I recall hearing from people who have worked at Microsoft who have had ideas on what can be done to improve products. What they mentioned was that there is very much bureaucratic red tape that they must go through in order for their ideas to be considered. Perhaps some people at Microsoft may take your input seriously. But considering the many public statements that they have made regarding open source software, do you believe that you will have much impact on Microsoft's overall strategy for dealing with open source software?
As I read through the article, I wondered what it was that made these employees think that giving their usernames and passwords could possibly correct anything that was occurring on the network. Then in the article was the explanation I was looking for.
"Some said they were not aware of the hacking technique and did not suspect foul play, or they wanted to be as helpful as possible to the computer technicians. Some were having network problems at the time, so the call seemed logical."
It all appears to come from these people naturally wanting help those who ask for assistance and claim to be trying to help them. It also can be the result of ignorance, with their lack of knowledge of this technique, and thinking that it would be logical to give that kind of information. But here's what I find most interesting:
"Other employees could not find the caller's name on a global IRS employee directory but gave their information anyway. Some hesitated but got approval from their managers to cooperate."
It was managers that gave this approval? Aren't they the ones who should be informing the employees of social engineering attacks? I think this may be the problem right here.
I only hope that the mangement at Microsoft continues to believe this statement for the forseeable future. Nothing could help Firefox more.
Yes. And that statement from Steve Vamos where he says that IE doesn't lack important features is not the only one that suggests that Firefox's market share could continue to increase. But here's another quote from him that I liked.
"I'm not sure that that is the reality. I have seen comments around that, but there is nothing I can refer to that really supports that"
This quote in the article was referring to the threat to IE's market share posed by Firefox. And yet in
this article which the article linked to, it suggests that Microsoft should be concerned if they do not want IE to lose market share. It says that for the last five months, IE has lost market share that has evidently been gained by Mozilla/Firefox.
And so I just cannot help but wonder how much market share must IE lose before its executives cease to make statements such as the ones that we are laughing at here?
If all open source development were consolidated into a few big projects only a few people would actually get to hack. What would be the fun in that? I say ignore what you read on freshmeat, the author obviously don't understand the spirit of hacking. Personally I like the fact that free software isn't being controlled by any authoritative figure. Most of us who contribute are told what to code at work and when we come home we like to play with stuff that interests us."
I suppose that it is true that many of the people who work on these projects just like to hack away at projects. The whole spirit of hacking does say that you should just work away at whatever you want. But all of this is missing an important point. The point being that another main reason for the existence of these projects, which is the desire of the individuals who work on them to come up with good alternative software. If OSS developers support fewer applications, then it's more likely that these applications will be of higher quality. Wouldn't it be better to have few good applications rather than many not-quite-as-good applications?
And in case you're interested, the article I'm discussing, titled "Too Much Free Software," can be found here.
I recall reading an article that was posted on Freshmeat that said that the open source development community should only work on developing the more popular open source software projects. It was said that the projects on sites like Sourceforge with low activity levels should just be abandoned so that open source software that stands out will be get the most attention and so it will be more likely to be considered superior. What is your opinion on this? Do you think the Open Source Community should rally behind the big projects?
You're here on Slashdot where, as you know, you have the opportunity to tell much of the community what to do. Here's your chance to direct us.:)
Mr. Perens, you have stated in an interview that one of the main reasons that open source software has taken off recently is because of economic reasons. Many companies are indeed adopting open source solutions. However, there are many that are not. I recall speaking with an individual who said that no matter how often he tried to inform people that open source is a good idea, they were not convinced. What is the reason for this? FUD, perhaps? And how can one successfully convince people that open source solutions should be adopted?
I believe that you can do well at advocating the use of open source software. So, how can it be done?
"the following are very good books on proof and discrete math. Some of the titles are whimsical, but they are not toy books, they are very valuable.
"How To Prove It", "How To Solve It"...
I too highly recommend How to Prove It. I thought that it was an excellent book as I found that it helped the reader understand how to approach mathematical proofs. It covers mathematical logic and set theory in much depth at first, then goes into detail about how to apply what was discussed earlier on. I'm sure that you'll find that it'll give you a good idea of how to think about these problems.
