Yeah, I think that distills down to the following:
Keep NN, keep the internet we love, with all its warts.
Lose NN, lose the internet we love, try to build something new and probably not as good, have it mature, and surpass Internet 1.0, then get regulated like the internet already is, and back to square one, but now we have 2 Internets.
Ok so I didn't do any research, I'm just going to ask. How is removing Title II from ISPs going to affect safe harbor and copyright infringement issues? Title II protects ISP from litigation when illegal activity is facilitated by their networks. If NN goes poof, and ISP's are no longer Title II, do they lose their protections against litigation, regarding facilitating criminal behavior?
There has always been, and always will be traffic shaping and prioritization. In fact, when there isn't, bad things happen to networks.
I don't really think people who advocate for NN also advocate for no traffic management on networks. Pretty much a duh comment, of course networks have to have traffic management. Comparing Apples to Oranges here bro.
NN is not about network traffic management, or shaping. It's about treating every bit without bias. Where it came from and where it's going isn't an ISP's business. They simply need to move the bits in the most efficient manner possible to their destination (ie traffic management.) Where NN comes in, is when an ISP decides to not treat your bits as equal, and give different priorities to traffic depending on source and destination, and biasing the traffic management in a way that benefits your company or your affiliates. And probably also is detrimental to your company's competitors.
Also, add on top of that, lack of NN will permit companies to sell faster speeds. And those faster speeds will be coming out of the bandwidth available to the non-special customers. Taking it to the extreme (Portugal anyone?), lack of NN can lead to slicing the internet into 'packages' you have to pay for. Want Facebook? $5/mo. Youtube? $5/mo extra. HBO? Another $5/mo please. That is lack of NN bro.
I think trying to lump proper network traffic management into the NN discussion is pretty empty and stupid. That's not even the issue here, bro.
What really concerns me is how perverted the lack of NN rules can be twisted into.
I propose a simple scenario. I am a baker, and I don't want to bake a cake for your homosexual wedding, because I feel it infringes on my free speech. We've all heard about this story. Let's now twist it into what a lack of NN will do:
I'm an internet provider. My company's stance is abortion is evil. To protect my free speech, I will be blocking all sites relates to abortion, good and bad. Because that's my right. Also, because I'm a Christian company, I'm going to block all sites related to non-christian religions, because I don't want my customers subjected to that rubbish.
It's a can of worms I don't want to see opened. Protect NN. It is absolutely vital to a healthy and free internet.
I am generally in the camp that says, this phenomenon is a result of programmers being educated, learning their craft before the internet was a big thing. Or they were educated/trained in a fashion that did not stress security focus on application development.
It's not like it's difficult to oops. It's super easy to think to yourself 'this will work fine,' and as soon as it's done, yer QA finds a million problems. Programmers while awesome, aren't very good at seeing their own mistakes. Just as a novelist needs another pair of eyes to proofread their work, programmers need QA and code audits to check their work.
This is where the REAL problem lies. QA is not really a thing anymore. Why pay a QA department when you have droves of sheeple on the internet that will happily test your product for you. Hell, often they'll PAY YOU to play with your garbage. So QA is pretty much nonexistent. I'd have to assume if you got no QA, you probably don't do regular auditing of your code either, since that costs money and time.
As a side effect of sheeple QA, some of your more serious 'flaws' might go unreported. Some sheeple are wolves and will hold their findings to themselves to exploit later when you least expect it. Or sell the exploits to others to make a buck.
So bottom line, if you want quality applications, you have to pay not just the programmers, but a QA and code auditing process too. And until companies bring back *REAL* QA, this will continue to be a serious problem that won't get better, instead it will just get worse.
As a side note I also want to point out, there's a lot of one-man development going on in the app-space, especially around smartphones. This is another major problem. As pointed out above, programmers aren't good at seeing their own mistakes. One-man development suffers even more from lack of proper QA and auditing.
