Really, the only way to protect the code is to build in some kind of self sanity check (i.e. return some kind of checksum to the server which verifies the client). This is only as good as the verification routine though. Once the method of verification is determined you're back to square one
I thought this was exactly what Punkbuster does, or at least what it did initially. (I stopped playing CS once cheating became completely rampant a couple years back, so a bit out of touch.) Wasn't this method broken in some way as well?
I work for a very large company and we use Remedy. (Probably average somewhere in the neighborhood of 10k+ support calls a week spread over all of the various organizations in house) It is oookaayy, not great. I think a lot of the distaste for it here is the lack of customization. (Yes, they deployed it pretty much out of the box)
I have heard real good things from a couple of people using it at different companies. This takes quite a bit of customization as I understand it. Be prepared to pay $$ for a couple developers to suit it to your needs.
Bottom Line: Take the time to research and find something that fits your requirements. We had a roll your own ticket tracking/workflow system that was fantastic. The geniuses that call themselves managers got rid of it for something that cost a lot more and in the end, didn't do everything that we wanted it to. This makes tracking your work a big hassle. (They weren't willing to pay for the customization IOW)
Unfortunately, I saw the trailer for the new Ben Affleck movie. He is touted as the "World's Best Reverse Engineer". I can't even bear to read the phrase anymore after hearing a statement so moronic.
Everything I have read here seems to assume that Dr. Geer didn't know this would cost him his job. Maybe he was on his way out and just decided to speak his mind...
By 2010, Intel said, China would be the single largest market for its PC and communications chips.
*Waves hand* This is not the proprietary chip you're looking for.
*Waves hand* You don't need to use open source software.
In all seriousness, even if what he were saying was true, which I am not convinced of, it just sounds so self serving coming from Intel. (I know, self serving statements are so rare in this industry)
I would think that even if there were 1 billion machines running the 'Chairman MaoOS v 1.3', there would be people outside China, willing to write/port apps to it.
In this case, Nullsoft released WASTE under the GPL and AOL didn't like that. Too bad.
You're guessing here. We don't know that Nullsoft released it, or if a couple of random employees who work at Nullsoft "released" it. I could very easily publish something on the company website and put a fancy little copyright symbol there. It doesn't make it so.
Nullsoft is owned by AOL. Nullsofts upper management chain is in AOL HQ, Dulles, VA. Something as serious as releasing source code to the public cannot be done w/out first checking with the company lawyers, getting the permission of upper management, etc. This was clearly not done. They probably thought, AOL would never notice, or AOL would not care.
As far as any external users are concerned, this is the case, and I could care less about what is going on within their organization.
That's your prerogative, of course, it's a software piraters mentality.
This is true. The guys that I work with that have published works, or that have written RFC's, or that have just generally been around a while and written code that people actually use, get this type of thing spelled out in their contracts when they are hired. If you don't, it's pretty tough to claim anything you do you is your own. Even if you do it at home.
Your second paragraph is moot since the code is not under GPL.
As for Nullsoft leaving AOL, they are staying because they don't own the very product they develop, AOL does. Now they could leave and develop a totally different product, but that's a tough row to hoe these days. Besides that, it's tied into the AOL client now. App source gets checked into the client, but it don't check out.
I don't see the correlation. cvs.mozilla.org sits inside the Netscape campus, and is hosted by Netscape. Of course they have their source there, it's their server.
Look, I have access to our companies websites since I manage the servers. I could very easily create an "official release" document and upload any old thing I wanted to. This doesn't make it official. It's more likely that the Nullsoft people in SF released this product without asking anyone. Once the parent company found out, they yanked it.
As easy as it is to rail against spammers and paint all commercial email with the same brush, shouldn't we see if the people listed are following the appropriate rules, or if they are breaking them before we try and bury them?
I don't think this is a question of "Are these the bad guys?" The answer is clearly yes. Emarketers appears to be a front for one of the Kings of Spam, Eddy Marin, also based in Florida, as hard as it is to believe.
You typically don't get added to Spamhaus if you aren't sending mass mailings by the tens/hundreds of thousands through open relays, using forged headers with no reverse DNS.
Sure, there are always exceptions, but don't shed any tears for these guys.
