To be honest, I always thought that L-indows was trying to cash in on the W-indows name anyway, rather than trying to do any good to the open source community or name. See, I do not care which camp you belong to (Linux or Windows), if your intentions are driven by $$ rather than pure passion for advancement and innovation then you're all the same in my eyes.
Mitnick has already taken advantage.. that's why he went to prison. WHy take advice from a loser that got caught?
Is he a loser because he got caught, or because he did what he did? I wasn't suggesting he should take advantage by starting to hack again, I was suggesting he should take advantage of the situation to get the message out there.....a lot more people might be willing to listen
His biggest *break-ins* were physically walking into a computer room. Nowadays that is the least talked about security issue. Mitnick does a lot of educating on the topic but a lot of people called him *old fashion*. Well there you go, it happened, and to none other than WSIS. I think you should check those locks on your server rooms again.
or why would it be a bad thing for a company (my company is going full VOIP next week) -VOIP is proving to be very expensive to setup
-VIOP requires T1 (and up) lines if you want any decent voice quality and be able to handle a decent amount of load
-You are only as good as your Internet line is:)(as it is proving to be with our company on the test phase, the lines are proving to be *flaky* and we cannot afford to have the internet down under any circumstances now, because we need to be on the phones all the time.).
-We have to connect two offices together, so now we need to purchase very expensive Hardware, and setup pretty complicated VPNs (etc..) to make VIOP work between our offices
- Everyone seems to be incompetent when it comes to guaranteeing anything. They're all doing this for the first time.
- I am an enthusiast when it comes to technology, but as IT manager I voted against VOIP for now, since my research showed that the bottom line cost would be high, and it's too early for a company to rely 100% on a new technology such as VIOP (especially when your primary business is being on the phone with customers all day)
- To be honest, when I did the calculation of the total monthly cost for everything it came to be pretty astronomical. My decision was *overwritten* with that of the CEOs
- When we have it all setup, look for our company's name on Fuckedcompany. I'll be posting it up there
Cheers.
Well, if the *whacker* can intercept the WiFi channel and get into the network then I doubt this browser vulnerability will matter much, since he'll use more sophisticated tools to collect your info. Any site that has an option for you to sign in with sensitive info, usually uses two things: Certificate from a certified authority and an SSL server, so it is not an *easy* task to just use the fake URL trick. Honestly I see this as a small problem (although a problem so it should be fixed). To really make this exploit really work there would be two main options:
1) email
2) site hijacking
Someone would have to create a virus that spreads through the email and sends you a link to the *malicious* site with the FAKE URL showing and ask you to enter some personal info and steal that, but then that site would have to look like the original site, and a lot of people are already suspicious about entering personal info on sites, so it wouldn't do very well, not to mention SSL, certificates and warnings from so many different channels: news, emails, IT departments, friends, family etc... So in the end you'll have a small percentage of victims probbably, that would have been victimised one way or another anyway.
Or someone hacks a site and redirects to to the malicious site using the URL vulnerability to redirect you to the malicious site. That would be more dangerous, but if they manage to hack a site then either it will be detected and shut down right away, or they already have gotten to the database with allt he personal info already, so it's too late.
damn. there's another square character in front of %00 which I guess I cannot post, that's why it doesn't work. The best way to test it is to go to
Secunia then view the code for the page on Notepad and copy and paste the URL exactly as they have it
copy and past this and let us know please. It worked on my Win2Kmachine.
http://www.microsoft.com%00@dev.secunia.com/intern et_explorer_address_bar_spoofing_test_2_link/
This news is a bit biased, but that's ok, after all we're talking about MS here. it's funny because I patched my XP last night with that same exact patch. I was worried for a moment since I knew it wasn't *that time of the month* yet for the patch, but after reading the description and the version of the file I decided to do it.
