from the article: But they are sold with no security measures, and protecting a wireless network from hackers takes more knowledge than what network installation guides typically offer.
Every access point I've ever setup had simple instructions for enabling WEP. Granted, WEP isn't the end-all of wireless security, but I'll bet that the the SS's definition of "secure" and "not secure" is equivilent to "wep" or "no wep". Granted, most of the networks I see wardriving (airboxing!) have a default ssid like "linksys" or "WLAN", so I guess a lot of users probably never even attempt to configure their AP. But it certainly doesn't require "more knowledge than network installation guides typically offer".
The supposedly deceptive letter linked doesn't seem too deceptive to me. To quote:
So why not upgrade your Certificate with Comodo and join our many customers, including the US Government and some of the world's largest organisations.
This is obnoxious spam, but it's not nearly as bad as it's being made to sound.
You're supposed to be able to bring a proof of purchase into an apple retailer and get a 10.1 cd. We tried every Compusa in the area and even a ma-and-pop shop that only sells apple, none of them would honour this agreement
Funny... I got my free 10.1 update cd (and printed manual!) from compusa without showing a proof of purchase or anything.
Hmmm, Yahoo offers a free service, then tries to improve that free service in an awkward but cheapo way, no doubt because their lawyers said they were at risk, then we complain because this free service does not work like "for-pay" sites (if this sentence was too complex for you, try reading something more complex than the funny pages).
This has absolutely nothing to do with the service being free. The problem they're trying to solve applies to any web-based email, and their fix applies the same to paid accounts as free ones. You say you're tired of hearing whining about (...)? Well, I'm tired of hearing whining from people like you who don't understand what they're talking about.
You can avoid being photographed by taking the bus or riding a bike, which will be more efficient/safer anyway once the tolls are in place. We should be more worried about phone-tapping and email surveillance than about monitoring car registration plates.
(1) I shouldn't have to give up the considerable comfort of my car just to keep the government from tracking my movements.
(2) Think not using your car keeps you safe? This is just the begining. Face recognition technology is already being used, and could soon be used on as large a scale. There are already enough cameras in london that it's impossible to go about your day without being filmed.
The ammount profiles the government can build on someone with this tech are staggering. Going to the wrong kind of bar? They'll know. Attending a political rally? They'll know.
Comparing this to a electronic toll highway (as an earlier poster did) is absurd. Having a given toll checkpoint where people pay is very very different than having an entire region of the city be a "toll area" and having cameras track citizens movements.
Anyone who says they aren't horrified by this is (a) trolling or (b) doesn't realize the full implications. Looking through the highly scored posts in this thread, there are several decent trolls about how "this isn't so bad!". Funny stuff guys. Keep on laughing.
One day our grandkids will ask "what was privacy like?", if the word hasn't been removed from our language by then.
I know that if I make an "account," my name, address, phone number, credit card information, and other private information is stored in a place that puts its privacy at risk, either by being hacked or by (more likely) it being sold to other parties.... I will not touch their service, because I absolutely refuse to have my credit card number in the hands of a third-party company that, according to its contract, has the authority to manipulate it as they wish.
Do you not realize that leaving your creditcard in 3rd party systems is inevitable? Where on earth can you use a creditcard and not have it left behind? The gas station? Resturants? Mail/Phone order? Seriously, anyone who accepts creditcard payments is going to keep records. And if they don't, their creditcard processing company does. And Paypal couldn't provide the service they do without keeping your creditcard on file.
Your paranoia is healthy, but I think you've taken it a little too far. Basically, you need to remember that (a) creditcards expire for a reason, and (b) you should watch your creditcard statements like a hawk and make sure you don't get fucked.
Creditcard fraud is very very very common. Know who gets fucked? Not the card holder! Most people think it's the creditcard company (and many credit card fraud-ers probably think that makes what they're doing OK). In reality, 9 times out of 10 it's the vendor that eats it. Creditcard fraud never fucks the cardholder if the cardholder is smart.
Changing the subject slightly, my biggest worry about the paypal-getting-bought-by-ebay thing is passport. Ebay currently offers passport as an optional way to login. I don't use it; my old ebay account works just dandy. But paypal, passport, and ebay all have something in common: They all use email addresses for loginnames. (yes, you can change your name on ebay, but you can also still login with your complete email address in the name field.) I could easily imagine a day when paypal and ebay both required you setup a passport account under the same email address you've already got on file with them. Or, worse yet, if you've already made the mistake of using the same email address with MSN Messenger or something, it could very well coordinate and combine them without even asking you. (makes me glad i've never given microsoft my "real" email address I use for paypal and ebay and the like).
