Thinking back on high school, omes teachers and school administrators were pretty insecure, petty people who liked to use their positions to bully students.
My school wasn't like that, but the teachers there were exceptional from all I've heard from my college peers. Of course, encouraging debate and creative thinking resulted in some interesting situations over the years, such as my sister's class, who picketed their social studies teacher over an impossible homework assignment (the principal was called in as an arbitrator); or my 12th grade English class, which informed the teacher that after Macbeth, Julius Caesar, and Hamlet in previous years, Romeo and Juliet would be too depressing, and we insisted that we wanted a comedy this year, thank-you-very-much. (She held a class discussion, then assigned us all to write a 1-4 page persuasive essay based on the discussion... which gave her enough time to adjust her lesson plans. We did The Tempest.)
Teachers creative and adaptable enough to cope with creative and adaptable students are very hard to find. It's so much easier if you only have to deal with a pack of sheep... but not as beneficial to society in the long run as herding cats.
You do not have a right to extracirricular activities and you are not forced to participate. So, signing this agreement is voluntary.
Mayhaps. However, some civil rights cannot be waived; I'm not sure if this is such an instance or not. Furthermore, juveniles are considered unable to enter a contract; as such, unless it is the parent (or legal guardian) signing the agreement, the piece of paper is moot.
Regardless, as public schools are effective an agency of the state, I'd consider speech and conduct restrictions inappropriate, save when such speech or conduct can be proven to interfere with the underlying educational mission of the schools. If they put that kind of limitation in the wording, I'd be willing to consider signing such a thing for my own kids, if I ever get any.
If you click on the "I do not accept this agreement." button, it submits the value "I do not accept this agreement.", and you get taken to http://www.microsoft.com/whdc/xps/default.mspx?, with some generic marketroid babble about how their new spec Whitens teeth, cures BO, and will put a chicken in every pot and pot in every chick.
If you click on the "I accept this agreement and want to download
the Windows Media Photo Specification" button, it submits "I accept this agreement and want to download the Windows Media Photo Specification", and should take you to http://www.microsoft.com/whdc/xps/wmphotodwn.mspx? . However, I didn't verify that.
Now, while I Am Not A Lawyer, I submitted my rejection of their license terms, so I'd argue in court I shouldn't be bound by them; and since this is a specification, and not itself software, I would also argue that the notice on the page I reached is moot. I suppose the case could be made that since Word macros are a turing-complete programming language, the word document is software, so I thought I'd look through using "less" to be on the safe side. Lo and behold, there is another license embedded:
"READ THIS! THIS IS A LEGAL AGREEMENT BETWEEN MICROSOFT CORPORATION ("MICROSOFT") AND THE RECIPIENT OF THE ABOVE REFERENCED MATERIALS, WHETHER AN INDIVIDUAL OR AN ENTITY ("YOU"). IF YOU HAVE ACCESSED THIS AGREEMENT IN THE PROCESS OF DOWNLOADING THESE MATERIALS ("MATERIALS") FROM A MICROSOFT WEB SITE, BY CLICKING "I ACCEPT", DOWNLOADING, USING OR PROVIDING FEEDBACK ON THE MATERIALS, YOU AGREE TO THESE TERMS. IF THIS AGREEMENT IS ATTACHED TO MATERIALS, BY ACCESSING, USING OR PROVIDING FEEDBACK ON THE ATTACHED MATERIALS, YOU AGREE TO THESE TERMS. IF YOU DO NOT AGREE TO THESE TERMS, YOU ARE NOT AUTHORIZED TO ACCESS, DOWNLOAD, USE OR REVIEW THE MATERIALS."
...followed by a bit more legalese, including that you're not allowed to remove the legalese and redistribute. This "license" strikes me as dangerously like a "license to read", which I'm sure various civil libertarian groups could have lots of fun with. I'd be amused to hear the opinon on a Real Lawyer (TM) as to how binding that would be. Anyone have Larry Lessig's phone number?
Of course, if someone at a unix command prompt incanted something clever (say, curl -o Bill_Blows_Goats.txt -C 8261 http://download.microsoft.com/download/1/6/a/16acc 601-1b7a-42ad-8d4e-4f0aa156ec3e/WMPhotoSpec_v09.do c — and don't forget to remove the Slashdot inserted spaces) the Microsoft server would only give them the meaty parts (albeit in a form even OpenOffice would probably gag on), and omit the license. I'd be amused to hear the opinion of a Real Lawyer as to how binding the agreement co
Just call me Captain Nemo, then. (And it's not "BIOS" on a Mac; for anything even remotely recent, it's either "Open Firmware" or "EFI", depending on model.) "Only the seriously paranoid have a firmware/BIOS password," I will certainly grant.
I'll also note that a firmware bios password can also be bypassed by removing the hard drive and connecting to a new machine via any of the usual methods... at which point, removing Undercover becomes much simpler. And if there isn't a BIOS password to begin with, Undercover's also trivial to remove with target-mode booting and another Mac.
Therefore, the Attorney General can bring cases against journalist, this opinion may result in the case being lost, or dismissed.
Possibly as a summary dismissal before the ink dries on the charges... the sort where the judge reprimands the prosecutor as a jackass for wasting the court's time. Most prosecutors try to avoid that sort of thing. I'm not sure if there would be grounds for a civil suit for harassment afterward, either, but I'd certainly be asking my defense counsel about it for something that blatant.
Of course, the Supreme Court has had a complete turnover in the three and a half decades since the Pentagon Papers; I suspect Gonzales has a team studying the three dissents from that case very carefully. Also, looking at NYT v US with my layman's eye, it looks like a major factor in the decision was the attempt at prior restraint. It may be that the courts would be more amenable to an argument saying "We're not trying to prevent publication beforehand, we're just going to prosecute it afterward."
