I find it interesting that points 12 and 13 are, from at least a technical standpoint, entirely inaccurate.
From point 12: Two computers cannot effectively function if they are connected to the Internet with the same IP address at the same time
As everyone here is likely aware, NAT accomplishes this on a daily basis and is the sole reason we have not exhausted the available range of IP addresses in the current 32-bit address space. Perhaps a more valid statement would be: two computers, both assigned routable IP addresses and both directly-connected to the Internet, would not effectively function.
In practice, assuming each computer was directly connected to the Internet via a different upstream provider, or if the same provider, to routers that were members of different broadcast domains, one of those computers would not function past its upstream router (assuming the router was properly configured). The other should continue to function as usual (which I suppose still makes their case, it just does so in a factual way).
From point 13: The Defendant was identified as the individual responsible for that IP address at that date and time.
Unless you can tie the defendant to a specific MAC address (which even these days isn't really proof since there are utilities available to change those) you have not identified an individual; you have identified an access point. It's no different than say, parking your car in the parking lot of a restaurant you own, that happens to be beside a bank; then one day having some robbers park in your parking lot while they rob the bank. Since it was your parking lot they parked in while they robbed the bank, and your car also parks in that parking lot, by that logic you are now involved since both your car and their car came out of the same lot (keeping in mind that all this time the lot was under your control).
What if you have one of those toll-gates to your parking lot that prevents people from just driving in & out? Now that the robbers have to pass by your security, does that mean you've now aided and abetted the robbers if you let them into your lot, even though you had no idea they were going to rob the bank?
The whole RIAA process is just goofy... arrogant business people using technically incompetent arguments to bring money-losing lawsuits against improper parties to defend a long-dead business model.
God help us if they represented whip-makers when the car was introduced...
I know that the parent to this post has already been modded as informative but I would like to take a moment to recognize and thank wimbor for contributing positive and useful information to this topic.
Great insight, good suggestions and a perfect answer to the "Ask Slashdot".
My contribution to this topic would be much the same; that Group Policies are a great way to limit access to unwanted software with exceptions made for users that must have access to a particular program. By being very selective with install/run rights/priviliges you can prevent people from running workarounds as well as the intended programs (i.e. prevent the installation/execution of SSH clients).
The real question is how restrictive you would like your work environment to be. Other non-technical ways of addressing the same problem would be to meet with HR and make the use of IM clients a contravention of office policy. Use IM once, get a warning, use it twice, a reprimand, third strike, you're fired. In the past I have found that a combination of technical and procedural solutions often work best (that way IT doesn't look like a bunch of domineering a$$holes as well because you can now say "I'm sorry... I want to give you IM but HR says no.")
Just my $0.02
Re:One of the characteristics of a conspiracy theo
on
Roswell Declassified
·
· Score: 1
An interesting question regarding creation and the existence of God. Assuming that the Universe and everything in it was created through the Big Bang a finite amount of time ago, why was that specific moment (the Big Bang) chosen? Assuming that God transcends time, should not the Universe be infinitely old?
Put more plainly, was God just sitting on his porch one day, sipping a mint julep, thinking "Hey, why don't I create the Universe today?". If the answer to that question is just that simple, try a tougher one...
Since God is supposed to know all that ever was and ever will be, it would be safe to assume that God would know about God's own future, which would include creating the Universe. Since God's been around for an infinite amount of time, and knew that the Universe was to be created, why didn't God just go ahead and create it right away (again making the Universe infinitely old)?
I have several hypotheses for these few puzzling questions:
God is lazy. God will put off to tomorrow what could be done today
The Big Bang did not mark the beginning of time, merely another mark in its progression
Everybody's wrong about everything and we should all just forget about religion and science and sit on the porch with mint juleps
I am open to any philisophical discussions on this topic from those with any viewpoint. Write me at billwilliams2002 AT hotmail DOT com
I've recently bought a townhouse that is still under construction and would like to add this type of wiring before they put up the gyprock. If you don't mind answering a few questions... What is the name of the cable that you used? How much did it cost? Where did you get it? Are the jacks easy to wire or should you hire someone (especially for the fibre)?
Thanks in advance for any assistance you can offer!
Here is where you can submit a story for the Slashdot Editors to peer at it, poke it with a stick, and perhaps post it for all to share and enjoy. It is very important that you write a clear simple subject, and include relevant links in your story. If you wish to be anonymous, feel free to leave the identifying fields blank. Anonymity has no effect on whether we will accept or reject the story.
Your Name (Leave Blank to be Anonymous) Hornstar
Your Email or Homepage (Where Users Can Contact You) Yeah, right.
Subject (Be Descriptive, Clear and Simple!) (bad subjects='Check This Out!' or 'An Article'. We get many submissions each day, and if yours isn't clear, it will be deleted.)
Check This Out! It's An Article!
Topic and Section (Almost everything should go under Articles) Articles
The Scoop (HTML is fine, but double check those URLs and HTML tags!) There's a wicked cool RFC that's just been posted at ftp.rfc-editor.org/in-notes/rfc3514.txt. It's like the best prank EVER! Like, it'll make people post like CRAZY! They'll be all like "Post it again, Taco!" and then Taco will be like "DUUUUDE!", and then like he'll post it a whole buch-a-times, and everybody will be like "whoa, is this Groundhog Day, like that Bill Murray movie", and they'll start like coming up with their own anti-multi-post-slashdot-rfc's and it'll be like so totally funny. But then like some people will be like "that's not funny", but like, that will be TOTALLY funny, so like ya gotta post it cause this will just be SOOOOOO cool pimp dawg! Sup?
Are you sure you included a URL? Didja test them for typos? Why would I include a urinal?
Submission format:
Like, totally HTML-Formatted, Plain Old Text
You must preview once, provide a subject, some text, and a topic before you can submit I did. Post it rookie beeeotch!
