In US courts, this is a) Entrapment and b) Vigalantism, and is not admissible in court.
Entrapment only applies to law enforcement officials, and only means that the police officer cannot pressure you to commit a crime, and then turn around and arrest you for it.
And "vigilantism" is, so far as I know, not a crime, as long as you don't do anything illegal in your vigilante efforts. However, the "evidence" you produce would probably be mostly worthless from a prosecutor's point of view.
If it is the video drivers though unfortunately there isn't much you can do (as you said you already have the most recent drivers).
You could try rolling back to earlier versions. I know that the latest versions of nVidia's video driver pack caused me no end of issues on GeForce3 & GeForce 4 cards. I saw a blurb somewhere that suggested that the newer stuff (50 series) was only really meant for the FX cards.
The 40 series drivers are pretty much rock solid though (at least the WHQL ones I've tried.)
But it's being applied to people who violated copyright for no financial gain, and typically they weren't even aware they were sharing files (they only thought they were downloading for themselves).
I look forward to your explanation of how someone who takes the time to scan in or retype Harlan Ellison's stories, split them into USENET-sized chunks, and upload them to a newsgroup remains blissfully unaware that they are sharing files.
The reality is that some people enjoy distributing copyrighted content and are fully aware that what they are doing is wrong. To suggest that prosecuting such individuals is an abuse or corruption of the legal system is absurd.
No, bullshit. He was arrested because he made totally fictitious claims -- 3.5 million hits a month! -- and invented outlandish expenses, and then tried to get the county to pay up. Depending on how he went about this, it's entirely possible that he committed fraud.
I believe the cost of $300k was not only his time, but it also included the cost of servers/equipment and bandwidth (which isn't a small amount).
If you bother reading the article, you would see that the site operator owns some kind of web services company. It is totally unreasonable to expect the county to subsidize those equipment purchases, since they are not intended for the exclusive use of that one site.
In addition, the very idea that a small county website is generating 3.5 million hits per month is absolutely laughable. It's just not inside the realm of possibility.
Not only is he not entitled to be paid for a service he indicated was voluntary, there's every indication he was openly deceptive in his dealings with the officials.
In my opinion the best IMAP client on Windows at the moment is Microsoft's free Outlook Express.
I've tried in the past to switch over to Outlook, but I just can't deal with the hassle of all the little annoyances (saving sent mail to an IMAP folder being a prime example). That and the fact that Outlook feels about a hundred times slower.
That's not to say that OE is without its flaws; lack of IMAP filtering in the client is the big one.
What I really want is an IMAP client with a slick, fast GUI, server-side filtering, vCard + vCalendar support, etc. Basically an Outlook that's not bloated and that doesn't require Exchange (or some gruesome connector) on the backend.
I've tried other Windows IMAP clients: the Bat, Mulberry, Siren, and countless more. In the end I always come back to Outlook Express, simply because it sucks the least. (And wow, do those other clients suck.)
Mozilla Thunderbird seems to have a lot of promise, though it's nowhere near ready for prime time (last time I checked it was impossible to delete attachments without discarding the email being composed entirely).
One major flaw in your line of reasoning is the assumption that antivirus software actually defends against new threats in a timely fashion.
In my experience -- speaking as someone who has managed several thousand desktop machines in a corporate setting -- relying on antivirus software to protect users against previously unknown viruses is a fool's gambit. Generally speaking, AV software only helps prevent new infections from appearing a few weeks after the primary outbreak occurs. It does very little to protect you during the first couple of days.
Patches and sanitization techniques -- making sure potentially malicious code does not reach the user in an easy-to-use form -- are far more effective, in my opinion.
Right after Blizzard sued bnetd, they released a patch for Starcraft that allowed you to use UDP to play LAN games.
Prior to that your only option was to use IPX/SPX for LAN play. This was a minor hassle in Windows 2K/XP, potentially a major pain for previous OSes. That is, assuming the player knew enough about Windows networking to even know where to begin.
As far as I know both Diablo and Diablo 2 have always supported TCP/IP for LAN play, so this wasn't an issue with those games.
And bnetd couldn't run D2, could it? So much for that excuse.
