A measure of anonymity is desirable. There's no doubt about that. Since the beginning of modern society people have been coming up with ways to sneak off to clubs, or galas, or parties, or conventions where they can be free of their public identity, if only for a short while.
Internet security is only a problem due to serious flaws in the Windows model of bringing computer technology to the world. I don't feel that it has anything at all to do with any piece of legislature. The problem with internet security is that there are too many script-kiddies who can get away with digital murder. If the world had stuck to a more technical operating system then the script-kiddies would be matched against real programmers and real engineers--System administrators who could really track them down. In the world as we know it, run primarily on Microsoft products with any average Joe Algebra administering the network because he plays politics well and holds five or six certifications, script-kiddies have no real fear of getting caught. Joe Algebra with his certifications is interested in the paycheck. He's not interested in sticking around until 11 PM doing DNS lookups, sifting through.logs, and tracing packets back through routers.
It is plain to see that the problem lies not in the anonymity of the attackers but rather in the mediocrity of the enforcers. Unfortunately I don't see that this is changing much as Linux begins to gain popularity. The certification system will continue to allow any Joe Algebra to administer his networks even if the entire world migrates to RedHat. What we have is a social problem. Everyone wants to collect the large paycheck associated with system administration but very few people truly has the genuine interest that it takes to competently administer the system. Honestly, the same seems to be true across every industry.
The world is run by a political system dominated by clowns, wannabes, and charlatans who run a good show and steal our paychecks.
I think everyone else has hit it but I'll say it, too.
If you really cared about your grandmother enough that you feel it's necessary to hold her up as a debate spectacle on an internet discussion board then you would be more than happy to set up her system so that she doesn't need to worry about any of these technicalities.
Bzap's argument is a prime example of the poorest form of debating technique ever. He takes the argument completely out of context and then throws it into the highly emotionally charged arena of "rape". I'll say one thing about this argument and then get back to topicality: No one likes to admit it but everyone knows that there are cases where the accusation of rape was completely unjustified and made with an ulterior motive of political revenge or monetary greed.
Back to the idea of offering bounty incentives for capturing malicious hackers.
No one likes to admit it but everyone knows that there will be cases where the accusation of malicious hacking will be justified completely by falsified evidence and will be made with an ulterior motive of political revenge or monetary greed.
This is precisely why vigilantes are also seen as criminals under our legal system.
You're demonstrating the perfect qualities of a control freak and a class A knob. I bet you get off when fantasizing about exercising your power to fire or Article 15 an employee.
Back on topic...
Certifications have uses. I've always found the uses used against me therefore I think certifications suck. Give me 5 days on the job. Don't even pay me. I'll work for free just to show you that I can kick ass over any other candidate you might have on the job.
That's what everyone keeps telling me but I'm skeptical. I think about it in this fashion:
-Get an electrical signal to a network card using the TCP/IP protocol. -Most network card architectures are going to be similar for passing that signal to the PCI/ISA bus. -Find a flaw in the target OS which allows signals from the PCI bus to begin filling memory registers (maybe simple flooding will cause a voltage overload which "spills" into subsequent registers). -Using a list of common possible memory configurations start filling up stack space and inserting backdoor code.
Sure it sounds sketchy but I won't be the least bit surprised if, in six months or less, we hear that someone's doing it. I was flamed mercilessly on #LFS for suggesting that routers could be compromised at the hardware BIOS level. Two days later HP was releasing a patch for their hardware routers.
Perhaps it's the same premise as the winmodem. The entire push, from the hardware level on, was to foil functionality under competing operating systems by leaving the functional part off of the hardware board. The necessary functionality is added from the software side and it's only written for the Windows platform.
All too true. Unless you happen to be a computer engineer with the specs for all of the chips on the mobo in front of you along with the BIOS source code then who's to say we're not all backdoored already?
The "something to hide" argument is ignorance at its pinnacle. It ignores every consideration of human nature and psychology that has ever been established.
Since the beginning of time those who hold a technological power have been using it to dominate those who lack a similar technological power regardless of the ethics involved. It's a fact of life.
Since the beginning of society those in positions of power have been using their authority to root out any dissidents. It has nothing to do with who is right and who is wrong. Bad governments with good dissidents or good governments and bad dissidents--they all do it.
With that said then I can agree with 'ss'. This is nothing more than a perfect example of "big brother bullshit".
Heck no. In case you haven't been following the going trend for the last fifteen years: This is all about selective enforcement and abuse of power. Authority will be used against you and no, you do not have any rights.:-)
The human race as a whole has become obsessed with control. We've bred a generation of control freaks and we now have the technology to feed their neurosis.
I don't know how but I really hope that someday all of this goes down the drain. If someday all the people who thought they were on top because they could exercise control would end up with no authority to do anything.
