Estimating the risk doesn't mean predicting the event. It's like if you throw dices, and see that about 1/3 of the throws get a 6 (i.e. you notice that the dices are biased). From that you can estimate the chance of getting five 6s in a row, and thus can decide if you should prepare for this possibility (assuming that in the game five 6s in a row have some effect in the game play). It doesn't, however, tell you when, or even if, those five 6s in a row will happen. It could be the next five throws, or it could be not at all during the game.
You admit you skimmed over a point on hosts files and the possibility of using them via login/logon scripts...
No. I admitted skimming over your mention of using NoScript in addition to host files. And since I assume you know what you wrote (and even if you have such severe Alzheimer disease that you don't, you could have looked up where the sentence I quoted was in your post), I can only assume that your "misunderstanding" is malicious. Therefore EOD.
Reading comprehension: failed. Or, to use your style: Reading comprehension: FAILED!
I wrote: "You seem to assume..." not "You wrote..."
I never assumed you did: I noted the use of LOGIN SCRIPTS, & network admins control those
Which means that if you are no network admin (which was the scenario I was talking about), you cannot change it. Case closed.
If any of the users on these multiple user workstations you noted above use Outlook Express OR Full OUTLOOK from MS Office (or even other 3rd party email programs), OR Internet Explorer (which IS there by default on Windows for example)?
No Windows here:-) Anyway, I'm just a normal user here, so I can't change the hosts file anyway. Which is just what I originally said: If you are no admin, you cannot change the hosts file, period. So you have to decide:
Either, you continue to claim that I'm wrong. In that case, you should find a place where I'm wrong.
Or you admit that I wasn't wrong. Which is probably the simplest.:-)
Or you continue to argue about straw men which I was never talking about.
(My guess is that they used some type of javascript + "webbug" type of tracking, but, that's ONLY a guess on my part!)
That's my guess, too (I had hoped for some information about it on the page). However the methods I could think of don't depend on why the content wasn't loaded, but only on that it wasn't loaded. Therefore it wouldn't matter if the content wasn't there because of a hosts file, because of an ad-filtering proxy, or because of Adblock.
(Did you "skim over" that? Apparently so!)
Indeed.
Nuff said on that much, as it was what I wanted to hear you say - THAT HOSTS FILES ARE USEFUL & VALID WAYS OF DOING PROTECTION
No need to shout. I never denied that. I just pointed out that it's not always possible, and that it also has limitations (actually originally I even only pointed out the first; for reasons I don't actually understand that caused you to reply with lots of bold and SHOUTING, and a "solution" which doesn't work exactly in the case I was talking about: no admin rights).
If what we care about is the accumulation of knowledge then we should cooperate and not compete here. Retask the LHC for higher energies, and have Fermilab continue to explore the lower-energy space. This way we find the Higgs more quickly as we have two non-redundant operations working on the problem, rather than having one be completely redundant.
Well, so much for the theory. In practice, scientists are humans as well.
I wonder how much of their motto "Don't be evil" will be left in the near future.
All of it, of course. Did it never occur to you that the motto isn't "we won't be evil", but is formulated as command? "Don't be evil, or we will get you!"
Hmmm, that's nothing that logon scripting cannot "cure" for instance, say via a HOSTS file copy + overwrite on the user's local workstation...
You seem to assume root/admin access at the local workstation. Sorry, I don't have that at work. Also you assume that every workstation is only used by one person at a time (i.e. no remote login). Sorry, it doesn't work like this here.
FF plugins are FOR FIREFOX ONLY!
Yes. I'm using FF, therefore it's not an issue.
But let me add another thing NoScript does, and the hosts file cannot do (unless you put much work into it which the NoScript developer(s) already did): Surrogate scripts. Some pages will not work properly if e.g. Google Analytics scripts are blocked. Surrogate scripts fix that problem.
And yet another thing RequestPolicy can do, but host files cannot: Block or not block depending on whether it's the main site you visit. For example, you might want to access facebook, but you don't want the facebook buttons to track you. What do you do? With RequestPolicy it's a no-brainer (indeed it's the default): Disallow other sites from accessing facebook. With hosts you only have the choice of blocking facebook completely, or not blocking it at all, unless you keep editing it (and even then, you may have both facebook and a site including facebook buttons open at the same time; no solution with hosts file).
Also, NoScript can save you from XSS attacks targeting your home router. Hosts files cannot (again unless you want to edit it twice every time you want to access the web interface of your router).
That URL is broken. Unfortunately that means I cannot see what technique Ars Technica used. However, the obvious ways I see to block content for people who block ads work quite well also if the ads are blocked through hosts files.
Yes, hosts files can be an effective measure against domains which you definitively never want to access, provided that you are in a position where you can edit them. No, hosts files are not the silver bullet.
Not saying it does or doesn't, but at what point would they would decide to quit searching it for it?
Probably at the point at which they traced, with sufficient statistics, the whole energy range where the Higgs may be found, and didn't find a trace of it.
