It can only be an understatement to observe that accessing state government computers in blatant disregard for their acceptable use policies is not legally sound.
Violating an acceptable use contract is not legally sound, but forming a contract with a web server requires you to enter your name and perform some action. Merely making a policy document available for discretionary download does not form a contract.
Federal courts have held that web spiders must obey the established ROBOTS.TXT mechanism by which web site owners limit automated access, and that a failure to obey ROBOTS.TXT constitutes trespass.
Which is also a load of crap. ROBOTS.TXT is an optional advisory system for people who are going out of their way to be friendly. The definitive requirements for web communication are set out in the HTTP specification, which provides SSL, POST requests, and cookies explicitly to support access controls.
Worse, Montana's web server actually crashed as a result of HMS harvesting it. Once you go beyond access into crashing, you're way into felony territory.
And now we enter hip wader territory--the BS is getting that deep. A web server that crashes by merely being accessed is defective.
Shocked, I informed Tim and Rich that proxy hijacking is very illegal and immoral.
It is neither illegal nor immoral. If a computer owner chooses to make it an open proxy, that is their choice. If they want it not to be an open proxy, they are obligated to either turn it off or install software that does not allow for that feature.
And in order to protect myself from the repercussions of HMS's illegal and immoral activities, I am carefully considering my legal options, including notifying the appropriate authorities.
Anyone with two neurons to rub together could have predicted the outcome of this toothless threat. You do not say "Hey, great fire-breathing beast, please stop terrorizing our helpless village", and then kick the dragon in the shin. The natural state of the human animal is war, and laws on paper make a darn flimsy shield.
There's precious little stopping developers from making versions of systems that work on non-admin accounts...
You mean besides having to run Visual Studio with maximum privileges, which means you have to log out and log back in twice every time you make a change.
For the record, Windows has LU but has not done nearly as well as the compeititon with building a system that encourages it's use.
By not supplying a proper package manager, Microsoft intends software to be installed poorly. Moreover, poor behavior regarding login privileges is a deliberate and intentional part of their plan: Visual Studio requires administrator privileges, which means that a programmer would have to reboot twice everytime they recompiled their privilegly-correct software.
I'm amazed that someone has yet to come up with a combination of archival-grade photographic film or paper for storage and an optical 'reader' for truly long-term archiving...
The stated intent is that smaller entities which rarely handle customer/consumer data will not be required to do 'heavy lifting' to dispose of their documents.
"Reasonable" depends on the context, and context can be changed by a clever plaintiff. For example, by demonstrating software that automatically reassembles the images of shredded documents.
...an agreement between my and my nanny wouldn't be [interstate commerce] because it doesn't touch anywhere non-local.
It affects the interstate market for nannies, as well as the nanny's demand for interstate commerce, and thus constitutes interstate commerce. Yes, that's bullshit, but it's how the courts have ruled for decades. A prudent person of modest financial means must assume that everything is interstate commerce.
In other words, someone who hires a nanny would probably not be under the purview of FTC or any other such federal rule -- unless the nanny had to travel across state lines.
Nope. Thanks to judicial activism, everything is interstate commerce.
In any case, they call for reasonable measures...
In other words, government inquisitors can make up whatever standard they want after the fact.
Credibility is about not sneaking in through a backdoor function to get information that you KNOW will be delivered on a schedule that has been cited.
The university was contractually obligated to provide acceptance information at a certain point in time. That does not imply the converse: applicants were not contractually obligated to avoid learning the information before that point in time.
That's how business works: people keep secrets to hurt you, and you try to find out without breaking the law.
No company wants to hire people who take tips off blogs and IMs to do end runs around 'authority.'
Are you insane, dumb, or trolling? Every good corporation wants people who dig up strategic tidbits of information on potential business partners and use it to their advantage. For example, an employee who guesses the right URL to get a draft quarterly report a week early would be worth their weight in gold.
Not sure what you're getting at with the 'I screwed up...' bit. That's certainly not the impression I get from what I hear of the people busted in this whole incident.
I'm talking about the university folks who screwed up by confusing the superficial appearance of security with true security. They could have gone to their bosses and owned up to their incompetence, and presented a plan for quietly fixing the problem. Instead they have opened their organisation up to litigation by rejecting otherwise-acceptable applicants who did not violate a single contractual obligation. Far worse is that they publicized to the world the dirty little secret that admissions offices deliberately screw applicants by artifically delaying their acceptance letters. Typical unthinking MBA ass-covering.
Sure, it might seem utopian, but business school is the place to select for and teach ethical values if anywhere is.
Hardly. Stanford was deliberately keeping applicants in the dark until the last possible moment. That way they didn't have to compete with other schools for tuition waivers, stipends, scholarships, and so forth. The hotter the applicant, the longer they wait to find out. An admission officer's wet dream would be a web site that told the applicant their acceptance status and then gave them five minutes to accept or decline.
