I doubt McAfee has any solutions that fix the security hole in phpBB that is being exploited here. Their scanner might prevent you from installing the payload on the linked site, however, assuming you passed by your browser's warning that you're potentially installing something dangerous.
The bigger problem is people installing the "codec" on their computers to watch the porn video. Isn't there enough porn available for free that you can watch already?
Companies that fail to filter out downloadable executables at the firewall are just asking for trouble in my mind. Transparent proxying + Squid + a few acl rules = end of problem. Residential users are obviously an entirely different problem.
I've discussed such a route with a health center I consult to. We're considering replacing most of the Windows machines with a system based on the Linux terminal server project, so that all machines share a common OS image. In Linux, it's possible to disable USB mass storage support in the kernel. You could also accomplish the same thing without using LTSP by rolling out a common image to all workstations with USB storage disabled.
The Supreme Court chooses to hear roughly 100 cases per year from a pool of some 7,500 petitions. After not touching the issue of broadcast language for 30 years, at least four Justices agreed to hear such a case now. Is this an effort by the conservative wing of the Court to uphold the FCC's (and the Bush Administration's) position that some censorship is required and legitimate? Perhaps, but I think this case might be about something else.
The Appeals Court did not rule that the FCC had abridged speech or press freedoms in these cases, but instead that the FCC's policy was not sufficiently well justified. There are standards for the behavior of regulatory agencies like the FCC that require them to spell out in sufficient detail why they've made a change in the rules. The Appeals Court ruled that the FCC had failed to meet these standards. That Court also advised the FCC it didn't think there was a way the Commission could implement its intended policy consititutionally. Since the Supremes are really ruling on the procedural matter, the question of why they took this case becomes even more cloudy.
I suspect the Bushies are defending other cases where the issue is whether a regulatory agency has provided sufficient justification for changing course. Rules like these restrict the president's ability to change the regulatory regime since opponents of the changes can go to court claiming the agency didn't fulfill its obligations. All those proponents of a strong Executive in the Administration like Dick Cheney would probably love to see the Supremes agree that the FCC had done its job.
I wish we could learn who voted for cert, but those votes are secret.
I also think there's a substantial group who are uncomfortable with what they already know. To them the computer remains a mysterious device that one can control by doing certain tasks in a rote manner. Like all of us, they've had the experience of the computer crashing on them for mysterious reasons, so for them the whole experience seems built on a house of cards. In many cases there are also years of accumulated experience dealing with their computers' unique problems and determing ways to work around them. Why throw that away if what you most use your computer for is sending email?
Now add in the divergent messages these people hear from technology marketers. On the one hand, we have the promise of exciting new (usually unwanted) features, while we're also told it will all be easier to use. As a technology professional I can see how both perspectives can be simultaneously true, but for many people "more features" =/= "easier to use".
I'm sure his viewpoint will be thoroughly panned in these comments
Oh, so that's why the article is here. So Slashdot readers can learn why folks like me in our fifties are just so technologically incompetent and laugh at or feel sorry for us?
I couldn't really figure out why this story was considered newsworthy at either the Times or Slashdot. At least I can understand Slashdot's motivation now, but why does the Times think it's news that not everybody wants to ride the latest technological wave? I suspect there are a number of people at the Times itself whose level of technological modernity isn't a whole lot different from that of Messrs. Uribe and Gropp.
there are commercial firewall appliances that do, indeed, watch HTTP streams and scan them.
You can accomplish the same task for free with the Squid proxy and one of the plugins that adds virus scanning with ClamAV. Do a Google search for "squid clamav" for some pointers.
I usually set up a transparent Squid proxy for my clients on the firewall. This enables us to block the types of garbage the article discusses. For instance, I usually have an access control rule that blocks downloads of files ending in.exe, with a prior rule permitting the local admin to do so for updates, etc. I don't usually bother setting up ClamAV with Squid. I do use ClamAV (with MailScanner and SpamAssassin) for e-mail, though.
SpamAssassin normally consults online databases of dangerous URLs when scoring messages. I'm imagine that those databases have some bad FTP URLs along with the evil HTTP ones.
I use DirectNIC. Nice bunch of folks who've responded quickly and helpfully when I've had a question. Plus they survived Katrina. What more could you want!
I think the location of the servers would matter a lot more legally than the location of the clients. I'd make sure to avoid hosting services located in KY if a law like this passes.
