I am all for full disclosure, security, open source, and better design and practices. But @stake and MS are all for money. Let's be honest, we cannot expect them to hire editorial writers to critique their business or clients. The media and/. can do that.
The national security thing is not the real reason. The real reason was the guy was going against his company's agenda. Practically their whole current business plan. If I worked for Walmart as PR (I don't, btw) and I wrote about how huge stores and cheap prices were contributing to the degredation and commercialization of American society, I would be fired.
This guy was a CTO at a security-consulting firm, and he published a paper talking about how insecure one of their client's (probably a big one) software was. Not just any critique (i.e. only technical implications) but a paper making the conclusions that MS software is a threat to national security and the economy. If he had added Iraq in there he would of had a platform for a presidential campaign. This wasn't a phrack article here. It was asking for attention - media attention.
When you ask for media attention and you involve your firm in a negative light, don't expect to keep your job.
The problem really stems from the fact that as soon as you mechanize the process, you have essentially hidden it from direct scrutiny (it's almost encapsulated). There is a layer of technical junk between you and the actual results.
And what is worse is the data is physically very sensitive (easy to destroy or tamper with). The fact that the information is drawn from many sources (all across the country), means a lot room for any sort of problem.
Unfortunately, any electronic voting system will probably never be open source. I do not think the government will show that kind of trust.
I think these voting machines may end up forcing recalls, albeit electronically, even though the Supreme Court clearly wants to prevent that kind of precedence (for good reason).
I'm sure if a study came out by [favorite open source entity] citing the same general claim about Linux and open source developement,/. would have no questions, only praise. So each camp brings its own version/view of the evidence to the table - nothing new about that.
The point being, these studies are generic (at best) - every application, developement team, and environment is different. Some individuals will naturally take more time with certain elements than others (thus, they might be percieved to cost more). Some applications will be made better than others - and it's hard to put that into numbers exactly.
Sometimes there is a viable and cost-saving commerical solution.
From the article: "'I hope there will be a time when Adrian can do positive things that everyone agrees are positive,'"
This service analogy, or the positive light of the grey hacker's actions, does have some weight, as the hacker can inform the admins about the specific flaws of their system security.
But then again, any service should be prompted or invited. And a larger problem is this isn't just washing windows, these are problem areas, flaws, and security flaws at that. These might even give access to a company's dirty laundry. So not only is this service uninvited and not approved, it gives access to private company resources and information, and uses the security holes to get in.
Yes, I assume if security is the only dimension that your job entails, then this is all worth it. But to most people in charge, and arguably the general populace at large, this is an intrusion by illegal means.
I personally value my private virtual space. If you get on my computer and get into my root account, it's an intrusion. Yeah, I will listen to how you did it, but for your troubles you'll never use my computer again.
I did not make it to the article, so I am basing this comment upon the posted text.
"China has launched a systematic information warfare campaign against Taiwan"
That would be propoganda. Hackers, or more technically, computers, in China have launched an attack. Not the Chinese government, not the nation of China, a group of individuals using computers in China.
"'National intelligence has indicated that an army of hackers based...'"
Again, a little over the top with the "army of hackers" reference. This makes it seem like the hackers have some official link or even political cause.
"'If there's any lesson from this experience, it is not to use software developed in China or hire Chinese computer programmers,'"
Propoganda. Incredibly, this sort of logic would mean that living or working within a country means that you are a malicious agent of that country. Ludicrous.
Oh, and please do observe the editor who approved this article.
After this the Federal Government created the Accessibility Forum to bring industry and government into some agreement and cooperation on standards, as well as highlight existing technology and its weaknesses.
I spoke with the original Accessibility Forum director and my first question was,"What about open source?"
He said that the major distributions of Linux would not have anything to do with it. It was a commerical field dominated by proprietary business-models. I explained to him that if the government took an initiative for open source software in this area, not just openly approved standards, the results could have global impact for the disabled community. If he really wanted to do something that would help people, I insisted, he should focus on making the technology open and free to use.
