most popular HD PPV are re-broadcast over internet feeds in near real time, sounds like your not using the the right application. By all means, what application are they using ? Just so we are on the same page, HDTV bitrates come at 20MBps upwards. This means for a smooth, uninterrupted play you need at least a 25 to 30 Mbps pipe, when you take overheads and buffers into account. Assuming I could get that type of connection (I can't), wouldn't be still cheaper to pay for the content ? If I were to watch pirated HDTV 10 hours a day, wouldn't my ISP take offense at my 3TB monthly transfer ? BTW, who is paying for the server bandwidth to distribute that content ? I certainly could not participate in a peer to peer system given my asymmetric VDSL connection, with only 1Mbps upload. If you understand the distinction between "near real time" (seconds to minutes delay on the live stream), and "off line" (say, a three hour bittorent download for a one hour show, available after the show ended), then please do let us know what application are these pesky pirates using.
What makes favoring Metacafe and YouTube over your BitTorrent peers not "politically driven shaping"? There's a reasonable expectation from the ISP's customers that when they click a Youtube link, the movie should play. The customer can't and won't load Youtube movies 24 hours a day, so I think it's reasonable to favor streaming, bursting traffic over bulk, sustained traffic. The ISP customers will not tolerate lagging Youtube clips, nor would they tolerate prices inflated by the requirement to give all customers constant bandwidth equal to their burst rate.
By politically driven shaping I mean any shaping that is not resulting from requirements of having different profiles of traffic share the pipe. Some traffic is bursty, must be fast, and customers expect and pay for that speed, even if they are only using it 0.5% of time. The volume traffic can be deprioritized without loosing much volume, except during peak hours. I think it's extremely favorable for me that I get to use the spare capacity not used by typical 40+ y/o subscribers, and I would hate to have to pay the "real" price, with no overselling, of providing a 40 MB pipe to every house.
On the other hand, there's no reasonable expectation from customers that two HTTP sites in the same ping range should be throtled differently. The ISP will do that only when it has commercial interests in what customers should access, and that is politically driven shaping.
has installed on its network since last fall, surreptitiously, a mechanism that deliberately slows down, at peak hours, the transfer speed of its subscribers' data. Yeah, as opposed to all other ISPs in the world, where the speed actually goes up during peak hours. Or, at the very least, you connection speed is guaranteed, no matter what protocol you are using or if the other endpoint is on the other side of the world.
To inspect the users' data and manage the Internet traffic, Bell uses a technology called Deep Packet Inspection (DPI) which breaches the right to privacy of the consumers using their Internet access services. Trafic shaping and prioritization is as old as the Internet, and it's here to stay. Heck, it's even built into TCP: when the numeber of connections goes up, the average speed decreases. It's perfectly legitimate for the ISP to throttle protocols that are considered less important, or to cap the band of traffic hogs.
The "depth" of the packet inspection is rather irrelevant. For example when prioritizing DNS packets, a standard network practice, the router will do a trivial packet inspection; who is to say where the inspection becomes "deep enough" to become privacy violating ? If you are sending clear-text, or trivially obfuscated streams of data trough your ISP, I see no privacy implications if the ISP will do some automated classification of data.
What, you don't agree with the classification made by your ISP, that 90% of bittorent packets goes to/dev/null ? To bad, I guess you should have read the contract before signing it. And you can be sure the contract allows them aggressive traffic shaping, and stipulates just a maximum speed you are allowed to use, no minimal guarantees. Unless you are a business customer, and pay a premium for that guaranteed minimal bandwidth.
I can understand an accusation of false advertising, but certainly no one can ask for the money back after signing a contract allowing for traffic shaping. Aggressive traffic shaping is not welcomed by the customer, and the customer will leave, it's a simple free market exercise - just vote with your wallet, and word of mouth will do the rest.
I don't know why some think Net neutrality means everyone should be able to download at full speed 24/7 from bittorrent. What I understand by net neutrality, is that my ISP should not be allowed to make politically driven shaping, I.E. favor Metacafe over Youtube, or block access to Ron Paul's site because they negotiated a contract with it's political adversaries. Otherwise, if you don't like the service your ISP gives you, with a protocol you chose, you are free to renegotiate your contract, or switch to another provider.
