Who's the real loser in the end? As Macromedia CEO Rob Burgess points out, "Ultimately, it is our customers, and particularly our mutual customers, that will be harmed." Yup, half of us wind up with burnt, coffee-stained crotches.
Nope, in that case it's not the customer that'll be harmed ultimately. On the contrary, the customer will get a nice loot too. In the end, the real loser will be Mc Donalds'
Usually, attempting to do this ("guessing" credit card numbers) would rack up rather high charge backs fees for each failed attempt. Those chargeback fees are exactly intended to foil such guesswork. The idea of makeing up numbers (with checksum matching) is fairly old, and has been used by spamfighters to "punish" spamvertised sites (pretend to buy an article, supply a bogus cc number, do it early, do it often, use open proxies, and watch as the outfit goes out of business due to chargeback fees).
However, what makes the scam your are linking to interesting, is not the fact that the criminals were brute forcing the numbers, but rather than they were using merchant accounts other than their own to do it. That way, some unsuspecting victim was stuck with the bill, rather than themselves. It was more an exploit of authorize.net's online card validation system than a problem with the credit cards themselves.
But the catch is that you only get to see the EULA after you've already bought and paid for the software (incidentally, this fact is also what makes EULA's legally questionable: it's as if the seller altered the terms of purchase after the fact.).
Other techniques could be used with varying degrees of success. Instead of sending a <a href="story382728.html"> tag, send some javascript which is heaviliy obfuscated, but which eventually writes into the document the actual link. All kinds of code obfuscation techniques could be used, including implementing a small code interpreter with the actual code to write the url written in the interpreted code,...
This technique is to be considered as highly antisocial, as it not only forbids deep linking, but also forces the user to enable javascript. Many users have disabled javascript for security reasons (obnoxious popus, cross-site scripting, etc.), while others may use a browser that does not support javascript, either by choice, or by necessity (blind users surfing with a braille line must use a text-only browser). Moreover, if you push javascript too much, it may well only run correctly in one single browser (the one you developped/tested it in), ruining all portability of Html (and if you don't push it overly, then it will not be obfuscated enough to truely hide the URL). By using such techniques, you'll be perceived as a moron who does this in order to force users to use Internet Explorer, rather than as somebody who wants to protect your deep links.
with a layer of crypto thrown in just to make analysis of the interpreted bytecode more difficult. (The crypto decode key must be part of what is downloaded, so this doesn't defeat analysys, just complicates it.)
Actually, such techniques can be defeated even without analysis: just run a sniffer and log the URL's that your browser tries to access. You'd be inconveniencing the legitimate user without really impeding a determined attacker.
You're earlyer suggestions (session ids or timestamps embedded in URLs) are much more user friendly.
Remember those little stickers on the CD-ROM pouches?
No problem: use hot steam to melt the glue and gently detach them, rather then "breaking" (i.e. tearing) them.
Or just cut through the pouch at the other end, and take the CD out from the rear without "breaking the seal".
Then keep the intact "seal" on file along with all the other license documentation, as proof that you did not agree;-)
if the customers get a whiff of this (and they might)
Why the conditional mood? The customers have gotten info about this, and more than a whiff of it. It's on the frontpage of Slashdot, for chrissakes! Even if the customers' managerial staff doesn't read slashdot, one of their engineers certainly does, and by now probably has put a nice printout of these "confidential" documents on his manager's desk;-)
I think that one of us is confused. Because symlinks are really just shortcuts to the same file name (and, indirectly, file), telling emacs to edit the symlink is the same as telling it to edit the file. The same holds for hard links. So if a hard link would be useful for your above scenario, a symlink would be useful, too. Unless, of course, you wanted some protection from accidental deletion -- with a hard link, every site would have to delete their link before the linked-to file went away.
One important difference between hard links and symlinks when editing files happens if your editor is set to keep backups.
When saving a file test, what happens really is that first the editor renames it to test~, and then saves the new version as test. With a hard link, such strategy would "break" the link: i.e. the backup copy would share the contents of all other links, whereas the new version would be a different object. Thus, your web pages would end up being different.
With symlinks, the editor would notice that there is a symblink, and correctly modify the common copy.
About the first one - where I live is at a major junction right next to a bunch of traffic lights. People expect long traffic jams and delays at rush hour - that's just normal.
Indeed. But there is a difference between long and very long...
As to your second point if you watch the lights at night (I can see them from my bedroom window) they only change when a car comes along.
