yeah but that's $49.99 (per year!), and if it survives formatting, it probably does that by rootkiting the box to some degree, and "We're sorry, the Computrace LoJack for Laptops self-management site does not support the web browser you are currently using." (firefox 2.0.0.1). icky.
why doesn't someone do a 'phone home' laptop insurance program that provides tracking information just like this? (privacy issues aside (until the first reply to this comment; see below)).
It could be nicely open sourced, and run via a p2p network to distribute the load for the tracking servers. Obviously a lot of details would have to be worked out to avoid abuse, but it could be as simple as sending an "I'm here" message encrypted with a dedicated private key to the p2p network. The person who wants to track their stolen goods just pops the public key (stored on a CD/usb stick/online, generated on install) into the network and it comes back with the last known location. No?
I don't know about you, but I'd love to see some pictures of this "Florida" place.. I mean, if the shuttle has actually landed there safely, are the astronauts going to finally walk on the surface of florida? Are they taking samples back to earth? This is truly a historic day.. the first steps on the alien soil of "florida"...
normally, I use "restoration"; it's a great application to recover deleted files. It supports all MS operating systems and all MS filesystems, it's small, free and required no installation so you can run it from a floppy, which is nice. I never had any problems with it on various HDDs, USBs, SD cards and XD cards - until: My USB thumbdrive generated the following error in windows "The drive is not formatted" - oh bugger. But after trying many different applications (and buggering the drive further in the process - it ended up not even recognising that there wa drive there at all), I found PC Inspector File Recovery, which did manage to recover all my files. I still stick with Restoration for most of my needs - it's a cleaner looking app, but if/when it fails, I look to PCiFR. The reason I don't use PCiFR all the time? As I said, I don't like the interface, you have to install it (and if you install something on the drive that you need to recover data from, you run the risk of overwriting the data) and Restoration is small. They're both free.
The blog posting doesn't offer any insight into *why* they're stopping the service. I understand that there are only a few hundred users, but surely google can afford to keep running the site; if it's useful for those people then why not keep it?
Laptops always were pretty much disposable; when was the last time you upgraded your laptop? It's too much hassle/cost/risk. We just deal with slow outdated laptops untill they're too slow and outdated, then we bin them or give them away. What's changed?
I like your eco-friendly remark. There'll be a market for wooden laptops and hemp carry cases soon. (cue futurama references: wooden bender).
hmm. this might work. I have some firsthand experience with spam on several different sites. They come in from *lots* of different IP addresses and they gain new ones from botnets and open proxies *all* the time. The system would need some serious thought relating to scalability.
Also, I think botnets tend to gain and loose IPs fairly rapidly - there'd need to be a way of allowing legitimate users who were once compromised to regain posting power, and bam! there's your loophole; it's crazy to let people remove themselves from the blacklist, and if it has to be moderated removal then you're looking at some serious manpower (of course, you could ask them to pass a captcha to prove they're human before you remove them.....heh)
The ban could maybe only last for 10 minutes at a time, doubling on each infraction, and being re-set to 10 mins every 24hours regardless, that might work; IPs that were once evil but are now OK will only have to wait 24 hours before they're delisted. The hardcore abusers would thus remain banned indefinately, and some of the scalability issues would be avoid; it would be a rolling 'current abusers' blacklist rather than a massive 'every IP of every spammer everywhere' list.
Yeah, if someone wants to talk about this in more detail, get in touch and maybe we can start something. I've got experience with CAPTCHAs.
this is exactly how most session-based CAPTCHAs work. The timestamp idea is unworkable - it doesn't take that long for data to be ferried half way across the world, so if you implement a timeout, you'll end up pissing off your legitmate users as well thwarting spammers, and if you make the timeout longer it'll render it completely ineffective - what I'm saying is that it takes as long for a spammer to type a captcha as it does a legitmate user.
Stuff like "type this backwards in lower case" won't help *in the least* - it'd be trivial to get past, as trivial as writing a bot to collect email addresses, and we know how many of those there are.
Checking the IP address won't work (unfortunately) because certain ISPs (*cough*AOL*cough*) use multiple outgoing IPs for the same user; it's ridiculous but there you have it.