Anyone developing software designed to keep content locked down needs to realize that this is the kind of person they're up against. I don't understand why people insist DRM is an unattainable notion. It must be all those faulty software DRM schemes that were all eventually broken. Well guess what, hardware DRM is alive and kicking - and working, when implemented correctly. Hardware hacks are orders of magnitude harder to perform than software ones.
Economically, there are two trade-offs in DRM: 1. the cost of the hardware manufacturer to implement the DRM scheme, compared to the cost of the content he's trying to distribute 2. the cost for the DRM wannabe hacker (cracks, mod chips etc.), compared to just buying a legit copy.
There's no logic fault in saying that, for a certain type of content, with a certain cost, these two tradeoffs allow a DRM system to survive. That is, to cost small enough to implement as to not increase the cost of the content significantly, and high enough to circumvent, that the users rather pay than circumvent. This is not the same as "unbreakable", especially for the types of passionate hackers like Mr. Tarnovsky, but that's irrelevant.
Note that the 2. cost can benefit tremendously from an economy of scale, if it's enough for a single user to circumvent and distribute to all others. For example when the content is in a platform independent format (distribute decrypted music), or when the DRM system is implemented in software (distribute software crack).
This is not the case with, say, live High definition TV. Maybe someone can hack his topbox and have unlimited access to live Sports coverage, but he can't feed that content to me fast enough to be useful. So I need to hack my own topbox, and that could cost much more than the subscription to the sports channel.
Also, this is not the case with a console game, where I need, again, to perform my own hardware hacks. A mod chip costs significantly today, and when the GPU, CPU, RAM and DRM chip will be integrated on a single dye, a mod chip will be impossible, and one would need to hack his own silicon.
1. a. A religion or religious sect generally considered to be extremist or false, with its followers often living in an unconventional manner under the guidance of an authoritarian, charismatic leader.
b. The followers of such a religion or sect.
2. A system or community of religious worship and ritual.
3. The formal means of expressing religious reverence; religious ceremony and ritual.
4. A usually nonscientific method or regimen claimed by its originator to have exclusive or exceptional power in curing a particular disease.
5. a. Obsessive, especially faddish, devotion to or veneration for a person, principle, or thing.
b. The object of such devotion.
6. An exclusive group of persons sharing an esoteric, usually artistic or intellectual interest. The Scientologysts themselves always claimed to be 2. & 3. The whole point is that they are not, they are a profit-seeking corporation. I think the teen can use meaning 1. without qualifying as "threatening, abusive or insulting". This was, after all, an anti-Scientology demonstration. There's nothing insulting or abusive in calling your religion false, most form of orgnised religion claim that every other religion is wrong. Otherwise, it should be illegal to use any kind of signs of religious nature: if I have a poster declaring Cthulhu the only God and savior, that would imply you belief in The Spaghetti Monster as the only God and savior is wrong, thereby insulting or abusive.
I'm sorry, but every device out there should have two factory reset switches: Things like easy accessible switches and backup copies of the flash cost money. Granted, they don't cost very much, but when you are talking about millions of units things add up. Since these features are useless (i.e will never be used) for 99.9% of the customers, the market forces will act to remove them. Besides they are not really necessary if you simply engineer the old flash to accept only flashing with a digitally signed newer version. This takes a few KB of object code to implement, and will 100% block any type of software bricking, as long as the private key is secured by the manufacturer. Yes, I'd rather buy a locked down piece of hardware - that I'm not planing to run Linux on - instead of a 0.5$ more expensive or less secure, but open alternative.
In fact, the attack enumerates all ASP variables and tries to force a SQL payload in them, that in turn if executed adds the link to the malicious script to every textfield in the database. A very simple vulnerability scanner, if you like, targeting only ASP applications - thus the ISS spin. Since we don't see the LAMP version spreading I think we can safely conclude that no web application written in PHP with a MySQL back-end is currently vulnerable to any type of SQL injection.