The problem is... pretty much every felony 'clearly disqualifies' you from pretty much every job. Violent acts, sexual assaults, and major thefts top the list of felonies, and I can't imagine any employer wanting someone who is known to solve problems with violence, might rape a co-worker, or might steal as an employee. I can see ignoring a DUI for a job that doesn't involve driving, though. Perhaps there are other obvious exceptions.
There are no exceptions. A felony conviction is a mark you carry to your grave. Doesn't matter to an employer, could be money laundering, or embezzling, or any other non-violent white-collar crime. Felony is a felony. There is no distinguishing between rapists and embezzlers and fraud. It's all the same. You're fucked, there's no exceptions. And as long as society continues to treat anyone who made a mistake as a permanent criminal.. it won't change. This is what society wants, criminals to be outcasts and never reintegrate into society in a constructive manner. It's almost like they want felons to keep to their criminal behavior, since all legitimate work is cut-off.
Knowingly writing a bad check is a felony, just as example of just how petty a crime can be to brand you as an outcast for life.
Nailed it. Felonies should not be a death sentence, but they are. You cannot find work, cannot vote, cannot participate in government. You're basically an outcast for the rest of your life. Best move to another country and hope your criminal record doesn't come along for the ride. Felony conviction in the USA is a permanent punishment. You will never have the same rights as a non-felon. Ever. Trust me on this one, I know, I am a felon, I did something stupid 30 years ago, and I'm still fucked over.
The ISPs know this, so I doubt they'll invest too much in paid prioritization in the near future.
Broken logic. Once ISP's start implementing tiered internet and all the trimmings, it will be that much harder to reverse, and they'll fight tooth and nail to prevent reversal, especially after they do their deeds.
All is on course to screw the little guy and give the big companies more power, more money and less incentive to promote a healthy open internet.
It was fun while it lasted. Let the GREATNESS of ISP's dictating what we can access and how fast. Enjoy. Hope you guys got what you wanted.
How long before the ISP's in America start turning the screws and cutting off access to all but their approved sites list? Sigh. Is there any incentives for ISP's to keep things open? Sure is a lot of incentive now to closed the doors and tighten the screws and start nickle and diming us to death.
Do-not-call does seem to help, but the idiots who implemented that, it's expires after like what 6 months or a year, I dunno, but as soon as it expires, the calls skyrocket like the same day.
The FTC Do Not Call Registry does not expire. What you may get is idiot companies thinking it does, or spammer groups adding you to their list without checking the list. Report violations. The FTC really doesn't have any way to go after violators if they aren't reported. It's rather quick to do online, and in my experience it does help eventually. (I imagine with enough people reporting a certain robocaller, the FTC eventually tracks them down and fines their ass into oblivion.)
Pardon me a moment while I laugh hytserically. OK, all good. You really think Trump's FTC is going to give a flying F? They're probably working to dismantle the do-not-call list.
Basically, using the guise of 'independent contractor', companies are skirting our (American) wage regulations and shafting workers whenever and whereever they can. And people wonder where that income disparity is coming from.
About the only spam that bothers me is the robocalls. They are getting pretty bad. It ranges from 1-5 calls a day now. Very obnoxious. Do-not-call does seem to help, but the idiots who implemented that, it's expires after like what 6 months or a year, I dunno, but as soon as it expires, the calls skyrocket like the same day.
What I'd really like to have on my smartphone is a whitelist for callers. I'm just done with these idiots. Not in my contact list: shunt to voicemail and pretend it never happened.
What I did was go to the registry and change the standard port from 3389 to the last 4 digits of our front office telephone and block 3389 inbound/outbound at the firewall.
This is a good idea. I personally never leave any sort of potentially hazardous service on a 'known' port. Never the default. Yeah, it's security via obscurity, but a little of that never hurts anything. Just be aware, a determined attacker can scan your ports and find where you moved it to. But it does defeat most of your run-of-the-mill cookie cutter hacking.
Moving services to non-default ports is a great way to fly under the radar of most simple attack vectors. But still, firewalls, isolation of outside connected computers, and other good security practices should still be in place. VPN's are also a very strong method of protecting 'hazardous' services, by making them inaccessable without using the VPN connection.. just another layer that has to be broken into to get anywhere.
