You got ownership of that copy of the firmware. When selling a console nobody presents a license to which you can consent or reject, they just take your money and give you a copy of a copyrighted work. Period.
So they shipped the thing without a firewall rule to block incoming traffic. What's your point? The same thing can be done with IPv4, with or without NAT.
You set the initial position of your fingers on a keyboard and ocasionally verify it and can know if you're drifting off via tactile feedback. Ever notice those little bumps on the F and J keys? They're there to tell your index fingers where the home row is without looking.
In other words, for software doing something like this to be NOT found, it would have to be whitelisted. At least for most AV tools this is the current situation.
Please, that's ridiculous. I have personally seen numerous instances (perhaps 3-5 per year) where various workstations at companies of various sizes will have clearly become infected by something yet the company's very expensive and fully up to date anti-virus software detected nothing at all. The only reason the virus was detected at all was because it was spotted scanning the network or transmitting spam or causing other clear symptoms.
This is why I'm of the opinion that anti-virus software is worthless against serious attackers. The heuristics can't possibly catch all vectors of attack and signatures are worthless against new viruses or ones custom written for the victim. Not only that, but there's no way the anti-virus software itself can guarantee that IT won't be compromised since it is running on the same machine and usually with the same privileges as the virus.
And that isn't even taking in to account how many times I've encountered users who were practically trained by the anti-virus software to disregard warnings, allow flagged activity, or disable various features entirely because of false positives and random problems caused by interference from the AV software.
The AV software may catch random spambot viruses that have been mass-distributed for weeks, but they certainly aren't going to thwart anyone with a lot of time and resources dedicated to compromising a particular victim.
How good is Python as a web language? Python is very easy to use and structured, while PHP is yucky. Does PHP have some strong points that make it particularly suitable for Web development vs. Python?
Yes, PHP is a piece of junk language to be sure, however it is ubiquitous, convenient, and works ok for simple web pages. It is also understood by web design software (like dreamweaver) and is doable by web design people who aren't hardcore programmers (I guess that was its whole point).
That said, one approach I've taken in the past a couple of times for bigger/more complicated apps is writing the guts of the application as a standalone program (a daemon or service) and giving it an XML-RPC interface. Then, I'd write a simple PHP web interface which talks to the real application via XMLRPC (there's an xmlrpc client library out there for php).
Now, there is obviously overhead in using it this way, so it usually doesn't make sense to do all of this for some simple database frontend (which is all that a lot of web apps are). But for bigger, more complicated things it may be worthwhile. Design people can fidget with the front-end easily, the PHP mess is kept small and simple, and you get to use whatever language you want for the real work (pretty much all modern languages have easy to use XML-RPC libraries now). Plus, this makes it quite easy to write other sorts of interfaces to the application, should you ever want to (like, a simple command line utility for system administrators to check the status of report generation, in one of my cases)
My favorite language is python, but unfortunately due to its syntax it does not work well for templating (doesn't cleanly embed in HTML or anything else). The python templating systems that exist add "impurities" to the Python syntax in templates to indicate things like the beginning and end of a block. I wound up using Cheetah for one unfortunately short lived project. I intially hated cheetah because of its syntax, however after actually using it I found it to be surprisingly intuitive from the perspective of a python programmer. Often I wasn't sure how to write some construct in cheetah, but I'd just try what I thought would be correct and it just worked, time after time. I wish its error handling/reporting sucked less, but I find myself wishing that of many templating systems.
I've only ever written about 2000 lines of ruby code just to see what it was like. I liked it a lot, but not more than I liked python. I hated rails, but ruby syntax embeds fine.
And crimes were committed. Rape and murder, both of which carry considerable penalties. Did our hypothetical photograph viewer encourage these crimes which may have occurred decades ago? Or are you arguing that he is committing a new crime by simply looking at the photos?
No to both, I think. My opinion on things in general is "that which occurs among consenting adults is noone's business but theirs" but this is a bit of a grey area.
If said pictures were purchased, then an argument could be made that buying them promotes the real crimes that result from their production. Otherwise, the person looking at them can't possibly be guilty of anything.
The boxes are very much a part of their infrastructure. They are designed to work with a single provider.
It doesn't matter whose infrastructure it is connected to. Either you own the box/phone or the provider owns it. If you own the box, you can do whatever you please with it. If the provider doesn't like how _your_ equipment is interacting then they can disconnect you from _their_ network (ie, deny you the right to broadcast on airwaves licensed to them only).