Excuse me while I emerge myself in the synergistic experience of the new flash interface, and step into the 21st (maybe even 22nd) century, while leaving you the prisoners of the old web 1.0
Except this is not a NULL pointer exploit. It's rather irrelevant how exactly you obtain the address needed to overwrite your target: in this case, you add up your controlled offset to a NULL base obtained after a failed malloc(), but it's just a rare circumstance. I ask you this: if the malloc call did not fail, wouldn't he still had control over the offset ? That's the major vulnerability right there, and he added the integer overflow to get a NULL pointer from malloc in order to stabilize the exploit. A NULL pointer vulnerability means accessing things like object.member, where object is NULL, and the offset of member is fixed at compile time and/or small enough to fit in the few hundred unused memory pages that the 0 address is surrounded with. Any access in that arrea causes a page fault that can't be recovered from, and the OS terminates the application. This is not a new class of exploits, just a very complex and creative one.
If my email address is bob@example.com, the only machine that should be allowed to send mail proclaiming to be from example.com is example.com Never heard of mailing lists have you ?
...you must have smart friends who NEVER: Your smart friends must also never store your email address anywhere on their harddrive (for example, the browser cache), so that it can't be picked up by the spam sending bot that infected thier machine and does a global scan for "someone@somewhere". Or, only have friends that never get infected. Between the two, you can either: - have only geek friend - have no friends Take you pick - I don't know what's worst.
racism exists but we only fuel racism by carving out sectors of society by race and speaking to how disadvantaged they are. No amount of wishful thinking and pretends will make race inequality go away by itself. If there is a strong correlation between race and academic success - when common sense dictates that there should be no such correlation - we need to know why the hell it's that way: talking about it is a first step into fixing it. You position is basically like saying, disabled people in our town choose not to use the subway - the fact that there's no wheelchair access in the station has nothing to do with it. If there's no disabled person to be seen in the subway, and no black in a cube farm, we need to ask ourselves some questions - and simply asking the questions is not fueling discrimination, but helping us understand the problem, if there is one.
[quote]If there's something on a site I want but need a registration for, I will spend a comparatively ludicrous amount of time and effort on getting around the forced registration on principle alone.[/quote]... while the rest of us just register, maintain a good ratio, and get on with our lives. There's no "principle" behind letting every redneck plunder the bandwidth and effort of the community, while giving nothing back. The bottom line is simple: private trackers have much higher speeds because of the fourced seeding. If you can max out your puny download bandwidth on public trackers, while at the same time enjoy wasting your time in bypassing compulsory registration, then kudos to you. The registration system does not need to be airtight, just hard enough to generate for most people the above described effect: it should make sense to register, and be part of the community, because you get something back for it, and on the other hand, hacking the system should be hard enough not to warrant the rewards.
No more illegal than speaking Navajo over the phone to thwart eavesdroppers.
Will it become illegal to use an alternative operating system or antivirus software or even just common sense to deflect these payloads?
No more illegal than dumping the analog land line in favor of Skype.
Let's analyse this from the classic wiretapping perspective everyone can relate to. I personally agree with wiretapping: it's a very good compromise between the the loss of liberty and privacy versus it's utility in fighting real criminals. As long as solid procedures are followed to have my communication monitored (i.e. proper warrant and suspicion exists), I feel the risk of being snooped at by the State are negligible.
Whether you like it or not, in law enforcement there is frequently the need to monitor the suspect without letting him know he's monitored. Sure, you can obtain a warrant to search he's house, computer, etc. and convict him based on any evidence found, but at the same time, the news will spread like wildfire in the criminal organization, severely limiting the effectiveness of the taxpayer's law enforcing buck.
More to the point, monitoring someones computer is not as simple as using tcpdump on his broadband connection. The level of encryption present even in free consumer software effectively blocks any kind of monitoring, and the analogy with wiretapping simply does not hold - the only way to obtain the evidence is to monitor the computing device itself.
It's debatable if trojans are the ethical way to accomplish this - for example, they can be used to easily plant evidence, with very little chance to defend against it. What's not debatable is the right of the society to create and approve effective tools for law enforcement, with a reasonable privacy / effectiveness trade off.
Your privacy is not sacred: it's something that we, as a society, grant you as long as you don't anally rape our kids. (yeah, I know, the old TOTC - quite relevant here, I think:)
Shannon-shmannon. How dare you ! If you've read TFA you'll know this revolutionary technology not only increases the speed by a factor of 15 to 20 times, but also insures "overall client happiness". Amazing !
