Don't let a single paragraph in the article dictate to you what this is about -- the people who are suing aren't SQL Server licensees, so the EULA has no bearing.
IANAL, but it seems pretty clear that the reporter missed the difference between damage inflicted ON a licensee and damage inflicted BY a licensee.
Regarding Microsoft's communication skills -- agreed -- but who would rely on Microsoft for all of their security info ?
That's right, your laziness is our problem... we should get our lazt arses into gear because you were too stupid to incorporate any provisions for bugs in someone else's software into your business plan.
If you got nailed by Slammer, it is because you broke security rule #1 and put a database where it could be accessed directly over the Net.
Assuming that you have a good reason for exposing that server, it is then incumbent on you to understand the risks, ESPECIALLY WHEN THEY'RE MADE PUBLIC 6 MONTHS PRIOR!
Take some responsibility -- you made the choice... it's not like there is a shortage of good DB platforms out there...
But, you're missing the more important point, this suit has NOTHING to do with EULAs, except for a bunch of/.rs trying to hammer home a (valid) point by squinting until they see an opening that fits their needs.
Consider the reasons why Slammer was such a problem:
- there was a bug in SS2K - exploit used a stateless connection (UDP) - the state of Internet border security is "allow everything but..." - admins didn't apply a patch that had been available for 6 MONTHS (more than enough time to test) - admins don't properly protect their servers
Of these, only the first is Microsoft's fault and they are the only ones who fixed their contribution to the problem proactively.
But, since Microsoft has deep pockets and geeks hate them, let's sue them...
Time to grab some perspective -- patch and defend your fucking systems, people !!!
Uh... the judge did not say "what was going on wasn't illegal"...
The judgement said that the P2P mechanisms themselves weren't illegal... the unauthorized sharing of copyrighted works is clearly illegal -- it's just not Kazaa's fault.
Easily enough done by jacking up the bitrate -- like MPEG-2 at 9.8Mbit/s (e.g highest quality possible under DVD).
Alternatively, you can twiddle and tweak with compression settings (depending on your encoder), but I've given that up in favour of just making larger files and abandoning VCD.
Someone else has already said that this is finally a topic that they can contribute to, but I've been generating a nice, low-lying, thick and clingy fog for my "haunted yard" for the past 8 years.
The "classic" fog chiller, using coolers, fans and regular ice is a good start, but misses the key points for cold environments.
In order to make a thick, low-lying fog using a cheap fog machine, you need to do two things (particularly here in Canada, where we often get Halloween close to freezing):
1) Humidify the fog (often forgotten) 2) Cool the fog below the ambient temperature
The classic technique accomplishes both of these by passing the fog through a cooler of "wet" ice. As my friends in New England and Minnesota know, this don't do squat when the ambient temperature is around freezing...
So... pass the fog through a cooler of wet ice (some cooling, but significant humidification), THEN pass it through an aluminum duct (flexible dryer ducting works best) full (to half-height) of dry ice (that's chilling)... solves all of the world's fog problems.
But, remember:
1) Don't cuddle with the dry ice 2) Don't use any of this to cool a processor
"I know most of you are going to say that it's a Microsoft ploy to get a list of addresses of mod chippers, but that's a little farfetched even by MS standards."
Tell that to the masses of DTV hackers receiving letters from DirecTV lawyers where the only possible record of their identities are orders/mailing lists from distributors....
Cheers.
... is that people dismiss the injection attack because they think there are too many unknowns.
You can tell pretty quickly if the machine is going to be vulnerable (e.g. if you can execute arbitrary SQL commands), and, if it is, it is rather easy to determine if there are quick exploits available.
If you consider only "query injection", where you need to know something about the data, then *some* work is required (so you *may* have a point).
If, however, you look at "procedure injection", you can do some particularly nasty things if you can get to, say, xp_cmdshell... (depending, of course, on the security context).
Or, if you know that an input field will be placed into the HTML stream without proper supervision, just put in a nifty SSI or a scripted nasty.
These things may not always work, but it is pretty quick work to determine whether or not they will...
OK -- I thought that the/Gb excess charge was a little high.
I download backups from my web server to a backup server in my home and will definitely cross the 5Gb limit.
Then, I read the rest of the Sympatico e-mail and found that, for _C_$69.95, I'll get 10Gb AND get faster speeds (3Mb down, 640k up)... this is not an unreasonable price for this service...
Cheers,
JAKD
Re:Does it really matter?
on
Carnivore Update
·
· Score: 2, Insightful
I am sitting here shaking my Canadian head in complete disbelief that my American neighbours can't seem to remember that same stupidity that gives rise to [blood]'s commentary ruined the lives of countless good and patriotic Americans during the McCarthy nonsense...
I only studied one year of detailed American history (lived in Chicago for a year) and even my (2-year old) kids can see that [blood] is obviously an idiot with no sense of history and absolutely no understanding of where his "freedom" comes from.
Don't give in to the fear -- you will surrender more than you can possible gain.
Slashdot Mirror
Not to be a smart-ass, but I would think that the phrase "in development" adequately conveys the fact that these are not shipping products ...
Better question is "why 20 years ?" ...
VHS has been great in the absence of options that are easier to move forward.
Now that you're thinking digital, why not think about 2-5 years and, since it's digital you can batch-convert everything to the next best thing.
Cheers
Unless I missed something, these AREN'T SQL Server licensees ... hence, EULA doesn't apply.
Cheers.
Don't let a single paragraph in the article dictate to you what this is about -- the people who are suing aren't SQL Server licensees, so the EULA has no bearing.