I usually don't write endorsement comments, but your postings in this thread have been a model of clarity and forthrightness. I share your puzzlement with the apparent obliviousness of the standards-setting bodies to the actual design of web sites. Designing a standard language for communication among humans is a very different task than designing a protocol like TCP or a programming language like C. The W3C too often seems to think that web standards should mimic the latter.
I understand some of the W3C's motivations; they're trying to build truly universal standards. While that's a noble goal, at the moment nearly all web content is read on screens through browsers. Ignoring that fact hinders the communication among humans that the invention of the World Wide Web so remarkably enabled.
And while Firefox does happen to have a double-digit market share, barely, IE 7 is a better browser IMO. It's faster, more secure (on Vista, where it runs in a sandbox, I can't speak for XP), uses less memory, and has the same tabbed interface.
Wow, that sounds great. Let me know when they release the native version for Linux, and I'll go try it out.
I raised this issue in a posting in an earlier thread about this case. Is it possible to register in the international TLDs (com/net/org) without using an American registrar?
Actually this is not the Pareto Principle. See the Wiki article on Pareto efficiency for details. Pareto-optimality, as it's referred to in social choice and economic theorizing, concerns making comparisons between two "states of the world." If State A improves the lot of one person and leaves everyone else's situation unchanged, the the "strong" Pareto principle says that State A ought to be preferred by "society." (A weaker form requires only that state B not be chosen.) Another word for the Pareto principle is "unanimity," since Pareto improvements (I'm better off, no one else is worse off) should be acceptable to everyone in a society.
In an abstract free market, transactions among perfectly informed buyers and sellers should reach a Pareto-optimal distribution of prices and quantities. Nevertheless Pareto tells us nothing about distributional issues. As the famous economist Amartya Sen once wrote, "the world can be Pareto optimal and still be perfectly disgusting." One of the most profound findings of social welfare theory is that it's possible to select any Pareto-optimal distribution of prices and quantities, then choose a distribution of incomes that achieves the desired result.
This case, and the one concerning the European travel agent I submitted earlier this week, both raise important questions about the policies for registering in the com/org/net TLDs. In both cases the offshore entities found their domains embargoed because their registrars were located in the United States even though the domains' owners and their operations were off-shore.
This situation gives American courts jurisdiction over foreign entities who would otherwise be outside the American legal system. So, why hasn't someone in a place like Antigua set up a domain registration service for these TLDs? I realize that ultimately all roads lead back to Verisign (not a healthy thing either, in my opinion, but that's for another day). Still these cases have been directed against the registrars (eNom and Dynadot), not Verisign. I'm not up on all my ICANN politics and policies these days, so I'm asking for some help here. Is there some provision in how jurisdiction over com/net/org is set up so all the registrars must be in the US, or could there be off-shore registrars for these TLDs immune from American jurisprudence?
(Please don't reply just to say, "Let them register in their ISO domains." The visibility of.com throughout the world makes that a non-starter for many businesses and leaves unresolved the question of what to do with all the existing registrations in the worldwide TLDs.)
This subject came up here on Slashdot around the time Dell starting selling computers with Ubuntu on them. Often the Dells with Linux installed were not a whole lot cheaper than ones with Windows which led to the question, why were there no big savings with a free OS?
I can't find the postings in question right now, but the estimates were that Dell gets something in the neighborhood of $50 per machine from trialware manufacturers, or just about the same amount as it pays for an OEM Windows license.
If someone else has better data, or can find this discussion, please let us know.
This is probably a question only a bankruptcy attorney can answer, but where would SNCP stand in the ranking of SCO's creditors? Would loan repayments to SNCP take precedence over payments to Novell and IBM?
BTW, is there anybody here who believes that crap about SCO and mobile markets? They have about the same ability to compete in the global mobile marketplace as I do.
I was bothered by the Air Force's casual response to this problem as well. Not to mention their mistreatment of the domain owner, telling him to rewrite his 550 SMTP reply to inform senders of the base's domain. Why didn't a "Communications Squadron" offer to work with the domain owner to resolve these problems? The fact that the USAF shrugged off this rather simple problem onto the domain owner tends to confirm your suspicions about the quality of their IT services.
kaffeine with the xine engine wouldn't play styled subs for me, but I've switched to kplayer with mplayer engine and they work fine. I've added "-ass -ass-font-scale 0.9 -slang en -alang jpn" to the command line parameters in kplayer's Advanced settings.
I'm running Fedora 8 with Livna as an added repository.
Those cyber criminals are regular "meat" criminals, too.
