How about a little dirtball who thinks its okay to sign up for a service, dissect the device, figure out how to hack it, use it for purposes other than agreed to and then whine when they ask for it back. It doesn't need to be a major corporation...now does it?
And, it is "proprietary" hardware not just their fscking "property". The software/firmware is proprietary to their device and is not in other similar devices on the market. They spent a lot of effort and money to develop the device and they are entitled to protect it and ask for it back when the contract is breached or terminated.
If he didn't have a contract, then why in the world would he give them his credit card number in the first place. Generally, you give your payment (cash, credit, whatever) when you agree to the terms of the sale or service.
Maybe he's interested in some swamp land in Florida or some prime wetlands in the middle of the Sahara desert. Anybody of someone willing to sell it to him him?
Ummmm....first, when you sign up, they tell the terms...in my case, it as $49.95/mo with the first two months at 1/2 price. They also tell you that they will be shipping you the modem and that they will charge you 24.95 for shipping and handling.
Then, they following it all up with a barrage of e-mails (if you have an e-mail account) or send you written notification (I got both).
Now, when you get your credit card bill, you have the opportunity to dispute the charges. If you don't, then there is an implied contract as you accept the charge and paid for it.
As for you them sending you something that you didn't request...that's BS...as you know you need the device to use their service and have already authorized the charges.
Well considering they claim that certain features of their DSL modem are patented (or are they patent pending), one can understand why they want their stuff back.
At the very least, it is proprietary hardware and they have the right to protect that.
As a Telocity (now DirectTV) customer, I have had zero problems with them. The contract makes it perfectly clear that they are providing you with a modem for use with their service without a rental fee (you did have to pay shipping and handling though...strange). I consider the modem a loaner without any monthly fee. And, I expect that I have to give it back if and when I terminate my contract with them.
When you lease a car, tv or whatever or borrow it from a neighbor, you are expected to return it when allotted time is up. Or, you are expected to pay for it if you want to keep it. Possession is not 9/10s of the law when a contract exists between the parties (oral or written).
Nothing beats the one time I tried to telnet into an old shell, attempted to logon, and after login failed I realized it was a different machine. The admin somehow or another ran a finger query on the shell machine I was logged onto and sent me email demanding to know who I was and why I was connected to his machine. There are some psychos out there..
Well, that would be me...Seriously, a single attempt is probably not enough to warrant the attention of the sysop. However, you say it was an "old shell". That would imply that you had no real business being there in the first place...right?
Take for example a recently released (and disgruntled employee). How often is somebody released from a company and the IT department is the last to know? Just why did that former employee log into an account that should have been terminated (just like they were)? As studies have shown, most attacks against corporate systems are by disgruntled workers. Personally, the admin who caught you should be commended for due diligence.
But, when is "enough" enough all ready? Do I freak on IDENT connections? No. Do I give a rats ass about ftp connections? Not until I see a repeated pattern or coupled with other activity (such as a full nmap SYN scan). Telnet or SSH attempts? I'm a little more wary and more opt to keep a closer watch. Of course, we should all be running SSH anyway if you leave our public interfaces accessible...right?
Now, onto the subject of port scans. If my computer where a house and a cop saw you going door to door checking the locks, you can be damned sure they'd stop you. It's called "probable cause". Since the laws on the books make it very hard to stop network attacks, the only real recourse is to report the attacks to their ISP. If their ISP is responsive, they are probably knocked offline for 24 hours or so. If it was innoculous, their access is restored. If not, then the little bastards have to find another ISP. Piss 'em off? Tough. That's one less cracker I have to deal with during their "cooling off" period.
I've used Interbase since 1996 and like it. If you follow the uninstall procedures (i.e run the uninstall program) as specified by Borland, then it uninstalls just fine and will not corrupt other database drivers. It's when people try to manually delete files that that they get into trouble. If you were using the BDE, manually uninstalling drivers is a bad thing in general and is not recommended.
Additionally, InterBase is not orphaned and is very much supported by Borland. I suggest you go to their website and see what they are offering. Last I checked, IB was running on a myriad of platforms and is included on the Kylix CD. I assume its also on the Delphi 6 CD...but as I don't have it...it's just an assumption.
If you are looking for a free alternative, I suggest you consider the FireBird project. It's essentially InterBase but based on the Open Sourced code. It runs under Linux and Windows.
Best tool to use for accessing InterBase or FireBird is Jason Wharton's InterBase Objects.
Finally, if you are running Windows, use a utility like CleanSweep to record your installation process. This will make a clean uninstall a piece of cake. One thing about Windows I really don't like is that there are no reference counts to files, libraries, or drivers. But, then again, I don't know of too many install programs or OS's that actually track this information. Oh well.
While Gibson does tend to get a little melodramatic at time, he does offer some useful services (ShieldsUp, OptOut, etc).
But, it is clear that his programming talents tend to rely upon higher level interfaces nor is he fully cognizant of other tools that are available for other platforms. He seems to concentrate on the Windows platform and does that pretty well. But, he's been talking about nanoprobes for sometime (at least a year) and nothing useful seems to have grown from it.
But, then again, who cares what the programming talent of a script kiddie is when its clear they simply use tools developed by more accomplished programmers for malicious intent.
It doesn't take much to climb into a large truck, turn the key, put it into gear and plow into oncoming traffic just to see how much damage you can do.
