ain't no way to verify age or maturity
the only Right thing to do is to get all sex and violence off the net
best clean up television and video games too
1 yes: it will be easy to get a certificate: signed by joe dokes. signed by a trusted software developer, -- not so easy. and that is exactly what we want.
2 now as far as executables go, I'm not sure of your definition of 'executable'. any script, even if only interpreted like a 'command list' has to be regarded as executable as these type of command lists might direct a computer to download and install un-authorized programming. and un-authorized programming might be 'maleware'
3 remember that an important part of security is RESPONSE. if all executable code has to be signed it will be easier to IDENTIFY who is responsible and to make an appropriate response.
4 some maleware is apparently directed client/server style by codes hidden in FLASH. it should be easy to see that if the FLASH has the ability to direct a remote binary to act on the target computer then the FLASH has to be regarded as executable and as such must be itself considered executable
5 the certificate system in use for web sites at this time is not adequate as was recently illustrated by the distribution of maleware via FLASH across what should be trustable sites e.g. MLB. this got by because the certificate only approves the web site generally. approval of every code fragment on the site is required.
6 this is NOT an issue that will go away. the internet is needed for business purposes and for personal use by honest people. mis-use of this resource can not be tolerated if business use of the net is to continue and to grow. all that remains is to determine what remedies are going to be applied.
a number of different remedies are possible including but not limited to (a) de-certifying Ms. windows for use as a business tool (b) re-building the internet as Internet II using IP(6) and with accountability built in (c) requiring signatures for everything executable (d) all of the above -- possibly more
and the rat takes up residence in your computer and waits till you open yer prude browser and log onto your bank
and then he pays his rat account
the only way to prevent rats from conducting their mischief is to PREVENT ALL UNAUTHORIZED PROGRAMMING
NO SIGNATURE? NO EXECUTE.
all programming will have to have PGP signatures, every fragment, no matter how samll. If it's executable it has to be signed oir else it goes in the garbage.
Flash, ActiveX, Java, et. al. render web pages executable, generally
at this point it appears that NO PLANNING has been done to secure these vehicles from spreading trojans and various un-authorized programming
am I to accept one certificate from a web site and take that as credentials for every page on that site?
this plan has been available for a while now, yet CyberCrime is flourishing. and CyberCrime generally relies on trojans: un-authorized programming.
with polymorphic virus changing their colors rapidly and 1,100 new virus appearing daily the anti-virus concept which relies on detection is now overwhelmed.
prevention is required and this means preventing un-authorized programming from running
flash might be used for stuff other than ads but guess what: who uses it the most?
a/c yer views are generally too establishment. the www has a lot of defects from trojan vulnerabilities to onerous adware and privacy violations like that BlockBuster-Facebook link
and these defects need to get cleaned out and the place to start is to put a stop to un-authorized programming.
Gates ain't no visionary, tee hee ya got that right
he bought DOS from Tim Patterson and sold it to IBM
he stole the X-window graphic interface design from XEROX/PaloAlto Research Park (if I remember right) and sold it as "Windows"
and now I find out he hadda have his internet planning added to his visions book retroactively. did he have Al Gore ghost write it for him ( tee hee )
and his most famous quote "64k ought to be enough for anybody"
No, Gates is definitely NOT a visionary.
what Gates IS...is a marketing guy.
and marketing guys operate by manipulating your perceptions. selling the king new clothes
what really have we got from Windows?
+ a 1 GB RAM computer with 1 GHZ processor still can't do what an IBM/AT could do using 1 MB ram and 12 MHZ processor remember: Lotus-1-2-3 and WordPerfect were just as effective for must use as Excel and Word running on MS/Vista. And a copy of Procomm+ gave you all the commo you needed.
+ a 1 MB/sec network connection cannot bring you communications as well as an old USR 9600 dual standard modem. the reason being: too much marketing fluff is sent with the info
+ CompuServe was a very good information exchange, the WWW has degraded into an advertising and market research forum
the one thing that Gates & Ms have truly excelled at however is: obsoleting your existing computer assuring a continued ( if forced ) demand for upgraded processors and software.
the lesson is easy: clean up your act or we will do it for you
there was a presentation on CyberCrime on NPR this morning: full 30 minutes.
the presentation focused mostly on the note that hacking software is for sale to kids these days and CyberCrime is a growing problem
what the report DID NOT focus on properly was that while CyberCrime is perceived as a minor nuisance and "just a cost of doing business" by the commercial industry ( loss rates about 15 or 20 cents per $100 ) -- a serious attack to an individual can ruin your life for a while
and so now we must consider how we will respond
Bruce Schneier is very insightful in his comments noting that those who have the ability to respond must be made liable for the consequences of not responding before any meaningful change will occur
Merchants, banks, ISPs, and software developers represents "those who have the capacity to respond"
but do they have the interest?