The real story here is how damn difficult it is for human law enforcement agents to patrol activities conducted over a global Internet. The FBI recently arrested five large spammers in the US, but what can they do against a spammer in Uzbekistan without cooperation from the government there?
Since the days of Woodward & Bernstein we've been told the way to track down this stuff is to "follow the money." Isn't that really still the only solution for crimes like these whether they're conducted over the Internet or not? Dempsey's right that the creation of a worldwide, always-on data network has radically increased the ability for criminals to live in one jurisdiction and commit crimes in another. I fail to see how some alternative "internet" is the solution to what is, fundamentally, a problem for governments and law-enforcement agencies to resolve. Like Slashdotters often do, Dempsey seems to be looking for a technological fix because the alternative, "gum-shoe" detective work, is really hard.
A trully nutty opinion will tend to remain fringe and be easier to get rid of. Plus, it will be less likely to be embraced by the governments, for obvious reasons.
Genocidal mass murder is a "trully nutty" option that has been, and continues to be, "embraced by the governments, for obvious reasons."
I'd like to believe in a liberal, Darwinian model where the nutty ideas lose out in "the marketplace of ideas" to better ideas. As a realist I know full well that when ideas, both nutty and sane, can be imposed by force, there's no reason to expect any sort of competitive "evolution" to occur.
I'm more impressed by the persistence of nutty ideas throughout human history. One particularly good example is the recurring notion that belief in one's god(s) requires that you impose that belief, by military force if necessary, on unbelievers. By coincidence it often happens that the unbelievers possess some resource(s) the believers want.
Many consumer routers have very small NAT tables and fall over when they are forced to handle many simultaneous TCP sessions. My router would routinely stop working when I was torrenting through it. For me, the solution was to cap the number of simultaneous connections at around 50 or so. Note that this isn't a bandwidth cap, but a cap on the number of connections being maintained (basically equal to the number of seed/peers you're connected to).
Slashdot Mirror
I doubt McAfee has any solutions that fix the security hole in phpBB that is being exploited here. Their scanner might prevent you from installing the payload on the linked site, however, assuming you passed by your browser's warning that you're potentially installing something dangerous.
The bigger problem is people installing the "codec" on their computers to watch the porn video. Isn't there enough porn available for free that you can watch already?
Companies that fail to filter out downloadable executables at the firewall are just asking for trouble in my mind. Transparent proxying + Squid + a few acl rules = end of problem. Residential users are obviously an entirely different problem.
I've discussed such a route with a health center I consult to. We're considering replacing most of the Windows machines with a system based on the Linux terminal server project, so that all machines share a common OS image. In Linux, it's possible to disable USB mass storage support in the kernel. You could also accomplish the same thing without using LTSP by rolling out a common image to all workstations with USB storage disabled.
I also came across this rather simple, yet elegant solution for Windows users:
http://techrepublic.com.com/5208-6247-0.html?forumID=12&threadID=116436&messageID=701146
The Supreme Court chooses to hear roughly 100 cases per year from a pool of some 7,500 petitions. After not touching the issue of broadcast language for 30 years, at least four Justices agreed to hear such a case now. Is this an effort by the conservative wing of the Court to uphold the FCC's (and the Bush Administration's) position that some censorship is required and legitimate? Perhaps, but I think this case might be about something else.
The Appeals Court did not rule that the FCC had abridged speech or press freedoms in these cases, but instead that the FCC's policy was not sufficiently well justified. There are standards for the behavior of regulatory agencies like the FCC that require them to spell out in sufficient detail why they've made a change in the rules. The Appeals Court ruled that the FCC had failed to meet these standards. That Court also advised the FCC it didn't think there was a way the Commission could implement its intended policy consititutionally. Since the Supremes are really ruling on the procedural matter, the question of why they took this case becomes even more cloudy.
I suspect the Bushies are defending other cases where the issue is whether a regulatory agency has provided sufficient justification for changing course. Rules like these restrict the president's ability to change the regulatory regime since opponents of the changes can go to court claiming the agency didn't fulfill its obligations. All those proponents of a strong Executive in the Administration like Dick Cheney would probably love to see the Supremes agree that the FCC had done its job.
I wish we could learn who voted for cert, but those votes are secret.
I also think there's a substantial group who are uncomfortable with what they already know. To them the computer remains a mysterious device that one can control by doing certain tasks in a rote manner. Like all of us, they've had the experience of the computer crashing on them for mysterious reasons, so for them the whole experience seems built on a house of cards. In many cases there are also years of accumulated experience dealing with their computers' unique problems and determing ways to work around them. Why throw that away if what you most use your computer for is sending email?