Thats a rather illogical argument. If Spamhaus was blindly blocking every IP address in the 100.x.x.x range, then even though they have never heard of the people in that range, they could still be harming them. It's quite easy to harm people you have never heard of.
Spamhaus does not block IP addresses. They publish a list of known spammers. It is then up to the subscriber to block those IP addresses, at the ingress point into their networks.
If I lock my door because I don't want your filthy magazine, Kirby Vacuum, Security System, Candy, Pest Conrol selling ass in my house, who are you to sue me?
This entire lawsuit is ridiculous, in fact, laughable at some points. Emarketers actually says that Spamhaus hijacked their IP addresses, and used them for their own gain. Huh? They also state repeatedly that Spamhaus blocks their IP addresses at the source, rendering their mail servers useless, in essence.
These guys are technically clueless. If you are going to sue someone for technical reasons, at least know what the hell you are talking about. I mean, is it just file the suit and hope for a clueless judge or something?
Now, in my opinion the correct way to deal with spam is to filter it on the receiving end. All mail should be delivered,
Wow, apparently you don't run a mail server that gets 2.5 million messages a day. You can upgrade your mail servers all year round as an exercise in futility, it's fun. Add a new CPU and more memory, and your relays will be happy for a few hours, then end up where you have been for the past year... with 40,000 messages queued up waiting for delivery. You have just built a more powerful box for the spammers. Congrats!
No way, man. If you don't have reverse DNS, you get dropped. Period. Do some spammers have reverse records? Sure. But you just eliminated a huge portion of the DSL spammers, Dial Up Spammers, and the Mom and Pop spammers.
Remember growing up in the 70's and 80's, all through school, "We will soon be transitioning to the Metric System, so we are going to teach you measurements in both formats and confuse the hell out of you". What happened? We ended up not going to the metric system. Why not? The whole world uses metrics except us. (excuse me, US = the United States)
Maybe it is because, as shitty as the empirical system of measures is, it works and we know it.
What chance does Dvorak have in a world where such a small number of people use it currently, if we can't even get to the metric system in a world where pretty much everyone uses it except for the US?
This gets to the truth. Many people in companies aren't able to handle their responsabilities. They either need to be trained, disciplined, let go, or "locked down".
When an organization chooses to lock down systems, however, they kill creativity. I'd recommend one of the other options.
I wouldn't envision this type of system being given to anyone "creative". I would envision it going to folks in marketing, admins, lobby receptionists, and every other idiot who clicks "Yes" on every friggin' email virus that comes their way. If you take ability away from this big chunk of the user base to propogate a virus, you get a (caution: Management term coming up!) big win.
That being said, I would never use one of these.
Deceptive Subject Lines??
on
FTC vs Spammers
·
· Score: 5, Funny
When consumers opened the e-mail messages, they were immediately subjected to sexually explicit solicitations
Oh cmon, these people are so picky. What sort of shut-in do you have to be to consider sex with dogs and horses "sexually explicit"?
But I'd wager the lions share of it's user base want samba to replace/supplement Win2k Server, and soon
We fit this bill at my company. We have an ldap instance that stores all pertinent employee info. It is our authoritative data source. We sync the data from ldap into our NT domain. We want to get rid of the middleman here and do straight ldap authentication to ldap, and then authorization to our file systems, w/out NT.
There is nothing to do this at this point, thus NT lives on.
The streams are there, just not that apparent. This is one reason why NTFS is case aware, but not necessarily case sensitive. I think there is a resource kit utility called "streams" that you can use to show the alternate data streams.
I believe they are targetting home users as well as the Enterprise users with Palladium.
According to MS, Palladium will provide a set of applications and features that will work independantly of the operating system. These features and applications would theoretically not allow a virus to install itself on the system, simply because it is running as an admin account, because it would not be a "trusted" application.
The major bone of contention is that who gets to decide who can develop "trusted" applications?
Well, Microsoft of course!
All your security are belong to us. ha ha ha ha ha.
Maybe these guys should have called Blackboard and informed them of the vulnerabilities, and worked with them to fix it, instead of taking the exploits into a public forum? If I am Blackboard, and there is a fatal flaw in my product, why wouldn't I want to fix it?
I don't mean to present an opposing viewpoint or anything. Wait... MICROSOFT SUCKS! That better?
