For every adult who can succesfully operate a computer, there are 20 5-year olds that have been doing just as long as they have, are more comfortable with it, and already signed up for their own hotmail account.
Thousands of potential attackers? You mean the company's customers? Well I guess, statistically speacking, that some of them could have used this information to hack the system, but it wasn't like he posted this to a hacker ring or splattered it on the front page of slashdot as soon as he discovered it. He told the company (which he worked for at the time) and six months later (when he wasn't working for them) they still hadn't fixed it. Now it obviouslly wasn't that hard of a fix concidering how fast the fixed it once he told their customers. And IMO the customers would want to know that something they were being told was secure was really not. If my bank had a screen door on the back of the vault that had no security cameras, I'd want to know so I wouldn't use them.
How was the mass email a crime? He didn't DoS them. He even went above and beyond to spred out the load so the email servers would not be slowed down. How is this any more of crime than spam? Granted, we don't like spam, but sending mass emails in and of itself is not a crime. The article did not mention him hacking into anything or causing any disruption of service. He didn't everything by the book. They are only after him because he made the company look bad, and someone in the company has a friend in the government to get this kind of response.
I don't think he took extreme measures at all. IMHO he took the next logical step. He showed it to his boss. They did nothing. Since he was no longer in a position of influence at the company (like he ever was before) he talked to the next logical group of people: the people directly effected by this. If he had posted this to/. or had sent it out to the underground hacker rings he would have definatly gone too far. But he only informed those most at risk for the company's screwup: the customers. The company is lucky he didn't report it to any big bug tracking organizations. A lot of people read that, both white and black hat hackers.
I say that if a company does not actively seek to fix a security hole within a reasonable amount of time, they deserve to be humiliated before their customers like this. The guy was only trying to put the customer first, and not the company's reputation. Hell, the customers could probably sue the company since they knew they weren't secure but kept advertising that they were. Damn marking droids.
I'm taking bets on how long till the first lawsuit comes out against the person or persons who wrote this helpful worm. I say it will happend before the people who wrote the destructive worms are even arrested.
All the beavers where run out of town by all the damn nutria (sp?) that got let loose in the 50's when they stopped being the "cool" pet to own. I've seen dozens of those things every time I get new a river or a pond. They look just like beavers, but they have a rat-like tail.
Yes, that is the trick, but what percentage of IT departments have been able to do this? Unless you were already settup like that before the bubble burst, you probably are so busy just keeping the whole foundation from crumbling around everyone that you have little time to think about what kind of wallpaper and furniture you want to put in the house above the foundation. To goto a really nice setup where you can do everything remotely and the users can never harm the system would require a complete rebuild of the network and systems, which I guarenty you will take more than a long weekend. Add to that the horrible understaffing that most IT departments are faced with and lack of proper funds and you are pretty much stuck with whatever system you have in place right now.
Nope, sorry, can't do that. It's one of those industry jokes that everyone knows about. Even students in India learn this joke (I'm referring to any EE/CS students). You can't kill a joke this one. Ever.
Because any yahoo with enough money could drag you to court and keep you there for years and years over something they know is false, but you still have to take the time to goto court and most likely pay an expensive lawyer during all this time. Doesn't matter if its over source code, a book that you wrote, or something you said. In the end you might win, but by no means is justice free.
A good test of a new program is how easy it is to use the first time you sit down with it.
With MS Money (now there's a scary term;)), everything seemed logical, easy to use, and down right intuitive. Sure, they weren't perfect and they is plenty of room for improvement, but it was a good program that was almost fun to use.
With GnuCash, I had to fight to use the program. The whole layout/ideology seemed very odd if not completely stupid. I didn't want to spend half a day fighting with the program on setting up accounts or entering transactions just to do what MS money let me do in just a few minutes of setup. And just FYI, I hadn't used MS Money is about 3 years when I sat down with GnuCas just a few months ago, so the reason I was fighting the program was not because I was used the the MS way.
Make the money management program simple to use for simple things, and let it make complex things doable. GnuCash does not do this. Neither does MS Money. But at least MS Money let me do the simple things simply without having to fight it. I for one would be glad to see GnuCash follow MS Money in that respect, and then watch it surpass MS Money.