As for How to Solve It, I read it a few years ago and found that it was more for general problem solving. It goes on about how problems, whether they are mathematical in nature or not, should be approached. What it emphasized throughout it are questions such as "what are the data?" and "what is the condition?" and these questions are applied to the example problems. It really is more for general problem solving, and I'd only recommend it of that's something you want.
"But do you really think TIA will really end? The project will simply go, as they call it, "Dark". When the F-117 was being made, in a project called, I believe, "Deep Blue" do you think money that was on the books was used? No. TIA will "die" in the public, because the project is going dark. End of story."
This reminds me of something known as the Aurora project that I heard about. It was a secret project that was mistakenly included in a budget statement that was not supposed to include such projects. Maybe TIA is becoming one of those projects.
But even if it doesn't, you have to remember that when something like this is defeated it'll probably come back in a different form. And you can just think of its second coming as a second name change for TIA.
And what implications will this have for the GIA (Governernment Information Awareness) site? Just wondering.
From the article:
"CALEA represents mid-90s thinking about electronic intelligence, but now we have the Patriot Act that goes so much further. And we have a program at the Defense Advanced Projects Research Agency called Total Information Awareness."
The article was quite informative, but there are a few problems with it, related to the above quote.
"Total Information Awareness" has had its name changed to "Terrorist Information Awareness." Cringely gets this fact wrong and so one has to wonder if there are other inaccuracies in it.
The other problem I have with it is that it mentions the Patriot Act, but doesn't go into much detail about it. It went on for quite a while about CALEA, and understanbly so. But I think that more about the Patriot Act and its implications should have been included.
Just out of curiousity, why was this not put in the "Ask Slashdot" section?
Anyway, even though I can't really say that I have had that sort of experience very often, but I'll do what I can to give a good answer to this question. I certainly hope that I won't find myself in these kinds of situations, although perhaps I'm being too optimistic. I understand that this happens quite often, and so I'm sure that you're not alone.
Anyway, while I can't suggest much, I doubt that many other people can. It's hard to get the PHBs to listen to you when you say the Q&D style solutions will only save time and money in the short term. If the anecdote that you gave is true, then maybe those PHBs will learn their lesson and not demand that so many shortcuts be taken. Shortcuts make for long delays, as they say.
I suppose that the best thing you can do is find ways to convince them that your ideas are worth listening to. As a matter of fact, a book titled The Pragmatic Programmer not only goes into detail about good software practices, but how to convince those PHBs and fellow team members to listen to you. I suggest taking a look at it.
So anyway, good luck. This problem won't be easy to solve. Keep working on getting people to listen to your ideas and why it would be better than the Q&D approach in the long run. That's what I say.
Did George Orwell ever imagine a world where the populace itself would become the Big Brother of the government? It's 1984 in reverse.
I wouldn't go that far. It only seems to be there to allow people to have fairly easy access to information that they can already get from other sources. They'd just need to try harder to get it from those other sources. From the article:
GIA allows people to explore data, track events, find patterns and build profiles related to specific government officials or political issues. Information about campaign finance, corporate ties and even religion and schooling can be accessed easily. Real-time alerts can be generated when news of interest is breaking.
So calling it "1984 in reverse" would be too much of an exaggeration. If it actually, were 1984 in reverse, then wouldn't that be funny? Seeing politicians on telescreens, commanding them to do whatever you want to tell them to do.
"Bush! Number 437859! I don't see you touching your toes!" We could've gotten Clinton into shape that way. And I suppose I could make a joke about how Clinton's telescreen would've sometimes been a pornographic broadcast.
I actually submitted this article this afternoon. Apparently, it was rejected because another user submitted it. Well, I'm not sure why, exactly. Anyway, I suppose I'll just dicuss a few thoughts that I had after I read the article and checked out the GIA website.
Here, on the 4th of July, Americans have been presented with something that many of them would certainly like to have. Information on the individuals that have power over them. But is it not true that much of the information is available to the general public? The information in the database, which now contains information on more than 3,000 public figures, seems to be accessible enough. It would include information about campaign finance, corporate ties, etc. I suppose that this website would facilitate finding such information, which certainly is good. But it is all information that already seems to be avilable to us, as it can be submitted by people like you and I (and anonymously: good news for those who like to post as ACs here.)
But what I'm sure many people would want is a more open government. One that does not keep as many secrets. One that does not do as much behind our backs. One in which there is less "classified information" although that may be a pipe dream. I understand that much information was removed from sites with the.mil TLD as a cetain terrorist organization was allegedly getting much useful information from it.