Then a second layer of confirmation with an "Are you sure" question.
...only if they say "yes" to installing the virus, of course. Followed by a comprehensive EULA that they again have to agree through, saying that you allow the virus to
Retransmit any data stored on the computer to anyone, anywhere
Search for the system contact information of any other individuals for purposes of infecting their systems as well
Send threatening messages on behalf of the user to the President of the United States, care of the Secret Service
Access any financial information or accounts by any means for any purpose
Reformat attatched hard drives
Destructively flash any system firmware
Grant a transferrable and non-revokable power of attorney
Constitute a lein against the immortal soul of the user
Unilaterally amend the EULA without further consultation
...
Profit! (Sorry)
Um... damn, I can't think of any terms that would enable to software to automatically have the user sent to jail.
If the stakes are not high enough to interest a lawyer, there's this other thing called Small Claims Court. In Small Claims, there is a level playing field, because the other side is not allowed to hire a lawyer to represent them in court. Similarly, you are not allowed to use a lawyer to sue in small claims.
IAmNotALawyer, but that part is somewhere on the spectrum between inaccurate, misleading, and just plain wrong.
Exact rules on Small Claims Court vary from state to state. It is uniformly true that a private citizen is not required to get a lawyer to sue there, but the exact rules on lawyers vary widely.
Some states mandate that an incorporated entity must obtain a lawyer for representation when either plaintiff or defendant in small claims court. Some do not permit lawyers to represent plaintiff or defendant in court, or even to be present (excluding lawyers working pro se, or lawyers holding salaried positions with a corporate plaintiff). All, of course, permit a lawyer to advise plaintiff or defendant outside the courtroom; and some do permit representation by an attorney in court.
More important from the standpoint of this particular blithering loon, it's also universally true that small claims court judgements are limited to a relatively small amount of monetary damages (limits vary between states, but I think I heard IL at $10000 is the current largest), with no opportunity for injunctive or equity relief; and I believe in some states, receiving an affirmative judgement in small claims court renders you inelegible to seek any further relief from any other civil court. (Depending on state, merely filing in Small Claims may preclude seeking non-monetary remedies, even at appellate level.) So, if Wallace went to small claims court, the best he could get is a check for ten grand (plus filing costs), after which IBM et alia could continue on their merry way, without changing their business practices, and leaving Wallace unable to sue over the matter again.
Of course, IBM seems to resist blackmail even when it would be cheaper, just because giving in to blackmail sets a lousy precedent....
If the primary objective to to introduce programming in general via these languages, I'd say skip the IDE; it's counterproductive to learning the basics of coding. I'd even go so far as to require the non-use of an IDE, unless your class covers automated test cases.
If the primary objective is to introduce the specific languages, the IDE will be a useful tool; however, I'd recommend that they be made to work in more than one IDE (or with just a text editor for some assignments, if economics preclude multiple IDEs), since it's dangerously easy to develop knowlege of and over-reliance on a particular IDE, rather than knowlege of and skill with the language desired.
The claim was there is a Constitutional requirement in force, and there isn't. The House could amend that rule at any time via a simple majority vote.
Part right: yeah, the House could easily amend that rule. (I'll presume you're correct about "simple majority" and "any time"; it's not essential either way.)
However, if you read carefully, the original claim did not state was not that it was a Constitutional requirement, but merely (implied) that it was derived from Constitutional authority; the inquiry presumed a grant of this ability to the states necessarily would lie soley within the Constitution. My point: the House is premitted to and and has effectively delegated to the states (as well as to Grand Juries and the President) the authority to initiate (which is NOT the same thing as "pass") a Bill of Impeachment.
If I had mod points, I'd find a way to give you all of them.
Snailmail a dead-tree letter to your congresscritters instead; much more useful.
As I heard it described by Ms. Pelosi, the problem she had was in determining whether her concern was warranted.
Had I (by some black miracle) her position, I wouldn't have stopped asking questions at the classified briefing until I recieved enough answers to feel able to make that determination. Point out that if they are unable to convince me that I should not be concerned, that itself constitutes sufficient grounds for concern. If they won't accomodate with sufficient and satisfactory answers, hold a press conference immediately on leaving the meeting:
"I have just left an inteligence briefing by [Dr. Strangelove of the Three Initial Agency]/[An Inteligence Official who may not be identified]." (choose as appropriate) "While I am not able to discuss the nature of the material covered, as a result of this briefing and my oath to preserve, protect and defend the Constitution, I see no choice but to publicly call on the White House to appoint an independent prosecutor to investigate the Three Initial Agency."
Press feeding frenzy in sixty seconds... if it takes that long.
Had it been brought to the House in secret session, it would have been all too easy - outside of public view - for partisan politics to continue. I predict the Republicans would have stood together to make Ms. Pelosi (or anyone coming before that body) out to be supporting the terrorists by trying to inhibit the ability of our intelligence services to do their job protecting the American people from the threat of attack.
Ah, but those claims are primarily useful when being made before the electing voters. Behind those closed doors, you actually have to convince people, and give serious address to someone pointing out that the oath congress and president have given is to protect the Constitution. Presumably, the House and Senate have good soundproofing and an adequate supply of asprin. =)
There do appear at this point to be at least a few members of congress who consider the constitution more important than partisanship; it's also may be easier for a representative to stand on their true moral ground, if their voters don't have to see the details of the argument.