Of course there's a difference between violating rules which shouldn't be there in the first place (someone mentioned hiding Jews in Nazi Germany), and violating rules which would also be there if a more sensible government would be in power (to make an extreme case, if you protested against the U.S. government by nuking Washington, I doubt many people would consider you a freedom fighter - well, Al Quaida might:-)).
It's not really interesting, but expected. For some people anything going against people/organizations they don't like is good (well, most people have still some limit there; I guess if those people started to kill the CEOs of those companies, there would be far less people who consider that good - but then, I'm pretty certain the number would still be nonzero). You know, "the enemy of my enemy is my friend." There's absolutely no reason such people should not be found at Slashdot as well.
Actually I've read the word "cracker" already in the 80s (sorry, can't remember exactly where, except that it was in some computer magazine). However, at that time it didn't refer to people breaking into computers, but to people cracking copyright protection on games.
Let me add one disadvantage of host files vs. AdBlock/NoScript & Co.:
The host file approach is completely unusable on machines where you have no root/admin access. And even on networks where you have root/admin access, but don't own the network and are not the one responsible for networking, you may get into troubles if you try to change host files. OTOH, Firefox plugins can be installed at the user level, without a need for root/admin access, and since user-installed plugins only affect the single user (i.e. you), they are much more likely to be accepted.
It's annoying because you recognise that the pages often need scripts from sites you actually don't want to enable (e.g. more and more pages need googleapis, even pages where it's absolutely pointless).
BTW, I had just started browsing social news sites like Slashdot, opening a handful of tabs to normally reputable sites to read the articles (yes, really, some of us actually do). I'm pretty sure I got hit via either a third party source that AdBlock missed or a compromised comment on a blog post.
A plugin which probably wouldn't have missed it (unless it comes directly from a site you explicitly surfed to, e.g. because the site became compromised) is RequestPolicy. It by default blocks any request from one site to another. However I have to admit that sometimes it can be quite some work to figure out what to enable to make the site work. Oh, and NoScript can be configured to not allow Java applets by default, but only after explicit clicking, even from otherwise trusted sources. That way, you'll never get a Java applet running on drive-by, because you have to click every time to start the applet.
In any case, please don't kid yourself that this is only a problem for dumb Windows/IE users surfing for warez/pr0n/whatever. Just because you're running Linux instead of Windows, or Firefox/Chrome/Opera/whatever instead of IE, or visiting legitimate sites that are themselves not going to attack your system, that doesn't mean you're somehow immune. It just means you're a less likely target. Pride comes before the fall.
Yes, each of the measures doesn't make you immune. But each one reduces the probability of getting affected. At some point, the probability drops low enough that you can basically neglect it. That's not related to pride (I'm not at all proud for having to make extra effort to get a page display properly; also the reason I'm using Linux isn't related to pride, indeed not even to security, but simply to the fact that it works better for my needs; if I were a hardcore gamer, I'd probably use Windows).
No, you obviously didn't, as you show again. The point is that it's as much a truism as that it is a truism that the failure of anything man-made can ultimately be explained as failure of a human. That's not a reason not to call it a computer error, just as you'd not replace the term human error by physics error just because the human behaviour is ultimately the behaviour of a physical system following the laws of physics.
Well, the size of a legion is several thousand people.
May be. But what do all the non-pirates do? :-)
Those three years are just a statistical error. :-)
Then they hurt the society as well, because it turns it into a society where preemptive killing is considered OK.
Estimating the risk doesn't mean predicting the event. It's like if you throw dices, and see that about 1/3 of the throws get a 6 (i.e. you notice that the dices are biased). From that you can estimate the chance of getting five 6s in a row, and thus can decide if you should prepare for this possibility (assuming that in the game five 6s in a row have some effect in the game play). It doesn't, however, tell you when, or even if, those five 6s in a row will happen. It could be the next five throws, or it could be not at all during the game.
No. I admitted skimming over your mention of using NoScript in addition to host files. And since I assume you know what you wrote (and even if you have such severe Alzheimer disease that you don't, you could have looked up where the sentence I quoted was in your post), I can only assume that your "misunderstanding" is malicious. Therefore EOD.
Reading comprehension: failed.
Or, to use your style: Reading comprehension: FAILED!
I wrote: "You seem to assume ..." not "You wrote ..."
Which means that if you are no network admin (which was the scenario I was talking about), you cannot change it. Case closed.
No Windows here :-) Anyway, I'm just a normal user here, so I can't change the hosts file anyway. Which is just what I originally said: If you are no admin, you cannot change the hosts file, period. So you have to decide:
Either, you continue to claim that I'm wrong. In that case, you should find a place where I'm wrong.
Or you admit that I wasn't wrong. Which is probably the simplest. :-)
Or you continue to argue about straw men which I was never talking about.
That's my guess, too (I had hoped for some information about it on the page). However the methods I could think of don't depend on why the content wasn't loaded, but only on that it wasn't loaded. Therefore it wouldn't matter if the content wasn't there because of a hosts file, because of an ad-filtering proxy, or because of Adblock.
Indeed.
No need to shout. I never denied that. I just pointed out that it's not always possible, and that it also has limitations (actually originally I even only pointed out the first; for reasons I don't actually understand that caused you to reply with lots of bold and SHOUTING, and a "solution" which doesn't work exactly in the case I was talking about: no admin rights).
