I happened to be watching the world series on TV when that happened. No matter what you think, they put it on upside down. Interesting fact is that the flags they were using were the two-grommet variety where you pre-thread the rope with the toggle on one end through and attach THAT to the rope on the pole. What this means is that the people attaching and raising the flag aren't to blame -- someone threaded the rope upside down ahead of time (intentionally or not).
Short answer: no. All they need to do is monitor TCP and UDP on port 53 -- the traffic is all unencrypted and is by no means deep. In fact, they have to monitor this traffic for routing purposes already, so all they really need is a blacklist that triggers a notification script (which some ISPs --including Comcast-- already have in place).
What I'm afraid of is that ISPs will use this as an excuse to crack down on running your own DNS, or using a third party DNS (such as OpenDNS or GoogleDNS or not-in-my-repressive-countryDNS).
It seems to me that when shopping for a new job, step 1 should be to create a webmail address for each employer you are serious about. Step two should be creating a custom facebook profile for that webmail address, based on what you learned about the company you're interviewing with. Like the things their employees like; try to get some employees to friend you; ramble on about things that they value.
As a bonus, when you're done you have a bunch of facebook accounts with your name -- so anyone going facebook diving without knowing your actual account won't know which one is the real you.
Or, when they ask you to log in to your facebook account, just ask "which one?" Organizations requiring background checks may not be amused, however.
You left out Song of Solomon.... When did we start thinking that avoiding discussion of primal urges was a healthy way to deal with them? This obviously was not an issue when the King James Bible was written....
This does nothing to argue why the school board and the police shouldn't have reacted as they did... you're basically saying that it's good job security.
Indeed. He's obviously against acceptance of same-sex sex. In this quote he also appears as homophobic as he appears to be phlatuphobic (and no, I'm not comparing being gay to flatus). Dislike for someone's behaviour (even if it is based on a natural drive) is not the same as being afraid of that person because of what they are or do -- which appears to be exactly what he's saying in that quote when you take out all the talk about sin, whether you agree or disagree with the position behind what he says.
Believe it or not, it's possible to believe and state that what someone does is wrong without being afraid of them. There are more than enough truly homophobic people in the world without attempting to dilute the term. I'm pretty sure Card is also against M-F sex outside of marriage. This doesn't make him afraid of 80% of the general public though, does it?
I mean school is so screwed up that when we read the Canterbury Tales, the cool tales were the ones that could not be assigned.
Well, once you understand what words like "quaint" in the Tales really mean, the tame stuff like the Wife of Bath's prologue gives way to the large amount of material that would easily be rated R were it made into a movie.... The truth is that most of the classics, if translated literally with the inclusion of innuendo present when written, would be unacceptable to many parents. That's why we've got "modernized" versions of these classics that "update" the language to something that not only removes all the original writing skill and style, but robs the text of all but the most superficial meaning.
I mean... Gawain and the Green Knight? Grimm's tales? Morte d'Artur? King James' Bible?
Literature is mostly about sex and death (or the social consequences of these). If you remove the sex, you get a very slanted perspective on life.
I think the issue here is that we used to divide the classes into "upper" and "lower", and then inserted a small "middle" area reserved for those who had the same power over the lower classes as the upper, but without the pedigree and assets.
Last century, there was a big push to expand the "middle" class to cover more of what used to be the "lower" class -- but what ended up happening is that the lower class divided into the working lower class and the destitute/homeless... and the "middle" class was joined by a "lower class borrowing from upper class to pretend to be the middle class" group.
Since then, we've actually seen the middle class shrinking, with more and more people slipping into the faux middle class without noticing it, a few slipping into the lower class via unemployment/bankruptcy, and a tiny trickle making enough money off their debt to be able to overthrow the debt, settle down, and create an endowment for upper class children to enjoy.