All the article says is:..it is similiar in many ways...but with a difference, it uses a different protocol called WAPI... And that makes it more secure how? Because it is less known? Because it is different? Or is there someone that actually has hard facts that about WAPI being more seucure? To add to that, if there will be a fragmentation, the only thing fragmented here is China itself. Yes, the concern would be if more countries followed in China's path, but so far none have. China so far has not shown to be a consumer market, nor does it seem to turn into one any time soon, so why do we worry that much? Last year US exported to China 1/12 of what it imported. IfChina want to make it harder for themselves and it's own people that's fine, afer all how much worst than living under a communist sytem can it get for those people?
Well I installed the latest Office, and the reason for that was a recent Microsoft developer conference, which pointed out a few things that seemed very interesting and I wanted to try for myself. Anyway, I haven't had a chance to mess around with outlook much but so far I found one feature to be extremely useful: SPAM protection. Without the need for creating rules (and I had about 50 rules with outlook 2000 and growing) this new Outlook is filtering my emails extremely well. I was impressed. I am waiting to see what the catches are (I found one already: PRICE lol).
You know what? I am happy they are finally moving to a new (type of) BIOS. Why is it that we humans, who are supposed to be the smartest species on the planet, fail to comprehend basic necessities? Like CHANGE for example. Why do we resist change so much? Why does the smallest change to even the most simplistic thing always cause so much resistance, FUD? The BIOS (bless its soul) has outlived itself many times over. It is time for it to get a revamp. Everything else has, why not the BIOS? After all, although most people do not pay attention to the black screen with the white letters anymore, it is a crucial part of the computer system. It would be a mistake to categorize this as another *attempt* by MS to *take over the world*. I am glad they are changing it, because the BIOS is indeed an old technology, which it is not necessarily broken, but has long been due for a fix. If a tighter security, and faster boot, better performance and a whole other bunch of problems were solved with a new BIOS then we should not complain but welcome it.
at News.com claimed that the computer's IP address was traced. But how? Unless it was static and the guy didn't know, how would they trace it? If it has a static IP doesn't he need to change the settings to connect to AOL's network? I'm thinking there's something deeper here. Either they suspected him, or FBI has the capability to *find* you if they need to. I've always thought that we lived in a world which I couldn'd find something to compare it to, until THE MATRIX came out. Looks like (the real) agent Smith has prevailed in our world though.
...then I don't have much to say. I love BMWs, and BMW is not dumb to choose something that would not be up to their standards. Unfortunately the notion so many people have that anything associated with the word Microsoft is bad by default is wrong. It's clear that buidling an OS for the car (mostly for personal use in this case, not to control the car's vital functions) is different than building an OS for the desktop, and equally easy to see why. It's a competitive world and some will use Linux, others will use Windows (slimmed). See, you can actually say now that it is a competitive world. I am happy with that.
I tried them both (KDE & Gnome) in the beginning, but somehow KDE was more intuitive, easier to use and navigate and had a better overall UI. But that was with Mandrake 7.0. I recently installed Red Hat with KDE. I didn't like it. What has Red Hat done with it? It's nothing like the KDE on Mandrake. It's very Red Hat *looking*, which I do not like very much. Am I completely wrong or has Red Hat *modified* KDE to look more proprietary (Red Hat like)??
The funny thing is that geeks do not follow the same logic when writing code than when writing english (I haven't many times myself). I am sure an embedded spell checker for grammar inside the compiler would be extremely useful, so when you run your compiler it would also point out your spelling mistakes, but then that raises a whole other array of issues. However unpleasant, as long as I understand what they are trying to say I am fine with it. After all, I have people I work with which I cannot understand 40% of what they are saying, so compared to this little *mistake* it's a by far a much bigger problem.
AM This morning at Google
Dun, you must have some kind of spelling phobia. Dude, just relax. A more appropriate way could be: 2:30AM Today (or 2:30AM Thursday, or this morning at 2:30), but a lot of people do get confused when it comes to that. 2:30AM this morning is not that bad, it actually is easier to understand. Plus you have to understand that slashdot is a site run by geeks, and you know geeks are not the best when it comes to grammar. You have to forgive them sometimes.
