You can use portions of copyrighted works for all sorts of purposes without permission.
Now if Turnitin is deriving their methods from the copyrighted works instead of just doing fancy diffs on the entire work itself, they might have a defensible position. This should be interesting to watch develop as more details unfold.
At one point it's a text editor. At another in the review, it's an RoR development tool. Maybe the book itself is clear on what it is about, but the review sure isn't.
The reason that Trend Micro's "new" approach will fail is... rather long. Follow along for a moment.
a. Vulnerability is found and exploit is written. b. Exploit needs to be distributed. c. Exploit is distributed via a quick spam flood - they have no protection against this.
Actually, they do. That's part of why the approach is novel. d. Exploit is posted on a web site - how do the bad people drive traffic to that site? e. They use a compromised site. They hide the exploit in a directory that robots.txt says not to scan. Either Trend Micro violated robots.txt or it cannot find the exploit. f. So Trend Micro will have to violate robots.txt and that behaviour should be noticeable. So the bad guys would hide that file from something that looks like a webcrawler that doesn't respect robots.txt.
Actually, they can do this without scanning directories forbidden by robots.txt. Again, it's why the approach is novel.
Sorry, I can't say more as I'm under NDA. I'm sure the details will emerge soon.
There's a good strategy: do a crummy job to stay employed. Let me know how that works out for you.
Come review time, a good manager is less likely to focus on the 4-hour network outage 5 months ago that you could have fixed in 2 than she is on how much improvement there is in the overall performance of the network.
If you are doing a good job and things are running smoothly, then you need to make people aware of what you have been doing to keep it that way. If you keep quiet and nobody knows what you are doing, then you run the risk of somebody looking at you salary as a line-item on a budget and wondering why it is they need you.
I'll give you an example. Several years ago, I was running IT Ops at an F500 company. We made a small change to the trouble ticket system whereby we started sending out a monthly summary to people who had made requests, listing the requests they had made and their resolutions. We called this the What Have We Done For You Lately Report. While nothing else changed, the perception of the job done by the support team improved dramatically. On a scale of 1-5, overall customer satisfaction increased from 3.9 to 4.4 in a span of six months (surveyed quarterly) and stayed at that level even after I left the company.
Let me emphasize that. By writing an automated report that took a programmer less than a day, we improved customer satisfaction with the group from 3.9 (which is pretty good), to 4.4 (very hard to attain). Afterwards, I never had any problems asking for headcount or budget for that group, because people remembered what they were doing for them.
You're right. I went back and read the original Shadowserver article. It's the number they are tracking, not their belief of the total number of infected machines.
Not true. Most modern bots are designed to stay under the radar. A zombie PC is worth money and it makes sense to keep control of it as long as possible. So most newer malware uses system resources sparingly.
Didn't he say at the World Economic Forum at Dovos that as many as 25% of all machines connected to the internet were infected? That strikes me as a whole lot more than 1.2 million
There's a whole, formal set of rules in the US that determine how you can classify a worker. Some of it has to do with withholding tax or liability for unpaid withholding tax, and some for preventing trying to use accounting sleight of hand to classify employees as temps to make your books look better. I used to know this "chapter and verse" but it hasn't been that relevant for me for some time. A quick google on "rules for determining temporary versus employee" returns over 1 million results, if you wish further information
As Hilary laughs it off saying it was better than her off key rendition of the Star Spangled Banner I imagine her muttering under her breath, "yeah, and the really funny part is that asshole is out of a job and if I have anything to do with it, will never work again."
Provide some "test your download speed here" app, collect zip code & ISP of person testing, map results. If one can garner enough mindshare, one could build this map without forcing the ISP's to disclose anything. Reverse engineering, in a manner of speaking.
When you do it in a systematic way to avoid hiring employees as regular, full-time workers to avoid paying benefits. MSFT lost a big lawsuit in the early '90's over this. A little research with your favorite search engine should give you the background.