without liability for damages: no
but a customer who goes into BestBuy and picks out a new 500 dollar computer has every right to expect a computer that lets her surf the net and read eMail and put the knitting club labels out using Excel. She has every right to expect that computer to perform as advertised for a reasonable life span ( not topic today )
so when her new computer is plugged up with so much ad ware that it won't run anymore that is a product failure and the mfr is responsible
same thing if she logs onto her credit union and some Russian hackers steal her money. she had a right to expect where the computer advertised a secure connection that that connection was in fact secure and not served up as a RAT feast
this is a change in thinking for IT people who for too long have got away with transferring all responsibility for use to the end user
it's time for the industry to grow up and take responsibility for product quality.
I don't think that IT will willingly swallow this particular medicine. And so it will have to come in the form of an FTC rule
the report on NPR, where it trace the "how" of various attacks -- noted that "virus codes were injected" into victim computers
this is the first aspect that has to end. no running of un-authorized programs
this means all executables will have to be signed with a PGP signature authorized by a Certificate Authority.
it may mean we will have to acquire special devices for keeping our PGP secret keys. it certainly doesn't help to have your secret key on a workstation infected with RATS of various types. protecting those secret keys is mandatory if PGP is to be used to put a stop to un-authorized programming.
I think we will need a separate device for this, at least initially.
detection is a technical point and we will need to change the rules to require you PGP signature for every piece of code published with the guide:
NO SIGNATURE? NO EXECUTE.
once we know who you are we can hold you responsible for your program and this is the RESPONSE aspect of security
don't think it won't happen and don't think it's silly. the current flood of maleware mandates improved security. detection and response are critical elements of security. as well as prevention. we like prevention best, but failing that we need to put any bad guys out of business
So that leaves what percentage of the population stupid enough to open one of these things and infect their computers with something vile?
it isn't just "stupid" people
recently one hacker incorporated his codes into some advertising and then paid an ad agency to publish the stuff. and you could pick up his maleware by checking scores on MLB
FTC just shut down an online money processor for failure to exercise due diligence
we've had enough of this crap. it is time to take action from several directions, technical, legal. technical improvements to provide for DETECTION and legal improvements ro provide for RESPONSE. Civil liability for harm caused by maleware.
an ordinary customer should be able to buy a computer and surf on the net without getting the thing all plugged up with adware. think about this. if I plunk down good cash for a computer I should receive the value that I paid for. if my computer gets plugged up with maleware then I have not received what I expected for my money: the product has failed just like a set of tires that went 500 miles and then blew out flat. and from that I have a cause of action and deserve compensation, in addition to which the reputation for the product I bought will depreciate to GARBAGE although at this time I don't see any way Ms Windows reputation could depreciate any further although people keep buying it. duh, maybe they are stupid
no one owns rights to update my computer with software or with data. this is already established. when FAX came out the law was changed to prohibit unauthorized use of FAX machines for advertising, harassment or any reason
and there ain't no difference in a cell phone or a computer. it ain't yours: leave it alone.
Brazil too has directed ms crap not be used if I recall correctly.
ms was furious over that one ( tee hee, cheer cheer cheer ! )
ya know how to send a message to the capt. of a battleship?
use a torpedo
Slashdot Mirror
ain't no way to verify age or maturity the only Right thing to do is to get all sex and violence off the net best clean up television and video games too
you don't expect us to believe that do you?
cardinal numbers are for quantifying things, ~~ such as two beers, one golf ball, and twenty dollars.
the Universe, being infinite, does not lend itself to quantification and it is meaningless to discuss that aspect.
generally, human being have a lot of trouble understanding that infinite means
simply it means this: you cannot go to the ends of the Universe: no such place exists.
the Universe is infinite in every respect. that is the only way that it can exist.
the Universe is in a constant state of change. time and distance are abstracts of man and not important to the Universe
when you gaze into the sky tonite and see all the stars out there what you are looking at is a tiny piece of the never ending process of creation
"We are but a moment's Sunlight
"Fading in the grass...
"C'mon people now!
1 yes: it will be easy to get a certificate: signed by joe dokes. signed by a trusted software developer, -- not so easy. and that is exactly what we want.
2 now as far as executables go, I'm not sure of your definition of 'executable'. any script, even if only interpreted like a 'command list' has to be regarded as executable as these type of command lists might direct a computer to download and install un-authorized programming. and un-authorized programming might be 'maleware'
3 remember that an important part of security is RESPONSE. if all executable code has to be signed it will be easier to IDENTIFY who is responsible and to make an appropriate response.
