Umm, no. According to city policy docs, there was/is a "system access" password database. However, Childs reportedly never put any FiberWAN passwords in the system (certainly not correct ones at any rate.) And he openly refused to give anyone else access -- it's this part that has him on the way to prison. After being locked up, he agreed to give his password only to the mayor in person. (likely the only compromise his lawyer(s) could get him to agree to.)
Really? I've seen no reports to support that. I wouldn't be surprised if they screwed some stuff in the interim when they didn't have the passwords -- and thus learned how he'd "rigged the network"... didn't save configs, and disabled password recovery where he did.
He didn't go to jail for his beliefs. He's on his way to jail because he's a prima donna who refused to let anyone else touch his network. Did you miss the part about him getting a copyright on the network design?
Claiming to forget the passwords simply wouldn't pass a litmus test. Right, you forgot the password(s) you've been using for weeks and were using just moments ago. Intentionally changing the passwords to something noone knows (not even to yourself) is evidence of willful intent -- and he'd be on the hook for a great deal more given the difficulty of regaining control without the passwords.
I don't think it's fair to make him a felon over this. But he was certainly an enormous ass to begin with. As I've said before, the city isn't without blame here either. They allowed this maniac to build a network forwhich no one else had access. That is simply wrong. Always.
Refusing to give anyone else access, however, is. The legal question then becomes who determines who is "an authorized user"? In the minds of everyone but Childs, that's people other than Childs. But, he's over-protective of the network he created and refused to let anyone else touch it. The city did exactly what any employer should... they fired his insubordinate ass. He continued his refusal to turn over control ("access") until he'd sat in jail for a while. Of course, once it's reached that point, the city cannot walk away -- there's too much invested financially, and politically.
Losing a set of keys deprives yourself of access as well. However, intentionally "losing" (read: destroying) said keys... well, that's covered by different laws.
About 5sec after the city let him have sole control of the network. The city is to blame as much as Childs. Where's the city's disaster recovery plan? They clearly don't have one or they'd never have any system with exactly one authorized user. He gave up his password(s) to the mayor -- the only person to whom he thought appropriate (misguided as that may be.) It should've ended right there.
There are tons of political BS going on behind the scenes here that we will never know. Why didn't he give his password(s) to his former boss? Because he hated his boss; the entire reason he set everything up the way he did was to keep all is "moron" coworkers from messing things up. Yet, those same "morons" have been managing the network just fine since Mayor Newsom returned with the password(s), and there hasn't been any giant meltdowns. The city wants to paint him in as bad a light as possible to deflect blame from themselves; they aren't innocent in this mess either.
Trade Secrets do not have any protection in law. He carried the thing in public and left the thing in public. It is no longer a secret. Apple has no case; but that never stopped anybody.
It's not the scanner you have to worry about. It's the signature updates that matter. Do you download a new copy of Norton or McAfee or AVG every year? Most people don't. Companies certainly don't.
That doesn't matter to a bunch of 12 year olds. They will all know who each other is online. It only takes one person to know your "screen name" for all of them to find it.
Yes, cyber-crap is easy to avoid. But they won't. That would make them even more of an outsider with no friends.
The sad fact is, teens get depressed and commit suicide. We simply have new things to blame for it today.
It's in their best interest to detect leaks as quickly as possible. On both sides of the meter. Plus, if it hasn't checked in on time, they know something is wrong and can schedule someone to check it.
And around here, the idiots use industrial water meters for residential service. The minimum detectable usage is 1 CCF (100 cubic feet) or ~770gal. My water usage is almost undetectable by such a meter.
Funny. Both my gas and water have been wirelessly metered for many years, yet power wasn't until a few years ago. Granted, they're passive devices incapable of shutting off service. But rumor has it, neither can my power meter.
For the same (lame) reason many cable companies have begged (and been granted) wavers for broadcast station encryption... elimination of a truck roll. They can shut off service with the click of a mouse instead of sending a person out to physically disconnect lines. And conversely, to enable service with a single click.
The power measurement parts of the meter can indeed fail without effecting power supply. I'm not sure how they handle the "on/off" part; most homes are fed with a rather high amperage making the use of a traditional relay unwise.
It's a fairly weak bluff. Google will not be wasting their efforts on Raleigh. There's thousands of miles of fibre around here already. It costs too much to use it -- that is, they will charge too much for you to want to use it. For example, a T1 pretty much anywhere in the county can be had for $300/month. But ethernet (i.e. a fibre drop) is $800/month -- and may take 2 months to install -- even when the node is in your parking lot.
(Plus, they'd be picking a fight with about 9 other telcos. I have 5$ that says AT&T and TimeWarner already have their lawyers at the courthouse.)
