SSL must be keeping track of a certain amount of session type data. If several users are using the same machine to visit SSL sites, their browser keys don't get confused.
If you try to keep track of sessions by unique stuff in the URL, you make it hard for users to cut-and-paste links to send to each other.
But I thought that the single cookie at login method was the best compromise, and I don't like this continuous cookie updating. I don't really know all the options in session management though.
Could you do it with SSL, making an https connection ? (Ignore for the moment the fact that this would drive processing power requirements through the roof.)
Here in Austin, Texas I occasionally get automated calls from a machine that leaves a message along the lines of "Hi, this is Louis Regal, and I am about to make a very important decision without your input, unless you call me as soon as possible . . .." The man's voice is that slow-speaking, over modulated tone that commercials use to sell legal or medical stuff. I guess it works well with old people.
The number: 1-877-774-7998.
The other machine call I often get is from a guy who legally changed his name to "John World Peace" and is running for Governor or something, and wants you to "cast your vote for World Peace !" He usually rants and raves a bit about the Railroad Commissioner or something, I usually have a good laugh at his name and the chances of Texas electing him and hang up.
Nice to see it under the GPL. Now I will have to see if the old DR-DOS partition on this machine will still boot -- I don't think I've booted DOS in two years.
That page links to an old BYTE magazine article from 1983 about the release of windows 1.0. I love this quote:
"Moreover, programmers can take advantage of the ability to customize windows so that each software house retains its own distinct look within the Microsoft environment. The same enlightened attitude enabled Microsoft to resist the temptation to reserve Windows as an environment for its own applications programs. Microsoft is making Windows available to a number of applications software houses, including some major competitors."
Apple mattered in those days, and they could have given Microsoft a run for it's money with the "star trek project" linked to in the article. But they were undercut by someone offering more choices, just as Microsoft will be undercut by other choices today.
I was digging through years of accumulated floppies, sorting out which ones looked cool enough to see if they could still be read and which ones would go in the blank floppy bucket, and I found a two-diskette installation of GEM.
GEM is the windowing software mentioned in the star trek project link.
Just in case my floppies don't work, does anyone know if you can still find GEM on the web anywhere ?
Because then the race would be for second post, or first real post.
Even if you did something clever like wait until 10 posts have been submitted, then displayed them in random order, people would still try for first post. Even if the comment numbers were consecutive from story to story or started at a random number so that the post was not actually labeled #1, people would still try to be first.
As long as there is any way at all to distinguish posts, it will be done.
Most of the people I know who own consoles are far more likely to own a computer, to have upgraded if not installed the OS, and in at least a few cases run linux. In my sample, there is an association between technical sophistication (or at least interest) and game console ownership.
I think that game consoles are popular for other reasons. Intense advertising (more commercials on TV for game consoles and game console games than software games), the "hey another gadget to own" factor, and probably other things.
I think that the number of sales of game consoles due to technophobia and uncertainty of software is very low. In fact, a complicated interface might actually INCREASE sales among a certain segment.
Another run-from-cd linux I experimented with is finnix, but it is a little out of date and has no X.
One thing I noticed with finnix is that the RAM disks it creates are small. The demolinux page mentions a warning about the same thing. Has anyone used linux to create RAM disks bigger than 4 MB, and if so did they have to do anything special ?
A targeted script from a single machine is great if you are working on your own machines, say want to clean the virus out of all machines behind the firewall at your place of employment, something like that.
But if you are going to release this into the wild, people on various ISPs are going to see packets coming from your machine and accuse you of trying to hack them. If it infects a "sick" host, makes it well, then infects a few more "sick" host, and then deletes itself and all tracks it can from the first one, it's harder for them to find you to use as a scapegoat.
Read up about Randall Schwartz and David McOwen before you jump in and run something like that, even if it is on your employer's computers and for good purpose. The fact is, sometimes you have to do your job annonymously.
The fix virus doesn't have to scan, it just has to *listen* on port 80, because the infected machines will announce themselves by attacking. So the good virus can:
1) listen on port 80 for the attack, or search local logs for the IPs of infected machines.
2) Wait a reasonable amount of time, say 24 hours, so that responsible administrators of infected machines can fix their machines they way they want to.