I see far too many posts in this thread asking the same question (or reflecting the same attitude) in relation to anonymity:
If you're not doing anything wrong, why do you care?
What a dangerous world we live in where the/. crowd, a collection of people that I would for the most part deem to be of higher average intelligence than the general population, don't seem to have a problem with this logic. Ask yourselves a few questions, and actually take the time to think about the answers.
Who decides what is and is not wrong?
Who is in control of information about what is and isn't wrong?
How much immediate control do you have over what is deemed to be wrong?
What recourse do you have if you disagree with what is deemed wrong?
The need for brevity limits the above list to four points; I could go on forever. The biggest problem with a lack of anonymity in a democratic society is that democratic freedoms can be quickly eliminated. If you still have fairytale notions that an unwanted power can be removed from power through the elective process, you are sadly mistaken. Those with power are unwilling to see that power eroded by choice. Look to any judge subject to criminal investigation (In Washington State, a judge convicted of impaired driving not only believes she shouldn't have to step down, she thinks the charge will make her a better judge!); any politician looking for public support when facing criminal probes (in British Columbia, the Premier, akin to a Governor in the US, was charged with impaired and dangerous driving in Maui and will plead "No Contest". He retains his job with all its duties and responsibilities while Cabinet Ministers even suspected of malfeasence are asked to step aside from their legislative duties.) to see that those with power will refuse to let go, despite overwhelming public pressure to do so.
Just because the things you enjoy are legal today, does not for a moment mean that they will, ipso facto, be legal tomorrow. Despite our collective thoughts to the contrary, it is not the majority that decides laws, it is special interest. Why else do we have Kevin Mitnicks in jail for 5 years, while Enron Executives walk free? Don't think that somewhere, somehow, someone isn't proposing to illegalize something you enjoy or support; be it alcohol, gambling, television, or even the rights of minorities. Would you not want the ability to fight these forces anonymously? If you're living in what amounts to a police state, would there be any effective way to? Your calls could easily be monitored and traced back to you. If you participated in efforts to remove those in power you could easily be picked off the street, condemned as a traitor or threat to the greater good. Still feel safe in the world you're willing to allow?
Say, for arguments sake, in the interests of national security, it's deemed that anyone who has a beard as of a specific date would be forever required to check in regularly with the Police. Since: some terrorists are Muslims, all Muslim terrorists are devout Muslims, all devout Muslims have beards (I know this is not necessarily the case, I'm demonstrating a flawed thought process for a point). You're neither a Muslim, nor a terrorist, nor a Muslim terrorist, but because of something you have chosen to do, that was perfectly legal and would not subject you to any further scrutiny on one day, makes you public enemy number one the next. This is not a purely hypothetical example; think Prohibition, and that was a mere 70 years ago.
I honestly couldn't care if it was cell phones or dental floss that you have to register for to purchase. The moment the database starts collecting information, a thousand lobbyists can't stop it. This is the first step in a very long road, and it's an easy one to take. But the step itself is not frightening at all, it's where the road leads that is truly terrifying.
For the record, I completely agree with the quote at the beginning of this post, but only when it's referenced in its entireity:
If you're not doing anything wrongtoday, why do you think those in power won't care about what you are doing tomorrow?
:)) Has anyone ever bothered to decipher that before? Thought it was quite clever but was kind of hoping for something more deep like "If you can read this, you might be a robot" or "Write for your own copy of Dianetics...";)
What many posts in this thread do not seem to take into account is the greater reality that is the web. With a completely patched server and firewalling that drops packets not desired to hit said server, incoming bandwidth is changed none-whatsoever. You have zero control over traffic until that traffic hits a device under your direct control. With most ISP's, that device can only be placed well past their traffic monitoring point. Ergo, you pay for bandwidth whether you want it or not.
You do have the ability to reduce the total amount of bandwith consumed by dropping unwanted return connections but that may be irrelevant if your site is subjected to a DDoS attack.
The largest problem lies in determining whether traffic is "legitimate" traffic BEFORE it passes through the ISP's network to the client. That said, there are a great many possible ways to accomplish this, such as:
Historical traffic pattern comparisons: A connection that has never received a UDP packet in its history may not suddenly want 2Gb worth of UDP queries. That traffic can be dropped (or at least throttled) to minimize customer impact.
Customer specified port use: Offer co-lo customers the ability to limit port access at the ISP router, offer to limit basic Internet Service customers to standard outgoing ports at same.
Reality-based connection management: An amalgam of the above, if a client machine suddenly starts generating continuous outgoing connections to web servers, it might be possible that the client does not want to view 400 porn sites per minute. Use logic and reason to control outgoing and incoming traffic.
The above are merely ideas or concepts, I will leave implementation to those that require the features. But it gives a good idea of the directions that an ISP can go to mitigate the costs of unwanted bandwidth. Just like Credit Card companies will call a customer to verify that they really do want to purchase that Tiffany diamond in a State they've never visited before, maybe ISP's should be monitoring traffic for irregular patterns and contacting customers to verify that the traffic is legitimate.
ISP's can't merely turn a blind eye when the entire netblock they serve starts sending or receiving traffic generated by the latest worm, virus, etc. They should do their best to mitigate their losses and losses of their customers.
I'm not saying that customers are without blame, just that the people running ISP's may have more technical knowledge that that of their customers and should be proactive in protecting those customers from further harm. If you want a real-world, non-technical example, think Firestone and Ford. A problem created outside of Ford that could have been eliminated before reaching the customer if only greater due dilligence had been used. By ignoring or overlooking the problem (I don't know the exact details) both Ford and its customers were negatively impacted. Was it Ford's fault that the tires were faulty? No. Could they have done something about the tires earlier? Possibly. Could the customer do something about the tires? Yes, but only after they knew of the problem by experiencing the negative consequences.