Being selective in this matter can only help the school's reputation.
If by "selective" you mean "not getting caught humping the applicant's leg", then I agree.
Applicants who don't already have a higher standard of right and wrong than that enforced by the legal system are less likely to acquire one than someone who is honest from the start.
This wasn't some cloisted retreat of moral purity. It was a competitive arena were the applicants and the university are fighting tooth and nail for millions of dollars. The applicants were able to gain a strategic information advantage due to the laziness of the perfumed princes of the business schools. The schools learned of it and broke the contract, knowning that few of the applicants can afford to sue, and fewer still will get a judge with the technical mojo to understand the web server had its pants around its ankles.
Why would the Stanford Business School be worried about becoming the laughingstock of Computer Science?
Because Stanford and Harvard MBAs want to get in on the ground floor at companies with exponential revenue growth. So the MBAs need to impress the companies' techie founders to get hired. That ain't gonna happen if their first response to espionage is to don their +15 Crimson Ass-Shield of the Ages and start blaming the nearest person who has no social standing to defend themselves. Credibility is all about accepting responsibility for the systems you build, and making them better when problems are found. Somebody who will stand up and say "I screwed up. Here's how. This is how much it cost. This is what we have to do to fix it." is worth their weight in gold.
Think about it this way: if they thought they could get there legitimately, why would they have needed to alter the account information in the URL?
Curiosity. People who understand web technology (as opposed to Suzy Link-Clicker) do this sort of thing all the time. It's utterly standard to make up your own URLs and see how the server responds. You can find all sorts of neat stuff, particularly things whose links have rotted away and therefore disappeared from the search engines. It's also good for vendors with poorly-indexed web stores. (I.e., most vendors.) Here is (scroll halfway down) where somebody hacked together an Amazon image URL that puts the "Search Inside" icon on top of a male underwear picture with the arrow pointing right at the bulge. Amazon surely didn't expect that, but it was neither unethical nor a security violation.
I don't think they could reasonably believe this wasn't a violation of security measures.
By definition, the only ways to violate information security are by (1) deceiving a human, (2) trespassing in person, and (3) trying random passwords/keys until one works. What about this case?
(1) There was no deception. The applicants said exactly who they were, and proved it with obscure information. (Social security number IIRC.) In fact, this is how the "violators" were identified.
(2) There was no trespass. The applicants were never present on University property.
(3) There was no random trial of passwords/keys. The applicants simply used plainly-readable information transmitted by the Univerisities, and it worked the first time. If it hadn't worked, they would not have written a program to sweep the key space.
This is Infosec 101 stuff. If you don't want somebody to have information, you program the computer not to give it to them. Hoping that they don't know how to ask for the information does not constitute security. In the real world of banking regulations and Sarbanes-Oxley, pretending that this sort of trivial obscurity was security would land you in a federal pound-me-in-the-ass prison. In the real world, somebody who can't hack URLs to find juicy info isn't qualified to get an MBA, for in their ignorance they will surely open their organization to espionage.
If my friends figured out my password to some account and violated my privacy, I'd seriously reconsider their status as my friend because it is so offensive.
How dense. The whole purpose of this "security" measure was, in fact, to keep people other than the applicant from viewing the applicant's information. That's what the pasted-in session ID proved.
Most Windows installs don't separate the Admin from the user. I know it's an option at any time during or post-install, but I'm going by defaults.
It's not an option: many essential pieces of software (older but perfectly good versions of Office) and hardware (scanners) simply will not work unless the user has Administrator privileges.
Now, how the hell does one clean [MTBE] out an aquifer?
Big-ass pumps, an air stripper to move the MTBE to the gas phase, activated charcoal to trap it temporarily, a heater to periodically drive the it off the charcoal, and something that can incinerate or trap the recondensed nasties. These systems are available commercially. It is more expensive than not leaking the nasties in the first place, but they are by no means permanent additions to the soil.
I'd also like to see the people responsible for these messes be forced to clean them up, rather than socializing the problems that capitalists created, which is what we're doing now.
They're dead and/or bankrupt. You might as well sue the Romans to abate Hadrian's Wall.
Honest question - if the data is digital, why does it matter at all? Surely it either works perfectly or doesn't work at all, so if copper works, why fiber?
When an electrical noise current flows into an audio component, it has to also flow out. The laws of physics demand it. It can flow out through:
The component's power cord (fairly harmless),
Capacitive coupling (also fairly harmless, at least for good quality equipment),
Speaker cables (some potential for mischief if it flows back into the output driver and gets demodulated),
Line-level outputs where it can be picked up by the inputs of the other components (great potential for audio noise), or
Line-level audio input cables, especially microphone inputs (great potential for audio noise)
Mind you, a well-engineered audio component will have proper shielding and noise-rejection measures so it won't matter. Unfortunately, lots of equipment is badly designed, even expensive stuff. I'm sure you have heard audible humming or buzzing from crappy equipment.