People these days can generally be divided as such: Those doing everything they can to survive Those working to survive Those borrowing to enjoy life Those struggling to control their assets
There are a few other outlier groups, but they're not statistically significant. The main point is, most people are kept too busy by their goals to actually enjoy their life to its fullest, or take time off to govern other people who have no desire to be governed.
So this goes back to the original issue: Easier/more lucrative in the short term to take pot shots where it may preserve your current way of life with minimal personal effort than to try and correct/direct the system.
Plus: do you really want the soccer moms controlling all levels of government?
It may be true that they make more money on poker, but it is still an easier game to beat, because you primarily fight other players and not the house.
Let's see... you can't beat the house on poker, because they skim off the top. The only time they'd lose is if nobody wins or the tables are vacant (and so they're paying tax on real estate they can't use profitably). When playing poker, you're not playing up to 50/50, because you're (usually) playing against at least 3 other people. This means that instead of being a numbers game, it's a psychology game -- are you more devious in getting other people distracted enough to part with their money than the other people at your table? This means that if you are the best con man at the table, you will likely beat the table over time... but if someone else is better than you, you'll never beat the table, even though you may have a chance win and stop playing (giving the house a cut of your winnings).
In black jack, only the most extremely skilled players under very unusual conditions can generate a positive average return based on their strategy.
...and this depends to a large amount on where you start and stop recording that average. Over your lifetime, your average return is likely in the negative except for statistical anomalies. Basically, you need to have skill, advantage, AND luck on your side.
In poker, there may be one player at every table of 10 (i.e. 10%) that shows a positive average return based on their strategy.
Exactly... and it's likely that unless they are very careful about what tables they play, over time, that average return is either negative or sum zero. You don't win big at poker without creating some very hard feelings (as it implies you've taken advantage of someone who didn't know better).
It's not about controlling the standard; it's about who holds the patents. Apple would prefer to hold the patents instead of paying ORGA and Nokia every time they use a SIM.
Indeed... especially in this case. Think about how the data was generated: the data comes from reported incidents of network compromise.
EVERY hacktivist compromise will be reported by the victim, as the hactivist group has already reported it and they have a responsibility to disclose such things.
I'd bet that most intrusions and data extractions conducted by other groups (organized crime, government special ops, industrial espionage) are never reported to Verizon, therefore they wouldn't show up in the statistics. For that matter, most of these intrusions likely go completely unnoticed. Considering we've just been finding out in the last year about intrusions that have been ongoing for TEN YEARS, who's to say how many like these are still in the "unreported" category?
Without all the rhetoric, Verizon's study is really saying that intrusions reported for political reasons are more highly reported than those that both the intruder and the victim have no desire to make public. Any other conclusions involve too much conjecture (on the same level as the RIAA losing billions to piracy) unless more data is provided.
The interesting fact about software is that it only needs to be written once.
Indeed... the continuing prevalence of Conficker shows us that. But what we're talking about here is targeted attacks using both exploits and social engineering. If I received an email containing a PDF claiming to contain the auditor's edits of Oracle's 2011 tax statement, for example, I'd probably suspect something fishy was going on. Plus, the rootkit likely wouldn't run on my computer, and the database it is attempting to gain access to sure isn't on my subnet.
The other interesting fact about software is that it only does what you tell it to.
The orders of magnitude of difficulty are to do with fooling the operator and exploiting the environment, not to do with writing the software.
Every bought a song for 99c? As for the rest, well... you wait until the system is restored. Not everywhere in the world has a "must have it now" mentality. And for those who must, there's always barter.
I don't care what sort of up sides it has. The government being able to track every last penny spent is far too frightening to even consider.
Why is that any more or any less scary than a private company being able to do exactly the same thing?
Because private companies are answerable to the government of the people, which has checks and balances to limit what the companies are allowed to get caught doing. Governments are only answerable to the people herd.... and that beast is scary by itself.