3) Use the root.exe backdoor to go in, close the hole, copy yourself there, and loop back to step 1)
4) After you have been on a machine for a certain amount of time, say a month, delete yourself, leaving the machine uninfected and with the hole closed.
How does that DDoS anyone ? It is conservative and unobtrusive enough that you wouldn't even know if it was already spreading through the internet now. The only way you could tell is by watching an infected machine to see if it got fixed.
Re-formatting and re-installing doesn't work if the default install has vulnerbility. The machine will just be infected again within minutes.
Not removing all vulnerbilities is better than not removing any. As far as making the detection of the exploit difficult, most of these people don't even realize that they are running the IIS webserver, and would have no idea how to patch it or turn it off. If you want to launch a virus that will educate users, well, you will fail. These people don't know about the systems they are running because they don't *care*, as long as it works for them. You have better luck teaching a high school detention hall about relativity. The users will just click, cntl-alt-delete, reset button, or even re-install selecting the exact same insecure options, and some how thrash their way back to being able to use their machine regardless of what helpful educational messages you pop up.
So I say those problems aren't problems. I would write a daemon would check any infected IP that attacked me 24 hours later, and if it was still infected, would just go in and patch/kill IIS/whatever. A little log file left in C:\ might scare the machine owner into thinking people were hacking his machine and that he needed to re-install which would cause him to get re-infected. So don't tell him shit. Go ahead and install McAfee and set his outlook options to make him see all of the file extensions, etc.
I thought about doing this myself by using the backdoor to up load a staticaly linked perl.exe and writing it all in perl. But Code Red is just not a big enough problem to be worth the time, let alone the heat you might get for writing a virus good or bad. I don't run IIS, I don't have websites that are much bothered by it, while my broadband connection is a little slower these days it is still pretty bearable. I say let the windows users just carry on.
As for ATT blocking your port 80, they are obviously not blocking it from inside their own network if you are getting exploit attempts on apache. ATT can't deny port 80 from the inside to the outside to stop their network from infecting other people because all their customers just browse the web; apparently they can't deny port 80 within their network or they already would have; so they are stuck doing something useless. It does nothing except degrade the worth of their service, until they have wiped out code red inside - shutting the barn door after the horse is IN, so to speak. Communicating this to anyone who could make the decision inside ATT broadband is hopeless, but what you should do is send them the token email to support and other places, and then cancel and switch to someone else.
The only person I could see bothering to write a fix-virus would be someone concerned about information spreading by the appearence of all these backdoors. For example, if I were a sys admin at the Pentagon or State Department or even a very large corporation, I would write that (probably make it not live outside my organization for legal reasons). Even though you probably can't use the backdoor Code Red creates to get from the outside to the inside, all those big organzations have a lot of compartmentalization of information and are so big you have to presume the existence of a few disgruntled employees or outright spies at any given time.
Used bookstores often have old CD sets. You won't get much older than RedHat 4.0 that way though.
I've also dug some interesting stuff out of the ten-cent-a-floppy bin at goodwill. Old versions of GEM (a pre-windows windowing system, I think, haven't tried it yet). One of the first versions of Lotus 1-2-3 turned out to be unfortunately unreadable due to floppy damage.
Is it possible that you could get some of the old floppy installation images (from the days when you used 14 floppies to install a linux) out of a usenet archive somewhere ?
Salon is definitely the Fox News of the left, except that they are more left than Fox News is right. I avoid them not for their biases, but because their web site was so abysmally designed and slow to read. I've heard they cleaned it up, I might check them out again.
While this Salon article says that Greg Palast found additional information to support the claim of the killings in Tanzania, Palast didn't put that information in the column in question. He also mentioned Amnesty's accusation without mentioning that they had backed down a bit (said that they couldn't confirm it, of course their investigation was also hampered).
I don't like the idea of some bewigged Brit judge dictating what can be on American web sites, or British web sites for that matter, but if you are going to pick a poster child or test case you could at least pick one where the journalism was above reproach, and known to be factually correct.
I think the reason why the suit was filed in UK court was that the main defendant was the Guardian, a UK newspaper. The fact that the writer was American and editted his site was just gravy. Perhaps he was worried about not being able to sell future work to the Gaurdian if he didn't help them out of their legal trouble.
So I don't think that Barrick went hunting for a country to sue Greg Palast in.
