Not quite. Unless every single connection from the computer was authenticated to the MUNET account, all you would know is that a MAC address is registered to a MUNET account, and that a specific IP was assigned to a given MAC address through DHCP.
What you don't know is if the owner of the MUNET account owned the device that was sending out that MAC address at that time, just that the owner of the MUNET's computer defaults to a specific MAC address.
Do any universities require an encrypted tunnel of some sort from a computer to the router based on authentication to the University account? Otherwise, you can't tie a MAC address to even a specific computer, much less a person.
At the University I went to, CU, the wifi was unsecured, aside from the MAC address check. Yes, I did have to register the MAC to me, but then the MAC address was broadcast in the open, and could easily be spoofed, which I have used in the past.
Agreed that over wired ethernet, it is much easier to prevent MAC spoofing, but what about wifi?
It is interesting to think about dust in a vacuum, where if it is kicked up with a large forward velocity, it will fall back down on you or even ahead of you, whereas on Earth it would get pushed behind you by friction...
Paypal doesn't give a shit about anything but making money from themselves, and don't hesitate to take money from anybodys account for almost any reason.
It is kind of silly, forcing people to access PayPal with secure browsers when money stored at PayPal isn't secure from PayPal itself. (PayPal isn't a bank, nor does it even try to pretend to be one, so don't let them have any EFT account numbers, and never store any money there.)
... I didn't like our search results showing up in theirs.
And I hate it when a search result goes to... another page of search results. "You searched for 'perpetual motion engine'. Here are links to pages of us doing that search on other sites as well." Not very useful.
It isn't easy to programmatically tell the difference, but this seems like this would make that happen much more often.
How will this work for forms that perform translations, validations and similar kinds of operations on other websites? Try to pull the entire internet through each such site it finds?
And then not every web development environment forces GET to not change data. In Ruby on Rails, adding "?methond=post" to the end of a url fakes a post, even though it is actually a GET, which I disabled in the company I work for. Not everyone is going to do that.
Re:Isn't the whole idea of a standard
on
ISO Releases OOXML FAQ
·
· Score: 2, Insightful
Whoops, I did forget the whole twisted wire versus not twisted wire thing.
HDMI (and most digital) cables are designed so they work 100% until they fail catastrophically. That's the fact of the matter. A $5 cable is not just 'good enough' it's perfect over less than 5m, or it's broken and won't work at all.
Yep, for less than "really long" runs, the $5 cable works just fine. (That is what I meant by "good enough". It is good enough for almost all uses.)
Botnets. If someone really wanted to make 10,000 accounts, just have each computer on a botnet make 1 account each, with a botnet of 10,000 computers. Different IPs, etc to make them difficult to differentiate from legitimate creations.
As computers get more powerful and AI gets better, CAPTCHAs have to get harder or they are broken.
And then there is the "porn for CAPTCHA" hack, where you have a second site where you have people solve a CAPTCHA to get access to porn, and then the hacker uses that solution to make an account on the original site. The only solution is to have a short timeout, but if the porn site gets enough traffic, even that isn't an issue.
AI may be hard, but it isn't impossible to have real intelligence used en masse.
Even with a digital signal, a cable can create problems. The "digital" signal has to be made into an analog signal, and then converted back on the other end. Or does DSL, since it is "digital", work over any phone lines without regard to length of the cable?
Like in a PATA cable, or any parallel cable, if the wires between the parallel bits aren't the same length, you will get clock skew.
And then there is interference, and intermittent errors, where a marginal cable will work some of the time.
All of that said, for HDMI over short runs, even most of the cheap $5 cables are "good enough" to not have many signal errors.
I bet the Concorde wouldn't be doing Mach 2 at the end of the runway either. If you had a plane that went supersonic before it left the runway, would that mess up the runway? At the very least, it would be pretty bad to the rest of the airport.
I'm nut sure, but how can anyone treat their customers like this.