During the last decade the transfer speeds have not grown by a factor of 100.
I suspect a lot of that can be attributed to the market demand, rather than an actual technological limit. The size of the hard-drive is it's main metric, and the only thing that consumers look at, and of course the engineers will make a compromise size/speed/price. At the end of the day, what would you rather have:
A fast, 15.000 RPM, 16-Platter, energy hungry beast, that makes a horrifying sound every time you access a file (because of the large actuators need for small acces time)
A small and energy efficient 10x larger, 10x slower drive, fast enough for watching porn and browsing Slashdot
And if you really want the first option, you can have it as a SCSI, of course at a price premium since it won't benefit from the economy of scale the slow IDE drive has.
Not to mention the fact that plastic is much more expensive than oil. If you have plastic, simply recycle it and make expensive plastic instead of cheap oil, to be used in the manufacture of new plastic.
Even if they were, your average ISP would be much happier simply pocketing the difference to begin with.
Let's see now... What if they could pocket both the difference and the money from the adverts? The free market will sort everything out, of course: their increased revenue will help them better market the service to millions of clueless users that hardly know how to use a computer, much less to understand why many of the site they visit are broken. Mmm... clueless users... the advertisers will be ecstatic, and we will make even more money!
The habit of washing your hands after going to the bathroom has nothing to do with needing to clean off residue from going to the bathroom.
I'm of the George Carlin mentality that, unless I pissed all over my hands I don't necessarily think I should wash them. What the hell, my dick is clean and very sensitive to infection so I should wash my hands before touching it.
Slashdot Mirror
Just so we are on the same page, HDTV bitrates come at 20MBps upwards. This means for a smooth, uninterrupted play you need at least a 25 to 30 Mbps pipe, when you take overheads and buffers into account.
Assuming I could get that type of connection (I can't), wouldn't be still cheaper to pay for the content ? If I were to watch pirated HDTV 10 hours a day, wouldn't my ISP take offense at my 3TB monthly transfer ? BTW, who is paying for the server bandwidth to distribute that content ? I certainly could not participate in a peer to peer system given my asymmetric VDSL connection, with only 1Mbps upload.
If you understand the distinction between "near real time" (seconds to minutes delay on the live stream), and "off line" (say, a three hour bittorent download for a one hour show, available after the show ended), then please do let us know what application are these pesky pirates using.
By politically driven shaping I mean any shaping that is not resulting from requirements of having different profiles of traffic share the pipe. Some traffic is bursty, must be fast, and customers expect and pay for that speed, even if they are only using it 0.5% of time. The volume traffic can be deprioritized without loosing much volume, except during peak hours. I think it's extremely favorable for me that I get to use the spare capacity not used by typical 40+ y/o subscribers, and I would hate to have to pay the "real" price, with no overselling, of providing a 40 MB pipe to every house.
On the other hand, there's no reasonable expectation from customers that two HTTP sites in the same ping range should be throtled differently. The ISP will do that only when it has commercial interests in what customers should access, and that is politically driven shaping.
The "depth" of the packet inspection is rather irrelevant. For example when prioritizing DNS packets, a standard network practice, the router will do a trivial packet inspection; who is to say where the inspection becomes "deep enough" to become privacy violating ? If you are sending clear-text, or trivially obfuscated streams of data trough your ISP, I see no privacy implications if the ISP will do some automated classification of data.
What, you don't agree with the classification made by your ISP, that 90% of bittorent packets goes to
I can understand an accusation of false advertising, but certainly no one can ask for the money back after signing a contract allowing for traffic shaping. Aggressive traffic shaping is not welcomed by the customer, and the customer will leave, it's a simple free market exercise - just vote with your wallet, and word of mouth will do the rest.
I don't know why some think Net neutrality means everyone should be able to download at full speed 24/7 from bittorrent. What I understand by net neutrality, is that my ISP should not be allowed to make politically driven shaping, I.E. favor Metacafe over Youtube, or block access to Ron Paul's site because they negotiated a contract with it's political adversaries. Otherwise, if you don't like the service your ISP gives you, with a protocol you chose, you are free to renegotiate your contract, or switch to another provider.