I really wish ebay didn't use passport. I'd feel a lot better about the paypal thing if they dropped passport.
I was merely sugesting that a company that sells hardware and software for running servers might use their own products for their own server. Yes, it could be running WebObjects on solaris. It should be running MacOS X Server though, and I bet it will be soon.
The only real work around is to know what you're installing. Download from what you believe to be the correct source, always look for a public verification key and then install it.
1. I believe swscan.apple.com to be the correct source. The point is, that could be made to resolve to a different, hostile, IP address.
2. A public verification key? From apple? See, thats the problem. They don't do that currently. When they start to, they'll probably build it into the software update system, like they should have in the first place.
An interesting sidenote: I've been sniffing some SU traffic after reading all this, and noticed some interesting HTTP headers:
Looks like Apple doesn't practice what they preach in terms of server software.:) And wtf is that NetApp cache bullshit? Does everyone see that, or am I being transparently proxied somewhere?! OK, just checked some other stuff, the NetApp cache header is only present on my SoftwareUpdate connections. Something on apple's end? Does everybody see this?
(fwiw i'm using the incredibly simple tcpflow to watch my tcp traffic. ethereal is cooler, and lets me see non-tcp traffic too, but the current mac (fink) version has a very high suck factor. Sometimes ICMP packets don't show up, streams can almost never be reconstructed entirely, etc etc. Moving capture files off the mac over to a linux or bsd box for analysis is the only way I can seem to use ethereal for much of anything.)
then why didn't the MPAA go after CNN and the other sites that posted links to DeCSS on their web sites?
I think the original poster is saying that 2600 brought it on themself by not removing the links when they were first asked to. Lots of people got Cease and Desist letters; most complied. Surely, if CNN got one, they would have taken down the link (and they may well have).
The free-speech issue here is two-fold, however. It's one thing to argue about if DeCSS itself is protected speech (I certainly think source code is speech), but it's another thing entirely to argue about hyperlinks. If I published a book in Mexico, but the American government deemed it ilegal, would it also be ilegal to tell people where there are bookstores in Mexico? Thats essentially what restricting hyperlinks is doing. Not just restricting information, but restricting pointers to information.
So... Why hasn't google received a cease and desist yet?
And, doesn't this comment make slashdot.org a violator of the DMCA?!! (assuming the.zip file linked at the bottom of the page linked from that comment is actually DeCSS)
I am an end user but I guess its possible. Just like aol.com rotates ftp.netscape.com to different machines, there is a software for it.
A software? Like BIND maybe?:)
The DNS explanation makes the most sense (of why sometimes you get a good copy and sometimes not). Seems like modifying the ftpd running to spit out different files for different people would be more trouble than it's worth... A simple DNS exploit would get the same job done.
It's a shame that the detailed analysis on security focus, which includes using different useragents and IP's, doesn't include a simple "host ftp.bitchx.org" for each... Thats most likely where the money's at.
Currently: $ host www.bitchx.com Host not found.
$ host www.bitchx.org Host not found.
$ host ftp.bitchx.org Host not found.
$ host ftp.bitchx.com ftp.bitchx.com is a nickname for ftp.cyberpunkz.org ftp.cyberpunkz.org has address 198.174.169.125
(tried from several boxes with different isp's and nameservers; same results every time)
And, an example of what the parent poster was talking about: $ host ads.web.aol.com ads.web.aol.com. has address 64.12.184.121 ads.web.aol.com. has address 64.12.174.153 ads.web.aol.com. has address 64.12.174.185 ads.web.aol.com. has address 152.163.226.25 ads.web.aol.com. has address 152.163.226.89 ads.web.aol.com. has address 152.163.226.57 ads.web.aol.com. has address 152.163.226.121 ads.web.aol.com. has address 152.163.226.153 ads.web.aol.com. has address 152.163.226.185 ads.web.aol.com. has address 205.188.165.57 ads.web.aol.com. has address 205.188.165.121 ads.web.aol.com. has address 205.188.165.185 ads.web.aol.com. has address 205.188.165.249 ads.web.aol.com. has address 64.12.184.57 ads.web.aol.com. has address 64.12.184.25 ads.web.aol.com. has address 64.12.184.89
Aren't we all paying a media tax on blank CD's purchased? Even if you don't use the CD's for anything, you're still giving the record industry money for a crime you didn't commit (yet).
Or - worse still - if you copy your own music, or your friend's music, on those cds your still paying money to the cartel that represents the music you don't even like. Not to mention, what about all the cds used for burning data?
Hey! Thats not fair!