Welcome to the world of monopolies. If your "customer" can't avoid purchasing your product, then you can get away with a lot of crap that simply wouldn't be tolerated in a market with more equal competition.
Sudo works just fine if applications that only do userland stuff don't trigger the sudo dialog. Remembering your sudo privileges for a while is a huge thing that UAC lacks. MS's UAC could easily be considered a satire of sudo.
Yep, the proper way to do this would be to have UAC like crazy when running an app in debug/test mode, and leave the customers alone. If they want to put pressure on the 3rd party developers, then they should do that directly, and not mess with everyone in hopes that the pressure would kind of go back to the 3rd party developers.
That assumes that 3rd party developers care at all about the customer experience, which if you look at Norton/McAfee, is very dubious.
And then give the customers something reasonable, like how sudo works on *nix.
No, I read that differently. If you own soggyballs.com, this would be if you had used i.have.soggyballs.com, but are no longer using the i.have. subdomain.
The webpage you would get sent to is probably quite like what you described.
Interesting. I didn't know that. Makes sense, though. My point that they should have specified "Copyright" instead of the nebulous "IP" still stands.
But I think this would be slightly different. The assumption with a photo in a profile like that is that the person is the one IN the photograph, not necessarily the maker of the picture. I can take my own picture using a self-timer or a remote control, but I don't think that is a requirement with most sites, just that the person featured in the profile has a license to use the picture.
Hmm, actually that is a slightly different question.
My name, obviously, isn't corsec67. I wasn't born in a '67. I also don't think I am the only person on the internet to use "corsec67" as a handle.
Would I have any kind of standing to sue you for the "Corsec67 Cola"?
If you made a "Bob Cola", could any of the Bobs in the world sue you, and for what? If you made a "Bob Smith Sucks Cola" soda, could any Bob Smith sue you? What if your name is Bob Smith?
If a person had a name more than 150 years ago, is it now in the public domain?
Copyright? I have a copyright on my name? Can I sue anyone that violates that copyright? I thought you couldn't copyright a fact.
Trademark? I have a trademark on my name? I thought you had to register a trademark, and defend it. How that applies to a persons name, I don't know.
Patent? I have a patent on my name? What is there that could even be patented?
Defamation? That is probably the correct law they are breaking, but that has nothing whatsoever to do with any of the "IP" laws.
Just using "IP" confuses the issue, please stop using it. They are Copyright, Trademark, and Patent, and they vary greatly. Don't squish them together.
Or can I call the case of a computer the "CPU", and talk about the "storage" in my CPU?
The particularities of employment contracts vary. Unless you are privy to the specifics of the agreement, you, an uninformed goof on Slashdot, aren't really in any position to say.
Privy to information? Hah, on/. you are lucky if they even read the article.
Not like it will prevent 100+ comments.
(My take: it will depend on exactly what is written in the contract as to who owns the copyright on the armor.)
The biggest objection to what Comcast was doing was that they were generating reset packets that didn't originate with either host.
Now, this article seems to say that they will generate reset packets for hosts that don't even exist on the internet. This may be a kind of throttling, but it is sill FORGERY, and shouldn't be allowed at all.
And at the school I went to (CU), once you signed up a MAC address as being valid, any device could use that MAC to authenticate against the wifi service.
I actually used that to get my PSP online when it first came out, Wipeout was the only game that could get online, but the simple web browser (something like Links with graphics in terms of capability) couldn't figure out the login page that CU put up. So, I had a friend change the MAC address on his laptop to that of my PSP, I signed it up as being "mine", and then my PSP worked on the wifi.
So, the the device I used to register the MAC address had absolutely nothing to do with the device that I was using most of the time that actually had that MAC address built in.
A MAC address is about as identifying as a nametag.
Slashdot Mirror
Not quite.
Unless every single connection from the computer was authenticated to the MUNET account, all you would know is that a MAC address is registered to a MUNET account, and that a specific IP was assigned to a given MAC address through DHCP.