From what I recall they were adding realm support shortly before the official project got shut down.
I'm pretty sure everyone knows bnetd as the only reason the War3 beta was so severely leaked. Does anyone know anyone who's played on it before or since? I don't.
A couple of the forks/derivatives of bnetd saw renewed action around the time of the Frozen Throne beta.
But since they eventually let in 30,000 testers, there was far less of a community on the unofficial servers.
Thanks to the leaked World of Warcraft alpha, there's already a project under way to create a working WoW server. Google for Stormcraft if you're interested.
Frankly I admire your resolve. Blizzard would be so easy to hate if only they didn't make by far the best games on the market.
You would be hard pressed to find a company that displays more naked contempt for their community than Blizzard routinely does, however.
Blizzard representatives openly mock posters on the public forums. Granted these posters often ask inane or redundant questions, but there is an astonishing lack of professionalism displayed. Questions like "what can you tell me about feature X" are often answered "when you find out, tell me, I'd love to know!" There's no need for that kind of reply. Even Microsoft doesn't actually resort to taunting its users.
Posters who ask difficult questions -- like "what happened to the clan ladder that was advertised on the box of Frozen Throne?" -- have their posts deleted. Repeat "offenders" are summarily banned.
On the other hand I know they have a lot of extremely bright and talented people working there, and some are about the nicest people you'd ever hope to interact with. Knowing the long hours and the limitless passion and energy they put into creating and refining each game, it's hard to harbor any ill will towards the company. After all, these guys are the ones that really make Blizzard great.
It seems to me such a waste to let their berserk legal department and bizarre PR attitudes overshadow that.
many of the smaller facilities (like water treatment plants for smaller rural markets) do NOT, and simply don't believe they can afford proper security.
My main point was this: If those systems were secure yesterday, they will still be secure after 500 remote root patches for Windows appear.
Are you seriously asserting that those same companies that don't have any controls and don't want to spend any money (even $50 for a NAT router) at all on security are actually keeping up to date with every Microsoft patch that comes out?
If they aren't, then my point stands: they're no less secure today than they were before, there's just one more way they can be rooted. Hardly anything eEye can take much credit for.
Maiffret said some computer systems that control critically important power or water utilities were vulnerable.
You then plausibly assert this:
While most of the larger facilities will have the correct controls and separation in place, many of the smaller facilities (like water treatment plants for smaller rural markets) do NOT, and simply don't believe they can afford proper security.
My remarks were only targetted at "critically important power or water utilities," not at every conceivable rural location where someone might have a monitoring computer sitting on a DSL line with no firewall in place.
I'm not saying there aren't irresponsible utilities out there. But whenever I hear someone railing about how exposed and vulnerable our critical infrastructure is, it would be nice to see some actual evidence that security is as slipshod as they say at major facilities.
I still don't believe that it is a prevalent issue. Why haven't we seen massive power grid failures or massive water treatment breakdowns in the face of other virus attacks?
Your error is in thinking of Slammer as a cohesive entity that can take actions and accomplish goals such as "[penetrating] a nuclear power plant's safety monitoring system."
First: the Slammer worm did not penetrate anything. The reason it was able to affect the operation of the systems in question was because the clients infected by Slammer already had access to these systems.
If you would re-read my post you would discover that I acknowledge this reality. My entire point is that the security of utility computer systems is not affected by newfound vulnerabilities, because that security absolutely does not depend on keeping current on patches. Critical infrastructure systems should have only limited network accessibility, period.
Second: I do not consider one article at SecurityFocus to be "well-documented."
Oh please. This is irresponsible fear-mongering of the worst variety.
If you read Maiffret's remarks as anything besides self-serving PR -- especially that last, ridiculous comment about power & water control systems! -- then you are only buying into the FUD eEye seems to delight in spreading.
Utility computer systems are not attached to the Internet. They will not be directly exposed to attacks based on this or any other security flaw.
The only vector of attack would be if clients that interact with these systems can also reach the Internet at large, and if this is the case then any number of additional things -- client misconfiguration, malicious user, existing worms and exploits -- could disrupt the utility systems.
