got a supervisor in the billing department who was kind enough to help me out. Now that I've received the cheque, I'll have to remember to write an appropriate letter of thanks. (My sister works in a call centre so I know they hear about things like that. So if someone goes the extra mile or even helps you when others won't - let them know! The guy might get a bonus or something out of it, and it'll certainly brighten their day.)
I can't tell if you're trolling, or if you're really this dense.
See, Small Claims COURT is a court of LAW ; judgements made there must be carried out and paid in full, else the guilty will face federal charges.
Yeesh.. Do they let just anybody come here or what?
It's already been stated that the post office seals registered mail. (We're not talking about stock white Grand & Toy envelopes here)
Doesn't have to. Their seal and mark is a known trusted symbol.
It becomes very expensive, time consuming, and aggravating to have someone authenticate potentially hundreds or thousands of sheets on a continuous basis.
So hand it to the judge or bailiff or attourney or ...
If you're going to go to the lengths to fake a registered letter, you might as well fake testimony from a witness. Perjury is far easier than forgery.
I'm not too familiar with how the notary public system works; but couldn't said notary be fired, fined, have their notary status revoked, etc. for such an act?
This sounds reasonable, but ...
The original seal on that envelope is what matters. You file the sealed document away in a safe until the time arises when you might require it, then open it in the presence of a Justice of the Peace and witness(es).
I know a few people who still have a few sealed registered letters kicking around. Much of it is useless by now, but they keep it anyways.
Elitism of one form or another is completely natural in any forum. Mechanics scoff at those who can't flush a radiator before their morning coffee, accountants laugh at people who can't balance their cheque books (letalone balance a company's budget), etc.. The geek community happens to harbour intelectual elitism.
It's a natural progression, too, since those attracted to the 'geeky' IT type professions tend to be of above average intellect (and quite often that results in sub-par social prowess; hence the stereotypes us hellishly cool geeks have to tolerate {cough} ), and many geeks take that for granted, some even get quite high and mighty over it. Hell, sometimes I've even been guilty of it. I doubt any of us are completely immune.
Now, as to whether the "Slashdot Community" is any form a representation of the true geek, or are somehow in a remarkable intellectual or career bracket; that's highly debateable. Slashdot has a definite reputation in the real (and even the uber-geek) world, and to a great extent it deserves it. This is an inflammatory forum frequented by many hot-tempered, lightening-tongue types who are quick to Google and use the dictionary and thesaurus in order to scald their opponants, and it puts forth a lot of arrogance. You'll never get an argument from me on that front. That's one reason for my philosophy of taking online forums with a very large particle of NaCl; Slashdot especially.
I tend to judge people on an independant basis; their Slashdot user ID is probably the furthest thing from my mind when doing so, let me assure you.
If they do stupid things, yes. Thankfully they don't often do stupid things (thanks in part to years of goading and conditioning, but I digress) so I don't have to.
Case in point; a friend of mine (who, incidentally, has about a decade more IT experience than I) recently was solicited by his father for some ISP advise. His father, upon hearing his advice, promptly went his own way. Havnig been a somewhat ongoing trend, he confronted his father about it, who had no response other than one to the effect of a shrug. See, my friend is the one who'll have to deal with his parents when their new ISP ("They're cheaper" was the justification) starts having technical difficulties - or worse - shuts down.
Much like mechanics will toss you a jug of water and a bag of cat litter, it's our job to educate those around us with the basic skillset that will help keep them safe out here in our turf. I try to keep my family abreast of the things they should watch out for, and as a result they no longer reply to "unsubscribe@spamemail.com" addresses, delete mail they know to be SPAM, don't forward chain letters or virus warnings, etc.
I don't teach them the OSI model or the structure of a TCP packet, I teach them the safeguards they should watch out for, and teach them the skills they need to answer questions they have on their own so they can broaden their knowledge and be more effective technologians.
</CORN>
I do agree with your sentiment, however I also believe that the morale of a company suffers greatly when the employees are given some form of novelty item while management is lavished with fancy dinners, parties, cruises or other nicities and/or a celebratory raise to comemorate a good year. Employees are the cogs that make a company function; management are the people who (are supposed to) hold it all together (mostly, in my experience, they just hold (catered) meetings about how things are being held together.)