Now if my understanding is correct, the iPhone is not rented, not leased, but purchased. The iPhone at that point is the property of the individual who bought it, not AT&T.
Amazing how the right sort of shiny toys, be they game consoles or movies or phones make some people completely overlook such a simple thing as the concept of private property.
I can block your attack by turning off Javascript. There's nothing I can do in the typical browser to block a GET-based attack.
There's nothing about this attack that makes it obviously look like an attack though (until maybe after it has happened). Unless you have javascript turned off always or have some sort of per-site whitelist, you wouldn't know when to turn it off.
And even then, I could forget javascript and trick you into submitting the form yourself by making an image submit or button that looks like something totally innocuous.
With POST, on the other hand, you have to get the victim to submit a deliberately crafted form. With JavaScript you could do this automatically, but that's not nearly as easy as
Not nearly as easy? Here, lets transform your sample attack into a POST-based one:
If you are not a SEx member, how the hell can they be collecting fees for your copyrighted works if they hold no copyright on your works?
Its called compulsory licensing. It is basically a uniform license that the copyright holders are forced (by law) to grant to anyone. But it is just an option to license the music. If you work out some other license with the copyright holder then you don't need to use the compulsory license.
The net radio broadcasters could, in theory, short circut this whole rate hike thing by negotiating directly with the copyright holders. Though in this case, the compulsory licensing people and the copyright holders are mostly one in the same.
By that rationale, any law that prevents one person giving another person permission to do him/her serious bodily harm (or even commit his/her murder) would be fascism. Are you OK with that?
Yes. Including assisted suicide.
Comfortable with the idea that some mentally deranged person could let himself be harmed because to stop him from doing so would be a restriction of his "rights"?
Yes. Unless they had some serious psychological problem such that they were institutionalized, constantly monitored, and basically treated the same as a young child - no responsibilities, no rights.
Not having played the game or seen all of its content, how can you be so certain that this game didn't cross the BBFC's commonly accepted line?
That's not really my point. The BBFC can have whatever opinion it wants. It should not be able to say what free, responsible adults can and cannot look at. Noone should be able to.
That the adults in question are responsible and sensible may be an assumption, but to have a free society we have no choice but to assume members of it are responsible people until they prove otherwise.
Assuming it even is possible for someone to watch a video game and become brainwashed into real violence, ocasional outbursts of that are a tradeoff I'm willing to make for an absolute freedom of speech.
Professional racing drivers would have no trouble zooming along a road at 200 miles per hour even in the rain. However, the average guy would just get himself killed in those same conditions. Is it asking the pro has to stick to the speed limits that will keep the average guy from becoming a grease spot a form of fascism? Or is it just common sense?
I assume this is a public road you're talking about. But speed limits (a preventative law) would be a compromise I'm willing to make because it is very clear that driving 200MPH down city streets poses a huge danger to non-consenting people. Not only that, but public property is involved in this case.
And I don't accept speed limits to keep average joe from making himself a grease spot, I accept speed limits to keep other people from becoming grease spots.
If this is private property where he can't harm anyone who doesn't accept that risk, Average Guy can drive as fast as he pleases.
People are desensitized to what they observe, and it is reasonable to choose to not desensitize oneself to certain things.
To choose not to desensitize oneself is one thing. To have someone else deciding what you should or should not be sensitized to and what sorts of matierals are doing the densitizing is a completely different situation. The later situation is not in society's interest.
There is nothing wrong with society in general deciding which forms of entertainment are acceptable and which aren't.
If said forms of entertainment involve only consenting adults, then that's only acceptable if fascism is acceptable to you.
In some places cock-fighting is legal, in others it's not. In some places certain sexual acts between consenting adults is legal, in others it's not. In some places portraying certain historical figures as heroes is legal, in others it's not. Somewhere out there, using your neighbours kids for target practice might be legal, but (thankfully) most places it's not. In many aspects, this is no different.
Some of those acts involve non-consenting people (or, animals if you want to consider that) while the rest of these acts only involve consenting adults. Very big difference. The sale of a video game to a minor is one thing. The sale of a video game to an adult is another. Not only that, but ESRB ratings are not laws. The rest of your examples are.
