Read the article again. When told not to use that access point, he proceeded to scout for other unsecured networks, and actually submitted the article from an out-of-site location where he could use an unsecured network without being noticed by the cop.
You seem to have made my point: this guy apparently makes a hobby of using other people's public access points, and doesn't show any sign of actually asking permission.
Excuse me, but the article certainly does not state what the rules of hte library *are*. They may well have accepted such external use quite happily. The cop apparently said "if he had permission" it would be OK.
So walk inside, make sure you have permission, then tell the cop very politely to get a life.
I can understand the cop's confusion and inability to explain details of such regulations. There are way, way too many laws in place for a normal person to be able to cite chapter and verse of the actual statutes on every possible violation. But it's also easy to believe that a Secret Service agent gave them an extremely mistaken and civil-rights violating explanation of any applicable regulations, especially the Patriot Act. Remember, the Secret Service did the Sun Devil raids some years back and got their wrists slapped by the EFF and by Steve Jackson Games for those civil rights violations. They just don't get it when it comes to civil rights over "national security".
Now, reading the article, this "priest" seems to make a real hobby of using other people's access points without their knowledge. Why can't he politely walk into the library and ask them if they mind if he uses it outside, preferably with the policeman in tow to help settle the issue? What the heck was this guy up to?
What really needs to happen is for Ralph Nader to get 80% of the votes for Bush in any district with an insecure Diebold machine. Let Mr. Nader's candidacy do us some good for a change.
I don't think so. Keep in mind that Microsoft has a bunch of XML patents, which they'll doubtlessly be using in WinFS. This will help keep open source authors from being able to use it, even if the specifications themselves are published.
>> Can anyone explain exactly what will be in Longhorn, now that the new filesystem and graphics system is not going to be in it ?
Why yes, we can. The two key words are "XML patents". Microsoft talking paperclip for their new OS is XML, which is fairly insane to use for a filesystem, but will allow them to solve some of the serious bugs in Word, like the silliness in the "Undo" command.
Ahh, yes, open source FUD number 37. "You'll put people out of work".
In this field there's plenty of work to go around: sharing the basic work keeps legal make-work and the theft of intellectual property down, and lets all the authors actually benefit from it in being able to produce superiour products, and sell them, on a continuing basis rather than trying to arrange a corporate patent revenue that is unlikely to trickle down to the actual authors.
It's possible to make money creating entirely closed source software, but it's like a lottery ticket: a few big winners do OK, and the rest of the developers waste their time and effort and often their money.
Ask anyone who's angered a Usenet troll, spammer, or script kiddie. The threats, attacks, and joe jobs against your legitimate business can add up to a hell of a lot of work and legal expense to deal with.
Couple this with SPF, at http://spf.pobox.com, to implement more usable verification of the sending email address, and we can get some useful tracking of senders and blocking of the spammers.
It sounds good, and is the sort of policy that US backbone connectivity providers should have taken up years ago. Unfortunately, the biggest backbone providers here are unwilling to act against spamming customers, such as UUnet not acting against their client ISP's that sell spam hosting setups.
Yes, I'm extremely familiar with whitelists and blacklists. You seem to think that the spammer in these zombied cases will use the zombied machine to send the email directly to the target. While this has often been true, the spread of techniques such as SPF (at http://spf.pobox.com) that create some level of domain authentication for the sender will cause the viruses and spam zombied machines to use the local SMTP servers for their domain.
Next, the aol.com and hotmail.com zombied machines will find and go through their local SMTP servers and carry the spew with domain names that almost everyone must whitelist due to the commonness of such email addresses. Such techniques were pioneered years ago by Cyberpromo.com, deliberately spewing their spam from domains with good reputations to make sure they were on the whitelists.
I urge you, sir, to actually hop over to www.tomshardware.com and read the evaluations of the Intel 64-bit chipsets. They're 64-bit like gluing 4 extra cylinders onto the roof of your car makes it a V-8 engine: there's enough funky glue and plumbing to actually make the cylinders fire, for a little while, but it tends to fall off under load and leave the system dead on the roadside.
And every time, we have to remind you that whitelists are easily occupied by zombied machines, especially for the big email providers like Hotmail, AOL, Earthlink, big universities, etc.
Expect a temporary halt at best, and lots of your friends and relatives and business partners telling you to go blow yourself for insisting on a challenge-response system. That's what the "hashcash" system is under the hood.
Of course: they've been stealing all the marketable, already developed aspects of other architectures for years and using it to save R&D dollars and re-inforce the x86 monopoly.
Too bad they've now gotten so market-controlling they'll have to do their own R&D, unless AMD can manage to stay ahead with things like an actual 64-bit architecture instead of that fake 64-bit nonsense Intel is marketing.
