Similarly, if the UK were a 2-party system, the Labour and Lib Dems (which if I recall are both more similar to each other than the Conservatives) would be a single party and easily have won.
In order to win, a party needs 326 MPs.
Labour got 258, Lib Dems 57. Giving a total of 315.
Sure, they'd have more seats than the Conservatives, but they'd still be a minority government. They'd have to form a coalition with smaller parties to be sure of getting legislation through - without that, the Conservatives could deadlock Parliament by voting against the government on everything regardless of their own views, which would doubtless force an election sooner rather than later.
(For non-Brits - we don't have a three-party system. We have a multi-party system, it's just that parties other than the big three generally have very little support).
On its own this doesn't sound like the end of the world, but nobody ever rings support when everything is working just fine. You won't find this out until the Shit has Royally Hit the Fan, your manager and your users are breathing down your neck to get the issue fixed immediately and suddenly the 10 minutes you spent routinely updating your CV yesterday looks like it may come in useful rather sooner than you had hoped.
That's if you're lucky.
If you're unlucky, the equipment in question is part of the core network in a hospital, police force or some other emergency service.
There is, of course, the bijou issue-ette that organic farming produces substantially less product per acre, meaning you need a hell of a lot more space to grow the same amount of food. Meanwhile, population (and hence demand for food) is growing.
That's actually a pretty good idea, and I suspect you're correct.
The only issue is that those little LCD displays are quite pricey, and you're talking about hardware which is designed down to a price.
More likely is you'll see something similar to what BT in the UK are doing - the default password is factory set to a different value for each device - and the default password is on the same label as the serial number.
Or you could (as a bad guy) write a piece of malware which infects a Windows PC and then targets the router from the inside. Most home routers have lousy internal security.
"Enforcement is a bit inconsistent, but if customs do slap you with a VAT bill you will then have the added pleasure of the courier company automatically paying it for you and levying a ~£10 fee for the privilege of doing so. They will then hold the parcel until you pay them both the VAT and their added charges."
So...in your country, they open up your private mail/packages coming in to see what is in it? If not..how else would they know if you have a VAT item or not?
If you've ever shipped anything internationally, you'll know that you have to put invoices in a separate envelope stuck to the package and Customs can and will open a package if they have reason to believe the invoice doesn't represent the product.
(Though the GP is mistaken - packages shipped within Europe don't attract VAT, though you would pay VAT in the country it's sold in rather than the country it's shipping to. Not necessarily a good thing in the UK, however, as compared to much of the EU we have relatively low VAT.)
A simple external storage device for downloadable games would be the next real logical step for them.
The Wii already supports SD cards up to 32GB, you can store downloaded games there and launch them from there. What benefit would there be to such a device?
With an external harddrive/network adapter combination device (wired network should have been standard to start), they could then run a HUGE marketing campaign to get people to start buying the games online instead of in the stores. It would increase margins across the board for everyone. Additionally, to get past the typical nervous online consumers issue (meaning people not liking using credit cards online), they could sell a package from a game at a store like GameStop with a serial number to allow them to download the game to their Wii.
The important thing they must do though is to lock the store to a user instead of a console. This way if a device breaks down, the consumer would be able to transfer their purchases to the new unit.
Apparently Nintendo have the ability to do this, but they won't do it unless you register the Wii.
They don't do a very good job then. I've got a Smartnet login and a support contract for a single, specific model of router yet I can download firmware for virtually everything I can think of, including equipment which I've never owned, much less got a support contract for.
That's only because Cisco don't bother to tie your support login up with the products you have a support contract for. Instead, they use the EULA to do that. It says that unless you have an up to date service contract for the appropriate hardware, you're not allowed to download firmware.
Apparently someone's already done the arithmetic - IIRC at the current rate of growth, all you'd do is delay the exhaustion of IPv4 addresses by some stupidly small amount like 6-12 months.
If you run most of those files through strings(1), you'll find that quite often the important data is stored as plaintext within the file.
I'm more concerned that the developers decided the best way to manage this over a network was to use NetBIOS. I can't think of anything less suitable for a modern network - lots of companies disable it, it was designed for use over a single, localised subnet and performs very poorly over a slow (think WAN or VPN) link and looking at Windows 7, I'd say that while it's not going to happen for a while yet, Microsoft are heading in the direction of obsoleting the protocol in its entirety.