Perhaps I'm waiting for heaven... or the Twilight Zone.
For the longest time the only way to really truly get a virus on your system was to go ahead and open an.exe manually.
Microsoft seems to be going to massive efforts to create workarounds for this. MS-Outlook, MS-IE, MS-messenger...
This may be crazy. What if we take everything that Microsoft says and completely ignore it. What if we concentrate only on what Microsoft actually does?
What if we used the same tactic on the US government? Ignore everything they say and judge them only on what they do...
It all started back in 95 when they released a beta version of the Chicago code as "Windows 95" in order to beat OS/2Warp to market. Due to the millions of dollars that deal was going to make for people in the right places no one ever bothered to ask if there were going to be long-term risks associated with releasing buggy beta code to the general public. If anything they were looking forward to hooking everybody for another $100 for the update CD.
Nearly nine years later and we're still seeing the effects in terms of network security, shoddy hardware (winmodems, winprinters, winscanners, winkeyboards), a busted stock market...
If we could only go back and convince the software distributors not to stock or ship the buggy beta code. Pandora's box has already been opened.
Many many companies have exceptionally stringent acceptable use policies for employees on company computers. Many companies over 10000 employess explicitly forbid employees from installing unapproved software on company computers. Those employees add up quickly.
One company that I'm aware of explicitly accepts ONLY MS-IE as their web browser. The company line is that the monopolous strategy is to facilitate complete network integration. In my opinion, if their IT department is that inept, they shouldn't exist in a wired world.
Personally, I hope that any company which lashes itself that tightly to MS gets beseiged by a million script kiddies. At least then the script kiddies would show a measure of usefulness.
Precisely why I don't want netbooting to be a default capability.
Maybe everyone else thinks that they live in a perfect world and that computer automation will make their lives perfect. I, on the other hand, loathe the day when my car sends even one binary bit to my microwave without explicitly asking me first. Since that would introduce the situation of being continually harassed by my toaster oven for permission I prefer to draw the line between kitchen appliances and network security hazards.
I don't want a network card integrated into my mobo chipset. Anyone that wants to be that connected is just asking for their identity to be stolen.
----- I'm surprised that this hasn't happened earlier in college dorms ----- I see college dorms to be a lot like apartments with absentee landlords. There's no real concern over students who don't ground the 3-2 prong adapter and then line it with a daisychain of 6-strips which may or may not have a built-in circuit breaker. If the dorm burns down then insurance will cover it. If the dorm doesn't burn down then there's no need to refurbish it.
----- going to one of the URLs inevitably shows some asshat using an image from my site in his avatar or sig. ----- I had no idea that referrer IDs and URLs were embedded in pictures. Not that I have a sig or an avatar (a what?) but it's an interesting bit of information for me.
At what point are we going to start tracking our pee after it's in the ocean?
----- and yet we see practically every DVD player capable of playing CDs. ----- It's a good thing the chips for those architectures were compatible and went off patent. Nowadays the mother company would figure out a technicality or two to extend the patent on the circuits and we'd still be paying $300 for a CD player.
You're using socialist propaganda like "fire-extinguisher101.com" to support an argument about leading cause of fire deaths? It doesn't take an especially sharp scientist to know that those numbers are massaged in shameless self-promotion of that web-site.
Of course your Dell desktops can netboot. They've been crafted so that all of the components talk nicely to each other. Try using a 3rd party network card as a replacement and see if the netbooting still works.
Not that it matters much. I'm not big on out-of-the-box netbooting. There are far too many security considerations for that to be an attraction. If I want netbooting I'll be more than happy to construct it by hand so that I know there's no way it can be infiltrated, spoofed, compromised, or otherwise used without my express per-incident permission.
Even though it's becoming intolerable, it's not the whining of the music industry that bothers me most.
What bothers me most is that premiums on automobile, homeowners, life, and health insurance are going to be steadily raised to cover the losing business investment in recording insurance.
No matter which way this goes the consumer will end up paying from both ends and the pyramid will continually funnel the money upwards.
----- The OpenBSD people get this one right -- to them, any bug is a security hole until proven otherwise, and they encourage running latest versions -- but almost everybody else gets it wrong. -----
I'm glad to see at least a few other people take the security business as seriously as I do. With so many programs running next to each other in memory space and so many idiosyncracies in any kernel it's nothing short of ignorance to think that even the smallest bug could eventually be combined with several other bugs to make a security hole.
It's a really good pinball machine. This enables that which activates those which lets this ramp down so that the ball can go there and, before you know it, BINGO. We have root access (or a free ball).
Slashdot Mirror
A measure of anonymity is desirable. There's no doubt about that. Since the beginning of modern society people have been coming up with ways to sneak off to clubs, or galas, or parties, or conventions where they can be free of their public identity, if only for a short while.