I think another point that needs to be remembered is the intent of the expression of opinion. If I say "I wish someone would kill Bill Gates" and then someone, somewhere killed him, I would not be held liable for his death. Even if I said "I think Bill Gates should be kill", I"m still protected. Now, if I tell a psycopath to kill Bill Gates knowing that he is likely to actually try it, I then become accessory to the act. If a person is angry with the government and expresses his desire to blow things up or even says people should blow things up and provides instructions to how to make bombs, he still hasn't crossed that line where he knows that it will result in people making bombs and blowing things up. He is much closer to it, but until he knows that someone will, he hasn't committed any crime.
Re:seriously screwed up action
on
Linking Dangerously
·
· Score: 5, Informative
But the word "peaceably" is not attached to the right to free speech or press. It is only attached to the right for the people to peaceably assmble (ie, it's ok to stand outside Congress and protest something, but not ok to start a riot over it).
You could argue that the "you can't shout fire in a crowded theather" refinement the Supreme Court has added would also cover bomb making instructions, but I disagree. You can't shout fire because it would cause direct damage to people (stampeed). But knowing how to make a bomb and posessing instructions on how to make a bomb and even sharing those instructions/knowledge does not cause direct damage to other people. A person would have to choose to make that bomb and then use it to hurt others. Let me highlight that special word: choose. Having knowledge or sharing it is not the same as hurting someone directly.
Kindergarten Monitor == Really bored prof with tenure:)
Re:Off topic, but in the same article
on
In-Flight Reboot?
·
· Score: 1
Ever hear of a thing called being descrete? Not all military operations can be the big, loud bundles of energy and activity that you are describing. I guarenty you that a group of soldiers riding around in a big, loud armored vehicle will not do a good job trying to find the last hiding members of the Taliban or of Saddam's inner circle. They would hear them from miles away and could run. A group of soldiers on foot who can "move among the people" without causing a huge disturbance are much more likely to get to where the bad guys are before they can be spotted. Plus they are a lot cheaper to deploy (only need their guns, a knife and their clothes) than a big tank (goto ship it over, fuel it, maintain it, etc).
Need more proof? Find yourself a Marine and tell him you don't think he's that tough because he doesn't ride around inside a tank. You'll get to see just how tough those guys can be.:)
I've got news for the district: the plan is already in existance. They're called "parents".
Parents are too busy making money at work to watch the little people the brought into the world. If you want to get their attention, start charging them money.
Exactly. I'm currently doing a very nice sized project in Perl (currently over 3,000 lines of code, inline documentation(thanks POD!), and debug lines), and I am adhering to a very strict design pattern because I know that I am not going to be the one to maintain this for the next several years. Perl is great at quick little hacks that help make your life simpler without thinking too hard. But that doesn't prevent Perl from being used in a full blown project just like any other language such as C, C++, Java, etc. It all boils down to what the programmers are like. If they were the kind that would make variables names like "hg56sss_str", then they will continue to do so in Perl, and to an even more maddening extent since Perl gives them greater freedom to be creative.
You have to be careful about those programs. Turns out, most of them just ship stuff like that over to China and other Asian countries and dump them in their landfills! Same with most electronic recycling programs. You wouldn't believe the mounts of old electronics I've seen in pictures from over there. It really is a very serious problem. So don't contribute to the problem by using these shady recycling programs. They don't really recycle since it is MUCH too expensive to recycle the contents of these used batteries, and extremely cheap (or free!) to just dump them on some other poor country.
I've heard of some people that actually generate MORE energy then they use in their homes. The electric company will actually buy that excess power from you, if you stay connected to the grid that is, making solar power, for a few anyway, actually profitable! But I doubt the electric companies will buy everyone's excess energy if everyone did that, because then they wouldn't have anyone to sell it back to.
I think you are right. For most people it is very close. We are still at that stage where the more intelligent users, the ones who can switch to Linux and be happy, will figure out all the little tricks and quarks and help the distro people fix/roll-in those needed changes. Give it a year and even my mom will be able to use it at the pace Linux has been advancing.