More to the point, there have been plenty of instances where laptops complete with sensitive information have gone missing. We know that happens already, we know if somebody's laptop goes walkies there's a strong chance of this. We don't need software to confirm this, we need one or more of:
Managed encryption (no truecrypt won't do - the benefit of things like the commercial versions of PGP is that they store keys in escrow so you don't need to tell the CEO that without his password his laptop will have to be wiped. I'm aware of the security issues inherent in storing keys in escrow, but I guarantee you that in most businesses the CEO is quite happy to take the chance with a secured escrow server if the alternative is that without the password his laptop has just become a very expensive brick).
Remote disk wiping. You probably don't need to wipe the entire disk to military standards - just overwrite all the metadata and any files which you know are sensitive, eg. private encryption keys. Frankly, the kind of person who remote disk wiping will be a barrier to is the junkie who's looking to sell your laptop for his next fix - it's vanishingly unlikely that said junkie will recognise the value of anything confidential on there, much less be equipped to take advantage of that. The organised criminal will have the laptop in some sort of faraday cage before you've even noticed it's missing, in which case you wouldn't be able to remotely wipe it anyhow.
And yet it's amazing how many products intended for use in large organisations have installation instructions along the lines of "Visit every workstation in turn, double-click on setup.exe and follow the instructions..."
So the one count they're charged with is for invading a corporate computer. And the thousands of individual citizens' PCs they compromised are ignored. Somehow, I'm not surprised.
I don't think it's as clear cut as that. It's much easier to get evidence of 5,000 infections from a handful of sysadmins saying "We spent X hours cleaning up Y PCs as a result of this particular piece of malware" than it is to get 5,000 individuals to.
Then - there's no nice way to put this - you are an idiot.
There are established protocols for preventing this situation for coming up in the first place. Well, actually they're there in the event of you getting run over by a bus but they'd work just as well if you got fired.
The established protocol is that the passwords are encrypted and a brief written explanation for how to decrypt them (be it key, file or passphrase) is kept somewhere secure such as a bank deposit box or in a sealed envelope in a safe to which few others have access.
Yes, it does open the organisation to a certain degree of risk. But the risk is substantially lower than setting things up so that if you get run over by a bus, your former employer is totally screwed.
If I am fired, and then my boss realizes that he hasn't taken the proper steps (not saying this is the case with Childs) of making policies for documenting configurations and/or passwords, along with providing time during work-hours to document that information, he doesn't get them. I'm fired after all, and he doesn't get my free labor. I will be happy to provide him with the information though at my contracting rate of 1.5 times my normal pay.
In that case, not only are you denying access to their systems but your are implicitly admitting that you can still give them access to their systems (you're happy to provide him the information, therefore we can safely assume you have it) and using extortion (you want to be paid - and paid more than you otherwise would have earned) to rectify the situation.
IANAL but if your former employer is of a mind to report you to the authorities I really can't see that ending well.
Agree entirely. From what little we've heard, it sounds like there was plenty of opportunity for Childs to avoid this. On several occasions he was asked to divulge the passwords and like a petulant child he just kept saying "No. Want the mayor".
While I don't have any inside knowledge of the case, it seems to me the sensible thing to do would have been to explain to his lawyer the quandary (give the passwords : criminal offence, don't give the passwords : criminal offence) and have the lawyer whip up some sort of agreement whereby the passwords could be handed over and Childs would be let go with no further action. Hell, by all accounts he was offered almost exactly this opportunity by the police - so it's not like it never occurred to anyone.
Well yes, but if you're the ISP it's trivially easy to forward all requests on port 53 to the DNS server of your choice. I don't know of any in the UK that are doing this, but I've heard of it happening elsewhere.
Besides, consciously clicking the "I'm opting out of this crap, thanks" button makes it explicitly clear to the ISP what's going on.
Nothing's infallible, but the reason we have autopilots is that in the big scheme of things, they're a hell of a lot closer to infallible than a human pilot.
QA on disks went totally down the toilet circa 1996-1998 IIRC.
Prior to then, they were reasonably reliable, but any disks much more recent than that are so unreliable as to be borderline unusable for anything that requires any degree of integrity.
As a Capitalist, that really offends me. If businesses want to be treated laissez faire then they damn well better learn to make society not feel like they're a bunch of crooks who care so little about the common good that if regulators aren't going Big Brother on them every nanosecond they'll steal everything that isn't nailed down and cheat everyone who isn't paying 110% attention to every detail of their lives.
... which is precisely why there is regulation in every civilised society on the planet, and no such thing as a 100% capitalist society.
Indeed, the poster only discusses what happens when he puts the name of a website into Firefox's address bar. By default, that will carry out a DNS lookup and if that lookup fails, Firefox will redirect to a Google "I'm feeling lucky" result.
