I'd like to see the ability to buy channels individually, *and* pay-per-view any program on any channel. If I only watch the occasional show on a channel then why should I pay the full subscription cost? I should be able to pay for a specific show. Maybe even offer season tickets to see an entire series.
From what I can tell of watching people use their computers, often what people want is one good app. to do whatever their current task is, not lots of choice.
The problem is that "one good app" to one person isn't the same as "one good app" to another.
The only people I know who use more than one web browser are web designers/developers checking pages out.
I used to use Mozilla... When FireBird/Fox appeared, I found that it was more suited to my needs so I switched to that...There are plenty of people still using Mozilla and similarly plenty of people using Opera, etc. I chose FireFox because it does what I want.. the Opera users chose Opera because it did what they want... Not many people have multiple browsers installed, but a lot of people have different browsers installed.
Multiple editors? I've seen that, but only to handle different languages, and only rarely.
Again, it's not about having lots of editors installed at the same time, it's about being able to make a choice. I like Vim, other people like Emacs, and those people who don't need an especially powerful editor are quite happy on Joe or Pico. Why must I bow to Microsoft's decision that everyone will like Notepad?
I don't need 50 different packages that all try to do the same thing, I just need one good program that actually does it.
Ah, one good program that does it... like IE you mean? What exactly does that do well except letting random people hijack your computer?
I like having my programs and commands have names that actually make sense, not things like "grep", "GIMP", "X".
They are all short for something, to save you having to type an essay for each command you want. If you don't like typing the shorhand then try using alias: alias Get_Regular_Expression='grep' alias Graphical_Image_Manipulation_Program='gimp' alias X_Windows='X' ... Because names like "Excel", "Access" and "Powerpoint" tell you exactly what those programs do...
In light of the huge number of recent IE exploits, are the big manufacturers like Dell replacing IE with Firefox (or similar)? If not, why not? I would've thought it would reduce their support load significantly - how many support calls do you think they're getting about compromised machines?
When 100% of the traffic received from a large netblock is undesirable for a long enough period of time, any reasonable person will eventually add firewall rules or blocklist entries to solve the problem.
Not just 100% - when a large proportion of the traffic is undesirable (i.e. when it's losing you more than you're gaining by allowing it) then you'll block the netblock.
At the start of the year, my website was being log spammed by someone using a dynamic IP address in the 213.23.0.0/16 and 82.82.0.0/16 netblocks. They were pulling several gigabytes of data off my site each week to get in my referrer logs (which aren't even published to search engines). I emailed the ISP's abuse address and got absolutely no reply - they just weren't interested at all. Since the log spammer is on a dynamic address, I can't just block that user - I have had to firewall out both/16 netblocks. This hurts the legitimate users on those netblocks because just one user out of the 130,000 other possible users of those netblocks was the bad apple and the ISP refused to do anything about it. And you know what - even now, several months after I set up the firewall rules to block this person, I see them trying again at the same time every month, so I can't take the firewall down.
There are 2 people at fault here: 1. The log spammer 2. The ISP for not caring
As far as I can see, in the situations where an entire country is blocked, there are 3 people at fault: 1. The fraudster/spammer/whatever 2. The ISP who don't care 3. The country's government/law enforcement people who don't care
There are innocent people hurt in the process, but the people being hurt have no choice - those innocent bystanders who are caught in the crossfire need to put pressure on their ISPs and government to resolve the problem.
My message was a response to the complaint that it was easy to bypass the security (which it is not, it just takes a little forethought), it wasn't a recommendation about how your kids should be handled.
See my otherposts on my opinions of dealing with the kids.
I should point out that I am not a parent, but I have lots of dealings with schools that face these problems. I agree with you entirely that parents should lay down ground rules and punish the kids if they break the rules. However, IMHO there is a place for filtering at home to prevent the kids from accidentally wandering into a porn site.