Dictionary
But I doubt it very much. I think this is a PR stunt from AMD, who is trying to get more people interested in their 64bit architecture. That's fine, but the prediction seems to be more realistic for AMD than the industry in general. I predict in 6 months AMD will find another excuse to take their claim back
They were contacted by email from a *nigerian* businessman. He purchased about $30,000.00 worth of goods using credit cards. In the beginning the Cards went through, but then they started to decline, and he'd find more credit card numbers. Though this had nothing to do with my IT department, at the executive's meeting before the transaction happened, I did express my concern about the business deal. Being all too familiar with scams and extremely paranoid about security (Systems admin what can I say) I told them that they should look more into the background of these people, whos email addresses ended with @scatepile.com. They laughed it out (literally) saying that they will not ship anything unless the cards went through. They were greedy. To teach them a lesson I opened an account with scatepile.com and pretended I wanted to do business with them. The sales idiot was ready to go. In short, a month later when they were preparing another shipment, I finally convinced the sales guy to check with the bank for one of the Master Cards. Sure enough the card had been reported stolen. The same went for all other cards we were provided with. They stopped the shipment in time. Master Card charged the money back. We, being a small company had to fire people who didn't diserve it to compensate. I also told them about my little test scam with the email. They were all embarrased. Now I have the role of security not only for the IT, but I have to consult them on business transactions and how to detect and prevent scam. That I didn't ask for. I think I should ask for a raise. I thought it would benefit someone (or make someone laugh) knowing how many stupid companies are out there that screw up big time.
One of the questions of one of the graduates was what the candidates were using, Macs or PCs. I think more candidates mentioned PCs with the exception of Lieberman(i think) saying he uses wireless. Right away I thought that was a dumb question though. It also looked like a pre-prepared question from the Mac camp. With all the things going on in america and all the concerns young people have, with a time constraint on the program and all, I thought to myself: how dumb does one have to be to ask such a question? Why is it relevant what they use to work with every day? Why would that be relevant to their points of view and promises they were making? It was simply nothing more than a question meant to fuel the OS flamewars going on on Press/Internet the next day that's all. I question the integrity and purpose of such questions.
I think this is more for fun than to "Obejctify" anything. All you have to do is not take it the wrong way. Plus, you also have to understand that Men do not admire/adore/love/can't live without women because they look at them as "Objects". They do so because it's a natural instinct. I think anything that we attribute to women has nothing to do with "Objectifying" them, but more with showing our appreciation and gratitude for their presence.
What if the system is hacked? Has anyone thought about the implications of that? After all, NASA even has not been immune to hackers. Insane traffic jams or accidents can happen if the satellite control fell into the wrong hands. The idea is good, putting it in practise? I don't think so.
It seems pretty clear what they're doing: They're continuing their everlasting story of "it's impossible to make computers secure, the only possible solution is to catch the criminals exploiting the holes in our software, because we can't close them".
Could be, but it something that everyone knows it won't work. Like fighting the Narcotics in USA. It's a fight that cannot be won, as long as the craving is there. PR buzz is a posibility though.
--Yes there has to be, but it's common sense. Writing code that will cause billions of dollars in damage, devastate the economy and people's lives should be punished, and under the US law it is punished.
I don't agree at all. Writing code that may cause lots of computers to crash is as criminal to me as making a tool that may be used to circumvent an encryption.
--So then if you see nothing wrong with writing viruses, how do you suggest we deal with it? Like I said before, there's a difference between finding and reporting vulnerabilities and creating a virus and releasing its code to the public (as in the Internet public..which stretches from China, to middle east, to americas...to all over the world). Tools for breaking encryption are hazardous if in the wrong hands, but they do not spread and cause 1/2 of the internet to crash.
There are other uses, also to virusses. Programmers can learn a lot from reading the source of a (working) virus.
--So can (malicious) programmers and script kiddies. I'll tell you something, unless my programming is directly involved with security issues I do not need to see the code of any virses. I think certain people should be able to see it but not everyone.
Source code is, like a painting, a creation.
--All right, let's calm down and leave that whole art crap out of the source code thing. When I am given a project, the last thing I want to think about is visualize my source code to be like a painting. Coding is a skill, difficult, dirty, messy, tiring, it can take you to hell and back in less than 5 seconds. I can relate a lot of other things to a painting, but code is far from it.