Interesting, he also said that the lady representing Microsoft was "a bitch."
I know this is a niche market, certainly much smaller in the open source world, but this is an area where open source software can really help humanity. Want good publicity for the cause? Want to get people to notice OSS and its decidely non-commerical interests? Want people who have never heard of Linux to try a live-linux distribution? Software such as pVoice is one way.
Something I observe with comics is the constant looking back on the characters creation. To the general public (at least), the story of the characters creation is the most important, definitive dimension of the character.
Spider man was bitten by a radioactive spider. The Hulk was shot with Gamma rays. These are all examples of the basic knowledge most individuals have about comic book characters.
I know it is proper story-telling to introduce characters and dramatize again and again their beginnings or history, but with comics it seems to be a big thing to recreate the character (even if in the same vein) every so often (usually in another medium I guess).
While this brings new readers and maybe reminds current readers of why they enjoy the comic, I wonder if it discourages the developement of the character (i.e. a change that redefines the character and is generally unreversable or undefiable, even in the comic book world).
I'm not saying characters don't change, but it seems when it comes down to it, the characters are always in the shadow of their original creation. I don't if this mirrors real life or not (though one could suppose so in most cases).
"No more inventory counts. No more lost or misdirected shipments. No more guessing how much material is in the supply chain--or how much product is on the store shelves."
Wrong. Completely wrong. If you have ever worked for a major retailer, you will come to understand this reality.
ID's are not a panacea. You have to have a system of control and accountability over your inventory that makes use of a unique ID and checks itself constantly, forcing correction.
As a private user, you can filter whatever you want (and you should). There is nothing wrong with a blacklist. Misuse is not an issue for the end-user.
I directed my comments at those who control the access of many users, for whom they do not play authoritative social roles (such as a parent). These individuals have a responsibility to maintain their networks and service, not limit it.
"Those of us who use blacklists accept that there may occasionally be collateral damage."
Agreed. But it should not be the job if your ISP admins to decide that a given subnet will be blacklisted without sensible evidence (i.e. they should have reason, not merely suspicion). It is further irresponsible of them to allow a blacklist to make this decision for the customers.
Spam really brings out the worst in everyone - both those who recieve it, those who fight it, and those who send it.
But there are some mature Internet users who do not believe the way to solving things is running a DDoS against a party or blocking subnets carelessly. I do not know how many are on/. belong to this group, but I would include myself.
There is no panacea for spam. Sorry.
It is very unresponsible of any maintainer of a blacklist to target large IP blocks. There is no possible way to maintain such a list accurately without targeting innocent parties. Collateral damage is understandable, but it should also be looked down upon and avoided at great cost, not accepted. Imagine IPv6 blacklists.
Admins need to take the responsibility to make use of blacklists which are strict in the conservative sense (i.e. very specific). We can all understand this is not as effective as blacklisting the entire Internet.
This is really ridiculous and childish, except with adult repercussions. On the one hand, we have virtual fascism with blacklists. On the other, we have DDoS attacks to end them. And what does this do for the users? Nothing. More bandwidth wasted, more time diverted from the real issue, and disruptive communications.
The Internet is not a playground anymore. Some people actually use it for business, important communication, etc. We need to get serious, not extreme.
Is that how you want weapons to be used? - Without regard for ethics or morals?
Trolling about arms races and the destruction of the human race is one thing, but few ever seem to point out that perhaps humanity has some capability to not use these weapons.
"We should try to ensure that this is only done to suspected spams"
I am not sure that is 100% possible. In light of that reality, this might just punish any server, not necessarily attached directly to the spammer. For example, if I wanted to shutdown a site, couldn't I spam a million inboxes with that site's address?
I could see this solution, when mismanaged, merely creating lots of extra, meaningless traffic as well.
I am all for doing something to inconvenience spam, but it seems that the most effective solutions always come at a direct cost to everyone. For example, I have read about adding a small CPU penalty calculation for every email sent. This new solution isnt quite as distributed - it adds traffic to networks and places loads on servers, but its still a penalty.
