Re:Why arent governments proacting agaisnt these n
on
Over a Million Zombie PCs
·
· Score: 2, Interesting
This is THE major problem afflicting the internet, why dont governments form a unit to identify and at least notifiy the owners of these machines?
Why should they? It's the ISPs who make money by providing Internet access. They should be responsible for alerting their customers about compromised machines. Most of them don't because it costs too much money, and there's little liability even if you do absolutely nothing.
On the other hand, customers aren't willing to pay for a notification service, or accept the privacy implications (notifying customers requires a mapping from dynamically assigned IP addresses to customer accounts). What's worse, a large percentage of them will just switch to another ISP once you restrict their network access because of a compromise.
If this is the case, though, I wonder why Sparc is being dropped.
SPARC has barely any upstream support in the kernel. kernel.org kernels are frequently broken. What's worse, Debian hasn't got a SPARC maintainer right now.
Seeing as they're the major systems out there. But IA-64? I've barely heard of that, and TFA says Microsoft dropped XP for that. Can anyone elaborate as to why this one was kept?
For IA64, kernel, toolchain and libc are maintained by upstream, and Debian itself has sufficient IA64 know-how, as well. That's why it's practical to keep it.
He isn't joking, I'm afraid. The Cisco GPL ("General Price List") used to have more than 32,000 lines. Apparently, such abuse of Excel as a database (or CSV exchange format replacement) is quite common.
I think in Tannenbaum's book there's a reference which states that offloading network processing normally isn't useful, because the CPU that work is offloaded to is always less powerful than the main CPU and the main CPU is normally blocked in it's task until the network processing has completed.
This a bit of an oversimplification. There are at least three cases in which offloading makes sense: dropping packets on the NIC (for example, during a DoS attack), reducing bus overhead by combining multiple requests into one (TCP segmentation offload), and computation which takes significant advantage from special hardware (TCAM/network search engines for making forwarding decisions).
The first two issues are mostly relevant only on systems in which the NIC shares a comparatively low-bandwidth bus with other devices. The third one requires specialized memory chips (TCAM). AFAIK, a reasonable sized TCAM chip still costs too much for integration even into high-end NICs, and its power consumption is also a concern. That's why I think that offloading doesn't makes too much sense for NICs (at least from technical point of view, it's very nice for marketing, though).
So... how exactly are they going to ship patches in the case of a security issue?
Typically, the host system driver uploads the firmware code that deals with all non-essential features (obviously, booting from network already needs most of the firmware).
The first 10% share of the browser market is easy. To get any more than that will be very difficult. Difficulty further enhanced by actions Microsoft may take.
Microsoft will not repeat the Netscape mistake. Mozilla and Firefox are good for them because they can claim they no longer have a monopoly (and giving away browsers for free is okay). After all, browsers are no threat to Microsoft's main revenue sources.
That said, the patent itself isn't regarding a Help Icon. It is the function where you first click on the help icon/button, and then on the particular function you need help with.
Uh-oh, didn't Microsoft Excel 4.0 already have such a button, which you could activate, then select a menu item, and receive help on that menu item?
Could it be that the poor encryption security was actually on purpose?
Rather unlikely. Their previous encryption scheme was far worse, and they could have kept using it. I doubt there was much pressure from customers to implement better cryptography. (There is little customer demand for increased security, either.)
DENIC is not as neutral as it claims to be. It pursues the interests of its members (like every good co-op should do), not those of all Internet users. Sometimes, the interests diverge. For example, DENIC members generally want easy domain transfers with as little validation as possible (because they make money by transferring domains), but most corporate users want rock-solid delegations that cannot be altered by anyone except themselves.
If the password for the hard drive is set, you won't be able to move the drive to another system or it will look like the drive is dead. If you do know the master password and try it in another system, I believe it will wipe out the drive, it's pretty secure, and the main reason I use ThinkPads.
The hard disk doesn't encrypt the data it stores, so anyone with a decent lab for hard disk data recovery can read its contents. However, this is more complicated than resetting a BIOS password, and it might give you the necessary time to revoke all cryptographic keys and other tokens stored on the machine.