SSH is much better for command line access and remote debugging than telnet, for obvious security reasons. It comes with telnet built-in.
Also, adding NFS or even AFS is very useful for making the files more available with better security models in a mixed environment, rather than forcing people into using Windows-style SMB access no matter what the operating system of their client is.
The kernel has *nothing to do* with the security issues. The security flaw is the lack of checksumming at boot time of the firmware image, which in this case is a Linux OS.
Now, if they used a Linux BIOS, they'd be in better shape for that kind of security testing. I'm completely serious.
Your reasoning is sound, but it has this false premise that the laws are about consent. Their legal history is about reproductive behavior: incest leads to inbreeding, pedophilia leads to reproductive system damage to the victim and lowers the "value" of the victim as a virgin before they get traded or sold off for marriage, bestiality messes up the livestock and lowers its likelihood of reproducing like farm animals should, homosexual behavior does not lead to reproduction, etc., etc.
As long as you argue against this stuff on the basis of reasonable logic of consenting adults, you will miss the underlying motivations of your opponents in such debates and never succeed in addressing their hidden motivations.
As opposed to what the VP's and president did to Enron, and what happens to the dotcoms? I was under the impression that United Airlines went downhill with a lot of other airline companies as fuel prices rose and travel dropped in response to 9/11. Was it something internal killing it?
What you are describing encourages universal passwords. Unfortunately, it's not merely password cracking that is a real risk. It's password sniffing, via keyboard monitoring or packet sniffing over unencrypted protocols like FTP, POP3 or IMAP or HTTP without SSL turned on, etc. People are terrible about changing them, and they do tend to rotate them among a very small number of passwords to deal with this.
Universal sign-on systems such as Kerberos can help this, by encorcing decent password selection and then making it available everywhere without permitting re-use of that small set of passwords. But it's a bear to set up in a small or mixed environment.
Also, for the original article's point: the difficulty of cracking passwords goes up nominally as the exponent of the password length, the complexity of verifying them or encrypting with keys goes up linearly or maybe as N*logN with the length of the key. Selecting a long enough password, and system keys, to defeat this kind of brute force cracking is quite trivial to do. But getting it adopted, especially in the face of federal policies that prohibit the export of encryption technologies as a "material of war", has crippled encryption techniques for years.
Get the federal government out of that line of regulation and hardware based encryption to protect your logins from man-in-the-middle password sniffing will be quite cheap, even possible to incorporate as a part of common motherboards and network cards. Until then, though, we're going to have a real risk of people using the same password for years and having it sniffed and used by crackers.
It can be useful as an apprenticeship program for actual code and tool development. For example, getting all the change orders in for a commercial project can be a hell of a lot of work, equal in scope to building the damn thing in the first place. Adding a field, making one display have a link that points to another one, porting it to a new OS or modifying it to be compatible with newer graphics capabilities or API changes, etc. can all suck away the creative time of the original author.
So there is a role for minions to do such work, especially because the original authors often never have time to write *good* interfaces for other programs to interact with it, or may be unfamiliar with those new operational modes. The original authors need to take the feedback from them seriously, but it's awfully helpful to have the original author available available to look over the minions' shoulders and say "no, that's silly, I already did that in this chunk of code".
No need. Give the employees actual voting stock, instead of "stock options". It's easier to balance the books, the investors can measure the value of the company in real dollars, etc.
US patent law is fairly weird, but it does not involve time travel.
According to my acquaintance at Google, Google owns them and they are expiring in the foreseeable future. This does not mean that Google created them in 1990, anymore than SCO ever wrote any actual UNIX source code simply because they now owns the copyrights. It means they bought the rights to that intellectual property, either as a licensed user or that they bought the patents outright.
Good. You day traders are a blight on the investment business.
Google has at least three good reasons to do its IPO now.
1: Microsoft is preparing to enter the search engine business in earnest. They have very deep pockets, and no compunctions about stealing technologies, so Google is going to take a severe profitability hit even if they win the war as expected. Such battles cost money: Google needs enough money to not run out of software and hardware development and maintenance funds.
2: Some Google patents, important ones, are running out in roughly 2010. It's good for the CEOs and VPs to cash in their stock optiions while it's at this peak, rather than wait for it to start dropping as other companies their attempts to create "Google-killer" technologies. Even if they fail, they will drive the value of Google's services.
3: They've about saturated the search engine market. This is why they've recently committed to entering the email market, which I wish them success in, but it prevents them from growing much more in terms of profit in the search engine market.
Read the article again. When told not to use that access point, he proceeded to scout for other unsecured networks, and actually submitted the article from an out-of-site location where he could use an unsecured network without being noticed by the cop.