This new exploit contributes absolutely nothing more to that threat. If those systems were secure yesterday, they will still be secure after 500 remote root patches for Windows appear.
And if they aren't secure? I think we'd probably notice without a lot of hot air from eEye's marketing arm.
I'm having a hard time coming up with a channel that isn't being stomped on or stomping on someone else's nearby WLAN.
802.11b and 802.11g only have three non-overlapping channels: 1, 6, and 11.
So your useful choices are fairly limited. You might have to coordinate with your neighbors to determine who picks what channel, but it should definitely be possible to get one that doesn't overlap.
Let me take a WILD prediction: this is the type of person that would open attachments, which could possibly make admin lives living hell.
If dangerous attachments are getting to the user in the first place in a form where they are readily executable, then the admin is not doing his job.
If the enterprise mail system goes down because someone sends a message to everyone in the entire company, then the admin is definitely not doing his job.
The fact is that users are going to make dumb mistakes, simply because for the most part it's not their job to make the technology work seamlessly. You're the one paid to make that happen, and if it's not happening, guess what? You're the one to blame, and you deserve the long hours and unpaid overtime you get.
Oh, and on a more personal note: if your enterprise class email infrastructure loses a single message, you deserve to be fired and blacklisted. Losing a message that the server has agreed to receive is absolutely not acceptable, and in my opinion is the worst possible email-related offense.
Next to that, CCing a chain letter to 10,000 people is laughable.
The fact that this happens every week at a certain Fortune 100 company and the mail admins somehow retain their jobs never ceases to astonish me.
You realize that extremely useful features like VBA are part of the reason businesses spend the big bucks on Microsoft Office, rather than dealing with third-rate garbage like OpenOffice?
Sure, VBA is not anything you'd use for a major project, but it's downright indispensable when manipulating Office documents from one another.
My favorite example is "Wells Fargo" and "Wells Cargo."
Clearly the cargo company is playing off of Wells Fargo's reputation for secure transport. I suspect that the only reason they didn't get sued into the ground over violating the financial institution's trademark is that the founder's name is Maynard W. Wells.
I think using your own name in the mark offers you a fairly high degree of protection, for all the common sense reasons posters here are so quick to point out. So from a trademark dispute standpoint he might have a defensible case, although there's a big question mark regarding his ability to finance such a defense against Microsoft's horde of lawyers.
In any case he's almost certainly going to lose his domain name. ICANN has a long and unblemished history of spinelessly caving in to the demands of large corporations.
As for the whole Abit/nVidia falling out story, I don't know where the heck The Inquirer got that news (or was it The Register, the other techno-tabloid). It came just days before Abit announced plans for several nForce-based products, including Athlon64 boards.
Heh, that's what I get for not taking an Inquirer story with a hefty grain of salt. I hadn't heard anything about it either way since then, either confirming or denying. Glad to hear that there's at least good reasons to assume that nothing will come of it.
You get good drivers and you only need to install one driver (that covers network, sound, chipset, and graphics). The audio is pretty good quality, and the integrated graphics aren't bad.
Being "not VIA" alone is enough for me, but I've dealt with both the first nforce and the (vastly superior, performance-wise) nforce2 and really liked both of them.
Using the digital out and a set of Creative Inspire 5.1s, I'm pretty much blown away by the quality of the audio. I'm far from an audiophile but I definitely enjoy the sound. Might be a different story using the onboard DACs though.
It sounds like future nforce boards are not going to include the Soundstorm part, and no decision that I know of has been reached on whether or not to sell it standalone. This is sort of a disappointment and has probably done more to keep me from upgrading to an Athlon 64 processor than any other factor. That combined with the Abit/Nvidia falling out means I am not likely to see an Athlon 64 version of my motherboard any time soon.
In my experience the driver package has been fairly pleasant to deal with, albeit with some small oddities every now and then.
Congratulations. You managed to miss my point entirely and go off on a tangent citing a laundry list of Republican sins.
I am not claiming Republicans are angels -- that would be absurd. But it is equal parts ridiculous, hypocritical, and naive to assume that Republicans are alone in such slanderous behavior.