This sounds like SecureID cards, which are time-synched to a master server which runs the same algorithm/seed. SecureID has a long history in the IT world, and works relatively well (and, as far as I know, no one has ever hacked the algorithm).
The FSF is contractually bound to continue publishing software under a free license (reread your assignment contract). They worst thing they could do is to switch to a BSD license which encourages software hoarding.
Tortoise: Oh, yes. Well, you see, the Crab came over to visit one day. You must understand that he's always had a weakness for fancy gadgets, and at that time he was quite an aficionado for, of all things, record players. He had just bought his first record player, and beign somewhat gullible, believed every word the salesman had told him about it -in particular, that it was capable of reproducing any and all sounds. In short, he was convinced that it was a Perfect phonograph.
Achilles: Naturally, I suposse you disagreed.
Tortoise: True, but he would hear nothing of my arguments. He staunchly maintained that any sound whatever was reproducible on his machine. Since I couldn't convince him of the contrary, I left it at that. But not long after that, I returned the visit, taking with me a record of a song which I had myself composed. The song was called "I Cannot Be Played on Record Player 1".
Achiles: Rather unusual. Was it a present for the Crab?
Tortoise: Absolutely. I suggested that we listen toit on his new phonograph, and he was very glad to oblige me. So he put it on. But unfortunately, after only a few notes, the record player began vibrating rather severely, and then with a loud "pop", broke into a large number of fairly small pieces, scattered all about the room. The record was utterly destroyed also, needless to say.
Achiles: Calamitous blow for the poor fellow, I'd say. What was the matter with this record player?
Tortoise: Really, there was nothing the matter, nothing at all. It simply couldn't reproduce the sounds on the record which I had brought him, because they were sounds that would make it vibrate and break.
(More is here. Buy the book, those dialogues are really fun to read, even if you are scared by the remaining parts of the book.)
The Apple vs. Real battle will be fun to watch, and of course, Apple has no chance of winning within the system. We'll see when Apple realizes this, steps out of the system, and sues Real.
Because it used to be innovative? I wrote tracking software for an experimental mobile phone with GPS capabilities a few years ago. We had to work with the degraded Selective Availability signal (and differential GPS). However, it was quite interesting, and you could do neat things with it.
It appeared as if there might be a huge market because U.S. legislation was under way to mandate localization of 911 calls, and it wasn't clear if the existing network would allow for the required accuracy.
If universally adopted (at least by parents who can afford it), it means that a generation grows up which is used to well-meaning surveillance using GPS tracking. Some day, this generation will grow up and rule the U.S., and their experience with GPS-based surveillance (or their non-experience, because they view it as a necessary evil) will encourage them to pass new surveillance legislation.
However, this development is unrealistic because localization of 911 calls from cell phones is already close to implementation.
2) Log comparison. PG collects a log of every ip you connect to against the time. If someone gets a letter we get them to cross-reference the time the infringement is said to be on the letter (this must legally be included) with the ips in their log. 9/10 it is an obvious IP doing the scanning that can be found.
Ahem, and what prevents these logs from being subpoenaed?
Slashdot Mirror
This is THE major problem afflicting the internet, why dont governments form a unit to identify and at least notifiy the owners of these machines?
Why should they? It's the ISPs who make money by providing Internet access. They should be responsible for alerting their customers about compromised machines. Most of them don't because it costs too much money, and there's little liability even if you do absolutely nothing.
On the other hand, customers aren't willing to pay for a notification service, or accept the privacy implications (notifying customers requires a mapping from dynamically assigned IP addresses to customer accounts). What's worse, a large percentage of them will just switch to another ISP once you restrict their network access because of a compromise.
Oracle is not in the actual linked article.
Oracle is an Agility Alliance partner, though. You could have checked this easily.
If this is the case, though, I wonder why Sparc is being dropped.