What you don't know is if the owner of the MUNET account owned the device that was sending out that MAC address at that time, just that the owner of the MUNET's computer defaults to a specific MAC address.
Do any universities require an encrypted tunnel of some sort from a computer to the router based on authentication to the University account? Otherwise, you can't tie a MAC address to even a specific computer, much less a person.
What about University provided wifi?
At the University I went to, CU, the wifi was unsecured, aside from the MAC address check. Yes, I did have to register the MAC to me, but then the MAC address was broadcast in the open, and could easily be spoofed, which I have used in the past.
Agreed that over wired ethernet, it is much easier to prevent MAC spoofing, but what about wifi?
Who says that an IP address can even be related to a specific computer, much less a person?
All the university would know is that something with a specific MAC address was using that IP at that specific time.
Since MAC addresses are spoofable, how can they be related to a specific person at all?
I would say that the roll of tape used on the Apollo 13 was much more important.
It is interesting to think about dust in a vacuum, where if it is kicked up with a large forward velocity, it will fall back down on you or even ahead of you, whereas on Earth it would get pushed behind you by friction...
You can lose something you never had, because the definition of lose has "5b: to fail to gain"
I agree with what you said, and I really dislike that definition of "lose", but it is there, and people quite often use it.
What about when your files become incompatible with the latest version?
If you have your file spread across 3 versions of office with minor to serious incompatabilities, how do you use your old files?
The problem with instant auto-update, is that patches that wreck your system get applied instantly.
And then what about updates that need a reboot? Should that be automatic and instant?
This is a very hard problem, with no easy answer aside from "build it with security from the ground up"
You aren't at all mistaken:
Paypal doesn't give a shit about anything but making money from themselves, and don't hesitate to take money from anybodys account for almost any reason.
PayPalSucks.com
It is kind of silly, forcing people to access PayPal with secure browsers when money stored at PayPal isn't secure from PayPal itself.
(PayPal isn't a bank, nor does it even try to pretend to be one, so don't let them have any EFT account numbers, and never store any money there.)
And I hate it when a search result goes to... another page of search results. "You searched for 'perpetual motion engine'. Here are links to pages of us doing that search on other sites as well." Not very useful.
It isn't easy to programmatically tell the difference, but this seems like this would make that happen much more often.
Sweet, now Google will be Fuzzing the entire web.
How will this work for forms that perform translations, validations and similar kinds of operations on other websites? Try to pull the entire internet through each such site it finds?
And then not every web development environment forces GET to not change data. In Ruby on Rails, adding "?methond=post" to the end of a url fakes a post, even though it is actually a GET, which I disabled in the company I work for. Not everyone is going to do that.
How about M$ISO for short?
Yep, for less than "really long" runs, the $5 cable works just fine. (That is what I meant by "good enough". It is good enough for almost all uses.)
Your solution doesn't account for one thing:
Botnets. If someone really wanted to make 10,000 accounts, just have each computer on a botnet make 1 account each, with a botnet of 10,000 computers. Different IPs, etc to make them difficult to differentiate from legitimate creations.
As computers get more powerful and AI gets better, CAPTCHAs have to get harder or they are broken.
And then there is the "porn for CAPTCHA" hack, where you have a second site where you have people solve a CAPTCHA to get access to porn, and then the hacker uses that solution to make an account on the original site. The only solution is to have a short timeout, but if the porn site gets enough traffic, even that isn't an issue.
AI may be hard, but it isn't impossible to have real intelligence used en masse.
Even with a digital signal, a cable can create problems. The "digital" signal has to be made into an analog signal, and then converted back on the other end. Or does DSL, since it is "digital", work over any phone lines without regard to length of the cable?
Like in a PATA cable, or any parallel cable, if the wires between the parallel bits aren't the same length, you will get clock skew.
And then there is interference, and intermittent errors, where a marginal cable will work some of the time.