The scenario doesn't differ much when applied to unwanted bandwidth. If ISP's fail to do their part, unwitting customers will always suffer.
> 1) They could do it right back to you making your efforts bite you in the ass
Possibly, but the idea would really be to do this anonymously (if at all).
> 2) Since you're misrepresenting yourself...this is clearly illegal
Agreed, but the trick is proving who actually paid for or initiated the spam.
> It wouldn't be THAT hard to trace back where the spam originated and if it could be linked back to you, you'd be fucked.
This is really the only point with which I disagree. With all the open relays available on the net it should be simple to start a mail chain that could never be traced back to you. Remeber, all you need in order to send an e-mail message is a net-connected computer, an open mail server and a telnet client. Two of which are available at your friendly neighbourhood Best Buy (library, Internet cafe, etc.). So in my estimation, there's really no appreciable risk.
That all said, I totally agree with the spirit of your quest. When I check my mail server logs every morning, I've had at least three attempts to use my box as a relay (one guy was even stupid enough to try it five nights in a row). Without proper diligence when setting the server up, I would be the target of the wrath of the spammed.
My only suggestion would be to implement a new type of RTBL. One thought I had was to set up a honey pot address and then subscribe to as many pron sites, sweepstakes and newsgroups as possible. Any mail that came in to the honey pot address would first have its address blocked, then its domain, then its ip range. Pretty soon, no more spam!
That is a great idea up to a point. Consider this:
What if I'm a part of the ever popular and highly competitive widget manufacturing industry. My main competitor, as all good businesses nowadays, has a shiny new website.
Now I, as a successful business person, know that it's not only sales that affect a company's bottom line, but costs as well. So I think to myself, "How can I drive my competition's costs up while keeping mine down?" Then I realize! I can simply spam a significant number of people with advertisements for my competitors website, and wait for the heavy fines to start rolling in.
Pretty soon my competitor is so burdened with the cost of the 'spam tax' that he can no longer compete in the marketplace. I, on the other hand, have no website so I am in the clear. After a few short months, voila! I have a monopoly!
Never underestimate the craftiness of the small business owner.
The biggest problem with CA's right now, and why they cost so damn much is that they try to prove EVERYTHING about who you are (or more to the point, the identities behind your website). Addresses, company names, incorporation dates, etc. all fall into the vast black hole that is a certificate. But why? Why for every secure connection that you want to generate between a browser and a server do you need to prove that your company is at such and such an address and is run by Joe Hotschidt? What if the client doesn't care?
For example: My company has a secure server for employees that contains sensitive but not secret information. It's protected by username and password so we wanted a secure submission of this information. Enter https and the magic certificate. Employees don't care where the server is. They just want to know that nobody's going to get their password. And no way was the company going to pay to have a CA verify the site's authenticity; what was the point? So I had to set up our own CA and self-sign the certificate. But that then causes browser problems when a message pops up on users' machines saying "this is an unknown root authority blah, blah, blah". The complaints rolled in to which we had to respond "Just click O.K."
What needs to change isn't whether or not there are free CA's. What needs to change is the architecture of certificates themselves. We need to establish different classes of certificates whereby a site that only wants to generate a secure connection can self-sign without problem. A site that wants to establish its location in the community and the identity of its operators could go to a CA. A company that wants to verify that it is who it says it is and follows sound business practices could have its location and business identity established by CA and its reputation established through peer signing.
My solution, in an ideal world, would be to create a certificate environment where a minimum of these three certificate levels exist. Different identifying icons could be displayed in the status bar of a browser to represent each level. Perhaps provide one lock symbol for each level satisfied.
This still leaves a system open to abuse as people could conceivably create certificate identities for the sole purpose of peer signing a certificate to create the illusion of a solid reputation. A solution to this would be to add value-signing to certificates. Not only could you peer sign a certificate saying a company was bona-fide, you could also sign a certificate with "These guys are crooks, don't do business with them." Again, the problem of abuse arises. What about a malicious user that wishes to create a bad reputation for an organization (enemy, rival, competitor, etc.).
I would say that the best solution to both of those problems would be to add relative weight to the signature of a peer. For example: Older signatures would be assigned greater weight than newer ones; greater weight would be assigned to signatures with a higher numbers and percentages of 'bona-fides' than 'crooks'; signatures verified by a Root CA would be assigned a higher value than non-verified. Signing would be somewhat recursive (you would have to verify the signatures of the signatures of the signatures, etc.), but that is not unlike the current system when you get down to the level of workgroup level CA's. A formula could be put together with a points system that assigned certain points to certain signatures and the point system could be calculated dynamically.
There you have your security, identity establishment and legitimacy rolled all into one. Of course the purpose of all this is to get the certificate equivalent of a Better Business Bureau listing. But the key remains that a better method for managing certificates exists.
Now, I have considered that there are still ways to cheat the system, but I would ask the reader to keep in mind two things:
1. It's no worse than what's out there currently
2. Even if you develop a perfect system where a company's legitimacy and reputation can be irrefutably established, all it takes is one guy with no conscience, a floppy disk and access to a company's credit card database to make certificate signing incosequential.
US companies facing legal action abroad act as incredulous as those companies abroad (Elcomsoft) facing legal action in the US. And rightly so. No nation should be able to force its will upon the sovereignty of another whose citizenry have, through democratic process, defined the laws which should govern its populace. An act comitted in a foreign land which is lawful in that land should go unpunised extra-nationally.
Before you reject this statement, re-read it.
An act comitted in a foreign land which is lawful in that land should go unpunised extra-nationally. International hacking, mail fraud, telephone fraud, etc., would not be exempt because those activities take place in another country. If those practices take place in a country that deems those activities unlawful, the perpetrator will become subject to that foreign country's laws. You will note, however, that that is not the case in this situation. The activity in question wholly took place in a country outside the US. A country where this activity is legal (from what I understand. I may be wrong, but the foreign legality is hardly my point.) The only people to truly violate any laws would be those individuals that used the software within the US.