Witness all the negative commentary on Bush and his new emphasis on the space program, something which is near and dear to my heart even though I disagree with Bush on many, many issues.
Making sad jokes about Bush wanting to go to Mars to find WMD is tiresomely stupid, because it trivializes an amibition that could well materialize into one of the highlights of the century and rank among the foremost accomplishments of mankind.
But none of that bothers a substantial number of liberals, who view each and every policy decision that President Bush makes as an act of deliberate malice, regardless of its merits. Where is the rationality in that?
Still want to talk about "guilty before proven innocent"?
One thing for sure, I'm getting seriously tired of this republican attitude of guilty until proven innocent.
There is nothing "Republican" about assuming the worst about someone without any direct substantiating evidence.
One could point to countless examples of Democrats and any other group demonizing someone for an off-hand remark with no proof that it was meant in a malicious way.
However you provide a classic example of this sort of mentality simply by picking on Republicans specifically. What basis do you have for using such a phrase? Your dimwitted political allegiances? What was that about "guilty until proven innocent" again?
Slashdot Mirror
Your comment seems to imply that this has changed, but I can't find any supporting documentation.
Entrapment only applies to law enforcement officials, and only means that the police officer cannot pressure you to commit a crime, and then turn around and arrest you for it.
Here's the legal definition of entrapment.
And "vigilantism" is, so far as I know, not a crime, as long as you don't do anything illegal in your vigilante efforts. However, the "evidence" you produce would probably be mostly worthless from a prosecutor's point of view.
You could try rolling back to earlier versions. I know that the latest versions of nVidia's video driver pack caused me no end of issues on GeForce3 & GeForce 4 cards. I saw a blurb somewhere that suggested that the newer stuff (50 series) was only really meant for the FX cards.
The 40 series drivers are pretty much rock solid though (at least the WHQL ones I've tried.)
I look forward to your explanation of how someone who takes the time to scan in or retype Harlan Ellison's stories, split them into USENET-sized chunks, and upload them to a newsgroup remains blissfully unaware that they are sharing files.
The reality is that some people enjoy distributing copyrighted content and are fully aware that what they are doing is wrong. To suggest that prosecuting such individuals is an abuse or corruption of the legal system is absurd.
No, bullshit. He was arrested because he made totally fictitious claims -- 3.5 million hits a month! -- and invented outlandish expenses, and then tried to get the county to pay up. Depending on how he went about this, it's entirely possible that he committed fraud.
If you bother reading the article, you would see that the site operator owns some kind of web services company. It is totally unreasonable to expect the county to subsidize those equipment purchases, since they are not intended for the exclusive use of that one site.
In addition, the very idea that a small county website is generating 3.5 million hits per month is absolutely laughable. It's just not inside the realm of possibility.
Not only is he not entitled to be paid for a service he indicated was voluntary, there's every indication he was openly deceptive in his dealings with the officials.
I've tried in the past to switch over to Outlook, but I just can't deal with the hassle of all the little annoyances (saving sent mail to an IMAP folder being a prime example). That and the fact that Outlook feels about a hundred times slower.
That's not to say that OE is without its flaws; lack of IMAP filtering in the client is the big one.
What I really want is an IMAP client with a slick, fast GUI, server-side filtering, vCard + vCalendar support, etc. Basically an Outlook that's not bloated and that doesn't require Exchange (or some gruesome connector) on the backend.
I've tried other Windows IMAP clients: the Bat, Mulberry, Siren, and countless more. In the end I always come back to Outlook Express, simply because it sucks the least. (And wow, do those other clients suck.)
Mozilla Thunderbird seems to have a lot of promise, though it's nowhere near ready for prime time (last time I checked it was impossible to delete attachments without discarding the email being composed entirely).
In my experience -- speaking as someone who has managed several thousand desktop machines in a corporate setting -- relying on antivirus software to protect users against previously unknown viruses is a fool's gambit. Generally speaking, AV software only helps prevent new infections from appearing a few weeks after the primary outbreak occurs. It does very little to protect you during the first couple of days.
Patches and sanitization techniques -- making sure potentially malicious code does not reach the user in an easy-to-use form -- are far more effective, in my opinion.