In any case, IP addresses can be forged; the spammer doesn't need to receive a response, he just needs to send his CAPTCHA and spam message; if he's on 4.3.2.1 and needs to send from 1.2.3.4 then he will - the server's "yes you got it" response will be sent to 1.2.3.4 but the spammer doesn't care; his spam has got through.
In short, there is no serverside way of preventing a captcha from being relayed to/from a 'processor' be it OCR or human.
However, what needs to be remembered is that in 95% of cases, any type of captcha will stop 100% of spam. Most captchas out there are pitifully weak in terms of OCR resistance, have implementation bugs coming out of their *ahem* and 'in principle' offer no security whatsoever, but they work because most spammers only after the low hanging fruit.
you can buy damascus steel no problem, but the -original- technique was lost. Today there are several techniques, from lazer etching to acid etching (both imo cheating) to folding different types of steel together in the forge to produce effects like this: http://www.knifekits.com/store/images/steel/kkdam_ random_sheet.jpg
I'm still waiting for the first company logo visible from earth (in space). I always wondered how much it'd cost to paint the moon with a logo. I know it would be astronomical (heh), but surely it'd be worth it for whichever company (coke) did it? I mean, a logo on the moon! beat that, KFC. Who's going to be looking at their crappy from-space logo if the moon has a frikkin coke logo on it? ha!
yeah, I do conceed that there are probably exceptions (but possibly not) elsewhere.
'no one law stands on its own' - that's a very lucid description of our legal system and a point that, you're right, I tend to forget.
But is the intention issue not still valid? what is the difference between subsections (a) and (b) if not that (a) requires you to have no knowledge of what the articles will be used for, just that the articles were designed for offence-committing purposes. (b) requires that you intend that the articles will be used for offensive purposes. In this way, (a) doesn't require intention while (b) does.
I still don't see why it's split into two subsections if they both require intention. It seemed to me that (a) was redefining mens rea to side-step intention, thus criminalising a whole bunch of people that it shouldn't, and setting a dangerous precedent for new laws.
Perhaps I'm just too cynical/ignorant of the way the law works in fact, still, ambigous wording with the potential (if astronomically unlikely) consequences I'm describing (loss of intention) scares me.
Hammer manufacturers aren't guilty because there's no statute saying that the production of potential weapons constitutes an offence. I am guilty because there is a statue saying that supply of potential e-weapons is an offence. Merely performing the act does make it criminally illegal. Intention is mentioned specifically part (b), but as an "or" not an "and" - I need no intention. Sorry to be dogmatic about this, but I think you're confusing the result of any real-world court action (i.e. I would be held innocent) with the theoretical implications of the statute (i.e I have committed an offence). I agree that in the real world, I'd never be tried for this, but that's not the point at all. When you say that "plain meaning of the text is just one component of an actual law and not the determinant one" I think that by 'actual law' you mean law as it plays out in the end, the results of cases, the history of case law and precedent, juris prudence and juries and all that. I'm not talking about that at all. I'm talking about the black and white definition as set down in the statute. It's wrong. It means that *in theory* I can be tried for this. In practice I never would be, but I don't care about that. That view sounds pedantic, but when you consider that more and more cases are being put through magistrates (who have no formal legal training), without juries, and that the legal system (and a fuckload of precedent) is being overhauled (read: thrown out), the safeguards that define the boundary between theory and practice get stripped away and I'm left with a hearing where the black and white is all that counts. It also scares me that if/when I get called up for some other offence, they can pull this out of the bag and use it to support the prosecution; it might not stand up by itself but it'll certainly add weight to another charge....
I know that I wouldn't be prosecuted; if it ever came to court I would be found guilty in law but not guilty in fact. In a real world situation yes, precedent etc would count a lot. *But* that's not the point. The point is that in law I am guilty; the law is wrong, regardless of any other safeguards put in effect. Yes the CPS wouldn't even hear the case and yes if they did precedent would count and yes the jury (as it's criminal) would likely decide that I wasn't guilty in fact but that doesn't change or remove the wrongness of the point that the statute makes outlaws of innocents.
where are those exceptions stated? I can't find any such exceptions mentioned in either the Computer Misuse Act or the police and Justice Act (which is updating sections of the CMA).