Assuming a near-pure partisan response to a secret session (which, yeah, seems at least 75% likely for the House), I don't know enough of House and Senate parlimentary procedure to determine what the best tactics would be after. For the Senate, some possibilites are obvious: either an outright fillibuster, or make the Rule 21 motion a daily event. Combining the two would be rude... not to mention potentially quite effective, albeit only about three notches higher in political subtlety than a Senator pulling out a gun and opening fire during a committee meeting. Fillibusters kill progress; they're not casually risked by either side. As we saw not to long ago now, any Rule 21 motion gets attention, and also is a major inconvenience to the Senators. (They move to a smaller room, and have to kick out everyone unnecessary. I think it's just the Senators, the Secretary of the Senate, Sergeant-at-Arms, and the VP (in office of President of the Senate.) Rule 21 motions agitate the press, because nothing stirs up those jackals like screaming "I have a secret! You're not allowed to hear it!" If you start making them a daily event, there would be a LOT of media pressure in EVERY direction to find out what was going on, not only on Congress (both houses, even), but on the White House. The story would come out pretty quickly.
The House is harder to so comprehensively disrupt, but has the potential for more devastating consequences if you can manage it. The House controls both the Budget ("You won't brief us? Fine; your allowance is cut off. So's your salary.") and the authority to Impeach ("Go directly to the Senate.
Never mind Perl, what about every networked OS available?
Hm, OS X, Windows, Linux, Solaris; yup, all of those are "likely to be used" for criminal cracking. ( OK, calling Solaris "likely" for anything is stretching a bit....) I believe the law as described bans any interactive networked operating system, and any piece of networking hardware. I suppose you could even stretch it to jailing all of the computer keyboard makers; after all, any serious cracker isn't likely to work without a keyboard for programming.
The Internet Archive has snapshots of morgellons.org back to 2002. Google Groups search turns up the earliest references around then, too. Neither is completely tamper proof, but it's suggestive. The Popular mechanics article is also unlikely to be the product of a viral marketing campaign (although it's possible an author got taken in). While it's not impossible (I believe A Scanner Darkly started pre-production around then), this would tend to suggest a VM campaign with a scope and timescale vastly longer that I can reasonably believe Hollywood's current corporate mentality could sustain.
Of course, the claim that it's a VM campaign for Scanner may be part of the VM campaign for Scanner, but sometimes paranoia is only the little voices in your head plotting to embarass you. =)
First, as usual there are problems with the summary. The good news is this (IMHO) isn't Terrorism; it's closer to a classic protection racket, with a mix of snake oil sales, that's also willing to make an example of anyone who tries to stand up to them. That is to say, a cyber-Mafia, not cyber-Al'Qaeda.
The bad news is I see no reason why this cyber-Mafia would have any hesitation to hiring out to Al'Qaeda, as long as the money is good.
On the bright side, this is a DNS attack, not affecting (so far as I can tell) the routing of IP packets themselves. You can get there, you just can't get a map. Thus, "/etc/hosts" is a fallback strategy. I'm old fashioned and deeply paranoid. Besides loopback on some of the really annoying ad sites, and the eleven machines on my personal networks worthy of names (six legitimate, five unofficially at "something.MINE" addresses), I've always had google.com and cert.org. I'll be adding resolutions for: cnn.com, bbc.co.uk, slashdot.org, mirrordot.org, and a few others. At least if DNS goes down, I'll have a chance to read about why.
Anyone have other better ideas for further preparations us IT peons can take?
The small committee briefed on these NSA programs is prohibited from discussing the programs anywhere outside the briefings. So what is a committee member to do if they have concerns?
If sufficiently concerned over the issue, raise the issue on the floor of the house in question, before the entire house in secret session. While there are potentially serious repercussions to such a move, up to censure or expulsion from that house (subject to the internal rules), that's the most that can happen. Congresscritters have a constitutional immunity from prosecution by any other body for anything they say there. (Article I, section 6: "for any speech or debate in either House, they shall not be questioned in any other place".)
If done in the Senate, one need merely find an amenable party member willing to trustingly second a Rule 21 motion to raise the issue with some deference to secrecy, which may help prevent expulsion. In the House of Representatives, secret sessions are governed by Rule XVII, clause 9, and it looks like you don't even need a second to close the House. Technically, I suppose a sufficiently pissed member need not even close their house to secret session before starting the debate... but that likely would make the consequences under internal rules much more serious.
Of course, while outright expulsion would be unlikely for a closed session debate (takes too many votes, and is too likely to make an instant political martyr), there's a real risk of losing the committee seat, along with any others held; it's also not exactly the sort of thing that engenders future interbranch co-operation, or comprehensive briefings to the oversight committee. The current White House would throw a howling excretory tantrum. However, I would hope that my elected officials would know when to start making a stink. This needed a stink a long time ago (or, less preferably, a change in the law before the laws got broken).
That was your school. Our school had this stupid idea that it can find technically able people to manage it's computer network in a cost effective manner on shit salary.
They support every.. freaking... computer... on... campus.
3500+ students.
All the faculty.
Oooh. Yeah, unless you draw out a list in advance of "here's where your support ends", that's NOT good. You could end up trying to help some sheep—er senile faculty member who insists you get their Powerbook 520c on the campus network, rather than buying a new machine. (Yes, it's possible. Barely. I keep one in my Closet Of Doom for anyone who pisses me off badly enough; I think it has NiftySSH and Netscape 2.0. On the bright side, I'm pretty sure that it's immune to spyware....) Since we're almost a full order of magnitude larger (counting grad schools), a less centralized support made more sense.
I suppose the policy could be survivable if you're vicious enough. Anything "seriously" wrong with the machine, copy the user data folder to a backup, clean reinstall from standard patched/AntiVirused/CounterSpywared disk image, move the user folder back and rename "-old", and tell the student "OK, your data's over here now, all you have to do is reinstall your personal software". (Clever use of permissions can prevent many common spyware packages from installing successfully if part of the "personal" software.) Of course, that means you have a lot of people howling when the problem is declared "serious", and will have a fair black market in pirate software for everyone who "lost" their reinstallation media. But it sounds like some unpointy-haired manager needs to do an honest TCO assessment, or you need a few dozen BOFH's in the maintenance mix.
