I will never understand why open source enthusiasts get so angry when Microsoft starts giving things away for free. Has anyone ever stopped to think that this antitrust thing is the reason windows is such an underpowered POS? Maybe this is why they aren't able to give away decent developer tools, standardized antivirus, or a decent package management system.
Mircosoft does a lot of bad things, but giving away software is not one of them. Their competitors (various open source projects) give away much higher quality code for free. Every time Microsoft tries to add a new feature, they get their asses sued off by every company that hacked in that new feature before, and are now charging ridiculous amounts of money for it.
I dislike Microsoft because they do not play well with standards bodies. I think that's lame, and they need to learn their place. On the other hand, if they actually started shipping a fully featured OS where I didn't have to pay a ton of money for all the additional bell and whistles, I would seriously consider switching to windows.
My problem is that it often goes beyond what is just "trivial". Many (most that I have seen) wikipedia editors end up getting a huge power fix on being able to decide what knowledge does and does not belong in the human knowledge base.
For example, until VERY recently, there were no mentions anywhere on wikipedia that there was any controversy on what happened on 9-11. I came to wikipedia to get my facts straight, but instead, everything was one sided. Everything that got added mentioning the existence of the controversy got immediately deleted as conspiracy theorist nonsense, even though there are huge articles on things like Roswell and Bigfoot.
Also notice, there is no mention of the GNAA on wikipedia. There are mentions of less significant groups that are far more sketchy, and also many pages about less significant hacker groups from history, as well as many pages for other groups with initials GNAA, even though when you search google, the troll group is far more relevant. The fact is that they trolled wikipedia, pissed off some editors, and the editors decided to take it upon themselves to will the group out of existence.
The worst kind of censorship comes from groups that claim that their goal is freedom of information.
Old people get all the grant money anyway. There are many things that require decades of rigorous work to get right, but coming up with radically fresh ideas is not one of them.
I imagine that this could work if it was more like a generalized version of google's summer of code. High school and undergrads for the most part love that competitive stimulus. They need to worry less about the problems given to them by their teachers and professors, and start looking at the cutting edge problems facing the world.
Also, as much as I love being a young researcher, going on caffeine binges, and flying around the world giving talks, by the time I'm 30, I better damn well be settled into a relaxed career so I can start a family. That doesn't mean that I am not going to still be working on some ground breaking research, but I sure as hell hope to be worrying about more important things by then.
How about you try and find an admin that has a decent understanding of security that will work for 40k. I have actually looked at working security for some government facilities, but I can make 2 or 3 times as much working in industry. Maybe if they cut down a bit on the ridiculously overpriced contracts, they would be able to pay their in house people decent wages.
Whatever technologies that companies are using to look for people are incredibly sketchy. I have received 6 threatening letters from the MPAA. Four of them were legitimate (overbugeted hollywood crap anyway), but two of them were completely bogus. When I got my second completely bogus threat, I attempted to track this company down.
It turns out that between the time when the alleged sharing occured, and when I got the letter, the company had changed names 3 times (or there were a large number of dummy companies that had contracted eachother out or something, it is really hard to tell the difference in these situations). When I finally tracked down a phone number for the building that these guys were supposedly working in, I called it. A machine picked up (customized with the name of the company and everything), but no one was in and the voicemailboxes on every extension were full.
Just take a look at the Media Defender leaks. These companies are often engaged in illegal activity, from fraud to extortion. They are not an industry that you want to trust to give you accurate information. These people have nothing to gain by making their scanners have more accurate results, they just want to see more results, so of course you should be able to assess their techniques (especially their source code) to make sure everything is in order.
You do realize that if his row had already boarded, he could just simply walk on right? The only one made any later is him.