After all, they could have sued Amnesty International, the original source of the allegations in question, in British court.
But searches of the various Amnesty sites (amnesty-usa.org and amnesty.org) as well as google searches on "Amnesty International Barrick" can't seem to find the original accusation. Perhaps AI quietly withdrew it ? (The search cgi scripts on a couple of the Amnesty sites seem broken, so maybe I just can't find it.)
Those web searches turn up a lot of liberal sites of the letsriot and indymedia ilk. They all mess themselves over the alledged Amnesty connection, but none of them provide a link to a press report or other documentation.
Can someone find the original Amnesty accusation on the "extra judicial killings" ?
It is also noteworthy that aside from that one accusation, all the other stuff (including speculation on the death of the geologist who fell out of the heliocopter) had been published in the Wall Street Journal, New York Times, and The Economist.
Perhaps Greg Palast's re-editting of his work can be seen as good journalism, not censorship.
I have no problem being derogatory towards people who try to use some sort of elitist attitude.
I don't think that I'm being inconsistent, either. The ability to read law and post doesn't come with any guarantee that you won't be proved wrong, ridiculed, or even called a twit. It's happened to me.
The "meme" that we have to fight here is the insidious suggestion constantly covertly propagated (via comments like compulawyer's, and incessent IANAL'ing) that a layman can somehow be held accountable for offering legal opinions. Such a concept is so violently against the 1st admendment that it doesn't stand up when stated openly, and only survives by being constantly tacitly implied.
In fact, the idea of licensing lawyers puts restrictions on what LAWYERS can say and do, and puts no restrictions at all on the rest of us. Of course even before we came up with the idea of licensing lawyers, it was illegal to take someone's money or influence them in some way to benefit yourself by lying about what you were; it is this idea of fraud that is twisted into the idea that common people run some risk in the open discussion of legal topics.
Dude, the purpose of sending him a warning that he was sharing that file would be to STOP his accounts from being wiped out. The deal is, what with people like that Schwartz guy at Intel being prosecuted for doing their job, I'm not about to pop up and helpfully tell anybody anything about any security problems. If the document is at a company or government there is no telling how they might react.
So I think the anonymous mail thing is a good one. Thanks.
I stand by my ground on the trade secret issue. In these days of findlaw and other searches perhaps you'd like to site a case or two where someone innocently came upon tradesecret information and was denied the use of it.
I think the real legal misinformation here is your snooty remark about not commenting on the law if you are not a lawyer. I and any other person with about an 8th grade education are perfectly capable of reading the law, it is just words in the english language. The whole "you be quiet you peasant, only us lawyers can discuss these affairs" belongs in Europe, not America. I'd be more willing to put up with it if lawyers actually knew anything, but as you can see by checking out that NY Times Magazine article from a few weeks ago, a fifteen year old who watches Court TV knows more than you guys. And finally, you lower yourself to the point of that sniveling false concern that I might be posting legal information while not a lawyer. I am not a lawyer, and I'm damn proud of it. I think people will weigh my opinions on the law or other subjects more because of it.
However, you have the tone of someone who is clinging to a parchment. Why don't you just come right out and tell us where you are licensed ? Is it possible that I could actually pay you a token sum for your legal advice on trade secretes, just so you'd be actually putting something on the line ?
By the way, if anyone is looking for examples of how to be a twit, they'll find plenty in Compulawyer's userinfo. He likes to post these dignified little tidbits on trivial nonsense, and seems to be on the search for some area in which his mature opinions on software engineering practices requiring correctness proofs and etc will be worshipped by a bunch of cub scouts.
Regardless of what level of effort is required to define something as a trade secret, it is still a fact that once it is in the open, it is not a trade secrete any more. You can go after the person who first released it for damages, but all the other people using that information are probably on safe ground.
Trade secrete laws are more likely to be state laws rather than federal laws, unlike copyright and patents, so it may vary from place to place.
In general, I think the thrust of the system is to punish those who betray other people's trust, but encourage the secrete-keepers to come within the covenant of the patent system, where essential you trade publication (anyone can read the patent) for a limited government enforced monopoly.
Try searching on gnutella for "resume.doc" or "letter" or ".xls". Apparently many people use gnutella at work and set it to share C:\.
