I didn't see anything in either article about the question of offshore trackers and peers.
Can the FBI legitimately scan, say, The Pirate Bay, to discover the IP addresses of supposed child-porn torrenters? Obviously if the person is downloading the material to a computer in the US is liable under Federal laws, but was the evidence obtained legally if it's based on scanning a foreign tracker?
Giving the FBI unfettered access to monitor the entire global Internet raises profound questions about the meaning of limits on the FBI's activities overseas.
But, then, anything's fair game when it comes to protecting children.
And, really, relying on file names is just so ridiculous that I'm shocked it might have actually resulted in some legitimate prosecutions. I suppose there's a clueless bunch of pedo types who just browse sites looking for 'young girl in action' types of filenames, but there's also got to be a more clueful bunch who maintain their own private networks.
Did you even glance at TFA? The graph shows traffic for the 200 most popular torrents listed on major sites like TPB. Even if some Linux distribution is in that 200, which I very seriously doubt, legitimate torrents are hardly driving the growth in the traffic reported there.
You can continue to tell yourself fantasy stories like this to make you feel better while downloading. The rest of us know that the vast bulk of BT traffic infringes copyrights right and left.
I use BT to download anime fansubs. I know it's illegal, but I do it anyway because there are shows I'll never be able to see in the US otherwise. I buy DVDs for my favorite shows if they are released here; I buy the Japanese soundtrack CDs for favorite shows that will never see the light of day in America. I wouldn't have spent any of this money without torrenting, so overall the industry has gained from my actions. I don't think I'm very representative of the torrenting community at large, though.
I don't torrent any material that is available legally in the United States.
If you don't actually get convicted, the sample gets destroyed.
If this practice is actually followed, it might mitigate some against building up a large library of samples from people wrongly accused of some crime.
Still, how would you know that the sample was destroyed? Right now it's probably less costly to store the physical samples than to extract the sequence information and store it digitally somewhere. The time will come, though, when automated sequencers become cheap enough that digital storage might be more feasible. If that happens, confirming that the physical sample is destroyed by whatever means won't guarantee the information it contains isn't stored digitally somewhere else.
One other thing. I wonder if the OK legislature will launch an investigation into this fiasco, or will they avoid the problem since the people on the list were, after all, "sex offenders." I'd like to see the head of the Department of Corrections be grilled on why this happened. Unfortunately any legislator who might broach the subject would probably be labeled as sympathetic to sex criminals.
This is an official government list of alleged "sex offenders," not a list of people with parking tickets. Developers tasked with providing public access to such sensitive information, and the people who employ and direct them, should be adhering to the best practices, not the worst practices as in this case.
The real issues are that
(a) No one in the OK government probably cared much about the privacy of these "sex offenders" because, well, they're "sex offenders."
(b) Government agencies are constantly tasked by executives and legislatures to implement programs they're ill-equipped to handle and often receive no additional funding to carry out these mandates. Do you think the OK agency involved had tens of thousands of dollars to hire outside contractors with solid coding skills to undertake this task? Probably they handed it to someone in house who knew how to write SQL queries and a little PHP.
I'd fire the lot of them, including the department heads, and start over with people who have at least some clue about good IT practices. If this fiasco was actually the product of an outside consulting shop, I'd ban them from working for my state government for a very long time.
If we don't have substantial and public penalties for poor management like this, we're just going to be repeating our mistakes.
Most processes like Internet growth have long-term curves that look like the logistic function. Growth starts slowly, then ramps up quickly, but eventually the rate of growth slows. Sometimes this phenomenon represents a mathematical reality; rates of "penetration" of technologies into a population are the most common example. (In the US, it looks like HDTV's are in the rapid growth phase, but that will slow as the demand for the TVs is sated.)
Internet traffic growth obviously isn't constrained the same way penetration rates are, but the fact that the rate of growth is slowing is probably some indication of satiation.
The BusinessWeek story tells of a forged email sent to a senior official at Booz, Allen Hamilton involved with sales of US military hardware. The From address was forged to be from a senior Defense Department official, and the message contained a trojan PDF attachment that included a keystroke logger. These sorts of targeted attacks ("spear-phishing") have been on the rise in the commercial sector as well.