If a company is going to give some form of years-end bonus to their employees and management, they should either meet in the middle with moderate gifts for everyone, or not give anything at all.
At my last job, it was really refreshing when management would order pizza for us (to show appreciation for the hard work we'd been doing for the past few weeks), but it was especially nice that they sat with us and ate the same food we were eating. No caviar, finger foods, or imported seafood; just Pizza Pizza; some vegetarian, some meat, some pepperoni. It made them seem more human to us, and helped us continue slaving away for them in the weeks that followed.
Total cost; about $200 for our department. Net gain; priceless.
I'm not talking about (stateful) firewalls; I wouldn't expect my family, friends, or other average users to understand those concepts. I was talking in a somewhat more general sense (the thread was about "average idiots", no?).
What I was referring to is the sheer number of people who routinely do stupid things. Be it work-related, traffic, personal (social), or other; people do not think things through. People who use hair dryers in the shower, who apply make-up, eat, read a newspaper, use their laptop, etc. while driving 100KM/h on the freeway, or those who can't understand that smoking while filling their car's gas tank isn't a terribly good idea, and that creating personal rocket projection systems to propell themselves into their cottage lake is probably inadviseable, or that standing in the middle of a doorway, contemplating life and their surroundings in a busy hallway isn't quite considerate or practical, or that speaking loudly on a cell phone in a movie theatre, exclaiming things like "Sorry, the sound is too loud, I can't hear you!" will probably incite rage in the other movie goers, or all the ladies (term used loosely, if you'll pardon the pun) who get surprised that, after having unprotected sex with several men and find themselves either sporting a child or an STD (nb; it's entirely common that the surprise child will be the second, third, or fourth), or the people who don't 'get' that drinking a pair of 40oz bottles of [insert favourite alcoholic beverage here] will quite possibly find them in the hospital spitting up blood and fragments of their stomach.
There are, of course, infinitely more examples, but I think they limit the upper size of these comments somewhere (and $DEITY forbid I should create a database size overflow or something. ;) )
But to get back to this thread - people who do not understand [cars|computers|electronics|mechanical devices] yet who insist upon taking them apart and/or servicing themselves, then blaming the manufacturer/retailer for selling them defective equipment. Or worse - people who don't understand these things and go against the advise of a trained professional and cause serious detriment for themselves and/or others around them.
As to the above references to my parents/grandparents; I do tell them what I think when they try to crack their computers and/or administer the installed software. It took me about five years, but my family finally understands that when they do something to the computer, it generally goes wrong and they need my help to fix it. When I do something to the computer, it works, because I do this for a living and know what I'm doing. Generally they feed me and keep my [coffee|beer] [cup|glass] full for my trouble, and everybody's happy.
The difference being, of course, my family smartened up - other people don't.
One of the higher standards I try to hold people to, and I realize it sounds horribly cliche, is to know one's limitations. For example, I know that I can change my oil (and filter), top up my fluids, and perform other small routine maintainance tasks on my car. I probably could figure my way through brakes or other aspects, but I don't. Instead, I leave it up to the trained mechanics who have years of experience and industry certifications that say they can do the job properly.
Another standard I hold people to, for those who are definately literate, is to read atleast the basic instructions before desperately phoning for help. I can't count the times I've had to help people (or been asked and refused) because they wouldn't open the fold-out "Step By Step" instruction set that came with their new purchase. The fact that many of the installations I've performed were insultingly simple is beside the point; the instructions spelled it out so clearly that a child could figure it out. This excuse adults use that technology is so complex that only the younger generations have a chance is complete rhetoric, and complete nonsense. If a University educated individual can't figure out how to connect something with colour-coded, size-differentiated connectors that are labelled at both ends and comes with a step-by-step instruction manual; something's wrong.
So no, I don't expect that people will understand stateful packet inspection, ingres/egres filtering, bogon filters, application versus network versus physical layer differentiation, or any of the other industry specific jargon I could name; but I do expect people to be able to perform in real life without their hands being held, lest they should manage to kill or maim themselves or someone around them in the process.
Of course, it's pretty difficult to enforce a contract that, in order to be agreed to, I've already had to;
Seems to me, by the time I've purchased the software I've already violated their agreement by using it without agreeing to their license.
There are these funny laws surrounding "contracts" in most of the civillized world, you know.