For about a weekend or so it was a sport with me. I downloaded a ton of stuff I am sure was not meant for the public -- there was a breakup letter where the writer stoped midsentence and types "aw fuckit i'll stay with her" (but then for some reason saved the letter ? don't ask me). I also found some business oriented xls files and ppt files. Most interesting was the fact that you could find what I think were people's outlook and eudora mailfiles, those inbox.dbx things. I have no idea how to view those.
Anyway, I got bored and moved on to other shit. The best thing I found was a file called either "private.txt" or "secrete.txt" which looked like the following:
SSN: #########
PIN(ATM): ####
PIN(VISA): ####
WellsFargo: user/passwd
yahoo: user/passwd
(a university student network domain): user/passwd
So I guess this guy decided to consolidate all of his sensitive info into one place, decided to put it on a computer, and then accidently shared it with the whole fucking internet.
I wanted to try the yahoo user/passwd just to see if it was real, but at that point I stopped and thought and decided that actually using the information people were inadvertendly sharing to snoop information they _weren't_ inadvertently sharing was probably where the legal/ethical boundary would be crossed. I never sent email to the yahoo address or the university one because I was afraid of being accused of being a hacker. The sad thing is that my gnutella client automatically moves completed downloads to the shared directory, so it is possible I further shared that file with others before I deleted it.
If there were some way you could filter your gnutella search results on IPs belonging to cable/DSL users in the DC area, or by those belonging to employees of a particular company, etc, then you could really do some damage.
I talked about this with other people and some of them apparently search for the names of.DLL files in various versions of windows, to find a gnutella host sharing everything, and then do the "list all files on this host" thing to look at the user's personal files.
So I guess the moral is, make sure your friends know how to configure their gnutella clients correctly.
RedHat, the previous usage leader, always needs post-installation twiddling to get everything usable (in my experience). This often involves adding a module or option to the kernel. Unfortunately, the fact that you have to then edit the top level kernel makefile and replace "gcc" with "kgcc" in two places is enough to put a usable RedHat installation out of the reach of many. Hell, it always bites me after I try and get compile errors, then I remember oh shit, I forgot RH screwed themselves, and go back.
On the other hand, it might be possible that Mandrake is just as hard to post-install twiddle, but I've have never had to do it. Mandrake is always usable, having drivers or modules for all hardware, after the install. I just start using it.
This difference goes back at least to the RH6.2/Mandrake7.0 days (just a few months ago). For example, at that time RedHat wouldn't run out of the box on athlons, unless you knew enough to type in a special kernel option to LILO. Then you had to go and edit lilo.conf and rerun lilo, or recompile the kernel so it didn't need that option. Mandrake spun up right off the bat.
I think that one of the best hopes for either RedHat or Mandrake is to be paid fees by an OEM to make sure the distribution works on all of their machines with minimal user expertise. Aside from the fact that no OEMs are currently making enough money to really pay either RedHat or Mandrake a lot, if I where looking for a company to do that I would choose Mandrake. Why start from second-best to get better, when you can pay the best to get better ?
That's not going to happen, most programmers don't use those features and have no desire too. It is largely a matter of not needing them, they are simply not as useful as the people who think they are cool imagine, but it is also a matter of education, most programmers just don't see how to do it even when it would help them.
If a run time environment with those features is so great, why aren't we all using Common Lisp ?
What cooled the beer had nothing to do with the jet engine. It was just the expanding gas taking up heat.
He could of just put out his cig, opened the valve on the thing and let it roar, and it would get nice and chilly. Big smell though, and if some drives up causes a spark it might knock down the shed.
He could use a take of compressed air with perfect safety however.
I admitt my instincts would be to build the jet engine too. It's gotta be useful for something. (not that cold beer isn't useful).
Because then you can figure out the address of an array element by doing base_address + ( index * sizeof(array_type)). If they started from one you would have to do base_address + ( (index - 1) * sizeof(array_type)). That way you save an operation. Since array indexes are often on the inside of loops, this saves a lot overall.
Now, ever since C came out (and before that, with lisp and probably other languages, but C was the popular one) we've had languages that could move the index from 1 to 0 and adjust all the related math at compile time. But they stuck with starting the array index at 0.