What we need are better, smarter tools to detect attacks and have them develop countermeasures against these attacks (sorta like iptrap but on a grander scale). Perhaps the "smart" tools could interface with ISPs to allow them to adapt and filter out the attacks thus preventing them from reaching customers? How would we do this? No clue.
And, we need ISPs who are accessible, have qualified individuals on staff, and willing to help in a timely fashion.
Finally, we need law enforcement with the means and wherewithall to be able to track down these punks and cut their cables permanently. If the attacks are gov't sanctioned, cut the frick'n cable to the country. Or, block all traffic out of known terroristic states. Eventually, the legitimate users will have had enough and demand a change.
Of course, remember when it was illegal to print the RSA algorithm on a tee shirt within the United States?
That was done in the name of National Security.
Here, it's done in the interest of stock holders.
Amazing to think that disclosure of something as simple as a mathmatical equation could land you in court, or worse, jail . And stock holders will profit from the fraud perpetuated as they go forward and manufacture devices incorporating this "secure" technology.
This is nothing. As an EE student, I developed a Write Only drive for the Macintosh 128 in 1985 that could store over 1TB of data. Problem is, I could never figure out how to get the data back out....
Seriously, this is pretty cool stuff. Are we on the way to "isolinear chips" of Star Trek fame?
I would have to concur that this article really did not hit its mark. The four sentence conclusion was a waste of digital storage space.
All this article did was cloud the decision making process for neophites even more.
Where the article should (or could) have gone is into detail on when to choose the various technologies. Why and when would I choose PHP over PERL over JAVA? What are the performance trade offs for using each? What language features does is support?
Paying a little more attention to meat rather than trying to get something published would have benefited us all a lot more.
RD
Re:Doesn't have to be black and white
on
Mood Home
·
· Score: 2
Very true. In fact, black (i.e. Flat Black) is not the most efficient absorber of solar energy (contrary to popular belief).
Back in the mid to late 70's when solar energy was at the forefront, I conducted experiments using various color solar panels (regional science fair competiton). My results were in line with the published material of the day...the most efficient color was flat leaf green.
When coupled with a laminar flow (rather than copper tubes) and non-UV absorbing glass, those collectors really worked well.
The following year I build a model solar home equipped with thermostats, a thermal storage tank (filled with eucletic salts) and automated skylights (not bad for a 9th grade experiment).
While I didn't win the competition that year in my category, I did discovery that the design of my solar home was highly earthquake resistant and it slid of the bus seat and wedged itself between seats after the competition. Also discovered that the space between school bus seats is actually very small as it took over an hour to extract my model home. Thought about that for the next year's experiments, but instead settled on a optical digital data transmission.
And, like, who's going to argue with an alien species that has the technology and wherewithal to travel thousands of light years?
While it may have worked in the movie "Independence Day", I doubt we'd have a real prayer if they decided that they wanted human shiskabob or something.
Interesting. And, you are right. When the VC's come along, more often than not, they are allowed to make decisions on your behalf (or you don't get the money).
Some of these decisions are aimed at bolstering other investments they have made. Some are based upon false information provided by the other companies. And, believe it or not, some are made with the intent of driving you into the ground so they can take a loss on their taxes.
While the last option does, unfortunately,happen, most VCs are in the game to make money. You end up selling your soul to many VCs and they drive the ship. In the end, you hope you make enough money to spin off a new venture that doesn't require the assistance of VCs.
Our economy is taking a downturn as most investors realize that the dot-coms were a shame and now are covering their losses. They are selling to extract their profits. Are we headed to a depression. I think not...but what the hell do I know. Soon the market will stabilize and we start the cycle all over again. All I know is that I can buy into the market right now at bargain prices. It's like 1984 all over again.
What world are you in? I know of very very facilities where there isn't at least one computer connected to the internet in some fashion. Plus, it isn't necesarrily the internet from where the intrusion will occur.
While I was in the military, we had a virus problem. We installed AV software on all machines. Every disk was scanned prior to sending them to the shore based communication facility.
Yet, invariably, when the disks were returned to us and we prepared new messages, the virus was back. As it turned out, the virus was on a PC at the communications facility and they were spreading it unwittingly. The internet was only an academic oddity then...so where do you think the virus came from?
Major corporations use MS software. Vigilent administrators are always downloading the latest security or critical update to keep their systems in top form.
The fact that the identity theft was not made public for almost two months is a scary thing. This means that if the original MS intruder got the OS or Word source code in the fall, they had plenty of time to make malicious modification.
Couple this with the hiccups on the web lately (DNS and router problems at major ISPs), and there is the potential for some serious damage to have been done. Has it? I don't know.
Similarly, if somebody managed to get a modified service pack out there, it could easily spread before the dame is realized just by the sheer goodwill nature of many admins to help others.
Scaremongery? In some respects, yes. But, the fact remains that our systems are vulnerable and only due vigilence will slow the tide of hacker attacks. For this potential scare, I do blame MS as they have known their identity has been compromised and their software does not handle CRLs. I blame Verisign for nonchalantly issuing a certificate in Microsoft's name without proper identify verification. As a result, there is a window of opportunity for damage to occur.
That so called "spanner in the works" could be as simple as somebody unwittingly upgrading their systems will altered software or having played a game with an embedded trojan program during those dull moments.
The manual control you refer to only applies if people are cognizant that there is a problem. If the altered software makes all appear fine, then you've got a real problem. Don't you? Now, couple this with undermanned facilities during the late night shift...get the point now?
It happend ten years ago on a military installation. Why can't it happen in the civilian workplace?