Free speech is about being allowed to let others know what you think/do/made.
--I know way too well what free speech is. I live in a world where I am free to speak my mind
It is a matter of free speech to be allowed to show a painting in public, even if some people may not like it (for example, because it shows a murder).
--it all depends how you look at free speech. A killer can claim he's free to do whatever he wants, the same can go with someone poosting child pornography pics on an exibition. Where do you draw the line? Although, this still has nothing to do with software and the capitalist business model.
You might want to read up on communism.
--Now I feel offended...very deeply. I've read on communism...way too much...I had to...or else I would have ended up in jail.
Marx didn't say free speech should be forbidden.
--Thanks for comming out. Let this be the last time you lecture me on what Marx said, and if I should read on communism. You see, when you are born in a country where freedom doesn't exist, it's very difficult to accept positive comments about communism from people that didn't live it, because when they tell you things like you just did, they look so silly you have no idea. You've read Marx. I've read Marx 100 times over, and lived the practising of his theory. I am sorry to tell you that YOU KNOW NOTHING ABOUT COMMUNISM. So stay on track and talk about software only.
The fact that in soviet Russia people didn't have free speech doesn't mean it is impossible in a communist country.
--Yes. My parents wanted free speech. I will not tell you what happened to them, but they suffered enough for that all their lives.
You may come from a communist country, but free speech has nothing to do with money.
--So then why are we mixing it with software and business? My point exactly. I think *free speech*
Is the writer the responsible party or is the person who deploys the virus?
--The writer would also be the deployer. If I write something I'd have to give it to someone else to start the damage. You'd want to search for a *second in command* though. They should be held responsible the same way. What if I make a spreading virus that works with a known flaw in a MS product. I post this virus and code to say Bugtraq, IRC, or here on/. How can I be prosecuted?
--Why would you make a working VIRUS in the first place? If you discover the flaw, the first and safest thing to do (if your intentions are indeed good) would be to submit it to Microsoft, then Bugtraq or an Anti-Virus company. I'd never make my code public.
I wrote some code but did not use it or set it free on a network. You could take this to extremes on either side. What if I give code examples?
--Give code examples to who is the question? Do you put them on public boards? Then you are indeed asking for a bounty to be put on your head. Why is it so hard to understand? If your intentions are good, when you discover a flwa, there's many ways to contact the right people and protect computer users. If your intentions are malicious, then you'll come up with excuses. What if I only documented HOW to write code to exploit an existing hole? What if I only describe the hole?
--again as I said, you discover the hole it takes 5 minutes to contact the right people to *close* the hole. Depending on how deep the hole goes of course. I can make a machine gun and provide you with plans for a machine gun but unless I use it to kill people, I did nothing wrong.
--See, you are making excuses, on favor of the virus writer..which tells me that if you have the ability to write code or find an exploit, I would not trust you for one second. You don't have to use it yourself. If people are using your invention to kill people then you should be held accountable. You knew what your invention would do. Why would you give it to those that would use it with no mercy in the first place? Seems to me that the prosecutors and MS are trying to hang someone as an example but that is a very fine line.
Yes they are lookign to make an example out of this, but I think the rabbit hole goes deeper. I think MS knows something we do not, and hopefully we'll be able to find out what it is. There has been worst viruses in Windows history..why this particular virus? Why now? I think we'll all be surprised in the end when all of this is over. Is there a law that clearly states that you can not knowingly write code that may cause millions of computers to crash?
--Yes there has to be, but it's common sense. Writing code that will cause billions of dollars in damage, devastate the economy and people's lives should be punished, and under the US law it is punished. I know this is a touchy subject but I view this software as free speech
--I do not understand? How can software be the same as free speech? They have nothing in common. Free speech is a term and in theory we do not have companies creating *free speech*, it's part of a system (like free speech is not part of the communist system). Business and free speech rules are so different, how can you see them as being the same or compare them? I do not understand (or never had) how *free speech* applies to software. Having come from a communist country I fully understand what *free speech* is, but even the communists paid for software.