We don't always like them all (Please tell me why I should have to endure others poisoning me with their tobacco smoke when I wait for my train?)
Depends. Is the train public or private property? Big difference.
Sorry, it's a bad day for leeches and thieves, and a good day for honest people.
Since there's no such thing as uncopyable data, the DMCA has no effect on leeches or thieves. They were violating the law before, and the'll be violating the law in the future. The only effect it has is a negative one on honest people. Not a good day for honest people at all.
Slashdot Mirror
You got ownership of that copy of the firmware. When selling a console nobody presents a license to which you can consent or reject, they just take your money and give you a copy of a copyrighted work. Period.
So they shipped the thing without a firewall rule to block incoming traffic. What's your point? The same thing can be done with IPv4, with or without NAT.
Possibly the fact that the sole biological function of every living thing on this planet is to make more of it self?
You set the initial position of your fingers on a keyboard and ocasionally verify it and can know if you're drifting off via tactile feedback. Ever notice those little bumps on the F and J keys? They're there to tell your index fingers where the home row is without looking.
Please, that's ridiculous. I have personally seen numerous instances (perhaps 3-5 per year) where various workstations at companies of various sizes will have clearly become infected by something yet the company's very expensive and fully up to date anti-virus software detected nothing at all. The only reason the virus was detected at all was because it was spotted scanning the network or transmitting spam or causing other clear symptoms.
This is why I'm of the opinion that anti-virus software is worthless against serious attackers. The heuristics can't possibly catch all vectors of attack and signatures are worthless against new viruses or ones custom written for the victim. Not only that, but there's no way the anti-virus software itself can guarantee that IT won't be compromised since it is running on the same machine and usually with the same privileges as the virus.
And that isn't even taking in to account how many times I've encountered users who were practically trained by the anti-virus software to disregard warnings, allow flagged activity, or disable various features entirely because of false positives and random problems caused by interference from the AV software.
The AV software may catch random spambot viruses that have been mass-distributed for weeks, but they certainly aren't going to thwart anyone with a lot of time and resources dedicated to compromising a particular victim.
Yes, PHP is a piece of junk language to be sure, however it is ubiquitous, convenient, and works ok for simple web pages. It is also understood by web design software (like dreamweaver) and is doable by web design people who aren't hardcore programmers (I guess that was its whole point).
That said, one approach I've taken in the past a couple of times for bigger/more complicated apps is writing the guts of the application as a standalone program (a daemon or service) and giving it an XML-RPC interface. Then, I'd write a simple PHP web interface which talks to the real application via XMLRPC (there's an xmlrpc client library out there for php).
Now, there is obviously overhead in using it this way, so it usually doesn't make sense to do all of this for some simple database frontend (which is all that a lot of web apps are). But for bigger, more complicated things it may be worthwhile. Design people can fidget with the front-end easily, the PHP mess is kept small and simple, and you get to use whatever language you want for the real work (pretty much all modern languages have easy to use XML-RPC libraries now). Plus, this makes it quite easy to write other sorts of interfaces to the application, should you ever want to (like, a simple command line utility for system administrators to check the status of report generation, in one of my cases)
My favorite language is python, but unfortunately due to its syntax it does not work well for templating (doesn't cleanly embed in HTML or anything else). The python templating systems that exist add "impurities" to the Python syntax in templates to indicate things like the beginning and end of a block. I wound up using Cheetah for one unfortunately short lived project. I intially hated cheetah because of its syntax, however after actually using it I found it to be surprisingly intuitive from the perspective of a python programmer. Often I wasn't sure how to write some construct in cheetah, but I'd just try what I thought would be correct and it just worked, time after time. I wish its error handling/reporting sucked less, but I find myself wishing that of many templating systems.
I've only ever written about 2000 lines of ruby code just to see what it was like. I liked it a lot, but not more than I liked python. I hated rails, but ruby syntax embeds fine.
Or execute malicious code to break functionality of your own property, or "patch an insecure system" as their lie goes.
As does PG. With persistent history, tab completion, etc.
So you can write code that is vastly non-portable... what a useful feature.
CREATE USER joe;
ALTER USER joe WITH PASSWORD 'password';
pg_dump dbname
We use python too. The PG/python integration is also great.
As for 1984, if you consider what was going on in the world at the time it was written it shouldn't seem all that paranoid.