Now add in the divergent messages these people hear from technology marketers. On the one hand, we have the promise of exciting new (usually unwanted) features, while we're also told it will all be easier to use. As a technology professional I can see how both perspectives can be simultaneously true, but for many people "more features" =/= "easier to use".
I'm sure his viewpoint will be thoroughly panned in these comments
Oh, so that's why the article is here. So Slashdot readers can learn why folks like me in our fifties are just so technologically incompetent and laugh at or feel sorry for us?
I couldn't really figure out why this story was considered newsworthy at either the Times or Slashdot. At least I can understand Slashdot's motivation now, but why does the Times think it's news that not everybody wants to ride the latest technological wave? I suspect there are a number of people at the Times itself whose level of technological modernity isn't a whole lot different from that of Messrs. Uribe and Gropp.
You just need to search a bit: http://onestat.com/html/aboutus_pressbox57-firefox-mozilla-ie-browser-market-share.html
there are commercial firewall appliances that do, indeed, watch HTTP streams and scan them.
.exe, with a prior rule permitting the local admin to do so for updates, etc. I don't usually bother setting up ClamAV with Squid. I do use ClamAV (with MailScanner and SpamAssassin) for e-mail, though.
You can accomplish the same task for free with the Squid proxy and one of the plugins that adds virus scanning with ClamAV. Do a Google search for "squid clamav" for some pointers.
I usually set up a transparent Squid proxy for my clients on the firewall. This enables us to block the types of garbage the article discusses. For instance, I usually have an access control rule that blocks downloads of files ending in
SpamAssassin normally consults online databases of dangerous URLs when scoring messages. I'm imagine that those databases have some bad FTP URLs along with the evil HTTP ones.
I use DirectNIC. Nice bunch of folks who've responded quickly and helpfully when I've had a question. Plus they survived Katrina. What more could you want!
I think the location of the servers would matter a lot more legally than the location of the clients. I'd make sure to avoid hosting services located in KY if a law like this passes.
It would be nice if they had enabled a scrollbar in that popup so I could read the whole list (Firefox 2.0.0.12/Linux 2.6).
I usually don't write endorsement comments, but your postings in this thread have been a model of clarity and forthrightness. I share your puzzlement with the apparent obliviousness of the standards-setting bodies to the actual design of web sites. Designing a standard language for communication among humans is a very different task than designing a protocol like TCP or a programming language like C. The W3C too often seems to think that web standards should mimic the latter.
I understand some of the W3C's motivations; they're trying to build truly universal standards. While that's a noble goal, at the moment nearly all web content is read on screens through browsers. Ignoring that fact hinders the communication among humans that the invention of the World Wide Web so remarkably enabled.
And while Firefox does happen to have a double-digit market share, barely, IE 7 is a better browser IMO. It's faster, more secure (on Vista, where it runs in a sandbox, I can't speak for XP), uses less memory, and has the same tabbed interface.
Wow, that sounds great. Let me know when they release the native version for Linux, and I'll go try it out.
I raised this issue in a posting in an earlier thread about this case. Is it possible to register in the international TLDs (com/net/org) without using an American registrar?
I don't know of any large Chinese controlled botnets
Why would you? I doubt they'd be out selling access to their network to spammers. We're talking about military espionage here after all.
the Pareto Principle (aka, the 80/20 rule)
Actually this is not the Pareto Principle. See the Wiki article on Pareto efficiency for details. Pareto-optimality, as it's referred to in social choice and economic theorizing, concerns making comparisons between two "states of the world." If State A improves the lot of one person and leaves everyone else's situation unchanged, the the "strong" Pareto principle says that State A ought to be preferred by "society." (A weaker form requires only that state B not be chosen.) Another word for the Pareto principle is "unanimity," since Pareto improvements (I'm better off, no one else is worse off) should be acceptable to everyone in a society.
In an abstract free market, transactions among perfectly informed buyers and sellers should reach a Pareto-optimal distribution of prices and quantities. Nevertheless Pareto tells us nothing about distributional issues. As the famous economist Amartya Sen once wrote, "the world can be Pareto optimal and still be perfectly disgusting." One of the most profound findings of social welfare theory is that it's possible to select any Pareto-optimal distribution of prices and quantities, then choose a distribution of incomes that achieves the desired result.
I don't know if anyone else has thought about this, or if it's even practical, but why not establish a court system for High-Tech cases?
The idea of a "science court" [PDF] has been batted around for a few decades now.