And half the people are overworked or tied to some legacy system or platform because they bought a support contract for it that will be voided if they try to do anything else with it.
For legacy systems... well, we've at least a dozen such machines I know of; some NT, some OS 9, one Mac Classic that can't be networked anyway. Thank ghu none are mine. While I understand some other subchiefs in the school handle it differently, our local IT subchief has decreed that the "legacy controller" machines aren't allowed on the main network, and MUST have a "clean" reinstall image on file. Four are alone on a separate net not connected to the main one, the rest are just plain nonnetworked. Well, Sneakernet connection, also used for A/V updates... not that they need it so urgently, since the average idiot can't use them to check their email. Keeping them off net keeps Central IT off our backs.
Y'see, MAC blocking is an improvement over the old regime. Policy has always been that any machine jepardizing security of the rest of the network, Central IT has declared they reserve the right to block from the network by whatever means are necessary. It's included in our official use policy, even. While doing so takes approval from the school's CIO, and has been less needed since the MAC registration/blocking system went on-line, this in the past has gone so far as getting the Schoolwide One True Master Key, entering the room with the machine in question, removing all network cords present, leaving notice and a receipt, and waiting to see who comes asking. It is rumored that in one case, the user didn't get the hint. The next visit they removed not only the replaced network cords, but the suspect machine's network card, power supply, internal drive cables, RAM, and CPU, as well as all the removable power cords and all light bulbs in the room... and left a receipt in a larger font.
I try to be polite our Networking gang. They don't piss off easily, but they do piss off thoroughly.
I suppose in your case, the approach I would push if I came in as CIO there would be for your central IT to publish minimum standards for hardware to be supported on the network. If a machine doesn't meet official school spec, it's either the owner's responsibility to keep it secure, owner
Actually, if two states file for impeachment, the Congress has to start proceedings.
Where did you get TWO states from? As I rant elsewhere, it takes charges from ONE state legislature. Also, saying "Congress has to start proceedings" is misleading; in such a case the House must take up the bill, but there's nothing preventing them from summarily voting it down... aside from the serious inherent political danger of such a move.
The states have absolutely no power of impeachment, only the House of Representatives can initiate impeachment and the Senate tries the case.
Almost true. Correct: the Senate tries the case. Correct: the House of Representatives must pass a bill of Impeachment before the Senate gets to hear the case. Incorrect: according to the Rules of the House (as authorized by Article I, Section 5: "Each House may determine the rules of its proceedings..."), a bill of impeachment may also be initiated by charges conveyed from a state legislature to the House of Representatives. Not that the House can't vote it down when it arrives, but it can't just be tabled.
[...]there are various methods of setting an impeachment in motion: by charges made on the floor on the responsibility of a Member or Delegate; by charges preferred by a memorial, which is usually referred to a committee for examination; or by a resolution dropped in the hopper by a Member and referred to a committee; by a message from the President; by charges transmitted from the legislature of a State or Territory or from a grand jury; or from facts developed and reported by an investigating committee of the House.
I don't know where the GP post got two states from; as far as I can see, it only takes one state legislature filing charges to start a bill of impeachment. Not that such means the House has to pass the bill if the charges show up; and the Senate doesn't get (legally) involved unless the House passes the bill. But charges sent by a state legislature are enough to start the process. Of course, a lot of bills of impeachment have been introduced in our history; most have been killed quickly, one was aborted by a resignation, and two went to trial in the Senate. It's not until either of the latter looks likely that things get interesting.
Shutting down someone who isn't aware that they are pwned is just going to piss them off, and they'll go with someone who doesn't have such a policy. Especially if you do this to them multiple times. Also, at least some of the bots are on connections that are charged by usage (vs. flat-rate).
Possibly true, if the bot is on a per-use line, the ISP doesn't have as much reason to care. However, that isn't the norm. The preferred hack victim is on an unlimited usage high speed connection (which most are). The ideal victim has an asymmetric UP-preferred line, but those are NOT common. Unlimited-high-speed is practically one word in most of the ads I've seen here on the East Coast.
Since the bot tends to be a high-bandwidth user, ISPs do have a strong interest to shut such down when they notice them on an unlimited use line: it's cutting into their profit margin, and benefitting neither the ISP nor their customer. Ideally, they first try less intrusive methods than cutting off the connection for letting a customer know they've been hacked (EG: a phone call, as others have noted). The full ROI is pretty good.
And as you said: Business is Business.
I also think you're too blase about end users dismissing notification that they've been hacked. If an notice apparently from the ISP also says "increased risk of identity theft", most users demonstrably sit up and pay attention. (Admittedly, they don't check whether it really comes from the ISP often enough....)
It seems that the problem here is that they were brought down by the spammer's huge number of bots running on compromised machines.
They reportedly were also DNS blackholed first, which isn't good either.
This does not seem to me to be a difficult technical problem
It's not. It's a difficult social problem: getting end users to secure their machines properly. The technical parts of the problem are all pretty easy. It's the meatware that needs upgrading.
It's also not the ISP's responsibility - under U.S. Law, (#disclaimer IANAL) the responsibility ultimately rests with the owner/operator of the machine, and having the ISP second-guess what kind of traffic should and should not be coming from that machine smacks of non-Net Neutrality.
Having them monitor for it, yes; however, when an outside (or inside) party complains about potential virus infection, they should be able and permitted to investigate.
Perhaps the method should be similar to a DMCA takedown notice. Of course, the very implies that it would be easy to abuse, so the exact mechanism would require some thought.
Obviously the school should have moved their MAC address into an infected pool and given them their own subnet with a webpage telling them that their machine was infected and to call tech support. But considering the somewhat large resources of people needed to get the machines back online (go and scrub the machine, most people were afraid to even touch them, and klez was a pain to remove).