Right, because how something LOOKS is far more important than how it WORKS.
No to both, I think. My opinion on things in general is "that which occurs among consenting adults is noone's business but theirs" but this is a bit of a grey area.
If said pictures were purchased, then an argument could be made that buying them promotes the real crimes that result from their production. Otherwise, the person looking at them can't possibly be guilty of anything.
The key thing and main difference with what you're talking about is that its production involved non-consenting people.
I have a better idea: you keep your fascist desires in YOUR bedroom, not on the internet.
We'll all be much better off that way than with any kind of porn ban.
It doesn't matter whose infrastructure it is connected to. Either you own the box/phone or the provider owns it. If you own the box, you can do whatever you please with it. If the provider doesn't like how _your_ equipment is interacting then they can disconnect you from _their_ network (ie, deny you the right to broadcast on airwaves licensed to them only).
Now if my understanding is correct, the iPhone is not rented, not leased, but purchased. The iPhone at that point is the property of the individual who bought it, not AT&T.
Amazing how the right sort of shiny toys, be they game consoles or movies or phones make some people completely overlook such a simple thing as the concept of private property.
Fortunately, slashdot is not a mall. That's why most of us are here.
Though it is beginning to seem more and more like a mall, as evidenced by your other reply in this thread.
This Neuros box only has composite video out. Component or S-Video would be substantially better even for SD stuff.
The onboard USB is USB1, which is useless for video.
There's nothing about this attack that makes it obviously look like an attack though (until maybe after it has happened). Unless you have javascript turned off always or have some sort of per-site whitelist, you wouldn't know when to turn it off.
And even then, I could forget javascript and trick you into submitting the form yourself by making an image submit or button that looks like something totally innocuous.
Not nearly as easy? Here, lets transform your sample attack into a POST-based one: That wasn't very hard at all. POST gains you nothing security-wise.
Using POST will solve nothing. This sort of attack can still be pulled off by Javascript invoking a malicious POST request.
Its called compulsory licensing. It is basically a uniform license that the copyright holders are forced (by law) to grant to anyone. But it is just an option to license the music. If you work out some other license with the copyright holder then you don't need to use the compulsory license.
The net radio broadcasters could, in theory, short circut this whole rate hike thing by negotiating directly with the copyright holders. Though in this case, the compulsory licensing people and the copyright holders are mostly one in the same.
And consumers should be able to do whatever they want to their products, without having to put up with crap like this from companies.
Yes. Including assisted suicide.
Yes. Unless they had some serious psychological problem such that they were institutionalized, constantly monitored, and basically treated the same as a young child - no responsibilities, no rights.
That's not really my point. The BBFC can have whatever opinion it wants. It should not be able to say what free, responsible adults can and cannot look at. Noone should be able to.
That the adults in question are responsible and sensible may be an assumption, but to have a free society we have no choice but to assume members of it are responsible people until they prove otherwise.
Assuming it even is possible for someone to watch a video game and become brainwashed into real violence, ocasional outbursts of that are a tradeoff I'm willing to make for an absolute freedom of speech.
I assume this is a public road you're talking about. But speed limits (a preventative law) would be a compromise I'm willing to make because it is very clear that driving 200MPH down city streets poses a huge danger to non-consenting people. Not only that, but public property is involved in this case.
And I don't accept speed limits to keep average joe from making himself a grease spot, I accept speed limits to keep other people from becoming grease spots.
If this is private property where he can't harm anyone who doesn't accept that risk, Average Guy can drive as fast as he pleases.
To choose not to desensitize oneself is one thing. To have someone else deciding what you should or should not be sensitized to and what sorts of matierals are doing the densitizing is a completely different situation. The later situation is not in society's interest.
If said forms of entertainment involve only consenting adults, then that's only acceptable if fascism is acceptable to you.
Some of those acts involve non-consenting people (or, animals if you want to consider that) while the rest of these acts only involve consenting adults. Very big difference. The sale of a video game to a minor is one thing. The sale of a video game to an adult is another. Not only that, but ESRB ratings are not laws. The rest of your examples are.
Depends. Is the train public or private property? Big difference.
Since there's no such thing as uncopyable data, the DMCA has no effect on leeches or thieves. They were violating the law before, and the'll be violating the law in the future. The only effect it has is a negative one on honest people. Not a good day for honest people at all.