Interestingly, it's really the issuing banks who get the transaction total, not VISA. Of course, the payment authority also gets the info, and at some point all this data is likely fed back to the actual card companies from them, but there are about 5 different companies who get a copy of each processed transaction. If your card is anything but a regular card (Airmiles, Krogers, etc) then they also get the information, as well as a listing of item categories purchased, and even individual items if they've been specially marked for such. That information is then tied in to cash purchases as well where the purchase includes a loyalty card or some other presentation of identity (address, phone number, etc).
I'd love to agree, except sadly, by the law, they seem to be people.
Mind, this also makes them immortals. They're basically Highlanders, really - only way to kill them is decapitation. Upon which, if you're a fellow corporation/immortal, you steal their power.
Or would a better analogy be a guy standing in the middle of a flood, trying to stop the rushing waters by holding out his hands?
I think a better analogy would be a guy with a whip standing off to the side of a flood threatening those in the middle of it to shore up the sandbags or he'll call someone to blow up the dam upriver.
While the OnLive people should be raided by the BSA marshals by now
Copyright issues are a civil matter. Since it seems like Microsoft and OnLive are working it out, there is no reason for MS or BSA to do anything.
Copyright issues haven't been just a civil matter in the US for years now. Copyright infringement is a federal crime against the state, AS WELL as being a civil matter.
This requires there to be no code that loads before the code that locks down the OS. UEFI Secure Boot is part way there, but there's still the option to write to keyboard/video memory and persist across a reboot, then automatically enter an insecure mode, install the rogue bootloader, and then load the expected OS on top, applying the appropriate secure patches as if the software was an external user.
As long as we've got buggy code, input devices and device drivers, there will be ways of shoehorning a bootkit onto a piece of hardware.
Of course, considering how doing this is orders of magnitude harder in effort spent than just fooling the operator into letting the software run, it will continue to mostly be done for industrial espionage/targeted reasons, not for adding home users to an uberbotnet.
I happened to be watching the world series on TV when that happened. No matter what you think, they put it on upside down. Interesting fact is that the flags they were using were the two-grommet variety where you pre-thread the rope with the toggle on one end through and attach THAT to the rope on the pole. What this means is that the people attaching and raising the flag aren't to blame -- someone threaded the rope upside down ahead of time (intentionally or not).
Short answer: no.
All they need to do is monitor TCP and UDP on port 53 -- the traffic is all unencrypted and is by no means deep. In fact, they have to monitor this traffic for routing purposes already, so all they really need is a blacklist that triggers a notification script (which some ISPs --including Comcast-- already have in place).
What I'm afraid of is that ISPs will use this as an excuse to crack down on running your own DNS, or using a third party DNS (such as OpenDNS or GoogleDNS or not-in-my-repressive-countryDNS).
Ref: http://cculc.ccu.edu.tw/pdf/paper.pdf
And here I thought that the whole German invasion of Poland was to confiscate the T-shirts they were printing with the encryption key on them....
It seems to me that when shopping for a new job, step 1 should be to create a webmail address for each employer you are serious about.
Step two should be creating a custom facebook profile for that webmail address, based on what you learned about the company you're interviewing with. Like the things their employees like; try to get some employees to friend you; ramble on about things that they value.
As a bonus, when you're done you have a bunch of facebook accounts with your name -- so anyone going facebook diving without knowing your actual account won't know which one is the real you.
Or, when they ask you to log in to your facebook account, just ask "which one?"
Organizations requiring background checks may not be amused, however.
There's already software available to do this... you can often see such "hotspots" show up in coffee shops, etc.
You left out Song of Solomon....
When did we start thinking that avoiding discussion of primal urges was a healthy way to deal with them? This obviously was not an issue when the King James Bible was written....
This does nothing to argue why the school board and the police shouldn't have reacted as they did... you're basically saying that it's good job security.
Indeed.
He's obviously against acceptance of same-sex sex.
In this quote he also appears as homophobic as he appears to be phlatuphobic (and no, I'm not comparing being gay to flatus).