SPARC has barely any upstream support in the kernel. kernel.org kernels are frequently broken. What's worse, Debian hasn't got a SPARC maintainer right now.
Seeing as they're the major systems out there. But IA-64? I've barely heard of that, and TFA says Microsoft dropped XP for that. Can anyone elaborate as to why this one was kept?
For IA64, kernel, toolchain and libc are maintained by upstream, and Debian itself has sufficient IA64 know-how, as well. That's why it's practical to keep it.
He isn't joking, I'm afraid. The Cisco GPL ("General Price List") used to have more than 32,000 lines. Apparently, such abuse of Excel as a database (or CSV exchange format replacement) is quite common.
DEC Alpha + OpenVMS = no such thing as a buffer overflow and 64 bit processing as well.
DEC ported the Microsoft DCOM implementation from Windows to OpenVMS, including its buffer overflow bugs.
I think in Tannenbaum's book there's a reference which states that offloading network processing normally isn't useful, because the CPU that work is offloaded to is always less powerful than the main CPU and the main CPU is normally blocked in it's task until the network processing has completed.
This a bit of an oversimplification. There are at least three cases in which offloading makes sense: dropping packets on the NIC (for example, during a DoS attack), reducing bus overhead by combining multiple requests into one (TCP segmentation offload), and computation which takes significant advantage from special hardware (TCAM/network search engines for making forwarding decisions).
The first two issues are mostly relevant only on systems in which the NIC shares a comparatively low-bandwidth bus with other devices. The third one requires specialized memory chips (TCAM). AFAIK, a reasonable sized TCAM chip still costs too much for integration even into high-end NICs, and its power consumption is also a concern. That's why I think that offloading doesn't makes too much sense for NICs (at least from technical point of view, it's very nice for marketing, though).
So... how exactly are they going to ship patches in the case of a security issue?
Typically, the host system driver uploads the firmware code that deals with all non-essential features (obviously, booting from network already needs most of the firmware).
The first 10% share of the browser market is easy. To get any more than that will be very difficult. Difficulty further enhanced by actions Microsoft may take.
Microsoft will not repeat the Netscape mistake. Mozilla and Firefox are good for them because they can claim they no longer have a monopoly (and giving away browsers for free is okay). After all, browsers are no threat to Microsoft's main revenue sources.
That said, the patent itself isn't regarding a Help Icon. It is the function where you first click on the help icon/button, and then on the particular function you need help with.
Uh-oh, didn't Microsoft Excel 4.0 already have such a button, which you could activate, then select a menu item, and receive help on that menu item?
Could it be that the poor encryption security was actually on purpose?
Rather unlikely. Their previous encryption scheme was far worse, and they could have kept using it. I doubt there was much pressure from customers to implement better cryptography. (There is little customer demand for increased security, either.)
the "write once" mantra has been with us for 30+ years... and, in that regard, java beats the living pants off the other contenders.
Only because you can install multiple virtual machine revisions in parallel. Actually, this is cheating, as it increases the maintainance overhead.
DENIC is not as neutral as it claims to be. It pursues the interests of its members (like every good co-op should do), not those of all Internet users. Sometimes, the interests diverge. For example, DENIC members generally want easy domain transfers with as little validation as possible (because they make money by transferring domains), but most corporate users want rock-solid delegations that cannot be altered by anyone except themselves.
I have been wondering when I would start to see these alternate character set domain names that you can get now play a role in this.
I'm sure you also received one of the ro1ex.com and va1ium.com spam runs. This problem has little to do with internationalization.
On the other hand, IDNA support in Internet Explorer is very limited, so misleading users with IDNA is not a top priority.
If the password for the hard drive is set, you won't be able to move the drive to another system or it will look like the drive is dead. If you do know the master password and try it in another system, I believe it will wipe out the drive, it's pretty secure, and the main reason I use ThinkPads.
The hard disk doesn't encrypt the data it stores, so anyone with a decent lab for hard disk data recovery can read its contents. However, this is more complicated than resetting a BIOS password, and it might give you the necessary time to revoke all cryptographic keys and other tokens stored on the machine.