And what you are missing is that all money purchases have to go through the PHB. And in this time of IT budget cuts, you have to proove to them that what you want is 1) cost effective and 2) needed. Sure the server side stuff is free which is good, so you get number 1. Then you have to convince them that it also satisfies number 2, which in this case it doesn't. If you are a large group/company, you already have paid your money to MS to buy an Exchange server and get it setup and maintained. That money is already out the door. Doesn't cost anything to replace it at the server side, but it does cost money to make the desktops work with it. That says to the PHB that it's going to cost MORE money now to get less functionality (if they understand that word that is). This is why it won't get past the PHB. Now, if you were a brand new company or you were one of the few who were getting rid of MS *cough*Munich*cough*, then this is a great solution. You will get both server and client for free, with will satisfy both number 1 and number 2.
I do agree with you that is it better to have them working in the court of public opinion instead of the court of law, but not by much.
Propaganda campaigns can actually have a worse effect on society than laws. If someone stands up and shots a big lie loud enough and long enough people will start to believe it. After they stand up and shout that downloading movies is what is killing artists and their creativity at the top of their lungs for several months, the average person is going to believe their FUD. They will start viewing little Johnny as being a horrible ciminal just because he downloads T3 on the net instead of pay the $10 to see it in the theater. It will distract from the real problems: their business models are starting to fail, so they are raising the prices to make up for it. But they can use this FUD to keep raising the prices and keep blaming it on the P2P filesharers, and people will believe them. Then, when they do shift to the court of law, the general public will be more inclined to accept their proposed laws letting them go after file traders and pirates, and letting them treat the file traders as terrorists or murderers.
This can seem harmless or at least less anoying at first, but it can get very scary down the road.
High water intake is good, but don't ignore your body and try to meet some artifical intake amount. They actually found that there is ZERO medical studies or evidence that 8 glasses a day is what the body needs. They concluded that 8 glasses idea came from a magazine or something, and not from a medical source. If your not thirsty, don't drink. It's as simple as that.
Oh, and lay off the coffee. In fact, don't drink any at all! After cutting the coffee intake and upping the water intake, you'll find yourself feeling very different!
Slashdot Mirror
For every adult who can succesfully operate a computer, there are 20 5-year olds that have been doing just as long as they have, are more comfortable with it, and already signed up for their own hotmail account.
Thousands of potential attackers? You mean the company's customers? Well I guess, statistically speacking, that some of them could have used this information to hack the system, but it wasn't like he posted this to a hacker ring or splattered it on the front page of slashdot as soon as he discovered it. He told the company (which he worked for at the time) and six months later (when he wasn't working for them) they still hadn't fixed it. Now it obviouslly wasn't that hard of a fix concidering how fast the fixed it once he told their customers. And IMO the customers would want to know that something they were being told was secure was really not. If my bank had a screen door on the back of the vault that had no security cameras, I'd want to know so I wouldn't use them.
How was the mass email a crime? He didn't DoS them. He even went above and beyond to spred out the load so the email servers would not be slowed down. How is this any more of crime than spam? Granted, we don't like spam, but sending mass emails in and of itself is not a crime. The article did not mention him hacking into anything or causing any disruption of service. He didn't everything by the book. They are only after him because he made the company look bad, and someone in the company has a friend in the government to get this kind of response.
I don't think he took extreme measures at all. IMHO he took the next logical step. He showed it to his boss. They did nothing. Since he was no longer in a position of influence at the company (like he ever was before) he talked to the next logical group of people: the people directly effected by this. If he had posted this to /. or had sent it out to the underground hacker rings he would have definatly gone too far. But he only informed those most at risk for the company's screwup: the customers. The company is lucky he didn't report it to any big bug tracking organizations. A lot of people read that, both white and black hat hackers.
I say that if a company does not actively seek to fix a security hole within a reasonable amount of time, they deserve to be humiliated before their customers like this. The guy was only trying to put the customer first, and not the company's reputation. Hell, the customers could probably sue the company since they knew they weren't secure but kept advertising that they were. Damn marking droids.
I'm taking bets on how long till the first lawsuit comes out against the person or persons who wrote this helpful worm. I say it will happend before the people who wrote the destructive worms are even arrested.