This is one reason why our school has been making MAC address registration mandatory. No registration, you get kicked to a very limited subnet; all ports except 80 and 443 blocked, DNS for anything except the local Antivirus/Patch sever gets gets routed to the registration server. If your MAC address gets linked to an infection, the port you're on currently is autoblocked for 24 hours (lease time), and DHCP on any other jack kicks to the registration network; trying to re-register the computer tells the user that it has been blocked due to infection.
The idea is possible, but it is a nightmare in reality to have to support.
Our helldesk does basic support only. There's a second tier for some more advanced or specialized problems when real work needs to be done -- problems with the backbone, advice on linux configurations, trouble with the new VPN client not removing all of the pieces of the old one; generally only faculty or staff need help at that level. However, there's always a point where they say (even to the school President), "you need to someone pay for this". Sometimes it's "you need to pay someone for this, and we're not in that business" (although not to the President...). Spyware and virus cleanup is a "not our business" problem.
The local helldesk usually gets a call pretty quick after a net blocking. They inform the student why they are blocked, and that getting it cleaned up is the owner's problem. The patch server (still accessible when blocked) includes most standard removal tools (and a site-licensed AV package); the university computer store maintenance group charges a flat-fee $50 for antivirus or spyware cleanup (no matter how easy or how bad), and there are two national chain stores and two local shops in town that also do PC service. Do it yourself or pay someone, "we don't care how you get it done, just that it gets done".
Users call back after cleaning to get the port turned on and your MAC moved to the "recently cleaned" list; the helldesk will take your word... once, maybe twice even. There's an automated port scanner which scans the machines a few minutes after they get a new DHCP lease if they're on the "recently cleaned" list. I understand that in theory if you get booted four times in a short enough timescale (about a week), the helldesk can insist that the machine get inspected and pronounced secure by the university shop (which they charge for), or hypothetically by someone from the core networks group (on a time-available basis; estimated turnaround of one to three weeks, with the bonus of being called six kinds of idiot by a BOFH sitting secure in the knowledge they can't be fired for anything less than murder of a dean). No-one's been that foolish yet.
There was a little trouble in one of the alpha stages, when they blocked by IP address. This resulted in amusing problems when DHCP leases expired... "I'm sorry, your machine has Klez, Nimda, and Code Red." "How? It's a PowerMac!" But they're all better now. =)
Slashdot Mirror
My school wasn't like that, but the teachers there were exceptional from all I've heard from my college peers. Of course, encouraging debate and creative thinking resulted in some interesting situations over the years, such as my sister's class, who picketed their social studies teacher over an impossible homework assignment (the principal was called in as an arbitrator); or my 12th grade English class, which informed the teacher that after Macbeth, Julius Caesar, and Hamlet in previous years, Romeo and Juliet would be too depressing, and we insisted that we wanted a comedy this year, thank-you-very-much. (She held a class discussion, then assigned us all to write a 1-4 page persuasive essay based on the discussion... which gave her enough time to adjust her lesson plans. We did The Tempest.)
Teachers creative and adaptable enough to cope with creative and adaptable students are very hard to find. It's so much easier if you only have to deal with a pack of sheep... but not as beneficial to society in the long run as herding cats.
Mayhaps. However, some civil rights cannot be waived; I'm not sure if this is such an instance or not. Furthermore, juveniles are considered unable to enter a contract; as such, unless it is the parent (or legal guardian) signing the agreement, the piece of paper is moot.
Regardless, as public schools are effective an agency of the state, I'd consider speech and conduct restrictions inappropriate, save when such speech or conduct can be proven to interfere with the underlying educational mission of the schools. If they put that kind of limitation in the wording, I'd be willing to consider signing such a thing for my own kids, if I ever get any.
If you click on the "I accept this agreement and want to download the Windows Media Photo Specification" button, it submits "I accept this agreement and want to download the Windows Media Photo Specification", and should take you to http://www.microsoft.com/whdc/xps/wmphotodwn.mspx? . However, I didn't verify that.
Instead, I chose to look at the HTML, and manually submitted my own prefered value via manually entering the URL: http://www.microsoft.com/whdc/xps/wmphotodwn.mspx? I_Reject_The_Agreement_Terms_and_Suspect_Bill_Gate s_Blows_Goats. I also got taken to the download page. This page contains the notice "By installing, copying, or otherwise using the software, you agree to be bound by the terms of the license agreement.", and a download link to the actual specification document at http://download.microsoft.com/download/1/6/a/16acc 601-1b7a-42ad-8d4e-4f0aa156ec3e/WMPhotoSpec_v09.do c....
Oops.
Now, while I Am Not A Lawyer, I submitted my rejection of their license terms, so I'd argue in court I shouldn't be bound by them; and since this is a specification, and not itself software, I would also argue that the notice on the page I reached is moot. I suppose the case could be made that since Word macros are a turing-complete programming language, the word document is software, so I thought I'd look through using "less" to be on the safe side. Lo and behold, there is another license embedded:
Of course, if someone at a unix command prompt incanted something clever (say, curl -o Bill_Blows_Goats.txt -C 8261 http://download.microsoft.com/download/1/6/a/16acc 601-1b7a-42ad-8d4e-4f0aa156ec3e/WMPhotoSpec_v09.do c — and don't forget to remove the Slashdot inserted spaces) the Microsoft server would only give them the meaty parts (albeit in a form even OpenOffice would probably gag on), and omit the license. I'd be amused to hear the opinion of a Real Lawyer as to how binding the agreement co
Just call me Captain Nemo, then. (And it's not "BIOS" on a Mac; for anything even remotely recent, it's either "Open Firmware" or "EFI", depending on model.) "Only the seriously paranoid have a firmware/BIOS password," I will certainly grant.