[Pentium 4 scheduling in GCC]
I think it does have at least something rudimentary in that department
This was a bug.
Using "march=pentium4" will probably yield slower code than using just "pentium3" because the scheduling for these CPUs is so different.
GCC hasn't got a scheduler for the Pentium 4 anyway.
This sounds like SecureID cards, which are time-synched to a master server which runs the same algorithm/seed. SecureID has a long history in the IT world, and works relatively well (and, as far as I know, no one has ever hacked the algorithm).
The algorithm was posted to BUGTRAQ in 2000.
Ok, but what happens if someone buys the FSF.
The FSF is contractually bound to continue publishing software under a free license (reread your assignment contract). They worst thing they could do is to switch to a BSD license which encourages software hoarding.
If this bugs you, remove the "or later" part.
Data already had the rank of Lt. Commander. That means that Star Fleet already recognized his ability to make decisions on his own.
Maybe Star Fleet gave him that rank because he thought it would look good on his business card?
My program requires a three month placement in the IT security and forensics industry.
University IT doesn't count? Usually, there's plenty work to do in the security and forensics area.
If I were a IT security company, I wouldn't hire someone with no previous experience for just three months. The risks are simply too high.
Tortoise: Oh, yes. Well, you see, the Crab came over to visit one day. You must understand that he's always had a weakness for fancy gadgets, and at that time he was quite an aficionado for, of all things, record players. He had just bought his first record player, and beign somewhat gullible, believed every word the salesman had told him about it -in particular, that it was capable of reproducing any and all sounds. In short, he was convinced that it was a Perfect phonograph.
Achilles: Naturally, I suposse you disagreed.
Tortoise: True, but he would hear nothing of my arguments. He staunchly maintained that any sound whatever was reproducible on his machine. Since I couldn't convince him of the contrary, I left it at that. But not long after that, I returned the visit, taking with me a record of a song which I had myself composed. The song was called "I Cannot Be Played on Record Player 1".
Achiles: Rather unusual. Was it a present for the Crab?
Tortoise: Absolutely. I suggested that we listen toit on his new phonograph, and he was very glad to oblige me. So he put it on. But unfortunately, after only a few notes, the record player began vibrating rather severely, and then with a loud "pop", broke into a large number of fairly small pieces, scattered all about the room. The record was utterly destroyed also, needless to say.
Achiles: Calamitous blow for the poor fellow, I'd say. What was the matter with this record player?
Tortoise: Really, there was nothing the matter, nothing at all. It simply couldn't reproduce the sounds on the record which I had brought him, because they were sounds that would make it vibrate and break.
(More is here. Buy the book, those dialogues are really fun to read, even if you are scared by the remaining parts of the book.)
The Apple vs. Real battle will be fun to watch, and of course, Apple has no chance of winning within the system. We'll see when Apple realizes this, steps out of the system, and sues Real.
... would your phone have a GPS anyway?
Because it used to be innovative? I wrote tracking software for an experimental mobile phone with GPS capabilities a few years ago. We had to work with the degraded Selective Availability signal (and differential GPS). However, it was quite interesting, and you could do neat things with it.
It appeared as if there might be a huge market because U.S. legislation was under way to mandate localization of 911 calls, and it wasn't clear if the existing network would allow for the required accuracy.
If universally adopted (at least by parents who can afford it), it means that a generation grows up which is used to well-meaning surveillance using GPS tracking. Some day, this generation will grow up and rule the U.S., and their experience with GPS-based surveillance (or their non-experience, because they view it as a necessary evil) will encourage them to pass new surveillance legislation.
However, this development is unrealistic because localization of 911 calls from cell phones is already close to implementation.
2) Log comparison. PG collects a log of every ip you connect to against the time. If someone gets a letter we get them to cross-reference the time the infringement is said to be on the letter (this must legally be included) with the ips in their log. 9/10 it is an obvious IP doing the scanning that can be found.
Ahem, and what prevents these logs from being subpoenaed?