Sorry, you are incorrect. About a year and a half ago, somebody made alterations to a common utility (I don't remember which...sorry...but maybe somebody else out there does remember). The code was posted in CVS and downloaded by thousands before it was caught.
Fortunately, it *WAS* caught and the situation rectified by removing the malicious code and reposting on CVS. But, *IT* did get out there. Whenever you have a lot of complex code and many fingers in the pie, this situation can and does occur.
So, before you condemn me for my opinions, jump off your high horse and get a grasp on reality.
The argument that there are more eyes on the code and somebody will catch it is not necesarrily true. If the code looks beneign or appears to work as expected, that code probably will not be inspected.
Open Source, while a wonderful thing, is not immune to sculdugery any more than proprietary code if vigilence is not maintained to keep the code pure.
News of the latest Microsoft compromise should send shivers down all of our spines and makes us wonder if we are under cyberattack.
Some may argue that our PKI infrastructure is in need of review. Whether or not this is true, clearly we must consider whether the products we use can be considered safe. Microsoft is aggressively patching a hole in their Outlook product so that certificates can be checked against so-called "Certificate Revocation Lists". And, while many think CRLs are new, they are not. The specification for CRL's has been available since at least November, 1993. So, why has a critical feature of PKI infrastruction been overlooked?
The pattern of attack against Microsoft began last year. In an article "Microsoft Hack wasn't espionage" by Kevin Mitnick (Nov. 5, 2000), Kevin point out;
"Most newsworthy was the possibility that Microsoft's highly guarded source code was compromised and possibly misappropriated. The Wall Stree Journal reported that the hacker might have had access to Windows or Office 2000 source code...Only the hacker and, quite possibly, Microsoft know the real truth."
Today, on Security Focus, there's another article with the headline "White House: Hack attacks are new cold ware". The author, for those interested, is Kevin Poulsan.
In this article, it is stated that "Virtually every vital service- water supply, transportation, energy, banking and finance, telecommunications, public health -- all of these rely upon computers and fiber optic lines, switches and the routers that connect them. Corrupt those networks and you distrupt this nation.", Condoleezza Rice.
Our nation runs on computers. Many critical infrastructure systems can be compromised by the simple dismissal of a security warning about a "Microsoft Certificate". But, has anyone stopped to think that we may already been compromised?
Bind, that daemon that tells computers where to locate a resource, has been discovered to have flaws. Less than a month ago, there was a big concern that a well planned attack could take down the internet as we know it. If one recalls, there was an incident where an ISP on a South Pacific Island introducted false DNS data to redirect traffic to "their" servers.
If one of those servers was a spoofed "Microsoft Update" site and people casually dismissed that security warning that may have popped up on their screens (Hey, it's from Microsoft, right), millions may have download malicious code right into their operating systems, word processors, or whatever. Given the fact that the source code for Microsoft's OS and Word products may have been compromised in the fall of last year, it would give ample time to develop a functional trojan disguised as a security update or critical update.
Open Source developers aren't immune either. Occassionaly, some rogue hacker inserts malicious code into the linux kernel or utility source. If undetected, we may all be compiling in those changes and thereby compromising our systems as well.
Clearly, something needs to be done. Software that uses PKI must check CRLs for starters. Certificate vendors need to check identification a bit more closely. And, legislation must be enacted to reduce the liability to individuals whose digital certificates may have been compromised. Finally, the punishment for illegal use of a computer system and intentional computer virus, release should be punishable by severe mandatory sentences (20-25 years would be a start).
I have never been a strong advocate for cyberpolice. But, as the frequency of attacks and the damage estimates rise, it makes one wonder.
If I recall, there was an issue about a month ago where DNS entries were falsified by a foreign ISP resulting in web traffic being redirected (presumably to their servers).
If Microsoft has been compromised as of Jan 30th, what's the probability that their software updates website has been spoofed? Even if it hasn't happened, its food for thought.
And, if this event has occurred, all MS users could be effectively fsck'd if those "critical" updates were trojan in nature (or worse). Imagine the implications if your PC were happily sending all your correspondence, stock trades and other financial transactions to a foreign power. Imagine if you are a DOD or gov't employee or contractor (Or a high ranking politician). The potential for cyber-terrorism from this incident is rather extreme.
Not that I'm an alarmist or anything....but when did the stock market start taking a dive?
Correct me if am wrong, but unless your position dictates that you have fiduciary responsibility, then you have no such responsibility. That's like saying you can't quit working at McDonald's to work for Wendy's because McDonald's will take a loss because they aren't flipping enough burgers.
As an employee, you do have the responsibility to protect your company's assets. But, upon termination, only protected information (trade secrets), are legally protected.
In most states, non-compete agreements will not hold up in a court of law. They have ruled that a company can not stop another individual from earning a living in their chosen profession (thus depriving them of their rights).
You can not prevent someone from learning, either. But, depending upon how you are hired or what agreements you may have signed, you may be prevented from disclosing closely guarded information (i.e. trade secrets...like taking the Col. Sander's secret recipe to Cluck Cluck Chicken or something). However, if the receipe became common knowledge, then there is no basis for the non-compete and it would falter.
Unfortunately, it's a thin line and many of us don't have the resources to defend ourselves in court. Most companies are banking on this proposition. Others are smart enough not to even try as the losses for depriving an individual of their constitutional rights can be staggering.
More typically, you will find non-disclosure agreements. These must be limited (unless your a spook) as an all inclusive one will not hold up either.