I'll also note that a firmware bios password can also be bypassed by removing the hard drive and connecting to a new machine via any of the usual methods... at which point, removing Undercover becomes much simpler. And if there isn't a BIOS password to begin with, Undercover's also trivial to remove with target-mode booting and another Mac.
Still, it's one more nuisance to drop on a thief.
Possibly as a summary dismissal before the ink dries on the charges... the sort where the judge reprimands the prosecutor as a jackass for wasting the court's time. Most prosecutors try to avoid that sort of thing. I'm not sure if there would be grounds for a civil suit for harassment afterward, either, but I'd certainly be asking my defense counsel about it for something that blatant.
Of course, the Supreme Court has had a complete turnover in the three and a half decades since the Pentagon Papers; I suspect Gonzales has a team studying the three dissents from that case very carefully. Also, looking at NYT v US with my layman's eye, it looks like a major factor in the decision was the attempt at prior restraint. It may be that the courts would be more amenable to an argument saying "We're not trying to prevent publication beforehand, we're just going to prosecute it afterward."
Um... damn, I can't think of any terms that would enable to software to automatically have the user sent to jail.
IAmNotALawyer, but that part is somewhere on the spectrum between inaccurate, misleading, and just plain wrong.
Exact rules on Small Claims Court vary from state to state. It is uniformly true that a private citizen is not required to get a lawyer to sue there, but the exact rules on lawyers vary widely. Some states mandate that an incorporated entity must obtain a lawyer for representation when either plaintiff or defendant in small claims court. Some do not permit lawyers to represent plaintiff or defendant in court, or even to be present (excluding lawyers working pro se, or lawyers holding salaried positions with a corporate plaintiff). All, of course, permit a lawyer to advise plaintiff or defendant outside the courtroom; and some do permit representation by an attorney in court.
More important from the standpoint of this particular blithering loon, it's also universally true that small claims court judgements are limited to a relatively small amount of monetary damages (limits vary between states, but I think I heard IL at $10000 is the current largest), with no opportunity for injunctive or equity relief; and I believe in some states, receiving an affirmative judgement in small claims court renders you inelegible to seek any further relief from any other civil court. (Depending on state, merely filing in Small Claims may preclude seeking non-monetary remedies, even at appellate level.) So, if Wallace went to small claims court, the best he could get is a check for ten grand (plus filing costs), after which IBM et alia could continue on their merry way, without changing their business practices, and leaving Wallace unable to sue over the matter again.
Of course, IBM seems to resist blackmail even when it would be cheaper, just because giving in to blackmail sets a lousy precedent....
If the primary objective is to introduce the specific languages, the IDE will be a useful tool; however, I'd recommend that they be made to work in more than one IDE (or with just a text editor for some assignments, if economics preclude multiple IDEs), since it's dangerously easy to develop knowlege of and over-reliance on a particular IDE, rather than knowlege of and skill with the language desired.
Part right: yeah, the House could easily amend that rule. (I'll presume you're correct about "simple majority" and "any time"; it's not essential either way.)
However, if you read carefully, the original claim did not state was not that it was a Constitutional requirement, but merely (implied) that it was derived from Constitutional authority; the inquiry presumed a grant of this ability to the states necessarily would lie soley within the Constitution. My point: the House is premitted to and and has effectively delegated to the states (as well as to Grand Juries and the President) the authority to initiate (which is NOT the same thing as "pass") a Bill of Impeachment.
Of course, it may also be that the original claimant has their head wedged firmly up their backside and no idea what they're talking about, and only got lucky. This being Slashdot, you may independently conclude which is more likely.
Snailmail a dead-tree letter to your congresscritters instead; much more useful.
As I heard it described by Ms. Pelosi, the problem she had was in determining whether her concern was warranted.
Had I (by some black miracle) her position, I wouldn't have stopped asking questions at the classified briefing until I recieved enough answers to feel able to make that determination. Point out that if they are unable to convince me that I should not be concerned, that itself constitutes sufficient grounds for concern. If they won't accomodate with sufficient and satisfactory answers, hold a press conference immediately on leaving the meeting:
Press feeding frenzy in sixty seconds... if it takes that long.
Had it been brought to the House in secret session, it would have been all too easy - outside of public view - for partisan politics to continue. I predict the Republicans would have stood together to make Ms. Pelosi (or anyone coming before that body) out to be supporting the terrorists by trying to inhibit the ability of our intelligence services to do their job protecting the American people from the threat of attack.
Ah, but those claims are primarily useful when being made before the electing voters. Behind those closed doors, you actually have to convince people, and give serious address to someone pointing out that the oath congress and president have given is to protect the Constitution. Presumably, the House and Senate have good soundproofing and an adequate supply of asprin. =)
There do appear at this point to be at least a few members of congress who consider the constitution more important than partisanship; it's also may be easier for a representative to stand on their true moral ground, if their voters don't have to see the details of the argument.
Assuming a near-pure partisan response to a secret session (which, yeah, seems at least 75% likely for the House), I don't know enough of House and Senate parlimentary procedure to determine what the best tactics would be after. For the Senate, some possibilites are obvious: either an outright fillibuster, or make the Rule 21 motion a daily event. Combining the two would be rude... not to mention potentially quite effective, albeit only about three notches higher in political subtlety than a Senator pulling out a gun and opening fire during a committee meeting. Fillibusters kill progress; they're not casually risked by either side. As we saw not to long ago now, any Rule 21 motion gets attention, and also is a major inconvenience to the Senators. (They move to a smaller room, and have to kick out everyone unnecessary. I think it's just the Senators, the Secretary of the Senate, Sergeant-at-Arms, and the VP (in office of President of the Senate.) Rule 21 motions agitate the press, because nothing stirs up those jackals like screaming "I have a secret! You're not allowed to hear it!" If you start making them a daily event, there would be a LOT of media pressure in EVERY direction to find out what was going on, not only on Congress (both houses, even), but on the White House. The story would come out pretty quickly.