You seem to have made my point: this guy apparently makes a hobby of using other people's public access points, and doesn't show any sign of actually asking permission.
Excuse me, but the article certainly does not state what the rules of hte library *are*. They may well have accepted such external use quite happily. The cop apparently said "if he had permission" it would be OK. So walk inside, make sure you have permission, then tell the cop very politely to get a life.
I can understand the cop's confusion and inability to explain details of such regulations. There are way, way too many laws in place for a normal person to be able to cite chapter and verse of the actual statutes on every possible violation. But it's also easy to believe that a Secret Service agent gave them an extremely mistaken and civil-rights violating explanation of any applicable regulations, especially the Patriot Act. Remember, the Secret Service did the Sun Devil raids some years back and got their wrists slapped by the EFF and by Steve Jackson Games for those civil rights violations. They just don't get it when it comes to civil rights over "national security".
Now, reading the article, this "priest" seems to make a real hobby of using other people's access points without their knowledge. Why can't he politely walk into the library and ask them if they mind if he uses it outside, preferably with the policeman in tow to help settle the issue? What the heck was this guy up to?
What really needs to happen is for Ralph Nader to get 80% of the votes for Bush in any district with an insecure Diebold machine. Let Mr. Nader's candidacy do us some good for a change.
I don't think so. Keep in mind that Microsoft has a bunch of XML patents, which they'll doubtlessly be using in WinFS. This will help keep open source authors from being able to use it, even if the specifications themselves are published.
>> Can anyone explain exactly what will be in Longhorn, now that the new filesystem and graphics system is not going to be in it ?
Why yes, we can. The two key words are "XML patents". Microsoft talking paperclip for their new OS is XML, which is fairly insane to use for a filesystem, but will allow them to solve some of the serious bugs in Word, like the silliness in the "Undo" command.
Ahh, yes, open source FUD number 37. "You'll put people out of work".
In this field there's plenty of work to go around: sharing the basic work keeps legal make-work and the theft of intellectual property down, and lets all the authors actually benefit from it in being able to produce superiour products, and sell them, on a continuing basis rather than trying to arrange a corporate patent revenue that is unlikely to trickle down to the actual authors.
It's possible to make money creating entirely closed source software, but it's like a lottery ticket: a few big winners do OK, and the rest of the developers waste their time and effort and often their money.
Ask anyone who's angered a Usenet troll, spammer, or script kiddie. The threats, attacks, and joe jobs against your legitimate business can add up to a hell of a lot of work and legal expense to deal with.
And 100% of al .biz email is pure spam. Just block it all, honestly.
Couple this with SPF, at http://spf.pobox.com, to implement more usable verification of the sending email address, and we can get some useful tracking of senders and blocking of the spammers.
It sounds good, and is the sort of policy that US backbone connectivity providers should have taken up years ago. Unfortunately, the biggest backbone providers here are unwilling to act against spamming customers, such as UUnet not acting against their client ISP's that sell spam hosting setups.
Yes, I'm extremely familiar with whitelists and blacklists. You seem to think that the spammer in these zombied cases will use the zombied machine to send the email directly to the target. While this has often been true, the spread of techniques such as SPF (at http://spf.pobox.com) that create some level of domain authentication for the sender will cause the viruses and spam zombied machines to use the local SMTP servers for their domain. Next, the aol.com and hotmail.com zombied machines will find and go through their local SMTP servers and carry the spew with domain names that almost everyone must whitelist due to the commonness of such email addresses. Such techniques were pioneered years ago by Cyberpromo.com, deliberately spewing their spam from domains with good reputations to make sure they were on the whitelists.
I urge you, sir, to actually hop over to www.tomshardware.com and read the evaluations of the Intel 64-bit chipsets. They're 64-bit like gluing 4 extra cylinders onto the roof of your car makes it a V-8 engine: there's enough funky glue and plumbing to actually make the cylinders fire, for a little while, but it tends to fall off under load and leave the system dead on the roadside.
Just make sure they're both insured first. Mothers-in-law have much less trade-in value.
And every time, we have to remind you that whitelists are easily occupied by zombied machines, especially for the big email providers like Hotmail, AOL, Earthlink, big universities, etc. Expect a temporary halt at best, and lots of your friends and relatives and business partners telling you to go blow yourself for insisting on a challenge-response system. That's what the "hashcash" system is under the hood.
Of course: they've been stealing all the marketable, already developed aspects of other architectures for years and using it to save R&D dollars and re-inforce the x86 monopoly.
Too bad they've now gotten so market-controlling they'll have to do their own R&D, unless AMD can manage to stay ahead with things like an actual 64-bit architecture instead of that fake 64-bit nonsense Intel is marketing.