I guess the real challenge is finding a way to penalize the spammers and no one else. Good thoughts, and honestly if my client supported a "punish mode," I think I would be tempted to use it with the same careless sense I apply delete.
There seems a constant rush to dump current consumer chips and move on to something faster (like Moore's Law needs to be held up). This does not represent the needs of mass consumers - it represents the interests of corporations who want cash to keep winding the cycle upwards for greater and continued profit.
There is nothing wrong with a chip that does not compete with the latest specs. So many people believe that they need stellar specs - they need reliable, cost-effective chips that do their math.
"To change to a new pool of IP addresses requires an industry overhaul even greater than that IT professionals went through to keep Y2K just a scare at the dawn of 2000."
(emphasis added)
Is this an accurate assessment? Will it really be that difficult a transition?
"'Spam, although it is a bad thing per se, is fostering the growth of the e-mail infrastructure,' he said."
I disagree with this positive outlook on spam. Technically, Dr. Fader is right: the infrastructure grows because spam forces it to do so.
This is not productive growth to me, it's just fat. One needs more bandwidth and processing capability to manage spam. This capacity could be used for other avenues, or the money spent someplace else. This is bad economics - something along the lines of the broken window fallacy.
I do think spammers have made us think smarter about email (a good thing), but we have paid for that in many ways. There are no net gains here - at least not from my perspective.
"the amount of tinkering required to solve [problems]..."
Honestly, I like the tinkering, configuring, and customization (I would do it anyway;). I almost feel cheated if I cannot change all the settings, disable anything, and generally do whatever I want.
Literacy does not make one intelligent - it is part of your comprehension of lanuage.
Messaging language simplifies and trivializes the expression langauge can provide. It sort of cans it. The practice also encourages redundancy.
The usage of messaging-style language is unavoidable in instant, trivial conversation.
IBM is following the trend towards a global market, or globalization (which is many confusing, nebulous things one buzzword).
Globalization tends toward equilibrium. This has two different meanings. One is for economists, and another is for everyone else. No, I did not arbitrarily decide this. I am just citing sources.
Equilibrium is... (from dictionary.com) "A condition in which all acting influences are canceled by others, resulting in a stable, balanced, or unchanging system."
This Economic textbook (Microeconomics, Gwartney, Stroup...) defines it as...
"A state in which conflicting forces are in balance... In equilibrium, it will be possible for both buyers and sellers to realize their choices simultaneously."
Economic equilibrium is a good thing. But the problem is the limits of reality upon the theory. There will always be obstacles to trade. Always. Since there will always be obstacles, there exists no mechanism to naturally allow all buyers and sellers to reach equilibrium - only some. This "some" may or may not increase with time.
Right now, the journey to equilibrium is crude and painful - partly a tool for the rich to expand and compete at the cost of the middle class and partly creating more competition. We get both, unfortunately.
It is also possible the progression to globalization will never end. It could get smoother (maybe if we all had the Internet at incredible speeds, the same government, etc.), but someone will always be losing money.
A vicious cycle? Maybe. Something we can fight? I am not spending my life trying.
What happens when something unexpected (or unexplainable) occurs - good/bad or just different? You want a human to be there, to analyze and experience the situation only like a sentient being can.
If you want to learn, you have to get your hands dirty. That is good science. Space is still new as a lab and field environment.
Considering that there are millions of consumers who are going sign up for this on their lunch break and throughout the day,/. may just be a drop in the bucket.
We should be thinking different. One reason the reaction to Apple's new machines is so positive is because Intel/AMD have made us believe their products are the performers, the standard of performance in the PC market. Suddenly we are brought back to reality and things actually are different.
Slashdot Mirror
I am all for full disclosure, security, open source, and better design and practices. But @stake and MS are all for money. Let's be honest, we cannot expect them to hire editorial writers to critique their business or clients. The media and /. can do that.