Economically, there are two trade-offs in DRM:
1. the cost of the hardware manufacturer to implement the DRM scheme, compared to the cost of the content he's trying to distribute
2. the cost for the DRM wannabe hacker (cracks, mod chips etc.), compared to just buying a legit copy.
There's no logic fault in saying that, for a certain type of content, with a certain cost, these two tradeoffs allow a DRM system to survive. That is, to cost small enough to implement as to not increase the cost of the content significantly, and high enough to circumvent, that the users rather pay than circumvent. This is not the same as "unbreakable", especially for the types of passionate hackers like Mr. Tarnovsky, but that's irrelevant.
Note that the 2. cost can benefit tremendously from an economy of scale, if it's enough for a single user to circumvent and distribute to all others. For example when the content is in a platform independent format (distribute decrypted music), or when the DRM system is implemented in software (distribute software crack).
This is not the case with, say, live High definition TV. Maybe someone can hack his topbox and have unlimited access to live Sports coverage, but he can't feed that content to me fast enough to be useful. So I need to hack my own topbox, and that could cost much more than the subscription to the sports channel.
Also, this is not the case with a console game, where I need, again, to perform my own hardware hacks. A mod chip costs significantly today, and when the GPU, CPU, RAM and DRM chip will be integrated on a single dye, a mod chip will be impossible, and one would need to hack his own silicon.
1. a. A religion or religious sect generally considered to be extremist or false, with its followers often living in an unconventional manner under the guidance of an authoritarian, charismatic leader.
b. The followers of such a religion or sect.
2. A system or community of religious worship and ritual.
3. The formal means of expressing religious reverence; religious ceremony and ritual.
4. A usually nonscientific method or regimen claimed by its originator to have exclusive or exceptional power in curing a particular disease.
5. a. Obsessive, especially faddish, devotion to or veneration for a person, principle, or thing.
b. The object of such devotion.
6. An exclusive group of persons sharing an esoteric, usually artistic or intellectual interest. The Scientologysts themselves always claimed to be 2. & 3. The whole point is that they are not, they are a profit-seeking corporation.
I think the teen can use meaning 1. without qualifying as "threatening, abusive or insulting". This was, after all, an anti-Scientology demonstration. There's nothing insulting or abusive in calling your religion false, most form of orgnised religion claim that every other religion is wrong.
Otherwise, it should be illegal to use any kind of signs of religious nature: if I have a poster declaring Cthulhu the only God and savior, that would imply you belief in The Spaghetti Monster as the only God and savior is wrong, thereby insulting or abusive.
Besides they are not really necessary if you simply engineer the old flash to accept only flashing with a digitally signed newer version. This takes a few KB of object code to implement, and will 100% block any type of software bricking, as long as the private key is secured by the manufacturer. Yes, I'd rather buy a locked down piece of hardware - that I'm not planing to run Linux on - instead of a 0.5$ more expensive or less secure, but open alternative.
What's that song at the last part of the trailer?
In fact, the attack enumerates all ASP variables and tries to force a SQL payload in them, that in turn if executed adds the link to the malicious script to every textfield in the database. A very simple vulnerability scanner, if you like, targeting only ASP applications - thus the ISS spin.
Since we don't see the LAMP version spreading I think we can safely conclude that no web application written in PHP with a MySQL back-end is currently vulnerable to any type of SQL injection.
Ok, you non web-2.0-adopting retrograds... here's the html version:
http://www.comics.com/comics/dilbert/archive/index.html
Excuse me while I emerge myself in the synergistic experience of the new flash interface, and step into the 21st (maybe even 22nd) century, while leaving you the prisoners of the old web 1.0
Except this is not a NULL pointer exploit. It's rather irrelevant how exactly you obtain the address needed to overwrite your target: in this case, you add up your controlled offset to a NULL base obtained after a failed malloc(), but it's just a rare circumstance. I ask you this: if the malloc call did not fail, wouldn't he still had control over the offset ? That's the major vulnerability right there, and he added the integer overflow to get a NULL pointer from malloc in order to stabilize the exploit.