Except that UAC has been proven to be trivial to bypass with zero notice to the user. Plus, the very nature of windows constantly asking for elevated rights (even when you *are* the administrator) gets so annoying it gets turned off, or worse, completely ignored -- I see people click "allow" without even reading the dialog all the time.
Simply put, Windows(tm) was never designed with any level of security in mind. It's not something that can be a simple bolt-on today. Even with "windows 7", too many things require administrative access. And there are still far too many ways to get around the lame attempts at "security". UNIX(tm) has never had this problem because there's always been clear delineation between "user" and "admin".
And when you don't know the password? Or it doesn't take the password you were given? Or it doesn't present a login? We don't know jack about how he set everything up. SF is a big place. Walking around to every device with a console cable could take a very long time. And without substantial documentation, things will be missed. (been there, forgot about that.)
He's off the reservation when it comes to "standard best practices". It's a very sick "admin" who doesn't save a configuration, on device or anywhere else. If anything reboots for any reason -- bugs, power outage, idiot with a cup of coffee, etc. -- he has to go fix it personally.
They're only reliable if you take care of them. High temperatures, large temperature swings, and high humidity can ruin tapes pretty quickly. Also note, those tapes came in little plastic cases; store them in that case!
I have tapes that are over 20 years old and still perfectly readable -- if you can find the right drive. I have ZERO hard drives that have lasted that long. (and I've had A LOT of hard drives.)
There have been plenty of studies published if you take the time to find them.
This is absolutely incorrect. Leave a modern IDE/SATA drive on a shelf for a year or two and it's data will unreliable. Worse yet, the firmware is stored on the platters; when it cannot be read, the drive is toast.
It's not always that easy. If password recovery is disabled, the only option is to erase the system and start over. If it doesn't have a startup config, then you're starting from scratch. (in other words: "screwed" since you'll be staring at a blank router with little or no knowledge of it's previous/needed configuration.)
I've had to recover routers for people before. I never go in without enough information to get things minimally functional (interface addresses, routes, etc.) in the event I have to erase everything, the startup config is wrong, etc. (there have been cases where nobody was sure it'd power back up.)
Until you've logged in and checked the system there's no way to know if there is a proper startup-config in NVRAM or the status of password recovery. If you reset the router without a config, you are boned. If password recovery is disabled, you won't be able to gain access without erasing the config or finding the correct credentials (username, password, and access path.) Rebooting any network gear without knowing if it will come back up, and without the knowledge to set it up from scratch if it doesn't, is a Very Bad Idea(tm).
My money says the local console/aux ports were disabled in the running configuration... to keep the "local morons" out.
If they own any property (namely their house), then they most certainly do have their name publicly associated with their address.
I would say there's no "intrinsic need" to hide one's identity either. As I said, if you don't want to be associated with what you're doing, you probably shouldn't be doing it. No one is "forced" to bad-mouth their employer. Whistle blowers have ways of doing so without putting their own lips on the whistle.
I would certainly hope you guys have a good team of lawyers on staff. You're rolling a very dangerous set of dice if you think you can provide bulletproof anonymity. "we delete logs daily" is the surest way to get yourself thrown in jail. "untracable payments" *sigh* No. Such. Thing. It can be made very difficult, but given enough time and determination it can be chased down. (I'm not saying any LEO would go to the extraordinary lengths necessary.)
NetSol looks closely at registrant data.
Where "looks closely at" means they do any validation at all, then maybe. I've done business with those overpriced morons; no, they do not. They'll accept incorrect information and never care. They won't take complete nonsense like GoDaddy, but you most certainly can give them false information.
That's odd since they sell "laptop connect" bundles and pretty much every other phone they sell (or have sold for many years) can be tethered to a computer and work just fine. Yes, their 3G network is way overloaded and coverage is shit. But allowing or disallowing tethering on the iPhone won't make much of a difference. This comes down to pure greed. They've sold millions of these things and want a way to extract even MORE of everyone's cash. They are mistaken if they think all of those phones are going to be tethered to people's computers the instant it's officially available. I know a lot of iPhone users; many of them enabled tethering long ago (and it's still functioning in 3.1.3 without screwing anything else up.) And yet, they rarely use it... because when they're in places without "traditional" access, surprise surprise, they have no 3G coverage. (personally, where I'd tether, there's no AT&T signal at all.)
(Note: you don't have to have a "tethering" plan to use tethering. I've tethered to phones that don't even have a data plan:-) [not recommended if you're the one paying the bill.])