But, let's analyze this particular event for a moment. First, why would Booz, Allen's email server accept as legitimate an email claiming to be from the Defense Department when it was sent through Korea and Yahoo? Messages like that ought to be blocked at the doorstep. I don't let mail with @aol.com From addresses in here unless they come from AOL's own servers. The fact that such an obviously illegitimate email could be accepted by one of America's largest defense contractors make me wonder how they recruit their network staff.
Next, why aren't they using public-key encryption, or at least digital certificates for authentication? Hell, they ought to be using SMTP-level encryption with certificates for every message sent by DOD mail servers to their contractors. We're apparently more concerned about regulating the privacy of people's health information through HIPAA rules than we are about the privacy and security of communications between the military and its contractors. If you send an email with "patient health information" between providers in the clear, you could be in a heap of trouble. Why doesn't that mindset apply to defense contractors who have a lot more money to spend on this stuff than health providers?
The article also glosses over the role that the Microsoft monoculture plays in all this. Some of these attacks target OS to install things like keyloggers, but another large chunk apparently exploit Office applications like Word, Powerpoint, and Access. The article suggests that a large amount of militarily-sensitive data is kept in Access databases which make them an appealing target. Apparently the intent is to burrow small modules into Access databases that ship out the data in the background when the database is opened. Last time I looked, Access wouldn't really be my choice for a database designed to hold and protect militarily-sensitive data.
While it might be nice to think of the problem as somehow analogous to closing the borders, it looks to me like the usual security principle applies. It matters more who and what's behind the firewall than what's coming in.
BTW, the whole focus on the guy running a domain registration service in China was patently ridiculous. Of course, no one with a throwaway GoDaddy account ever used it to hack into something; it's only those devious Chinese who've figured this out.
Are you using the nVidia drivers at Livna? Only once did they not have updated drivers available when I ran a kernel update on Fedora, and that was because I updated on the day the new kernel was released. If you can wait a day or two before installing the latest kernel update (personally I can wait a lot longer than that), running "yum update kmod-nvidia" after adding the Livna repo is a cinch.
So there were sessions about the desktop, but they were closed to the media? I fail to see what purpose that served. Looking at the titles of those sessions, it's hard to see what might make them so secret. Weren't they largely slide presentations and a lot of chatter? It's hard to imagine someone letting slip some trade secret in a room full of competitors.
People at the Linux Foundation should know that holding closed-door meetings won't be well received by a substantial fraction of the Linux userbase.
Calling yourselves "The Linux Foundation" suggests a degree of breadth and openness that this group clearly does not demonstrate. I don't have a problem with corporations holding meetings to determine what they might undertake collectively, but then call it what it is, the "Corporate Linux Users Foundation" or something like that. It's nice that they pay Linus's salary, I guess, but do you really think Novell or RedHat or IBM would tell him to take a hike if he offered to work at one of those places instead?
I wonder what kind of access you get for an individual affiliate membership of $25? Somehow I doubt they'd pay much attention to me compared to those Platinum sponsors at $500K. Reading the Bylaws tells me only that as an affiliate member I can't vote for members of the Board, vote to dissolve the Foundation, etc. Other than that, whatever privileges Affiliates get is determined by the Board. I didn't see a list of those privileges, but I can't claim to have scoured the site.
And, doesn't Adobe have a few interests on the desktop?
I wonder what happened to those engineers who designed the "Big Dig" tunnel that collapsed in Boston two years ago. Here's what happened to their employers Bechtel/Parsons Brinckerhoff:
BPB paid a $407 million settlement, but in return,
"Under the settlement, Bechtel/Parsons Brinckerhoff will not face criminal charges in the deadly Interstate 90 tunnel ceiling collapse in July 2006. Milena Del Valle, 39, of Boston, was crushed by 26 tons of concrete as she and her husband drove to Logan International Airport.
The deal also does not bar the consortium from receiving future government contracts. Bechtel/Parsons Brinckerhoff was paid more than $2 billion to manage the project."
You know which company is still facing potential criminal liability (involuntary manslaughter)? The family-owned business that made the adhesives, Powers Fasteners.