Most of the time the when the mainstream media uses the term, they're referring to script kiddies.
Alas, we do not get to decide what terms stick and which ones do not. Like it or not, "Hackers" is a negative label, they are seen as criminals, end of story. "Script kiddies" never caught on the mainstream, if you use that, 99% of people won't know what you're talking about.
I believe the current euphemism for "good guy hackers" is "Security Analyst" or whatever other euphemism you wanna pick. They're not hackers anymore, those are the bad guys.
I hope IT managers and other people in management positions allow this, and not clamp down on videoing while working. I personally love doing this, I mostly pick stuff that I can just listen to and occasionally glance at the video if it calls my attention. It's a great way to make the day go faster, much like listening to music or the radio, which gets a bit old after a while. It's nice to have a larger selection of 'background noise.' that Netflix, Hulu, YouTube, Amazon, and all other dole out.
For my line of work, it doesn't distract from my actual work. I'd hope anyone seeking to curtail this behavior examine every case individually to see if it's truly adversely affecting productivity. Some people can multitask better than others. What might be a total distraction for one person might not be for another person.
The 15,000 scientists are overruled by the 50,000 US coal miners.
Do us all a favor and go back to your coal mines and never come out again. Eliminates unnecessary population and their carbon footprint. If we're lucky, no one left will know how to dig doom out of the ground to burn up.
So all this is really saying is physical access is god mode. You don't need an ME for that to be true.
Sadly, you're incorrect. This is a fairly viable remote attack vector. All you need to have is something to deliver the sploit to the host, infect any usb storage devices with your ME sploit and wait for some fool to boot one of those devices accidentally or intentionally. In the mean time, your malware continues to infect every USB device ever attached to the machine. You'll definitely hook a good number of targets, with that number always climbing as more machines get infected and infect more USB storage devices.
What I hate about all these stories? We have security researchers who decry the evil of Intel ME. How it can be used to fully control a system. How it allows remote access. You know, those are GOOD things. The only bad parts are (1) it's closed source, (2) it has security vulnerabilities, and (3) the owner (whether it's a corporation or a single person) doesn't have control over it. What I want to see is not the Intel ME disabled. I want to see it turned into a bare bones OS precisely for the average user to remotely log in, flash a new BIOS (or recover from a brick), and to maximize control over things like power settings, usb access, etc.
There's nothing wrong with a God mode. They key is making sure the right person is God.
The problem here is as the TFA points out, the Intel ME stuff is really poorly documented and it's very complicated what tools and documents I've come across. Certainly way more than an end user could wrap their head around if a refurbisher like me is still trying to understand ME and how it works, when it works, etc.
The closed-source nature of it is a huge problem too, as obvious from this article. So yeah, sure, God-mode might be pretty cool, but it's a bit dangerous if others can exploit it just as easily as I can. This is a pretty viable attack vector too, since you know, a payload could deliver the ME sploit, infect any usb storage devices, and hope for the next fool who boots accidentally or intentionally from those devices. I imagine if an attacker took control of the ME subsystem, it'd be a real bitch to eject their crap, considering how poorly ME is documented and how arcane the tools are.
In my experience as a refurbisher, it's a very rare sight to see any laptop or desktop computer that even mentions ME, or has an option to turn it off in the BIOS. Most of the ME implementations are completely transparent to the host computer, never mentioned in the BIOS, no way to turn it off, no indication it's even there.
Slashdot Mirror
Yeah, I think that distills down to the following:
Keep NN, keep the internet we love, with all its warts.
Lose NN, lose the internet we love, try to build something new and probably not as good, have it mature, and surpass Internet 1.0, then get regulated like the internet already is, and back to square one, but now we have 2 Internets.
Logic failure.
Ok so I didn't do any research, I'm just going to ask. How is removing Title II from ISPs going to affect safe harbor and copyright infringement issues? Title II protects ISP from litigation when illegal activity is facilitated by their networks. If NN goes poof, and ISP's are no longer Title II, do they lose their protections against litigation, regarding facilitating criminal behavior?