Slashdot Mirror
Umm, no. According to city policy docs, there was/is a "system access" password database. However, Childs reportedly never put any FiberWAN passwords in the system (certainly not correct ones at any rate.) And he openly refused to give anyone else access -- it's this part that has him on the way to prison. After being locked up, he agreed to give his password only to the mayor in person. (likely the only compromise his lawyer(s) could get him to agree to.)
Really? I've seen no reports to support that. I wouldn't be surprised if they screwed some stuff in the interim when they didn't have the passwords -- and thus learned how he'd "rigged the network"... didn't save configs, and disabled password recovery where he did.
He didn't go to jail for his beliefs. He's on his way to jail because he's a prima donna who refused to let anyone else touch his network. Did you miss the part about him getting a copyright on the network design?
Claiming to forget the passwords simply wouldn't pass a litmus test. Right, you forgot the password(s) you've been using for weeks and were using just moments ago. Intentionally changing the passwords to something noone knows (not even to yourself) is evidence of willful intent -- and he'd be on the hook for a great deal more given the difficulty of regaining control without the passwords.
I don't think it's fair to make him a felon over this. But he was certainly an enormous ass to begin with. As I've said before, the city isn't without blame here either. They allowed this maniac to build a network forwhich no one else had access. That is simply wrong. Always.
Refusing to give anyone else access, however, is. The legal question then becomes who determines who is "an authorized user"? In the minds of everyone but Childs, that's people other than Childs. But, he's over-protective of the network he created and refused to let anyone else touch it. The city did exactly what any employer should... they fired his insubordinate ass. He continued his refusal to turn over control ("access") until he'd sat in jail for a while. Of course, once it's reached that point, the city cannot walk away -- there's too much invested financially, and politically.
Losing a set of keys deprives yourself of access as well. However, intentionally "losing" (read: destroying) said keys... well, that's covered by different laws.
About 5sec after the city let him have sole control of the network. The city is to blame as much as Childs. Where's the city's disaster recovery plan? They clearly don't have one or they'd never have any system with exactly one authorized user. He gave up his password(s) to the mayor -- the only person to whom he thought appropriate (misguided as that may be.) It should've ended right there.
There are tons of political BS going on behind the scenes here that we will never know. Why didn't he give his password(s) to his former boss? Because he hated his boss; the entire reason he set everything up the way he did was to keep all is "moron" coworkers from messing things up. Yet, those same "morons" have been managing the network just fine since Mayor Newsom returned with the password(s), and there hasn't been any giant meltdowns. The city wants to paint him in as bad a light as possible to deflect blame from themselves; they aren't innocent in this mess either.
It's not that they don't care. Their care is evenly distributed... which thins it down to nothing.
Trade Secrets do not have any protection in law. He carried the thing in public and left the thing in public. It is no longer a secret. Apple has no case; but that never stopped anybody.
This assumes people READ those log files.
It's not the scanner you have to worry about. It's the signature updates that matter. Do you download a new copy of Norton or McAfee or AVG every year? Most people don't. Companies certainly don't.
That doesn't matter to a bunch of 12 year olds. They will all know who each other is online. It only takes one person to know your "screen name" for all of them to find it.
Yes, cyber-crap is easy to avoid. But they won't. That would make them even more of an outsider with no friends.
The sad fact is, teens get depressed and commit suicide. We simply have new things to blame for it today.
It's in their best interest to detect leaks as quickly as possible. On both sides of the meter. Plus, if it hasn't checked in on time, they know something is wrong and can schedule someone to check it.
And around here, the idiots use industrial water meters for residential service. The minimum detectable usage is 1 CCF (100 cubic feet) or ~770gal. My water usage is almost undetectable by such a meter.
Funny. Both my gas and water have been wirelessly metered for many years, yet power wasn't until a few years ago. Granted, they're passive devices incapable of shutting off service. But rumor has it, neither can my power meter.
For the same (lame) reason many cable companies have begged (and been granted) wavers for broadcast station encryption... elimination of a truck roll. They can shut off service with the click of a mouse instead of sending a person out to physically disconnect lines. And conversely, to enable service with a single click.
The power measurement parts of the meter can indeed fail without effecting power supply. I'm not sure how they handle the "on/off" part; most homes are fed with a rather high amperage making the use of a traditional relay unwise.
It's a fairly weak bluff. Google will not be wasting their efforts on Raleigh. There's thousands of miles of fibre around here already. It costs too much to use it -- that is, they will charge too much for you to want to use it. For example, a T1 pretty much anywhere in the county can be had for $300/month. But ethernet (i.e. a fibre drop) is $800/month -- and may take 2 months to install -- even when the node is in your parking lot.