Re:I went and was minority report a few days ago
on
Minority Report
·
· Score: 1
Well, the actual encounter in the hotel room unfolds quite differently than the one in the vision, so it would seem quite likely that he took another path to get there. BUT, Agatha is there in the vision too, so...
Anyone know if this is addressed better in the original story?
Looking at the actual hotel room encounter: If that version had been the one the precogs saw, he wouldn't have needed to run, and things would have been much different...
Seems that the 50s were plauged with congressional fundies making all of the rules. Along with that eisenhower character (great general btw), we nearly had ourselves a fundamentalist government. Scary.
It was because of the Athiest Red Threat. No, seriously!
The court said the 1954 insertion of "under God" was made "to recognize a Supreme Being" and advance religion at a time "when the government was publicly inveighing against atheistic communism" -- a fact, the court said, the federal government did not dispute.
The appeals court noted that when President Dwight D. Eisenhower signed the act adding "under God," he said, "From this day forward, the millions of our school children will daily proclaim in every city and town, every village and rural schoolhouse, the dedication of our Nation and our people to the Almighty." [cnn]
Damn do I feel special. I was complaining about this crappy update hours before it was posted on slashdot!
(complaining because the drag-and-drop install method seems to have gone out of style, and because it sets your homepage to msn, and because i'm real bitter at microsoft for other recent mac fuckups.)
I still havn't installed it though, but if it fixes the spinning-beachball problem I may just break down and go for it.
Sure, thats how some forms of video compression work... I'm not certain, but I doubt DLP movies are compressed much (especially in a lossy format) when they're given to the theatres... I would hope not anyway.
I think it's kind of fun, reading software reviews written by people who don't understand even the most basic computer interface concepts. I mean, File -> Quit has had the same functionality in practically every program for every OS since 1984, if not longer.
Then again, the same review started by noting that Harry Potter is more newsworthy than mozilla - perhaps cnet's technology writers all have the week off?
Ah, but you forget that citizens are only allowed to engage in anti-terrorism activites that have specificaly been approved by Homeland Security Director Tom Ridge!
How much do you want to bet that 45 percent gap is freeware and/or open source?
How much do you want to bet that a study about software piracy conducted by the BSA is about as unbiased as a study about communism conducted by China?
Doing anything with these numbers is silly, we all know it's just a bunch of bullshit.
I recently bought your new cd. I put it in my computer, and it never came out. I had to spend $250 to get my computer repaired. Now I hear this is because your CD contains a corrupted data track designed to keep people from copying it.
I was curious if this actually worked (it prevented me from even playing it!) so I looked online. Your album has indeed been pirated, there are mp3s of it all over the place. In fact, it was only by downloading a copy online I was even able to hear your album at all! (i'm not going to risk putting that cd back in my computer!).
I trust that you will send me the $250 that your disc cost me, plus the few cents your record company gave you from the sale of it (what do you get? like 2% of that $18?). You can paypal the money to this email address. If it would be eaiser for you to send a check, just let me know and I'll send you my address.
since my modem is capped anyway, how am I using any more than my alloted share anyways?
Obviously, they are redefining what your alloted share is. Also, it will no longer be unlimited, and I'm sure they'll have to change their TOS and adverts to reflect this.
I'd like to just say "If you don't like it, cancel your service", but unfortunately for many this is probably the only broadband option. Sucks.
Slashdot Mirror
from the article: But they are sold with no security measures, and protecting a wireless network from hackers takes more knowledge than what network installation guides typically offer.
Every access point I've ever setup had simple instructions for enabling WEP. Granted, WEP isn't the end-all of wireless security, but I'll bet that the the SS's definition of "secure" and "not secure" is equivilent to "wep" or "no wep". Granted, most of the networks I see wardriving (airboxing!) have a default ssid like "linksys" or "WLAN", so I guess a lot of users probably never even attempt to configure their AP. But it certainly doesn't require "more knowledge than network installation guides typically offer".
Why should I care if the SS does it :)
Because your tax dollars paid for a can of pringles! Where's your outrage, damnit?!
You're supposed to be able to bring a proof of purchase into an apple retailer and get a 10.1 cd. We tried every Compusa in the area and even a ma-and-pop shop that only sells apple, none of them would honour this agreement
Funny... I got my free 10.1 update cd (and printed manual!) from compusa without showing a proof of purchase or anything.
Hmmm, Yahoo offers a free service, then tries to improve that free service in an awkward but cheapo way, no doubt because their lawyers said they were at risk, then we complain because this free service does not work like "for-pay" sites (if this sentence was too complex for you, try reading something more complex than the funny pages).