There has always been, and always will be traffic shaping and prioritization. In fact, when there isn't, bad things happen to networks.
I don't really think people who advocate for NN also advocate for no traffic management on networks. Pretty much a duh comment, of course networks have to have traffic management. Comparing Apples to Oranges here bro.
NN is not about network traffic management, or shaping. It's about treating every bit without bias. Where it came from and where it's going isn't an ISP's business. They simply need to move the bits in the most efficient manner possible to their destination (ie traffic management.) Where NN comes in, is when an ISP decides to not treat your bits as equal, and give different priorities to traffic depending on source and destination, and biasing the traffic management in a way that benefits your company or your affiliates. And probably also is detrimental to your company's competitors.
Also, add on top of that, lack of NN will permit companies to sell faster speeds. And those faster speeds will be coming out of the bandwidth available to the non-special customers. Taking it to the extreme (Portugal anyone?), lack of NN can lead to slicing the internet into 'packages' you have to pay for. Want Facebook? $5/mo. Youtube? $5/mo extra. HBO? Another $5/mo please. That is lack of NN bro.
I think trying to lump proper network traffic management into the NN discussion is pretty empty and stupid. That's not even the issue here, bro.
What really concerns me is how perverted the lack of NN rules can be twisted into.
I propose a simple scenario. I am a baker, and I don't want to bake a cake for your homosexual wedding, because I feel it infringes on my free speech. We've all heard about this story. Let's now twist it into what a lack of NN will do:
I'm an internet provider. My company's stance is abortion is evil. To protect my free speech, I will be blocking all sites relates to abortion, good and bad. Because that's my right. Also, because I'm a Christian company, I'm going to block all sites related to non-christian religions, because I don't want my customers subjected to that rubbish.
It's a can of worms I don't want to see opened. Protect NN. It is absolutely vital to a healthy and free internet.
I am generally in the camp that says, this phenomenon is a result of programmers being educated, learning their craft before the internet was a big thing. Or they were educated/trained in a fashion that did not stress security focus on application development.
It's not like it's difficult to oops. It's super easy to think to yourself 'this will work fine,' and as soon as it's done, yer QA finds a million problems. Programmers while awesome, aren't very good at seeing their own mistakes. Just as a novelist needs another pair of eyes to proofread their work, programmers need QA and code audits to check their work.
This is where the REAL problem lies. QA is not really a thing anymore. Why pay a QA department when you have droves of sheeple on the internet that will happily test your product for you. Hell, often they'll PAY YOU to play with your garbage. So QA is pretty much nonexistent. I'd have to assume if you got no QA, you probably don't do regular auditing of your code either, since that costs money and time.
As a side effect of sheeple QA, some of your more serious 'flaws' might go unreported. Some sheeple are wolves and will hold their findings to themselves to exploit later when you least expect it. Or sell the exploits to others to make a buck.
So bottom line, if you want quality applications, you have to pay not just the programmers, but a QA and code auditing process too. And until companies bring back *REAL* QA, this will continue to be a serious problem that won't get better, instead it will just get worse.
As a side note I also want to point out, there's a lot of one-man development going on in the app-space, especially around smartphones. This is another major problem. As pointed out above, programmers aren't good at seeing their own mistakes. One-man development suffers even more from lack of proper QA and auditing.
I found his office's phone number on an imgur post: 202-418-1000
Not verified, but feel free to check it out and leave love messages!
to cease committing crimes when the only places that will hire them are Taco Bell and McDonald's
Funny... those establishments won't hire felons. You tick that felony conviction box, if it's seen, application goes into the trash.
The problem is... pretty much every felony 'clearly disqualifies' you from pretty much every job. Violent acts, sexual assaults, and major thefts top the list of felonies, and I can't imagine any employer wanting someone who is known to solve problems with violence, might rape a co-worker, or might steal as an employee. I can see ignoring a DUI for a job that doesn't involve driving, though. Perhaps there are other obvious exceptions.