But this stil seems to be a good idea. It'll make much information accessible to U.S. citizens, and, perhaps, if nothing else, hold up a mirror to those in power who want as much information on us as possible.
Flame on, but, I don't think/. should be reporting this kind of story. Aside from all of us story loving, comment posting maniacs,/. does get viewed by our script kiddie "friends." There have been challenges before (as mentioned), this isn't anything new, most of which [however] have not had enough media attention to bother with. Remember the "April Fools Defacement Day" one that a few newspapers picked up on, last April? This is exactly the same thing. The more fuel we give the kiddies, the bigger mess they're going to make...
I really don't consider this flame bait at all. In fact, I think that there are some good points here. It was actually just this afternoon that I submitted this smaller version of the story, which can be found here and here. The story was rejected, and I figured the reason it was rejected was because it wasn't really news. It was just something of an advisory. And nothing may materialize on the 6th, so there may be absolutely no point covering this.
And that's the reason I'm not so sure if this should be covered here. So I don't think this will cause those dastardly script kiddies to make a bigger mess. But I'm sure it'll make sysadmins take the usual precautions (ie. apply software patches, disable unnecessary services, etc.) So maybe something good can come from this.
It's a sad day when replacing index.html is regarded as "hacking". The entire idea that only web servers are worthy of hacking just shows journalistic ignorance worthy of the New York Times.
Replacing the index.htm(l) file, or "web page defacement" as it is often called, has been considered "hacking" for quite a while. This is not anything new.
I'd say that journalistic ignorance goes beyond that. You may remember the ILOVEYOU e-mail virus. Well, I kept hearing members of the media refer to it as the "love bug." There is a significant difference between a bug and a virus, and I figured that they would understand that difference. It seemed like they were more interested in coming up with a clever phrase than in being factually accurate. And I thought that referring to Y2K as the "millenium bug" was bad.
Y2K was NOT a bug.
I shop quite a lot on the Internet, but I do it as a special user on my systems so that my e-mail address, browser caches and cookie stores are distinct from those I use when otherwise communicating with people for non-commercial endeavors.
Using an e-mail account that is specifically for online purchases so that it's separate from all other communications does sound like a good idea and one that's similar to what I often do if I want privacy. The e-mail account then becomes a honeypot for spam, and then perhaps you might be able to determine which companies are selling/renting out your e-mail address. You'd really be able to do it if you give a different honeypot e-mail account for each company/website you deal with, then you'd be able to track who may be engaging in this practice (or those who are affiliated with those who do so.)
But this doesn't completely solve the problem. Sure, you may not get as much spam in the accounts that you regularly use. But the problem of spam continues. Bandwidth gets clogged, message download times increase, more hard disk space is used up, etc. So if only you could just ensure that companies will make every effort to ensure that the e-mail address you give them won't get out so that those spammers will use it. Hopefully, more companies will include more broad statements in their disclaimers.
I was replying to his statements, "My understanding is that the Pentagon has been relying on
outdated technology for quite some time." and "I understand that they used highly outdated
computers for some time."
Maybe I should've made myself a bit more clear. I was saying that the Pentagon has a history of relying on outdated technology. As a previous poster mentioned, the building was built for offices that had typewriters, etc. And I understand that the Pentagon has a history of being a step behind when it comes to these matters. And where did I hear this? From a documentary on the Pentagon that was relatively recent. So what I'm saying is that it's good to see that the Pentagon no longer seems to be lagging when it comes to technology. Because it appears there was a time that it once did.
Have men in black suits shown up knocking on your door yet? (I'd post AC, but hiding from the DoD is like trying to fit 5 cows into a Honda Civic.)
Not yet. Actually, I'm surprised that they didn't show up within a few minutes of me posting that message. They seem quite inefficient these days.:)
Seriously though, it is now public knowledge that IPv6 is what the Pentagon will be using. So why would what they are using now be classified information? While the U.S. governemnt keeps plenty of secrets, it is open about some things. In fact, it was said that much information that would be useful to terrorists could be found on U.S. government and military web sites. I think that information is gone now though. So if you prefer the thought of the U.S. government doing as little behind our backs as possible (as I do), I'm afraid that things will likely get wrose before they get better.
