> As the original contractor/code-monkey on the INSPASS project,
Automatic (+1, You Poor Bastard, how did you escape with your mind intact?)
> I'm amazed it only took 10 years to cut through enough of the beaurocratic B.S.
ObPeeve: "Bureaucratic".
But apart from that. Damn. At least INS and Customs have been integrated under the same department. That's a start, but it's only a start. The acid test for BICE will be whether or not they can integrate their back-end infrastructure to avoid the problems you outline.
> Of course, precision of card printing being what it is, the photo would often obscure or otherwise make the data in the other formats unreadable.
I'd like to think that today's printers and scanners have gotten good enough that one could steganographically embed biometric data in the photograph. Joe BICEpack at the immigration desk couldn't verify its presence/veracity by eye, but he could sure as heck stick it under a scanner at the port of entry and see if his terminal pops up a warning, like "Picture biometric does not match passport printed data. Picture appears to match Mr. Foo Bar, SSN/ITIN AAA-BB-CC, A#123456789, Mr. Foo Bar is/isn't on watch lists X, Y, and Z. Mr. Foo Bar has/hasn't a track record of customs violations, etc. etc. etc."
The one reservation I'd have about such an approach would be what happens if the scanner at the airport or border crossing gets coated with crud/residue after having processed thousands of passports a week. Perhaps a periodic recalibration with a "test card" (designed to be almost unreadable, worse than the average passport) after a spray on the scanner window with Windex or something could be part of the officer's morning routine. Get in, wipe window with rub, insert test card, re-wipe until test card says "OK", then open wicket for business with real passports.
Fer the record, I hereby place that idea in the public domain. Anyone in.gov who wants to take credit for it is welcome to do so, especially if they can get it - or anything more secure - implemented in less than 10 years.
To the privacy crowd: Privacy's good stuff. But the purpose of a passport is to provide proof of identity and citizenship. Unless you simultaneously advocate anonymous cross-border travel, policies which secure passports from exploits are perfectly compatible with privacy rights as they exist in law today, and as they existed in law before 9/11.
> The reason is that your music files are wrapped in SDMI encryption, which is unencrypted by the license that you download when you download the music file.
SDMI? SDMI?! Does anyone here remember how SDMI was supposed to be the Next Big Thing?
> Technically, there is not a word for the number. The key point being "A" word. There are multiple words that could be combined to represent the number. "thirty six trillion" is actually 3 words.
How about "Assload"? IPv6 allows for an assload of IP addresses.
Once you get past 35 trillion, I don't think it matters if it's a metric assload or an imperial assload.
> The 'crisis' is really another example of media fear-inducing hype. Worst case senario, your ISP will begin
issuing private IPs for for customers with basic accounts. > Yes, some things will break. But there's not much out there that doesn't function in a NAT enviroment from a
client standpoint. > It'd also save ISPs a lot of headache with customers running unauthorized services.
*applause*
Port 25 filtering would finally make sense - no more luzers with open exploitable proxies spewing bilge from attbi.com, rr.com, pacbell.net, comcast.net, and so on.
Add to that the possibility of doing ingress filtering, and you've got something that wouldn't just be less expensive for tech support, but a little safer for Joe Luser, whose unpatched box would be on a private subnet.
If the skript kiddie can't talk to port 135, 137, 138, 139, 445, or 1900 of Joe's box, he's gonna have a harder time 0wning him.
> Step #1: Earn $100,000 selling cocaine. > Step #2: Make 100 anonymous $1,000 purchases to "friends" > Step #3: "Friends" make legitamate purchases from you on Ebay.
> thus your money is laundered (provided you pay income tax on your ebay sales.)
If you pay income tax on your coc^H^H^HeBay sales, so much the better for the IRS. If we can't legalize it, the least we can do is tax it to fund the costs of not legalizing it:)
Seriously, I can't imagine Joe Mobster using this as a means of laundering $100,000, precisely because of the prohibitive taxes that he'd incur. He's better off financially (and has an easier time of it) "giving" $10,000 to 10 of his friends. The 10 of 'em can have a great night at the nearest casino, partying hard until they all leave with $9,000 each.
Yes, Joe Mobster's broken a couple more financial reporting laws by doing that, but hey, he's already broken a bunch of laws by getting money he needs to launder in the first place.