There are no exceptions. A felony conviction is a mark you carry to your grave. Doesn't matter to an employer, could be money laundering, or embezzling, or any other non-violent white-collar crime. Felony is a felony. There is no distinguishing between rapists and embezzlers and fraud. It's all the same. You're fucked, there's no exceptions. And as long as society continues to treat anyone who made a mistake as a permanent criminal.. it won't change. This is what society wants, criminals to be outcasts and never reintegrate into society in a constructive manner. It's almost like they want felons to keep to their criminal behavior, since all legitimate work is cut-off.
Knowingly writing a bad check is a felony, just as example of just how petty a crime can be to brand you as an outcast for life.
Nailed it. Felonies should not be a death sentence, but they are. You cannot find work, cannot vote, cannot participate in government. You're basically an outcast for the rest of your life. Best move to another country and hope your criminal record doesn't come along for the ride. Felony conviction in the USA is a permanent punishment. You will never have the same rights as a non-felon. Ever. Trust me on this one, I know, I am a felon, I did something stupid 30 years ago, and I'm still fucked over.
The ISPs know this, so I doubt they'll invest too much in paid prioritization in the near future.
Broken logic. Once ISP's start implementing tiered internet and all the trimmings, it will be that much harder to reverse, and they'll fight tooth and nail to prevent reversal, especially after they do their deeds.
All is on course to screw the little guy and give the big companies more power, more money and less incentive to promote a healthy open internet.
It was fun while it lasted. Let the GREATNESS of ISP's dictating what we can access and how fast. Enjoy. Hope you guys got what you wanted.
How long before the ISP's in America start turning the screws and cutting off access to all but their approved sites list? Sigh. Is there any incentives for ISP's to keep things open? Sure is a lot of incentive now to closed the doors and tighten the screws and start nickle and diming us to death.
Do-not-call does seem to help, but the idiots who implemented that, it's expires after like what 6 months or a year, I dunno, but as soon as it expires, the calls skyrocket like the same day.
The FTC Do Not Call Registry does not expire. What you may get is idiot companies thinking it does, or spammer groups adding you to their list without checking the list. Report violations. The FTC really doesn't have any way to go after violators if they aren't reported. It's rather quick to do online, and in my experience it does help eventually. (I imagine with enough people reporting a certain robocaller, the FTC eventually tracks them down and fines their ass into oblivion.)
Pardon me a moment while I laugh hytserically. OK, all good. You really think Trump's FTC is going to give a flying F? They're probably working to dismantle the do-not-call list.
People not learning that crypto currency is a frickin' scam. No sympathy.
Basically, using the guise of 'independent contractor', companies are skirting our (American) wage regulations and shafting workers whenever and whereever they can. And people wonder where that income disparity is coming from.
This here is a nice shiny example.
About the only spam that bothers me is the robocalls. They are getting pretty bad. It ranges from 1-5 calls a day now. Very obnoxious. Do-not-call does seem to help, but the idiots who implemented that, it's expires after like what 6 months or a year, I dunno, but as soon as it expires, the calls skyrocket like the same day.
What I'd really like to have on my smartphone is a whitelist for callers. I'm just done with these idiots. Not in my contact list: shunt to voicemail and pretend it never happened.
Correct me if I am wrong, but there are three basic ways to crack a password.
You missed the most often used method: Find a broken service to exploit for code execution on the target. No passwords needed, system hacked.
What I did was go to the registry and change the standard port from 3389 to the last 4 digits of our front office telephone and block 3389 inbound/outbound at the firewall.
This is a good idea. I personally never leave any sort of potentially hazardous service on a 'known' port. Never the default. Yeah, it's security via obscurity, but a little of that never hurts anything. Just be aware, a determined attacker can scan your ports and find where you moved it to. But it does defeat most of your run-of-the-mill cookie cutter hacking.
Moving services to non-default ports is a great way to fly under the radar of most simple attack vectors. But still, firewalls, isolation of outside connected computers, and other good security practices should still be in place. VPN's are also a very strong method of protecting 'hazardous' services, by making them inaccessable without using the VPN connection.. just another layer that has to be broken into to get anywhere.