If the US is really keen on pushing its crappy laws on actions committed outside it's borders, it should be prepared to have its citizens arrested en-masse in foreign countries for acts committed at home that are perfectly legal. For example, drinking alcohol; what if every country that banned its consumption arrested every US citizen that landed within its borders for 'acts of indecency' committed overseas?
The actions the US is taking in this case may have greater results than they anticipate. Through its continued lack of forsight, with regards to its actions against foreign nationals, the US government is opening its own citizens up to the possibility of far harsher treatment abroad.
Wow. Another RTFM post. Brilliant. So, I take it you read the actual Ask Slashdot question then, right? The part where he says he knows how to get it working, and wants to know if it has been this hard for everyone else to do so as well? Did ya read that part? Cause I don't think that ya did.
For reference: "...It is possible, but not without a good deal of nightmarish configuration issues...I found a good many people who think that Apple's claims of seamless Windows Network integration to be a bad joke and nothing more." So that was the part where he says he knows how to do it. Now this is the exciting part... the ACTUAL question...
"...I was wondering who else out there is having this problem, and what they have done to solve it." Cool, huh? Reading story good! Reflex comments BAD! REFLEX BAD!
Now, you did find documentation on Apple's site so that's gotta be worth some points. +1 Informative to you. Of course, that's not really the point of his Ask Slashdot, so you get a +1 Moron because you can't read and a +3 Asshole because you've used this thread as a vehicle to vent your frustrations at the world. Your Karma is now -1 Idiot. Congratulations.
Now, for anyone else that feels inclined to add RTFM to this discussion, save your breath. We don't care. Post something useful, and if you're not willing to add your name to it, maybe that tells you a little bit about the message you're posting.
Thank god I'm not a moderator or my Dogma would crap on your Karma
"...For benchmark purposes, Microsoft has provided the Middleware Company with a functionally equivalent revised.NET Pet Shop 2.0 application that conforms to the same specification. This implementation includes support for distributed transactions via COM+ Serviced.NET components; and the equivalent Web service as the revised J2EE implementation. See http://www.middleware-company.com/j2eedotnetbench/
Direct from the horse's mouth, the version compared in this benchmark was provided directly from Microsoft. Whether it was the original developers of.Net that created it is somewhat irrelevant as the optimizers no doubt had access to developmental resources. This is in stark contrast to TMC who would unlikely have access to Sun developmental resources as a third party developer.
But perhaps that particular angle was overplayed in my original post. My real point, as evidenced by the subject, is that when one evaluates the results of experimentation, always keep in mind the parties that have a vested interest in the results and how prior mitigating factors may influence those results.
At present, I am not ready declare J2EE as fit to really "Whip's the Lava's ass!" nor am I prepared to emphatically state that.Net "0wnz", but I will say that the results of this comparison are, without question, highly suspect.
When a 'disinterested' third party is enlisted by an organization by way of paid favour, that third party no longer remains 'disinterested'. In the case of TMC, if they were paid by Microsoft (which has so far been rumored) to demonstrate the superiority of the.Net architecture, they clearly can not provide an objective comparison between.Net and J2EE.
Similarly, asking the developers of.Net to create optimized code for the demonstration site while TMC developers create code (which sounds to be less than perfect) for the J2EE example, not only smacks of experimental bias, but completely undermines experimental objectivity.
The only real way to create an undisputable comparison is to give both manufacturers an identical piece of server hardware, a set of goals to be achieved by the software (sufficiently broad so as to eliminate one-off performance gains) then test the resulting applications head to head under identical load.
When those criteria are met, only then will we all feel safe declaring a 'winner'.
> When you call up MS or signup with their Open or Select license plans, you basically agree to more restrictions for a reduced price
Well actually...
Our company has purchased several different types of Microsoft products including Retail, OEM and Open License. Strangely enough, the Open License copies were the most expensive (even when bought from a wholesaler). They way the Rep explained it, licenses would be easier to transfer within the Open License program which was the main selling point (that and we only have to keep a record of one key per program). If this is not the case, then we have a little three-way conversation that needs to take place between the Microsoft rep, me and my baseball bat.
The guy's already said he's looked everywhere for something similar, now he's come to the 'enlightened' forums of slashdot where the most helpful post some people can muster is RTFM. Since it isn't clear that there even IS a FM, maybe you can cut someone a little slack, offer a helpful suggestion or shut the fsck up.
Technological eletism helps no one. If you think what he's looking for can be found on Google... find it and prove us all wrong. If it isn't exactly what he's looking for, you can go crawl back under your hole where we will all leave you to peacefully revel in your astounding ability to program in assembly, while your festering glee grows with your ever-expanding intellect.
IANAL either. That said, the abstract of the patent refers to video compression (as do the supporting clauses), not still compression. This limits the patent not just to video compression, but to the VERY SPECIFIC video compression technique detailed in the patent (meaning that wavelet compression would not be covered by this patent, even though it is a method by which one could compress video). Keep in mind, you could obtain a patent for a disc-shaped children's toy manufactured from extruded polymerized material, but your patent would not extend to cover all toys manufactured from extruded polymerized material.
The patent applies to the very specific use of specified technology, not the IP of every piece of technology used in the specification. In order for Claim 5 to be defensible as proprietary, a seperate claim (in fact a seperate patent) would have to be filed with appropriate abstracts caliming a new method of compressing STILL images.
It is a subtle difference, I know, yet the distinction is there.
MSNBC article is perfect...
on
Is Linux Dead?
·
· Score: 1
FOR ME TO POOP ON!
As other posters who have actually read the article would agree, for MSNBC to post "So whatever happened to Linux?" with a byline "At tech expo, open source software is hard to find" smacks of media influence by ownership. By the article's own account, in just a few short years of being discussed in the mainstream media, Linux has taken the #2 spot in software and is steadily growing. Hardly an O/S that's disappearing into the wings.