Schools on the other hand, have a different problem - the kids aren't going to care as much about pissing off their teachers as they do about pissing off their parents, plus there is peer pressure involved. (Did you never crack your school/college's computer system when you were a kid?:) The systems at schools need to be far more robust, especially since the parents often hold the school responsible for their kid's activities while there. However the school must also enforce the rules through punishment rather than always looking for the technological solution, which is something that a lot of schools seem to steer clear of. (Some of that may well be down to buck passing - the teacher doesn't want to deal with it, it's the sysadmin's fault).
No wonder America has double the teenage pregnancy rates in comparison to other industrialized nations: idiot puritanical repressed parents who think sex and nudity will warp little johnny for life.
Errm, I live, work and supply filtering software for schools and businesses in the UK...
i've found schools prefer to have the blocking at the isp level
That's not my experience at all - I work in the filtering industry, supplying systems (running under linux) to schools and they *love* the ability to control access locally for specific groups. Got a class of 15 year olds doing history projects about violence and oppression? cool - give them access to those sites but lock out the rest of the school. If you had to do this at the ISP level it'd be hell - you couldn't do things for a specific group of users and you'd be forever chasing the ISP to change stuff.
so a kid with a laptop and a wireless card still can't pull up porn
Not sure what this has to do with anything - this is purely a network design problem. If you're stupid enough to stick a wireless access point on the internet side of your filtering proxy then of course kids are gonna do that. The solution is to simply put the AP on the inside of the proxy so the kids still have to go through the filters.
i've also seen schools block such things as babelfish
Blocking babelfish doesn't sound too bright, but probably the worst site is images.google.com - it can be used for some really good stuff, but it can also be used to find porn. Since images.google provides pages of images with not textual content, there's nothing to keyword filter on so there's no way to tell if the user's looking at porn or completely legit stuff. The only thing the administrator can do is make a decision to either block the whole site or leave it accessible.
Ok, fair enough - lock the server and DSL router/cablemodem/whatever in their own cupboard. Or epoxy the network cable into the socket:)
Seriously, there are good solutions to all these problems, security is what you make it. Hell, you could get a PCI DSL card and have the phone line plugged directly into the server - in that case the kid has to not only get hold of a new DSL router but has to know the username and password for the ISP.
a) correct - if kids want porn they will find it. IMHO the purpose of filtering is to prevent innocent kids from accidentally ending up on a porn site (does happen). If the kid is actively going after porn you give 'em hell.
b) Only if is is presented as an enforcement system - if it is intended as a protection system (see above) then there is no problem.
I work in the web filtering industry and most of our software goes to schools - specifically the comprehensive school level. It seems not many parents are happy to let their 13/14 year olds spend all day surfing porn.
The silly thing is, no matter how hard you try, you will never block 100% of the porn and the kids always find the stuff that gets through. But a lot of the schools want a technological solution and refuse to actually punish the kid for it. If you've got a filtering solution installed that catches 99% of porn sites and one of the kids spends a while surfing the other 1%, they really have no excuse - it wasn't an accident they got to that porn, they did it on purpose - when you catch them you have to punish them to stop them doing it again but a lot of our customers are not willing to take steps such as removing the kid's internet access for a week or two. If you were surfing porn at work you'd get a warning and then get fired. Pulling someone's internet connection at school seems a perfectly legitimate solution.
There have also been incidents where little Jonny has been caught looking at porn despite the filtering, the school has informed his parents and the parents have immediately held the school responsible and threatened legal action.
Yes, very young children should always be supervised when using the internet, but once you get to comprehensive school level it isn't feasable to supervise every kid each minute they spend on a computer. The solution is simply to do your best at blocking the sites so that people don't accidentally stumble upon them and anyone caught abusing the internet access gets a warning, the next time they get their connection pulled for a while and if they keep doing it then block their access permanently.
