This isn't the first time Swartz has spidered a site in order to download the content hosted there. In 2009, he went after the PACER system which hosts court records. While those are public documents, they're behind a per-page paywall. His python script was probably reused from before, just s/pacer.gov/jstor.org/g. See: http://www.wired.com/threatlevel/2009/10/swartz-fbi/
When you're the creator of the Open Library project, liberating a few million articles from behind a rather expensive paywall is, at the very least, quite circumstantially indicative of what your intentions might be. While I personally think access to such document repositories for scientific journals is priced way too high, most people can go to public or university libraries to do any research they might want to do. Breaking into a wiring closet, getting MIT's access to JSTOR cut off for days, spoofing your MAC address, getting shut off, spoofing your MAC address again, and still continuing on downloading is not the way to go about trying to affect change the way he wanted to. Smart kid buried under an avalanche of dumb.
have ISPs cut off high bandwidth connections from those suspected of spamming? can anyone say privacy nightmare?
Yes, absolutely have ISPs cut those off who are suspected of spamming however you don't have to invade privacy to see that something is amiss - if I'm an ISP, I don't need to read an email on the wire to know that a computer that's leased an address from my residential customer pool is spewing outbound port 25 traffic and that what they're saying probably says "V1@g ra"; a mail server and a client look very different in terms of network behavior. If I'm sending out a ton of spam, I look like a mail server. How many computers on residential customer networks of ISPs send out hundreds of messages per minute/hour/day? How many legitimately have a reason for doing so?
This is very, very easy to monitor, from a network behavior standpoint. Your ISP certainly knows how to blackhole DNS/redirect traffic (or switch your cable modem into a private network) to one of their own web servers ("Your account needs to be set up - please contact Comcast", etc.), so it's a trivial task to block suspected spammers and redirect them to a site informing them of how to remediate the issue and regain network access.
There are a few areas in which ISPs need to step up. spam is one - an annoying one. A bigger one is the issue of spoofing. If even 20% of the routers on the Internet prevented spoofing (packets emanating from their networks with IP address other than that of their network or networks behind them), we'd be much better off (think BotNets). This one is sheer laziness/lack of knowledge on the part of network engineers at ISPs - they make the pipes go, so they're doing their job.
And if that's the overall philosophy of the ISPs, it's very easy to see some of the reasons why we're currently reading emails from Bernardo Gentry that say "allegro methylene topgallant resemblant denmark manservant snowball urethra." I kid you not: "manservant snowball urethra".
Please, ISPs... you fail.
Windows does support AFP (2k server, you can certainly make a AFP share) - but it's a 15 year old protocol that was supposed to be done away with 10 years ago, and still it lingers. Most _networks_ don't support AFP, because you don't want to route the protocol because it's so chatty. Get your facts right.
99.9% of all switches can't block DHCP on each floor - that has to be done at layer 3, as an acl on a router, so everyone layer 2 with you back to the core will still hear your dhcp offer. Cisco 3750s are finally doing filtering at the switchport level, and those are pretty brandy new.
It's not impossible, but it is the most difficult problem to solve. If you're serious about it, you need to work with the people that do have control over the network infrastructure - it's the only way to solve the problem.
You need managed switches that are vlan capable and network registration via mac address. Period. You need 2 private vlans, web server, dhcp server and a dns server in the 2 private vlans. When someone jacks in to network, their switch is read, and mac address is compared to registered macs. If they're unregistered, their switchport gets put in a private vlan. There, they're presented with a page saying you need to run win update, install virus protection, etc.
Once they've installed updates and vp, their vlan is popped back into the regular network. Have a box nessus scanning for missing windows patches. If it detects someone, pop them into your second quarantine vlan, where they have to nessus scan clean to get out.
It's a lot, but it's fully automatable. I've got a solution like that working for 3000 users, and not ONE virus outbreak this year.
Turning of jacks, yelling at users, thinking they'll "get it" is Sisyphus' job.
After you have some control, fire up a dark-net and snort it.
It's not easy, but it's great when it's finally done.
Of the little I know about biometric fingerprint readers, there are two kinds - ones based on conductivity and ones based on ccd cameras. Both allow for 'Alive-And-Well' checks, to circumvent the problems of both lopping off someone's finger and holding them at gunpoint (pulse checkers).