.logs, and tracing packets back through routers.
Internet security is only a problem due to serious flaws in the Windows model of bringing computer technology to the world. I don't feel that it has anything at all to do with any piece of legislature. The problem with internet security is that there are too many script-kiddies who can get away with digital murder. If the world had stuck to a more technical operating system then the script-kiddies would be matched against real programmers and real engineers--System administrators who could really track them down. In the world as we know it, run primarily on Microsoft products with any average Joe Algebra administering the network because he plays politics well and holds five or six certifications, script-kiddies have no real fear of getting caught. Joe Algebra with his certifications is interested in the paycheck. He's not interested in sticking around until 11 PM doing DNS lookups, sifting through
It is plain to see that the problem lies not in the anonymity of the attackers but rather in the mediocrity of the enforcers. Unfortunately I don't see that this is changing much as Linux begins to gain popularity. The certification system will continue to allow any Joe Algebra to administer his networks even if the entire world migrates to RedHat. What we have is a social problem. Everyone wants to collect the large paycheck associated with system administration but very few people truly has the genuine interest that it takes to competently administer the system. Honestly, the same seems to be true across every industry.
The world is run by a political system dominated by clowns, wannabes, and charlatans who run a good show and steal our paychecks.
I think everyone else has hit it but I'll say it, too.
If you really cared about your grandmother enough that you feel it's necessary to hold her up as a debate spectacle on an internet discussion board then you would be more than happy to set up her system so that she doesn't need to worry about any of these technicalities.
Bzap's argument is a prime example of the poorest form of debating technique ever. He takes the argument completely out of context and then throws it into the highly emotionally charged arena of "rape". I'll say one thing about this argument and then get back to topicality: No one likes to admit it but everyone knows that there are cases where the accusation of rape was completely unjustified and made with an ulterior motive of political revenge or monetary greed.
Back to the idea of offering bounty incentives for capturing malicious hackers.
No one likes to admit it but everyone knows that there will be cases where the accusation of malicious hacking will be justified completely by falsified evidence and will be made with an ulterior motive of political revenge or monetary greed.
This is precisely why vigilantes are also seen as criminals under our legal system.
You're demonstrating the perfect qualities of a control freak and a class A knob. I bet you get off when fantasizing about exercising your power to fire or Article 15 an employee.
Back on topic...
Certifications have uses. I've always found the uses used against me therefore I think certifications suck. Give me 5 days on the job. Don't even pay me. I'll work for free just to show you that I can kick ass over any other candidate you might have on the job.
That's what everyone keeps telling me but I'm skeptical. I think about it in this fashion:
-Get an electrical signal to a network card using the TCP/IP protocol.
-Most network card architectures are going to be similar for passing that signal to the PCI/ISA bus.
-Find a flaw in the target OS which allows signals from the PCI bus to begin filling memory registers (maybe simple flooding will cause a voltage overload which "spills" into subsequent registers).
-Using a list of common possible memory configurations start filling up stack space and inserting backdoor code.
Sure it sounds sketchy but I won't be the least bit surprised if, in six months or less, we hear that someone's doing it. I was flamed mercilessly on #LFS for suggesting that routers could be compromised at the hardware BIOS level. Two days later HP was releasing a patch for their hardware routers.
Go figure.
Perhaps it's the same premise as the winmodem. The entire push, from the hardware level on, was to foil functionality under competing operating systems by leaving the functional part off of the hardware board. The necessary functionality is added from the software side and it's only written for the Windows platform.
All too true. Unless you happen to be a computer engineer with the specs for all of the chips on the mobo in front of you along with the BIOS source code then who's to say we're not all backdoored already?
The "something to hide" argument is ignorance at its pinnacle. It ignores every consideration of human nature and psychology that has ever been established.
Since the beginning of time those who hold a technological power have been using it to dominate those who lack a similar technological power regardless of the ethics involved. It's a fact of life.
Since the beginning of society those in positions of power have been using their authority to root out any dissidents. It has nothing to do with who is right and who is wrong. Bad governments with good dissidents or good governments and bad dissidents--they all do it.
With that said then I can agree with 'ss'. This is nothing more than a perfect example of "big brother bullshit".
Heck no. In case you haven't been following the going trend for the last fifteen years: This is all about selective enforcement and abuse of power. Authority will be used against you and no, you do not have any rights. :-)
AGREED.
The human race as a whole has become obsessed with control. We've bred a generation of control freaks and we now have the technology to feed their neurosis.
I don't know how but I really hope that someday all of this goes down the drain. If someday all the people who thought they were on top because they could exercise control would end up with no authority to do anything.
Perhaps I'm waiting for heaven... or the Twilight Zone.
I had no idea people were that uncouth. If I'm going to use a pic for something it's going to reside on my system.