The national security thing is not the real reason. The real reason was the guy was going against his company's agenda. Practically their whole current business plan. If I worked for Walmart as PR (I don't, btw) and I wrote about how huge stores and cheap prices were contributing to the degredation and commercialization of American society, I would be fired.
This guy was a CTO at a security-consulting firm, and he published a paper talking about how insecure one of their client's (probably a big one) software was. Not just any critique (i.e. only technical implications) but a paper making the conclusions that MS software is a threat to national security and the economy. If he had added Iraq in there he would of had a platform for a presidential campaign. This wasn't a phrack article here. It was asking for attention - media attention.
When you ask for media attention and you involve your firm in a negative light, don't expect to keep your job.
btw, good for him.
The problem really stems from the fact that as soon as you mechanize the process, you have essentially hidden it from direct scrutiny (it's almost encapsulated). There is a layer of technical junk between you and the actual results.
And what is worse is the data is physically very sensitive (easy to destroy or tamper with). The fact that the information is drawn from many sources (all across the country), means a lot room for any sort of problem.
Unfortunately, any electronic voting system will probably never be open source. I do not think the government will show that kind of trust.
I think these voting machines may end up forcing recalls, albeit electronically, even though the Supreme Court clearly wants to prevent that kind of precedence (for good reason).
I'm sure if a study came out by [favorite open source entity] citing the same general claim about Linux and open source developement, /. would have no questions, only praise. So each camp brings its own version/view of the evidence to the table - nothing new about that.
The point being, these studies are generic (at best) - every application, developement team, and environment is different. Some individuals will naturally take more time with certain elements than others (thus, they might be percieved to cost more). Some applications will be made better than others - and it's hard to put that into numbers exactly.
Sometimes there is a viable and cost-saving commerical solution.
From the article:
"'I hope there will be a time when Adrian can do positive things that everyone agrees are positive,'"
This service analogy, or the positive light of the grey hacker's actions, does have some weight, as the hacker can inform the admins about the specific flaws of their system security.
But then again, any service should be prompted or invited. And a larger problem is this isn't just washing windows, these are problem areas, flaws, and security flaws at that. These might even give access to a company's dirty laundry. So not only is this service uninvited and not approved, it gives access to private company resources and information, and uses the security holes to get in.
Yes, I assume if security is the only dimension that your job entails, then this is all worth it. But to most people in charge, and arguably the general populace at large, this is an intrusion by illegal means.
I personally value my private virtual space. If you get on my computer and get into my root account, it's an intrusion. Yeah, I will listen to how you did it, but for your troubles you'll never use my computer again.
I did not make it to the article, so I am basing this comment upon the posted text.
"China has launched a systematic information warfare campaign against Taiwan"
That would be propoganda. Hackers, or more technically, computers, in China have launched an attack. Not the Chinese government, not the nation of China, a group of individuals using computers in China.
"'National intelligence has indicated that an army of hackers based...'"
Again, a little over the top with the "army of hackers" reference. This makes it seem like the hackers have some official link or even political cause.
"'If there's any lesson from this experience, it is not to use software developed in China or hire Chinese computer programmers,'"
Propoganda. Incredibly, this sort of logic would mean that living or working within a country means that you are a malicious agent of that country. Ludicrous.
Oh, and please do observe the editor who approved this article.
"Section 508 requires that Federal agencies' electronic and information technology is accessible to people with disabilities.
from section508.gov
After this the Federal Government created the Accessibility Forum to bring industry and government into some agreement and cooperation on standards, as well as highlight existing technology and its weaknesses.
I spoke with the original Accessibility Forum director and my first question was,"What about open source?"
He said that the major distributions of Linux would not have anything to do with it. It was a commerical field dominated by proprietary business-models. I explained to him that if the government took an initiative for open source software in this area, not just openly approved standards, the results could have global impact for the disabled community. If he really wanted to do something that would help people, I insisted, he should focus on making the technology open and free to use.
Interesting, he also said that the lady representing Microsoft was "a bitch."