A bigger problem is that as you progress up the management chain and disclose trade secrets, you may find your next job harder to obtain (or retain). And, what company would seriously trust you after you reveal the secrets of another? They'd hire you, get the information, and then let you go (can you say downsized?). Then, you're screwed as you're unemployed and not trusted...Not a good position to be in.
Whether the law says its legal or not, perspective employers still obtain more information about you from prior employers...They won't do it in an official capacity, but maybe over a beer or at an informal gathering.
This concept makes a lot of sense. Everyday, developers (commercial and open source) run the risk of infringing upon somebody's patent. And, in many cases, software patents have been wrongfully issued with no checks against prior art databases.
A central, searchable repository of open source concepts will slowdown the rate at which software patents are issued and raise the bar on what actually does get patented. If a software patents are to exist, then make the patent seeker work for it and prove they did something worthwhile.
As I see it, a $20 publishing fee is not such a bad investment if:
1) The database is truly searched for prior art before issuing a patent.
2) Existing software patents are actually revoked if prior art can be established because of a submission to this database.
3) It makes it easier for someone to find prior art as it relates to their development efforts.
I have no problem with individuals making money from the development efforts (Hell, I do). But, software patents are ludicrous and put us all at risk simply because we didn't patent an obvious concept (like Amazon's one-click concept). Thus, I do not support software patents in any way shape or form and they should be abolished.
In its place, I would rather see a system for enforcing recognition on the use of "patented" material as an acknowledgement of having come up with a great idea (and publishing it). But, there should be no financial penalty for use of "patented" software UNLESS the recognition/accredidation is not offered. In such cases, a heavy "license" and royalty fee may be pursued with all legal costs incurred by the violator.
I spent almost a week downloading Red Hat's 2.4.0 beta and getting it installed (all I really wanted was iptable support). And, after getting it installed and customizing it so it would actually work (Hey! It's a beta distro...) I was amazed at the overall speed and performance. But, iptables would not work (xinetd required a backpedel to an earlier version) and I was forced to use IPChains. As it is, the box is still sitting behind my firewall rather that on the front line.
Downloaded 2.4.1 and tried to compile it. It broke things in the RD distro. Downloaded the most current iptables and recompile the 2.4.0-99..whatever RH kernel. iptables still would not work.
Today, out of a whim, I downloaded and recompiled 2.4.2. Not only did it compile without any issues, but iptables works as well (imagine that).
Can't wait to see tomorrow if, when I reboot, that it tells me nfsstatd didn't start like 2.4.0 and 2.4.1 did when I recompiled. Well, I gotta see, recompiled the kernel from home and it just sounds too good to be true.
Well, its true...at least for the Saturn 1B. It was originally designed as an ICBM. I suspect you're right about the Saturn V...as it had an additional stage added on. The early Apollo missions (not moon bound) were launchedusing the 1B. If you recall, the Titan was also an ICBM. Yet, to this day, it is still a work horse for putting satellites in orbit.
Many people don't remember the Cold War...at least the kids of today only remember the "Wall" coming down. But, at its height, we had to worry about 100 megaton nukes being dropped on us by the Russians. Eventually, it was determined that MIRVs were the way to go as they did more damage over a larger area...yet with smaller warheads. But, there was this battle to build the largest nuke...some sort of prestige symbol I think. And, if I recall correctly, the Soviets layed claim to that prize.
Somewhere in the mid-70's, it was realized that smaller, more mobile launch vehicles made sense. They still had the Minuteman, but there was that mobile system under serious debate. We never built it (START I treaty), but the Soviets sure did (Before the START was signed).
FWIW, I grew up during that moon shot era. I had model Saturn V's, LM's, command modules...all the cool stuff. In 1972, my parents took me to Florida to the opening of Disney World. While in FL, we went to visit some friends we had met the prior year.
The father was an engineer for NASA and invited us to visit them in Cocoa Beach. He arranged visits for us to see all sorts of things....many were the common "tours" but he managed to get us up close and personal with a Saturn V as well in the Vertical Assembly building. Let me tell you...those things are huge. And, they were quite real. Originally designed to hurl very big nukes at the Russians...
There was also going to be an Atlas Centaur launch. While I was too young to be in the block house, I was permitted to observe the launch from a location in nearby Cocoa Beach. It was magnificient! My parents and older brother were permitted to view the launch from within a block house. The space program convinced me that I wanted to be a physicist (at least be schooled as one).
Almost thirty years later, my brother actually asked me about the so called "hoax". He pointed out the fact that there were no stars, that there were multiple shadows, etc.
He felt a little foolish when I was able to explain away these things with simple explainations (it's damned bright on the moon..washing out background starlight and sunlight reflecting off the lunar structures would cause multiple shadows if near enough.
But, as somebody else pointed out, our society is to willing to believe that facts don't matter. They all seem to have the desire to rewrite history into their making. Stalin and Lenin thought this was a great idea as did Breznev (remember how Kruzchev was written out of the history books). But, does anyone really think the Russians would let this one go if it weren't true?
But, those that saw the launches, watched the broadcasts, and participated in the recover (my old navy ship actually helped recover one of the Apollo missions...but before my time).
We put men, vehicles, golf clubs, and all sorts of things on the moon. But, isn't it strange that almost 30 years later, we have problems landing a probe on Mars...yet can land one on an asteroid. Could it be the the KISS principle is the best way to launch space vehicles?
So...while national priority has not been focused on NASA, we can all look up in the night sky and, if the orbit is correct, see the ISS whizzing by. Kinda cool...don't you think?