Dislike for someone's behaviour (even if it is based on a natural drive) is not the same as being afraid of that person because of what they are or do -- which appears to be exactly what he's saying in that quote when you take out all the talk about sin, whether you agree or disagree with the position behind what he says.
Believe it or not, it's possible to believe and state that what someone does is wrong without being afraid of them. There are more than enough truly homophobic people in the world without attempting to dilute the term. I'm pretty sure Card is also against M-F sex outside of marriage. This doesn't make him afraid of 80% of the general public though, does it?
I mean school is so screwed up that when we read the Canterbury Tales, the cool tales were the ones that could not be assigned.
Well, once you understand what words like "quaint" in the Tales really mean, the tame stuff like the Wife of Bath's prologue gives way to the large amount of material that would easily be rated R were it made into a movie.... The truth is that most of the classics, if translated literally with the inclusion of innuendo present when written, would be unacceptable to many parents. That's why we've got "modernized" versions of these classics that "update" the language to something that not only removes all the original writing skill and style, but robs the text of all but the most superficial meaning.
I mean... Gawain and the Green Knight? Grimm's tales? Morte d'Artur? King James' Bible?
Literature is mostly about sex and death (or the social consequences of these). If you remove the sex, you get a very slanted perspective on life.
I think the issue here is that we used to divide the classes into "upper" and "lower", and then inserted a small "middle" area reserved for those who had the same power over the lower classes as the upper, but without the pedigree and assets.
Last century, there was a big push to expand the "middle" class to cover more of what used to be the "lower" class -- but what ended up happening is that the lower class divided into the working lower class and the destitute/homeless... and the "middle" class was joined by a "lower class borrowing from upper class to pretend to be the middle class" group.
Since then, we've actually seen the middle class shrinking, with more and more people slipping into the faux middle class without noticing it, a few slipping into the lower class via unemployment/bankruptcy, and a tiny trickle making enough money off their debt to be able to overthrow the debt, settle down, and create an endowment for upper class children to enjoy.
People these days can generally be divided as such:
Those doing everything they can to survive
Those working to survive
Those borrowing to enjoy life
Those struggling to control their assets
There are a few other outlier groups, but they're not statistically significant. The main point is, most people are kept too busy by their goals to actually enjoy their life to its fullest, or take time off to govern other people who have no desire to be governed.
So this goes back to the original issue: Easier/more lucrative in the short term to take pot shots where it may preserve your current way of life with minimal personal effort than to try and correct/direct the system.
Plus: do you really want the soccer moms controlling all levels of government?
It may be true that they make more money on poker, but it is still an easier game to beat, because you primarily fight other players and not the house.
Let's see... you can't beat the house on poker, because they skim off the top. The only time they'd lose is if nobody wins or the tables are vacant (and so they're paying tax on real estate they can't use profitably).
When playing poker, you're not playing up to 50/50, because you're (usually) playing against at least 3 other people. This means that instead of being a numbers game, it's a psychology game -- are you more devious in getting other people distracted enough to part with their money than the other people at your table? This means that if you are the best con man at the table, you will likely beat the table over time... but if someone else is better than you, you'll never beat the table, even though you may have a chance win and stop playing (giving the house a cut of your winnings).
In black jack, only the most extremely skilled players under very unusual conditions can generate a positive average return based on their strategy.
In poker, there may be one player at every table of 10 (i.e. 10%) that shows a positive average return based on their strategy.
Exactly... and it's likely that unless they are very careful about what tables they play, over time, that average return is either negative or sum zero. You don't win big at poker without creating some very hard feelings (as it implies you've taken advantage of someone who didn't know better).
So what's it like working for the IRS?
It's not about controlling the standard; it's about who holds the patents. Apple would prefer to hold the patents instead of paying ORGA and Nokia every time they use a SIM.
Indeed... especially in this case.
Think about how the data was generated: the data comes from reported incidents of network compromise.
EVERY hacktivist compromise will be reported by the victim, as the hactivist group has already reported it and they have a responsibility to disclose such things.