IF
opportunity to force customer to spend more money exists, and also happens to delay them with upgrade until you are promoted to another position
THEN
I'm on that sell like stink on shit.
ENDIF
Slashdot Mirror
SSL must be keeping track of a certain amount of session type data. If several users are using the same machine to visit SSL sites, their browser keys don't get confused.
Cookies can at least be made optional.
If you try to keep track of sessions by unique stuff in the URL, you make it hard for users to cut-and-paste links to send to each other.
But I thought that the single cookie at login method was the best compromise, and I don't like this continuous cookie updating. I don't really know all the options in session management though.
Could you do it with SSL, making an https connection ? (Ignore for the moment the fact that this would drive processing power requirements through the roof.)
Here in Austin, Texas I occasionally get automated calls from a machine that leaves a message along the lines of "Hi, this is Louis Regal, and I am about to make a very important decision without your input, unless you call me as soon as possible . . . ." The man's voice is that slow-speaking, over modulated tone that commercials use to sell legal or medical stuff. I guess it works well with old people.
The number: 1-877-774-7998.
The other machine call I often get is from a guy who legally changed his name to "John World Peace" and is running for Governor or something, and wants you to "cast your vote for World Peace !" He usually rants and raves a bit about the Railroad Commissioner or something, I usually have a good laugh at his name and the chances of Texas electing him and hang up.
Nice to see it under the GPL. Now I will have to see if the old DR-DOS partition on this machine will still boot -- I don't think I've booted DOS in two years.
That page links to an old BYTE magazine article from 1983 about the release of windows 1.0. I love this quote:
"Moreover, programmers can take advantage of the ability to customize windows so that each software house retains its own distinct look within the Microsoft environment. The same enlightened attitude enabled Microsoft to resist the temptation to reserve Windows as an environment for its own applications programs. Microsoft is making Windows available to a number of applications software houses, including some major competitors."
Apple mattered in those days, and they could have given Microsoft a run for it's money with the "star trek project" linked to in the article. But they were undercut by someone offering more choices, just as Microsoft will be undercut by other choices today.
I was digging through years of accumulated floppies, sorting out which ones looked cool enough to see if they could still be read and which ones would go in the blank floppy bucket, and I found a two-diskette installation of GEM.
GEM is the windowing software mentioned in the star trek project link.
Just in case my floppies don't work, does anyone know if you can still find GEM on the web anywhere ?
Because then the race would be for second post, or first real post.
Even if you did something clever like wait until 10 posts have been submitted, then displayed them in random order, people would still try for first post. Even if the comment numbers were consecutive from story to story or started at a random number so that the post was not actually labeled #1, people would still try to be first.
As long as there is any way at all to distinguish posts, it will be done.
Most of the people I know who own consoles are far more likely to own a computer, to have upgraded if not installed the OS, and in at least a few cases run linux. In my sample, there is an association between technical sophistication (or at least interest) and game console ownership.
I think that game consoles are popular for other reasons. Intense advertising (more commercials on TV for game consoles and game console games than software games), the "hey another gadget to own" factor, and probably other things.
I think that the number of sales of game consoles due to technophobia and uncertainty of software is very low. In fact, a complicated interface might actually INCREASE sales among a certain segment.
Another run-from-cd linux I experimented with is finnix, but it is a little out of date and has no X.
One thing I noticed with finnix is that the RAM disks it creates are small. The demolinux page mentions a warning about the same thing. Has anyone used linux to create RAM disks bigger than 4 MB, and if so did they have to do anything special ?
But if you are going to release this into the wild, people on various ISPs are going to see packets coming from your machine and accuse you of trying to hack them. If it infects a "sick" host, makes it well, then infects a few more "sick" host, and then deletes itself and all tracks it can from the first one, it's harder for them to find you to use as a scapegoat.
Read up about Randall Schwartz and David McOwen before you jump in and run something like that, even if it is on your employer's computers and for good purpose. The fact is, sometimes you have to do your job annonymously.
The fix virus doesn't have to scan, it just has to *listen* on port 80, because the infected machines will announce themselves by attacking. So the good virus can:
1) listen on port 80 for the attack, or search local logs for the IPs of infected machines.
2) Wait a reasonable amount of time, say 24 hours, so that responsible administrators of infected machines can fix their machines they way they want to.
