Technology did increase a great deal, but you have to consider a few other things. First off, war always sparks technological innovation and invention, and this was after world war II and during the cold war. Also, if you think we've had a lot of new ideas concerning electronics, perhaps you should read about some of the truly advanced ideas Tesla had but never had a chance to impliment on any large scale, like the Wardenclyffe Tower.
I think the security industry has a pretty skewed idea of "virtually impossible" to exploit. The people who are saying these bugs are impossible to exploit are engineers and PR people, not people who actually have experience exploiting such bugs in the real world.
As the old saying goes, if it ain't broke, don't fix it. I use what I have, and it works just fine. So, where's my incentive to change?
When Microsoft stops releasing security fixes for XP and starts making sure new software only works right on Vista, like they did to 98 and 2000 when XP came out.
Yes, I do. My point is that they have a history of spending such levies on stuff they don't need. Rather than buying the textbooks, desks, and (possibly) updated computers they should be buying, they have a history of spending levies on statues, paint, gardens, the teacher's lounge, and sports equipment. A few years back they asked for a levie with the stated purpose being to buy said textbooks. They bought about 50 books and spent the rest on a new soccer field. Now, they have two soccer fields identical soccer fields, only one of which is ever used at a time.
That's like the school levies where I live. They spent a ton of money years back doing functionless remodelling (basically beautification), and now they're crying about money to pay for it. I mean, they should have replaced the text books from the 50's and the old ass desks, but instead they put in statues and gardens. Now, they think they're entitled to more money.
Actually, this statistic means more than might be obvious. According to netcraft there are around 65,588,298 servers running Apache on the Internet (53.76% of all web sites), and 38,836,030 servers running IIS on the Internet (31.83% of all web sites). Now, we can safely assume that all of those servers running IIS are running Windows since IIS only runs on Windows. Apache runs on many different operating systems, but it's logical to assume that most Apache server are not running Windows.
This means that even though there are about half as many IIS web servers (therefore, windows) on the internet as Apache (mostly non-windows) web servers, servers running Windows/IIS are still twice as likely to be hosting malware as the Apache/*nix servers. I think it's a fairly interesting statistic when looked at from that perspective.
IANAL. In civil cases all the plaintiff has to do is convince the judge that their claims are "probably" true. In a criminal case you have to prove a lot more. As far as I am aware screen shots, log files, etc. aren't considered any real evidence in a criminal case since they are so easily forged, but they are allowed in a civil case.
Let's say my kids are out playing in my yard and they throw a ball and it breaks a window of your car. If you sued me you wouldn't have to prove they did it, just that it's likely that they did.
I think he was saying that those are the ill-informed opinions that many Americans hold. If that's what he meant, than I have to agree. I see it everyday.
I installed Ubuntu on my powerbook about 6 months ago. During the entire process of installing and configuring it I didn't need to use the terminal even once. The only thing I had to use it for was compiling some (rather obscure) software I wanted that's not inluded in the Ubuntu package system. You don't have to use the command line at all to install software with Ubuntu.
That all said, I'm personally not a fan of Ubuntu. I can see where more consumer-types may like it, but I still prefer Slackware.
BitTorrent is also used for a lot of other 100% legitimate things. OSU has a sizeable computer science department and offers a lot of courses related to UNIX/Linux. I wonder if they realize that these days the most common way to get ISO's for Linux is BitTorrent?
Aside from all that, this effort is somewhat futile since many clients support encrypted/tunneled transfers and/or using Tor. From my experience, Tor traffic is nearly impossible to reliably classify (and therefore block).
Basically I blew the whistle on tax dollars being wasted at a local school. There wasn't anything illegal about what I did except that it involved sending a forged email which nobody believed was forged (therefore causing a lot of hell at that school and with the school board). They were pretty pissed over it and tried to hit me with whatever they could, which ended up being "Abuse of Computer and Telecommunications Systems", which is a 4th degree felony where I live.
I have had a felony expunged before, and in my experience, it wasn't a big deal at all. My conviction was computer-related as well, and all I had to do was wait a certain amount of time and then apply at the county court house to have it expunged. I had a hearing with just a magistrate to explain why I wanted it expunged (all I had to say was that I felt it would effect my employment opportunities), and paid something like 20.00 in court costs. That was all it took.
If the hardware store gets broken into it mainly effects the owner(s) of the store, the people who work there, and not many other people. If a site like yahoo (the mail aspect of it), a banking site, or paypal is broken into and exploited then it effects every single person who uses the site in a very negative way.
I don't think publically announcing a vulnerability in a specific public service or facility is very responsible. At the same time, many businesses don't do anything to fix the problem if only one person tells them about it. The public releases we commonly see are sometimes necessary because without the pressure of the public eye the business won't correct the problems in it's service.