From my recent job hunting recruiters can hurt more often than help with landing a position. A placement fee of 10-15% yearly salary makes managers reluctant to take any risk. They worry about making a decision that will result in a 3 or 6 month hire regardless of the payoff. Better safe than sorry.
I work for myself so perhaps I'm just way off-base here. If so, ignore me.
Reading through this thread I see a lot of frustrated and unhappy people who seem ready to change jobs, not to mention those unemployed by cutbacks and outsourcing. So why would firms need to pay some recruiter 10-15% of an annual salary to find talent? It sounds like there's lots of talent available just waiting to hear you have an open position.
Just curious, but do you have kids? If so, which do you love more, your job or your kids?
For many of us, a profession, no matter how interesting or worthwhile, simply can't demand the same amount of "love" as our families. Of course, you can devote yourself to your job and let "the little woman" (and it's almost always a woman in these situations) be in charge of the family. You and your children will both have reasons to regret that decision in a decade or two.
"9-to-5-ism" as you put it represents a healthy acknowledgement of the fact that humans have many different needs besides fulfilling employment. And, often, people who love their jobs as you describe end up being exploited by their employers.
I'm replying to myself to avoid a flamefest from BSD advocates. Yes, the BSDs were an option, but we started with Linux, and it met our needs. Linux was also in a period of rapid development in 1994, and its culture felt closer to our goal of developing low-cost, all-purpose Internet appliances for nonprofits and smaller businesses. (What a poor business plan this turned out to be, but that's for another day.)
I must have been a masochistic brainfuck then. We were serving web pages and handling email and nameservice on 386/486 boxes running Linux as early as 1994. Still do, though the hardware is a bit beefier.
How would you have built a Internet-capable server in 1994 on the x86 platform? There was Windows, which really had no support for TCP/IP-based services at the time, various commercial *nix products like Unixware, SCO or Xenix, and Linux. It took us two days to discard Unixware as an option (what a loser), while products like SCO or Xenix were way too expensive for our needs. That left Linux. We started with Slackware and the 1.1.59 kernel; I've never looked back.
Nor was Windows designed to be multi-user in the first place, either. It's roots were in DOS - one computer, one user. Even running with Netware, the workstations were still fundamentally single-user systems. The NOS controlled access to storage and peripherals.
Have you ever heard of the (unelected) European Commission? Battles have been fought for decades now over the power of the EC bureaucrats to impose regulations at whim with little oversight by the European Parliament. Then there's the little problem that the proposed EU "constitution" is about ten times longer than the American one and written in impenetrable bureaucratese. Constitutions are supposed to set basic structures in place, not govern policy details. It's no surprise to me that getting public support for such a "constitution" has proven a difficult task.
Those income-based taxes are pretty meager actually. I would have paid more tax on a single item I purchased from Amazon, a Sony HDTV, than I would be paying under this schedule for all my interstate purchases.
Reading the Gizmodo article lead me to believe we were talking about one specific robot, not the hordes of robotic warriors that the Reg made this out to be.
Somebody should give Ratchet a call and ask him to send over a couple of those little remote-controlled spiders he has in his inventory. They're a lot cuter than these lunks and seem to work quite well for him.
I bought my daughter a new Vista laptop with motherboard Intel 3945 wireless. It worked out of the box with both Ubuntu and Fedora. Oh, and the Intel 945 motherboard graphics works just fine as well.
Slammer and its derivatives (Sobig, etc.) targeted Microsoft SQL Server. It so happened that some MS desktop applications also had code derived from SQL Server and were thus also vulnerable.
That's not to say that there weren't also worm attacks against Apache. And many PHP applications have been exploited to carry out cross-site scripting attacks.
Still, framing the question as "Now show me an OS that hasn't been exploited at least once?" seems disingenuous at best. Shouldn't we also consider the frequency and success rate of these exploits? By those criteria Windows has a much poorer record than *nix-based OS's, and it's not just because there are lot more Windows machines in the world.
Slashdot Mirror
I didn't see anything in either article about the question of offshore trackers and peers.
Can the FBI legitimately scan, say, The Pirate Bay, to discover the IP addresses of supposed child-porn torrenters? Obviously if the person is downloading the material to a computer in the US is liable under Federal laws, but was the evidence obtained legally if it's based on scanning a foreign tracker?