3) Use the root.exe backdoor to go in, close the hole, copy yourself there, and loop back to step 1)
4) After you have been on a machine for a certain amount of time, say a month, delete yourself, leaving the machine uninfected and with the hole closed.
How does that DDoS anyone ? It is conservative and unobtrusive enough that you wouldn't even know if it was already spreading through the internet now. The only way you could tell is by watching an infected machine to see if it got fixed.
Re-formatting and re-installing doesn't work if the default install has vulnerbility. The machine will just be infected again within minutes.
Not removing all vulnerbilities is better than not removing any. As far as making the detection of the exploit difficult, most of these people don't even realize that they are running the IIS webserver, and would have no idea how to patch it or turn it off. If you want to launch a virus that will educate users, well, you will fail. These people don't know about the systems they are running because they don't *care*, as long as it works for them. You have better luck teaching a high school detention hall about relativity. The users will just click, cntl-alt-delete, reset button, or even re-install selecting the exact same insecure options, and some how thrash their way back to being able to use their machine regardless of what helpful educational messages you pop up.
So I say those problems aren't problems. I would write a daemon would check any infected IP that attacked me 24 hours later, and if it was still infected, would just go in and patch/kill IIS/whatever. A little log file left in C:\ might scare the machine owner into thinking people were hacking his machine and that he needed to re-install which would cause him to get re-infected. So don't tell him shit. Go ahead and install McAfee and set his outlook options to make him see all of the file extensions, etc.
I thought about doing this myself by using the backdoor to up load a staticaly linked perl.exe and writing it all in perl. But Code Red is just not a big enough problem to be worth the time, let alone the heat you might get for writing a virus good or bad. I don't run IIS, I don't have websites that are much bothered by it, while my broadband connection is a little slower these days it is still pretty bearable. I say let the windows users just carry on.
As for ATT blocking your port 80, they are obviously not blocking it from inside their own network if you are getting exploit attempts on apache. ATT can't deny port 80 from the inside to the outside to stop their network from infecting other people because all their customers just browse the web; apparently they can't deny port 80 within their network or they already would have; so they are stuck doing something useless. It does nothing except degrade the worth of their service, until they have wiped out code red inside - shutting the barn door after the horse is IN, so to speak. Communicating this to anyone who could make the decision inside ATT broadband is hopeless, but what you should do is send them the token email to support and other places, and then cancel and switch to someone else.
The only person I could see bothering to write a fix-virus would be someone concerned about information spreading by the appearence of all these backdoors. For example, if I were a sys admin at the Pentagon or State Department or even a very large corporation, I would write that (probably make it not live outside my organization for legal reasons). Even though you probably can't use the backdoor Code Red creates to get from the outside to the inside, all those big organzations have a lot of compartmentalization of information and are so big you have to presume the existence of a few disgruntled employees or outright spies at any given time.
Used bookstores often have old CD sets. You won't get much older than RedHat 4.0 that way though.
I've also dug some interesting stuff out of the ten-cent-a-floppy bin at goodwill. Old versions of GEM (a pre-windows windowing system, I think, haven't tried it yet). One of the first versions of Lotus 1-2-3 turned out to be unfortunately unreadable due to floppy damage.
Is it possible that you could get some of the old floppy installation images (from the days when you used 14 floppies to install a linux) out of a usenet archive somewhere ?
Salon is definitely the Fox News of the left, except that they are more left than Fox News is right. I avoid them not for their biases, but because their web site was so abysmally designed and slow to read. I've heard they cleaned it up, I might check them out again.
While this Salon article says that Greg Palast found additional information to support the claim of the killings in Tanzania, Palast didn't put that information in the column in question. He also mentioned Amnesty's accusation without mentioning that they had backed down a bit (said that they couldn't confirm it, of course their investigation was also hampered).
I don't like the idea of some bewigged Brit judge dictating what can be on American web sites, or British web sites for that matter, but if you are going to pick a poster child or test case you could at least pick one where the journalism was above reproach, and known to be factually correct.
I think the reason why the suit was filed in UK court was that the main defendant was the Guardian, a UK newspaper. The fact that the writer was American and editted his site was just gravy. Perhaps he was worried about not being able to sell future work to the Gaurdian if he didn't help them out of their legal trouble.