Slashdot Mirror
This isn't the first time Swartz has spidered a site in order to download the content hosted there. In 2009, he went after the PACER system which hosts court records. While those are public documents, they're behind a per-page paywall. His python script was probably reused from before, just s/pacer.gov/jstor.org/g. See: http://www.wired.com/threatlevel/2009/10/swartz-fbi/
When you're the creator of the Open Library project, liberating a few million articles from behind a rather expensive paywall is, at the very least, quite circumstantially indicative of what your intentions might be. While I personally think access to such document repositories for scientific journals is priced way too high, most people can go to public or university libraries to do any research they might want to do. Breaking into a wiring closet, getting MIT's access to JSTOR cut off for days, spoofing your MAC address, getting shut off, spoofing your MAC address again, and still continuing on downloading is not the way to go about trying to affect change the way he wanted to. Smart kid buried under an avalanche of dumb.
Where can I download it?
Yes, absolutely have ISPs cut those off who are suspected of spamming however you don't have to invade privacy to see that something is amiss - if I'm an ISP, I don't need to read an email on the wire to know that a computer that's leased an address from my residential customer pool is spewing outbound port 25 traffic and that what they're saying probably says "V1@g ra"; a mail server and a client look very different in terms of network behavior. If I'm sending out a ton of spam, I look like a mail server. How many computers on residential customer networks of ISPs send out hundreds of messages per minute/hour/day? How many legitimately have a reason for doing so?
This is very, very easy to monitor, from a network behavior standpoint. Your ISP certainly knows how to blackhole DNS/redirect traffic (or switch your cable modem into a private network) to one of their own web servers ("Your account needs to be set up - please contact Comcast", etc.), so it's a trivial task to block suspected spammers and redirect them to a site informing them of how to remediate the issue and regain network access.
There are a few areas in which ISPs need to step up. spam is one - an annoying one. A bigger one is the issue of spoofing. If even 20% of the routers on the Internet prevented spoofing (packets emanating from their networks with IP address other than that of their network or networks behind them), we'd be much better off (think BotNets). This one is sheer laziness/lack of knowledge on the part of network engineers at ISPs - they make the pipes go, so they're doing their job.
And if that's the overall philosophy of the ISPs, it's very easy to see some of the reasons why we're currently reading emails from Bernardo Gentry that say "allegro methylene topgallant resemblant denmark manservant snowball urethra." I kid you not: "manservant snowball urethra". Please, ISPs... you fail.Windows does support AFP (2k server, you can certainly make a AFP share) - but it's a 15 year old protocol that was supposed to be done away with 10 years ago, and still it lingers. Most _networks_ don't support AFP, because you don't want to route the protocol because it's so chatty. Get your facts right.
This Photo ID has not been indexed in the similarity database yet.
99.9% of all switches can't block DHCP on each floor - that has to be done at layer 3, as an acl on a router, so everyone layer 2 with you back to the core will still hear your dhcp offer. Cisco 3750s are finally doing filtering at the switchport level, and those are pretty brandy new.
It's not impossible, but it is the most difficult problem to solve. If you're serious about it, you need to work with the people that do have control over the network infrastructure - it's the only way to solve the problem. You need managed switches that are vlan capable and network registration via mac address. Period. You need 2 private vlans, web server, dhcp server and a dns server in the 2 private vlans. When someone jacks in to network, their switch is read, and mac address is compared to registered macs. If they're unregistered, their switchport gets put in a private vlan. There, they're presented with a page saying you need to run win update, install virus protection, etc. Once they've installed updates and vp, their vlan is popped back into the regular network. Have a box nessus scanning for missing windows patches. If it detects someone, pop them into your second quarantine vlan, where they have to nessus scan clean to get out. It's a lot, but it's fully automatable. I've got a solution like that working for 3000 users, and not ONE virus outbreak this year. Turning of jacks, yelling at users, thinking they'll "get it" is Sisyphus' job. After you have some control, fire up a dark-net and snort it. It's not easy, but it's great when it's finally done.
Of the little I know about biometric fingerprint readers, there are two kinds - ones based on conductivity and ones based on ccd cameras. Both allow for 'Alive-And-Well' checks, to circumvent the problems of both lopping off someone's finger and holding them at gunpoint (pulse checkers).