Giving the FBI unfettered access to monitor the entire global Internet raises profound questions about the meaning of limits on the FBI's activities overseas.
But, then, anything's fair game when it comes to protecting children.
And, really, relying on file names is just so ridiculous that I'm shocked it might have actually resulted in some legitimate prosecutions. I suppose there's a clueless bunch of pedo types who just browse sites looking for 'young girl in action' types of filenames, but there's also got to be a more clueful bunch who maintain their own private networks.
Did you even glance at TFA? The graph shows traffic for the 200 most popular torrents listed on major sites like TPB. Even if some Linux distribution is in that 200, which I very seriously doubt, legitimate torrents are hardly driving the growth in the traffic reported there.
You can continue to tell yourself fantasy stories like this to make you feel better while downloading. The rest of us know that the vast bulk of BT traffic infringes copyrights right and left.
I use BT to download anime fansubs. I know it's illegal, but I do it anyway because there are shows I'll never be able to see in the US otherwise. I buy DVDs for my favorite shows if they are released here; I buy the Japanese soundtrack CDs for favorite shows that will never see the light of day in America. I wouldn't have spent any of this money without torrenting, so overall the industry has gained from my actions. I don't think I'm very representative of the torrenting community at large, though.
I don't torrent any material that is available legally in the United States.
If you don't actually get convicted, the sample gets destroyed.
If this practice is actually followed, it might mitigate some against building up a large library of samples from people wrongly accused of some crime.
Still, how would you know that the sample was destroyed? Right now it's probably less costly to store the physical samples than to extract the sequence information and store it digitally somewhere. The time will come, though, when automated sequencers become cheap enough that digital storage might be more feasible. If that happens, confirming that the physical sample is destroyed by whatever means won't guarantee the information it contains isn't stored digitally somewhere else.
One other thing. I wonder if the OK legislature will launch an investigation into this fiasco, or will they avoid the problem since the people on the list were, after all, "sex offenders." I'd like to see the head of the Department of Corrections be grilled on why this happened. Unfortunately any legislator who might broach the subject would probably be labeled as sympathetic to sex criminals.
This is an official government list of alleged "sex offenders," not a list of people with parking tickets. Developers tasked with providing public access to such sensitive information, and the people who employ and direct them, should be adhering to the best practices, not the worst practices as in this case.
The real issues are that
(a) No one in the OK government probably cared much about the privacy of these "sex offenders" because, well, they're "sex offenders."
(b) Government agencies are constantly tasked by executives and legislatures to implement programs they're ill-equipped to handle and often receive no additional funding to carry out these mandates. Do you think the OK agency involved had tens of thousands of dollars to hire outside contractors with solid coding skills to undertake this task? Probably they handed it to someone in house who knew how to write SQL queries and a little PHP.
I'd fire the lot of them, including the department heads, and start over with people who have at least some clue about good IT practices. If this fiasco was actually the product of an outside consulting shop, I'd ban them from working for my state government for a very long time.
If we don't have substantial and public penalties for poor management like this, we're just going to be repeating our mistakes.
Most processes like Internet growth have long-term curves that look like the logistic function. Growth starts slowly, then ramps up quickly, but eventually the rate of growth slows. Sometimes this phenomenon represents a mathematical reality; rates of "penetration" of technologies into a population are the most common example. (In the US, it looks like HDTV's are in the rapid growth phase, but that will slow as the demand for the TVs is sated.)
Internet traffic growth obviously isn't constrained the same way penetration rates are, but the fact that the rate of growth is slowing is probably some indication of satiation.
The BusinessWeek story tells of a forged email sent to a senior official at Booz, Allen Hamilton involved with sales of US military hardware. The From address was forged to be from a senior Defense Department official, and the message contained a trojan PDF attachment that included a keystroke logger. These sorts of targeted attacks ("spear-phishing") have been on the rise in the commercial sector as well.
But, let's analyze this particular event for a moment. First, why would Booz, Allen's email server accept as legitimate an email claiming to be from the Defense Department when it was sent through Korea and Yahoo? Messages like that ought to be blocked at the doorstep. I don't let mail with @aol.com From addresses in here unless they come from AOL's own servers. The fact that such an obviously illegitimate email could be accepted by one of America's largest defense contractors make me wonder how they recruit their network staff.
