Slashdot Mirror


User: Obfuscant

Obfuscant's activity in the archive.

Stories
0
Comments
10,402
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 10,402

  1. Re:Open network? on Free Wi-Fi: the Movement To Give Away Your Internet For the Good of Humanity · · Score: 1

    Someone falsely accused of a crime and exonerated should be made whole again. No exceptions.

    You can't unring a bell. How do you make someone who has spent time in jail waiting trial (because his crime was serious enough and he was a significant flight risk that he got no bail), or even just overnight for arraignment, has lost his job, been divorced by his spouse, forced to move to a run-down apartment because he can't find a job to pay for better, whole again?

    You can't. The bell has been rung. He will always have been through that experience, even if you hand him the keys to a mansion and a yacht where the refrigerators are kept stocked with filet minon and XX and truck in a busload of hookers to cater to his every whim, after all the false accusations are over.

    So, the choice is, risk all the negative consequences by leaving your wifi open with the knowledge that you are "helping your fellow man who is too cheap to pay for his own network access", or put a password on your wifi and not worry about it?

  2. (and yes, in real life, criminal justice is based on preponderance and likelihood of evidence, not proof).

    The term for criminal cases is "reasonable doubt", which is still not the same level as unqualified "proof". As you point out, "reasonable" is in the eyes of the jury.

    However, when it comes to some things, "reasonable" is overshadowed by "he's obviously scum so his excuse is unreasonable". It is highly unlikely that CP will ever lose that special status in the hearts of the juries around the planet. Remember the McMartin pre-school case, where the kids make up some really outrageous claims for what had taken place, and yet the jurors still didn't think the claims were unreasonable.

  3. So you're saying, "there are a lot of abusive asshats out there." That's true. Are you going to let that keep you from doing things?

    Yes. And I bet you do, too. When you leave your home, you lock the door. There are a lot of abusive asshats that would walk into your home and take what you own, otherwise. When you park your car, you lock the doors. When you access the ATM, you block the view of the keypad when you enter your PIN.

    So, when "doing things" means "not leaving something unlocked", most people "do things" based on the existence of abusive asshats. That would include not leaving your wifi access point "unlocked".

    What you mean to ask is "are you going to use that as an excuse to keep other people from doing things"? Again, the answer is "yes". I would not allow a stranger who knocks on my door access to my bathroom. There are too many abusive asshats. I would not loan my car to someone I did not know. I would not loan anything more valuable than a pen to someone I did not know. There are too many abusive asshats to make the risk worth the limited rewards.

    There's no shame in saying "yes, my neighbors, employer, and family are ignorant bigots and fools and possibly dangerous".

    Yes, it's very nice to call people who know that you were charged with having kiddie pr0n "ignorant bigots", but hardly very productive. And the extent of such people is not just "neighbors, employer and family", it extends to pretty much everyone on the planet. As for "dangerous", it only takes one out of that very large group for you to wind up in the hospital or worse.

  4. Given this possibility, one wonders why all cafés haven't been raided for CP.

    Because raids are rarely real-time, and even the cops realize that by the time they get to the cafe where someone was using the open wifi to download CP last week, the person who was doing it is probably long gone. Even if they have come back, there is no way to identify which of the patrons did it (unless the cafe keeps logs of all access, which they won't.)

    Compare that to your house, where you will probably still be living there a week or a month after your IP address shows up in the confiscated logs of the CP provider.

  5. The practical difference is that someone can use it without having to knock on random people's doors to find someone willing to share the necessary key/credentials. It's an automated process. That's a huge functional difference. (Whether it's effective is a different question.)

    You need to get the log-in credentials from somewhere. If you'd need to knock on their door to get the WPA2 key, then you'll need to knock on their door to get the login/password to log in.

    If you post the login information on the web page that asks you to log in, then you might as well have an open wifi. There is no real difference between "closed wifi" and "open wifi with mandatory log in". Both require you to have a secret, and you have to get that secret from somewhere.

    We've got all these cables laid; why not use them?

    Because using them costs money? I don't know many people at home who say "I've got all these cables laid, why not use them" when they refer to their cable or DSL connection. They're already using them.

    And we can maybe get better speed (and better reception indoors) in the process.

    This is a reason why someone would pay for their own network instead of relying on the free wifi from their neighbor, but it isn't any incentive for them to also hand out free wifi. After all, their neighbor already does, why should they have to? And if they're paying so they can get better speeds, why should they deliberately slow themselves down by letting transients use their network? They might also install a NAP or two in their own houses, but they'd still have no reason to make them open.