Heh. Once I wrote that I figured I'd get a reply like that one. So anyway, if Slashdot posts are included as criteria in the Total... I mean Terrorist Information Awareness project, (or any other similar projects they have) then I just became a suspected terrorist in their databases. If that doesn't do it, then maybe including words such as "bomb" and "hijacking" in my posts will. Uh-oh. I'd better delete these words before I click the "submit" button!
But it may be too late. Data on me is already there. Now I really hope the U.S. government's networks need security upgrades... so I can break in and delete the information on me!
My understanding is that the Pentagon has been relying on outdated technology for quite some time. In fact, it was only recently that the building was renovated. I understand that they used highly outdated computers for some time. So it certainly is good to see that they are keeping up with the times.
Anyway, I suppose the reason they are committing to use of IPv6 is because of security. Both security and quality of service were mentioned as reasons they were making the switch, but I suspect that the former has more to do with it. But I suppose that they have been securing their communications, maybe with IPsec or with any other similar method. I don't know as much about the Pentagon's communications. It'd be interesting to find out about them.
I've heard that somewhere before...
Oh yeah. In my ANSI Common Lisp book. Something about the real power of Lisp being that everything, including the program itself is just a tree structure.
Well, actually, there seems to be more to Jackpot's methods of code visualization than that. Lisp code can be thought of as having a tree-like structure, but it may not be as clear as what Jackpot's visual representation my be. What Jackpot would do is show the annotated parse tree, so it can give much information about how it is constructed. It would be a useful graphical representation that appears to go beyond what Lisp code would show, and with that representation and the source code, you can get the best of both worlds.
Anyway, they also mention that you can implement a "reverse grammar" that would take data formed in parse trees and make code more readable. For example, you can have Greek letters and other mathematical notation such as the square root symbol. If you have long equations in your program, this could be very useful in making your code readable, and thus understandable.
So what Jackpot seems to be is a way of giving different ways of viewing the code you write, which, IMHO, can go a long way in solving problems with it and simply improving on it.
I definitely have to agree with you there. I'm not sure why so many of those who responded to that poll on linux.com chose the option that said "The SCO lawsuit will... generate more interest in Linux." Yes, Linux is getting plenty of press but it isn't like that hasn't happened before. Any time you hear about some kid who just about single-handedly takes on a corporation like Microsoft, the media will jump all over it. And they did. I suppose that it's important for Linux to continue to have publicity. But bad publicity? No.
It was said in the Information Week article that "AIX of course couldn't be somehow whisked off computers because of the conflict. "If you get your driver's license revoked, that doesn't mean you can't drive, but you're skating on thin ice. The morning of June 14, you'll have all of these companies driving without a license," McBride says. And would you want to use an OS if it meant that using could put you in that situation?
Anyway, just to expand on the statement in which we disagree that publicity==good. Microsoft obviously doesn't think so, consider the number of times we've heard them going on about such things as the "viral nature of the GPL." I also think they've criticized Linux as an OS that hasn't been built from the start to suport many features that a modern OS should have. And one more thing I'd like to say is one more reason I'd say that publicity can be detrimental. Every time we hear about a worm that affects MS products or a security hole in their products, it's considered just another reason to use an alternative like Linux. Same goes for any other bad publicity about anything else.
Linux doesn't need publicity. It needs good publicity. Well, bad publicity about its competition doesn't hurt either.:)
Basically, the paper says this: If you have a hash table into which attackers can insert arbitrary keys, you'd better be using a hash function for which they cannot easily generate collisions.
That is something that the paper said, but they also gave specific examples of software that was vulnerable to that kind of attack. They determined that the Bro intrusion detection was highly vulnerable to this kind of attack, and mentioned different versions of Perl and Python that also experienced a significant perfrormance decrease given their input specifically made to bring down systems that use hash tables.
I don't know if anyone has *published* this before, but it's certainly not new.
It has been done. They mentioned similar related work where it was found that input to quicksort makes it take O(n^2) time instead of O(n lg n) and a that there was a vulnerability in the hash tables of the Linux route-table cache. The concept isn't new, it's just that different software has been found to have this sort of vulnerability.
And I just couldn't help but laugh at the irony of their PDF file on DOS attack prevention being the victim of the/. effect.