All the beavers where run out of town by all the damn nutria (sp?) that got let loose in the 50's when they stopped being the "cool" pet to own. I've seen dozens of those things every time I get new a river or a pond. They look just like beavers, but they have a rat-like tail.
Yes, that is the trick, but what percentage of IT departments have been able to do this? Unless you were already settup like that before the bubble burst, you probably are so busy just keeping the whole foundation from crumbling around everyone that you have little time to think about what kind of wallpaper and furniture you want to put in the house above the foundation. To goto a really nice setup where you can do everything remotely and the users can never harm the system would require a complete rebuild of the network and systems, which I guarenty you will take more than a long weekend. Add to that the horrible understaffing that most IT departments are faced with and lack of proper funds and you are pretty much stuck with whatever system you have in place right now.
Nope, sorry, can't do that. It's one of those industry jokes that everyone knows about. Even students in India learn this joke (I'm referring to any EE/CS students). You can't kill a joke this one. Ever.
As long as it was only black smoke and not the "magic" smoke that makes all electrical and electronic devices work they should be just fine :)
Because any yahoo with enough money could drag you to court and keep you there for years and years over something they know is false, but you still have to take the time to goto court and most likely pay an expensive lawyer during all this time. Doesn't matter if its over source code, a book that you wrote, or something you said. In the end you might win, but by no means is justice free.
A good test of a new program is how easy it is to use the first time you sit down with it.
;)), everything seemed logical, easy to use, and down right intuitive. Sure, they weren't perfect and they is plenty of room for improvement, but it was a good program that was almost fun to use.
With MS Money (now there's a scary term
With GnuCash, I had to fight to use the program. The whole layout/ideology seemed very odd if not completely stupid. I didn't want to spend half a day fighting with the program on setting up accounts or entering transactions just to do what MS money let me do in just a few minutes of setup. And just FYI, I hadn't used MS Money is about 3 years when I sat down with GnuCas just a few months ago, so the reason I was fighting the program was not because I was used the the MS way.
Make the money management program simple to use for simple things, and let it make complex things doable. GnuCash does not do this. Neither does MS Money. But at least MS Money let me do the simple things simply without having to fight it. I for one would be glad to see GnuCash follow MS Money in that respect, and then watch it surpass MS Money.
I think another point that needs to be remembered is the intent of the expression of opinion. If I say "I wish someone would kill Bill Gates" and then someone, somewhere killed him, I would not be held liable for his death. Even if I said "I think Bill Gates should be kill", I"m still protected. Now, if I tell a psycopath to kill Bill Gates knowing that he is likely to actually try it, I then become accessory to the act. If a person is angry with the government and expresses his desire to blow things up or even says people should blow things up and provides instructions to how to make bombs, he still hasn't crossed that line where he knows that it will result in people making bombs and blowing things up. He is much closer to it, but until he knows that someone will, he hasn't committed any crime.
But the word "peaceably" is not attached to the right to free speech or press. It is only attached to the right for the people to peaceably assmble (ie, it's ok to stand outside Congress and protest something, but not ok to start a riot over it).
You could argue that the "you can't shout fire in a crowded theather" refinement the Supreme Court has added would also cover bomb making instructions, but I disagree. You can't shout fire because it would cause direct damage to people (stampeed). But knowing how to make a bomb and posessing instructions on how to make a bomb and even sharing those instructions/knowledge does not cause direct damage to other people. A person would have to choose to make that bomb and then use it to hurt others. Let me highlight that special word: choose. Having knowledge or sharing it is not the same as hurting someone directly.
Unix/Linux is VERY user friendly. It's just picky about who it conciders a friend :)
Big Brother == Federal Government
:)
Little Brother == State Government
Kindergarten Monitor == Really bored prof with tenure
Ever hear of a thing called being descrete? Not all military operations can be the big, loud bundles of energy and activity that you are describing. I guarenty you that a group of soldiers riding around in a big, loud armored vehicle will not do a good job trying to find the last hiding members of the Taliban or of Saddam's inner circle. They would hear them from miles away and could run. A group of soldiers on foot who can "move among the people" without causing a huge disturbance are much more likely to get to where the bad guys are before they can be spotted. Plus they are a lot cheaper to deploy (only need their guns, a knife and their clothes) than a big tank (goto ship it over, fuel it, maintain it, etc).