SSH is much better for command line access and remote debugging than telnet, for obvious security reasons. It comes with telnet built-in. Also, adding NFS or even AFS is very useful for making the files more available with better security models in a mixed environment, rather than forcing people into using Windows-style SMB access no matter what the operating system of their client is.
The kernel has *nothing to do* with the security issues. The security flaw is the lack of checksumming at boot time of the firmware image, which in this case is a Linux OS.
Now, if they used a Linux BIOS, they'd be in better shape for that kind of security testing. I'm completely serious.
Your reasoning is sound, but it has this false premise that the laws are about consent. Their legal history is about reproductive behavior: incest leads to inbreeding, pedophilia leads to reproductive system damage to the victim and lowers the "value" of the victim as a virgin before they get traded or sold off for marriage, bestiality messes up the livestock and lowers its likelihood of reproducing like farm animals should, homosexual behavior does not lead to reproduction, etc., etc.
As long as you argue against this stuff on the basis of reasonable logic of consenting adults, you will miss the underlying motivations of your opponents in such debates and never succeed in addressing their hidden motivations.
Try 60 seconds with a hacksaw, which easily fits in a backpack or briefcase. It's even less with a Dremel tool with an appropriate blade.
Why no, I've never had to free up somebody's own laptop from where they locked it and lost the key. Why do you ask?
As opposed to what the VP's and president did to Enron, and what happens to the dotcoms? I was under the impression that United Airlines went downhill with a lot of other airline companies as fuel prices rose and travel dropped in response to 9/11. Was it something internal killing it?
What you are describing encourages universal passwords. Unfortunately, it's not merely password cracking that is a real risk. It's password sniffing, via keyboard monitoring or packet sniffing over unencrypted protocols like FTP, POP3 or IMAP or HTTP without SSL turned on, etc. People are terrible about changing them, and they do tend to rotate them among a very small number of passwords to deal with this.
Universal sign-on systems such as Kerberos can help this, by encorcing decent password selection and then making it available everywhere without permitting re-use of that small set of passwords. But it's a bear to set up in a small or mixed environment.
Also, for the original article's point: the difficulty of cracking passwords goes up nominally as the exponent of the password length, the complexity of verifying them or encrypting with keys goes up linearly or maybe as N*logN with the length of the key. Selecting a long enough password, and system keys, to defeat this kind of brute force cracking is quite trivial to do. But getting it adopted, especially in the face of federal policies that prohibit the export of encryption technologies as a "material of war", has crippled encryption techniques for years.
Get the federal government out of that line of regulation and hardware based encryption to protect your logins from man-in-the-middle password sniffing will be quite cheap, even possible to incorporate as a part of common motherboards and network cards. Until then, though, we're going to have a real risk of people using the same password for years and having it sniffed and used by crackers.
It can be useful as an apprenticeship program for actual code and tool development. For example, getting all the change orders in for a commercial project can be a hell of a lot of work, equal in scope to building the damn thing in the first place. Adding a field, making one display have a link that points to another one, porting it to a new OS or modifying it to be compatible with newer graphics capabilities or API changes, etc. can all suck away the creative time of the original author.
So there is a role for minions to do such work, especially because the original authors often never have time to write *good* interfaces for other programs to interact with it, or may be unfamiliar with those new operational modes. The original authors need to take the feedback from them seriously, but it's awfully helpful to have the original author available available to look over the minions' shoulders and say "no, that's silly, I already did that in this chunk of code".
No need. Give the employees actual voting stock, instead of "stock options". It's easier to balance the books, the investors can measure the value of the company in real dollars, etc.
US patent law is fairly weird, but it does not involve time travel.
According to my acquaintance at Google, Google owns them and they are expiring in the foreseeable future. This does not mean that Google created them in 1990, anymore than SCO ever wrote any actual UNIX source code simply because they now owns the copyrights. It means they bought the rights to that intellectual property, either as a licensed user or that they bought the patents outright.
Good. You day traders are a blight on the investment business.
Google has at least three good reasons to do its IPO now.
1: Microsoft is preparing to enter the search engine business in earnest. They have very deep pockets, and no compunctions about stealing technologies, so Google is going to take a severe profitability hit even if they win the war as expected. Such battles cost money: Google needs enough money to not run out of software and hardware development and maintenance funds.
2: Some Google patents, important ones, are running out in roughly 2010. It's good for the CEOs and VPs to cash in their stock optiions while it's at this peak, rather than wait for it to start dropping as other companies their attempts to create "Google-killer" technologies. Even if they fail, they will drive the value of Google's services.
3: They've about saturated the search engine market. This is why they've recently committed to entering the email market, which I wish them success in, but it prevents them from growing much more in terms of profit in the search engine market.