> > McBride and his deatheaters will find themselves kicked out without a golden parachute. We can only hope!"
> > me thinks a golden shower would be more appropriate
"I wouldn't piss in yo' mouth if yo' stomach was on fire!"
- Mojo Nixon
> Those already participating in fisting will probably not gain anything new from this book (other than the few poems, line drawings and one-page personal acco
Waaaaaaaaaaaaaitaminit. POEMS?!?! WTF?
Fisting poetry?
Goatse links now on topic?
What the fucking fuck?
> Another one is D-Link: they have "DWL-650" and "DWL-650+".
"DWL-650+" is simply an improved version of the "DWL-650", right?
WRONG!
The standard versions use Prism2.5, whereas the "+" versions use ACX100
chipset. Good luck in finding a (correct) driver!!
And it's even WORSE: I just found out that there is some newer
version of the "DWL-650" out that also contains the ACX100
(it uses the same hardware as the "+" versions).
This BRAINDEAD STUPIDITY in device naming easily entitles D-Link
for the "Most Braindead Hardware Vendor 2003" award
To phrase this in language that even suits can understand:
This is poor businss practice, not just it's difficult for anyone deploying these devices to know what they've bought (because who gives a fuck once you've got their money, right?), but because it adds to your support costs because when half of your DWL-650 doesn't work, and the guy deploying them calls your support drones - even at $1.99/h in India - it's a waste of your money to have them spend 20 minutes figuring out whether it's a chipset/driver problem that makes the difference between the working and non-working units.
Your current way of screwing the customer is cutting into your margins because it increases your support costs. Find a more profitable way of screwing the customer. I think you could screw them more profitably by using different product names on different products.
> To qualify, people must fill out contest entries and upgrade to MSN Messenger 6.0. They also must be logged in to the service and agree to use only Microsoft's Quality products for the rest of their natural lifetime.
"Microsoft's Quality products"?
So in other words, they have to switch to DOS 6.0 after they win? For the rest of their life? Actually, that doesn't sound so bad.
> Sorry, a smartcard 'reader' is nothing more then a standard sereal port with slightly diffrent
voltages and a diffrent pin-out pattern. The whole point of a smartcard is that it's a
programmable computer. You can build a smart-card reader with just a few resistors.
Solution obvious! Resistors can be had anywhere. Sue everybody who's ever bought components from Digi-Key, Jameco, Mouser and even Radio Shack!
There's a problem with the girls here on Earth They stopped acting dizzy wearing miniskirts Seems like
everything wild is in distaste
Gotta get my band off in outer, outerspace
It can't come too soon, Someone always has to break the rules, Like a rock n roll cartoon, First Band on the Moon!
> Microsoft has been bragging up their Trustworthy Computing [sic] and talking about how much better their efforts have been then open source projects.
And the truly funny part is that when the rubber hits the road, it's still the Same Old Microsoft.
The bugs aren't in the software. THEY'RE IN THE CORPORATE CULTURE OF THIS PARTICULAR VENDOR.
Shit, look at today's hole - a cut-and-paste operation could 0wnz0r j00r b0x0r? Go ahead and secure your box if you like, but...
Note that there is generally a trade-off between ease-of-use and security; by selecting a high-security configuration, you could make it extremely unlikely that a malicious Web site could take action against you, but at the cost of missing a lot of rich functionality.
This is a security advisory? What the fuck? What the fucking fuck fuck?
(Shit, if they put that on the "cut-and-paste 0wnz j00, disable Javashit for a quick fix" page, I'm surprised they didn't put something like "Note that firewalling port 135 could cost you rich functionality and notifications of products and services in which you might be interested" on the remotely-exploitable SYSTEM hole.)
The mindset that values "rich functionality" over basic sane design is why MSFT is unfit to secure Steve Ballmer's head outside of his own ass, let alone HomeSec's b0x3n. That mindset starts at the top, and works its way down to every developer, even the poor motherfucker who has to write up the TechNet web pages on the weekly critical 'sploits. THAT MINDSET is the bug that needs to be fixed before MS crapware can even begin to fantasize about trustworthiness.
(/me goes back to pounding head on desk, repeating "WTFFF", over and over again.)
