True. Most arguments against Full Disclosure blithly ignore the fact that zero day sploits exist and get passed around the "underground", sometimes MONTHS before you get an advisory from CERT. Also, you hear about it on BUGTRAQ days or weeks before CERT responds.
Crackers and Kiddiez have more than just full disclosure in their community. Often they get entire rootkits!!!! Whitehats get advisorys that are often late, vague, and incomplete.
I'd say that gives the black hats have a distinct advantage. They are nimble and unencumbered by the demands of PHBs, laws, morales, and silly dress codes.
Full Disclosure is the one thing we *could* have that they already have, but it's usually under attack from the well intentioned and misguided eliteists who feel that "the unwashed masses" can't benefit from Full Disclosure. Then again, the road to hell is paved with good intentions.
not that we're resorting to childish name calling or anything of the sort... but... well, i guess we are.
If it waddles like a duck, quacks like a duck, and looks like a duck, it will almost certainly be filed under "duck".
However, if it employs legal intimidation tactics like a bastard, erodes fair use like a bastard, and price gouges like a bastard, then it will likely be filed under "bastard".
If you go through life acting like a bastard, then don't be suprised if someone calls you a bastard.
I see port scanning as crawling around someone's house rattling doorknobs, windows,
mailboxes, air ducts, rooftop hatches, basement doors, garage doors, electric panel doors,
gas valves, water valves, sewer vent lines, outdoor outlets, chimney openings, stove vents.
Trying all 256 codes on RF X-10 modules, using a frequency counter/scanner to check for
and listen in on radio transmissions, ringing phone lines, ringing doorbells, seeing if you
can turn on sprinklers/water faucets, etc.
I think you have intent confused with method. A port scan is a method by which
you determine open ports on a host. There are many types of port scans.
There are also many reasons for port scans.
I could scan for a single port (like 80) over an entire class C block, or scan ports 1-1024
on a single host. Who is to say that I am prepairing to crack someone's system?
The system's owner? Simson Garfinkel? Janet Reno? Hell no! I alone know what my intentions are.
If you don't want people to port scan you, use a firewall. Better yet, stay off the internet.
Otherwise, secure your machine. Laws can't stop crackers, but security can. It's stupid to
assume that you won't get port scanned because it's illegal, or wrong.
The "House Analogy" is fundamentally flawed, and needs to be s**tcanned. It assumes that
packets on a packet switching network can "trespass" in the real world sense, and that
we need to legislate a solution to a technological problem. TCP/IP allows
for some intended and unintended functionality. You have the power to regulate how and if
other computers talk to your computer. Use it. No stupid law can take the place of good
security.
Since when did a port scan constitute an attempt to gain access? You can't know that until AFTER
the scan is completed, and an access attempt is made. At that point, the law is almost
certainly being broken. Otherwise, you can't gauge intent.
Open source is not available to commercial companies. The way the license is written, if you use any open-source software, you have to make the rest of your software open source.
1) Open source isn't not available to commercial companies. Perhaps by design. Otherwise, FALSE. GPLed code is most certainly available to commercial companies, but they have to contact the copyright owner and negotiate different licensing arrangements. This could cost money, or the copyright holder may not be interested in doing such a thing. Thats life. If KM (me) has to pay to use MS software. MS has to pay to use KM software.
2) The way the license is written I am not convinced that this guy has ever really read the license. If he has, I am convinced that he will refuse to demonstrate any practical comprehension or understanding of the license. He has already refused to reveal what license he is talking about. Perhaps he wishes to avoid provoking the wrath of an elder god (whose name is unspellable in the ASCII character set), or a space alien named xenu. I think he is just trying to critisize the GPL without drawing attention to it in the process.
3) if you use any open-source software, you have to make the rest of your software open source. An intentionally sloppy, misleading statement. Ballmer refuses to be clear on this issue. Here he fully obfuscates the distinction between "open-source" and the GPL, and overgeneralizes the GPL with a single vague, offhanded remark.
The Govt needs to release it's code in the public domain, as per the law. This being the case, wouldnt it prevent them from participating in/contributing to open-source projects covered by the GPL? Could the diff files resulting from their participation be released in the PD?
Entertainment vs. Communication
on
Smart Routers
·
· Score: 1
The difference between the Internet, and TV, radio, and other "mediums" is that it is a Communication medium, whereas TV and radio are Entertainment mediums.
It is sad to hear that narrow minds in high places are intent on trick f**king the Internet into an Entertainment/Marketing medium.
I hope that by the time these QoS enabled routers become ubiquitous enough to annoy me, I will be to old and senile to notice.
One way to implement such things would be to write a replacement for xterm and define a new terminal type.
Better yet: put this stuff in its own library and make these library routines and functions Do the Right Thing. For example, if your tar program (built with the "--with-popuplib" switch) is run from cron, or with '&!' appended (read: not attached to a terminal), or if the user is not using X, then the "popuplib_progress_bar()" call becomes a clean and silent NOP that returns an errno or status value that a coder can test or ignore. The calling program doesn't absolutely *have* to know whether a pop up progress bar is appropriate (or even possible) in order to run! That is popuplib_progress_bar()'s job. It and it alone, should determine if a progress bar is relevant to it's environmental context (ie, encapsulation), and if so, present the right one for that context (ie, polymophism).
