I was responding to the part of your post you said:
Even if they don't index it, the URLs are still going to be accessible to anyone who can figure out the URL.
Indexing by google isn't the only way for these things to leak. For example, they could be indexed by yahoo, or msn, or just some schmoe who happens upon the wrong web page, or some concerted stalker who manually 'happens across' ALL webpages relevant to that user and picks them up.
There is, in fact, just such an option because a friend notified me about this several hours before it hit Slashdot and I checked. Go and click the 'more' menu link for a voicemail, and then click on the 'embed' option. Poof, up pops the URL.
Yeah, I saw that when checking and I guess I didn't write clearly - as far as I can tell that is only for sharing audio, not text and yet there are examples of text being handed out. I thought the sharing of audio was a bad idea, but I didn't mean to imply it wasn't being shared, I meant to imply that they should stop sharing and start explicitly copying, just like there is no user interface to share text.
If there were really a problem where random URLs made it out onto the net with no user intervention...
There is a wide chasm between intentionally publishing for all to see and "no user intrevention" - I see no explanation for the text making it out.
The obscurity in this case happens to be a random number that's at least 100 bits long if not a lot longer. Sure I could guess that, but I could guess your 128 bit symmetric cipher key too.
Don't misdirect. I didn't say one thing about guessing. You presumed it and that's PRECISELY the broken thinking that leads to failures of security like this case - nobody had to guess any of these random numbers, yet here they are for the world to see.
but the way you find out what the big long random number is is by clicking on something saying something along the lines of "I want to share this voicemail with someone."
More presumption. There is no such option in google voice - I just checked. Furthermore, it would be silly to do that for the transcriptions of the messages, just copy the actual text and email it to the 'someone' it is being shared with. No one shares regular email the way you describe, why would they for text versions of voice-mail, or really, even audio versions, it's not like such a short, low-quality audio recording is too big to send as an attachment.
This doesn't sound like a bug or leak, more like some users set up links or otherwise made their messages public.
I can't log into google voice without telling my browser to accept cookies from google. If they are going to use cookie-based authorization, then there is absolutely no excuse for handing out the data within an account to people who don't have the right cookie authorization.
Even if they don't index it, the URLs are still going to be accessible to anyone who can figure out the URL. It appears to be a classic case of security through obscurity. Obscurity as an extra layer is fine, but google voice seems to have no layers excepet for obscurity and that's a ridiculous design decision for a company as big a reptuation for technical acumen as google.
You're argument about over-time is the standard "race-to-the-bottom" complaint about capitalism. In theory, sounds obvious. In practice, it rarely works out that way. I won't argue that there is no pressure to over-achieve, but I will strongly dispute that it plays out in the way you describe with any regularity - real life factors tend to reduce that race to a snail's pace.
The main reason why most companies are headquartered in U.S. (which isn't the same as "producing" them) is because it's much more corporate-friendly than most other countries.
Depends on your definition of 'corporate-friendly' - the USA has one of the highest corporate tax rates in the world, without checking, I'd even wager it is the highest in the first world.
You can't really believe that we don't have nice houses, cars and televisions in Europe?
Yes I can.
American homes, on average, are nearly twice as large as those in many European countries, including Britain, France and Germany. Only Luxembourg comes close among European nations, with average homes about three-quarters the size of those in the United States.
Too lazy to compare average engine displacement and average number and size of televisions, but on the former I am quite sure that US is much larger, if for no other reason than the European predilection for taxation based on displacement. Televisions - well when your house is twice it stands to reason you'll have more and bigger toys to fill it up.
Working hours are ludicrous which seems to stem from the "at will" factor - people are too scared not to work those extra hours for fear of being fired.
While that certainly does occur, my experience is that it is rare - at least at the professional level, maybe less so at the burger-flipping level. That most people work overtime because they want either the extra money or to get ahead in their career (presumably to get more money). Making it illegal to work more than 48 hours seems crazy from my perspective its like that saying "the nail that stands out gets hammered down."
And the final straw is that you don't even get decent vacation time for all those hours, I get 5 weeks here and I know plenty of people who get more.
Maybe we take our vacation in a different form. Consider the american pre-occupation with big houses, nice cars, giant televisions, etc. These are all little mini-vacations that we experience everyday. Is that better than taking a month off at the end of summer and traveling to the other side of the continent? Maybe, maybe not. But I think that ignoring it is to miss a fundamental difference in the societies.
We killed smallpox outright, but every vaccine since then has been prevented from achieving its final goal through the effort of anti-vax forces of one kind or another. That's the reason I have to be against this sort of article - even the chance that it might be correct isn't worth the near-certainty that it will be another blow for vaccination in general.