"WTFFF" - A New Mantra for a New Age of Trustworthy Computing.
> Good news: Orwellian homeland securty is now going to lose all your data as fast as it collects it. > Bad News: "In other news, After extensive backround checks by homeland security, Mr. Nedal Nib Amaso is now head of NTSB....."
Surveying the smoldering crater, President Ballmer was heard to remark "Y'know, they should have known that
J0N45H-C40FT15-054M4-B1NL4-D3NIN-4-P16-5U1T wasn't a valid activation key."
> No wonder Windows cost so much. That's $43 per work hour! > And that would be 121 people working for 4 years!
And remember! If you work for MSFT, now you get paid in restricted stock, not stock options!
That's right! You pay all the income *tax* as if you'd cashed in stock options up front, and you get all the *risk* of owning stock! Don't you feel more motivated already? 80-hour work weeks for everyone! Woohoo!
(Sorry, son, too many of you became millionaires in the last boom. Can't have that happen again. Stock options are only for the important people now.)
> Does anyone here actually use Netscape as their default browser?
Yeah. (Mozilla, that is.)
1) Tabbed browsing. Easier/faster to repeatedly click "X" in the corner than to wave over one of 20-30 windows. I let pages load in the background while reading one.
2) With Prefs Toolbar, easy image/Java/Javashit/cookie control. All off by default. Re-enabled only when required. One click in a checkbox. Proxy is on by default, hooked into Proxomitron. Turned off if and only if a site requires it, for the duration of that site view. One-click (well, one-pulldown) control of User-Agent. For dumbfuck web designers that see "What? Not IE? No HTML for you! No, we're not even going to send the HTML and let your browser try to render it, we're just going to tell you to go away because we don't want your business."
3) Security. No ActiveX, no other dumb misfeatures, less integrated with the OS so that as-yet-undiscovered dumb misfeatures are less likely to affect an entire system.
In short - Mozilla offers me control over my browsing experience (in terms of feature #2, a level of control I haven't seen since Netscape 3. Netscape 4 was a downgrade in terms of burying/hiding the Javashit and image autoload options to make them less accessible.)
In comparison, IE offers me virtually no control over my browsing experience. So I use Mozilla, not IE. If the job is "viewing web pages", Mozilla is the better tool for the job.
> Might be even more fun as the Office of Private Intraorbital Underwriting and Management (OPIUM)
The goal isn't to pacify or mollify, but to annoy and frustrate private spaceflight folks. I'm betting 50 gallons of peroxide on "Private Ionospheric Transport Agency"
> I take it that was the offspring of Yoda and Ackbar speaking? I wonder what he would look like . ..
Now that you've brought it up, I wonder what the mating of Yoda and Ackbar would look like. (What the hell, now that I've had the thought, I might as well share the mental scarring.)
> A quick search showed that as it was a cosmetic treatment the current laws restrict the concentration of hydrogen peroxide to 0.1%. Home kits apparently have about 3.6% and some treatments performed by dentists have up to 38%
When I read about the in-office systems at 38%, all I could do was say "No. No no no no no no no no no."
3%, sure. 6%, maybe. But 38%? WTF d00d? Doctor, are you farking nuts? H202 is nasty stuff, crap, that's almost halfway to rocket fuel, and it's not something that belongs anywhere near my mouth, not without a damn good reason.
While I'm reasonably confident that little or no short-term harm is likely to come from having the 38% treatment applied under supervision of a dentist, until someone starts paying me $100,000 a year to have a pretty smile, yellow teeth continue to fail the "damn good reason" test.
(Last time I was at a dentist who offered me the treatment, and I told him that although I appreciated his need to stay in business, but that I couldn't think of any medically necessary reason I needed 35% H202 in my mouth, he smiled and shook my hand:)
Re:How Does One Mount a Wild Elephant?
on
How to Become a PHB?
·
· Score: 2, Funny
> Let me get this straight: she asked him out, he didn't say yes, he didn't say no either. So how exactly is she supposed to interpret this? For all she knows, he's playing hard to get, and his vague answers are attempts at flirting.
*applause*.