1. don't give the kid the root password to the router that's handling all this filtering - use a strong password to prevent brute forcing in the ample time the kid has to sit there. 2. iptables the router down to force client machines through the proxy 3. password protect GRUB to stop the kid going into single luser mode 4. remove floppy/CD drives/USB ports from the router machine to prevent the kid booting off a boot image and bypassing the passwords protection like that 5. put a padlock on the case to stop the kid plugging a floppy in
In the short term it probably won't help very much - spammers will just spoof domains that don't do SPF. As time goes on we can slowly weight SPF in our spam systems - i.e. mails from domains that don't publish SPF records are more likely to be spam. The fact that you're going to lose more mail you're sending if you don't pull your finger out and publish records will make more people add records.
As more people add them, the chances of a un-spf'd domain being spam increases yet more, so we can weight it towards the spam end of the spectrum a bit more in our MTAs. The whole thing should (hopefully) snowball to a point where when it gets to a high proportion of domains publishing SPF records (e.g. 95%) we can take the decision to outright block anyone who isn't.
At that point, the only ways to send spam are: 1. register your own domains and spam from them with SPF records set accordingly. 2. hijack the domain belonging to the compromised machine you're sending the spam from.
In the case of (1), this makes it rather traceable and the SPF records would have to allow large numbers of machines to post - we can weight the spam systems based on how many senders are covered in the SPF records - a domain that says that 16 million machines can send from it is more likely to be spamming you than one that says it has a single mail sender. It also costs a (small) amount of money to register a domain and doing some kind of distributed blackhole system against that domain would mean the spammers would have to keep registering new domains. It'd be nice if the domain registrars actually bothered checking that the domain is registered to a real address and there are easy ways of doing this - if you're paying for the domain by credit card then store the address of the card holder since you know that is a real address that can be held accountable (unless the card was stolen, in which case the spammers have broken some quite serious laws).
In the case of (2), the owner of the compromised machine will get hell and be forced to fix it (we would be in a situation where you know that the owner of the domain the spam came from would be in some way responsible for the spam and you wouldn't be attacking an innocent 3rd party by making a complaint to the domain owner).
if they wanted to stop people from recording they should have done so way back in the 60's by stoping the sale of recording mediums and recording devices
- If they wanted to stop murders they should've stopped the sale of guns
- If they wanted to stop suicides they should've stopped the sale of rope, razor blades, etc.
I thought the Isle of Man had a lot of DSL already anyway? (I certainly remember seeing DSL adverts while I was on holiday there a few years ago, long before most of England got it).
Even if it's ruled that you must be able to move your IP away from your current ISP, I can't imagine any ISP wanting to go through the hastle of incorporating the IP into their network and accepting you as a customer.
It's very different - think of a DNS record being like a cellphone number, and the IP address is like your SIM card.
If I want to port my phone number to a different network I don't take my SIM card with me, I get a new SIM from my new telco and they transfer my phone number to the new SIM.
In the same way, if I want to move ISP, I keep my DNS record and just point it at the new IP - why would I need to keep the IP? afterall, noone should be referencing my machine by IP because unless I'm really stupid, I've set up everything to use DNS (do you give people your phone number or your SIM card ID?)
I don't pretend to know all the ins and outs of the current political situations, but when the media is reporting about technology stories (which I do know about) it is clear that they always completely miss the point and don't understand what they're talking about. It seems quite likely that the same would be true about all of the other news they report, it's just that I don't notice it as much because *I* don't know anything about it either.
You would hope that if someone is writing a published, authoratative news story on a subject they would have a good understanding what they were talking about, but sadly that seems to not be the case - all too often the media grab hold of some idea and do what appears to be little more than googling to make up the bulk of the article, resulting in a biased story with little substance.
The opensource world has a habit of actually caring and fixing security holes quickly. Besides, if the majority of people ditched IE we wouldn't have to arse around making websites that work in the worlds most broken browser.
I'd like to see the ability to buy channels individually, *and* pay-per-view any program on any channel. If I only watch the occasional show on a channel then why should I pay the full subscription cost? I should be able to pay for a specific show. Maybe even offer season tickets to see an entire series.
And then there's Mac OS X, the new Beetle with a turbo-charged engine but only 2 buttons (on/off and "let me drive for you").
:)
Macs have *2* buttons now?!?
From what I can tell of watching people use their computers, often what people want is one good app. to do whatever their current task is, not lots of choice.