What's next from MSNBC... "So whatever happened to CBS?"
Slashdot Mirror
I find it interesting that points 12 and 13 are, from at least a technical standpoint, entirely inaccurate.
From point 12: Two computers cannot effectively function if they are connected to the Internet with the same IP address at the same time
As everyone here is likely aware, NAT accomplishes this on a daily basis and is the sole reason we have not exhausted the available range of IP addresses in the current 32-bit address space. Perhaps a more valid statement would be: two computers, both assigned routable IP addresses and both directly-connected to the Internet, would not effectively function.
In practice, assuming each computer was directly connected to the Internet via a different upstream provider, or if the same provider, to routers that were members of different broadcast domains, one of those computers would not function past its upstream router (assuming the router was properly configured). The other should continue to function as usual (which I suppose still makes their case, it just does so in a factual way).
From point 13: The Defendant was identified as the individual responsible for that IP address at that date and time.
Unless you can tie the defendant to a specific MAC address (which even these days isn't really proof since there are utilities available to change those) you have not identified an individual; you have identified an access point. It's no different than say, parking your car in the parking lot of a restaurant you own, that happens to be beside a bank; then one day having some robbers park in your parking lot while they rob the bank. Since it was your parking lot they parked in while they robbed the bank, and your car also parks in that parking lot, by that logic you are now involved since both your car and their car came out of the same lot (keeping in mind that all this time the lot was under your control).
What if you have one of those toll-gates to your parking lot that prevents people from just driving in & out? Now that the robbers have to pass by your security, does that mean you've now aided and abetted the robbers if you let them into your lot, even though you had no idea they were going to rob the bank?
The whole RIAA process is just goofy... arrogant business people using technically incompetent arguments to bring money-losing lawsuits against improper parties to defend a long-dead business model.
God help us if they represented whip-makers when the car was introduced...
Great insight, good suggestions and a perfect answer to the "Ask Slashdot".
My contribution to this topic would be much the same; that Group Policies are a great way to limit access to unwanted software with exceptions made for users that must have access to a particular program. By being very selective with install/run rights/priviliges you can prevent people from running workarounds as well as the intended programs (i.e. prevent the installation/execution of SSH clients).
The real question is how restrictive you would like your work environment to be. Other non-technical ways of addressing the same problem would be to meet with HR and make the use of IM clients a contravention of office policy. Use IM once, get a warning, use it twice, a reprimand, third strike, you're fired. In the past I have found that a combination of technical and procedural solutions often work best (that way IT doesn't look like a bunch of domineering a$$holes as well because you can now say "I'm sorry... I want to give you IM but HR says no.")
Just my $0.02
An interesting question regarding creation and the existence of God. Assuming that the Universe and everything in it was created through the Big Bang a finite amount of time ago, why was that specific moment (the Big Bang) chosen? Assuming that God transcends time, should not the Universe be infinitely old?
Put more plainly, was God just sitting on his porch one day, sipping a mint julep, thinking "Hey, why don't I create the Universe today?". If the answer to that question is just that simple, try a tougher one...
Since God is supposed to know all that ever was and ever will be, it would be safe to assume that God would know about God's own future, which would include creating the Universe. Since God's been around for an infinite amount of time, and knew that the Universe was to be created, why didn't God just go ahead and create it right away (again making the Universe infinitely old)?
I have several hypotheses for these few puzzling questions:
I am open to any philisophical discussions on this topic from those with any viewpoint. Write me at billwilliams2002 AT hotmail DOT com
Thanks in advance for any assistance you can offer!
...The story duplicates YOU!
Not sure if it had been said yet or not, so I thought I'd make the thread official.
Slashdot Story Submissions
Here is where you can submit a story for the Slashdot Editors to peer at it, poke it with a stick, and perhaps post it for all to share and enjoy. It is very important that you write a clear simple subject, and include relevant links in your story. If you wish to be anonymous, feel free to leave the identifying fields blank. Anonymity has no effect on whether we will accept or reject the story.
Your Name (Leave Blank to be Anonymous)
Hornstar
Your Email or Homepage (Where Users Can Contact You)
Yeah, right.
Subject (Be Descriptive, Clear and Simple!)
(bad subjects='Check This Out!' or 'An Article'. We get many submissions each day, and if yours isn't clear, it will be deleted.)
Check This Out! It's An Article!
Topic and Section (Almost everything should go under Articles)
Articles
The Scoop (HTML is fine, but double check those URLs and HTML tags!)
There's a wicked cool RFC that's just been posted at ftp.rfc-editor.org/in-notes/rfc3514.txt. It's like the best prank EVER! Like, it'll make people post like CRAZY! They'll be all like "Post it again, Taco!" and then Taco will be like "DUUUUDE!", and then like he'll post it a whole buch-a-times, and everybody will be like "whoa, is this Groundhog Day, like that Bill Murray movie", and they'll start like coming up with their own anti-multi-post-slashdot-rfc's and it'll be like so totally funny. But then like some people will be like "that's not funny", but like, that will be TOTALLY funny, so like ya gotta post it cause this will just be SOOOOOO cool pimp dawg! Sup?
Are you sure you included a URL? Didja test them for typos?
Why would I include a urinal?
Submission format: Like, totally HTML-Formatted, Plain Old Text
You must preview once, provide a subject, some text, and a topic before you can submit
I did. Post it rookie beeeotch!
I see far too many posts in this thread asking the same question (or reflecting the same attitude) in relation to anonymity:
If you're not doing anything wrong, why do you care?
What a dangerous world we live in where the /. crowd, a collection of people that I would for the most part deem to be of higher average intelligence than the general population, don't seem to have a problem with this logic. Ask yourselves a few questions, and actually take the time to think about the answers.