Slashdot Mirror
To be honest, I always thought that L-indows was trying to cash in on the W-indows name anyway, rather than trying to do any good to the open source community or name. See, I do not care which camp you belong to (Linux or Windows), if your intentions are driven by $$ rather than pure passion for advancement and innovation then you're all the same in my eyes.
Mitnick has already taken advantage.. that's why he went to prison. WHy take advice from a loser that got caught?
Is he a loser because he got caught, or because he did what he did? I wasn't suggesting he should take advantage by starting to hack again, I was suggesting he should take advantage of the situation to get the message out there.....a lot more people might be willing to listen
His biggest *break-ins* were physically walking into a computer room. Nowadays that is the least talked about security issue. Mitnick does a lot of educating on the topic but a lot of people called him *old fashion*. Well there you go, it happened, and to none other than WSIS. I think you should check those locks on your server rooms again.
or why would it be a bad thing for a company (my company is going full VOIP next week) :)(as it is proving to be with our company on the test phase, the lines are proving to be *flaky* and we cannot afford to have the internet down under any circumstances now, because we need to be on the phones all the time.).
-VOIP is proving to be very expensive to setup
-VIOP requires T1 (and up) lines if you want any decent voice quality and be able to handle a decent amount of load
-You are only as good as your Internet line is
-We have to connect two offices together, so now we need to purchase very expensive Hardware, and setup pretty complicated VPNs (etc..) to make VIOP work between our offices
- Everyone seems to be incompetent when it comes to guaranteeing anything. They're all doing this for the first time.
- I am an enthusiast when it comes to technology, but as IT manager I voted against VOIP for now, since my research showed that the bottom line cost would be high, and it's too early for a company to rely 100% on a new technology such as VIOP (especially when your primary business is being on the phone with customers all day)
- To be honest, when I did the calculation of the total monthly cost for everything it came to be pretty astronomical. My decision was *overwritten* with that of the CEOs
- When we have it all setup, look for our company's name on Fuckedcompany. I'll be posting it up there Cheers.
Well, if the *whacker* can intercept the WiFi channel and get into the network then I doubt this browser vulnerability will matter much, since he'll use more sophisticated tools to collect your info. Any site that has an option for you to sign in with sensitive info, usually uses two things: Certificate from a certified authority and an SSL server, so it is not an *easy* task to just use the fake URL trick. Honestly I see this as a small problem (although a problem so it should be fixed). To really make this exploit really work there would be two main options:
1) email
2) site hijacking
Someone would have to create a virus that spreads through the email and sends you a link to the *malicious* site with the FAKE URL showing and ask you to enter some personal info and steal that, but then that site would have to look like the original site, and a lot of people are already suspicious about entering personal info on sites, so it wouldn't do very well, not to mention SSL, certificates and warnings from so many different channels: news, emails, IT departments, friends, family etc... So in the end you'll have a small percentage of victims probbably, that would have been victimised one way or another anyway.
Or someone hacks a site and redirects to to the malicious site using the URL vulnerability to redirect you to the malicious site. That would be more dangerous, but if they manage to hack a site then either it will be detected and shut down right away, or they already have gotten to the database with allt he personal info already, so it's too late.
damn. there's another square character in front of %00 which I guess I cannot post, that's why it doesn't work. The best way to test it is to go to Secunia then view the code for the page on Notepad and copy and paste the URL exactly as they have it
copy and past this and let us know please. It worked on my Win2Kmachine. http://www.microsoft.com%00@dev.secunia.com/intern et_explorer_address_bar_spoofing_test_2_link/
This news is a bit biased, but that's ok, after all we're talking about MS here. it's funny because I patched my XP last night with that same exact patch. I was worried for a moment since I knew it wasn't *that time of the month* yet for the patch, but after reading the description and the version of the file I decided to do it.
All the article says is: ..it is similiar in many ways...but with a difference, it uses a different protocol called WAPI... And that makes it more secure how? Because it is less known? Because it is different? Or is there someone that actually has hard facts that about WAPI being more seucure? To add to that, if there will be a fragmentation, the only thing fragmented here is China itself. Yes, the concern would be if more countries followed in China's path, but so far none have. China so far has not shown to be a consumer market, nor does it seem to turn into one any time soon, so why do we worry that much? Last year US exported to China 1/12 of what it imported. IfChina want to make it harder for themselves and it's own people that's fine, afer all how much worst than living under a communist sytem can it get for those people?