1) you don't have to be the author, just a supplier 2) you don't have to know what it's going to be used for, just that it can be used for offences:
you said "If you create a tool that could be used to facilitate one, then you would not be covered"
our survey said "A person is guilty of an offence if he makes, adapts, supplies or offers to supply any article a) knowing that it is designed or adapted for use in the course of or in connection with an offence"
***you don't need to know what the person you supply it to is going to do with, just that it can be/is commonly used in an illegal way***
no, that's not it at all; section (b) covers the "if you don't go helping people" situation you're describing, but section (a) means that I will commit an offence merely by supplying articles that can be used to commit an offence.
The articles have to be -designed- for the purpose of "any unauthorised act in relation to a computer", not -supplied- for that purpose. There's a massive difference.
"Making, supplying or obtaining articles for use in offence under section 1 or 3
(1) A person is guilty of an offence if he makes, adapts, supplies or offers to supply any article--
(a) knowing that it is designed or adapted for use in the course of or in connection with an offence under section 1 or 3; or
(b) intending it to be used to commit, or to assist in the commission of, an offence under section 1 or 3."
I'm now a criminal. Joe Blackhat won't care; he'll still get hold of the 'articles', but now my website which tries to teach people about responsible use of such 'articles' now makes me liable for up to 2 years in jail, plus a fine. I hate the law.
Now I don't have to know what the tools will be used for, just that they can be used for wrongdoing.
Slashdot Mirror
yeah but that's $49.99 (per year!), and if it survives formatting, it probably does that by rootkiting the box to some degree, and "We're sorry, the Computrace LoJack for Laptops self-management site does not support the web browser you are currently using." (firefox 2.0.0.1). icky.
why doesn't someone do a 'phone home' laptop insurance program that provides tracking information just like this? (privacy issues aside (until the first reply to this comment; see below)).
It could be nicely open sourced, and run via a p2p network to distribute the load for the tracking servers. Obviously a lot of details would have to be worked out to avoid abuse, but it could be as simple as sending an "I'm here" message encrypted with a dedicated private key to the p2p network. The person who wants to track their stolen goods just pops the public key (stored on a CD/usb stick/online, generated on install) into the network and it comes back with the last known location. No?
...bathe myself in the soothing green light, and I'm good to go!
crashed firefox when I tried to view source; winXP's virtual memory crap.
my freecap PHP CAPTCHA does this; puremango.co.uk
unless there's a vulnerability elsewhere, eg:a base.conf
yourserver.com/show_page.php?page=../../../../dat
the permissions will do nothing to secure the config in this case.
I don't know about you, but I'd love to see some pictures of this "Florida" place.. I mean, if the shuttle has actually landed there safely, are the astronauts going to finally walk on the surface of florida? Are they taking samples back to earth? This is truly a historic day.. the first steps on the alien soil of "florida"...
(FYI, I run windows)
e .htm
normally, I use "restoration"; it's a great application to recover deleted files. It supports all MS operating systems and all MS filesystems, it's small, free and required no installation so you can run it from a floppy, which is nice. I never had any problems with it on various HDDs, USBs, SD cards and XD cards - until:
My USB thumbdrive generated the following error in windows "The drive is not formatted" - oh bugger. But after trying many different applications (and buggering the drive further in the process - it ended up not even recognising that there wa drive there at all), I found PC Inspector File Recovery, which did manage to recover all my files. I still stick with Restoration for most of my needs - it's a cleaner looking app, but if/when it fails, I look to PCiFR.
The reason I don't use PCiFR all the time? As I said, I don't like the interface, you have to install it (and if you install something on the drive that you need to recover data from, you run the risk of overwriting the data) and Restoration is small. They're both free.
Restoration: http://www.snapfiles.com/get/restoration.html
PCiFR: http://www.pcinspector.de/file_recovery/UK/welcom
The blog posting doesn't offer any insight into *why* they're stopping the service. I understand that there are only a few hundred users, but surely google can afford to keep running the site; if it's useful for those people then why not keep it?
Maybe I should ask google answers...
(well, blogspot /.'ed actually, but they're pwned by google)
"The server encountered a temporary error and could not complete your request.
Please try again in 30 seconds."
woot.