Well, so much for the theory. In practice, scientists are humans as well.
All of it, of course. Did it never occur to you that the motto isn't "we won't be evil", but is formulated as command? "Don't be evil, or we will get you!"
You seem to assume root/admin access at the local workstation. Sorry, I don't have that at work. Also you assume that every workstation is only used by one person at a time (i.e. no remote login). Sorry, it doesn't work like this here.
Yes. I'm using FF, therefore it's not an issue.
But let me add another thing NoScript does, and the hosts file cannot do (unless you put much work into it which the NoScript developer(s) already did): Surrogate scripts. Some pages will not work properly if e.g. Google Analytics scripts are blocked. Surrogate scripts fix that problem.
And yet another thing RequestPolicy can do, but host files cannot: Block or not block depending on whether it's the main site you visit. For example, you might want to access facebook, but you don't want the facebook buttons to track you. What do you do? With RequestPolicy it's a no-brainer (indeed it's the default): Disallow other sites from accessing facebook. With hosts you only have the choice of blocking facebook completely, or not blocking it at all, unless you keep editing it (and even then, you may have both facebook and a site including facebook buttons open at the same time; no solution with hosts file).
Also, NoScript can save you from XSS attacks targeting your home router. Hosts files cannot (again unless you want to edit it twice every time you want to access the web interface of your router).
That URL is broken. Unfortunately that means I cannot see what technique Ars Technica used. However, the obvious ways I see to block content for people who block ads work quite well also if the ads are blocked through hosts files.
Yes, hosts files can be an effective measure against domains which you definitively never want to access, provided that you are in a position where you can edit them. No, hosts files are not the silver bullet.
Obligatory.
Will it also write the correspondence with your girl friend? (Yes, Slashdotters don't have girl friends, but surely Google will find one for you :-))
Actually it sounds more like the Sirius Cybernetics Corporation's vertical people transporters.
Ah, I understand now. They didn't predict the end of the world, but the end of the search for the Higgs particle!
Not saying it does or doesn't, but at what point would they would decide to quit searching it for it?
Probably at the point at which they traced, with sufficient statistics, the whole energy range where the Higgs may be found, and didn't find a trace of it.
Of course there's a difference between violating rules which shouldn't be there in the first place (someone mentioned hiding Jews in Nazi Germany), and violating rules which would also be there if a more sensible government would be in power (to make an extreme case, if you protested against the U.S. government by nuking Washington, I doubt many people would consider you a freedom fighter - well, Al Quaida might :-)).
It's not really interesting, but expected. For some people anything going against people/organizations they don't like is good (well, most people have still some limit there; I guess if those people started to kill the CEOs of those companies, there would be far less people who consider that good - but then, I'm pretty certain the number would still be nonzero). You know, "the enemy of my enemy is my friend." There's absolutely no reason such people should not be found at Slashdot as well.
Actually I've read the word "cracker" already in the 80s (sorry, can't remember exactly where, except that it was in some computer magazine). However, at that time it didn't refer to people breaking into computers, but to people cracking copyright protection on games.
Let me add one disadvantage of host files vs. AdBlock/NoScript & Co.:
The host file approach is completely unusable on machines where you have no root/admin access. And even on networks where you have root/admin access, but don't own the network and are not the one responsible for networking, you may get into troubles if you try to change host files. OTOH, Firefox plugins can be installed at the user level, without a need for root/admin access, and since user-installed plugins only affect the single user (i.e. you), they are much more likely to be accepted.
It's annoying because you recognise that the pages often need scripts from sites you actually don't want to enable (e.g. more and more pages need googleapis, even pages where it's absolutely pointless).
A plugin which probably wouldn't have missed it (unless it comes directly from a site you explicitly surfed to, e.g. because the site became compromised) is RequestPolicy. It by default blocks any request from one site to another. However I have to admit that sometimes it can be quite some work to figure out what to enable to make the site work.
Oh, and NoScript can be configured to not allow Java applets by default, but only after explicit clicking, even from otherwise trusted sources. That way, you'll never get a Java applet running on drive-by, because you have to click every time to start the applet.
Yes, each of the measures doesn't make you immune. But each one reduces the probability of getting affected. At some point, the probability drops low enough that you can basically neglect it. That's not related to pride (I'm not at all proud for having to make extra effort to get a page display properly; also the reason I'm using Linux isn't related to pride, indeed not even to security, but simply to the fact that it works better for my needs; if I were a hardcore gamer, I'd probably use Windows).
No, you obviously didn't, as you show again. The point is that it's as much a truism as that it is a truism that the failure of anything man-made can ultimately be explained as failure of a human. That's not a reason not to call it a computer error, just as you'd not replace the term human error by physics error just because the human behaviour is ultimately the behaviour of a physical system following the laws of physics.
Obviously. After all, it's able to run all our computers at once in real time besides all that other stuff!
Next Generation of Ants inspired by Algorithms.
The algorithm has been renamed in honor of our new overloads, the ants.
I for one welcome our new overloaded ant overlords.