Right after Blizzard sued bnetd, they released a patch for Starcraft that allowed you to use UDP to play LAN games.
Prior to that your only option was to use IPX/SPX for LAN play. This was a minor hassle in Windows 2K/XP, potentially a major pain for previous OSes. That is, assuming the player knew enough about Windows networking to even know where to begin.
As far as I know both Diablo and Diablo 2 have always supported TCP/IP for LAN play, so this wasn't an issue with those games.
From what I recall they were adding realm support shortly before the official project got shut down.
A couple of the forks/derivatives of bnetd saw renewed action around the time of the Frozen Throne beta.
But since they eventually let in 30,000 testers, there was far less of a community on the unofficial servers.
Thanks to the leaked World of Warcraft alpha, there's already a project under way to create a working WoW server. Google for Stormcraft if you're interested.
I doubt anything much will come of it, though.
You would be hard pressed to find a company that displays more naked contempt for their community than Blizzard routinely does, however.
Blizzard representatives openly mock posters on the public forums. Granted these posters often ask inane or redundant questions, but there is an astonishing lack of professionalism displayed. Questions like "what can you tell me about feature X" are often answered "when you find out, tell me, I'd love to know!" There's no need for that kind of reply. Even Microsoft doesn't actually resort to taunting its users.
Posters who ask difficult questions -- like "what happened to the clan ladder that was advertised on the box of Frozen Throne?" -- have their posts deleted. Repeat "offenders" are summarily banned.
On the other hand I know they have a lot of extremely bright and talented people working there, and some are about the nicest people you'd ever hope to interact with. Knowing the long hours and the limitless passion and energy they put into creating and refining each game, it's hard to harbor any ill will towards the company. After all, these guys are the ones that really make Blizzard great.
It seems to me such a waste to let their berserk legal department and bizarre PR attitudes overshadow that.
Note that Office 97 does not appear on this list.
However, "seven years of backwards compatibility" is definitely reaching.
My main point was this: If those systems were secure yesterday, they will still be secure after 500 remote root patches for Windows appear.
Are you seriously asserting that those same companies that don't have any controls and don't want to spend any money (even $50 for a NAT router) at all on security are actually keeping up to date with every Microsoft patch that comes out?
If they aren't, then my point stands: they're no less secure today than they were before, there's just one more way they can be rooted. Hardly anything eEye can take much credit for.
You then plausibly assert this:
My remarks were only targetted at "critically important power or water utilities," not at every conceivable rural location where someone might have a monitoring computer sitting on a DSL line with no firewall in place.
I'm not saying there aren't irresponsible utilities out there. But whenever I hear someone railing about how exposed and vulnerable our critical infrastructure is, it would be nice to see some actual evidence that security is as slipshod as they say at major facilities.
I still don't believe that it is a prevalent issue. Why haven't we seen massive power grid failures or massive water treatment breakdowns in the face of other virus attacks?
First: the Slammer worm did not penetrate anything. The reason it was able to affect the operation of the systems in question was because the clients infected by Slammer already had access to these systems.
If you would re-read my post you would discover that I acknowledge this reality. My entire point is that the security of utility computer systems is not affected by newfound vulnerabilities, because that security absolutely does not depend on keeping current on patches. Critical infrastructure systems should have only limited network accessibility, period.
Second: I do not consider one article at SecurityFocus to be "well-documented."
If you read Maiffret's remarks as anything besides self-serving PR -- especially that last, ridiculous comment about power & water control systems! -- then you are only buying into the FUD eEye seems to delight in spreading.
Utility computer systems are not attached to the Internet. They will not be directly exposed to attacks based on this or any other security flaw.
The only vector of attack would be if clients that interact with these systems can also reach the Internet at large, and if this is the case then any number of additional things -- client misconfiguration, malicious user, existing worms and exploits -- could disrupt the utility systems.
This new exploit contributes absolutely nothing more to that threat. If those systems were secure yesterday, they will still be secure after 500 remote root patches for Windows appear.
And if they aren't secure? I think we'd probably notice without a lot of hot air from eEye's marketing arm.