Loading the front rows first is absolutely ridiculous. While rows 1-5 fumble around trying to cram their stuff in the overhead compartments, rows 6-10 just have to wait until they figure it out, then they get to fumble around with their overhead compartments while 11-15 are blocked. If you load from the back first, people can fumble with their luggage all at the same time, and no isles ever get blocked in the process. It's just common sense, and I am very glad that I am not the only one that is dumbfounded every time they see this. I do, however, think it's funny that someone managed to get this published in nature:-)
Re:Get off the security high horse.
on
Gmail CAPTCHA Cracked
·
· Score: 5, Insightful
For syn floods, what do you think would be more effective.. a windows desktop machine on a comcast line, or a collocated linux server?
Lurk around undernet for a while. A large majority of botnet sales that I have seen have been comprised mostly of cracked linux webservers. Why write a worm to harvest windows machines when you can google for as much power as you need?
It might be fun to set the value of the patent to the largest bid that someone has offered to pay for it.
If a company wants it, they could offer to buy it. If the current owner sells it, then they have made some money. If not, then they have to start paying more money to keep it out of the public domain. This would definitely kill patent trolls. The longer a patent exists, the more it would cost to keep out of public domain. This also gives the public a good way to buy useful patents (think batteries) into public domain. If people pool enough money together, they could make it very expensive for large corporations to hold onto their patents.
Pakistan is not some barbarian super religious country living in the dark ages. Yes, Pakistan was for a long time ruled by an oppressive religious party, but just in the past few days they have been voted out of power. Yes there are many supporters of the old ways, but a VAST majority of people in the country want to move forwards and join the world.
Maybe I am a bit tired, but this whole thread feels surreal to me. Half of the thread is way off topic talking about how awesome it would be if circumcision was outlawed, and the other half is perpetuating racist and highly offensive stereotypes. Did the GNAA just get massive modpoints or something? Is this some sort of joke? This whole thread is just highly disturbing to me.
I can't imagine SAP's websphere/java using userbase being enthused with the next SAP release being C# only
I think this is the largest reason why Microsoft is doomed to fail if they don't get their act together. They require a massive corporate lockin with all of their products, and there is a much smaller pool of startups doing creative things with.NET
Even yahoo has acquired many companies that operate outside of the "Microsoft bubble". Microsoft would stumble in a huge way if they tried converting all of yahoo's acquisitions into pure.NET environments, and that would likely require them flushing out a majority of the old programmers, and getting new ones, which sort of adds bloat and eliminates the whole point.
Advice to microsoft: * Learn to play nice with standards that already exist instead of wasting money creating your own. * Stop trying to sell software, move to a pure subscription model. * Make sure.NET integrates well with java. * Make sure linux and OSX machines can integrate well into Microsoft environments. * If you actually sit down and talk with apple, yahoo, google, sun, etc, I am sure they would be perfectly willing to cut you in to how they are revolutionizing information. You need to learn your place and stop pretending like you can take them all on at once. Your biggest weakness is that you do not know how to operate in your own market any more.
If Microsoft does all of those things, they have a chance of surviving the next 10 years. I really want to see them succeed because I love the progress Microsoft research is making in the fields of virtualization and compiler theory. Stuff coming out of Microsoft research is pretty cool, but their marketing department is killing them.
The reason slashdot is going to hell is because you don't use your modpoints properly. If we mod down people who say stupid shit, they lose karma, which makes their posts less visible, and gives them less of a chance to mod up stupid shit.
Slashdot is not getting worse, it is just changing to fit the users.
As Orwellian as this is, it is schools and parents trying to lock me out that taught me how to root machines and bounce through various firewall configurations.
I figure that when I have a kid, I am going to start locking them out slowly when they are about 5, and then start locking them out slowly so it becomes a full blown arms race by the time they are 10-12. Those are always fun.
Actually on topic though, at my work we recently had a similar problem. Without giving too much away, I am working on securing an embedded consumer device that is targeted mainly for elderly people that might have Alzheimer's. The solution was thumb prints. Smartcards were also considered, but then there is always the chance that they will lose them, or just leave them next to the device.