(Plus, they'd be picking a fight with about 9 other telcos. I have 5$ that says AT&T and TimeWarner already have their lawyers at the courthouse.)
Except that UAC has been proven to be trivial to bypass with zero notice to the user. Plus, the very nature of windows constantly asking for elevated rights (even when you *are* the administrator) gets so annoying it gets turned off, or worse, completely ignored -- I see people click "allow" without even reading the dialog all the time.
Simply put, Windows(tm) was never designed with any level of security in mind. It's not something that can be a simple bolt-on today. Even with "windows 7", too many things require administrative access. And there are still far too many ways to get around the lame attempts at "security". UNIX(tm) has never had this problem because there's always been clear delineation between "user" and "admin".
And when you don't know the password? Or it doesn't take the password you were given? Or it doesn't present a login? We don't know jack about how he set everything up. SF is a big place. Walking around to every device with a console cable could take a very long time. And without substantial documentation, things will be missed. (been there, forgot about that.)
He's off the reservation when it comes to "standard best practices". It's a very sick "admin" who doesn't save a configuration, on device or anywhere else. If anything reboots for any reason -- bugs, power outage, idiot with a cup of coffee, etc. -- he has to go fix it personally.
I guess you've never used a QIC-80.
They're only reliable if you take care of them. High temperatures, large temperature swings, and high humidity can ruin tapes pretty quickly. Also note, those tapes came in little plastic cases; store them in that case!
I have tapes that are over 20 years old and still perfectly readable -- if you can find the right drive. I have ZERO hard drives that have lasted that long. (and I've had A LOT of hard drives.)
There have been plenty of studies published if you take the time to find them.
This is absolutely incorrect. Leave a modern IDE/SATA drive on a shelf for a year or two and it's data will unreliable. Worse yet, the firmware is stored on the platters; when it cannot be read, the drive is toast.
It's not always that easy. If password recovery is disabled, the only option is to erase the system and start over. If it doesn't have a startup config, then you're starting from scratch. (in other words: "screwed" since you'll be staring at a blank router with little or no knowledge of it's previous/needed configuration.)
I've had to recover routers for people before. I never go in without enough information to get things minimally functional (interface addresses, routes, etc.) in the event I have to erase everything, the startup config is wrong, etc. (there have been cases where nobody was sure it'd power back up.)
Until you've logged in and checked the system there's no way to know if there is a proper startup-config in NVRAM or the status of password recovery. If you reset the router without a config, you are boned. If password recovery is disabled, you won't be able to gain access without erasing the config or finding the correct credentials (username, password, and access path.) Rebooting any network gear without knowing if it will come back up, and without the knowledge to set it up from scratch if it doesn't, is a Very Bad Idea(tm).
My money says the local console/aux ports were disabled in the running configuration... to keep the "local morons" out.
If they own any property (namely their house), then they most certainly do have their name publicly associated with their address.
I would say there's no "intrinsic need" to hide one's identity either. As I said, if you don't want to be associated with what you're doing, you probably shouldn't be doing it. No one is "forced" to bad-mouth their employer. Whistle blowers have ways of doing so without putting their own lips on the whistle.
I would certainly hope you guys have a good team of lawyers on staff. You're rolling a very dangerous set of dice if you think you can provide bulletproof anonymity. "we delete logs daily" is the surest way to get yourself thrown in jail. "untracable payments" *sigh* No. Such. Thing. It can be made very difficult, but given enough time and determination it can be chased down. (I'm not saying any LEO would go to the extraordinary lengths necessary.)
Where "looks closely at" means they do any validation at all, then maybe. I've done business with those overpriced morons; no, they do not. They'll accept incorrect information and never care. They won't take complete nonsense like GoDaddy, but you most certainly can give them false information.
That's odd since they sell "laptop connect" bundles and pretty much every other phone they sell (or have sold for many years) can be tethered to a computer and work just fine. Yes, their 3G network is way overloaded and coverage is shit. But allowing or disallowing tethering on the iPhone won't make much of a difference. This comes down to pure greed. They've sold millions of these things and want a way to extract even MORE of everyone's cash. They are mistaken if they think all of those phones are going to be tethered to people's computers the instant it's officially available. I know a lot of iPhone users; many of them enabled tethering long ago (and it's still functioning in 3.1.3 without screwing anything else up.) And yet, they rarely use it... because when they're in places without "traditional" access, surprise surprise, they have no 3G coverage. (personally, where I'd tether, there's no AT&T signal at all.)
(Note: you don't have to have a "tethering" plan to use tethering. I've tethered to phones that don't even have a data plan :-) [not recommended if you're the one paying the bill.])