Eradication isn't even close to the 'final goal' of flu vaccinations. They are only about protecting against a specific handful of strains out of thousands. maybe hundreds of thousands. This research, regardless of conclusion is not going to prevent the eradication of the flu because no one is seriously trying to do that.
And, unfortunately, after 9/11 and the anthrax hoohaw, no post office will take a package of any significant size for delivery without at least attempting to ID the sender. Of course this means they only ID law-abiding people, the malicious ones can easily circumvent the USPS procedures. But it must be working, look ma, no anthrax attacks!
On the internet, there's plenty of reason to preserve anonymity and free speech. You can't kill someone over the internet, and real criminals will always find ways around a "passport" system, they already find ways around other kinds of security.
Which, as far as Kapersky is concerned, is a business opportunity! Eliminate anonymity, and then sell products that mostly, but far from perfectly, protect against abuses of that information.
Always follow the money, it explains all corporate actions.
Now play around on that site and check out the power consumption of a 37" LCD, which has roughly the same height as my CRT, but is wide-screen. Whoops, the most efficient one is 123W.
Definitely out of date. The most efficient current model LCDs, which use LEDs as light sources, not fluorescent tubes like earlier models, are roughly 75w for a 40" display and 100w for ~55" display.
I ignored no spec - they need to go back to the customer for revision 'cause they're technically unfeasible.
Right, technically infeasible for someone with internet cojones that don't require intelligence.
I guess I COULD talk myself into believing I know what the customer wants......but then I'd suck as a tech.
You've already demonstrated that you suck as a tech. This entire thread is you showing the rest of the world your autistic compulsion to focus on one key word, "ISP," to the exclusion of everything else in the same sentence. You couldn't write your cojones rebuttal correctly (unless you intended to flame yourself) and it's not like it was a simple typo, you got the entire sense of it wrong. Just like you got this wrong starting with your first case of selective quoting. "I ignored no spec -- I just left out the half of the sentence that clarifies it..." lolz
So, then you suck as a tech since you want to read things into the specs that aren't there.
Dude, that's effing hilarious, "site to site link" is clearly in the spec. You want to ignore the spec and instead worry about trunking to the ISP, when the user doesn't care a whit about his packets being routable by the ISP.
3...2...1... initiate deliberate misunderstanding of the word routable to further protect miserable ego.
Your meaningless semantics really are meaningless - they certainly aren't details that make a difference to solving the actual problem as stated.
As someone who has done precisely what the guy asked for, as previously described with a VPN, this 'not a tech' laughs at your continued denial of the obvious.
PS, this "not a tech" has 20+ years of tcp/ip stack and other misc internals experience, he knows exactly what he's talking about. By your own demonstration in this thread, you don't.
It makes all the difference in the world. All you need is the appropriate device at each site - not at the ISP. Set up a VPN tunnel across the multiple links that terminates at the other site and you can aggregate at the packet level just like any of the site-to-ISP aggregation methods. The only case where the ISP has to support link aggregation is where it is site-to-internet-at-large, not site-to-site.
If so, the internet cojones apparently don't require intelligence.
Considering that it now appears you've been proclamating without investigating, it is quite appropriate that you would say that.
No it doesn't count. As you yourself said, all you had to do was prove you were licensed at the time of citation and the charges are dropped. Its the same thing others have already cited in this thread - if you are licensed then there is no crime to convict you of, ergo it's not illegal.
Doubt it. At least not for any current version of windows. XP supports selective acks which pretty much requires support for out of order packets to be of any use.
It seems to me that Benoit Mandelbrot's discovery of fractal math is at least as important as Buckminster Fuller's obsession with geodesics. If Fuller got "Bucky Balls," I think fractal globules really ought to be called Benoit Balls.
Wow. I'm not the AC but after that response I fully agree with him. Your use of selective quoting is amazing, you got some big-ass internet cojones to ignore the rest of the very same sentence that you quoted.
I was responding to the part of your post you said:
Even if they don't index it, the URLs are still going to be accessible to anyone who can figure out the URL.
Indexing by google isn't the only way for these things to leak. For example, they could be indexed by yahoo, or msn, or just some schmoe who happens upon the wrong web page, or some concerted stalker who manually 'happens across' ALL webpages relevant to that user and picks them up.
There is, in fact, just such an option because a friend notified me about this several hours before it hit Slashdot and I checked. Go and click the 'more' menu link for a voicemail, and then click on the 'embed' option. Poof, up pops the URL.