They're called gonads. He needs to grow a pair and say "Look, I get the impression that you're making advances on me. If you weren't, hey, sorry for misinterpreting you, and please disregard the rest of this speech, which will make no sense to you. If you were, hey, I'm awful flattered, but I wanna level with you that I'm not interested in that sort of thing. I'm here to work with $TECH, to deliver a working $DELIVERABLE, and to earn a few bucks while doing so. Nothing less, and nothing more. I get all the fulfillment I need from doing a good job with $TECH, that's why your organization hired me, why I took you on as a customer, and that's why I'm here."
(Note: At no time should he say "As a professional, I don't believe in having relationships with my customers or co-workers". That could be mis-interpreted as "I won't do anything as long as I work here, but the day you fire me, we can have lots of hot monkey sex!")
If she can't take "no" for an answer, then he can decide whether to fuck her into the space age, or sue her into the stone age.
But until he grows a pair and says "No", he's got no right to complain, because he's not a mindreader - he can't assume she knows her advances are unwelcome until he tells her to knock it off.
(Gonads are great, but he should also use his pair of his brains. Once he grows a pair of gonads and decides to have this conversation, he should also heed his brains... and hide a tape recorder or mini-video cam. A laptop with FireWire and a DV-recorder, a hole in the laptop case, and a bit of hot glue, should do the trick.)
Automatic (+1, You Poor Bastard, how did you escape with your mind intact?)
> I'm amazed it only took 10 years to cut through enough of the beaurocratic B.S.
ObPeeve: "Bureaucratic".
But apart from that. Damn. At least INS and Customs have been integrated under the same department. That's a start, but it's only a start. The acid test for BICE will be whether or not they can integrate their back-end infrastructure to avoid the problems you outline.
> Of course, precision of card printing being what it is, the photo would often obscure or otherwise make the data in the other formats unreadable.
I'd like to think that today's printers and scanners have gotten good enough that one could steganographically embed biometric data in the photograph. Joe BICEpack at the immigration desk couldn't verify its presence/veracity by eye, but he could sure as heck stick it under a scanner at the port of entry and see if his terminal pops up a warning, like "Picture biometric does not match passport printed data. Picture appears to match Mr. Foo Bar, SSN/ITIN AAA-BB-CC, A#123456789, Mr. Foo Bar is/isn't on watch lists X, Y, and Z. Mr. Foo Bar has/hasn't a track record of customs violations, etc. etc. etc."
The one reservation I'd have about such an approach would be what happens if the scanner at the airport or border crossing gets coated with crud/residue after having processed thousands of passports a week. Perhaps a periodic recalibration with a "test card" (designed to be almost unreadable, worse than the average passport) after a spray on the scanner window with Windex or something could be part of the officer's morning routine. Get in, wipe window with rub, insert test card, re-wipe until test card says "OK", then open wicket for business with real passports.
Fer the record, I hereby place that idea in the public domain. Anyone in .gov who wants to take credit for it is welcome to do so, especially if they can get it - or anything more secure - implemented in less than 10 years.
To the privacy crowd: Privacy's good stuff. But the purpose of a passport is to provide proof of identity and citizenship. Unless you simultaneously advocate anonymous cross-border travel, policies which secure passports from exploits are perfectly compatible with privacy rights as they exist in law today, and as they existed in law before 9/11.
SDMI? SDMI?! Does anyone here remember how SDMI was supposed to be the Next Big Thing?
Wow, those buy.com d00dz are so 1997!
How about "Assload"? IPv6 allows for an assload of IP addresses.
Once you get past 35 trillion, I don't think it matters if it's a metric assload or an imperial assload.
> Yes, some things will break. But there's not much out there that doesn't function in a NAT enviroment from a client standpoint.
> It'd also save ISPs a lot of headache with customers running unauthorized services.
*applause*
Port 25 filtering would finally make sense - no more luzers with open exploitable proxies spewing bilge from attbi.com, rr.com, pacbell.net, comcast.net, and so on.
Add to that the possibility of doing ingress filtering, and you've got something that wouldn't just be less expensive for tech support, but a little safer for Joe Luser, whose unpatched box would be on a private subnet.
If the skript kiddie can't talk to port 135, 137, 138, 139, 445, or 1900 of Joe's box, he's gonna have a harder time 0wning him.
If I hadn't posted already, oh, man, my kingdom for a mod point :)
> Step #2: Make 100 anonymous $1,000 purchases to "friends"
> Step #3: "Friends" make legitamate purchases from you on Ebay.