The need for brevity limits the above list to four points; I could go on forever. The biggest problem with a lack of anonymity in a democratic society is that democratic freedoms can be quickly eliminated. If you still have fairytale notions that an unwanted power can be removed from power through the elective process, you are sadly mistaken. Those with power are unwilling to see that power eroded by choice. Look to any judge subject to criminal investigation (In Washington State, a judge convicted of impaired driving not only believes she shouldn't have to step down, she thinks the charge will make her a better judge!); any politician looking for public support when facing criminal probes (in British Columbia, the Premier, akin to a Governor in the US, was charged with impaired and dangerous driving in Maui and will plead "No Contest". He retains his job with all its duties and responsibilities while Cabinet Ministers even suspected of malfeasence are asked to step aside from their legislative duties.) to see that those with power will refuse to let go, despite overwhelming public pressure to do so.
Just because the things you enjoy are legal today, does not for a moment mean that they will, ipso facto, be legal tomorrow. Despite our collective thoughts to the contrary, it is not the majority that decides laws, it is special interest. Why else do we have Kevin Mitnicks in jail for 5 years, while Enron Executives walk free? Don't think that somewhere, somehow, someone isn't proposing to illegalize something you enjoy or support; be it alcohol, gambling, television, or even the rights of minorities. Would you not want the ability to fight these forces anonymously? If you're living in what amounts to a police state, would there be any effective way to? Your calls could easily be monitored and traced back to you. If you participated in efforts to remove those in power you could easily be picked off the street, condemned as a traitor or threat to the greater good. Still feel safe in the world you're willing to allow?
Say, for arguments sake, in the interests of national security, it's deemed that anyone who has a beard as of a specific date would be forever required to check in regularly with the Police. Since: some terrorists are Muslims, all Muslim terrorists are devout Muslims, all devout Muslims have beards (I know this is not necessarily the case, I'm demonstrating a flawed thought process for a point). You're neither a Muslim, nor a terrorist, nor a Muslim terrorist, but because of something you have chosen to do, that was perfectly legal and would not subject you to any further scrutiny on one day, makes you public enemy number one the next. This is not a purely hypothetical example; think Prohibition, and that was a mere 70 years ago.
I honestly couldn't care if it was cell phones or dental floss that you have to register for to purchase. The moment the database starts collecting information, a thousand lobbyists can't stop it. This is the first step in a very long road, and it's an easy one to take. But the step itself is not frightening at all, it's where the road leads that is truly terrifying.
For the record, I completely agree with the quote at the beginning of this post, but only when it's referenced in its entireity:
If you're not doing anything wrong today, why do you think those in power won't care about what you are doing tomorrow?
...640K should be enough for anybody!
Cheers!
01001101 01100001 01111001 01100010 01100101 00100000 01101110 01101111 01110100 00101100 00100000 01100010 01110101 01110100 00100000 01111001 01101111 01110101 00100000 01100001 01110010 01100101 00100000 01100001 00100000 01100100 01101111 01110010 01101011 00100000 00111011 00101001
4E 65 78 74 20 74 69 6D 65 2C 20 77 72 69 74 65 20 69 6E 20 41 53 43 49 49
What many posts in this thread do not seem to take into account is the greater reality that is the web. With a completely patched server and firewalling that drops packets not desired to hit said server, incoming bandwidth is changed none-whatsoever. You have zero control over traffic until that traffic hits a device under your direct control. With most ISP's, that device can only be placed well past their traffic monitoring point. Ergo, you pay for bandwidth whether you want it or not.
You do have the ability to reduce the total amount of bandwith consumed by dropping unwanted return connections but that may be irrelevant if your site is subjected to a DDoS attack.
The largest problem lies in determining whether traffic is "legitimate" traffic BEFORE it passes through the ISP's network to the client. That said, there are a great many possible ways to accomplish this, such as:
The above are merely ideas or concepts, I will leave implementation to those that require the features. But it gives a good idea of the directions that an ISP can go to mitigate the costs of unwanted bandwidth. Just like Credit Card companies will call a customer to verify that they really do want to purchase that Tiffany diamond in a State they've never visited before, maybe ISP's should be monitoring traffic for irregular patterns and contacting customers to verify that the traffic is legitimate.
ISP's can't merely turn a blind eye when the entire netblock they serve starts sending or receiving traffic generated by the latest worm, virus, etc. They should do their best to mitigate their losses and losses of their customers.
I'm not saying that customers are without blame, just that the people running ISP's may have more technical knowledge that that of their customers and should be proactive in protecting those customers from further harm. If you want a real-world, non-technical example, think Firestone and Ford. A problem created outside of Ford that could have been eliminated before reaching the customer if only greater due dilligence had been used. By ignoring or overlooking the problem (I don't know the exact details) both Ford and its customers were negatively impacted. Was it Ford's fault that the tires were faulty? No. Could they have done something about the tires earlier? Possibly. Could the customer do something about the tires? Yes, but only after they knew of the problem by experiencing the negative consequences.
The scenario doesn't differ much when applied to unwanted bandwidth. If ISP's fail to do their part, unwitting customers will always suffer.
> 1) They could do it right back to you making your efforts bite you in the ass
Possibly, but the idea would really be to do this anonymously (if at all).
> 2) Since you're misrepresenting yourself...this is clearly illegal
Agreed, but the trick is proving who actually paid for or initiated the spam.
> It wouldn't be THAT hard to trace back where the spam originated and if it could be linked back to you, you'd be fucked.
This is really the only point with which I disagree. With all the open relays available on the net it should be simple to start a mail chain that could never be traced back to you. Remeber, all you need in order to send an e-mail message is a net-connected computer, an open mail server and a telnet client. Two of which are available at your friendly neighbourhood Best Buy (library, Internet cafe, etc.). So in my estimation, there's really no appreciable risk.