Yeah, I saw that when checking and I guess I didn't write clearly - as far as I can tell that is only for sharing audio, not text and yet there are examples of text being handed out. I thought the sharing of audio was a bad idea, but I didn't mean to imply it wasn't being shared, I meant to imply that they should stop sharing and start explicitly copying, just like there is no user interface to share text.
If there were really a problem where random URLs made it out onto the net with no user intervention...
There is a wide chasm between intentionally publishing for all to see and "no user intrevention" - I see no explanation for the text making it out.
The obscurity in this case happens to be a random number that's at least 100 bits long if not a lot longer. Sure I could guess that, but I could guess your 128 bit symmetric cipher key too.
Don't misdirect. I didn't say one thing about guessing. You presumed it and that's PRECISELY the broken thinking that leads to failures of security like this case - nobody had to guess any of these random numbers, yet here they are for the world to see.
but the way you find out what the big long random number is is by clicking on something saying something along the lines of "I want to share this voicemail with someone."
More presumption. There is no such option in google voice - I just checked. Furthermore, it would be silly to do that for the transcriptions of the messages, just copy the actual text and email it to the 'someone' it is being shared with. No one shares regular email the way you describe, why would they for text versions of voice-mail, or really, even audio versions, it's not like such a short, low-quality audio recording is too big to send as an attachment.
This doesn't sound like a bug or leak, more like some users set up links or otherwise made their messages public.
I can't log into google voice without telling my browser to accept cookies from google. If they are going to use cookie-based authorization, then there is absolutely no excuse for handing out the data within an account to people who don't have the right cookie authorization.
Even if they don't index it, the URLs are still going to be accessible to anyone who can figure out the URL.
It appears to be a classic case of security through obscurity.
Obscurity as an extra layer is fine, but google voice seems to have no layers excepet for obscurity and that's a ridiculous design decision for a company as big a reptuation for technical acumen as google.
You're argument about over-time is the standard "race-to-the-bottom" complaint about capitalism. In theory, sounds obvious. In practice, it rarely works out that way. I won't argue that there is no pressure to over-achieve, but I will strongly dispute that it plays out in the way you describe with any regularity - real life factors tend to reduce that race to a snail's pace.
The main reason why most companies are headquartered in U.S. (which isn't the same as "producing" them) is because it's much more corporate-friendly than most other countries.
Depends on your definition of 'corporate-friendly' - the USA has one of the highest corporate tax rates in the world, without checking, I'd even wager it is the highest in the first world.
You can't really believe that we don't have nice houses, cars and televisions in Europe?
Yes I can.
American homes, on average, are nearly twice as large as those in many European countries, including Britain, France and Germany. Only Luxembourg comes close among European nations, with average homes about three-quarters the size of those in the United States.
McMansions gain popularity despite the housing slump
Too lazy to compare average engine displacement and average number and size of televisions, but on the former I am quite sure that US is much larger, if for no other reason than the European predilection for taxation based on displacement. Televisions - well when your house is twice it stands to reason you'll have more and bigger toys to fill it up.
Working hours are ludicrous which seems to stem from the "at will" factor - people are too scared not to work those extra hours for fear of being fired.
While that certainly does occur, my experience is that it is rare - at least at the professional level, maybe less so at the burger-flipping level. That most people work overtime because they want either the extra money or to get ahead in their career (presumably to get more money). Making it illegal to work more than 48 hours seems crazy from my perspective its like that saying "the nail that stands out gets hammered down."
And the final straw is that you don't even get decent vacation time for all those hours, I get 5 weeks here and I know plenty of people who get more.
Maybe we take our vacation in a different form. Consider the american pre-occupation with big houses, nice cars, giant televisions, etc. These are all little mini-vacations that we experience everyday. Is that better than taking a month off at the end of summer and traveling to the other side of the continent? Maybe, maybe not. But I think that ignoring it is to miss a fundamental difference in the societies.
We killed smallpox outright, but every vaccine since then has been prevented from achieving its final goal through the effort of anti-vax forces of one kind or another. That's the reason I have to be against this sort of article - even the chance that it might be correct isn't worth the near-certainty that it will be another blow for vaccination in general.
Eradication isn't even close to the 'final goal' of flu vaccinations. They are only about protecting against a specific handful of strains out of thousands. maybe hundreds of thousands. This research, regardless of conclusion is not going to prevent the eradication of the flu because no one is seriously trying to do that.
Of course, it is likely that it is just another part of the extensive security theater that has been put in place since 9/11.
Bingo. Any excuse to show the citizens who is boss, even if the boss has no clothes.
Though, on the other hand, they make a good product, and just because the figurehead is a dumbass with some things doesn't take away from that fact.