IANAL, but it seems pretty clear that the reporter missed the difference between damage inflicted ON a licensee and damage inflicted BY a licensee.
Regarding Microsoft's communication skills -- agreed -- but who would rely on Microsoft for all of their security info ?
Cheers,
JAKD
That's right, your laziness is our problem ... we should get our lazt arses into gear because you were too stupid to incorporate any provisions for bugs in someone else's software into your business plan.
... it's not like there is a shortage of good DB platforms out there ...
If you got nailed by Slammer, it is because you broke security rule #1 and put a database where it could be accessed directly over the Net.
Assuming that you have a good reason for exposing that server, it is then incumbent on you to understand the risks, ESPECIALLY WHEN THEY'RE MADE PUBLIC 6 MONTHS PRIOR!
Take some responsibility -- you made the choice
Cheers,
JAKD
But, you're missing the more important point, this suit has NOTHING to do with EULAs, except for a bunch of /.rs trying to hammer home a (valid) point by squinting until they see an opening that fits their needs.
..."
...
Consider the reasons why Slammer was such a problem:
- there was a bug in SS2K
- exploit used a stateless connection (UDP)
- the state of Internet border security is "allow everything but
- admins didn't apply a patch that had been available for 6 MONTHS (more than enough time to test)
- admins don't properly protect their servers
Of these, only the first is Microsoft's fault and they are the only ones who fixed their contribution to the problem proactively.
But, since Microsoft has deep pockets and geeks hate them, let's sue them
Time to grab some perspective -- patch and defend your fucking systems, people !!!
Cheers,
JAKD
Uh ... the judge did not say "what was going on wasn't illegal" ...
The judgement said that the P2P mechanisms themselves weren't illegal ... the unauthorized sharing of copyrighted works is clearly illegal -- it's just not Kazaa's fault.
Dell is not about technical creativity -- they build inexpensive machines that most people can use and get them out the door quickly.
End Of Story.
People end up paying for their machines before Dell has to pay for the components -- a nice way to finance things.
They're going to put out a solid (?) WinPDA and price folks out of the market as only they can.
Don't go looking for a revolution -- you'll just be disappointed.
Cheers,
JAKD
Easily enough done by jacking up the bitrate -- like MPEG-2 at 9.8Mbit/s (e.g highest quality possible under DVD).
Alternatively, you can twiddle and tweak with compression settings (depending on your encoder), but I've given that up in favour of just making larger files and abandoning VCD.
You mean VCD standard MPEG, right (eg. MPEG-1, 352x240, 140 KB/sec) ?
It's the bitrate that's your problem there not the codec (althought there are nicer codecs out there than MPEG-1).
Someone else has already said that this is finally a topic that they can contribute to, but I've been generating a nice, low-lying, thick and clingy fog for my "haunted yard" for the past 8 years.
...
... pass the fog through a cooler of wet ice (some cooling, but significant humidification), THEN pass it through an aluminum duct (flexible dryer ducting works best) full (to half-height) of dry ice (that's chilling) ... solves all of the world's fog problems.
The "classic" fog chiller, using coolers, fans and regular ice is a good start, but misses the key points for cold environments.
In order to make a thick, low-lying fog using a cheap fog machine, you need to do two things (particularly here in Canada, where we often get Halloween close to freezing):
1) Humidify the fog (often forgotten)
2) Cool the fog below the ambient temperature
The classic technique accomplishes both of these by passing the fog through a cooler of "wet" ice. As my friends in New England and Minnesota know, this don't do squat when the ambient temperature is around freezing
So
But, remember:
1) Don't cuddle with the dry ice
2) Don't use any of this to cool a processor
"I know most of you are going to say that it's a Microsoft ploy to get a list of addresses of mod chippers, but that's a little farfetched even by MS standards." Tell that to the masses of DTV hackers receiving letters from DirecTV lawyers where the only possible record of their identities are orders/mailing lists from distributors ....
Cheers.
... is that people dismiss the injection attack because they think there are too many unknowns.
... (depending, of course, on the security context).
...
You can tell pretty quickly if the machine is going to be vulnerable (e.g. if you can execute arbitrary SQL commands), and, if it is, it is rather easy to determine if there are quick exploits available.
If you consider only "query injection", where you need to know something about the data, then *some* work is required (so you *may* have a point).
If, however, you look at "procedure injection", you can do some particularly nasty things if you can get to, say, xp_cmdshell
Or, if you know that an input field will be placed into the HTML stream without proper supervision, just put in a nifty SSI or a scripted nasty.
These things may not always work, but it is pretty quick work to determine whether or not they will
Cheers,
JAKD
OK -- I thought that the /Gb excess charge was a little high.
I download backups from my web server to a backup server in my home and will definitely cross the 5Gb limit.
Then, I read the rest of the Sympatico e-mail and found that, for _C_$69.95, I'll get 10Gb AND get faster speeds (3Mb down, 640k up) ... this is not an unreasonable price for this service ...
Cheers,
JAKD
I am sitting here shaking my Canadian head in complete disbelief that my American neighbours can't seem to remember that same stupidity that gives rise to [blood]'s commentary ruined the lives of countless good and patriotic Americans during the McCarthy nonsense ...
I only studied one year of detailed American history (lived in Chicago for a year) and even my (2-year old) kids can see that [blood] is obviously an idiot with no sense of history and absolutely no understanding of where his "freedom" comes from.
Don't give in to the fear -- you will surrender more than you can possible gain.
Look isn't accepting any new application for HS wireless.
...
5/1 Gb from Telus is pretty weak, but the connect speeds look appealing (compared to Bell's service in Toronto).
Of course, you have to wonder if it will ever happen