As far as I know MS uses Bayesian filtering in Outlook 2003. I might be wrong, but I read that somewhere.
Well I installed the latest Office, and the reason for that was a recent Microsoft developer conference, which pointed out a few things that seemed very interesting and I wanted to try for myself. Anyway, I haven't had a chance to mess around with outlook much but so far I found one feature to be extremely useful: SPAM protection. Without the need for creating rules (and I had about 50 rules with outlook 2000 and growing) this new Outlook is filtering my emails extremely well. I was impressed. I am waiting to see what the catches are (I found one already: PRICE lol).
why the hell did they encrypt the text?
You know what? I am happy they are finally moving to a new (type of) BIOS. Why is it that we humans, who are supposed to be the smartest species on the planet, fail to comprehend basic necessities? Like CHANGE for example. Why do we resist change so much? Why does the smallest change to even the most simplistic thing always cause so much resistance, FUD? The BIOS (bless its soul) has outlived itself many times over. It is time for it to get a revamp. Everything else has, why not the BIOS? After all, although most people do not pay attention to the black screen with the white letters anymore, it is a crucial part of the computer system. It would be a mistake to categorize this as another *attempt* by MS to *take over the world*. I am glad they are changing it, because the BIOS is indeed an old technology, which it is not necessarily broken, but has long been due for a fix. If a tighter security, and faster boot, better performance and a whole other bunch of problems were solved with a new BIOS then we should not complain but welcome it.
at News.com claimed that the computer's IP address was traced. But how? Unless it was static and the guy didn't know, how would they trace it? If it has a static IP doesn't he need to change the settings to connect to AOL's network? I'm thinking there's something deeper here. Either they suspected him, or FBI has the capability to *find* you if they need to. I've always thought that we lived in a world which I couldn'd find something to compare it to, until THE MATRIX came out. Looks like (the real) agent Smith has prevailed in our world though.
...then I don't have much to say. I love BMWs, and BMW is not dumb to choose something that would not be up to their standards. Unfortunately the notion so many people have that anything associated with the word Microsoft is bad by default is wrong. It's clear that buidling an OS for the car (mostly for personal use in this case, not to control the car's vital functions) is different than building an OS for the desktop, and equally easy to see why. It's a competitive world and some will use Linux, others will use Windows (slimmed). See, you can actually say now that it is a competitive world. I am happy with that.
I tried them both (KDE & Gnome) in the beginning, but somehow KDE was more intuitive, easier to use and navigate and had a better overall UI. But that was with Mandrake 7.0. I recently installed Red Hat with KDE. I didn't like it. What has Red Hat done with it? It's nothing like the KDE on Mandrake. It's very Red Hat *looking*, which I do not like very much. Am I completely wrong or has Red Hat *modified* KDE to look more proprietary (Red Hat like)??