Slashdot Mirror
How about a little dirtball who thinks its okay to sign up for a service, dissect the device, figure out how to hack it, use it for purposes other than agreed to and then whine when they ask for it back. It doesn't need to be a major corporation...now does it?
And, it is "proprietary" hardware not just their fscking "property". The software/firmware is proprietary to their device and is not in other similar devices on the market. They spent a lot of effort and money to develop the device and they are entitled to protect it and ask for it back when the contract is breached or terminated.
If he didn't have a contract, then why in the world would he give them his credit card number in the first place. Generally, you give your payment (cash, credit, whatever) when you agree to the terms of the sale or service.
Maybe he's interested in some swamp land in Florida or some prime wetlands in the middle of the Sahara desert. Anybody of someone willing to sell it to him him?
Ummmm....first, when you sign up, they tell the terms...in my case, it as $49.95/mo with the first two months at 1/2 price. They also tell you that they will be shipping you the modem and that they will charge you 24.95 for shipping and handling.
Then, they following it all up with a barrage of e-mails (if you have an e-mail account) or send you written notification (I got both).
Now, when you get your credit card bill, you have the opportunity to dispute the charges. If you don't, then there is an implied contract as you accept the charge and paid for it.
As for you them sending you something that you didn't request...that's BS...as you know you need the device to use their service and have already authorized the charges.
Sorry...you don't own it.
Well considering they claim that certain features of their DSL modem are patented (or are they patent pending), one can understand why they want their stuff back.
At the very least, it is proprietary hardware and they have the right to protect that.
RD
As a Telocity (now DirectTV) customer, I have had zero problems with them. The contract makes it perfectly clear that they are providing you with a modem for use with their service without a rental fee (you did have to pay shipping and handling though...strange). I consider the modem a loaner without any monthly fee. And, I expect that I have to give it back if and when I terminate my contract with them.
When you lease a car, tv or whatever or borrow it from a neighbor, you are expected to return it when allotted time is up. Or, you are expected to pay for it if you want to keep it. Possession is not 9/10s of the law when a contract exists between the parties (oral or written).
Well, that would be me...Seriously, a single attempt is probably not enough to warrant the attention of the sysop. However, you say it was an "old shell". That would imply that you had no real business being there in the first place...right?
Take for example a recently released (and disgruntled employee). How often is somebody released from a company and the IT department is the last to know? Just why did that former employee log into an account that should have been terminated (just like they were)? As studies have shown, most attacks against corporate systems are by disgruntled workers. Personally, the admin who caught you should be commended for due diligence.
But, when is "enough" enough all ready? Do I freak on IDENT connections? No. Do I give a rats ass about ftp connections? Not until I see a repeated pattern or coupled with other activity (such as a full nmap SYN scan). Telnet or SSH attempts? I'm a little more wary and more opt to keep a closer watch. Of course, we should all be running SSH anyway if you leave our public interfaces accessible...right?
Now, onto the subject of port scans. If my computer where a house and a cop saw you going door to door checking the locks, you can be damned sure they'd stop you. It's called "probable cause". Since the laws on the books make it very hard to stop network attacks, the only real recourse is to report the attacks to their ISP. If their ISP is responsive, they are probably knocked offline for 24 hours or so. If it was innoculous, their access is restored. If not, then the little bastards have to find another ISP. Piss 'em off? Tough. That's one less cracker I have to deal with during their "cooling off" period.
I've used Interbase since 1996 and like it. If you follow the uninstall procedures (i.e run the uninstall program) as specified by Borland, then it uninstalls just fine and will not corrupt other database drivers. It's when people try to manually delete files that that they get into trouble. If you were using the BDE, manually uninstalling drivers is a bad thing in general and is not recommended.
Additionally, InterBase is not orphaned and is very much supported by Borland. I suggest you go to their website and see what they are offering. Last I checked, IB was running on a myriad of platforms and is included on the Kylix CD. I assume its also on the Delphi 6 CD...but as I don't have it...it's just an assumption.
If you are looking for a free alternative, I suggest you consider the FireBird project. It's essentially InterBase but based on the Open Sourced code. It runs under Linux and Windows.
Best tool to use for accessing InterBase or FireBird is Jason Wharton's InterBase Objects.
Finally, if you are running Windows, use a utility like CleanSweep to record your installation process. This will make a clean uninstall a piece of cake. One thing about Windows I really don't like is that there are no reference counts to files, libraries, or drivers. But, then again, I don't know of too many install programs or OS's that actually track this information. Oh well.
While Gibson does tend to get a little melodramatic at time, he does offer some useful services (ShieldsUp, OptOut, etc).
But, it is clear that his programming talents tend to rely upon higher level interfaces nor is he fully cognizant of other tools that are available for other platforms. He seems to concentrate on the Windows platform and does that pretty well. But, he's been talking about nanoprobes for sometime (at least a year) and nothing useful seems to have grown from it.
But, then again, who cares what the programming talent of a script kiddie is when its clear they simply use tools developed by more accomplished programmers for malicious intent.
It doesn't take much to climb into a large truck, turn the key, put it into gear and plow into oncoming traffic just to see how much damage you can do.
What we need are better, smarter tools to detect attacks and have them develop countermeasures against these attacks (sorta like iptrap but on a grander scale). Perhaps the "smart" tools could interface with ISPs to allow them to adapt and filter out the attacks thus preventing them from reaching customers? How would we do this? No clue.