It may be true that what is valuable on most computers is their hardware rather than the data stored on them. But the reason I mentioned that data stored on computers as a reason computers are stolen is because data is what's often most important. This is something I have heard from a number of sources, the PCWorld article being one of them. Here's another excerpt from it:
Phoenix is aiming the service at large corporations that must protect their data and
equipment. Its cost will depend on the hardware vendor. In quantity purchase situations the
cost will be negligible, according to Phoenix.
"The loss of a machine is bad enough, but in many cases the data is the most important
thing," says Timothy D. Eades, a Phoenix senior vice president. "By wiping the disk clean we protect this."
But it is true that the hardware can also be valuable, as the individual components can be sold. But before the hard drives can be sold, all data on them should be erased. And by having TheftGuard wipe the drive, it may be doing thieves a favour.
When a TheftGuard-equipped system is stolen, the owner provides instructions through the TheftGuard web site. The next time the lost computer connects to the Internet, TheftGuard is activated and either disables the machine, wipes its hard drive, or transmits information on the physical location where the signal originates.
The problem with this seems to be that TheftGuard only performs actions after the stolen computer is connected to the Internet. And by the time that happens (if that happens) it's too late. My understanding is that when computers are stolen, the data on them is what's sought, as it is what's most valuable. And once the data is in the wrong hands, it's too late. The data on it can be copied to another place, and perhaps individual hardware components can be removed and sold. Am I wrong about anything here?
This "Bayesian Filtering for Dummies" article, titled "How to spot and stop spam" on the BBC web site, gave much useful information on the problem of spam and the filtering method used to get around it. It is quite comprehensible, as you certainly don't need to know the probability theory behind Bayesian filtering to understand it. It gives useful information on the problem of spam, and I'd say that this sort of article is required reading for all those who use e-mail. Why? Becaus it states this fact:
"The sheer number of spam mail sent means that even tiny response rates, reportedly 0.0001%, means junk mailers turn a profit. "
And this is why I say that educating users is just about as important as implementing spam filtering technology. If people know that they are perpetuating a serious problem by replying to spam, then that's bad news for spammers.
About another fact mentioned in the article: It said Paul Graham's filter extracts "the top 15 features that define them as spam." 15? I thought that most Bayesian filters use many more spam-defining features. Because I'd say that there are quite a few more. Just think of the many features that spam tends to have. But he says his filter works well. Interesting.
Slashdot Mirror
I recall hearing from people who have worked at Microsoft who have had ideas on what can be done to improve products. What they mentioned was that there is very much bureaucratic red tape that they must go through in order for their ideas to be considered. Perhaps some people at Microsoft may take your input seriously. But considering the many public statements that they have made regarding open source software, do you believe that you will have much impact on Microsoft's overall strategy for dealing with open source software?
"Some said they were not aware of the hacking technique and did not suspect foul play, or they wanted to be as helpful as possible to the computer technicians. Some were having network problems at the time, so the call seemed logical."
It all appears to come from these people naturally wanting help those who ask for assistance and claim to be trying to help them. It also can be the result of ignorance, with their lack of knowledge of this technique, and thinking that it would be logical to give that kind of information. But here's what I find most interesting:
"Other employees could not find the caller's name on a global IRS employee directory but gave their information anyway. Some hesitated but got approval from their managers to cooperate."
It was managers that gave this approval? Aren't they the ones who should be informing the employees of social engineering attacks? I think this may be the problem right here.
Yes. And that statement from Steve Vamos where he says that IE doesn't lack important features is not the only one that suggests that Firefox's market share could continue to increase. But here's another quote from him that I liked.
"I'm not sure that that is the reality. I have seen comments around that, but there is nothing I can refer to that really supports that"
This quote in the article was referring to the threat to IE's market share posed by Firefox. And yet in this article which the article linked to, it suggests that Microsoft should be concerned if they do not want IE to lose market share. It says that for the last five months, IE has lost market share that has evidently been gained by Mozilla/Firefox.
And so I just cannot help but wonder how much market share must IE lose before its executives cease to make statements such as the ones that we are laughing at here?
I suppose that it is true that many of the people who work on these projects just like to hack away at projects. The whole spirit of hacking does say that you should just work away at whatever you want. But all of this is missing an important point. The point being that another main reason for the existence of these projects, which is the desire of the individuals who work on them to come up with good alternative software. If OSS developers support fewer applications, then it's more likely that these applications will be of higher quality. Wouldn't it be better to have few good applications rather than many not-quite-as-good applications?