So I don't think that Barrick went hunting for a country to sue Greg Palast in.
After all, they could have sued Amnesty International, the original source of the allegations in question, in British court.
But searches of the various Amnesty sites (amnesty-usa.org and amnesty.org) as well as google searches on "Amnesty International Barrick" can't seem to find the original accusation. Perhaps AI quietly withdrew it ? (The search cgi scripts on a couple of the Amnesty sites seem broken, so maybe I just can't find it.)
Those web searches turn up a lot of liberal sites of the letsriot and indymedia ilk. They all mess themselves over the alledged Amnesty connection, but none of them provide a link to a press report or other documentation.
Can someone find the original Amnesty accusation on the "extra judicial killings" ?
It is also noteworthy that aside from that one accusation, all the other stuff (including speculation on the death of the geologist who fell out of the heliocopter) had been published in the Wall Street Journal, New York Times, and The Economist.
Perhaps Greg Palast's re-editting of his work can be seen as good journalism, not censorship.
I have no problem being derogatory towards people who try to use some sort of elitist attitude.
I don't think that I'm being inconsistent, either. The ability to read law and post doesn't come with any guarantee that you won't be proved wrong, ridiculed, or even called a twit. It's happened to me.
The "meme" that we have to fight here is the insidious suggestion constantly covertly propagated (via comments like compulawyer's, and incessent IANAL'ing) that a layman can somehow be held accountable for offering legal opinions. Such a concept is so violently against the 1st admendment that it doesn't stand up when stated openly, and only survives by being constantly tacitly implied.
In fact, the idea of licensing lawyers puts restrictions on what LAWYERS can say and do, and puts no restrictions at all on the rest of us. Of course even before we came up with the idea of licensing lawyers, it was illegal to take someone's money or influence them in some way to benefit yourself by lying about what you were; it is this idea of fraud that is twisted into the idea that common people run some risk in the open discussion of legal topics.
Dude, the purpose of sending him a warning that he was sharing that file would be to STOP his accounts from being wiped out. The deal is, what with people like that Schwartz guy at Intel being prosecuted for doing their job, I'm not about to pop up and helpfully tell anybody anything about any security problems. If the document is at a company or government there is no telling how they might react.
So I think the anonymous mail thing is a good one. Thanks.
I think the real legal misinformation here is your snooty remark about not commenting on the law if you are not a lawyer. I and any other person with about an 8th grade education are perfectly capable of reading the law, it is just words in the english language. The whole "you be quiet you peasant, only us lawyers can discuss these affairs" belongs in Europe, not America. I'd be more willing to put up with it if lawyers actually knew anything, but as you can see by checking out that NY Times Magazine article from a few weeks ago, a fifteen year old who watches Court TV knows more than you guys. And finally, you lower yourself to the point of that sniveling false concern that I might be posting legal information while not a lawyer. I am not a lawyer, and I'm damn proud of it. I think people will weigh my opinions on the law or other subjects more because of it.
However, you have the tone of someone who is clinging to a parchment. Why don't you just come right out and tell us where you are licensed ? Is it possible that I could actually pay you a token sum for your legal advice on trade secretes, just so you'd be actually putting something on the line ?
By the way, if anyone is looking for examples of how to be a twit, they'll find plenty in Compulawyer's userinfo. He likes to post these dignified little tidbits on trivial nonsense, and seems to be on the search for some area in which his mature opinions on software engineering practices requiring correctness proofs and etc will be worshipped by a bunch of cub scouts.
Regardless of what level of effort is required to define something as a trade secret, it is still a fact that once it is in the open, it is not a trade secrete any more. You can go after the person who first released it for damages, but all the other people using that information are probably on safe ground.
Trade secrete laws are more likely to be state laws rather than federal laws, unlike copyright and patents, so it may vary from place to place.
In general, I think the thrust of the system is to punish those who betray other people's trust, but encourage the secrete-keepers to come within the covenant of the patent system, where essential you trade publication (anyone can read the patent) for a limited government enforced monopoly.
Try searching on gnutella for "resume.doc" or "letter" or ".xls". Apparently many people use gnutella at work and set it to share C:\.
.DLL files in various versions of windows, to find a gnutella host sharing everything, and then do the "list all files on this host" thing to look at the user's personal files.