    The point is, though, that not everyone who wants this stuff is interested in being a moocher.

    I didn't say everyone was a moocher. I said that someone who says they want wifi for free has also said that they don't want to pay for 3g/etc. If they already had internet access, they wouldn't need the free wifi. And I even talked about the altruistic amongst us. There just aren't enough of them to make the system viable.

    (essentially "I'll share my wifi if you share yours")

    I'm not sure how you would even begin to enforce this. When I arrive in your neighborhood and turn on my wifi device, how does your NAP know that my NAP at home is open? The whole reason I need to use yours is because I can't talk to mine; yours won't be able to talk to mine, either. Maybe, in the distant future, there will be a NAPtoNAP protocol that allows one NAP to ask another one how it is configured via a wired connection, but this would be a serious security hole, generally blocked by the NAT in use on the DSL/cable modem, and easily spoofed by having a dummy NAP that is open -- but sitting in a Faraday cage so it can talk to nobody. That's only if some smart coder didn't write a simple demon that responded to N2N requests with whatever fake information was necessary to get free wifi.

    As for sharing the costs, these systems are already available. They're already in use in hotels, airports, and many other places where transient wifi users gather. You've probably seen them. "Pay us $10 for 24 hours access...". There's no reason why an enterprising individual couldn't create a company selling this service to home users that want to provide "free" wifi but get paid for doing it.

    It should also be said that companies offering wireless data service and wired broadband tend to be relatively uncompetitive cartels, so it open wifi allowed consumers as a group to effectively get a better deal from these companies (utilizing the bandwidth they pay the ISP for while avoiding unreasonable wireless data charges) that would be good too.

    Won't happen. No ISP is going to cut someone who provides free wifi to his neighbors/passersby a better deal on their connection. Individuals may save money by relying on the kindness of strangers, and not buying

  6. I don't know if a simple website with an "accept" button would get you off the hook for random people's actions, but common sense says it would.

    Actually, common sense would say it would not.

    Here's what the prosecutor says: "This is a technically astute computer user who has the ability to set up a dual-SSID wireless router with a proxy web page that anonymous users must click through to get to the Internet. He's astute enough to enable sufficient logging capability that he can provide logs linking the MAC address of this alleged unidentified person to the CP access. And yet, even were we to accept the logs as factual and unmodified by the defendant, he's not able to spoof a MAC address and access his own network the same way the unidentified person did?"

    You're smart enough to set up the system you want to rely on to keep you off the hook, you must be smart enough to get around it. That's common sense. And getting off the hook relies on you keeping a log of every action made through the access point to prove that the wifi was the source of the connections. That creates privacy issues for anyone who uses your free wireless that most people who promote free wireless would not want. (Some, like those who do free wireless to harvest data, are a different matter.)

    Now, this is considering only the part of the system that has some web page with a click-through agreement as an argument for getting "off the hook". Whether the IP address is sufficient to tie any crimes back to you personally is a different issue.

  7. Re:Bad idea. on Free Wi-Fi: the Movement To Give Away Your Internet For the Good of Humanity · · Score: 5, Insightful

    Easy to fix. If you want to access someone's WiFi, you log into the proxy server on that network.

    What is the practical difference between "closed wifi" and "open wifi with a mandatory log-in"? In both cases you must obtain a credential (and thus implied permission) to use the network. You've just moved the access limit from the radio to the wire side.

    In general, though, the reason this movement will fail is the same reason why people want it to work. Selfishness. The same person that says "I would like to have wifi without paying for it when I am somewhere not home" has already said "I don't want to pay for my own 3g/data plan so I can have network access when I am not home". That same attitude would result in "why should I pay for network at home if I can get it free from my neighbor".

    In the final result, everyone who wants free wifi wherever they go will be the ones who are least likely to provide free wifi to others, and that means the entire system is a self-fulfilling failure.

    If you notice, most of the free wifi you find is not from altruistic people, it is from businesses that want to lure you into their establishment so you'll be likely to buy things from them. Profit motive. The altruist who opens his home network to free wifi for others has no profit motive, and while it is wonderful he exists, there is no incentive other than personal pleasure for him to do it. He can't depend on it being repaid, and he can't depend on it not being abused.

  8. Re:Uh ... What? on Pushing Back Against Licensing and the Permission Culture · · Score: 1

    Of course, we may be willing to pay you for a license, but I think it would still slow the adoption of your project significantly.