Open source does not mean "never being obsolete". It just means that issues get fixed according to the priorities of the users instead of the priorities of the customers. If there is some terrible memory leak, and no one cares enough to fix it, then it really isn't a big deal is it? The top developers on the project are able to work to push the project forward, and anyone feeling nit picky can clean up the mess they leave behind.
I know that's a joke, but it does show a good point. Crypto is not just about math. The math behind RSA is pretty sound, but it is pretty hard to get TLS right.
If you have never connected to a machine before, how do you know it is the machine that you want? This applies to wireless access points, as much as it does to any other service over the internet. You can force people to get their stuff signed by some trusted root keys, but then it becomes prohibitively expensive for the home users to set up their own services.
You could start supporting trusted roots that will sign keys for free, but then it is really hard to make sure that the free service is properly checking the credentials of everyone that submits keys to them, and you never really know how secure those root keys really are.
You could also just support connecting to unsigned services, but then that opens many possibilities for man in the middle style attacks, especially if the attacker is able to downgrade the crypto during the initial handshake.
I think the most difficult thing about all of this, is how do you communicate this information to a typical user. PKI is pretty complicated, and if you just lock the service out every time there is a hiccup in the exchange, most users will just get aggravated, and use a different product (as an example, see vista's new security warnings). If you are too lax about what you allow, you put users at risk.
No matter where on the spectrum a vendor lands, attacks are possible.
I think it would be fun if the US had some sort of regulating body that would create a set of 20 or so certifications for each type of market in business. Small companies would not necessarily need to get certified, but there could be tax related incentives for large companies to be certified.
For example, a mining company could not also be a railroad company (the classic steel monopolies). Likewise, a company certified as an ISP could not also get certified as a media distribution company. Also, if one company starts to encroach on a market that is not their own, they would risk losing their certification. Companies could still function without certification, but they would lose certain perks related to the market they want to operate in.
You could also enforce rules, such as net neutrality on government owned fiber. That way, ISPs still retain their property rights to tamper with people's data (we do route over their machines), but then the government would be able to revoke their certification. This would allow customers to know which companies play nice without having to dig through a ton of information themselves.
I think this model has the potential to greatly simplify the tax code, and corporate law, while increasing customer awareness of sketchy business practices.
Haha, probably for the better:-) There is not really much in my post that can really be replied to. Anyway, I have the upper hand here since I knew all your views pretty well to begin with.
I'm sure you hear this stuff all the time, but I just wanted to re enforce that there are sane people out there who fight for free software, and disagree with the methods of RMS. Thanks for reading:-)
I for one think the recent political actions of China are infinitely interesting. While we have been obsessing over fuelling our cars, they have been perfecting the art of information warfare, and they have done pretty well for themselves:-)
When I worked as head security analyst for my university, every day I fended off attacks from various kids in eastern Europe and Brazil etc. They used basic exploits (poorly), and left logs everywhere, so they were never that much trouble to track down. Every time I get the chance to talk to someone in the military, or ex=military, I ask them about titan rain, and the stories are always the same.
They bust through network appliances as if they were nothing, land minimal amounts of code on systems they pass through, take what they want, and leave. Of course, this is what any skilled hacker looks like, but the level of persistence, agility, and discipline these people demonstrate boggles the mind. These people do not get excited, do not get distracted, and do not take breaks.
In general, American hackers are much more concerned about the lulz. Even the ones that do jobs for CIA, NSA etc just do it for fun. They are damn good at it, but the US is far from having cyber assault teams at the level of the Chinese military.
Disclaimer: Many of my impressions are from strangers, and friends of friends etc. These are all just rumours. Some might be exaggerations, some might be lies.
Slashdot Mirror
I will never understand why open source enthusiasts get so angry when Microsoft starts giving things away for free. Has anyone ever stopped to think that this antitrust thing is the reason windows is such an underpowered POS? Maybe this is why they aren't able to give away decent developer tools, standardized antivirus, or a decent package management system.