The House is harder to so comprehensively disrupt, but has the potential for more devastating consequences if you can manage it. The House controls both the Budget ("You won't brief us? Fine; your allowance is cut off. So's your salary.") and the authority to Impeach ("Go directly to the Senate.
Hm, OS X, Windows, Linux, Solaris; yup, all of those are "likely to be used" for criminal cracking. ( OK, calling Solaris "likely" for anything is stretching a bit....) I believe the law as described bans any interactive networked operating system, and any piece of networking hardware. I suppose you could even stretch it to jailing all of the computer keyboard makers; after all, any serious cracker isn't likely to work without a keyboard for programming.
And I thought the US Congress was clueless....
Of course, the claim that it's a VM campaign for Scanner may be part of the VM campaign for Scanner, but sometimes paranoia is only the little voices in your head plotting to embarass you. =)
The bad news is I see no reason why this cyber-Mafia would have any hesitation to hiring out to Al'Qaeda, as long as the money is good.
On the bright side, this is a DNS attack, not affecting (so far as I can tell) the routing of IP packets themselves. You can get there, you just can't get a map. Thus, "/etc/hosts" is a fallback strategy. I'm old fashioned and deeply paranoid. Besides loopback on some of the really annoying ad sites, and the eleven machines on my personal networks worthy of names (six legitimate, five unofficially at "something.MINE" addresses), I've always had google.com and cert.org. I'll be adding resolutions for: cnn.com, bbc.co.uk, slashdot.org, mirrordot.org, and a few others. At least if DNS goes down, I'll have a chance to read about why.
Anyone have other better ideas for further preparations us IT peons can take?
If sufficiently concerned over the issue, raise the issue on the floor of the house in question, before the entire house in secret session. While there are potentially serious repercussions to such a move, up to censure or expulsion from that house (subject to the internal rules), that's the most that can happen. Congresscritters have a constitutional immunity from prosecution by any other body for anything they say there. (Article I, section 6: "for any speech or debate in either House, they shall not be questioned in any other place".)
If done in the Senate, one need merely find an amenable party member willing to trustingly second a Rule 21 motion to raise the issue with some deference to secrecy, which may help prevent expulsion. In the House of Representatives, secret sessions are governed by Rule XVII, clause 9, and it looks like you don't even need a second to close the House. Technically, I suppose a sufficiently pissed member need not even close their house to secret session before starting the debate... but that likely would make the consequences under internal rules much more serious.
Of course, while outright expulsion would be unlikely for a closed session debate (takes too many votes, and is too likely to make an instant political martyr), there's a real risk of losing the committee seat, along with any others held; it's also not exactly the sort of thing that engenders future interbranch co-operation, or comprehensive briefings to the oversight committee. The current White House would throw a howling excretory tantrum. However, I would hope that my elected officials would know when to start making a stink. This needed a stink a long time ago (or, less preferably, a change in the law before the laws got broken).
Oooh. Yeah, unless you draw out a list in advance of "here's where your support ends", that's NOT good. You could end up trying to help some sheep—er senile faculty member who insists you get their Powerbook 520c on the campus network, rather than buying a new machine. (Yes, it's possible. Barely. I keep one in my Closet Of Doom for anyone who pisses me off badly enough; I think it has NiftySSH and Netscape 2.0. On the bright side, I'm pretty sure that it's immune to spyware....) Since we're almost a full order of magnitude larger (counting grad schools), a less centralized support made more sense.
I suppose the policy could be survivable if you're vicious enough. Anything "seriously" wrong with the machine, copy the user data folder to a backup, clean reinstall from standard patched/AntiVirused/CounterSpywared disk image, move the user folder back and rename "-old", and tell the student "OK, your data's over here now, all you have to do is reinstall your personal software". (Clever use of permissions can prevent many common spyware packages from installing successfully if part of the "personal" software.) Of course, that means you have a lot of people howling when the problem is declared "serious", and will have a fair black market in pirate software for everyone who "lost" their reinstallation media. But it sounds like some unpointy-haired manager needs to do an honest TCO assessment, or you need a few dozen BOFH's in the maintenance mix.
And half the people are overworked or tied to some legacy system or platform because they bought a support contract for it that will be voided if they try to do anything else with it.
For legacy systems... well, we've at least a dozen such machines I know of; some NT, some OS 9, one Mac Classic that can't be networked anyway. Thank ghu none are mine. While I understand some other subchiefs in the school handle it differently, our local IT subchief has decreed that the "legacy controller" machines aren't allowed on the main network, and MUST have a "clean" reinstall image on file. Four are alone on a separate net not connected to the main one, the rest are just plain nonnetworked. Well, Sneakernet connection, also used for A/V updates... not that they need it so urgently, since the average idiot can't use them to check their email. Keeping them off net keeps Central IT off our backs.
Y'see, MAC blocking is an improvement over the old regime. Policy has always been that any machine jepardizing security of the rest of the network, Central IT has declared they reserve the right to block from the network by whatever means are necessary. It's included in our official use policy, even. While doing so takes approval from the school's CIO, and has been less needed since the MAC registration/blocking system went on-line, this in the past has gone so far as getting the Schoolwide One True Master Key, entering the room with the machine in question, removing all network cords present, leaving notice and a receipt, and waiting to see who comes asking. It is rumored that in one case, the user didn't get the hint. The next visit they removed not only the replaced network cords, but the suspect machine's network card, power supply, internal drive cables, RAM, and CPU, as well as all the removable power cords and all light bulbs in the room... and left a receipt in a larger font.