The funny thing is that geeks do not follow the same logic when writing code than when writing english (I haven't many times myself). I am sure an embedded spell checker for grammar inside the compiler would be extremely useful, so when you run your compiler it would also point out your spelling mistakes, but then that raises a whole other array of issues. However unpleasant, as long as I understand what they are trying to say I am fine with it. After all, I have people I work with which I cannot understand 40% of what they are saying, so compared to this little *mistake* it's a by far a much bigger problem. AM This morning at Google
Dun, you must have some kind of spelling phobia. Dude, just relax. A more appropriate way could be: 2:30AM Today (or 2:30AM Thursday, or this morning at 2:30), but a lot of people do get confused when it comes to that. 2:30AM this morning is not that bad, it actually is easier to understand. Plus you have to understand that slashdot is a site run by geeks, and you know geeks are not the best when it comes to grammar. You have to forgive them sometimes. Dictionary
But I doubt it very much. I think this is a PR stunt from AMD, who is trying to get more people interested in their 64bit architecture. That's fine, but the prediction seems to be more realistic for AMD than the industry in general. I predict in 6 months AMD will find another excuse to take their claim back
They were contacted by email from a *nigerian* businessman. He purchased about $30,000.00 worth of goods using credit cards. In the beginning the Cards went through, but then they started to decline, and he'd find more credit card numbers. Though this had nothing to do with my IT department, at the executive's meeting before the transaction happened, I did express my concern about the business deal. Being all too familiar with scams and extremely paranoid about security (Systems admin what can I say) I told them that they should look more into the background of these people, whos email addresses ended with @scatepile.com. They laughed it out (literally) saying that they will not ship anything unless the cards went through. They were greedy. To teach them a lesson I opened an account with scatepile.com and pretended I wanted to do business with them. The sales idiot was ready to go. In short, a month later when they were preparing another shipment, I finally convinced the sales guy to check with the bank for one of the Master Cards. Sure enough the card had been reported stolen. The same went for all other cards we were provided with. They stopped the shipment in time. Master Card charged the money back. We, being a small company had to fire people who didn't diserve it to compensate. I also told them about my little test scam with the email. They were all embarrased. Now I have the role of security not only for the IT, but I have to consult them on business transactions and how to detect and prevent scam. That I didn't ask for. I think I should ask for a raise. I thought it would benefit someone (or make someone laugh) knowing how many stupid companies are out there that screw up big time.
One of the questions of one of the graduates was what the candidates were using, Macs or PCs. I think more candidates mentioned PCs with the exception of Lieberman(i think) saying he uses wireless. Right away I thought that was a dumb question though. It also looked like a pre-prepared question from the Mac camp. With all the things going on in america and all the concerns young people have, with a time constraint on the program and all, I thought to myself: how dumb does one have to be to ask such a question? Why is it relevant what they use to work with every day? Why would that be relevant to their points of view and promises they were making? It was simply nothing more than a question meant to fuel the OS flamewars going on on Press/Internet the next day that's all. I question the integrity and purpose of such questions.
I think this is more for fun than to "Obejctify" anything. All you have to do is not take it the wrong way. Plus, you also have to understand that Men do not admire/adore/love/can't live without women because they look at them as "Objects". They do so because it's a natural instinct. I think anything that we attribute to women has nothing to do with "Objectifying" them, but more with showing our appreciation and gratitude for their presence.
What if the system is hacked? Has anyone thought about the implications of that? After all, NASA even has not been immune to hackers. Insane traffic jams or accidents can happen if the satellite control fell into the wrong hands. The idea is good, putting it in practise? I don't think so.
It seems pretty clear what they're doing: They're continuing their everlasting story of "it's impossible to make computers secure, the only possible solution is to catch the criminals exploiting the holes in our software, because we can't close them".
Could be, but it something that everyone knows it won't work. Like fighting the Narcotics in USA. It's a fight that cannot be won, as long as the craving is there. PR buzz is a posibility though.
--Yes there has to be, but it's common sense. Writing code that will cause billions of dollars in damage, devastate the economy and people's lives should be punished, and under the US law it is punished. I don't agree at all. Writing code that may cause lots of computers to crash is as criminal to me as making a tool that may be used to circumvent an encryption.
--So then if you see nothing wrong with writing viruses, how do you suggest we deal with it? Like I said before, there's a difference between finding and reporting vulnerabilities and creating a virus and releasing its code to the public (as in the Internet public..which stretches from China, to middle east, to americas...to all over the world). Tools for breaking encryption are hazardous if in the wrong hands, but they do not spread and cause 1/2 of the internet to crash.
There are other uses, also to virusses. Programmers can learn a lot from reading the source of a (working) virus.
--So can (malicious) programmers and script kiddies. I'll tell you something, unless my programming is directly involved with security issues I do not need to see the code of any virses. I think certain people should be able to see it but not everyone.
Source code is, like a painting, a creation.
--All right, let's calm down and leave that whole art crap out of the source code thing. When I am given a project, the last thing I want to think about is visualize my source code to be like a painting. Coding is a skill, difficult, dirty, messy, tiring, it can take you to hell and back in less than 5 seconds. I can relate a lot of other things to a painting, but code is far from it.