That works ok only on crossroads where one direction has hardly ever a car. But as soon as higher level of traffic are to be dealt with, the system would also need to find out how many cars there are, and what the overall state of the system is. Computerized traffic control systems are pretty much common in many large cities nowadays, even though they are usually better secured than in this case.
I find it hard to believe that most city streets operate at anything even approaching 100% capacity. It's probably more like 60-70%.
Considering the average over the whole day, and over all roads and streets in the network, it's probably even much lower than that. What's relevant here is peak usage: how overloaded are the main arteries at rush hour?
or if someone leaves the server room door open with a brick
Worse: leave the door to the facility open with a brick (to let fresh air into the non-airconditioned building), and in the evening, conveniently leave the brick outside near the door for the next day.
Makes you wonder why they needed computers to control the traffic lights - surely that could be done with some 555 timers
Read the article. The traffic light were able to operate autonomously using builtin timers... What the computer did was ensure synchonization between one crossroads and the next. To make sure that when you get a green light, the lights are also green in the next few crossroads. Timers tend to drift, and hence an centralized system is necessary to keep things in sync.
And presumably the computer system also changes the timings to adapt to the differences in traffic patterns throughout the day (giving longer green periods to those directions where the most traffic is at that time). Nowadays, most city road networks operate very close to their capacity, and even little details such as the exact timing of traffic light are important to keep matters fluid.
Don't try to blame this on the quality of your reference materials. You were flippant enough to add the "...as a physicist" line to your post. The difference between slugs and pounds is something that *all* first semester physics students learn.
All American first semester physics students maybe. In our neck of the woods, you'd maybe expect a history student, or an English major, to know the difference between furlongs and fortnights, but certainly not a physics student;-). Oh, and that stupid tagline: the only reason I added it was in order to keep with the style of your original post, and gather a couple of funny points in the process;-)
And if you didn't know, looking it up is cheating:)
The only reason I looked it up was in order to use US units. Indeed, initially this was not meant to be a flame about US versus SI units, but rather a flame about using coherent units (...although it has now become a flame about US versus SI...).
If it's the left foot (and your driving an automatic...) it'll probably be ok; however if it's the right foot probably not, as you'd put yourself into a position where you'd be unable to brake in an efficient manner. Also to be considered is the question whether you'd need to look at your feet to take aim (and thus have to divert your attention from the road...), or whether you are good enough shot to aim "blindly". Oh, and you're supposed to keep both hands on the steering wheel, so how would you hold the rifle?;-)
I put "speed dependent" there for a reason - momentum
I know... but why didn't you use the correct units then?
And you'd be wrong. the English unit of mass is the slug, which is equal to 14.6 kilograms
Unfortunately, furlongs are rather unintuitive units for us barbarian Europeans... That's why I had to look it up. And the page I quoted did indeed say lb*ft/sec. Other references said that lb could be used both as a unit of mass and of force (1 lb force being the force by which 1 lb mass would be attracted to earth on average). But neither interpretation would make it also a unit of momentum... SI is much clearer in that respect: kg is for mass, and Newton is for force (and metric pound (1/2 kg) is also for mass; that's probably why it seemed more intuitive to me to consider lb a unit of mass as well, and why I naively believed that formula that that website gave me.)
the English equivalent of the Newton is the pound;
Ok, but even if, this would still not make it a correct unit for momentum: you'd need to remultiply it with a unit of time to get momentum (mass times speed, while force is mass times acceleration).
the SI unit for momentum is either one of kg*m/s or Newton-seconds
Of which both are exactly the same, as a Newton is kg*m/s^2
Therefore the English equilavent of Newton-seconds is pound-seconds = 4.45*Newton-seconds
Is it against the law to shoot yourself in the foot?
The difference between shooting yourself into the foot, and dangerous driving is that with dangerous driving you do not only endanger yourself, but also other drivers. Or else we could do away with traffic code althogether...
Besides the fact that you could claim any calls made to you without your expressed prior consents while driving pose a threat to your health.
How would those commercial calls cause any more threat to your health (or rather, your safety) than any other calls you might receive while driving? And besides, in many countries it is forbidden to use your phone while driving, unless you have a "hands free" set. So you'd only set yourself up for a hefty traffic fine by pushing such arguments.
Actually, the days of the Richtgeschwindigkeit (i.e. that voluntary speed limit on German Autobahns) are long numbered. Nowadays most Autobahn stretches have posted compulsory speed limits, just like everywhere else...
But there is plenty of prior art, and they even adminit it: the fruit fly...
And yeah, it seems pretty obvious to me too. But some people are married to the top-down, centralized approach I guess...