For about a weekend or so it was a sport with me. I downloaded a ton of stuff I am sure was not meant for the public -- there was a breakup letter where the writer stoped midsentence and types "aw fuckit i'll stay with her" (but then for some reason saved the letter ? don't ask me). I also found some business oriented xls files and ppt files. Most interesting was the fact that you could find what I think were people's outlook and eudora mailfiles, those inbox.dbx things. I have no idea how to view those.
Anyway, I got bored and moved on to other shit. The best thing I found was a file called either "private.txt" or "secrete.txt" which looked like the following:
SSN: #########
PIN(ATM): ####
PIN(VISA): ####
WellsFargo: user/passwd
yahoo: user/passwd
(a university student network domain): user/passwd
So I guess this guy decided to consolidate all of his sensitive info into one place, decided to put it on a computer, and then accidently shared it with the whole fucking internet.
I wanted to try the yahoo user/passwd just to see if it was real, but at that point I stopped and thought and decided that actually using the information people were inadvertendly sharing to snoop information they _weren't_ inadvertently sharing was probably where the legal/ethical boundary would be crossed. I never sent email to the yahoo address or the university one because I was afraid of being accused of being a hacker. The sad thing is that my gnutella client automatically moves completed downloads to the shared directory, so it is possible I further shared that file with others before I deleted it.
If there were some way you could filter your gnutella search results on IPs belonging to cable/DSL users in the DC area, or by those belonging to employees of a particular company, etc, then you could really do some damage.
I talked about this with other people and some of them apparently search for the names of
So I guess the moral is, make sure your friends know how to configure their gnutella clients correctly.
RedHat, the previous usage leader, always needs post-installation twiddling to get everything usable (in my experience). This often involves adding a module or option to the kernel. Unfortunately, the fact that you have to then edit the top level kernel makefile and replace "gcc" with "kgcc" in two places is enough to put a usable RedHat installation out of the reach of many. Hell, it always bites me after I try and get compile errors, then I remember oh shit, I forgot RH screwed themselves, and go back.
On the other hand, it might be possible that Mandrake is just as hard to post-install twiddle, but I've have never had to do it. Mandrake is always usable, having drivers or modules for all hardware, after the install. I just start using it.
This difference goes back at least to the RH6.2/Mandrake7.0 days (just a few months ago). For example, at that time RedHat wouldn't run out of the box on athlons, unless you knew enough to type in a special kernel option to LILO. Then you had to go and edit lilo.conf and rerun lilo, or recompile the kernel so it didn't need that option. Mandrake spun up right off the bat.
I think that one of the best hopes for either RedHat or Mandrake is to be paid fees by an OEM to make sure the distribution works on all of their machines with minimal user expertise. Aside from the fact that no OEMs are currently making enough money to really pay either RedHat or Mandrake a lot, if I where looking for a company to do that I would choose Mandrake. Why start from second-best to get better, when you can pay the best to get better ?
That's not going to happen, most programmers don't use those features and have no desire too. It is largely a matter of not needing them, they are simply not as useful as the people who think they are cool imagine, but it is also a matter of education, most programmers just don't see how to do it even when it would help them.
If a run time environment with those features is so great, why aren't we all using Common Lisp ?
What cooled the beer had nothing to do with the jet engine. It was just the expanding gas taking up heat.
He could of just put out his cig, opened the valve on the thing and let it roar, and it would get nice and chilly. Big smell though, and if some drives up causes a spark it might knock down the shed.
He could use a take of compressed air with perfect safety however.
I admitt my instincts would be to build the jet engine too. It's gotta be useful for something. (not that cold beer isn't useful).
Because then you can figure out the address of an array element by doing base_address + ( index * sizeof(array_type)). If they started from one you would have to do base_address + ( (index - 1) * sizeof(array_type)). That way you save an operation. Since array indexes are often on the inside of loops, this saves a lot overall.
Now, ever since C came out (and before that, with lisp and probably other languages, but C was the popular one) we've had languages that could move the index from 1 to 0 and adjust all the related math at compile time. But they stuck with starting the array index at 0.
IF
opportunity to force customer to spend more money exists, and also happens to delay them with upgrade until you are promoted to another position
THEN
I'm on that sell like stink on shit.
ENDIF