So your useful choices are fairly limited. You might have to coordinate with your neighbors to determine who picks what channel, but it should definitely be possible to get one that doesn't overlap.
If dangerous attachments are getting to the user in the first place in a form where they are readily executable, then the admin is not doing his job.
If the enterprise mail system goes down because someone sends a message to everyone in the entire company, then the admin is definitely not doing his job.
The fact is that users are going to make dumb mistakes, simply because for the most part it's not their job to make the technology work seamlessly. You're the one paid to make that happen, and if it's not happening, guess what? You're the one to blame, and you deserve the long hours and unpaid overtime you get.
Oh, and on a more personal note: if your enterprise class email infrastructure loses a single message, you deserve to be fired and blacklisted. Losing a message that the server has agreed to receive is absolutely not acceptable, and in my opinion is the worst possible email-related offense.
Next to that, CCing a chain letter to 10,000 people is laughable.
The fact that this happens every week at a certain Fortune 100 company and the mail admins somehow retain their jobs never ceases to astonish me.
You realize that extremely useful features like VBA are part of the reason businesses spend the big bucks on Microsoft Office, rather than dealing with third-rate garbage like OpenOffice?
Sure, VBA is not anything you'd use for a major project, but it's downright indispensable when manipulating Office documents from one another.
Wow, how awful that must have been for you. I bet the guy cleaning diseased monkey cages is glad he doesn't need to put up with that kind of crap.
Clearly the cargo company is playing off of Wells Fargo's reputation for secure transport. I suspect that the only reason they didn't get sued into the ground over violating the financial institution's trademark is that the founder's name is Maynard W. Wells.
I think using your own name in the mark offers you a fairly high degree of protection, for all the common sense reasons posters here are so quick to point out. So from a trademark dispute standpoint he might have a defensible case, although there's a big question mark regarding his ability to finance such a defense against Microsoft's horde of lawyers.
In any case he's almost certainly going to lose his domain name. ICANN has a long and unblemished history of spinelessly caving in to the demands of large corporations.
Heh, that's what I get for not taking an Inquirer story with a hefty grain of salt. I hadn't heard anything about it either way since then, either confirming or denying. Glad to hear that there's at least good reasons to assume that nothing will come of it.
Being "not VIA" alone is enough for me, but I've dealt with both the first nforce and the (vastly superior, performance-wise) nforce2 and really liked both of them.
Using the digital out and a set of Creative Inspire 5.1s, I'm pretty much blown away by the quality of the audio. I'm far from an audiophile but I definitely enjoy the sound. Might be a different story using the onboard DACs though.
It sounds like future nforce boards are not going to include the Soundstorm part, and no decision that I know of has been reached on whether or not to sell it standalone. This is sort of a disappointment and has probably done more to keep me from upgrading to an Athlon 64 processor than any other factor. That combined with the Abit/Nvidia falling out means I am not likely to see an Athlon 64 version of my motherboard any time soon.
In my experience the driver package has been fairly pleasant to deal with, albeit with some small oddities every now and then.
I am not claiming Republicans are angels -- that would be absurd. But it is equal parts ridiculous, hypocritical, and naive to assume that Republicans are alone in such slanderous behavior.
Witness all the negative commentary on Bush and his new emphasis on the space program, something which is near and dear to my heart even though I disagree with Bush on many, many issues.
Making sad jokes about Bush wanting to go to Mars to find WMD is tiresomely stupid, because it trivializes an amibition that could well materialize into one of the highlights of the century and rank among the foremost accomplishments of mankind.
But none of that bothers a substantial number of liberals, who view each and every policy decision that President Bush makes as an act of deliberate malice, regardless of its merits. Where is the rationality in that?
Still want to talk about "guilty before proven innocent"?
There is nothing "Republican" about assuming the worst about someone without any direct substantiating evidence.
One could point to countless examples of Democrats and any other group demonizing someone for an off-hand remark with no proof that it was meant in a malicious way.
However you provide a classic example of this sort of mentality simply by picking on Republicans specifically. What basis do you have for using such a phrase? Your dimwitted political allegiances? What was that about "guilty until proven innocent" again?