I know this is a niche market, certainly much smaller in the open source world, but this is an area where open source software can really help humanity. Want good publicity for the cause? Want to get people to notice OSS and its decidely non-commerical interests? Want people who have never heard of Linux to try a live-linux distribution? Software such as pVoice is one way.
Computers are starting to affect everyone
Something I observe with comics is the constant looking back on the characters creation. To the general public (at least), the story of the characters creation is the most important, definitive dimension of the character.
Spider man was bitten by a radioactive spider. The Hulk was shot with Gamma rays. These are all examples of the basic knowledge most individuals have about comic book characters.
I know it is proper story-telling to introduce characters and dramatize again and again their beginnings or history, but with comics it seems to be a big thing to recreate the character (even if in the same vein) every so often (usually in another medium I guess).
While this brings new readers and maybe reminds current readers of why they enjoy the comic, I wonder if it discourages the developement of the character (i.e. a change that redefines the character and is generally unreversable or undefiable, even in the comic book world).
I'm not saying characters don't change, but it seems when it comes down to it, the characters are always in the shadow of their original creation. I don't if this mirrors real life or not (though one could suppose so in most cases).
"No more inventory counts. No more lost or misdirected shipments. No more guessing how much material is in the supply chain--or how much product is on the store shelves."
Wrong. Completely wrong. If you have ever worked for a major retailer, you will come to understand this reality.
ID's are not a panacea. You have to have a system of control and accountability over your inventory that makes use of a unique ID and checks itself constantly, forcing correction.
As a private user, you can filter whatever you want (and you should). There is nothing wrong with a blacklist. Misuse is not an issue for the end-user.
I directed my comments at those who control the access of many users, for whom they do not play authoritative social roles (such as a parent). These individuals have a responsibility to maintain their networks and service, not limit it.
"Those of us who use blacklists accept that there may occasionally be collateral damage."
Agreed. But it should not be the job if your ISP admins to decide that a given subnet will be blacklisted without sensible evidence (i.e. they should have reason, not merely suspicion). It is further irresponsible of them to allow a blacklist to make this decision for the customers.
I never much paid attention to editors. But you might consider it after looking at this story. Really, this is inane.
Spam really brings out the worst in everyone - both those who recieve it, those who fight it, and those who send it.
/. belong to this group, but I would include myself.
But there are some mature Internet users who do not believe the way to solving things is running a DDoS against a party or blocking subnets carelessly. I do not know how many are on
There is no panacea for spam. Sorry.
It is very unresponsible of any maintainer of a blacklist to target large IP blocks. There is no possible way to maintain such a list accurately without targeting innocent parties. Collateral damage is understandable, but it should also be looked down upon and avoided at great cost, not accepted. Imagine IPv6 blacklists.
Admins need to take the responsibility to make use of blacklists which are strict in the conservative sense (i.e. very specific). We can all understand this is not as effective as blacklisting the entire Internet.
This is really ridiculous and childish, except with adult repercussions. On the one hand, we have virtual fascism with blacklists. On the other, we have DDoS attacks to end them. And what does this do for the users? Nothing. More bandwidth wasted, more time diverted from the real issue, and disruptive communications.
The Internet is not a playground anymore. Some people actually use it for business, important communication, etc. We need to get serious, not extreme.
"without regards to ethics or morals?"
Is that how you want weapons to be used? - Without regard for ethics or morals?
Trolling about arms races and the destruction of the human race is one thing, but few ever seem to point out that perhaps humanity has some capability to not use these weapons.
"We should try to ensure that this is only done to suspected spams"
I am not sure that is 100% possible. In light of that reality, this might just punish any server, not necessarily attached directly to the spammer. For example, if I wanted to shutdown a site, couldn't I spam a million inboxes with that site's address?
I could see this solution, when mismanaged, merely creating lots of extra, meaningless traffic as well.
I am all for doing something to inconvenience spam, but it seems that the most effective solutions always come at a direct cost to everyone. For example, I have read about adding a small CPU penalty calculation for every email sent. This new solution isnt quite as distributed - it adds traffic to networks and places loads on servers, but its still a penalty.