Next, why aren't they using public-key encryption, or at least digital certificates for authentication? Hell, they ought to be using SMTP-level encryption with certificates for every message sent by DOD mail servers to their contractors. We're apparently more concerned about regulating the privacy of people's health information through HIPAA rules than we are about the privacy and security of communications between the military and its contractors. If you send an email with "patient health information" between providers in the clear, you could be in a heap of trouble. Why doesn't that mindset apply to defense contractors who have a lot more money to spend on this stuff than health providers?
The article also glosses over the role that the Microsoft monoculture plays in all this. Some of these attacks target OS to install things like keyloggers, but another large chunk apparently exploit Office applications like Word, Powerpoint, and Access. The article suggests that a large amount of militarily-sensitive data is kept in Access databases which make them an appealing target. Apparently the intent is to burrow small modules into Access databases that ship out the data in the background when the database is opened. Last time I looked, Access wouldn't really be my choice for a database designed to hold and protect militarily-sensitive data.
While it might be nice to think of the problem as somehow analogous to closing the borders, it looks to me like the usual security principle applies. It matters more who and what's behind the firewall than what's coming in.
BTW, the whole focus on the guy running a domain registration service in China was patently ridiculous. Of course, no one with a throwaway GoDaddy account ever used it to hack into something; it's only those devious Chinese who've figured this out.
Are you using the nVidia drivers at Livna? Only once did they not have updated drivers available when I ran a kernel update on Fedora, and that was because I updated on the day the new kernel was released. If you can wait a day or two before installing the latest kernel update (personally I can wait a lot longer than that), running "yum update kmod-nvidia" after adding the Livna repo is a cinch.
So there were sessions about the desktop, but they were closed to the media? I fail to see what purpose that served. Looking at the titles of those sessions, it's hard to see what might make them so secret. Weren't they largely slide presentations and a lot of chatter? It's hard to imagine someone letting slip some trade secret in a room full of competitors.
People at the Linux Foundation should know that holding closed-door meetings won't be well received by a substantial fraction of the Linux userbase.
Calling yourselves "The Linux Foundation" suggests a degree of breadth and openness that this group clearly does not demonstrate. I don't have a problem with corporations holding meetings to determine what they might undertake collectively, but then call it what it is, the "Corporate Linux Users Foundation" or something like that. It's nice that they pay Linus's salary, I guess, but do you really think Novell or RedHat or IBM would tell him to take a hike if he offered to work at one of those places instead?
I wonder what kind of access you get for an individual affiliate membership of $25? Somehow I doubt they'd pay much attention to me compared to those Platinum sponsors at $500K. Reading the Bylaws tells me only that as an affiliate member I can't vote for members of the Board, vote to dissolve the Foundation, etc. Other than that, whatever privileges Affiliates get is determined by the Board. I didn't see a list of those privileges, but I can't claim to have scoured the site.
And, doesn't Adobe have a few interests on the desktop?
OT
I wonder what happened to those engineers who designed the "Big Dig" tunnel that collapsed in Boston two years ago. Here's what happened to their employers Bechtel/Parsons Brinckerhoff:
BPB paid a $407 million settlement, but in return,
"Under the settlement, Bechtel/Parsons Brinckerhoff will not face criminal charges in the deadly Interstate 90 tunnel ceiling collapse in July 2006. Milena Del Valle, 39, of Boston, was crushed by 26 tons of concrete as she and her husband drove to Logan International Airport.
The deal also does not bar the consortium from receiving future government contracts. Bechtel/Parsons Brinckerhoff was paid more than $2 billion to manage the project."
See http://www.foxnews.com/story/0,2933,324985,00.html (emphasis mine).
You know which company is still facing potential criminal liability (involuntary manslaughter)? The family-owned business that made the adhesives, Powers Fasteners.
From my recent job hunting recruiters can hurt more often than help with landing a position. A placement fee of 10-15% yearly salary makes managers reluctant to take any risk. They worry about making a decision that will result in a 3 or 6 month hire regardless of the payoff. Better safe than sorry.
I work for myself so perhaps I'm just way off-base here. If so, ignore me.