The greatest barrier to creativity is a lack of boundaries. Counter-intuitive - almost zen-like - but we've found it to be true.
And this is why people play Dungeons & Dragons (and similar games), and why network engineers often spend time putting out fires when they could be improving the network.
I wonder of these are the same folk who post on/. about how their bosses are total jerks who don't understand them and recognize their accomplishments?
Hint: Your boss cares more about making things better.
Assuming you are an average, consumer ISP customer, chances are extremely high that your ISP is doing anti-spam filtering at the border and you most certainly cannot opt-out.
Malicious content on the internet has grown exponentially since criminals figured out how to make money using the internet.
There's a line here. Most people would say that ISP's blocking spam is a good thing. OK, what about blocking access to web sites that contain known malicious code? How about known phishing sites, should these be blocked? Or botnet C&C's?
Again, since most people will accept that some line exists over what should and should not be blocked, then the argument comes down to where to draw that line. Short of legislation regulating where the line is drawn (we all know how well that's worked... not), people will argue, some quite vocally, over where to draw that line (actually they will do it even it it is legislated). Some will say it's not enough, some will say too much, some will say it's just right or not care.
It sounds like the author has a serious axe to grind and I'm a little disappointed he was given the space to do it here. When the author uses a large forum like Slashdot, the author should be factual, (e.g., Paul Vixie was never on the Abovenet Board of Directors. He was in senior management, but that's an important distinction. Research it if you wish).
When I see misrepresentations that I know about, then it makes me wonder how much else is being misrepresented in the article.
Slashdot Mirror
There is nothing in the Artistic license that prohibits commercial use.
http://www.networkmirror.com/9VoYxUYQ4uLdx_2F/www. linuxtechdaily.com/2007/04/editorial-compiz-and-be ryl-merger/index.html
I believe I can get perl under the Artistic License. How does the MIT license differ in a way that is advantageous?
Seems to me like somebody is feeling the tug of pedantry.
You can use portions of copyrighted works for all sorts of purposes without permission.
Now if Turnitin is deriving their methods from the copyrighted works instead of just doing fancy diffs on the entire work itself, they might have a defensible position. This should be interesting to watch develop as more details unfold.
the article is only 2, not 10 pages long to begin with.
Hey MacCloud, get off of my ewe!
At one point it's a text editor. At another in the review, it's an RoR development tool. Maybe the book itself is clear on what it is about, but the review sure isn't.
Is your desire to surf the web as great as your sex drive? Your analogy is deeply flawed.
The reason that Trend Micro's "new" approach will fail is ... rather long. Follow along for a moment.
a. Vulnerability is found and exploit is written.
b. Exploit needs to be distributed.
c. Exploit is distributed via a quick spam flood - they have no protection against this.
Actually, they do. That's part of why the approach is novel.
d. Exploit is posted on a web site - how do the bad people drive traffic to that site?
e. They use a compromised site. They hide the exploit in a directory that robots.txt says not to scan. Either Trend Micro violated robots.txt or it cannot find the exploit.
f. So Trend Micro will have to violate robots.txt and that behaviour should be noticeable. So the bad guys would hide that file from something that looks like a webcrawler that doesn't respect robots.txt.
Actually, they can do this without scanning directories forbidden by robots.txt. Again, it's why the approach is novel.
Sorry, I can't say more as I'm under NDA. I'm sure the details will emerge soon.
There's a good strategy: do a crummy job to stay employed. Let me know how that works out for you.
Come review time, a good manager is less likely to focus on the 4-hour network outage 5 months ago that you could have fixed in 2 than she is on how much improvement there is in the overall performance of the network.
If you are doing a good job and things are running smoothly, then you need to make people aware of what you have been doing to keep it that way. If you keep quiet and nobody knows what you are doing, then you run the risk of somebody looking at you salary as a line-item on a budget and wondering why it is they need you.