> thus your money is laundered (provided you pay income tax on your ebay sales.)
If you pay income tax on your coc^H^H^HeBay sales, so much the better for the IRS. If we can't legalize it, the least we can do is tax it to fund the costs of not legalizing it :)
Seriously, I can't imagine Joe Mobster using this as a means of laundering $100,000, precisely because of the prohibitive taxes that he'd incur. He's better off financially (and has an easier time of it) "giving" $10,000 to 10 of his friends. The 10 of 'em can have a great night at the nearest casino, partying hard until they all leave with $9,000 each.
Yes, Joe Mobster's broken a couple more financial reporting laws by doing that, but hey, he's already broken a bunch of laws by getting money he needs to launder in the first place.
Wasn't the fisting (hey, I get ads for that in my spam every day!), it was the idea of writing poetry about it. Eeeew! :)
>
> me thinks a golden shower would be more appropriate
"I wouldn't piss in yo' mouth if yo' stomach was on fire!"
- Mojo Nixon
Waaaaaaaaaaaaaitaminit. POEMS?!?! WTF?
Fisting poetry?
Goatse links now on topic?
What the fucking fuck?
To phrase this in language that even suits can understand:
This is poor businss practice, not just it's difficult for anyone deploying these devices to know what they've bought (because who gives a fuck once you've got their money, right?), but because it adds to your support costs because when half of your DWL-650 doesn't work, and the guy deploying them calls your support drones - even at $1.99/h in India - it's a waste of your money to have them spend 20 minutes figuring out whether it's a chipset/driver problem that makes the difference between the working and non-working units.
Your current way of screwing the customer is cutting into your margins because it increases your support costs. Find a more profitable way of screwing the customer. I think you could screw them more profitably by using different product names on different products.
"Microsoft's Quality products"?
So in other words, they have to switch to DOS 6.0 after they win? For the rest of their life? Actually, that doesn't sound so bad.
Hey, look! A real live airline employee posting on this thread! :)
Solution obvious! Resistors can be had anywhere. Sue everybody who's ever bought components from Digi-Key, Jameco, Mouser and even Radio Shack!
Let resistance be futile!
It's worse than that. DirecTV is saying "Even the TV thieves can wait! There are people NOT stealing TV!"
There's a problem with the girls here on Earth
They stopped acting dizzy wearing miniskirts
Seems like everything wild is in distaste
Gotta get my band off in outer, outerspace
It can't come too soon,
Someone always has to break the rules,
Like a rock n roll cartoon,
First Band on the Moon!
- Motley Crue, "First Band on the Moon", 1999.
*crumple, toss, nothin' but basket*
And the truly funny part is that when the rubber hits the road, it's still the Same Old Microsoft.
The bugs aren't in the software. THEY'RE IN THE CORPORATE CULTURE OF THIS PARTICULAR VENDOR.
Shit, look at today's hole - a cut-and-paste operation could 0wnz0r j00r b0x0r? Go ahead and secure your box if you like, but...
This is a security advisory? What the fuck? What the fucking fuck fuck?
(Shit, if they put that on the "cut-and-paste 0wnz j00, disable Javashit for a quick fix" page, I'm surprised they didn't put something like "Note that firewalling port 135 could cost you rich functionality and notifications of products and services in which you might be interested" on the remotely-exploitable SYSTEM hole.)
The mindset that values "rich functionality" over basic sane design is why MSFT is unfit to secure Steve Ballmer's head outside of his own ass, let alone HomeSec's b0x3n. That mindset starts at the top, and works its way down to every developer, even the poor motherfucker who has to write up the TechNet web pages on the weekly critical 'sploits. THAT MINDSET is the bug that needs to be fixed before MS crapware can even begin to fantasize about trustworthiness.
(/me goes back to pounding head on desk, repeating "WTFFF", over and over again.)
"WTFFF" - A New Mantra for a New Age of Trustworthy Computing.
> Bad News: "In other news, After extensive backround checks by homeland security, Mr. Nedal Nib Amaso is now head of NTSB....."
Surveying the smoldering crater, President Ballmer was heard to remark "Y'know, they should have known that J0N45H-C40FT15-054M4-B1NL4-D3NIN-4-P16-5U1T wasn't a valid activation key."