And, we need ISPs who are accessible, have qualified individuals on staff, and willing to help in a timely fashion.
Finally, we need law enforcement with the means and wherewithall to be able to track down these punks and cut their cables permanently. If the attacks are gov't sanctioned, cut the frick'n cable to the country. Or, block all traffic out of known terroristic states. Eventually, the legitimate users will have had enough and demand a change.
Of course, remember when it was illegal to print the RSA algorithm on a tee shirt within the United States?
That was done in the name of National Security.
Here, it's done in the interest of stock holders.
Amazing to think that disclosure of something as simple as a mathmatical equation could land you in court, or worse, jail . And stock holders will profit from the fraud perpetuated as they go forward and manufacture devices incorporating this "secure" technology.
RD
This is nothing. As an EE student, I developed a Write Only drive for the Macintosh 128 in 1985 that could store over 1TB of data. Problem is, I could never figure out how to get the data back out....
Seriously, this is pretty cool stuff. Are we on the way to "isolinear chips" of Star Trek fame?
RD
I would have to concur that this article really did not hit its mark. The four sentence conclusion was a waste of digital storage space.
All this article did was cloud the decision making process for neophites even more.
Where the article should (or could) have gone is into detail on when to choose the various technologies. Why and when would I choose PHP over PERL over JAVA? What are the performance trade offs for using each? What language features does is support?
Paying a little more attention to meat rather than trying to get something published would have benefited us all a lot more.
RD
Very true. In fact, black (i.e. Flat Black) is not the most efficient absorber of solar energy (contrary to popular belief).
Back in the mid to late 70's when solar energy was at the forefront, I conducted experiments using various color solar panels (regional science fair competiton). My results were in line with the published material of the day...the most efficient color was flat leaf green.
When coupled with a laminar flow (rather than copper tubes) and non-UV absorbing glass, those collectors really worked well.
The following year I build a model solar home equipped with thermostats, a thermal storage tank (filled with eucletic salts) and automated skylights (not bad for a 9th grade experiment).
While I didn't win the competition that year in my category, I did discovery that the design of my solar home was highly earthquake resistant and it slid of the bus seat and wedged itself between seats after the competition. Also discovered that the space between school bus seats is actually very small as it took over an hour to extract my model home. Thought about that for the next year's experiments, but instead settled on a optical digital data transmission.
And, like, who's going to argue with an alien species that has the technology and wherewithal to travel thousands of light years?
While it may have worked in the movie "Independence Day", I doubt we'd have a real prayer if they decided that they wanted human shiskabob or something.
Interesting. And, you are right. When the VC's come along, more often than not, they are allowed to make decisions on your behalf (or you don't get the money).
Some of these decisions are aimed at bolstering other investments they have made. Some are based upon false information provided by the other companies. And, believe it or not, some are made with the intent of driving you into the ground so they can take a loss on their taxes.
While the last option does, unfortunately,happen, most VCs are in the game to make money. You end up selling your soul to many VCs and they drive the ship. In the end, you hope you make enough money to spin off a new venture that doesn't require the assistance of VCs.
Our economy is taking a downturn as most investors realize that the dot-coms were a shame and now are covering their losses. They are selling to extract their profits. Are we headed to a depression. I think not...but what the hell do I know. Soon the market will stabilize and we start the cycle all over again. All I know is that I can buy into the market right now at bargain prices. It's like 1984 all over again.
RD
What world are you in? I know of very very facilities where there isn't at least one computer connected to the internet in some fashion. Plus, it isn't necesarrily the internet from where the intrusion will occur.
While I was in the military, we had a virus problem. We installed AV software on all machines. Every disk was scanned prior to sending them to the shore based communication facility.
Yet, invariably, when the disks were returned to us and we prepared new messages, the virus was back. As it turned out, the virus was on a PC at the communications facility and they were spreading it unwittingly. The internet was only an academic oddity then...so where do you think the virus came from?
Major corporations use MS software. Vigilent administrators are always downloading the latest security or critical update to keep their systems in top form.
The fact that the identity theft was not made public for almost two months is a scary thing. This means that if the original MS intruder got the OS or Word source code in the fall, they had plenty of time to make malicious modification.
Couple this with the hiccups on the web lately (DNS and router problems at major ISPs), and there is the potential for some serious damage to have been done. Has it? I don't know.
Similarly, if somebody managed to get a modified service pack out there, it could easily spread before the dame is realized just by the sheer goodwill nature of many admins to help others.
Scaremongery? In some respects, yes. But, the fact remains that our systems are vulnerable and only due vigilence will slow the tide of hacker attacks. For this potential scare, I do blame MS as they have known their identity has been compromised and their software does not handle CRLs. I blame Verisign for nonchalantly issuing a certificate in Microsoft's name without proper identify verification. As a result, there is a window of opportunity for damage to occur.
That so called "spanner in the works" could be as simple as somebody unwittingly upgrading their systems will altered software or having played a game with an embedded trojan program during those dull moments.
The manual control you refer to only applies if people are cognizant that there is a problem. If the altered software makes all appear fine, then you've got a real problem. Don't you? Now, couple this with undermanned facilities during the late night shift...get the point now?
It happend ten years ago on a military installation. Why can't it happen in the civilian workplace?
Sorry, you are incorrect. About a year and a half ago, somebody made alterations to a common utility (I don't remember which...sorry...but maybe somebody else out there does remember). The code was posted in CVS and downloaded by thousands before it was caught.