Slashdot Mirror
Really, the only way to protect the code is to build in some kind of self sanity check (i.e. return some kind of checksum to the server which verifies the client). This is only as good as the verification routine though. Once the method of verification is determined you're back to square one
I thought this was exactly what Punkbuster does, or at least what it did initially. (I stopped playing CS once cheating became completely rampant a couple years back, so a bit out of touch.) Wasn't this method broken in some way as well?
I work for a very large company and we use Remedy. (Probably average somewhere in the neighborhood of 10k+ support calls a week spread over all of the various organizations in house) It is oookaayy, not great. I think a lot of the distaste for it here is the lack of customization. (Yes, they deployed it pretty much out of the box)
I have heard real good things from a couple of people using it at different companies. This takes quite a bit of customization as I understand it. Be prepared to pay $$ for a couple developers to suit it to your needs.
Bottom Line: Take the time to research and find something that fits your requirements. We had a roll your own ticket tracking/workflow system that was fantastic. The geniuses that call themselves managers got rid of it for something that cost a lot more and in the end, didn't do everything that we wanted it to. This makes tracking your work a big hassle. (They weren't willing to pay for the customization IOW)
Unfortunately, I saw the trailer for the new Ben Affleck movie. He is touted as the "World's Best Reverse Engineer". I can't even bear to read the phrase anymore after hearing a statement so moronic.
Everything I have read here seems to assume that Dr. Geer didn't know this would cost him his job. Maybe he was on his way out and just decided to speak his mind...
By 2010, Intel said, China would be the single largest market for its PC and communications chips.
*Waves hand* This is not the proprietary chip you're looking for.
*Waves hand* You don't need to use open source software.
In all seriousness, even if what he were saying was true, which I am not convinced of, it just sounds so self serving coming from Intel. (I know, self serving statements are so rare in this industry)
I would think that even if there were 1 billion machines running the 'Chairman MaoOS v 1.3', there would be people outside China, willing to write/port apps to it.
On Microsoft master Server...
'net stop hotmail.com'
In this case, Nullsoft released WASTE under the GPL and AOL didn't like that. Too bad.
You're guessing here. We don't know that Nullsoft released it, or if a couple of random employees who work at Nullsoft "released" it. I could very easily publish something on the company website and put a fancy little copyright symbol there. It doesn't make it so.
Nullsoft is owned by AOL. Nullsofts upper management chain is in AOL HQ, Dulles, VA. Something as serious as releasing source code to the public cannot be done w/out first checking with the company lawyers, getting the permission of upper management, etc. This was clearly not done. They probably thought, AOL would never notice, or AOL would not care.
As far as any external users are concerned, this is the case, and I could care less about what is going on within their organization.
That's your prerogative, of course, it's a software piraters mentality.
This is true. The guys that I work with that have published works, or that have written RFC's, or that have just generally been around a while and written code that people actually use, get this type of thing spelled out in their contracts when they are hired. If you don't, it's pretty tough to claim anything you do you is your own. Even if you do it at home.
Your second paragraph is moot since the code is not under GPL.
As for Nullsoft leaving AOL, they are staying because they don't own the very product they develop, AOL does. Now they could leave and develop a totally different product, but that's a tough row to hoe these days. Besides that, it's tied into the AOL client now. App source gets checked into the client, but it don't check out.
I don't see the correlation. cvs.mozilla.org sits inside the Netscape campus, and is hosted by Netscape. Of course they have their source there, it's their server.
Look, I have access to our companies websites since I manage the servers. I could very easily create an "official release" document and upload any old thing I wanted to. This doesn't make it official. It's more likely that the Nullsoft people in SF released this product without asking anyone. Once the parent company found out, they yanked it.
I really doubt there is any more to it than that.
As easy as it is to rail against spammers and paint all commercial email with the same brush, shouldn't we see if the people listed are following the appropriate rules, or if they are breaking them before we try and bury them?
I don't think this is a question of "Are these the bad guys?" The answer is clearly yes. Emarketers appears to be a front for one of the Kings of Spam, Eddy Marin, also based in Florida, as hard as it is to believe.
You typically don't get added to Spamhaus if you aren't sending mass mailings by the tens/hundreds of thousands through open relays, using forged headers with no reverse DNS.
Sure, there are always exceptions, but don't shed any tears for these guys.