And in case you're interested, the article I'm discussing, titled "Too Much Free Software," can be found here.
I recall reading an article that was posted on Freshmeat that said that the open source development community should only work on developing the more popular open source software projects. It was said that the projects on sites like Sourceforge with low activity levels should just be abandoned so that open source software that stands out will be get the most attention and so it will be more likely to be considered superior. What is your opinion on this? Do you think the Open Source Community should rally behind the big projects?
You're here on Slashdot where, as you know, you have the opportunity to tell much of the community what to do. Here's your chance to direct us. :)
I believe that you can do well at advocating the use of open source software. So, how can it be done?
I too highly recommend How to Prove It. I thought that it was an excellent book as I found that it helped the reader understand how to approach mathematical proofs. It covers mathematical logic and set theory in much depth at first, then goes into detail about how to apply what was discussed earlier on. I'm sure that you'll find that it'll give you a good idea of how to think about these problems.
As for How to Solve It, I read it a few years ago and found that it was more for general problem solving. It goes on about how problems, whether they are mathematical in nature or not, should be approached. What it emphasized throughout it are questions such as "what are the data?" and "what is the condition?" and these questions are applied to the example problems. It really is more for general problem solving, and I'd only recommend it of that's something you want.
This reminds me of something known as the Aurora project that I heard about. It was a secret project that was mistakenly included in a budget statement that was not supposed to include such projects. Maybe TIA is becoming one of those projects.
But even if it doesn't, you have to remember that when something like this is defeated it'll probably come back in a different form. And you can just think of its second coming as a second name change for TIA.
And what implications will this have for the GIA (Governernment Information Awareness) site? Just wondering.
The article was quite informative, but there are a few problems with it, related to the above quote.
"Total Information Awareness" has had its name changed to "Terrorist Information Awareness." Cringely gets this fact wrong and so one has to wonder if there are other inaccuracies in it.
The other problem I have with it is that it mentions the Patriot Act, but doesn't go into much detail about it. It went on for quite a while about CALEA, and understanbly so. But I think that more about the Patriot Act and its implications should have been included.
Just out of curiousity, why was this not put in the "Ask Slashdot" section?
Anyway, even though I can't really say that I have had that sort of experience very often, but I'll do what I can to give a good answer to this question. I certainly hope that I won't find myself in these kinds of situations, although perhaps I'm being too optimistic. I understand that this happens quite often, and so I'm sure that you're not alone.
Anyway, while I can't suggest much, I doubt that many other people can. It's hard to get the PHBs to listen to you when you say the Q&D style solutions will only save time and money in the short term. If the anecdote that you gave is true, then maybe those PHBs will learn their lesson and not demand that so many shortcuts be taken. Shortcuts make for long delays, as they say.
I suppose that the best thing you can do is find ways to convince them that your ideas are worth listening to. As a matter of fact, a book titled The Pragmatic Programmer not only goes into detail about good software practices, but how to convince those PHBs and fellow team members to listen to you. I suggest taking a look at it.
So anyway, good luck. This problem won't be easy to solve. Keep working on getting people to listen to your ideas and why it would be better than the Q&D approach in the long run. That's what I say.
I wouldn't go that far. It only seems to be there to allow people to have fairly easy access to information that they can already get from other sources. They'd just need to try harder to get it from those other sources. From the article: GIA allows people to explore data, track events, find patterns and build profiles related to specific government officials or political issues. Information about campaign finance, corporate ties and even religion and schooling can be accessed easily. Real-time alerts can be generated when news of interest is breaking.
So calling it "1984 in reverse" would be too much of an exaggeration. If it actually, were 1984 in reverse, then wouldn't that be funny? Seeing politicians on telescreens, commanding them to do whatever you want to tell them to do.
"Bush! Number 437859! I don't see you touching your toes!" We could've gotten Clinton into shape that way. And I suppose I could make a joke about how Clinton's telescreen would've sometimes been a pornographic broadcast.
Here, on the 4th of July, Americans have been presented with something that many of them would certainly like to have. Information on the individuals that have power over them. But is it not true that much of the information is available to the general public? The information in the database, which now contains information on more than 3,000 public figures, seems to be accessible enough. It would include information about campaign finance, corporate ties, etc. I suppose that this website would facilitate finding such information, which certainly is good. But it is all information that already seems to be avilable to us, as it can be submitted by people like you and I (and anonymously: good news for those who like to post as ACs here.)