4 some maleware is apparently directed client/server style by codes hidden in FLASH. it should be easy to see that if the FLASH has the ability to direct a remote binary to act on the target computer then the FLASH has to be regarded as executable and as such must be itself considered executable
5 the certificate system in use for web sites at this time is not adequate as was recently illustrated by the distribution of maleware via FLASH across what should be trustable sites e.g. MLB. this got by because the certificate only approves the web site generally. approval of every code fragment on the site is required.
6 this is NOT an issue that will go away. the internet is needed for business purposes and for personal use by honest people. mis-use of this resource can not be tolerated if business use of the net is to continue and to grow. all that remains is to determine what remedies are going to be applied.
a number of different remedies are possible including but not limited to (a) de-certifying Ms. windows for use as a business tool (b) re-building the internet as Internet II using IP(6) and with accountability built in (c) requiring signatures for everything executable (d) all of the above -- possibly more
foo, the promiscuous browser will pick up a rat .
and the rat takes up residence in your computer and waits till you open yer prude browser and log onto your bank
and then he pays his rat account
the only way to prevent rats from conducting their mischief is to PREVENT ALL UNAUTHORIZED PROGRAMMING
NO SIGNATURE? NO EXECUTE.
all programming will have to have PGP signatures, every fragment, no matter how samll. If it's executable it has to be signed oir else it goes in the garbage.
a locally installed app generally runs better
and is more trouble to maintain
how does this play in the market?
generally people do not want to fuss with their 'puters: they want an appliance they can take out of the box and just run
that is why most 'puters are sold with software already installed
running all apps off the net would have one considerable advantage: the computer "appliance" could be made non-modifyable
that doesn't mean you would never run an infected program but if you re-boot the computer you get a fresh start
and so you would re-boot before accessing anything sensitive
how many "ac" are you
i doubt 1 person could post all the stuff that you do
are you a ms propaganda team?
ms victims
Borland
Novell
MicroGraphix
Apple ( ms actually had to shore them up with cash in order to maintain the facade of actual competition )
everyone who has been hit with adware spyware, trojans and fraud based on ms windows promiscuous nature
yeah, ms IS evil. but as a component of the mammon you would expect them to be evil
the search warrant grants the court access to whatever is named in the warrant
the defendant may be held in contempt until he complies
FlashBlock like NoScript will allow you to have FLASH installed and select which media you want to allow
Flash, ActiveX, Java, et. al. render web pages executable, generally
at this point it appears that NO PLANNING has been done to secure these vehicles from spreading trojans and various un-authorized programming
am I to accept one certificate from a web site and take that as credentials for every page on that site?
this plan has been available for a while now, yet CyberCrime is flourishing. and CyberCrime generally relies on trojans: un-authorized programming.
with polymorphic virus changing their colors rapidly and 1,100 new virus appearing daily the anti-virus concept which relies on detection is now overwhelmed.
prevention is required and this means preventing un-authorized programming from running
NO SIGNATURE? NO EXECUTE.
flash might be used for stuff other than ads but guess what: who uses it the most? a/c yer views are generally too establishment. the www has a lot of defects from trojan vulnerabilities to onerous adware and privacy violations like that BlockBuster-Facebook link and these defects need to get cleaned out and the place to start is to put a stop to un-authorized programming.
thanks for the tip pard
I went out and got me the add-on and it is now in effect.
actually I don't want anyone running any un-authorized programs on my computer
hackers in particular, but advertisers can be pretty onerous
Gates ain't no visionary, tee hee ya got that right
...is a marketing guy.
he bought DOS from Tim Patterson and sold it to IBM
he stole the X-window graphic interface design from XEROX/PaloAlto Research Park (if I remember right) and sold it as "Windows"
and now I find out he hadda have his internet planning added to his visions book retroactively. did he have Al Gore ghost write it for him ( tee hee )
and his most famous quote "64k ought to be enough for anybody"
No, Gates is definitely NOT a visionary.
what Gates IS
and marketing guys operate by manipulating your perceptions. selling the king new clothes
what really have we got from Windows?
+ a 1 GB RAM computer with 1 GHZ processor still can't do what an IBM/AT could do using 1 MB ram and 12 MHZ processor remember: Lotus-1-2-3 and WordPerfect were just as effective for must use as Excel and Word running on MS/Vista. And a copy of Procomm+ gave you all the commo you needed.