A NULL pointer vulnerability means accessing things like object.member, where object is NULL, and the offset of member is fixed at compile time and/or small enough to fit in the few hundred unused memory pages that the 0 address is surrounded with. Any access in that arrea causes a page fault that can't be recovered from, and the OS terminates the application.
This is not a new class of exploits, just a very complex and creative one.
...you must have smart friends who NEVER: Your smart friends must also never store your email address anywhere on their harddrive (for example, the browser cache), so that it can't be picked up by the spam sending bot that infected thier machine and does a global scan for "someone@somewhere". Or, only have friends that never get infected. Between the two, you can either:- have only geek friend
- have no friends
Take you pick - I don't know what's worst.
You position is basically like saying, disabled people in our town choose not to use the subway - the fact that there's no wheelchair access in the station has nothing to do with it.
If there's no disabled person to be seen in the subway, and no black in a cube farm, we need to ask ourselves some questions - and simply asking the questions is not fueling discrimination, but helping us understand the problem, if there is one.
[quote]If there's something on a site I want but need a registration for, I will spend a comparatively ludicrous amount of time and effort on getting around the forced registration on principle alone.[/quote] ... while the rest of us just register, maintain a good ratio, and get on with our lives. There's no "principle" behind letting every redneck plunder the bandwidth and effort of the community, while giving nothing back. The bottom line is simple: private trackers have much higher speeds because of the fourced seeding.
If you can max out your puny download bandwidth on public trackers, while at the same time enjoy wasting your time in bypassing compulsory registration, then kudos to you. The registration system does not need to be airtight, just hard enough to generate for most people the above described effect: it should make sense to register, and be part of the community, because you get something back for it, and on the other hand, hacking the system should be hard enough not to warrant the rewards.
That of course if Allah has nothing against millions of believers downloading porn on bittorrent at super-high speeds.
Let's analyse this from the classic wiretapping perspective everyone can relate to. I personally agree with wiretapping: it's a very good compromise between the the loss of liberty and privacy versus it's utility in fighting real criminals. As long as solid procedures are followed to have my communication monitored (i.e. proper warrant and suspicion exists), I feel the risk of being snooped at by the State are negligible.
Whether you like it or not, in law enforcement there is frequently the need to monitor the suspect without letting him know he's monitored. Sure, you can obtain a warrant to search he's house, computer, etc. and convict him based on any evidence found, but at the same time, the news will spread like wildfire in the criminal organization, severely limiting the effectiveness of the taxpayer's law enforcing buck.
More to the point, monitoring someones computer is not as simple as using tcpdump on his broadband connection. The level of encryption present even in free consumer software effectively blocks any kind of monitoring, and the analogy with wiretapping simply does not hold - the only way to obtain the evidence is to monitor the computing device itself.
It's debatable if trojans are the ethical way to accomplish this - for example, they can be used to easily plant evidence, with very little chance to defend against it. What's not debatable is the right of the society to create and approve effective tools for law enforcement, with a reasonable privacy / effectiveness trade off.
Your privacy is not sacred: it's something that we, as a society, grant you as long as you don't anally rape our kids. (yeah, I know, the old TOTC - quite relevant here, I think
I'm am 93 and I've worked on this, you insensitive clod.
Shannon-shmannon. How dare you !
If you've read TFA you'll know this revolutionary technology not only increases the speed by a factor of 15 to 20 times, but also insures "overall client happiness". Amazing !
At the end of the day, what would you rather have:
And if you really want the first option, you can have it as a SCSI, of course at a price premium since it won't benefit from the economy of scale the slow IDE drive has.
Not to mention the fact that plastic is much more expensive than oil.
If you have plastic, simply recycle it and make expensive plastic instead of cheap oil, to be used in the manufacture of new plastic.
Imagine the promotional campaign:
The sheer curiosity for the forbidden fruit can propel the game in the history books.
The free market will sort everything out, of course: their increased revenue will help them better market the service to millions of clueless users that hardly know how to use a computer, much less to understand why many of the site they visit are broken.
Mmm... clueless users... the advertisers will be ecstatic, and we will make even more money!
The greatest software in the world has indeed been written, and the importance of this breakthrough cannot be overestimated.
Try to call 1-888-5-OPTOUT.