I guess the real challenge is finding a way to penalize the spammers and no one else. Good thoughts, and honestly if my client supported a "punish mode," I think I would be tempted to use it with the same careless sense I apply delete.
There seems a constant rush to dump current consumer chips and move on to something faster (like Moore's Law needs to be held up). This does not represent the needs of mass consumers - it represents the interests of corporations who want cash to keep winding the cycle upwards for greater and continued profit.
There is nothing wrong with a chip that does not compete with the latest specs. So many people believe that they need stellar specs - they need reliable, cost-effective chips that do their math.
(emphasis added)
Is this an accurate assessment? Will it really be that difficult a transition?
I disagree with this positive outlook on spam. Technically, Dr. Fader is right: the infrastructure grows because spam forces it to do so.
This is not productive growth to me, it's just fat. One needs more bandwidth and processing capability to manage spam. This capacity could be used for other avenues, or the money spent someplace else. This is bad economics - something along the lines of the broken window fallacy.
I do think spammers have made us think smarter about email (a good thing), but we have paid for that in many ways. There are no net gains here - at least not from my perspective.
"the amount of tinkering required to solve [problems]..."
Honestly, I like the tinkering, configuring, and customization (I would do it anyway;). I almost feel cheated if I cannot change all the settings, disable anything, and generally do whatever I want.
"You obviously know nothing about ReiserFS."
/.), I purposely avoided making any judgements.
I didn't say one thing about ReiserFS. Not being an expert (and this being
On the record, the only opinion in my entire post was that it is easier to make something fast than it is to make something stable.
Perhaps I was too plain. This was not a judgement of ReiserFS. It was an opinion formulated by observation.
Literacy does not make one intelligent - it is part of your comprehension of lanuage. Messaging language simplifies and trivializes the expression langauge can provide. It sort of cans it. The practice also encourages redundancy. The usage of messaging-style language is unavoidable in instant, trivial conversation.
Exactly. RAM, CPU, and storage space are ever increasing. Now we need better ways to organize data, access it, protect it, and back it up.
The fact of the matter is, it is easier to make a fast system than a stable, reliable one.
Globalization tends toward equilibrium. This has two different meanings. One is for economists, and another is for everyone else. No, I did not arbitrarily decide this. I am just citing sources.
Equilibrium is... (from dictionary.com)
"A condition in which all acting influences are canceled by others, resulting in a stable, balanced, or unchanging system."
This Economic textbook (Microeconomics, Gwartney, Stroup...) defines it as...
"A state in which conflicting forces are in balance... In equilibrium, it will be possible for both buyers and sellers to realize their choices simultaneously."
Economic equilibrium is a good thing. But the problem is the limits of reality upon the theory. There will always be obstacles to trade. Always. Since there will always be obstacles, there exists no mechanism to naturally allow all buyers and sellers to reach equilibrium - only some. This "some" may or may not increase with time.
Right now, the journey to equilibrium is crude and painful - partly a tool for the rich to expand and compete at the cost of the middle class and partly creating more competition. We get both, unfortunately.
It is also possible the progression to globalization will never end. It could get smoother (maybe if we all had the Internet at incredible speeds, the same government, etc.), but someone will always be losing money.
A vicious cycle? Maybe. Something we can fight? I am not spending my life trying.
What happens when something unexpected (or unexplainable) occurs - good/bad or just different? You want a human to be there, to analyze and experience the situation only like a sentient being can.
If you want to learn, you have to get your hands dirty. That is good science. Space is still new as a lab and field environment.
I didn't use to be afraid of flying until now. I will probably be dropping a few pounds before I go on another plane.
I wonder how many perverts will find a way to get a job working behind one of these machines.
Considering that there are millions of consumers who are going sign up for this on their lunch break and throughout the day, /. may just be a drop in the bucket.
We should be thinking different. One reason the reaction to Apple's new machines is so positive is because Intel/AMD have made us believe their products are the performers, the standard of performance in the PC market. Suddenly we are brought back to reality and things actually are different.