The problem is that "one good app" to one person isn't the same as "one good app" to another.
The only people I know who use more than one web browser are web designers/developers checking pages out.
I used to use Mozilla... When FireBird/Fox appeared, I found that it was more suited to my needs so I switched to that...There are plenty of people still using Mozilla and similarly plenty of people using Opera, etc. I chose FireFox because it does what I want.. the Opera users chose Opera because it did what they want... Not many people have multiple browsers installed, but a lot of people have different browsers installed.
Multiple editors? I've seen that, but only to handle different languages, and only rarely.
Again, it's not about having lots of editors installed at the same time, it's about being able to make a choice. I like Vim, other people like Emacs, and those people who don't need an especially powerful editor are quite happy on Joe or Pico. Why must I bow to Microsoft's decision that everyone will like Notepad?
I don't need 50 different packages that all try to do the same thing, I just need one good program that actually does it.
s X_Windows='X'
... Because names like "Excel", "Access" and "Powerpoint" tell you exactly what those programs do...
Ah, one good program that does it... like IE you mean? What exactly does that do well except letting random people hijack your computer?
I like having my programs and commands have names that actually make sense, not things like "grep", "GIMP", "X".
They are all short for something, to save you having to type an essay for each command you want. If you don't like typing the shorhand then try using alias:
alias Get_Regular_Expression='grep'
alias Graphical_Image_Manipulation_Program='gimp'
alia
In light of the huge number of recent IE exploits, are the big manufacturers like Dell replacing IE with Firefox (or similar)? If not, why not? I would've thought it would reduce their support load significantly - how many support calls do you think they're getting about compromised machines?
When 100% of the traffic received from a large netblock is undesirable for a long enough period of time, any reasonable person will eventually add firewall rules or blocklist entries to solve the problem.
/16 netblocks. This hurts the legitimate users on those netblocks because just one user out of the 130,000 other possible users of those netblocks was the bad apple and the ISP refused to do anything about it. And you know what - even now, several months after I set up the firewall rules to block this person, I see them trying again at the same time every month, so I can't take the firewall down.
Not just 100% - when a large proportion of the traffic is undesirable (i.e. when it's losing you more than you're gaining by allowing it) then you'll block the netblock.
At the start of the year, my website was being log spammed by someone using a dynamic IP address in the 213.23.0.0/16 and 82.82.0.0/16 netblocks. They were pulling several gigabytes of data off my site each week to get in my referrer logs (which aren't even published to search engines). I emailed the ISP's abuse address and got absolutely no reply - they just weren't interested at all. Since the log spammer is on a dynamic address, I can't just block that user - I have had to firewall out both
There are 2 people at fault here:
1. The log spammer
2. The ISP for not caring
As far as I can see, in the situations where an entire country is blocked, there are 3 people at fault:
1. The fraudster/spammer/whatever
2. The ISP who don't care
3. The country's government/law enforcement people who don't care
There are innocent people hurt in the process, but the people being hurt have no choice - those innocent bystanders who are caught in the crossfire need to put pressure on their ISPs and government to resolve the problem.
Not just anyone can get a CA cert. You have to be a business
And home users should be prevented from getting a cert because...?
I'm sorry, but the idea that only businesses need certificates is plain wrong.
What I would probably do if I had kids would be to turn on the router logging, and periodocally check the logs
:)
Any idea just how many lines the proxy logs would have after a few hours of surfing
My message was a response to the complaint that it was easy to bypass the security (which it is not, it just takes a little forethought), it wasn't a recommendation about how your kids should be handled.
:) The systems at schools need to be far more robust, especially since the parents often hold the school responsible for their kid's activities while there. However the school must also enforce the rules through punishment rather than always looking for the technological solution, which is something that a lot of schools seem to steer clear of. (Some of that may well be down to buck passing - the teacher doesn't want to deal with it, it's the sysadmin's fault).
See my other posts on my opinions of dealing with the kids.