Most of the time the when the mainstream media uses the term, they're referring to script kiddies.
Alas, we do not get to decide what terms stick and which ones do not. Like it or not, "Hackers" is a negative label, they are seen as criminals, end of story. "Script kiddies" never caught on the mainstream, if you use that, 99% of people won't know what you're talking about.
I believe the current euphemism for "good guy hackers" is "Security Analyst" or whatever other euphemism you wanna pick. They're not hackers anymore, those are the bad guys.
Any time you have to use all caps and full stops after words, you've lost your argument.
I hope IT managers and other people in management positions allow this, and not clamp down on videoing while working. I personally love doing this, I mostly pick stuff that I can just listen to and occasionally glance at the video if it calls my attention. It's a great way to make the day go faster, much like listening to music or the radio, which gets a bit old after a while. It's nice to have a larger selection of 'background noise.' that Netflix, Hulu, YouTube, Amazon, and all other dole out.
For my line of work, it doesn't distract from my actual work. I'd hope anyone seeking to curtail this behavior examine every case individually to see if it's truly adversely affecting productivity. Some people can multitask better than others. What might be a total distraction for one person might not be for another person.
The 15,000 scientists are overruled by the 50,000 US coal miners.
Do us all a favor and go back to your coal mines and never come out again. Eliminates unnecessary population and their carbon footprint. If we're lucky, no one left will know how to dig doom out of the ground to burn up.
So all this is really saying is physical access is god mode. You don't need an ME for that to be true.
Sadly, you're incorrect. This is a fairly viable remote attack vector. All you need to have is something to deliver the sploit to the host, infect any usb storage devices with your ME sploit and wait for some fool to boot one of those devices accidentally or intentionally. In the mean time, your malware continues to infect every USB device ever attached to the machine. You'll definitely hook a good number of targets, with that number always climbing as more machines get infected and infect more USB storage devices.
What I hate about all these stories? We have security researchers who decry the evil of Intel ME. How it can be used to fully control a system. How it allows remote access. You know, those are GOOD things. The only bad parts are (1) it's closed source, (2) it has security vulnerabilities, and (3) the owner (whether it's a corporation or a single person) doesn't have control over it. What I want to see is not the Intel ME disabled. I want to see it turned into a bare bones OS precisely for the average user to remotely log in, flash a new BIOS (or recover from a brick), and to maximize control over things like power settings, usb access, etc.
There's nothing wrong with a God mode. They key is making sure the right person is God.
The problem here is as the TFA points out, the Intel ME stuff is really poorly documented and it's very complicated what tools and documents I've come across. Certainly way more than an end user could wrap their head around if a refurbisher like me is still trying to understand ME and how it works, when it works, etc.
The closed-source nature of it is a huge problem too, as obvious from this article. So yeah, sure, God-mode might be pretty cool, but it's a bit dangerous if others can exploit it just as easily as I can. This is a pretty viable attack vector too, since you know, a payload could deliver the ME sploit, infect any usb storage devices, and hope for the next fool who boots accidentally or intentionally from those devices. I imagine if an attacker took control of the ME subsystem, it'd be a real bitch to eject their crap, considering how poorly ME is documented and how arcane the tools are.
In my experience as a refurbisher, it's a very rare sight to see any laptop or desktop computer that even mentions ME, or has an option to turn it off in the BIOS. Most of the ME implementations are completely transparent to the host computer, never mentioned in the BIOS, no way to turn it off, no indication it's even there.
It's an old idea in a new package, with a new name. Too bad it's still crap.
Nothing more than a demo that doesn't expire.
If it's not the entire game, then it's not a free game, it's crippleware or a demo.
What annoys me most is Slashdot freely advertising it for them.
it's a more modern environment with multiple layers of security that did not exist before. Encryption is only one of those layers of security
Translation: Someone told me we have security but I know nothing about how it works or what it actual is.