Fortunately, it *WAS* caught and the situation rectified by removing the malicious code and reposting on CVS. But, *IT* did get out there. Whenever you have a lot of complex code and many fingers in the pie, this situation can and does occur.
So, before you condemn me for my opinions, jump off your high horse and get a grasp on reality.
The argument that there are more eyes on the code and somebody will catch it is not necesarrily true. If the code looks beneign or appears to work as expected, that code probably will not be inspected.
Open Source, while a wonderful thing, is not immune to sculdugery any more than proprietary code if vigilence is not maintained to keep the code pure.
News of the latest Microsoft compromise should send shivers down all of our spines and makes us wonder if we are under cyberattack.
Some may argue that our PKI infrastructure is in need of review. Whether or not this is true, clearly we must consider whether the products we use can be considered safe. Microsoft is aggressively patching a hole in their Outlook product so that certificates can be checked against so-called "Certificate Revocation Lists". And, while many think CRLs are new, they are not. The specification for CRL's has been available since at least November, 1993. So, why has a critical feature of PKI infrastruction been overlooked?
The pattern of attack against Microsoft began last year. In an article "Microsoft Hack wasn't espionage" by Kevin Mitnick (Nov. 5, 2000), Kevin point out;
"Most newsworthy was the possibility that Microsoft's highly guarded source code was compromised and possibly misappropriated. The Wall Stree Journal reported that the hacker might have had access to Windows or Office 2000 source code...Only the hacker and, quite possibly, Microsoft know the real truth."
Today, on Security Focus, there's another article with the headline "White House: Hack attacks are new cold ware". The author, for those interested, is Kevin Poulsan.
In this article, it is stated that "Virtually every vital service- water supply, transportation, energy, banking and finance, telecommunications, public health -- all of these rely upon computers and fiber optic lines, switches and the routers that connect them. Corrupt those networks and you distrupt this nation.", Condoleezza Rice.
Our nation runs on computers. Many critical infrastructure systems can be compromised by the simple dismissal of a security warning about a "Microsoft Certificate". But, has anyone stopped to think that we may already been compromised?
Bind, that daemon that tells computers where to locate a resource, has been discovered to have flaws. Less than a month ago, there was a big concern that a well planned attack could take down the internet as we know it. If one recalls, there was an incident where an ISP on a South Pacific Island introducted false DNS data to redirect traffic to "their" servers.
If one of those servers was a spoofed "Microsoft Update" site and people casually dismissed that security warning that may have popped up on their screens (Hey, it's from Microsoft, right), millions may have download malicious code right into their operating systems, word processors, or whatever. Given the fact that the source code for Microsoft's OS and Word products may have been compromised in the fall of last year, it would give ample time to develop a functional trojan disguised as a security update or critical update.
Open Source developers aren't immune either. Occassionaly, some rogue hacker inserts malicious code into the linux kernel or utility source. If undetected, we may all be compiling in those changes and thereby compromising our systems as well.
Clearly, something needs to be done. Software that uses PKI must check CRLs for starters. Certificate vendors need to check identification a bit more closely. And, legislation must be enacted to reduce the liability to individuals whose digital certificates may have been compromised. Finally, the punishment for illegal use of a computer system and intentional computer virus, release should be punishable by severe mandatory sentences (20-25 years would be a start).
I have never been a strong advocate for cyberpolice. But, as the frequency of attacks and the damage estimates rise, it makes one wonder.
RD
Alas, Outlook does not check CRLs (hence the need for a patch). Makes you feel real comfortable, doesn't it?
RD
If I recall, there was an issue about a month ago where DNS entries were falsified by a foreign ISP resulting in web traffic being redirected (presumably to their servers).
If Microsoft has been compromised as of Jan 30th, what's the probability that their software updates website has been spoofed? Even if it hasn't happened, its food for thought.
And, if this event has occurred, all MS users could be effectively fsck'd if those "critical" updates were trojan in nature (or worse). Imagine the implications if your PC were happily sending all your correspondence, stock trades and other financial transactions to a foreign power. Imagine if you are a DOD or gov't employee or contractor (Or a high ranking politician). The potential for cyber-terrorism from this incident is rather extreme.
Not that I'm an alarmist or anything....but when did the stock market start taking a dive?
RD
Bullshit.
Correct me if am wrong, but unless your position dictates that you have fiduciary responsibility, then you have no such responsibility. That's like saying you can't quit working at McDonald's to work for Wendy's because McDonald's will take a loss because they aren't flipping enough burgers.
As an employee, you do have the responsibility to protect your company's assets. But, upon termination, only protected information (trade secrets), are legally protected.
RD
In most states, non-compete agreements will not hold up in a court of law. They have ruled that a company can not stop another individual from earning a living in their chosen profession (thus depriving them of their rights).
You can not prevent someone from learning, either. But, depending upon how you are hired or what agreements you may have signed, you may be prevented from disclosing closely guarded information (i.e. trade secrets...like taking the Col. Sander's secret recipe to Cluck Cluck Chicken or something). However, if the receipe became common knowledge, then there is no basis for the non-compete and it would falter.
Unfortunately, it's a thin line and many of us don't have the resources to defend ourselves in court. Most companies are banking on this proposition. Others are smart enough not to even try as the losses for depriving an individual of their constitutional rights can be staggering.
More typically, you will find non-disclosure agreements. These must be limited (unless your a spook) as an all inclusive one will not hold up either.