Laptops always were pretty much disposable; when was the last time you upgraded your laptop? It's too much hassle/cost/risk. We just deal with slow outdated laptops untill they're too slow and outdated, then we bin them or give them away. What's changed?
I like your eco-friendly remark. There'll be a market for wooden laptops and hemp carry cases soon. (cue futurama references: wooden bender).
hmm. this might work. I have some firsthand experience with spam on several different sites. They come in from *lots* of different IP addresses and they gain new ones from botnets and open proxies *all* the time. The system would need some serious thought relating to scalability.
Also, I think botnets tend to gain and loose IPs fairly rapidly - there'd need to be a way of allowing legitimate users who were once compromised to regain posting power, and bam! there's your loophole; it's crazy to let people remove themselves from the blacklist, and if it has to be moderated removal then you're looking at some serious manpower (of course, you could ask them to pass a captcha to prove they're human before you remove them.....heh)
The ban could maybe only last for 10 minutes at a time, doubling on each infraction, and being re-set to 10 mins every 24hours regardless, that might work; IPs that were once evil but are now OK will only have to wait 24 hours before they're delisted. The hardcore abusers would thus remain banned indefinately, and some of the scalability issues would be avoid; it would be a rolling 'current abusers' blacklist rather than a massive 'every IP of every spammer everywhere' list.
Yeah, if someone wants to talk about this in more detail, get in touch and maybe we can start something. I've got experience with CAPTCHAs.
this is exactly how most session-based CAPTCHAs work. The timestamp idea is unworkable - it doesn't take that long for data to be ferried half way across the world, so if you implement a timeout, you'll end up pissing off your legitmate users as well thwarting spammers, and if you make the timeout longer it'll render it completely ineffective - what I'm saying is that it takes as long for a spammer to type a captcha as it does a legitmate user.
Stuff like "type this backwards in lower case" won't help *in the least* - it'd be trivial to get past, as trivial as writing a bot to collect email addresses, and we know how many of those there are.
Checking the IP address won't work (unfortunately) because certain ISPs (*cough*AOL*cough*) use multiple outgoing IPs for the same user; it's ridiculous but there you have it.
In any case, IP addresses can be forged; the spammer doesn't need to receive a response, he just needs to send his CAPTCHA and spam message; if he's on 4.3.2.1 and needs to send from 1.2.3.4 then he will - the server's "yes you got it" response will be sent to 1.2.3.4 but the spammer doesn't care; his spam has got through.
In short, there is no serverside way of preventing a captcha from being relayed to/from a 'processor' be it OCR or human.
However, what needs to be remembered is that in 95% of cases, any type of captcha will stop 100% of spam. Most captchas out there are pitifully weak in terms of OCR resistance, have implementation bugs coming out of their *ahem* and 'in principle' offer no security whatsoever, but they work because most spammers only after the low hanging fruit.
you can buy damascus steel no problem, but the -original- technique was lost. Today there are several techniques, from lazer etching to acid etching (both imo cheating) to folding different types of steel together in the forge to produce effects like this: http://www.knifekits.com/store/images/steel/kkdam_ random_sheet.jpg
the moon's not spherical, duh, it's a disc, like the sun and the earth.
what is this third dimension of which you speak?
PS: if this ever happens, I hereby apologise to humanity.
PPS: FUCK OFF 'slow down cowboy' I don't care that it's been 47 seconds since I last posted I HAVE MORE TO SAY.
coffee......coffeeeeeeeeee.. heheh. woo!
I'm still waiting for the first company logo visible from earth (in space).
I always wondered how much it'd cost to paint the moon with a logo. I know it would be astronomical (heh), but surely it'd be worth it for whichever company (coke) did it? I mean, a logo on the moon! beat that, KFC. Who's going to be looking at their crappy from-space logo if the moon has a frikkin coke logo on it? ha!
I think I need some more coffee.
also, may I thank you for an interesting and intelligent conversation - rare to find on /.
yeah, I do conceed that there are probably exceptions (but possibly not) elsewhere.
'no one law stands on its own' - that's a very lucid description of our legal system and a point that, you're right, I tend to forget.