I'd bet that most intrusions and data extractions conducted by other groups (organized crime, government special ops, industrial espionage) are never reported to Verizon, therefore they wouldn't show up in the statistics. For that matter, most of these intrusions likely go completely unnoticed. Considering we've just been finding out in the last year about intrusions that have been ongoing for TEN YEARS, who's to say how many like these are still in the "unreported" category?
Without all the rhetoric, Verizon's study is really saying that intrusions reported for political reasons are more highly reported than those that both the intruder and the victim have no desire to make public. Any other conclusions involve too much conjecture (on the same level as the RIAA losing billions to piracy) unless more data is provided.
The interesting fact about software is that it only needs to be written once.
Indeed... the continuing prevalence of Conficker shows us that. But what we're talking about here is targeted attacks using both exploits and social engineering. If I received an email containing a PDF claiming to contain the auditor's edits of Oracle's 2011 tax statement, for example, I'd probably suspect something fishy was going on. Plus, the rootkit likely wouldn't run on my computer, and the database it is attempting to gain access to sure isn't on my subnet.
The other interesting fact about software is that it only does what you tell it to.
The orders of magnitude of difficulty are to do with fooling the operator and exploiting the environment, not to do with writing the software.
Every bought a song for 99c?
As for the rest, well... you wait until the system is restored. Not everywhere in the world has a "must have it now" mentality.
And for those who must, there's always barter.
Everyone else uses cheques.
I don't care what sort of up sides it has. The government being able to track every last penny spent is far too frightening to even consider.
Why is that any more or any less scary than a private company being able to do exactly the same thing?
Because private companies are answerable to the government of the people, which has checks and balances to limit what the companies are allowed to get caught doing. Governments are only answerable to the people herd.... and that beast is scary by itself.
...which is where loyalty cards come in.
Interestingly, it's really the issuing banks who get the transaction total, not VISA. Of course, the payment authority also gets the info, and at some point all this data is likely fed back to the actual card companies from them, but there are about 5 different companies who get a copy of each processed transaction. If your card is anything but a regular card (Airmiles, Krogers, etc) then they also get the information, as well as a listing of item categories purchased, and even individual items if they've been specially marked for such. That information is then tied in to cash purchases as well where the purchase includes a loyalty card or some other presentation of identity (address, phone number, etc).
I'd love to agree, except sadly, by the law, they seem to be people.
Mind, this also makes them immortals. They're basically Highlanders, really - only way to kill them is decapitation. Upon which, if you're a fellow corporation/immortal, you steal their power.
Surely they're Highlander Hydras?
Or would a better analogy be a guy standing in the middle of a flood, trying to stop the rushing waters by holding out his hands?
I think a better analogy would be a guy with a whip standing off to the side of a flood threatening those in the middle of it to shore up the sandbags or he'll call someone to blow up the dam upriver.
While the OnLive people should be raided by the BSA marshals by now
Copyright issues are a civil matter. Since it seems like Microsoft and OnLive are working it out, there is no reason for MS or BSA to do anything.
Copyright issues haven't been just a civil matter in the US for years now. Copyright infringement is a federal crime against the state, AS WELL as being a civil matter.
I don't tend to pick people's nits unless they are tied to misconceptions that cause loss of freedom if they're accepted as true.
This requires there to be no code that loads before the code that locks down the OS. UEFI Secure Boot is part way there, but there's still the option to write to keyboard/video memory and persist across a reboot, then automatically enter an insecure mode, install the rogue bootloader, and then load the expected OS on top, applying the appropriate secure patches as if the software was an external user.
As long as we've got buggy code, input devices and device drivers, there will be ways of shoehorning a bootkit onto a piece of hardware.
Of course, considering how doing this is orders of magnitude harder in effort spent than just fooling the operator into letting the software run, it will continue to mostly be done for industrial espionage/targeted reasons, not for adding home users to an uberbotnet.