    Well, if the person distributed his code without a license specifically to screw the "permission culture", then he'd be a rather glaring hypocrite if he accepted your offer of payment for a license to use his code. He couldn't ethically accept your money. And you, according to legal ethics, couldn't use it.

    So yes, that would slow the adoption of the project considerably. Or expose a hypocrite.

    You will never eliminate the "permission culture", simply because too many people make their livings and support their families by creating content. They depend on the "permission culture" to keep people from just using the content without payment. Given that it will never go away, and that the reasonable default is "no permission unless explicitly granted", then anyone who refuses to grant any permissions is, by default, granting none, not granting all.

  9. Re:They should open resource their research too on How Open Source Could Benefit Academic Research · · Score: 1

    The discoveries, algorithms and parameters generated by publicly-funded research is locked behind the paywalls of for-profit publishers.

    Publishing the results has very little to do with the reason the code isn't open source. The copyright for code and data doesn't transfer to the publisher.

    The most likely reason that code is not open-source or reusable is that it has been written by a graduate student to process a specific data set for a specific purpose. The grad student has little reason and no time to deal with creating an open-source project where others may make demands on his limited time to add/fix/change the code to make it usable by others. He may give it away, but once it forks this way it's a stepchild and unsupported.

    There are open source projects in academia, but most of those aren't managed by grad students, and paying a professor to manage an open source software project isn't usually part of any grant. Sometimes there is money for technical support, but not always.

  10. Fascinating article. on How EVE Online Dealt With a 3,000-Player Battle · · Score: 0
    So. A make-believe spacecraft in an online game is worth $3500. And people wonder how **IA come up with such high values on pirated stuff.

    They disconnected people who were in nearby universes, which they say is better than then suffering from overloaded servers. Isn't being disconnected from the game you're paying for because of a large battle going on somewhere else -- suffering from overloaded servers?

    And time running at 10% of normal. That would seem like a pretty serious slowdown of their servers as a means of keeping people from suffering from a slowdown of the servers.

    Maybe this MMORPG really is a different universe. It seems to have a different version of English than the rest of us have.

  11. Re:Needs to go to the cents... on Google Pledges Pi Million Dollars In Pwnium 3 Prizes · · Score: 1

    I'd settle for e million.

  12. Re:Is Scientology Really Different? on Book Review: Going Clear: Scientology, Hollywood, and the Prison of Belief · · Score: 2

    You can argue all day that the people aren't the religion, but at the end of the day the only real representation of any organization is how the people within it act and it can therefore be said that the religion is more the people who follow and individually interpret it than the dogma taught to them. After all without the people, there would be no religion, with or without the doctrine.

    Alcoholics Anonymous is an organization filled with lushes and drunkards and people who yearn for the next drink. Does this color the organization, or does it color the people who have sought to change their lives from what they were into something better and demonstrated their human nature by having failed? After all, without all those drunks there would be no AA.

  13. Re:Pigs in space! on Iran Says It Sent Monkey Into Space and Back · · Score: 2

    When I said "you", I should've said "astronomers".

    In other words, you haven't actually done it yourself, you just read about someone doing it.

    The point was, if you aren't going to believe that men have landed on the moon after someone else tells you it has happened, why would you believe that there is a reflector or three on the moon that those men you don't believe were there left behind just because someone else tells you they are there?

    The argument that someone is stupid for not believing we've been to the moon (and when I say "we", I should've said "astronauts") because someone else has said there are ways of proving it, is self-defeating.

  14. Re:Pigs in space! on Iran Says It Sent Monkey Into Space and Back · · Score: 1

    If you know the coordinates, you can actually bounce a laser off of it back to Earth.

    I can't, I don't have one strong enough, or the sensor to pick up the return. I've heard that someone has done that. What I know is that when I point my laser pointer at the moon, I don't see any reflection. When I point it at a traffic sign (a reflector) I see it bright and clear. Especially at night (when I'd try it with the moon) and I use a green laser pointer (the moon is made of green cheese) on a green major highway information sign (moon has nothing to do with highways, sorry).

    But then, I've also heard that someone actually landed there. If you don't believe the latter, why would you believe make-believe evidence like being able to bounce a laser off the moon because there is a reflector there? Did YOU actually do it, or are you relying on second hand info, too?

    Just 'cause you see it on the internet doesn't mean it is true.

  15. Re:Insert Cheese on Thousands of Publicly Accessible Printers Searchable On Google · · Score: 1

    I wish I had mod points.

  16. Re:Security apliances growing obsolete on Barracuda Appliances Have Exploitable Holes, Fixed By Firmware Updates · · Score: 1

    Yeah, putting all of your servers in the "cloud" is the best strategy for security. Definitely.