Reading through this thread I see a lot of frustrated and unhappy people who seem ready to change jobs, not to mention those unemployed by cutbacks and outsourcing. So why would firms need to pay some recruiter 10-15% of an annual salary to find talent? It sounds like there's lots of talent available just waiting to hear you have an open position.
Just curious, but do you have kids? If so, which do you love more, your job or your kids?
For many of us, a profession, no matter how interesting or worthwhile, simply can't demand the same amount of "love" as our families. Of course, you can devote yourself to your job and let "the little woman" (and it's almost always a woman in these situations) be in charge of the family. You and your children will both have reasons to regret that decision in a decade or two.
"9-to-5-ism" as you put it represents a healthy acknowledgement of the fact that humans have many different needs besides fulfilling employment. And, often, people who love their jobs as you describe end up being exploited by their employers.
You might have put up a Sun box, but we and our clients had better uses for that money.
I'm replying to myself to avoid a flamefest from BSD advocates. Yes, the BSDs were an option, but we started with Linux, and it met our needs. Linux was also in a period of rapid development in 1994, and its culture felt closer to our goal of developing low-cost, all-purpose Internet appliances for nonprofits and smaller businesses. (What a poor business plan this turned out to be, but that's for another day.)
I must have been a masochistic brainfuck then. We were serving web pages and handling email and nameservice on 386/486 boxes running Linux as early as 1994. Still do, though the hardware is a bit beefier.
How would you have built a Internet-capable server in 1994 on the x86 platform? There was Windows, which really had no support for TCP/IP-based services at the time, various commercial *nix products like Unixware, SCO or Xenix, and Linux. It took us two days to discard Unixware as an option (what a loser), while products like SCO or Xenix were way too expensive for our needs. That left Linux. We started with Slackware and the 1.1.59 kernel; I've never looked back.
Nor was Windows designed to be multi-user in the first place, either. It's roots were in DOS - one computer, one user. Even running with Netware, the workstations were still fundamentally single-user systems. The NOS controlled access to storage and peripherals.
Having a GUI interface had nothing to do it.
Have you ever heard of the (unelected) European Commission? Battles have been fought for decades now over the power of the EC bureaucrats to impose regulations at whim with little oversight by the European Parliament. Then there's the little problem that the proposed EU "constitution" is about ten times longer than the American one and written in impenetrable bureaucratese. Constitutions are supposed to set basic structures in place, not govern policy details. It's no surprise to me that getting public support for such a "constitution" has proven a difficult task.
I'd guess we'd see a lot of online retailers moving to New Hampshire (which has no state sales tax) if this model were adopted.
Those income-based taxes are pretty meager actually. I would have paid more tax on a single item I purchased from Amazon, a Sony HDTV, than I would be paying under this schedule for all my interstate purchases.
Reading the Gizmodo article lead me to believe we were talking about one specific robot, not the hordes of robotic warriors that the Reg made this out to be.
Somebody should give Ratchet a call and ask him to send over a couple of those little remote-controlled spiders he has in his inventory. They're a lot cuter than these lunks and seem to work quite well for him.
I bought my daughter a new Vista laptop with motherboard Intel 3945 wireless. It worked out of the box with both Ubuntu and Fedora. Oh, and the Intel 945 motherboard graphics works just fine as well.
Try playing a BluRay disc in full 1080p on a VGA-connected monitor and come back and tell us how well that worked.
I have a legitimate right to send SMTP from my machine - and I do so. I also run an SMTP server at home, have since 1993, when I got off of uucp.
Really? Read your terms of service lately on that home account? I'll bet servers are banned.
Slammer and its derivatives (Sobig, etc.) targeted Microsoft SQL Server. It so happened that some MS desktop applications also had code derived from SQL Server and were thus also vulnerable.
That's not to say that there weren't also worm attacks against Apache. And many PHP applications have been exploited to carry out cross-site scripting attacks.
Still, framing the question as "Now show me an OS that hasn't been exploited at least once?" seems disingenuous at best. Shouldn't we also consider the frequency and success rate of these exploits? By those criteria Windows has a much poorer record than *nix-based OS's, and it's not just because there are lot more Windows machines in the world.