Mircosoft does a lot of bad things, but giving away software is not one of them. Their competitors (various open source projects) give away much higher quality code for free. Every time Microsoft tries to add a new feature, they get their asses sued off by every company that hacked in that new feature before, and are now charging ridiculous amounts of money for it.
I dislike Microsoft because they do not play well with standards bodies. I think that's lame, and they need to learn their place. On the other hand, if they actually started shipping a fully featured OS where I didn't have to pay a ton of money for all the additional bell and whistles, I would seriously consider switching to windows.
My problem is that it often goes beyond what is just "trivial". Many (most that I have seen) wikipedia editors end up getting a huge power fix on being able to decide what knowledge does and does not belong in the human knowledge base.
For example, until VERY recently, there were no mentions anywhere on wikipedia that there was any controversy on what happened on 9-11. I came to wikipedia to get my facts straight, but instead, everything was one sided. Everything that got added mentioning the existence of the controversy got immediately deleted as conspiracy theorist nonsense, even though there are huge articles on things like Roswell and Bigfoot.
Also notice, there is no mention of the GNAA on wikipedia. There are mentions of less significant groups that are far more sketchy, and also many pages about less significant hacker groups from history, as well as many pages for other groups with initials GNAA, even though when you search google, the troll group is far more relevant. The fact is that they trolled wikipedia, pissed off some editors, and the editors decided to take it upon themselves to will the group out of existence.
The worst kind of censorship comes from groups that claim that their goal is freedom of information.
Old people get all the grant money anyway. There are many things that require decades of rigorous work to get right, but coming up with radically fresh ideas is not one of them.
I imagine that this could work if it was more like a generalized version of google's summer of code. High school and undergrads for the most part love that competitive stimulus. They need to worry less about the problems given to them by their teachers and professors, and start looking at the cutting edge problems facing the world.
Also, as much as I love being a young researcher, going on caffeine binges, and flying around the world giving talks, by the time I'm 30, I better damn well be settled into a relaxed career so I can start a family. That doesn't mean that I am not going to still be working on some ground breaking research, but I sure as hell hope to be worrying about more important things by then.
How about you try and find an admin that has a decent understanding of security that will work for 40k. I have actually looked at working security for some government facilities, but I can make 2 or 3 times as much working in industry. Maybe if they cut down a bit on the ridiculously overpriced contracts, they would be able to pay their in house people decent wages.
Whatever technologies that companies are using to look for people are incredibly sketchy. I have received 6 threatening letters from the MPAA. Four of them were legitimate (overbugeted hollywood crap anyway), but two of them were completely bogus. When I got my second completely bogus threat, I attempted to track this company down.
It turns out that between the time when the alleged sharing occured, and when I got the letter, the company had changed names 3 times (or there were a large number of dummy companies that had contracted eachother out or something, it is really hard to tell the difference in these situations). When I finally tracked down a phone number for the building that these guys were supposedly working in, I called it. A machine picked up (customized with the name of the company and everything), but no one was in and the voicemailboxes on every extension were full.
Just take a look at the Media Defender leaks. These companies are often engaged in illegal activity, from fraud to extortion. They are not an industry that you want to trust to give you accurate information. These people have nothing to gain by making their scanners have more accurate results, they just want to see more results, so of course you should be able to assess their techniques (especially their source code) to make sure everything is in order.
Yet another profession that works out much better as a hobby :-)
You do realize that if his row had already boarded, he could just simply walk on right? The only one made any later is him.
:-)
Loading the front rows first is absolutely ridiculous. While rows 1-5 fumble around trying to cram their stuff in the overhead compartments, rows 6-10 just have to wait until they figure it out, then they get to fumble around with their overhead compartments while 11-15 are blocked. If you load from the back first, people can fumble with their luggage all at the same time, and no isles ever get blocked in the process. It's just common sense, and I am very glad that I am not the only one that is dumbfounded every time they see this. I do, however, think it's funny that someone managed to get this published in nature
.. with blackjack, and hookers!