Except that by buying and recommending his product you are giving him money which he will use to promote his dumbassery.
That is actually against U.S. law.
Only if you don't put a stamp on it.
And, unfortunately, after 9/11 and the anthrax hoohaw, no post office will take a package of any significant size for delivery without at least attempting to ID the sender. Of course this means they only ID law-abiding people, the malicious ones can easily circumvent the USPS procedures. But it must be working, look ma, no anthrax attacks!
On the internet, there's plenty of reason to preserve anonymity and free speech. You can't kill someone over the internet, and real criminals will always find ways around a "passport" system, they already find ways around other kinds of security.
Which, as far as Kapersky is concerned, is a business opportunity! Eliminate anonymity, and then sell products that mostly, but far from perfectly, protect against abuses of that information.
Always follow the money, it explains all corporate actions.
Now play around on that site and check out the power consumption of a 37" LCD, which has roughly the same height as my CRT, but is wide-screen. Whoops, the most efficient one is 123W.
Definitely out of date. The most efficient current model LCDs, which use LEDs as light sources, not fluorescent tubes like earlier models, are roughly 75w for a 40" display and 100w for ~55" display.
Cost me all of $30.
And the constant threat of a hernia should you ever need to move it.
I ignored no spec - they need to go back to the customer for revision 'cause they're technically unfeasible.
Right, technically infeasible for someone with internet cojones that don't require intelligence.
I guess I COULD talk myself into believing I know what the customer wants... ...but then I'd suck as a tech.
You've already demonstrated that you suck as a tech. This entire thread is you showing the rest of the world your autistic compulsion to focus on one key word, "ISP," to the exclusion of everything else in the same sentence. You couldn't write your cojones rebuttal correctly (unless you intended to flame yourself) and it's not like it was a simple typo, you got the entire sense of it wrong. Just like you got this wrong starting with your first case of selective quoting. "I ignored no spec -- I just left out the half of the sentence that clarifies it..." lolz
Probably because it stands out on the shelf, attracting more attention.
So, then you suck as a tech since you want to read things into the specs that aren't there.
Dude, that's effing hilarious, "site to site link" is clearly in the spec. You want to ignore the spec and instead worry about trunking to the ISP, when the user doesn't care a whit about his packets being routable by the ISP.
3...2...1... initiate deliberate misunderstanding of the word routable to further protect miserable ego.
Your meaningless semantics really are meaningless - they certainly aren't details that make a difference to solving the actual problem as stated.
As someone who has done precisely what the guy asked for, as previously described with a VPN, this 'not a tech' laughs at your continued denial of the obvious.
PS, this "not a tech" has 20+ years of tcp/ip stack and other misc internals experience, he knows exactly what he's talking about.
By your own demonstration in this thread, you don't.
What's funny is how you keep ignoring the original premise and want to infer based on subsequent statements
Subsequent statements in the same sentence that serve to clarify his intent.
You just keep right on denying the obvious dude, safe and warm in your little house of meaningless semantics
An ISP provides a connection to the internet, by defintion. So, "site-to-internet-at-large" is what was the topic of discussion.
That's some funny ass shit dude.
The OP said site-to-site link and you think he meant not site-to-site link!
You crack me up. Are you stoned or just high on your ego defense mechanism?
Been fighting for peace too?
Fucking for virginity maybe?
What difference does that make?
It makes all the difference in the world. All you need is the appropriate device at each site - not at the ISP. Set up a VPN tunnel across the multiple links that terminates at the other site and you can aggregate at the packet level just like any of the site-to-ISP aggregation methods. The only case where the ISP has to support link aggregation is where it is site-to-internet-at-large, not site-to-site.
If so, the internet cojones apparently don't require intelligence.
Considering that it now appears you've been proclamating without investigating, it is quite appropriate that you would say that.
No it doesn't count. As you yourself said, all you had to do was prove you were licensed at the time of citation and the charges are dropped.
Its the same thing others have already cited in this thread - if you are licensed then there is no crime to convict you of, ergo it's not illegal.
Come on dude, it's no fun if someone spells it out.
Doubt it. At least not for any current version of windows.
XP supports selective acks which pretty much requires support for out of order packets to be of any use.
It seems to me that Benoit Mandelbrot's discovery of fractal math is at least as important as Buckminster Fuller's obsession with geodesics. If Fuller got "Bucky Balls," I think fractal globules really ought to be called Benoit Balls.
Wow. I'm not the AC but after that response I fully agree with him.
Your use of selective quoting is amazing, you got some big-ass internet cojones to ignore the rest of the very same sentence that you quoted.