This has absolutely nothing to do with the service being free. The problem they're trying to solve applies to any web-based email, and their fix applies the same to paid accounts as free ones. You say you're tired of hearing whining about (...)? Well, I'm tired of hearing whining from people like you who don't understand what they're talking about.
You can avoid being photographed by taking the bus or riding a bike, which will be more efficient/safer anyway once the tolls are in place. We should be more worried about phone-tapping and email surveillance than about monitoring car registration plates.
(1) I shouldn't have to give up the considerable comfort of my car just to keep the government from tracking my movements.
(2) Think not using your car keeps you safe? This is just the begining. Face recognition technology is already being used, and could soon be used on as large a scale. There are already enough cameras in london that it's impossible to go about your day without being filmed.
The ammount profiles the government can build on someone with this tech are staggering. Going to the wrong kind of bar? They'll know. Attending a political rally? They'll know.
Comparing this to a electronic toll highway (as an earlier poster did) is absurd. Having a given toll checkpoint where people pay is very very different than having an entire region of the city be a "toll area" and having cameras track citizens movements.
Anyone who says they aren't horrified by this is (a) trolling or (b) doesn't realize the full implications. Looking through the highly scored posts in this thread, there are several decent trolls about how "this isn't so bad!". Funny stuff guys. Keep on laughing.
One day our grandkids will ask "what was privacy like?", if the word hasn't been removed from our language by then.
Your paranoia is healthy, but I think you've taken it a little too far. Basically, you need to remember that (a) creditcards expire for a reason, and (b) you should watch your creditcard statements like a hawk and make sure you don't get fucked.
Creditcard fraud is very very very common. Know who gets fucked? Not the card holder! Most people think it's the creditcard company (and many credit card fraud-ers probably think that makes what they're doing OK). In reality, 9 times out of 10 it's the vendor that eats it. Creditcard fraud never fucks the cardholder if the cardholder is smart.
Changing the subject slightly, my biggest worry about the paypal-getting-bought-by-ebay thing is passport. Ebay currently offers passport as an optional way to login. I don't use it; my old ebay account works just dandy. But paypal, passport, and ebay all have something in common: They all use email addresses for loginnames. (yes, you can change your name on ebay, but you can also still login with your complete email address in the name field.) I could easily imagine a day when paypal and ebay both required you setup a passport account under the same email address you've already got on file with them. Or, worse yet, if you've already made the mistake of using the same email address with MSN Messenger or something, it could very well coordinate and combine them without even asking you. (makes me glad i've never given microsoft my "real" email address I use for paypal and ebay and the like).
I really wish ebay didn't use passport. I'd feel a lot better about the paypal thing if they dropped passport.
I was merely sugesting that a company that sells hardware and software for running servers might use their own products for their own server. Yes, it could be running WebObjects on solaris. It should be running MacOS X Server though, and I bet it will be soon.
1. I believe swscan.apple.com to be the correct source. The point is, that could be made to resolve to a different, hostile, IP address.
2. A public verification key? From apple? See, thats the problem. They don't do that currently. When they start to, they'll probably build it into the software update system, like they should have in the first place.
An interesting sidenote: I've been sniffing some SU traffic after reading all this, and noticed some interesting HTTP headers: Looks like Apple doesn't practice what they preach in terms of server software.
And wtf is that NetApp cache bullshit? Does everyone see that, or am I being transparently proxied somewhere?! OK, just checked some other stuff, the NetApp cache header is only present on my SoftwareUpdate connections. Something on apple's end? Does everybody see this?
(fwiw i'm using the incredibly simple tcpflow to watch my tcp traffic. ethereal is cooler, and lets me see non-tcp traffic too, but the current mac (fink) version has a very high suck factor. Sometimes ICMP packets don't show up, streams can almost never be reconstructed entirely, etc etc. Moving capture files off the mac over to a linux or bsd box for analysis is the only way I can seem to use ethereal for much of anything.)
then why didn't the MPAA go after CNN and the other sites that posted links to DeCSS on their web sites?
.zip file linked at the bottom of the page linked from that comment is actually DeCSS)
I think the original poster is saying that 2600 brought it on themself by not removing the links when they were first asked to. Lots of people got Cease and Desist letters; most complied. Surely, if CNN got one, they would have taken down the link (and they may well have).
The free-speech issue here is two-fold, however. It's one thing to argue about if DeCSS itself is protected speech (I certainly think source code is speech), but it's another thing entirely to argue about hyperlinks. If I published a book in Mexico, but the American government deemed it ilegal, would it also be ilegal to tell people where there are bookstores in Mexico? Thats essentially what restricting hyperlinks is doing. Not just restricting information, but restricting pointers to information.