Lots of ISPs are intercepting failed DNS requests and injecting their own ad page, there's usually a way to bypass this.
Slashdot Mirror
Jack Straw was just as bad - he was home secretary when the RIPA was passed.
Remember home secretaries are usually appointed by the PM - it's fair to assume that their views are broadly in line with the PMs.
Similarly, if the UK were a 2-party system, the Labour and Lib Dems (which if I recall are both more similar to each other than the Conservatives) would be a single party and easily have won.
In order to win, a party needs 326 MPs.
Labour got 258, Lib Dems 57. Giving a total of 315.
Sure, they'd have more seats than the Conservatives, but they'd still be a minority government. They'd have to form a coalition with smaller parties to be sure of getting legislation through - without that, the Conservatives could deadlock Parliament by voting against the government on everything regardless of their own views, which would doubtless force an election sooner rather than later.
(For non-Brits - we don't have a three-party system. We have a multi-party system, it's just that parties other than the big three generally have very little support).
MS actually came out with something like this years ago before google did. They had search before google too.
Lots of people had search before Google. It's just that most of them did a lousy job of it.
Except that you won't get any support from Cisco.
On its own this doesn't sound like the end of the world, but nobody ever rings support when everything is working just fine. You won't find this out until the Shit has Royally Hit the Fan, your manager and your users are breathing down your neck to get the issue fixed immediately and suddenly the 10 minutes you spent routinely updating your CV yesterday looks like it may come in useful rather sooner than you had hoped.
That's if you're lucky.
If you're unlucky, the equipment in question is part of the core network in a hospital, police force or some other emergency service.
There is, of course, the bijou issue-ette that organic farming produces substantially less product per acre, meaning you need a hell of a lot more space to grow the same amount of food. Meanwhile, population (and hence demand for food) is growing.
That's actually a pretty good idea, and I suspect you're correct.
The only issue is that those little LCD displays are quite pricey, and you're talking about hardware which is designed down to a price.
More likely is you'll see something similar to what BT in the UK are doing - the default password is factory set to a different value for each device - and the default password is on the same label as the serial number.
Or you could (as a bad guy) write a piece of malware which infects a Windows PC and then targets the router from the inside. Most home routers have lousy internal security.
"Enforcement is a bit inconsistent, but if customs do slap you with a VAT bill you will then have the added pleasure of the courier company automatically paying it for you and levying a ~£10 fee for the privilege of doing so. They will then hold the parcel until you pay them both the VAT and their added charges."
So...in your country, they open up your private mail/packages coming in to see what is in it? If not..how else would they know if you have a VAT item or not?
If you've ever shipped anything internationally, you'll know that you have to put invoices in a separate envelope stuck to the package and Customs can and will open a package if they have reason to believe the invoice doesn't represent the product.
(Though the GP is mistaken - packages shipped within Europe don't attract VAT, though you would pay VAT in the country it's sold in rather than the country it's shipping to. Not necessarily a good thing in the UK, however, as compared to much of the EU we have relatively low VAT.)
A simple external storage device for downloadable games would be the next real logical step for them.
The Wii already supports SD cards up to 32GB, you can store downloaded games there and launch them from there. What benefit would there be to such a device?
With an external harddrive/network adapter combination device (wired network should have been standard to start), they could then run a HUGE marketing campaign to get people to start buying the games online instead of in the stores. It would increase margins across the board for everyone. Additionally, to get past the typical nervous online consumers issue (meaning people not liking using credit cards online), they could sell a package from a game at a store like GameStop with a serial number to allow them to download the game to their Wii.
Do you mean something like the Wii points card?
The important thing they must do though is to lock the store to a user instead of a console. This way if a device breaks down, the consumer would be able to transfer their purchases to the new unit.
Apparently Nintendo have the ability to do this, but they won't do it unless you register the Wii.
No, the rack-mount server is only for in-house search. If you want the email, docs and spreadsheet - that's in Google's data centre.
They don't do a very good job then. I've got a Smartnet login and a support contract for a single, specific model of router yet I can download firmware for virtually everything I can think of, including equipment which I've never owned, much less got a support contract for.
That's only because Cisco don't bother to tie your support login up with the products you have a support contract for. Instead, they use the EULA to do that. It says that unless you have an up to date service contract for the appropriate hardware, you're not allowed to download firmware.
Apparently someone's already done the arithmetic - IIRC at the current rate of growth, all you'd do is delay the exhaustion of IPv4 addresses by some stupidly small amount like 6-12 months.