That all said, I totally agree with the spirit of your quest. When I check my mail server logs every morning, I've had at least three attempts to use my box as a relay (one guy was even stupid enough to try it five nights in a row). Without proper diligence when setting the server up, I would be the target of the wrath of the spammed.
My only suggestion would be to implement a new type of RTBL. One thought I had was to set up a honey pot address and then subscribe to as many pron sites, sweepstakes and newsgroups as possible. Any mail that came in to the honey pot address would first have its address blocked, then its domain, then its ip range. Pretty soon, no more spam!
Just a thought.
What if I'm a part of the ever popular and highly competitive widget manufacturing industry. My main competitor, as all good businesses nowadays, has a shiny new website.
Now I, as a successful business person, know that it's not only sales that affect a company's bottom line, but costs as well. So I think to myself, "How can I drive my competition's costs up while keeping mine down?" Then I realize! I can simply spam a significant number of people with advertisements for my competitors website, and wait for the heavy fines to start rolling in.
Pretty soon my competitor is so burdened with the cost of the 'spam tax' that he can no longer compete in the marketplace. I, on the other hand, have no website so I am in the clear. After a few short months, voila! I have a monopoly!
Never underestimate the craftiness of the small business owner.
The biggest problem with CA's right now, and why they cost so damn much is that they try to prove EVERYTHING about who you are (or more to the point, the identities behind your website). Addresses, company names, incorporation dates, etc. all fall into the vast black hole that is a certificate. But why? Why for every secure connection that you want to generate between a browser and a server do you need to prove that your company is at such and such an address and is run by Joe Hotschidt? What if the client doesn't care?
For example: My company has a secure server for employees that contains sensitive but not secret information. It's protected by username and password so we wanted a secure submission of this information. Enter https and the magic certificate. Employees don't care where the server is. They just want to know that nobody's going to get their password. And no way was the company going to pay to have a CA verify the site's authenticity; what was the point? So I had to set up our own CA and self-sign the certificate. But that then causes browser problems when a message pops up on users' machines saying "this is an unknown root authority blah, blah, blah". The complaints rolled in to which we had to respond "Just click O.K."
What needs to change isn't whether or not there are free CA's. What needs to change is the architecture of certificates themselves. We need to establish different classes of certificates whereby a site that only wants to generate a secure connection can self-sign without problem. A site that wants to establish its location in the community and the identity of its operators could go to a CA. A company that wants to verify that it is who it says it is and follows sound business practices could have its location and business identity established by CA and its reputation established through peer signing.
My solution, in an ideal world, would be to create a certificate environment where a minimum of these three certificate levels exist. Different identifying icons could be displayed in the status bar of a browser to represent each level. Perhaps provide one lock symbol for each level satisfied.
This still leaves a system open to abuse as people could conceivably create certificate identities for the sole purpose of peer signing a certificate to create the illusion of a solid reputation. A solution to this would be to add value-signing to certificates. Not only could you peer sign a certificate saying a company was bona-fide, you could also sign a certificate with "These guys are crooks, don't do business with them." Again, the problem of abuse arises. What about a malicious user that wishes to create a bad reputation for an organization (enemy, rival, competitor, etc.).
I would say that the best solution to both of those problems would be to add relative weight to the signature of a peer. For example: Older signatures would be assigned greater weight than newer ones; greater weight would be assigned to signatures with a higher numbers and percentages of 'bona-fides' than 'crooks'; signatures verified by a Root CA would be assigned a higher value than non-verified. Signing would be somewhat recursive (you would have to verify the signatures of the signatures of the signatures, etc.), but that is not unlike the current system when you get down to the level of workgroup level CA's. A formula could be put together with a points system that assigned certain points to certain signatures and the point system could be calculated dynamically.
There you have your security, identity establishment and legitimacy rolled all into one. Of course the purpose of all this is to get the certificate equivalent of a Better Business Bureau listing. But the key remains that a better method for managing certificates exists.
Now, I have considered that there are still ways to cheat the system, but I would ask the reader to keep in mind two things:
1. It's no worse than what's out there currently
2. Even if you develop a perfect system where a company's legitimacy and reputation can be irrefutably established, all it takes is one guy with no conscience, a floppy disk and access to a company's credit card database to make certificate signing incosequential.
> It will be interesting to see how US businesses feel about it the first time the tables get turned.
Fortunately, we already know how they feel... They feel whiny.
US companies facing legal action abroad act as incredulous as those companies abroad (Elcomsoft) facing legal action in the US. And rightly so. No nation should be able to force its will upon the sovereignty of another whose citizenry have, through democratic process, defined the laws which should govern its populace. An act comitted in a foreign land which is lawful in that land should go unpunised extra-nationally.
Before you reject this statement, re-read it.
An act comitted in a foreign land which is lawful in that land should go unpunised extra-nationally. International hacking, mail fraud, telephone fraud, etc., would not be exempt because those activities take place in another country. If those practices take place in a country that deems those activities unlawful, the perpetrator will become subject to that foreign country's laws. You will note, however, that that is not the case in this situation. The activity in question wholly took place in a country outside the US. A country where this activity is legal (from what I understand. I may be wrong, but the foreign legality is hardly my point.) The only people to truly violate any laws would be those individuals that used the software within the US.
If the US is really keen on pushing its crappy laws on actions committed outside it's borders, it should be prepared to have its citizens arrested en-masse in foreign countries for acts committed at home that are perfectly legal. For example, drinking alcohol; what if every country that banned its consumption arrested every US citizen that landed within its borders for 'acts of indecency' committed overseas?
The actions the US is taking in this case may have greater results than they anticipate. Through its continued lack of forsight, with regards to its actions against foreign nationals, the US government is opening its own citizens up to the possibility of far harsher treatment abroad.
Imagine. All this from a simple copyright case!