Tyan is the board you choose if you're building a serious server or high-end workstation, not something to game with.
I disagree. I play games for fun, not so I can count frame rates. Debugging the inevitable crashy game is a lot less frustrating if you know the hardware isn't flaking out on you.
A lot of people say 2 nics would be good for a firewall/router. I don't see that, either. Why not just up an external and an internal IP on one NIC and set all the other computers to the internal IP address scheme,...
What part of "firewall" are you not understanding?
What are you refering to with "top notch"? What are you looking for that you think should be better that the typical MB is lacking?
Support for ECC memory, industrial-grade capacitors that won't dry out or corrode within a few years, power converters with plenty of safety margin so they can get covered with dust and still last forever without burning up, high-speed buses with with electrical reflections and crosstalk properly taken into account so they don't crap all over my precious data, a BIOS not written by a team of psychotic crack-monkeys in a Taiwanese dungeon, proper documentation for the chips so that drivers have a chance of working correctly, proper tests at the time of manufacture so that consumers never ever see a flaky board, cooling fans with bearings that are both quiet and capable of lasting more than two years, connectors in sensible locations, connectors with enough friction that the hard drive cables don't pull loose under light pressure, and so forth.
HyperTransport certainly could connect to memory, but there are no memory modules with an HT interface, and I don't know of any memory controller chips with an HT interface either. The only HyperTransport memory controller you can get comes with an AMD processor on the same chip. It's likely to remain that way, since not many people need huge amounts of RAM.
Now, again, I'll cheat by not checking the facts, but I know that there are 3 Opteron models which support 1, 2 or 4 CPU configurations, which to me implies different pin-counts (or at least internal wiring).
That's true. The one-way chips have one HyperTransport interface, the two-way have two, and the four-way have three. Unfortunately each HT interface has only 38 pins (yes, I had to look that up;-), so even if you sacrificed two of them you wouldn't have enough pins for another memory interface. So multiple CPUs it is.
BTW, each memory bus can theoretically support up to four DIMMs. The catch is that they have to be clocked slow--PC2100 IIRC. So hardly any vendors have gone for that option.
Slashdot Mirror
That's how business works: people keep secrets to hurt you, and you try to find out without breaking the law.
Are you insane, dumb, or trolling? Every good corporation wants people who dig up strategic tidbits of information on potential business partners and use it to their advantage. For example, an employee who guesses the right URL to get a draft quarterly report a week early would be worth their weight in gold. I'm talking about the university folks who screwed up by confusing the superficial appearance of security with true security. They could have gone to their bosses and owned up to their incompetence, and presented a plan for quietly fixing the problem. Instead they have opened their organisation up to litigation by rejecting otherwise-acceptable applicants who did not violate a single contractual obligation. Far worse is that they publicized to the world the dirty little secret that admissions offices deliberately screw applicants by artifically delaying their acceptance letters. Typical unthinking MBA ass-covering.(1) There was no deception. The applicants said exactly who they were, and proved it with obscure information. (Social security number IIRC.) In fact, this is how the "violators" were identified.
(2) There was no trespass. The applicants were never present on University property.
(3) There was no random trial of passwords/keys. The applicants simply used plainly-readable information transmitted by the Univerisities, and it worked the first time. If it hadn't worked, they would not have written a program to sweep the key space.
This is Infosec 101 stuff. If you don't want somebody to have information, you program the computer not to give it to them. Hoping that they don't know how to ask for the information does not constitute security. In the real world of banking regulations and Sarbanes-Oxley, pretending that this sort of trivial obscurity was security would land you in a federal pound-me-in-the-ass prison. In the real world, somebody who can't hack URLs to find juicy info isn't qualified to get an MBA, for in their ignorance they will surely open their organization to espionage.
How dense. The whole purpose of this "security" measure was, in fact, to keep people other than the applicant from viewing the applicant's information. That's what the pasted-in session ID proved.Windows is insecure by design.
- The component's power cord (fairly harmless),
- Capacitive coupling (also fairly harmless, at least for good quality equipment),
- Speaker cables (some potential for mischief if it flows back into the output driver and gets demodulated),
- Line-level outputs where it can be picked up by the inputs of the other components (great potential for audio noise), or
- Line-level audio input cables, especially microphone inputs (great potential for audio noise)
Mind you, a well-engineered audio component will have proper shielding and noise-rejection measures so it won't matter. Unfortunately, lots of equipment is badly designed, even expensive stuff. I'm sure you have heard audible humming or buzzing from crappy equipment.I don't ask for much, really.
BTW, each memory bus can theoretically support up to four DIMMs. The catch is that they have to be clocked slow--PC2100 IIRC. So hardly any vendors have gone for that option.