Thats a rather illogical argument. If Spamhaus was blindly blocking every IP address in the 100.x.x.x range, then even though they have never heard of the people in that range, they could still be harming them. It's quite easy to harm people you have never heard of.
Spamhaus does not block IP addresses. They publish a list of known spammers. It is then up to the subscriber to block those IP addresses, at the ingress point into their networks.
If I lock my door because I don't want your filthy magazine, Kirby Vacuum, Security System, Candy, Pest Conrol selling ass in my house, who are you to sue me?
This entire lawsuit is ridiculous, in fact, laughable at some points. Emarketers actually says that Spamhaus hijacked their IP addresses, and used them for their own gain. Huh? They also state repeatedly that Spamhaus blocks their IP addresses at the source, rendering their mail servers useless, in essence.
These guys are technically clueless. If you are going to sue someone for technical reasons, at least know what the hell you are talking about. I mean, is it just file the suit and hope for a clueless judge or something?
Dude, were you going for the free "William F'ing Shatner" shirt or what?
What? No one is going to give props for the Kids in the Hall reference.
Nice.
When you are done with head crushing, do that thing where you make people puke.
You have been fined one credit for a violation of the verbal morality statute.
Now, in my opinion the correct way to deal with spam is to filter it on the receiving end. All mail should be delivered,
Wow, apparently you don't run a mail server that gets 2.5 million messages a day. You can upgrade your mail servers all year round as an exercise in futility, it's fun. Add a new CPU and more memory, and your relays will be happy for a few hours, then end up where you have been for the past year... with 40,000 messages queued up waiting for delivery. You have just built a more powerful box for the spammers. Congrats!
No way, man. If you don't have reverse DNS, you get dropped. Period. Do some spammers have reverse records? Sure. But you just eliminated a huge portion of the DSL spammers, Dial Up Spammers, and the Mom and Pop spammers.
Remember growing up in the 70's and 80's, all through school, "We will soon be transitioning to the Metric System, so we are going to teach you measurements in both formats and confuse the hell out of you". What happened? We ended up not going to the metric system. Why not? The whole world uses metrics except us. (excuse me, US = the United States)
Maybe it is because, as shitty as the empirical system of measures is, it works and we know it.
What chance does Dvorak have in a world where such a small number of people use it currently, if we can't even get to the metric system in a world where pretty much everyone uses it except for the US?
Dvorak is niche and always will be.
This gets to the truth. Many people in companies aren't able to handle their responsabilities. They either need to be trained, disciplined, let go, or "locked down". When an organization chooses to lock down systems, however, they kill creativity. I'd recommend one of the other options.
I wouldn't envision this type of system being given to anyone "creative". I would envision it going to folks in marketing, admins, lobby receptionists, and every other idiot who clicks "Yes" on every friggin' email virus that comes their way.
If you take ability away from this big chunk of the user base to propogate a virus, you get a (caution: Management term coming up!) big win.
That being said, I would never use one of these.
Oh cmon, these people are so picky. What sort of shut-in do you have to be to consider sex with dogs and horses "sexually explicit"?
Sheesh.
We fit this bill at my company. We have an ldap instance that stores all pertinent employee info. It is our authoritative data source. We sync the data from ldap into our NT domain. We want to get rid of the middleman here and do straight ldap authentication to ldap, and then authorization to our file systems, w/out NT.
There is nothing to do this at this point, thus NT lives on.
The streams are there, just not that apparent. This is one reason why NTFS is case aware, but not necessarily case sensitive. I think there is a resource kit utility called "streams" that you can use to show the alternate data streams.
According to MS, Palladium will provide a set of applications and features that will work independantly of the operating system. These features and applications would theoretically not allow a virus to install itself on the system, simply because it is running as an admin account, because it would not be a "trusted" application.
The major bone of contention is that who gets to decide who can develop "trusted" applications?
Well, Microsoft of course!
All your security are belong to us. ha ha ha ha ha.
C'mon editors - don't you check your stories and links before you post?
Is this a trick question?
Maybe these guys should have called Blackboard and informed them of the vulnerabilities, and worked with them to fix it, instead of taking the exploits into a public forum? If I am Blackboard, and there is a fatal flaw in my product, why wouldn't I want to fix it?
I don't mean to present an opposing viewpoint or anything. Wait... MICROSOFT SUCKS! That better?