+ a 1 MB/sec network connection cannot bring you communications as well as an old USR 9600 dual standard modem. the reason being: too much marketing fluff is sent with the info
+ CompuServe was a very good information exchange, the WWW has degraded into an advertising and market research forum
the one thing that Gates & Ms have truly excelled at however is: obsoleting your existing computer assuring a continued ( if forced ) demand for upgraded processors and software.
but Gates learned that at GM
sounds to me like Vista need to go in for re-work and come back out later, ready to use
what is Gates/Ms learning from OpenSource?
the lesson is easy: clean up your act or we will do it for you
there was a presentation on CyberCrime on NPR this morning: full 30 minutes.
the presentation focused mostly on the note that hacking software is for sale to kids these days and CyberCrime is a growing problem
what the report DID NOT focus on properly was that while CyberCrime is perceived as a minor nuisance and "just a cost of doing business" by the commercial industry ( loss rates about 15 or 20 cents per $100 ) -- a serious attack to an individual can ruin your life for a while
and so now we must consider how we will respond
Bruce Schneier is very insightful in his comments noting that those who have the ability to respond must be made liable for the consequences of not responding before any meaningful change will occur
Merchants, banks, ISPs, and software developers represents "those who have the capacity to respond"
but do they have the interest?
without liability for damages: no
but a customer who goes into BestBuy and picks out a new 500 dollar computer has every right to expect a computer that lets her surf the net and read eMail and put the knitting club labels out using Excel. She has every right to expect that computer to perform as advertised for a reasonable life span ( not topic today )
so when her new computer is plugged up with so much ad ware that it won't run anymore that is a product failure and the mfr is responsible
same thing if she logs onto her credit union and some Russian hackers steal her money. she had a right to expect where the computer advertised a secure connection that that connection was in fact secure and not served up as a RAT feast
this is a change in thinking for IT people who for too long have got away with transferring all responsibility for use to the end user
it's time for the industry to grow up and take responsibility for product quality.
I don't think that IT will willingly swallow this particular medicine. And so it will have to come in the form of an FTC rule
the report on NPR, where it trace the "how" of various attacks -- noted that "virus codes were injected" into victim computers
this is the first aspect that has to end. no running of un-authorized programs
this means all executables will have to be signed with a PGP signature authorized by a Certificate Authority.
it may mean we will have to acquire special devices for keeping our PGP secret keys. it certainly doesn't help to have your secret key on a workstation infected with RATS of various types. protecting those secret keys is mandatory if PGP is to be used to put a stop to un-authorized programming.
I think we will need a separate device for this, at least initially.
your post contains unacceptable language
nope it's the way to go
we need detection and response
detection is a technical point and we will need to change the rules to require you PGP signature for every piece of code published with the guide:
NO SIGNATURE? NO EXECUTE.
once we know who you are we can hold you responsible for your program and this is the RESPONSE aspect of security
don't think it won't happen and don't think it's silly. the current flood of maleware mandates improved security. detection and response are critical elements of security. as well as prevention. we like prevention best, but failing that we need to put any bad guys out of business
it isn't just "stupid" people
recently one hacker incorporated his codes into some advertising and then paid an ad agency to publish the stuff. and you could pick up his maleware by checking scores on MLB
FTC just shut down an online money processor for failure to exercise due diligence
we've had enough of this crap. it is time to take action from several directions, technical, legal. technical improvements to provide for DETECTION and legal improvements ro provide for RESPONSE. Civil liability for harm caused by maleware.
an ordinary customer should be able to buy a computer and surf on the net without getting the thing all plugged up with adware. think about this. if I plunk down good cash for a computer I should receive the value that I paid for. if my computer gets plugged up with maleware then I have not received what I expected for my money: the product has failed just like a set of tires that went 500 miles and then blew out flat. and from that I have a cause of action and deserve compensation, in addition to which the reputation for the product I bought will depreciate to GARBAGE although at this time I don't see any way Ms Windows reputation could depreciate any further although people keep buying it. duh, maybe they are stupid
no one owns rights to update my computer with software or with data. this is already established. when FAX came out the law was changed to prohibit unauthorized use of FAX machines for advertising, harassment or any reason
and there ain't no difference in a cell phone or a computer. it ain't yours: leave it alone.
Change is commin and bringin' hell with it
you won't need a driver's licence but you will be needing a programmer's licence
in the form of a registered PGP signature
and you will be liable/responsible for your code
and for those without a registered and approved signature:
NO SIGNATURE? NO EXECUTE.
this hasn't been adopted as SOP yet but with the amount of hacking going on and Ms Windows continued promiscuity it is a rather likely direction
IBM didn't sink from prominence overnight. It took from about 1980 to about 2000
at first there was a whisper of dissent along the hall in acedemia
and then new voices joined the complaint
and the pundits all screamed we are set upon by fools
and as it turned out the king actually did not have any clothes at all.
it most assuredly IS about ms crap
Brazil too has directed ms crap not be used if I recall correctly. ms was furious over that one ( tee hee, cheer cheer cheer ! ) ya know how to send a message to the capt. of a battleship? use a torpedo
every evil government has to have credible enemies
what new?