The naysayers may actually be right... Indeed, stability of such an adaptive system could be an issue. What happens if conditions are such that suddenly the systems decides to oscillate between two meta-stable states, dropping calls at each flip? Could mischievous network users actually deliberately cause such a situation to happen (by gathering enough friens with mobile phones, and driving around the country in certain well-crafted pattern -- remember one of the variables of the system is phones per cell)? Weren't there some problems with similarly adaptive systems in the early ninetys on landline switches in the US, where one switch after the other
keeled over like dominos, all triggered by a trivial malfunction on just one switch?
Slashdot Mirror
Nope, in that case it's not the customer that'll be harmed ultimately. On the contrary, the customer will get a nice loot too. In the end, the real loser will be Mc Donalds'
However, what makes the scam your are linking to interesting, is not the fact that the criminals were brute forcing the numbers, but rather than they were using merchant accounts other than their own to do it. That way, some unsuspecting victim was stuck with the bill, rather than themselves. It was more an exploit of authorize.net's online card validation system than a problem with the credit cards themselves.
But the catch is that you only get to see the EULA after you've already bought and paid for the software (incidentally, this fact is also what makes EULA's legally questionable: it's as if the seller altered the terms of purchase after the fact.).
This technique is to be considered as highly antisocial, as it not only forbids deep linking, but also forces the user to enable javascript. Many users have disabled javascript for security reasons (obnoxious popus, cross-site scripting, etc.), while others may use a browser that does not support javascript, either by choice, or by necessity (blind users surfing with a braille line must use a text-only browser). Moreover, if you push javascript too much, it may well only run correctly in one single browser (the one you developped/tested it in), ruining all portability of Html (and if you don't push it overly, then it will not be obfuscated enough to truely hide the URL). By using such techniques, you'll be perceived as a moron who does this in order to force users to use Internet Explorer, rather than as somebody who wants to protect your deep links.
with a layer of crypto thrown in just to make analysis of the interpreted bytecode more difficult. (The crypto decode key must be part of what is downloaded, so this doesn't defeat analysys, just complicates it.)
Actually, such techniques can be defeated even without analysis: just run a sniffer and log the URL's that your browser tries to access. You'd be inconveniencing the legitimate user without really impeding a determined attacker.
You're earlyer suggestions (session ids or timestamps embedded in URLs) are much more user friendly.
No problem: use hot steam to melt the glue and gently detach them, rather then "breaking" (i.e. tearing) them. Or just cut through the pouch at the other end, and take the CD out from the rear without "breaking the seal".
Then keep the intact "seal" on file along with all the other license documentation, as proof that you did not agree ;-)
Was this moderated as funny because of the text, or because of the signature?
Why the conditional mood? The customers have gotten info about this, and more than a whiff of it. It's on the frontpage of Slashdot, for chrissakes! Even if the customers' managerial staff doesn't read slashdot, one of their engineers certainly does, and by now probably has put a nice printout of these "confidential" documents on his manager's desk ;-)
One important difference between hard links and symlinks when editing files happens if your editor is set to keep backups.
When saving a file test, what happens really is that first the editor renames it to test~, and then saves the new version as test. With a hard link, such strategy would "break" the link: i.e. the backup copy would share the contents of all other links, whereas the new version would be a different object. Thus, your web pages would end up being different.
With symlinks, the editor would notice that there is a symblink, and correctly modify the common copy.
Indeed. But there is a difference between long and very long...
As to your second point if you watch the lights at night (I can see them from my bedroom window) they only change when a car comes along.
That works ok only on crossroads where one direction has hardly ever a car. But as soon as higher level of traffic are to be dealt with, the system would also need to find out how many cars there are, and what the overall state of the system is. Computerized traffic control systems are pretty much common in many large cities nowadays, even though they are usually better secured than in this case.
Considering the average over the whole day, and over all roads and streets in the network, it's probably even much lower than that. What's relevant here is peak usage: how overloaded are the main arteries at rush hour?
Happens also with wires for electricity. Fortunately, in that case, the problem is self correcting
Worse: leave the door to the facility open with a brick (to let fresh air into the non-airconditioned building), and in the evening, conveniently leave the brick outside near the door for the next day.
Oh, btw did I mention that it was a glass door?
Read the article. The traffic light were able to operate autonomously using builtin timers... What the computer did was ensure synchonization between one crossroads and the next. To make sure that when you get a green light, the lights are also green in the next few crossroads. Timers tend to drift, and hence an centralized system is necessary to keep things in sync.