I'll give you an example. Several years ago, I was running IT Ops at an F500 company. We made a small change to the trouble ticket system whereby we started sending out a monthly summary to people who had made requests, listing the requests they had made and their resolutions. We called this the What Have We Done For You Lately Report. While nothing else changed, the perception of the job done by the support team improved dramatically. On a scale of 1-5, overall customer satisfaction increased from 3.9 to 4.4 in a span of six months (surveyed quarterly) and stayed at that level even after I left the company.
Let me emphasize that. By writing an automated report that took a programmer less than a day, we improved customer satisfaction with the group from 3.9 (which is pretty good), to 4.4 (very hard to attain). Afterwards, I never had any problems asking for headcount or budget for that group, because people remembered what they were doing for them.
You're right. I went back and read the original Shadowserver article. It's the number they are tracking, not their belief of the total number of infected machines.
Not true. Most modern bots are designed to stay under the radar. A zombie PC is worth money and it makes sense to keep control of it as long as possible. So most newer malware uses system resources sparingly.
Didn't he say at the World Economic Forum at Dovos that as many as 25% of all machines connected to the internet were infected? That strikes me as a whole lot more than 1.2 million
There's a whole, formal set of rules in the US that determine how you can classify a worker. Some of it has to do with withholding tax or liability for unpaid withholding tax, and some for preventing trying to use accounting sleight of hand to classify employees as temps to make your books look better. I used to know this "chapter and verse" but it hasn't been that relevant for me for some time. A quick google on "rules for determining temporary versus employee" returns over 1 million results, if you wish further information
much nastier to let a broken man suffer than put him out of his misery.
As Hilary laughs it off saying it was better than her off key rendition of the Star Spangled Banner I imagine her muttering under her breath, "yeah, and the really funny part is that asshole is out of a job and if I have anything to do with it, will never work again."
As solving the problem for dialup-to-dsl would address probably 80% of the problem, yes, I would define that as a successful outcome.
Provide some "test your download speed here" app, collect zip code & ISP of person testing, map results. If one can garner enough mindshare, one could build this map without forcing the ISP's to disclose anything. Reverse engineering, in a manner of speaking.
When you do it in a systematic way to avoid hiring employees as regular, full-time workers to avoid paying benefits. MSFT lost a big lawsuit in the early '90's over this. A little research with your favorite search engine should give you the background.
The greatest barrier to creativity is a lack of boundaries. Counter-intuitive - almost zen-like - but we've found it to be true.
/. about how their bosses are total jerks who don't understand them and recognize their accomplishments?
And this is why people play Dungeons & Dragons (and similar games), and why network engineers often spend time putting out fires when they could be improving the network.
I wonder of these are the same folk who post on
Hint: Your boss cares more about making things better.
You bet they do. More spam = more storage = greater operating cost.
Assuming you are an average, consumer ISP customer, chances are extremely high that your ISP is doing anti-spam filtering at the border and you most certainly cannot opt-out.
Malicious content on the internet has grown exponentially since criminals figured out how to make money using the internet.
There's a line here. Most people would say that ISP's blocking spam is a good thing. OK, what about blocking access to web sites that contain known malicious code? How about known phishing sites, should these be blocked? Or botnet C&C's?
Again, since most people will accept that some line exists over what should and should not be blocked, then the argument comes down to where to draw that line. Short of legislation regulating where the line is drawn (we all know how well that's worked... not), people will argue, some quite vocally, over where to draw that line (actually they will do it even it it is legislated). Some will say it's not enough, some will say too much, some will say it's just right or not care.
It sounds like the author has a serious axe to grind and I'm a little disappointed he was given the space to do it here. When the author uses a large forum like Slashdot, the author should be factual, (e.g., Paul Vixie was never on the Abovenet Board of Directors. He was in senior management, but that's an important distinction. Research it if you wish).
When I see misrepresentations that I know about, then it makes me wonder how much else is being misrepresented in the article.
Many people like to hear about the experiences, both good and bad, that others have had when making a decision to make changes.