I've done things similar to this on a few occasions. I found a vulnerability in Surgemail, an all-in-one mail server software for Linux, which allowed any remote user to read any mail to the root account, and to send mail as root. I emailed them about it several times and received no reply for over six months. I finally released the info on it, and they fixed it two weeks later. I did something similar with an online service schools in my area offer which allows anyone to see the grades and personal info (SS#, home address, etc) of students in the school through a SQL injection. I contacted several schools about the issue as well as the company they had contracted to write the software for them. It's been 2 years and they still haven't fixed it.
IANAL. The methods, rules, and regulations covering the way police officers write tickets is part of the law, and is therefore public knowledge. They could do that if they were a business and gave him access to private information needed to write the software, but since the knowledge is publically available I don't see how that argument applies.
In my opinion there's a huge difference here. Even if the MPAA put up real files they still should not be able to do anything about you downloading them because they are the copyright holders. This is the same thing as when an artist puts up a song for free download on their website. You can't get in trouble for downloading it because the copyright holder is the one offering the file.
There is an option in Linux, in the 2.6 series kernel, which allows you to dump the memory of all running processes to a swap file or partition. Upon bootup you can have it resume from that swap partition or file. It works a lot like hibernation but it isn't hardware dependant and will work on just about any computer.
I'd just like to point out something here, related to what the parent is saying. Let's have a look at ancient Rome, pre-Constantine.
Common forms of entertainment involved public plays in which nudity was very common, a great deal of art included nudity, and sexual themes were present in almost every aspect of society. Sex was not at all repressed in any way, shape, or form in Roman society.
They also had a very civilized society, even compared to many places today.
Now fast forward to Christianity and Constantine. Sex becomes taboo, as well as nudity in the presence of others. I'm not saying it's necessarily related, but Rome fell shortly after. After Rome fell we had the Dark Ages in Europe, where people stopped taking baths for about 1400 years and took shits in the bushes and chamber pots.
Slashdot Mirror
I believe the playstation game Parasite Eve explored this concept as well.
Technology did increase a great deal, but you have to consider a few other things. First off, war always sparks technological innovation and invention, and this was after world war II and during the cold war. Also, if you think we've had a lot of new ideas concerning electronics, perhaps you should read about some of the truly advanced ideas Tesla had but never had a chance to impliment on any large scale, like the Wardenclyffe Tower.
I think the security industry has a pretty skewed idea of "virtually impossible" to exploit. The people who are saying these bugs are impossible to exploit are engineers and PR people, not people who actually have experience exploiting such bugs in the real world.
As the old saying goes, if it ain't broke, don't fix it. I use what I have, and it works just fine. So, where's my incentive to change?
When Microsoft stops releasing security fixes for XP and starts making sure new software only works right on Vista, like they did to 98 and 2000 when XP came out.
Yes, I do. My point is that they have a history of spending such levies on stuff they don't need. Rather than buying the textbooks, desks, and (possibly) updated computers they should be buying, they have a history of spending levies on statues, paint, gardens, the teacher's lounge, and sports equipment. A few years back they asked for a levie with the stated purpose being to buy said textbooks. They bought about 50 books and spent the rest on a new soccer field. Now, they have two soccer fields identical soccer fields, only one of which is ever used at a time.
That's like the school levies where I live. They spent a ton of money years back doing functionless remodelling (basically beautification), and now they're crying about money to pay for it. I mean, they should have replaced the text books from the 50's and the old ass desks, but instead they put in statues and gardens. Now, they think they're entitled to more money.
All of the libraries which are part of Clevnet, a large network of libraries in Ohio, do this already for books, music, and movies. Have a look here: http://dlc.clevnet.org/E5AA2452-2F88-4EA9-8F8F-F1E B267C0553/10/210/en/Default.htm
Actually, this statistic means more than might be obvious. According to netcraft there are around 65,588,298 servers running Apache on the Internet (53.76% of all web sites), and 38,836,030 servers running IIS on the Internet (31.83% of all web sites). Now, we can safely assume that all of those servers running IIS are running Windows since IIS only runs on Windows. Apache runs on many different operating systems, but it's logical to assume that most Apache server are not running Windows.
This means that even though there are about half as many IIS web servers (therefore, windows) on the internet as Apache (mostly non-windows) web servers, servers running Windows/IIS are still twice as likely to be hosting malware as the Apache/*nix servers. I think it's a fairly interesting statistic when looked at from that perspective.
Oh, and for the guy who said "Patches? Patches for what? Has IIS had any remotely exploitable holes since version 5?":
http://milw0rm.com/exploits/4016
http://milw0rm.com/exploits/2056
http://milw0rm.com/exploits/1260
http://milw0rm.com/exploits/1178
And those are just the public ones.
IANAL. In civil cases all the plaintiff has to do is convince the judge that their claims are "probably" true. In a criminal case you have to prove a lot more. As far as I am aware screen shots, log files, etc. aren't considered any real evidence in a criminal case since they are so easily forged, but they are allowed in a civil case.