All of that said, for HDMI over short runs, even most of the cheap $5 cables are "good enough" to not have many signal errors.
I bet the Concorde wouldn't be doing Mach 2 at the end of the runway either.
If you had a plane that went supersonic before it left the runway, would that mess up the runway? At the very least, it would be pretty bad to the rest of the airport.
(the number of people is very much true)
Welcome to the world of monopolies. If your "customer" can't avoid purchasing your product, then you can get away with a lot of crap that simply wouldn't be tolerated in a market with more equal competition.
Sudo works just fine if applications that only do userland stuff don't trigger the sudo dialog. Remembering your sudo privileges for a while is a huge thing that UAC lacks. MS's UAC could easily be considered a satire of sudo.
Yep, the proper way to do this would be to have UAC like crazy when running an app in debug/test mode, and leave the customers alone. If they want to put pressure on the 3rd party developers, then they should do that directly, and not mess with everyone in hopes that the pressure would kind of go back to the 3rd party developers.
That assumes that 3rd party developers care at all about the customer experience, which if you look at Norton/McAfee, is very dubious.
And then give the customers something reasonable, like how sudo works on *nix.
No, I read that differently. If you own soggyballs.com, this would be if you had used i.have.soggyballs.com, but are no longer using the i.have. subdomain.
The webpage you would get sent to is probably quite like what you described.
Too bad oil is fungible, so OPEC can still hurt us monetarily.
So, how far back does this push "peak oil"?
Interesting. I didn't know that. Makes sense, though. My point that they should have specified "Copyright" instead of the nebulous "IP" still stands.
But I think this would be slightly different. The assumption with a photo in a profile like that is that the person is the one IN the photograph, not necessarily the maker of the picture. I can take my own picture using a self-timer or a remote control, but I don't think that is a requirement with most sites, just that the person featured in the profile has a license to use the picture.
Hmm, actually that is a slightly different question.
My name, obviously, isn't corsec67. I wasn't born in a '67. I also don't think I am the only person on the internet to use "corsec67" as a handle.
Would I have any kind of standing to sue you for the "Corsec67 Cola"?
If you made a "Bob Cola", could any of the Bobs in the world sue you, and for what? If you made a "Bob Smith Sucks Cola" soda, could any Bob Smith sue you? What if your name is Bob Smith?
If a person had a name more than 150 years ago, is it now in the public domain?
Trademark? I have a trademark on my name? I thought you had to register a trademark, and defend it. How that applies to a persons name, I don't know.
Patent? I have a patent on my name? What is there that could even be patented?
Defamation? That is probably the correct law they are breaking, but that has nothing whatsoever to do with any of the "IP" laws.
Just using "IP" confuses the issue, please stop using it. They are Copyright, Trademark, and Patent, and they vary greatly. Don't squish them together.
Or can I call the case of a computer the "CPU", and talk about the "storage" in my CPU?
Privy to information? Hah, on
Not like it will prevent 100+ comments.
(My take: it will depend on exactly what is written in the contract as to who owns the copyright on the armor.)
The biggest objection to what Comcast was doing was that they were generating reset packets that didn't originate with either host.
Now, this article seems to say that they will generate reset packets for hosts that don't even exist on the internet. This may be a kind of throttling, but it is sill FORGERY, and shouldn't be allowed at all.
And at the school I went to (CU), once you signed up a MAC address as being valid, any device could use that MAC to authenticate against the wifi service.
I actually used that to get my PSP online when it first came out, Wipeout was the only game that could get online, but the simple web browser (something like Links with graphics in terms of capability) couldn't figure out the login page that CU put up.
So, I had a friend change the MAC address on his laptop to that of my PSP, I signed it up as being "mine", and then my PSP worked on the wifi.
So, the the device I used to register the MAC address had absolutely nothing to do with the device that I was using most of the time that actually had that MAC address built in.
A MAC address is about as identifying as a nametag.