> And that would be 121 people working for 4 years!
And remember! If you work for MSFT, now you get paid in restricted stock, not stock options!
That's right! You pay all the income *tax* as if you'd cashed in stock options up front, and you get all the *risk* of owning stock! Don't you feel more motivated already? 80-hour work weeks for everyone! Woohoo!
(Sorry, son, too many of you became millionaires in the last boom. Can't have that happen again. Stock options are only for the important people now.)
Yeah. (Mozilla, that is.)
1) Tabbed browsing. Easier/faster to repeatedly click "X" in the corner than to wave over one of 20-30 windows. I let pages load in the background while reading one.
2) With Prefs Toolbar, easy image/Java/Javashit/cookie control. All off by default. Re-enabled only when required. One click in a checkbox. Proxy is on by default, hooked into Proxomitron. Turned off if and only if a site requires it, for the duration of that site view. One-click (well, one-pulldown) control of User-Agent. For dumbfuck web designers that see "What? Not IE? No HTML for you! No, we're not even going to send the HTML and let your browser try to render it, we're just going to tell you to go away because we don't want your business."
3) Security. No ActiveX, no other dumb misfeatures, less integrated with the OS so that as-yet-undiscovered dumb misfeatures are less likely to affect an entire system.
In short - Mozilla offers me control over my browsing experience (in terms of feature #2, a level of control I haven't seen since Netscape 3. Netscape 4 was a downgrade in terms of burying/hiding the Javashit and image autoload options to make them less accessible.)
In comparison, IE offers me virtually no control over my browsing experience. So I use Mozilla, not IE. If the job is "viewing web pages", Mozilla is the better tool for the job.
The goal isn't to pacify or mollify, but to annoy and frustrate private spaceflight folks. I'm betting 50 gallons of peroxide on "Private Ionospheric Transport Agency"
Now that you've brought it up, I wonder what the mating of Yoda and Ackbar would look like. (What the hell, now that I've had the thought, I might as well share the mental scarring.)
When I read about the in-office systems at 38%, all I could do was say "No. No no no no no no no no no."
3%, sure. 6%, maybe. But 38%? WTF d00d? Doctor, are you farking nuts? H202 is nasty stuff, crap, that's almost halfway to rocket fuel, and it's not something that belongs anywhere near my mouth, not without a damn good reason.
While I'm reasonably confident that little or no short-term harm is likely to come from having the 38% treatment applied under supervision of a dentist, until someone starts paying me $100,000 a year to have a pretty smile, yellow teeth continue to fail the "damn good reason" test.
(Last time I was at a dentist who offered me the treatment, and I told him that although I appreciated his need to stay in business, but that I couldn't think of any medically necessary reason I needed 35% H202 in my mouth, he smiled and shook my hand :)
Easy!
# mount -F wild -o rdonly /dev/elephant /archives
*applause*.
They're called gonads. He needs to grow a pair and say "Look, I get the impression that you're making advances on me. If you weren't, hey, sorry for misinterpreting you, and please disregard the rest of this speech, which will make no sense to you. If you were, hey, I'm awful flattered, but I wanna level with you that I'm not interested in that sort of thing. I'm here to work with $TECH, to deliver a working $DELIVERABLE, and to earn a few bucks while doing so. Nothing less, and nothing more. I get all the fulfillment I need from doing a good job with $TECH, that's why your organization hired me, why I took you on as a customer, and that's why I'm here."
(Note: At no time should he say "As a professional, I don't believe in having relationships with my customers or co-workers". That could be mis-interpreted as "I won't do anything as long as I work here, but the day you fire me, we can have lots of hot monkey sex!")
If she can't take "no" for an answer, then he can decide whether to fuck her into the space age, or sue her into the stone age.
But until he grows a pair and says "No", he's got no right to complain, because he's not a mindreader - he can't assume she knows her advances are unwelcome until he tells her to knock it off.
(Gonads are great, but he should also use his pair of his brains. Once he grows a pair of gonads and decides to have this conversation, he should also heed his brains... and hide a tape recorder or mini-video cam. A laptop with FireWire and a DV-recorder, a hole in the laptop case, and a bit of hot glue, should do the trick.)