I should point out that I am not a parent, but I have lots of dealings with schools that face these problems. I agree with you entirely that parents should lay down ground rules and punish the kids if they break the rules. However, IMHO there is a place for filtering at home to prevent the kids from accidentally wandering into a porn site.
Schools on the other hand, have a different problem - the kids aren't going to care as much about pissing off their teachers as they do about pissing off their parents, plus there is peer pressure involved. (Did you never crack your school/college's computer system when you were a kid?
No wonder America has double the teenage pregnancy rates in comparison to other industrialized nations: idiot puritanical repressed parents who think sex and nudity will warp little johnny for life.
Errm, I live, work and supply filtering software for schools and businesses in the UK...
i've found schools prefer to have the blocking at the isp level
That's not my experience at all - I work in the filtering industry, supplying systems (running under linux) to schools and they *love* the ability to control access locally for specific groups. Got a class of 15 year olds doing history projects about violence and oppression? cool - give them access to those sites but lock out the rest of the school. If you had to do this at the ISP level it'd be hell - you couldn't do things for a specific group of users and you'd be forever chasing the ISP to change stuff.
so a kid with a laptop and a wireless card still can't pull up porn
Not sure what this has to do with anything - this is purely a network design problem. If you're stupid enough to stick a wireless access point on the internet side of your filtering proxy then of course kids are gonna do that. The solution is to simply put the AP on the inside of the proxy so the kids still have to go through the filters.
i've also seen schools block such things as babelfish
Blocking babelfish doesn't sound too bright, but probably the worst site is images.google.com - it can be used for some really good stuff, but it can also be used to find porn. Since images.google provides pages of images with not textual content, there's nothing to keyword filter on so there's no way to tell if the user's looking at porn or completely legit stuff. The only thing the administrator can do is make a decision to either block the whole site or leave it accessible.
Ok, fair enough - lock the server and DSL router/cablemodem/whatever in their own cupboard. Or epoxy the network cable into the socket :)
Seriously, there are good solutions to all these problems, security is what you make it. Hell, you could get a PCI DSL card and have the phone line plugged directly into the server - in that case the kid has to not only get hold of a new DSL router but has to know the username and password for the ISP.
a) correct - if kids want porn they will find it. IMHO the purpose of filtering is to prevent innocent kids from accidentally ending up on a porn site (does happen). If the kid is actively going after porn you give 'em hell.
b) Only if is is presented as an enforcement system - if it is intended as a protection system (see above) then there is no problem.
I work in the web filtering industry and most of our software goes to schools - specifically the comprehensive school level. It seems not many parents are happy to let their 13/14 year olds spend all day surfing porn.
The silly thing is, no matter how hard you try, you will never block 100% of the porn and the kids always find the stuff that gets through. But a lot of the schools want a technological solution and refuse to actually punish the kid for it. If you've got a filtering solution installed that catches 99% of porn sites and one of the kids spends a while surfing the other 1%, they really have no excuse - it wasn't an accident they got to that porn, they did it on purpose - when you catch them you have to punish them to stop them doing it again but a lot of our customers are not willing to take steps such as removing the kid's internet access for a week or two. If you were surfing porn at work you'd get a warning and then get fired. Pulling someone's internet connection at school seems a perfectly legitimate solution.
There have also been incidents where little Jonny has been caught looking at porn despite the filtering, the school has informed his parents and the parents have immediately held the school responsible and threatened legal action.
Yes, very young children should always be supervised when using the internet, but once you get to comprehensive school level it isn't feasable to supervise every kid each minute they spend on a computer. The solution is simply to do your best at blocking the sites so that people don't accidentally stumble upon them and anyone caught abusing the internet access gets a warning, the next time they get their connection pulled for a while and if they keep doing it then block their access permanently.
Errm...
1. don't give the kid the root password to the router that's handling all this filtering - use a strong password to prevent brute forcing in the ample time the kid has to sit there.