And I am aware that it was still broken even to 2.5.366rc1024beta7.
For the longest time the only way to really truly get a virus on your system was to go ahead and open an .exe manually.
Microsoft seems to be going to massive efforts to create workarounds for this. MS-Outlook, MS-IE, MS-messenger...
This may be crazy. What if we take everything that Microsoft says and completely ignore it. What if we concentrate only on what Microsoft actually does?
What if we used the same tactic on the US government? Ignore everything they say and judge them only on what they do...
It all started back in 95 when they released a beta version of the Chicago code as "Windows 95" in order to beat OS/2Warp to market. Due to the millions of dollars that deal was going to make for people in the right places no one ever bothered to ask if there were going to be long-term risks associated with releasing buggy beta code to the general public. If anything they were looking forward to hooking everybody for another $100 for the update CD.
Nearly nine years later and we're still seeing the effects in terms of network security, shoddy hardware (winmodems, winprinters, winscanners, winkeyboards), a busted stock market...
If we could only go back and convince the software distributors not to stock or ship the buggy beta code. Pandora's box has already been opened.
Many many companies have exceptionally stringent acceptable use policies for employees on company computers. Many companies over 10000 employess explicitly forbid employees from installing unapproved software on company computers. Those employees add up quickly.
One company that I'm aware of explicitly accepts ONLY MS-IE as their web browser. The company line is that the monopolous strategy is to facilitate complete network integration. In my opinion, if their IT department is that inept, they shouldn't exist in a wired world.
Personally, I hope that any company which lashes itself that tightly to MS gets beseiged by a million script kiddies. At least then the script kiddies would show a measure of usefulness.
Precisely why I don't want netbooting to be a default capability.
Maybe everyone else thinks that they live in a perfect world and that computer automation will make their lives perfect. I, on the other hand, loathe the day when my car sends even one binary bit to my microwave without explicitly asking me first. Since that would introduce the situation of being continually harassed by my toaster oven for permission I prefer to draw the line between kitchen appliances and network security hazards.
I don't want a network card integrated into my mobo chipset. Anyone that wants to be that connected is just asking for their identity to be stolen.
-----
I'm surprised that this hasn't happened earlier in college dorms
-----
I see college dorms to be a lot like apartments with absentee landlords. There's no real concern over students who don't ground the 3-2 prong adapter and then line it with a daisychain of 6-strips which may or may not have a built-in circuit breaker. If the dorm burns down then insurance will cover it. If the dorm doesn't burn down then there's no need to refurbish it.
It's all good simple business sense.
-----
going to one of the URLs inevitably shows some asshat using an image from my site in his avatar or sig.
-----
I had no idea that referrer IDs and URLs were embedded in pictures. Not that I have a sig or an avatar (a what?) but it's an interesting bit of information for me.
At what point are we going to start tracking our pee after it's in the ocean?
-----
and yet we see practically every DVD player capable of playing CDs.
-----
It's a good thing the chips for those architectures were compatible and went off patent. Nowadays the mother company would figure out a technicality or two to extend the patent on the circuits and we'd still be paying $300 for a CD player.
2.5, huh? And how's that working out for you?
You're using socialist propaganda like "fire-extinguisher101.com" to support an argument about leading cause of fire deaths? It doesn't take an especially sharp scientist to know that those numbers are massaged in shameless self-promotion of that web-site.
Of course your Dell desktops can netboot. They've been crafted so that all of the components talk nicely to each other. Try using a 3rd party network card as a replacement and see if the netbooting still works.
Not that it matters much. I'm not big on out-of-the-box netbooting. There are far too many security considerations for that to be an attraction. If I want netbooting I'll be more than happy to construct it by hand so that I know there's no way it can be infiltrated, spoofed, compromised, or otherwise used without my express per-incident permission.
Even though it's becoming intolerable, it's not the whining of the music industry that bothers me most.
What bothers me most is that premiums on automobile, homeowners, life, and health insurance are going to be steadily raised to cover the losing business investment in recording insurance.
No matter which way this goes the consumer will end up paying from both ends and the pyramid will continually funnel the money upwards.
-----
The OpenBSD people get this one right -- to them, any bug is a security hole until proven otherwise, and they encourage running latest versions -- but almost everybody else gets it wrong.
-----
I'm glad to see at least a few other people take the security business as seriously as I do. With so many programs running next to each other in memory space and so many idiosyncracies in any kernel it's nothing short of ignorance to think that even the smallest bug could eventually be combined with several other bugs to make a security hole.
It's a really good pinball machine. This enables that which activates those which lets this ramp down so that the ball can go there and, before you know it, BINGO. We have root access (or a free ball).
Ouch. I feel flamed.
Perhaps I stole this guy's girlfriend in a past life?