Just my $0.02CDN (approximately $0.0128US)
Wow. Another RTFM post. Brilliant. So, I take it you read the actual Ask Slashdot question then, right? The part where he says he knows how to get it working, and wants to know if it has been this hard for everyone else to do so as well? Did ya read that part? Cause I don't think that ya did.
For reference:
"...It is possible, but not without a good deal of nightmarish configuration issues...I found a good many people who think that Apple's claims of seamless Windows Network integration to be a bad joke and nothing more." So that was the part where he says he knows how to do it. Now this is the exciting part... the ACTUAL question...
"...I was wondering who else out there is having this problem, and what they have done to solve it." Cool, huh? Reading story good! Reflex comments BAD! REFLEX BAD!
Now, you did find documentation on Apple's site so that's gotta be worth some points. +1 Informative to you. Of course, that's not really the point of his Ask Slashdot, so you get a +1 Moron because you can't read and a +3 Asshole because you've used this thread as a vehicle to vent your frustrations at the world. Your Karma is now -1 Idiot. Congratulations.
Now, for anyone else that feels inclined to add RTFM to this discussion, save your breath. We don't care. Post something useful, and if you're not willing to add your name to it, maybe that tells you a little bit about the message you're posting.
Thank god I'm not a moderator or my Dogma would crap on your Karma
Direct from Middleware's site:
"...For benchmark purposes, Microsoft has provided the Middleware Company with a functionally equivalent revised .NET Pet Shop 2.0 application that conforms to the same specification. This implementation includes support for distributed transactions via COM+ Serviced .NET components; and the equivalent Web service as the revised J2EE implementation.
/
See http://www.middleware-company.com/j2eedotnetbench
Direct from the horse's mouth, the version compared in this benchmark was provided directly from Microsoft. Whether it was the original developers of .Net that created it is somewhat irrelevant as the optimizers no doubt had access to developmental resources. This is in stark contrast to TMC who would unlikely have access to Sun developmental resources as a third party developer.
But perhaps that particular angle was overplayed in my original post. My real point, as evidenced by the subject, is that when one evaluates the results of experimentation, always keep in mind the parties that have a vested interest in the results and how prior mitigating factors may influence those results.
Just my $0.02CDN (Approximately $0.012755USD)
At present, I am not ready declare J2EE as fit to really "Whip's the Lava's ass!" nor am I prepared to emphatically state that .Net "0wnz", but I will say that the results of this comparison are, without question, highly suspect.
When a 'disinterested' third party is enlisted by an organization by way of paid favour, that third party no longer remains 'disinterested'. In the case of TMC, if they were paid by Microsoft (which has so far been rumored) to demonstrate the superiority of the .Net architecture, they clearly can not provide an objective comparison between .Net and J2EE.
Similarly, asking the developers of .Net to create optimized code for the demonstration site while TMC developers create code (which sounds to be less than perfect) for the J2EE example, not only smacks of experimental bias, but completely undermines experimental objectivity.
The only real way to create an undisputable comparison is to give both manufacturers an identical piece of server hardware, a set of goals to be achieved by the software (sufficiently broad so as to eliminate one-off performance gains) then test the resulting applications head to head under identical load.
When those criteria are met, only then will we all feel safe declaring a 'winner'.
Just my $0.02CDN (Approximately $0.012755USD)
> When you call up MS or signup with their Open or Select license plans, you basically agree to more restrictions for a reduced price
Well actually...
Our company has purchased several different types of Microsoft products including Retail, OEM and Open License. Strangely enough, the Open License copies were the most expensive (even when bought from a wholesaler). They way the Rep explained it, licenses would be easier to transfer within the Open License program which was the main selling point (that and we only have to keep a record of one key per program). If this is not the case, then we have a little three-way conversation that needs to take place between the Microsoft rep, me and my baseball bat.
Just my $0.02CDN (approximately $0.01273USD)
Welcome to assholeforum.slashdot.com
The guy's already said he's looked everywhere for something similar, now he's come to the 'enlightened' forums of slashdot where the most helpful post some people can muster is RTFM. Since it isn't clear that there even IS a FM, maybe you can cut someone a little slack, offer a helpful suggestion or shut the fsck up.
Technological eletism helps no one. If you think what he's looking for can be found on Google... find it and prove us all wrong. If it isn't exactly what he's looking for, you can go crawl back under your hole where we will all leave you to peacefully revel in your astounding ability to program in assembly, while your festering glee grows with your ever-expanding intellect.
Nice troll. Like RedHat can't afford $50K for a license... What's next from your witty repertoire?
"Anyone that uses a computer is a loser!"
Seriously. Go find something more productive to do with your time.
IANAL either. That said, the abstract of the patent refers to video compression (as do the supporting clauses), not still compression. This limits the patent not just to video compression, but to the VERY SPECIFIC video compression technique detailed in the patent (meaning that wavelet compression would not be covered by this patent, even though it is a method by which one could compress video). Keep in mind, you could obtain a patent for a disc-shaped children's toy manufactured from extruded polymerized material, but your patent would not extend to cover all toys manufactured from extruded polymerized material.
The patent applies to the very specific use of specified technology, not the IP of every piece of technology used in the specification. In order for Claim 5 to be defensible as proprietary, a seperate claim (in fact a seperate patent) would have to be filed with appropriate abstracts caliming a new method of compressing STILL images.
It is a subtle difference, I know, yet the distinction is there.
FOR ME TO POOP ON!
As other posters who have actually read the article would agree, for MSNBC to post "So whatever happened to Linux?" with a byline "At tech expo, open source software is hard to find" smacks of media influence by ownership. By the article's own account, in just a few short years of being discussed in the mainstream media, Linux has taken the #2 spot in software and is steadily growing. Hardly an O/S that's disappearing into the wings.
What's next from MSNBC... "So whatever happened to CBS?"