I try to be polite our Networking gang. They don't piss off easily, but they do piss off thoroughly.
I suppose in your case, the approach I would push if I came in as CIO there would be for your central IT to publish minimum standards for hardware to be supported on the network. If a machine doesn't meet official school spec, it's either the owner's responsibility to keep it secure, owner
I'm sorry, but those details are classified "Want to Tell", and we don't want to tell. =)
Surprising, not overly, no. Annoying, though.
Where did you get TWO states from? As I rant elsewhere, it takes charges from ONE state legislature. Also, saying "Congress has to start proceedings" is misleading; in such a case the House must take up the bill, but there's nothing preventing them from summarily voting it down... aside from the serious inherent political danger of such a move.
Almost true. Correct: the Senate tries the case. Correct: the House of Representatives must pass a bill of Impeachment before the Senate gets to hear the case. Incorrect: according to the Rules of the House (as authorized by Article I, Section 5: "Each House may determine the rules of its proceedings..."), a bill of impeachment may also be initiated by charges conveyed from a state legislature to the House of Representatives. Not that the House can't vote it down when it arrives, but it can't just be tabled.
In the very fine print. Article I, section five: "Each House may determine the rules of its proceedings".
Section 603 (in sec. LIII) of Jeffereson's Rules of the House of Representatives (omitting crossreferences, emphasis added):
I don't know where the GP post got two states from; as far as I can see, it only takes one state legislature filing charges to start a bill of impeachment. Not that such means the House has to pass the bill if the charges show up; and the Senate doesn't get (legally) involved unless the House passes the bill. But charges sent by a state legislature are enough to start the process. Of course, a lot of bills of impeachment have been introduced in our history; most have been killed quickly, one was aborted by a resignation, and two went to trial in the Senate. It's not until either of the latter looks likely that things get interesting.
Windows XP to run, and won't install on Windows 2K systems. Hrmmmm. How helpful.
Possibly true, if the bot is on a per-use line, the ISP doesn't have as much reason to care. However, that isn't the norm. The preferred hack victim is on an unlimited usage high speed connection (which most are). The ideal victim has an asymmetric UP-preferred line, but those are NOT common. Unlimited-high-speed is practically one word in most of the ads I've seen here on the East Coast.
Since the bot tends to be a high-bandwidth user, ISPs do have a strong interest to shut such down when they notice them on an unlimited use line: it's cutting into their profit margin, and benefitting neither the ISP nor their customer. Ideally, they first try less intrusive methods than cutting off the connection for letting a customer know they've been hacked (EG: a phone call, as others have noted). The full ROI is pretty good.
And as you said: Business is Business.
I also think you're too blase about end users dismissing notification that they've been hacked. If an notice apparently from the ISP also says "increased risk of identity theft", most users demonstrably sit up and pay attention. (Admittedly, they don't check whether it really comes from the ISP often enough....)
They reportedly were also DNS blackholed first, which isn't good either.
This does not seem to me to be a difficult technical problem
It's not. It's a difficult social problem: getting end users to secure their machines properly. The technical parts of the problem are all pretty easy. It's the meatware that needs upgrading.
Having them monitor for it, yes; however, when an outside (or inside) party complains about potential virus infection, they should be able and permitted to investigate.
Perhaps the method should be similar to a DMCA takedown notice. Of course, the very implies that it would be easy to abuse, so the exact mechanism would require some thought.
This is one reason why our school has been making MAC address registration mandatory. No registration, you get kicked to a very limited subnet; all ports except 80 and 443 blocked, DNS for anything except the local Antivirus/Patch sever gets gets routed to the registration server. If your MAC address gets linked to an infection, the port you're on currently is autoblocked for 24 hours (lease time), and DHCP on any other jack kicks to the registration network; trying to re-register the computer tells the user that it has been blocked due to infection.
The idea is possible, but it is a nightmare in reality to have to support.
Our helldesk does basic support only. There's a second tier for some more advanced or specialized problems when real work needs to be done -- problems with the backbone, advice on linux configurations, trouble with the new VPN client not removing all of the pieces of the old one; generally only faculty or staff need help at that level. However, there's always a point where they say (even to the school President), "you need to someone pay for this". Sometimes it's "you need to pay someone for this, and we're not in that business" (although not to the President...). Spyware and virus cleanup is a "not our business" problem.
The local helldesk usually gets a call pretty quick after a net blocking. They inform the student why they are blocked, and that getting it cleaned up is the owner's problem. The patch server (still accessible when blocked) includes most standard removal tools (and a site-licensed AV package); the university computer store maintenance group charges a flat-fee $50 for antivirus or spyware cleanup (no matter how easy or how bad), and there are two national chain stores and two local shops in town that also do PC service. Do it yourself or pay someone, "we don't care how you get it done, just that it gets done".
Users call back after cleaning to get the port turned on and your MAC moved to the "recently cleaned" list; the helldesk will take your word... once, maybe twice even. There's an automated port scanner which scans the machines a few minutes after they get a new DHCP lease if they're on the "recently cleaned" list. I understand that in theory if you get booted four times in a short enough timescale (about a week), the helldesk can insist that the machine get inspected and pronounced secure by the university shop (which they charge for), or hypothetically by someone from the core networks group (on a time-available basis; estimated turnaround of one to three weeks, with the bonus of being called six kinds of idiot by a BOFH sitting secure in the knowledge they can't be fired for anything less than murder of a dean). No-one's been that foolish yet.
There was a little trouble in one of the alpha stages, when they blocked by IP address. This resulted in amusing problems when DHCP leases expired... "I'm sorry, your machine has Klez, Nimda, and Code Red." "How? It's a PowerMac!" But they're all better now. =)