A bigger problem is that as you progress up the management chain and disclose trade secrets, you may find your next job harder to obtain (or retain). And, what company would seriously trust you after you reveal the secrets of another? They'd hire you, get the information, and then let you go (can you say downsized?). Then, you're screwed as you're unemployed and not trusted...Not a good position to be in.
Whether the law says its legal or not, perspective employers still obtain more information about you from prior employers...They won't do it in an official capacity, but maybe over a beer or at an informal gathering.
This concept makes a lot of sense. Everyday, developers (commercial and open source) run the risk of infringing upon somebody's patent. And, in many cases, software patents have been wrongfully issued with no checks against prior art databases.
A central, searchable repository of open source concepts will slowdown the rate at which software patents are issued and raise the bar on what actually does get patented. If a software patents are to exist, then make the patent seeker work for it and prove they did something worthwhile.
As I see it, a $20 publishing fee is not such a bad investment if:
1) The database is truly searched for prior art before issuing a patent.
2) Existing software patents are actually revoked if prior art can be established because of a submission to this database.
3) It makes it easier for someone to find prior art as it relates to their development efforts.
I have no problem with individuals making money from the development efforts (Hell, I do). But, software patents are ludicrous and put us all at risk simply because we didn't patent an obvious concept (like Amazon's one-click concept). Thus, I do not support software patents in any way shape or form and they should be abolished.
In its place, I would rather see a system for enforcing recognition on the use of "patented" material as an acknowledgement of having come up with a great idea (and publishing it). But, there should be no financial penalty for use of "patented" software UNLESS the recognition/accredidation is not offered. In such cases, a heavy "license" and royalty fee may be pursued with all legal costs incurred by the violator.
RD
I spent almost a week downloading Red Hat's 2.4.0 beta and getting it installed (all I really wanted was iptable support). And, after getting it installed and customizing it so it would actually work (Hey! It's a beta distro...) I was amazed at the overall speed and performance. But, iptables would not work (xinetd required a backpedel to an earlier version) and I was forced to use IPChains. As it is, the box is still sitting behind my firewall rather that on the front line.
Downloaded 2.4.1 and tried to compile it. It broke things in the RD distro. Downloaded the most current iptables and recompile the 2.4.0-99..whatever RH kernel. iptables still would not work.
Today, out of a whim, I downloaded and recompiled 2.4.2. Not only did it compile without any issues, but iptables works as well (imagine that).
Can't wait to see tomorrow if, when I reboot, that it tells me nfsstatd didn't start like 2.4.0 and 2.4.1 did when I recompiled. Well, I gotta see, recompiled the kernel from home and it just sounds too good to be true.
RD
Well, its true...at least for the Saturn 1B. It was originally designed as an ICBM. I suspect you're right about the Saturn V...as it had an additional stage added on. The early Apollo missions (not moon bound) were launchedusing the 1B. If you recall, the Titan was also an ICBM. Yet, to this day, it is still a work horse for putting satellites in orbit.
Many people don't remember the Cold War...at least the kids of today only remember the "Wall" coming down. But, at its height, we had to worry about 100 megaton nukes being dropped on us by the Russians. Eventually, it was determined that MIRVs were the way to go as they did more damage over a larger area...yet with smaller warheads. But, there was this battle to build the largest nuke...some sort of prestige symbol I think. And, if I recall correctly, the Soviets layed claim to that prize.
Somewhere in the mid-70's, it was realized that smaller, more mobile launch vehicles made sense. They still had the Minuteman, but there was that mobile system under serious debate. We never built it (START I treaty), but the Soviets sure did (Before the START was signed).
RD
FWIW, I grew up during that moon shot era. I had model Saturn V's, LM's, command modules...all the cool stuff. In 1972, my parents took me to Florida to the opening of Disney World. While in FL, we went to visit some friends we had met the prior year.
The father was an engineer for NASA and invited us to visit them in Cocoa Beach. He arranged visits for us to see all sorts of things....many were the common "tours" but he managed to get us up close and personal with a Saturn V as well in the Vertical Assembly building. Let me tell you...those things are huge. And, they were quite real. Originally designed to hurl very big nukes at the Russians...
There was also going to be an Atlas Centaur launch. While I was too young to be in the block house, I was permitted to observe the launch from a location in nearby Cocoa Beach. It was magnificient! My parents and older brother were permitted to view the launch from within a block house. The space program convinced me that I wanted to be a physicist (at least be schooled as one).
Almost thirty years later, my brother actually asked me about the so called "hoax". He pointed out the fact that there were no stars, that there were multiple shadows, etc.
He felt a little foolish when I was able to explain away these things with simple explainations (it's damned bright on the moon..washing out background starlight and sunlight reflecting off the lunar structures would cause multiple shadows if near enough.
But, as somebody else pointed out, our society is to willing to believe that facts don't matter. They all seem to have the desire to rewrite history into their making. Stalin and Lenin thought this was a great idea as did Breznev (remember how Kruzchev was written out of the history books). But, does anyone really think the Russians would let this one go if it weren't true?
But, those that saw the launches, watched the broadcasts, and participated in the recover (my old navy ship actually helped recover one of the Apollo missions...but before my time).
We put men, vehicles, golf clubs, and all sorts of things on the moon. But, isn't it strange that almost 30 years later, we have problems landing a probe on Mars...yet can land one on an asteroid. Could it be the the KISS principle is the best way to launch space vehicles?
So...while national priority has not been focused on NASA, we can all look up in the night sky and, if the orbit is correct, see the ISS whizzing by. Kinda cool...don't you think?
RD