If you run most of those files through strings(1), you'll find that quite often the important data is stored as plaintext within the file.
I'm more concerned that the developers decided the best way to manage this over a network was to use NetBIOS. I can't think of anything less suitable for a modern network - lots of companies disable it, it was designed for use over a single, localised subnet and performs very poorly over a slow (think WAN or VPN) link and looking at Windows 7, I'd say that while it's not going to happen for a while yet, Microsoft are heading in the direction of obsoleting the protocol in its entirety.
More to the point, there have been plenty of instances where laptops complete with sensitive information have gone missing. We know that happens already, we know if somebody's laptop goes walkies there's a strong chance of this. We don't need software to confirm this, we need one or more of:
And yet it's amazing how many products intended for use in large organisations have installation instructions along the lines of "Visit every workstation in turn, double-click on setup.exe and follow the instructions..."
So the one count they're charged with is for invading a corporate computer. And the thousands of individual citizens' PCs they compromised are ignored. Somehow, I'm not surprised.
I don't think it's as clear cut as that. It's much easier to get evidence of 5,000 infections from a handful of sysadmins saying "We spent X hours cleaning up Y PCs as a result of this particular piece of malware" than it is to get 5,000 individuals to.
Then - there's no nice way to put this - you are an idiot.
There are established protocols for preventing this situation for coming up in the first place. Well, actually they're there in the event of you getting run over by a bus but they'd work just as well if you got fired.
The established protocol is that the passwords are encrypted and a brief written explanation for how to decrypt them (be it key, file or passphrase) is kept somewhere secure such as a bank deposit box or in a sealed envelope in a safe to which few others have access.
Yes, it does open the organisation to a certain degree of risk. But the risk is substantially lower than setting things up so that if you get run over by a bus, your former employer is totally screwed.
If I am fired, and then my boss realizes that he hasn't taken the proper steps (not saying this is the case with Childs) of making policies for documenting configurations and/or passwords, along with providing time during work-hours to document that information, he doesn't get them. I'm fired after all, and he doesn't get my free labor. I will be happy to provide him with the information though at my contracting rate of 1.5 times my normal pay.
In that case, not only are you denying access to their systems but your are implicitly admitting that you can still give them access to their systems (you're happy to provide him the information, therefore we can safely assume you have it) and using extortion (you want to be paid - and paid more than you otherwise would have earned) to rectify the situation.
IANAL but if your former employer is of a mind to report you to the authorities I really can't see that ending well.
Agree entirely. From what little we've heard, it sounds like there was plenty of opportunity for Childs to avoid this. On several occasions he was asked to divulge the passwords and like a petulant child he just kept saying "No. Want the mayor".
While I don't have any inside knowledge of the case, it seems to me the sensible thing to do would have been to explain to his lawyer the quandary (give the passwords : criminal offence, don't give the passwords : criminal offence) and have the lawyer whip up some sort of agreement whereby the passwords could be handed over and Childs would be let go with no further action. Hell, by all accounts he was offered almost exactly this opportunity by the police - so it's not like it never occurred to anyone.
Well yes, but if you're the ISP it's trivially easy to forward all requests on port 53 to the DNS server of your choice. I don't know of any in the UK that are doing this, but I've heard of it happening elsewhere.
Besides, consciously clicking the "I'm opting out of this crap, thanks" button makes it explicitly clear to the ISP what's going on.
Not according to IMDB you haven't. But I haven't been able to find a clip from the film.
Nothing's infallible, but the reason we have autopilots is that in the big scheme of things, they're a hell of a lot closer to infallible than a human pilot.
QA on disks went totally down the toilet circa 1996-1998 IIRC.
Prior to then, they were reasonably reliable, but any disks much more recent than that are so unreliable as to be borderline unusable for anything that requires any degree of integrity.
As a Capitalist, that really offends me. If businesses want to be treated laissez faire then they damn well better learn to make society not feel like they're a bunch of crooks who care so little about the common good that if regulators aren't going Big Brother on them every nanosecond they'll steal everything that isn't nailed down and cheat everyone who isn't paying 110% attention to every detail of their lives.
... which is precisely why there is regulation in every civilised society on the planet, and no such thing as a 100% capitalist society.
Indeed, the poster only discusses what happens when he puts the name of a website into Firefox's address bar. By default, that will carry out a DNS lookup and if that lookup fails, Firefox will redirect to a Google "I'm feeling lucky" result.
Lots of ISPs are intercepting failed DNS requests and injecting their own ad page, there's usually a way to bypass this.