But is the intention issue not still valid? what is the difference between subsections (a) and (b) if not that (a) requires you to have no knowledge of what the articles will be used for, just that the articles were designed for offence-committing purposes. (b) requires that you intend that the articles will be used for offensive purposes.
In this way, (a) doesn't require intention while (b) does.
I still don't see why it's split into two subsections if they both require intention. It seemed to me that (a) was redefining mens rea to side-step intention, thus criminalising a whole bunch of people that it shouldn't, and setting a dangerous precedent for new laws.
Perhaps I'm just too cynical/ignorant of the way the law works in fact, still, ambigous wording with the potential (if astronomically unlikely) consequences I'm describing (loss of intention) scares me.
Hammer manufacturers aren't guilty because there's no statute saying that the production of potential weapons constitutes an offence.
I am guilty because there is a statue saying that supply of potential e-weapons is an offence.
Merely performing the act does make it criminally illegal. Intention is mentioned specifically part (b), but as an "or" not an "and" - I need no intention. Sorry to be dogmatic about this, but I think you're confusing the result of any real-world court action (i.e. I would be held innocent) with the theoretical implications of the statute (i.e I have committed an offence). I agree that in the real world, I'd never be tried for this, but that's not the point at all. When you say that "plain meaning of the text is just one component of an actual law and not the determinant one" I think that by 'actual law' you mean law as it plays out in the end, the results of cases, the history of case law and precedent, juris prudence and juries and all that. I'm not talking about that at all. I'm talking about the black and white definition as set down in the statute. It's wrong. It means that *in theory* I can be tried for this. In practice I never would be, but I don't care about that. That view sounds pedantic, but when you consider that more and more cases are being put through magistrates (who have no formal legal training), without juries, and that the legal system (and a fuckload of precedent) is being overhauled (read: thrown out), the safeguards that define the boundary between theory and practice get stripped away and I'm left with a hearing where the black and white is all that counts. It also scares me that if/when I get called up for some other offence, they can pull this out of the bag and use it to support the prosecution; it might not stand up by itself but it'll certainly add weight to another charge....
I know that I wouldn't be prosecuted; if it ever came to court I would be found guilty in law but not guilty in fact. In a real world situation yes, precedent etc would count a lot. *But* that's not the point. The point is that in law I am guilty; the law is wrong, regardless of any other safeguards put in effect. Yes the CPS wouldn't even hear the case and yes if they did precedent would count and yes the jury (as it's criminal) would likely decide that I wasn't guilty in fact but that doesn't change or remove the wrongness of the point that the statute makes outlaws of innocents.
where are those exceptions stated? I can't find any such exceptions mentioned in either the Computer Misuse Act or the police and Justice Act (which is updating sections of the CMA).
no no-diddly no no:
1) you don't have to be the author, just a supplier
2) you don't have to know what it's going to be used for, just that it can be used for offences:
you said "If you create a tool that could be used to facilitate one, then you would not be covered"
our survey said "A person is guilty of an offence if he makes, adapts, supplies or offers to supply any article a) knowing that it is designed or adapted for use in the course of or in connection with an offence"
***you don't need to know what the person you supply it to is going to do with, just that it can be/is commonly used in an illegal way***
no, that's not it at all; section (b) covers the "if you don't go helping people" situation you're describing, but section (a) means that I will commit an offence merely by supplying articles that can be used to commit an offence.
The articles have to be -designed- for the purpose of "any unauthorised act in relation to a computer", not -supplied- for that purpose. There's a massive difference.
http://www.publications.parliament.uk/pa/cm200506/ cmbills/119/2006119.htm
"Making, supplying or obtaining articles for use in offence under section 1 or 3
(1) A person is guilty of an offence if he makes, adapts, supplies or offers to supply any article--
(a) knowing that it is designed or adapted for use in the course of or in connection with an offence under section 1 or 3; or
(b) intending it to be used to commit, or to assist in the commission of, an offence under section 1 or 3."
I'm now a criminal. Joe Blackhat won't care; he'll still get hold of the 'articles', but now my website which tries to teach people about responsible use of such 'articles' now makes me liable for up to 2 years in jail, plus a fine. I hate the law.
Now I don't have to know what the tools will be used for, just that they can be used for wrongdoing.