2. iptables the router down to force client machines through the proxy
3. password protect GRUB to stop the kid going into single luser mode
4. remove floppy/CD drives/USB ports from the router machine to prevent the kid booting off a boot image and bypassing the passwords protection like that
5. put a padlock on the case to stop the kid plugging a floppy in
In the short term it probably won't help very much - spammers will just spoof domains that don't do SPF. As time goes on we can slowly weight SPF in our spam systems - i.e. mails from domains that don't publish SPF records are more likely to be spam. The fact that you're going to lose more mail you're sending if you don't pull your finger out and publish records will make more people add records.
As more people add them, the chances of a un-spf'd domain being spam increases yet more, so we can weight it towards the spam end of the spectrum a bit more in our MTAs. The whole thing should (hopefully) snowball to a point where when it gets to a high proportion of domains publishing SPF records (e.g. 95%) we can take the decision to outright block anyone who isn't.
At that point, the only ways to send spam are:
1. register your own domains and spam from them with SPF records set accordingly.
2. hijack the domain belonging to the compromised machine you're sending the spam from.
In the case of (1), this makes it rather traceable and the SPF records would have to allow large numbers of machines to post - we can weight the spam systems based on how many senders are covered in the SPF records - a domain that says that 16 million machines can send from it is more likely to be spamming you than one that says it has a single mail sender. It also costs a (small) amount of money to register a domain and doing some kind of distributed blackhole system against that domain would mean the spammers would have to keep registering new domains. It'd be nice if the domain registrars actually bothered checking that the domain is registered to a real address and there are easy ways of doing this - if you're paying for the domain by credit card then store the address of the card holder since you know that is a real address that can be held accountable (unless the card was stolen, in which case the spammers have broken some quite serious laws).
In the case of (2), the owner of the compromised machine will get hell and be forced to fix it (we would be in a situation where you know that the owner of the domain the spam came from would be in some way responsible for the spam and you wouldn't be attacking an innocent 3rd party by making a complaint to the domain owner).
if they wanted to stop people from recording they should have done so way back in the 60's by stoping the sale of recording mediums and recording devices
- If they wanted to stop murders they should've stopped the sale of guns
- If they wanted to stop suicides they should've stopped the sale of rope, razor blades, etc.
I sometimes have to make international data calls when things break on the internet - it'd be a major bummer to not be able to do that.
I thought the Isle of Man had a lot of DSL already anyway? (I certainly remember seeing DSL adverts while I was on holiday there a few years ago, long before most of England got it).
I hope this discourages the power industry muppets in the UK from trying the same thing.
AFAIK BPL was already tried and rejected in the UK for exactly these reasons a couple of years ago.
Even if it's ruled that you must be able to move your IP away from your current ISP, I can't imagine any ISP wanting to go through the hastle of incorporating the IP into their network and accepting you as a customer.
No different then cell phone number portability
It's very different - think of a DNS record being like a cellphone number, and the IP address is like your SIM card.
If I want to port my phone number to a different network I don't take my SIM card with me, I get a new SIM from my new telco and they transfer my phone number to the new SIM.
In the same way, if I want to move ISP, I keep my DNS record and just point it at the new IP - why would I need to keep the IP? afterall, noone should be referencing my machine by IP because unless I'm really stupid, I've set up everything to use DNS (do you give people your phone number or your SIM card ID?)
I don't pretend to know all the ins and outs of the current political situations, but when the media is reporting about technology stories (which I do know about) it is clear that they always completely miss the point and don't understand what they're talking about. It seems quite likely that the same would be true about all of the other news they report, it's just that I don't notice it as much because *I* don't know anything about it either.
You would hope that if someone is writing a published, authoratative news story on a subject they would have a good understanding what they were talking about, but sadly that seems to not be the case - all too often the media grab hold of some idea and do what appears to be little more than googling to make up the bulk of the article, resulting in a biased story with little substance.
The opensource world has a habit of actually caring and fixing security holes quickly. Besides, if the majority of people ditched IE we wouldn't have to arse around making websites that work in the worlds most broken browser.
Why does the type of EVA suit determine which airlock they can use? I mean the suits don't have to interface with the airlock or anything do they?