:)
Need more proof? Find yourself a Marine and tell him you don't think he's that tough because he doesn't ride around inside a tank. You'll get to see just how tough those guys can be.
I've got news for the district: the plan is already in existance. They're called "parents".
Parents are too busy making money at work to watch the little people the brought into the world. If you want to get their attention, start charging them money.
Exactly. I'm currently doing a very nice sized project in Perl (currently over 3,000 lines of code, inline documentation(thanks POD!), and debug lines), and I am adhering to a very strict design pattern because I know that I am not going to be the one to maintain this for the next several years. Perl is great at quick little hacks that help make your life simpler without thinking too hard. But that doesn't prevent Perl from being used in a full blown project just like any other language such as C, C++, Java, etc. It all boils down to what the programmers are like. If they were the kind that would make variables names like "hg56sss_str", then they will continue to do so in Perl, and to an even more maddening extent since Perl gives them greater freedom to be creative.
You have to be careful about those programs. Turns out, most of them just ship stuff like that over to China and other Asian countries and dump them in their landfills! Same with most electronic recycling programs. You wouldn't believe the mounts of old electronics I've seen in pictures from over there. It really is a very serious problem. So don't contribute to the problem by using these shady recycling programs. They don't really recycle since it is MUCH too expensive to recycle the contents of these used batteries, and extremely cheap (or free!) to just dump them on some other poor country.
I've heard of some people that actually generate MORE energy then they use in their homes. The electric company will actually buy that excess power from you, if you stay connected to the grid that is, making solar power, for a few anyway, actually profitable! But I doubt the electric companies will buy everyone's excess energy if everyone did that, because then they wouldn't have anyone to sell it back to.
I think you are right. For most people it is very close. We are still at that stage where the more intelligent users, the ones who can switch to Linux and be happy, will figure out all the little tricks and quarks and help the distro people fix/roll-in those needed changes. Give it a year and even my mom will be able to use it at the pace Linux has been advancing.
But they have done the equivalent of a million years of computation. They just did it in parallel :)
And what you are missing is that all money purchases have to go through the PHB. And in this time of IT budget cuts, you have to proove to them that what you want is 1) cost effective and 2) needed. Sure the server side stuff is free which is good, so you get number 1. Then you have to convince them that it also satisfies number 2, which in this case it doesn't. If you are a large group/company, you already have paid your money to MS to buy an Exchange server and get it setup and maintained. That money is already out the door. Doesn't cost anything to replace it at the server side, but it does cost money to make the desktops work with it. That says to the PHB that it's going to cost MORE money now to get less functionality (if they understand that word that is). This is why it won't get past the PHB. Now, if you were a brand new company or you were one of the few who were getting rid of MS *cough*Munich*cough*, then this is a great solution. You will get both server and client for free, with will satisfy both number 1 and number 2.
I do agree with you that is it better to have them working in the court of public opinion instead of the court of law, but not by much.
Propaganda campaigns can actually have a worse effect on society than laws. If someone stands up and shots a big lie loud enough and long enough people will start to believe it. After they stand up and shout that downloading movies is what is killing artists and their creativity at the top of their lungs for several months, the average person is going to believe their FUD. They will start viewing little Johnny as being a horrible ciminal just because he downloads T3 on the net instead of pay the $10 to see it in the theater. It will distract from the real problems: their business models are starting to fail, so they are raising the prices to make up for it. But they can use this FUD to keep raising the prices and keep blaming it on the P2P filesharers, and people will believe them. Then, when they do shift to the court of law, the general public will be more inclined to accept their proposed laws letting them go after file traders and pirates, and letting them treat the file traders as terrorists or murderers.
This can seem harmless or at least less anoying at first, but it can get very scary down the road.
High water intake is good, but don't ignore your body and try to meet some artifical intake amount. They actually found that there is ZERO medical studies or evidence that 8 glasses a day is what the body needs. They concluded that 8 glasses idea came from a magazine or something, and not from a medical source. If your not thirsty, don't drink. It's as simple as that.
Oh, and lay off the coffee. In fact, don't drink any at all! After cutting the coffee intake and upping the water intake, you'll find yourself feeling very different!