But what I'm sure many people would want is a more open government. One that does not keep as many secrets. One that does not do as much behind our backs. One in which there is less "classified information" although that may be a pipe dream. I understand that much information was removed from sites with the .mil TLD as a cetain terrorist organization was allegedly getting much useful information from it.
But this stil seems to be a good idea. It'll make much information accessible to U.S. citizens, and, perhaps, if nothing else, hold up a mirror to those in power who want as much information on us as possible.
I really don't consider this flame bait at all. In fact, I think that there are some good points here. It was actually just this afternoon that I submitted this smaller version of the story, which can be found here and here. The story was rejected, and I figured the reason it was rejected was because it wasn't really news. It was just something of an advisory. And nothing may materialize on the 6th, so there may be absolutely no point covering this.
And that's the reason I'm not so sure if this should be covered here. So I don't think this will cause those dastardly script kiddies to make a bigger mess. But I'm sure it'll make sysadmins take the usual precautions (ie. apply software patches, disable unnecessary services, etc.) So maybe something good can come from this.
Replacing the index.htm(l) file, or "web page defacement" as it is often called, has been considered "hacking" for quite a while. This is not anything new.
I'd say that journalistic ignorance goes beyond that. You may remember the ILOVEYOU e-mail virus. Well, I kept hearing members of the media refer to it as the "love bug." There is a significant difference between a bug and a virus, and I figured that they would understand that difference. It seemed like they were more interested in coming up with a clever phrase than in being factually accurate. And I thought that referring to Y2K as the "millenium bug" was bad. Y2K was NOT a bug.
Using an e-mail account that is specifically for online purchases so that it's separate from all other communications does sound like a good idea and one that's similar to what I often do if I want privacy. The e-mail account then becomes a honeypot for spam, and then perhaps you might be able to determine which companies are selling/renting out your e-mail address. You'd really be able to do it if you give a different honeypot e-mail account for each company/website you deal with, then you'd be able to track who may be engaging in this practice (or those who are affiliated with those who do so.)
But this doesn't completely solve the problem. Sure, you may not get as much spam in the accounts that you regularly use. But the problem of spam continues. Bandwidth gets clogged, message download times increase, more hard disk space is used up, etc. So if only you could just ensure that companies will make every effort to ensure that the e-mail address you give them won't get out so that those spammers will use it. Hopefully, more companies will include more broad statements in their disclaimers.
Maybe I should've made myself a bit more clear. I was saying that the Pentagon has a history of relying on outdated technology. As a previous poster mentioned, the building was built for offices that had typewriters, etc. And I understand that the Pentagon has a history of being a step behind when it comes to these matters. And where did I hear this? From a documentary on the Pentagon that was relatively recent. So what I'm saying is that it's good to see that the Pentagon no longer seems to be lagging when it comes to technology. Because it appears there was a time that it once did.
Not yet. Actually, I'm surprised that they didn't show up within a few minutes of me posting that message. They seem quite inefficient these days. :)
Seriously though, it is now public knowledge that IPv6 is what the Pentagon will be using. So why would what they are using now be classified information? While the U.S. governemnt keeps plenty of secrets, it is open about some things. In fact, it was said that much information that would be useful to terrorists could be found on U.S. government and military web sites. I think that information is gone now though. So if you prefer the thought of the U.S. government doing as little behind our backs as possible (as I do), I'm afraid that things will likely get wrose before they get better.
Heh. Once I wrote that I figured I'd get a reply like that one. So anyway, if Slashdot posts are included as criteria in the Total... I mean Terrorist Information Awareness project, (or any other similar projects they have) then I just became a suspected terrorist in their databases. If that doesn't do it, then maybe including words such as "bomb" and "hijacking" in my posts will. Uh-oh. I'd better delete these words before I click the "submit" button!
But it may be too late. Data on me is already there. Now I really hope the U.S. government's networks need security upgrades... so I can break in and delete the information on me!
Anyway, I suppose the reason they are committing to use of IPv6 is because of security. Both security and quality of service were mentioned as reasons they were making the switch, but I suspect that the former has more to do with it. But I suppose that they have been securing their communications, maybe with IPsec or with any other similar method. I don't know as much about the Pentagon's communications. It'd be interesting to find out about them.