For syn floods, what do you think would be more effective.. a windows desktop machine on a comcast line, or a collocated linux server?
Lurk around undernet for a while. A large majority of botnet sales that I have seen have been comprised mostly of cracked linux webservers. Why write a worm to harvest windows machines when you can google for as much power as you need?
It might be fun to set the value of the patent to the largest bid that someone has offered to pay for it.
If a company wants it, they could offer to buy it. If the current owner sells it, then they have made some money. If not, then they have to start paying more money to keep it out of the public domain. This would definitely kill patent trolls. The longer a patent exists, the more it would cost to keep out of public domain. This also gives the public a good way to buy useful patents (think batteries) into public domain. If people pool enough money together, they could make it very expensive for large corporations to hold onto their patents.
This article was written by PLOS http://en.wikipedia.org/wiki/PLOS
HUGE anti-psychiatry agenda http://en.wikipedia.org/wiki/Anti-psychiatry
Irving Kirsch (the lead author) is very much the super hero of Scientology
What the hell is wrong with everyone?
Pakistan is not some barbarian super religious country living in the dark ages. Yes, Pakistan was for a long time ruled by an oppressive religious party, but just in the past few days they have been voted out of power. Yes there are many supporters of the old ways, but a VAST majority of people in the country want to move forwards and join the world.
Maybe I am a bit tired, but this whole thread feels surreal to me. Half of the thread is way off topic talking about how awesome it would be if circumcision was outlawed, and the other half is perpetuating racist and highly offensive stereotypes. Did the GNAA just get massive modpoints or something? Is this some sort of joke? This whole thread is just highly disturbing to me.
I can't imagine SAP's websphere/java using userbase being enthused with the next SAP release being C# only
.NET
.NET environments, and that would likely require them flushing out a majority of the old programmers, and getting new ones, which sort of adds bloat and eliminates the whole point.
.NET integrates well with java.
I think this is the largest reason why Microsoft is doomed to fail if they don't get their act together. They require a massive corporate lockin with all of their products, and there is a much smaller pool of startups doing creative things with
Even yahoo has acquired many companies that operate outside of the "Microsoft bubble". Microsoft would stumble in a huge way if they tried converting all of yahoo's acquisitions into pure
Advice to microsoft:
* Learn to play nice with standards that already exist instead of wasting money creating your own.
* Stop trying to sell software, move to a pure subscription model.
* Make sure
* Make sure linux and OSX machines can integrate well into Microsoft environments.
* If you actually sit down and talk with apple, yahoo, google, sun, etc, I am sure they would be perfectly willing to cut you in to how they are revolutionizing information. You need to learn your place and stop pretending like you can take them all on at once. Your biggest weakness is that you do not know how to operate in your own market any more.
If Microsoft does all of those things, they have a chance of surviving the next 10 years. I really want to see them succeed because I love the progress Microsoft research is making in the fields of virtualization and compiler theory. Stuff coming out of Microsoft research is pretty cool, but their marketing department is killing them.
Almost everything you buy in second life is purely cosmetic, and that model seems to be working well.
The reason slashdot is going to hell is because you don't use your modpoints properly. If we mod down people who say stupid shit, they lose karma, which makes their posts less visible, and gives them less of a chance to mod up stupid shit.
Slashdot is not getting worse, it is just changing to fit the users.
As Orwellian as this is, it is schools and parents trying to lock me out that taught me how to root machines and bounce through various firewall configurations.
I figure that when I have a kid, I am going to start locking them out slowly when they are about 5, and then start locking them out slowly so it becomes a full blown arms race by the time they are 10-12. Those are always fun.
Actually on topic though, at my work we recently had a similar problem. Without giving too much away, I am working on securing an embedded consumer device that is targeted mainly for elderly people that might have Alzheimer's. The solution was thumb prints. Smartcards were also considered, but then there is always the chance that they will lose them, or just leave them next to the device.
average thickness vs thickness in the center
Open source does not mean "never being obsolete". It just means that issues get fixed according to the priorities of the users instead of the priorities of the customers. If there is some terrible memory leak, and no one cares enough to fix it, then it really isn't a big deal is it? The top developers on the project are able to work to push the project forward, and anyone feeling nit picky can clean up the mess they leave behind.