Let's say my kids are out playing in my yard and they throw a ball and it breaks a window of your car. If you sued me you wouldn't have to prove they did it, just that it's likely that they did.
You've obiously never heard of what happened to John Bobbit.
Not when you consider that most 3D animation and design is done on *nix systems.
I think he was saying that those are the ill-informed opinions that many Americans hold. If that's what he meant, than I have to agree. I see it everyday.
I installed Ubuntu on my powerbook about 6 months ago. During the entire process of installing and configuring it I didn't need to use the terminal even once. The only thing I had to use it for was compiling some (rather obscure) software I wanted that's not inluded in the Ubuntu package system. You don't have to use the command line at all to install software with Ubuntu.
That all said, I'm personally not a fan of Ubuntu. I can see where more consumer-types may like it, but I still prefer Slackware.
You might really like the artist DJ Shadow. If you can find it somewhere you might want to find the track Organ Donor. It's well worth it.
BitTorrent is also used for a lot of other 100% legitimate things. OSU has a sizeable computer science department and offers a lot of courses related to UNIX/Linux. I wonder if they realize that these days the most common way to get ISO's for Linux is BitTorrent?
Aside from all that, this effort is somewhat futile since many clients support encrypted/tunneled transfers and/or using Tor. From my experience, Tor traffic is nearly impossible to reliably classify (and therefore block).
Basically I blew the whistle on tax dollars being wasted at a local school. There wasn't anything illegal about what I did except that it involved sending a forged email which nobody believed was forged (therefore causing a lot of hell at that school and with the school board). They were pretty pissed over it and tried to hit me with whatever they could, which ended up being "Abuse of Computer and Telecommunications Systems", which is a 4th degree felony where I live.
I have had a felony expunged before, and in my experience, it wasn't a big deal at all. My conviction was computer-related as well, and all I had to do was wait a certain amount of time and then apply at the county court house to have it expunged. I had a hearing with just a magistrate to explain why I wanted it expunged (all I had to say was that I felt it would effect my employment opportunities), and paid something like 20.00 in court costs. That was all it took.
That being the case is it not then public responsibility to force the store owner to fix the lock if they have been notified but won't fix it?
I see a big difference.
If the hardware store gets broken into it mainly effects the owner(s) of the store, the people who work there, and not many other people. If a site like yahoo (the mail aspect of it), a banking site, or paypal is broken into and exploited then it effects every single person who uses the site in a very negative way.
I don't think publically announcing a vulnerability in a specific public service or facility is very responsible. At the same time, many businesses don't do anything to fix the problem if only one person tells them about it. The public releases we commonly see are sometimes necessary because without the pressure of the public eye the business won't correct the problems in it's service.
I've done things similar to this on a few occasions. I found a vulnerability in Surgemail, an all-in-one mail server software for Linux, which allowed any remote user to read any mail to the root account, and to send mail as root. I emailed them about it several times and received no reply for over six months. I finally released the info on it, and they fixed it two weeks later. I did something similar with an online service schools in my area offer which allows anyone to see the grades and personal info (SS#, home address, etc) of students in the school through a SQL injection. I contacted several schools about the issue as well as the company they had contracted to write the software for them. It's been 2 years and they still haven't fixed it.
IANAL. The methods, rules, and regulations covering the way police officers write tickets is part of the law, and is therefore public knowledge. They could do that if they were a business and gave him access to private information needed to write the software, but since the knowledge is publically available I don't see how that argument applies.
Do you even know how BitTorrent works? It is not a central network at all, so tracking like you're talking about doesn't work.
In my opinion there's a huge difference here. Even if the MPAA put up real files they still should not be able to do anything about you downloading them because they are the copyright holders. This is the same thing as when an artist puts up a song for free download on their website. You can't get in trouble for downloading it because the copyright holder is the one offering the file.
Congrats, you've discovered a concept generally referred to as public key cryptography.
There is an option in Linux, in the 2.6 series kernel, which allows you to dump the memory of all running processes to a swap file or partition. Upon bootup you can have it resume from that swap partition or file. It works a lot like hibernation but it isn't hardware dependant and will work on just about any computer.
I'd just like to point out something here, related to what the parent is saying. Let's have a look at ancient Rome, pre-Constantine.
Common forms of entertainment involved public plays in which nudity was very common, a great deal of art included nudity, and sexual themes were present in almost every aspect of society. Sex was not at all repressed in any way, shape, or form in Roman society.
They also had a very civilized society, even compared to many places today.
Now fast forward to Christianity and Constantine. Sex becomes taboo, as well as nudity in the presence of others. I'm not saying it's necessarily related, but Rome fell shortly after. After Rome fell we had the Dark Ages in Europe, where people stopped taking baths for about 1400 years and took shits in the bushes and chamber pots.