And presumably the computer system also changes the timings to adapt to the differences in traffic patterns throughout the day (giving longer green periods to those directions where the most traffic is at that time). Nowadays, most city road networks operate very close to their capacity, and even little details such as the exact timing of traffic light are important to keep matters fluid.
Given how often this same joke has already been made in this forum, I think not...
All American first semester physics students maybe. In our neck of the woods, you'd maybe expect a history student, or an English major, to know the difference between furlongs and fortnights, but certainly not a physics student ;-). Oh, and that stupid tagline: the only reason I added it was in order to keep with the style of your original post, and gather a couple of funny points in the process ;-)
(but apparently the guys at NASA did not)
And neither those at NIST ;-) And a
google groups search reveals that the
"is pound a force unit or a mass unit" question is a very common discussion topic, with apparently most discussions coming to the conclusion that it is indeed a unit of mass.
And if you didn't know, looking it up is cheating :)
The only reason I looked it up was in order to use US units. Indeed, initially this was not meant to be a flame about US versus SI units, but rather a flame about using coherent units (...although it has now become a flame about US versus SI...).
If it's the left foot (and your driving an automatic...) it'll probably be ok; however if it's the right foot probably not, as you'd put yourself into a position where you'd be unable to brake in an efficient manner. Also to be considered is the question whether you'd need to look at your feet to take aim (and thus have to divert your attention from the road...), or whether you are good enough shot to aim "blindly". Oh, and you're supposed to keep both hands on the steering wheel, so how would you hold the rifle? ;-)
I know... but why didn't you use the correct units then?
And you'd be wrong. the English unit of mass is the slug, which is equal to 14.6 kilograms
Unfortunately, furlongs are rather unintuitive units for us barbarian Europeans... That's why I had to look it up. And the page I quoted did indeed say lb*ft/sec. Other references said that lb could be used both as a unit of mass and of force (1 lb force being the force by which 1 lb mass would be attracted to earth on average). But neither interpretation would make it also a unit of momentum... SI is much clearer in that respect: kg is for mass, and Newton is for force (and metric pound (1/2 kg) is also for mass; that's probably why it seemed more intuitive to me to consider lb a unit of mass as well, and why I naively believed that formula that that website gave me.)
the English equivalent of the Newton is the pound;
Ok, but even if, this would still not make it a correct unit for momentum: you'd need to remultiply it with a unit of time to get momentum (mass times speed, while force is mass times acceleration).
the SI unit for momentum is either one of kg*m/s or Newton-seconds
Of which both are exactly the same, as a Newton is kg*m/s^2
Therefore the English equilavent of Newton-seconds is pound-seconds = 4.45*Newton-seconds
Exact. Pound seconds, and not just pounds.
Pounds (lbs) are a unit of force or of mass. For momentum, you'd use lb*ft/sec.
The difference between shooting yourself into the foot, and dangerous driving is that with dangerous driving you do not only endanger yourself, but also other drivers. Or else we could do away with traffic code althogether...
How would those commercial calls cause any more threat to your health (or rather, your safety) than any other calls you might receive while driving? And besides, in many countries it is forbidden to use your phone while driving, unless you have a "hands free" set. So you'd only set yourself up for a hefty traffic fine by pushing such arguments.
Actually, the days of the Richtgeschwindigkeit (i.e. that voluntary speed limit on German Autobahns) are long numbered. Nowadays most Autobahn stretches have posted compulsory speed limits, just like everywhere else...
... with all the spam that we get from there.
... and if they sue, countersue for antitrust violations. Even if they win eventually, it'll be tied up in court for years ;-)
So, are you saying that if I ground up my floppies and CD's, and ate the resulting dust, piracy would become a simple misdaemor as well? ;-)
And, do I actually have to eat the CD, or is it enough if I put it into the micro-wave oven?
But there is plenty of prior art, and they even adminit it: the fruit fly...
And yeah, it seems pretty obvious to me too. But some people are married to the top-down, centralized approach I guess...
The naysayers may actually be right... Indeed, stability of such an adaptive system could be an issue. What happens if conditions are such that suddenly the systems decides to oscillate between two meta-stable states, dropping calls at each flip? Could mischievous network users actually deliberately cause such a situation to happen (by gathering enough friens with mobile phones, and driving around the country in certain well-crafted pattern -- remember one of the variables of the system is phones per cell)? Weren't there some problems with similarly adaptive systems in the early ninetys on landline switches in the US, where one switch after the other keeled over like dominos, all triggered by a trivial malfunction on just one switch?