So... Why hasn't google received a cease and desist yet?
And, doesn't this comment make slashdot.org a violator of the DMCA?!! (assuming the
I am an end user but I guess its possible. Just like aol.com rotates ftp.netscape.com to different machines, there is a software for it.
:)
A software? Like BIND maybe?
The DNS explanation makes the most sense (of why sometimes you get a good copy and sometimes not). Seems like modifying the ftpd running to spit out different files for different people would be more trouble than it's worth... A simple DNS exploit would get the same job done.
It's a shame that the detailed analysis on security focus, which includes using different useragents and IP's, doesn't include a simple "host ftp.bitchx.org" for each... Thats most likely where the money's at.
Currently:
$ host www.bitchx.com
Host not found.
$ host www.bitchx.org
Host not found.
$ host ftp.bitchx.org
Host not found.
$ host ftp.bitchx.com
ftp.bitchx.com is a nickname for ftp.cyberpunkz.org
ftp.cyberpunkz.org has address 198.174.169.125
(tried from several boxes with different isp's and nameservers; same results every time)
And, an example of what the parent poster was talking about:
$ host ads.web.aol.com
ads.web.aol.com. has address 64.12.184.121
ads.web.aol.com. has address 64.12.174.153
ads.web.aol.com. has address 64.12.174.185
ads.web.aol.com. has address 152.163.226.25
ads.web.aol.com. has address 152.163.226.89
ads.web.aol.com. has address 152.163.226.57
ads.web.aol.com. has address 152.163.226.121
ads.web.aol.com. has address 152.163.226.153
ads.web.aol.com. has address 152.163.226.185
ads.web.aol.com. has address 205.188.165.57
ads.web.aol.com. has address 205.188.165.121
ads.web.aol.com. has address 205.188.165.185
ads.web.aol.com. has address 205.188.165.249
ads.web.aol.com. has address 64.12.184.57
ads.web.aol.com. has address 64.12.184.25
ads.web.aol.com. has address 64.12.184.89
Aren't we all paying a media tax on blank CD's purchased? Even if you don't use the CD's for anything, you're still giving the record industry money for a crime you didn't commit (yet).
Or - worse still - if you copy your own music, or your friend's music, on those cds your still paying money to the cartel that represents the music you don't even like. Not to mention, what about all the cds used for burning data?
Hey! Thats not fair!
Well, the actual encounter in the hotel room unfolds quite differently than the one in the vision, so it would seem quite likely that he took another path to get there. BUT, Agatha is there in the vision too, so...
Anyone know if this is addressed better in the original story?
Looking at the actual hotel room encounter: If that version had been the one the precogs saw, he wouldn't have needed to run, and things would have been much different...
Gotta love temporal mechanics. =)
No, seriously!
Damn do I feel special.
I was complaining about this crappy update hours before it was posted on slashdot!
(complaining because the drag-and-drop install method seems to have gone out of style, and because it sets your homepage to msn, and because i'm real bitter at microsoft for other recent mac fuckups.)
I still havn't installed it though, but if it fixes the spinning-beachball problem I may just break down and go for it.
Sure, thats how some forms of video compression work... I'm not certain, but I doubt DLP movies are compressed much (especially in a lossy format) when they're given to the theatres... I would hope not anyway.
I think it's kind of fun, reading software reviews written by people who don't understand even the most basic computer interface concepts. I mean, File -> Quit has had the same functionality in practically every program for every OS since 1984, if not longer.
Then again, the same review started by noting that Harry Potter is more newsworthy than mozilla - perhaps cnet's technology writers all have the week off?
Ah, but you forget that citizens are only allowed to engage in anti-terrorism activites that have specificaly been approved by Homeland Security Director Tom Ridge!
yeah, america actually fits the analogy better I suppose :)
How much do you want to bet that 45 percent gap is freeware and/or open source?
How much do you want to bet that a study about software piracy conducted by the BSA is about as unbiased as a study about communism conducted by China?
Doing anything with these numbers is silly, we all know it's just a bunch of bullshit.
Actually, I think discussing the terrorist technology in a public forum is probably terrorism too.
Watch out.
since my modem is capped anyway, how am I using any more than my alloted share anyways?
Obviously, they are redefining what your alloted share is.
Also, it will no longer be unlimited, and I'm sure they'll have to change their TOS and adverts to reflect this.
I'd like to just say "If you don't like it, cancel your service", but unfortunately for many this is probably the only broadband option. Sucks.
What makes you think that at some point in the next 10 years computers will lose the ability to play mp3s?