    ISPs don't care about security as long as it isn't their systems. They care about getting phone calls for support when their data center goes offline due to a power failure or other event.

    Someone having access to your email costs them nothing. Paying people to answer the phones costs them a lot. So they do like my ISP did and hand the job over to Google. They gave the "failed data center" excuse. Security obviously wasn't on their mind, since they handed all the archived email from their users, and all the usernames and passwords with it, over to a company that makes its money from indexing and scanning and selling data.

    We're getting an "enhanced internet experience" in return. Kind of like calling prison rape an "enhanced incarceration experience". Not quite as physically demanding, but close. Trying to get Google Mail to actually delete something is a physically frustrating experience all in itself.

  17. Re:Security apliances growing obsolete on Barracuda Appliances Have Exploitable Holes, Fixed By Firmware Updates · · Score: 2

    And in my case, we ARE the ISP... so who are we supposed to host with exactly? lol

    Google. That's what my local ISP just did -- handed Google all the account data and stored email and let them do all the email processing.

    It was a wonderful experience. I found email on Google Mail that had been deleted from my ISP for almost two years. Since anything older than 6 months is now considered abandoned and available to the government upon request, they basically gave Google 18 months of free data to hand over to the feds. And two years of data for Google to helpfully index for me (and whatever other use they want to make of it).

    And I just got my latest ISP bill. Anyone want to guess if the charges went down, now that they aren't doing anything more than shilling for Google services?

  18. Re:Teaching them to what? on CTO Says Al-Khabaz Expulsion Shows CS Departments Stuck In "Pre-Internet Era" · · Score: 1

    And?

    And sometimes there are two sides to a story, and sometimes people hear things that weren't actually said. We have one person saying "I was threatened", the other says "didn't happen". Who to believe? I don't automatically believe either one.

    The president of Skytech denies threatening Al-Khabaz, yet again Skytech is now offering Al-Khabaz a job now.

    And? You give reasons both ways why they wouldn't hire him. And yet, they did. Maybe the truth is somewhere in the middle? Maybe the president of the company feels bad that what he actually did say was misinterpreted so badly? Or maybe they recognize talent and want to hire it?

    As much as they may have, they didn't follow the rest of my advice.

    So you don't know that they didn't run the same tests.

    It sounds like their logs could tell Al-Khabaz was running the tester which implies they could have easily (a) banned his or any other IP temporarily that used the tester while they finished fixing the bugs and (b) "immediately fix" the bugs as they promised which should make that ban rather short.

    You miss the point that running the scan itself was the issue, not whether or not he found anything by running it. When I find someone who is abusing one of my systems, I don't put in place a temporary ban, I put it in and forget about it. I certainly don't say "come back soon!".

    In short, your selective short snip pit of my statement missed the point entirely.

    No, I pointed out that your point was based on an assumption. You don't know that they didn't run the test themselves. And now we know that your assumption would be that the company would remove a block on his IP after they fixed anything that he might have been scanning for, which is something else that is unlikely. I "selective short snip" what I am replying to, which is specifically your comment saying that they should do something that you don't know that they didn't already.

  19. Re:A bit more on that on CTO Says Al-Khabaz Expulsion Shows CS Departments Stuck In "Pre-Internet Era" · · Score: 1

    Yes, we all know that segmented architectures are crap compared to other non-segmented architectures. I mean, dealing with the 68000, VAX et.al. was such a pleasure compared to the hoops that ALL x86 systems have. That doesn't change the fact that the x86 systems have the basic computer architecture components and you really do have to teach things starting somewhere. If you start only with the latest, fastest, best architectures straight out of the research labs, you are cheating the students out of important information. Like, WHY is the P4 such crap?

  20. Re:Teaching them to what? on CTO Says Al-Khabaz Expulsion Shows CS Departments Stuck In "Pre-Internet Era" · · Score: 1

    So, in short, what Al-Khabaz did was so horrible the president of Skytech threatened him with 6-12 months jail time for a "cyber attack"

    And if you read the original article, you'll see that the person who allegedly made this threat denies it.

    But, then, if I were in that position I'd as quickly as possible run the same pen tester myself

    Do we know this didn't happen?

  21. Re:Blamestorming on CTO Says Al-Khabaz Expulsion Shows CS Departments Stuck In "Pre-Internet Era" · · Score: 3, Insightful

    I'm not talking about this guy: I'm replying to the comments of the OP talking about how schools today don't teach security, and they don't. They don't because they're afraid --

    And my first sentence dealt with that concern. If they make step one of the process: GET PERMISSION then they don't have an issue. That statement applies to more than just this one case.