Free speech is about being allowed to let others know what you think/do/made.
--I know way too well what free speech is. I live in a world where I am free to speak my mind
It is a matter of free speech to be allowed to show a painting in public, even if some people may not like it (for example, because it shows a murder).
--it all depends how you look at free speech. A killer can claim he's free to do whatever he wants, the same can go with someone poosting child pornography pics on an exibition. Where do you draw the line? Although, this still has nothing to do with software and the capitalist business model.
You might want to read up on communism.
--Now I feel offended...very deeply. I've read on communism...way too much...I had to...or else I would have ended up in jail.
Marx didn't say free speech should be forbidden.
--Thanks for comming out. Let this be the last time you lecture me on what Marx said, and if I should read on communism. You see, when you are born in a country where freedom doesn't exist, it's very difficult to accept positive comments about communism from people that didn't live it, because when they tell you things like you just did, they look so silly you have no idea. You've read Marx. I've read Marx 100 times over, and lived the practising of his theory. I am sorry to tell you that YOU KNOW NOTHING ABOUT COMMUNISM. So stay on track and talk about software only.
The fact that in soviet Russia people didn't have free speech doesn't mean it is impossible in a communist country.
--Yes. My parents wanted free speech. I will not tell you what happened to them, but they suffered enough for that all their lives.
You may come from a communist country, but free speech has nothing to do with money.
--So then why are we mixing it with software and business? My point exactly. I think *free speech*
Is the writer the responsible party or is the person who deploys the virus? /. How can I be prosecuted?
--The writer would also be the deployer. If I write something I'd have to give it to someone else to start the damage. You'd want to search for a *second in command* though. They should be held responsible the same way.
What if I make a spreading virus that works with a known flaw in a MS product. I post this virus and code to say Bugtraq, IRC, or here on
--Why would you make a working VIRUS in the first place? If you discover the flaw, the first and safest thing to do (if your intentions are indeed good) would be to submit it to Microsoft, then Bugtraq or an Anti-Virus company. I'd never make my code public.
I wrote some code but did not use it or set it free on a network. You could take this to extremes on either side. What if I give code examples?
--Give code examples to who is the question? Do you put them on public boards? Then you are indeed asking for a bounty to be put on your head. Why is it so hard to understand? If your intentions are good, when you discover a flwa, there's many ways to contact the right people and protect computer users. If your intentions are malicious, then you'll come up with excuses.
What if I only documented HOW to write code to exploit an existing hole? What if I only describe the hole?
--again as I said, you discover the hole it takes 5 minutes to contact the right people to *close* the hole. Depending on how deep the hole goes of course.
I can make a machine gun and provide you with plans for a machine gun but unless I use it to kill people, I did nothing wrong. --See, you are making excuses, on favor of the virus writer..which tells me that if you have the ability to write code or find an exploit, I would not trust you for one second. You don't have to use it yourself. If people are using your invention to kill people then you should be held accountable. You knew what your invention would do. Why would you give it to those that would use it with no mercy in the first place?
Seems to me that the prosecutors and MS are trying to hang someone as an example but that is a very fine line.
Yes they are lookign to make an example out of this, but I think the rabbit hole goes deeper. I think MS knows something we do not, and hopefully we'll be able to find out what it is. There has been worst viruses in Windows history..why this particular virus? Why now? I think we'll all be surprised in the end when all of this is over.
Is there a law that clearly states that you can not knowingly write code that may cause millions of computers to crash?
--Yes there has to be, but it's common sense. Writing code that will cause billions of dollars in damage, devastate the economy and people's lives should be punished, and under the US law it is punished.
I know this is a touchy subject but I view this software as free speech
--I do not understand? How can software be the same as free speech? They have nothing in common. Free speech is a term and in theory we do not have companies creating *free speech*, it's part of a system (like free speech is not part of the communist system). Business and free speech rules are so different, how can you see them as being the same or compare them? I do not understand (or never had) how *free speech* applies to software. Having come from a communist country I fully understand what *free speech* is, but even the communists paid for software.