Well, actually, there seems to be more to Jackpot's methods of code visualization than that. Lisp code can be thought of as having a tree-like structure, but it may not be as clear as what Jackpot's visual representation my be. What Jackpot would do is show the annotated parse tree, so it can give much information about how it is constructed. It would be a useful graphical representation that appears to go beyond what Lisp code would show, and with that representation and the source code, you can get the best of both worlds.
Anyway, they also mention that you can implement a "reverse grammar" that would take data formed in parse trees and make code more readable. For example, you can have Greek letters and other mathematical notation such as the square root symbol. If you have long equations in your program, this could be very useful in making your code readable, and thus understandable.
So what Jackpot seems to be is a way of giving different ways of viewing the code you write, which, IMHO, can go a long way in solving problems with it and simply improving on it.
It was said in the Information Week article that "AIX of course couldn't be somehow whisked off computers because of the conflict. "If you get your driver's license revoked, that doesn't mean you can't drive, but you're skating on thin ice. The morning of June 14, you'll have all of these companies driving without a license," McBride says. And would you want to use an OS if it meant that using could put you in that situation?
Anyway, just to expand on the statement in which we disagree that publicity==good. Microsoft obviously doesn't think so, consider the number of times we've heard them going on about such things as the "viral nature of the GPL." I also think they've criticized Linux as an OS that hasn't been built from the start to suport many features that a modern OS should have. And one more thing I'd like to say is one more reason I'd say that publicity can be detrimental. Every time we hear about a worm that affects MS products or a security hole in their products, it's considered just another reason to use an alternative like Linux. Same goes for any other bad publicity about anything else.
Linux doesn't need publicity. It needs good publicity. Well, bad publicity about its competition doesn't hurt either. :)
That is something that the paper said, but they also gave specific examples of software that was vulnerable to that kind of attack. They determined that the Bro intrusion detection was highly vulnerable to this kind of attack, and mentioned different versions of Perl and Python that also experienced a significant perfrormance decrease given their input specifically made to bring down systems that use hash tables.
I don't know if anyone has *published* this before, but it's certainly not new.
It has been done. They mentioned similar related work where it was found that input to quicksort makes it take O(n^2) time instead of O(n lg n) and a that there was a vulnerability in the hash tables of the Linux route-table cache. The concept isn't new, it's just that different software has been found to have this sort of vulnerability.
And I just couldn't help but laugh at the irony of their PDF file on DOS attack prevention being the victim of the /. effect.
Phoenix is aiming the service at large corporations that must protect their data and equipment. Its cost will depend on the hardware vendor. In quantity purchase situations the cost will be negligible, according to Phoenix.
"The loss of a machine is bad enough, but in many cases the data is the most important thing," says Timothy D. Eades, a Phoenix senior vice president. "By wiping the disk clean we protect this."
But it is true that the hardware can also be valuable, as the individual components can be sold. But before the hard drives can be sold, all data on them should be erased. And by having TheftGuard wipe the drive, it may be doing thieves a favour.
When a TheftGuard-equipped system is stolen, the owner provides instructions through the TheftGuard web site. The next time the lost computer connects to the Internet, TheftGuard is activated and either disables the machine, wipes its hard drive, or transmits information on the physical location where the signal originates.
The problem with this seems to be that TheftGuard only performs actions after the stolen computer is connected to the Internet. And by the time that happens (if that happens) it's too late. My understanding is that when computers are stolen, the data on them is what's sought, as it is what's most valuable. And once the data is in the wrong hands, it's too late. The data on it can be copied to another place, and perhaps individual hardware components can be removed and sold. Am I wrong about anything here?
"The sheer number of spam mail sent means that even tiny response rates, reportedly 0.0001%, means junk mailers turn a profit. "
And this is why I say that educating users is just about as important as implementing spam filtering technology. If people know that they are perpetuating a serious problem by replying to spam, then that's bad news for spammers.
About another fact mentioned in the article: It said Paul Graham's filter extracts "the top 15 features that define them as spam." 15? I thought that most Bayesian filters use many more spam-defining features. Because I'd say that there are quite a few more. Just think of the many features that spam tends to have. But he says his filter works well. Interesting.