    People can't have an open dialog about computer security right now because it's too political.

    That nonsense. Of course you can have an "open dialog", as long as you aren't doing it as part of breaking into someone else's computer without permission. It happens all the time.

    You shouldn't have to risk your career just to show some kids how to do something that might actually help them and their community,

    You don't. I've already described the dual course admin series that taught people exactly this without costing anyone any careers or getting them expelled. How did they do this magic? They used systems that they had permission to test. They put the systems together to learn how to do that; they broke into them to learn what was possible and how to prevent it.

    There have even been cases of commercial outfits that have made public challenges -- and none of the participants have been hung or shot or had their careers ruined. More magic? No, just the simple part about having permission.

    There's even a competition run by the government that deals with cyber security, which involves teaching kids how to break into systems. But then, they aren't doing it without permission.

    See the common thread here?

  22. Re:Teaching them to what? on CTO Says Al-Khabaz Expulsion Shows CS Departments Stuck In "Pre-Internet Era" · · Score: 0

    He did something wrong, sure. But what he did was not bad enough to justify completely destroying his future from an academic and professional standpoint.

    Well, good thing they didn't "completely destroy his future" then, isn't it? Even the summary tells us he's had several job offers already, and nothing stops him from going to a different college.

    If it hadn't attracted all this attention, he wouldn't have had all these job offers,

    So he might have only had one, with the company whose software he was pen testing. Completely destroyed? He's got a job, which many people who are actively seeking work don't have.

    unable to enter any university (you're required to graduate from CEGEP to get into university in Quebec)

    Perhaps an enterprising individual will see this lack of Universities anyplace but Quebec and make a lot of money by creating Universities in other places.

    Should he have been punished? Yes.

    A common method for schools to punish people who commit academic dishonesty is to expel them. Maybe if more schools did that, instead of looking the other way or simply saying "don't do that again", fewer people would do such things when they get out into the real world. Just a thought.

  23. Re:Personal Experience on CTO Says Al-Khabaz Expulsion Shows CS Departments Stuck In "Pre-Internet Era" · · Score: 3, Insightful

    At the university I go to, I recall a computer architecture teacher that used handouts/slides from when the Pentium 4 was the highest-end CPU available

    Basic computer architecture is basic computer architecture. The specifics may change, the number of bits may change, but the basics are still the same. I learned on 8080s and 6502s and PDP-8s and an odd CDC 6500, and they all shared the same concepts. When I pick up a datasheet for a modern processor, I see a lot of the same old stuff.

    Once you have the basics, then you can expand. "How can we improve on X? By doing Y...". You don't know why Y is better unless you know what X is. And more important, it is hard to see the potential parallels for future improvement unless you know the past. "If we did A to improve X into Y, maybe we can do A to help this other thing, too..."

  24. Re:Hacking 101 on CTO Says Al-Khabaz Expulsion Shows CS Departments Stuck In "Pre-Internet Era" · · Score: 2

    If we want CS students what's really involved in creating a secure system, how about a mandatory "intro to hacking" course?

    Using systems intended for such purposes and not someone else's production systems, of course.

    Many years ago our Uni had such a course, run in two parts. Part 1: Unix system administration 2: How to break into improperly administered Unix systems. Nobody went to jail. Nobody was branded a terrorist. Many (some?) people learned how to be system admins.

  25. Re:Blamestorming on CTO Says Al-Khabaz Expulsion Shows CS Departments Stuck In "Pre-Internet Era" · · Score: 2

    That's because if schools taught people how to properly test security, the government would label them terrorist breeding grounds.

    Not if step one in the process is: 1) get permission from the system operator/administrator/owner. That's where this guy failed.

    Many years ago I knew of a problem in a web server I was running. Certain operations would cause it to hang. You know how I found out this issue? By running a script-kiddy scanner. It wasn't in a place I could easily fix, and the chance of it happening was rare. Except for the script kiddies who thought they were doing me a favor by scanning my system without my permission so they could exercise their 'leet hacker chops and show me how smart they were, and hung up the server while doing it.

    And, of course, the small detail that some of the content I was generating was dynamic, linked to other dynamic output, and took longer to generate than the delay between testing the links. That filled up the process table rather nicely, keeping anyone else from accessing the system.

    Why is it a foreign concept to ask for permission before trying to break into someone's system? Had someone asked me, I could have told him I know about the issue and thanks but no thanks.