This case, and the one concerning the European travel agent I submitted earlier this week, both raise important questions about the policies for registering in the com/org/net TLDs. In both cases the offshore entities found their domains embargoed because their registrars were located in the United States even though the domains' owners and their operations were off-shore.
.com throughout the world makes that a non-starter for many businesses and leaves unresolved the question of what to do with all the existing registrations in the worldwide TLDs.)
This situation gives American courts jurisdiction over foreign entities who would otherwise be outside the American legal system. So, why hasn't someone in a place like Antigua set up a domain registration service for these TLDs? I realize that ultimately all roads lead back to Verisign (not a healthy thing either, in my opinion, but that's for another day). Still these cases have been directed against the registrars (eNom and Dynadot), not Verisign. I'm not up on all my ICANN politics and policies these days, so I'm asking for some help here. Is there some provision in how jurisdiction over com/net/org is set up so all the registrars must be in the US, or could there be off-shore registrars for these TLDs immune from American jurisprudence?
(Please don't reply just to say, "Let them register in their ISO domains." The visibility of
This subject came up here on Slashdot around the time Dell starting selling computers with Ubuntu on them. Often the Dells with Linux installed were not a whole lot cheaper than ones with Windows which led to the question, why were there no big savings with a free OS?
I can't find the postings in question right now, but the estimates were that Dell gets something in the neighborhood of $50 per machine from trialware manufacturers, or just about the same amount as it pays for an OEM Windows license.
If someone else has better data, or can find this discussion, please let us know.
This is probably a question only a bankruptcy attorney can answer, but where would SNCP stand in the ranking of SCO's creditors? Would loan repayments to SNCP take precedence over payments to Novell and IBM?
BTW, is there anybody here who believes that crap about SCO and mobile markets? They have about the same ability to compete in the global mobile marketplace as I do.
I was bothered by the Air Force's casual response to this problem as well. Not to mention their mistreatment of the domain owner, telling him to rewrite his 550 SMTP reply to inform senders of the base's domain. Why didn't a "Communications Squadron" offer to work with the domain owner to resolve these problems? The fact that the USAF shrugged off this rather simple problem onto the domain owner tends to confirm your suspicions about the quality of their IT services.
kaffeine with the xine engine wouldn't play styled subs for me, but I've switched to kplayer with mplayer engine and they work fine. I've added "-ass -ass-font-scale 0.9 -slang en -alang jpn" to the command line parameters in kplayer's Advanced settings.
I'm running Fedora 8 with Livna as an added repository.
The word might have been invented to describe this project!
Those cyber criminals are regular "meat" criminals, too.
The real story here is how damn difficult it is for human law enforcement agents to patrol activities conducted over a global Internet. The FBI recently arrested five large spammers in the US, but what can they do against a spammer in Uzbekistan without cooperation from the government there?
Since the days of Woodward & Bernstein we've been told the way to track down this stuff is to "follow the money." Isn't that really still the only solution for crimes like these whether they're conducted over the Internet or not? Dempsey's right that the creation of a worldwide, always-on data network has radically increased the ability for criminals to live in one jurisdiction and commit crimes in another. I fail to see how some alternative "internet" is the solution to what is, fundamentally, a problem for governments and law-enforcement agencies to resolve. Like Slashdotters often do, Dempsey seems to be looking for a technological fix because the alternative, "gum-shoe" detective work, is really hard.
A trully nutty opinion will tend to remain fringe and be easier to get rid of. Plus, it will be less likely to be embraced by the governments, for obvious reasons.
Genocidal mass murder is a "trully nutty" option that has been, and continues to be, "embraced by the governments, for obvious reasons."
I'd like to believe in a liberal, Darwinian model where the nutty ideas lose out in "the marketplace of ideas" to better ideas. As a realist I know full well that when ideas, both nutty and sane, can be imposed by force, there's no reason to expect any sort of competitive "evolution" to occur.
I'm more impressed by the persistence of nutty ideas throughout human history. One particularly good example is the recurring notion that belief in one's god(s) requires that you impose that belief, by military force if necessary, on unbelievers. By coincidence it often happens that the unbelievers possess some resource(s) the believers want.
Many consumer routers have very small NAT tables and fall over when they are forced to handle many simultaneous TCP sessions. My router would routinely stop working when I was torrenting through it. For me, the solution was to cap the number of simultaneous connections at around 50 or so. Note that this isn't a bandwidth cap, but a cap on the number of connections being maintained (basically equal to the number of seed/peers you're connected to).