I know that's a joke, but it does show a good point. Crypto is not just about math. The math behind RSA is pretty sound, but it is pretty hard to get TLS right.
If you have never connected to a machine before, how do you know it is the machine that you want? This applies to wireless access points, as much as it does to any other service over the internet. You can force people to get their stuff signed by some trusted root keys, but then it becomes prohibitively expensive for the home users to set up their own services.
You could start supporting trusted roots that will sign keys for free, but then it is really hard to make sure that the free service is properly checking the credentials of everyone that submits keys to them, and you never really know how secure those root keys really are.
You could also just support connecting to unsigned services, but then that opens many possibilities for man in the middle style attacks, especially if the attacker is able to downgrade the crypto during the initial handshake.
I think the most difficult thing about all of this, is how do you communicate this information to a typical user. PKI is pretty complicated, and if you just lock the service out every time there is a hiccup in the exchange, most users will just get aggravated, and use a different product (as an example, see vista's new security warnings). If you are too lax about what you allow, you put users at risk.
No matter where on the spectrum a vendor lands, attacks are possible.
No, but I do play upsidedownternet on the neighbors that connect to my wireless :-)
I think it would be fun if the US had some sort of regulating body that would create a set of 20 or so certifications for each type of market in business. Small companies would not necessarily need to get certified, but there could be tax related incentives for large companies to be certified.
For example, a mining company could not also be a railroad company (the classic steel monopolies). Likewise, a company certified as an ISP could not also get certified as a media distribution company. Also, if one company starts to encroach on a market that is not their own, they would risk losing their certification. Companies could still function without certification, but they would lose certain perks related to the market they want to operate in.
You could also enforce rules, such as net neutrality on government owned fiber. That way, ISPs still retain their property rights to tamper with people's data (we do route over their machines), but then the government would be able to revoke their certification. This would allow customers to know which companies play nice without having to dig through a ton of information themselves.
I think this model has the potential to greatly simplify the tax code, and corporate law, while increasing customer awareness of sketchy business practices.
"Funny isn't it? The human was impervious to our most powerful magnetic fields, yet in the end, he succumbed to a harmless sharpened stick."
- Chapek 9 robot general
Without me, my nmap is useless!
Without my nmap, I am useless!
Haha, probably for the better :-) There is not really much in my post that can really be replied to. Anyway, I have the upper hand here since I knew all your views pretty well to begin with.
:-)
I'm sure you hear this stuff all the time, but I just wanted to re enforce that there are sane people out there who fight for free software, and disagree with the methods of RMS. Thanks for reading
I for one think the recent political actions of China are infinitely interesting. While we have been obsessing over fuelling our cars, they have been perfecting the art of information warfare, and they have done pretty well for themselves :-)
When I worked as head security analyst for my university, every day I fended off attacks from various kids in eastern Europe and Brazil etc. They used basic exploits (poorly), and left logs everywhere, so they were never that much trouble to track down. Every time I get the chance to talk to someone in the military, or ex=military, I ask them about titan rain, and the stories are always the same.
They bust through network appliances as if they were nothing, land minimal amounts of code on systems they pass through, take what they want, and leave. Of course, this is what any skilled hacker looks like, but the level of persistence, agility, and discipline these people demonstrate boggles the mind. These people do not get excited, do not get distracted, and do not take breaks.
In general, American hackers are much more concerned about the lulz. Even the ones that do jobs for CIA, NSA etc just do it for fun. They are damn good at it, but the US is far from having cyber assault teams at the level of the Chinese military.
Disclaimer: Many of my impressions are from strangers, and friends of friends etc. These are all just rumours. Some might be exaggerations, some might be lies.