We aren't creating a revolution, we're just tired of the old rules and have decided to make
up new ones.
THAT, my friend, is a revolution in EVERY sense of the word. Remember; behind every set of outdated rules/laws is an ancient, entrenched, and powerful establishment(s) with a vested interest in seeing that those rules/laws do not change!
And as for the people who hacked it (and kuro5hin) they really have to rank in the intelligence stakes
with people who would put their own balls in a vice and slowly turn the wheel until the plates met. You
don't attack people who are helping the net remain open, and a community, many of whome may previously have had some sympathy for (h|cr)ackers, or at least draw from the same knowledge base.
One of the philosophies that I have heard many of the RECREATIONAL cracker/script kiddie types espouse is the "j00r 4dm|n iz uh 1am3r s0 j00 d3s3rv3 2B h4x0red 4nd 4ny d4mag3 eye d00 70 j00r syztum iz j00r f4u1t!" diatribe. It seems to be the "groupthink" for recreational cracker types. They see a target system and go for it. Initially with the purpose of gaining acceptance and status within their peer group. Very little thought is given to the victim; Who they are, what they stand for or whatever. The victim is simply a means to and end, chosen at random, and vulnerable to the latest exploit-du-jour. Even less thought is given to any consequences that their actions might carry. Harsher punishment is not an effective deturrent for this type of behaviour. The cracker cites preceived lameness on the part of the victim as the reason for the attack (i.e. "its the victims's fault").
Also stupid acts like this are just making it so much easier for various governments to sneak in with
legislation that is inthe end just going to make it harder for everyone, and turn the internet into little more
than a commercial, monitored service (anyone ever used aol?).
People who would tyrannize other people commonly cite flaws in human nature as a valid reason for their tyranny. Its called Funadamental Attribution Error: the behaviour of others is attributed to dispositional factors, while situational factors are underemphasized. From there you go on to appointing a czar, declaring a war, and telling the world how you are "getting tough" on whatever media hyped problem you think will get you the most votes/campaign $$.
"Sony is going to take aggressive steps to stop this," Heckler told the Summer Forty-Niner. "We will develop technology that transcends the individual user.
This is a peek DEEP inside the mind if a corporatist. Key phrase: We will transcend the individual....
We will firewall Napster at source -- we will block it at your cable company, we will block it at your phone company, we will block it at your [Internet-service provider]. We will firewall it at your PC.
and lever our monopoly against...
Again, deep seated corporatist mindset. Note the monopolistic mentality and naive assumption of technical superiority over "The Individual". I find it disturbing to think that this guy is probably a key decision maker at Sony. Is this representative of the type of mentality found in "high places"?! Brrrrr!
"These strategies," Heckler said, "are being aggressively pursued because there is simply too much at stake."
So what I get from this statement is: We will transcend the individual...and (aggressively) lever our monopoly (real or imagined) against...anyone or anything (real or imagined) that threatens OUR revenue stream! Read: our revenue streams transcend the individual, and thus take precedence over individual rights (e.g. fair use, free speech, etc). The statement smacks of the kind of ruthlessness that is just shy of malevolence (IMO).
At least thats what I infer from it.
When you --the reader-- create an account at/. you are given an option to be a moderator. This makes it possible for a reader, moderator, and poster to be the same individual. Moderators are volunteers (aka. the public), NOT EMPLOYEES OF SLASHDOT.
Bearing this in mind, your "expert legal opinion" give me the creeps (and is grieviously flawed). Good thing it was free. I would hate to have paid money for it.
As far as your anonynimity is concerned, I could care less. In this particular case it costs you a great deal of credibility.
Yeah, its called IP spoofing. Its a feature in hping2, nmap, and every SYN flooder I've ever examined.
Charging per byte is not feasable in IPv4. The protocol was never intended to be metered in such a fashion. A meterable protocol would need to be designed from the ground up as such. It would require built-in encryption if it were to offer any sort of security or privacy!
At least thats what I think.:/
Re:Slashdot users' double-standards
on
Usenet Gag Order
·
· Score: 1
I don't see what similaritys you can draw from The computer software industry and some Usenet news group? When a gigantic software company gets out of control, the law must step in, to some extent. When a Usenet kook runs off at the mouth, you put him in your killfile. If the legal system has to step in on every USENET flame war, then not only are they trying to do for me that which I can do for myself, they are wasting MY TAX DOLLARS! If they put Microsoft in check for BREAKING THE LAW, then they are doing their jobs!
At least he made interesting music at some point in his life, which is far more than you could ever claim to have done. With your attitude, I'll bet that nobody has ever given a shit about anything you have ever said in your entire life. Of course, being such an expert on crap, you probably already know that.
Slashdot Mirror
Crackers and Kiddiez have more than just full disclosure in their community. Often they get entire rootkits!!!! Whitehats get advisorys that are often late, vague, and incomplete.
I'd say that gives the black hats have a distinct advantage. They are nimble and unencumbered by the demands of PHBs, laws, morales, and silly dress codes.
Full Disclosure is the one thing we *could* have that they already have, but it's usually under attack from the well intentioned and misguided eliteists who feel that "the unwashed masses" can't benefit from Full Disclosure. Then again, the road to hell is paved with good intentions.
How did a troll like this get modded up to 5?
If it waddles like a duck, quacks like a duck, and looks like a duck, it will almost certainly be filed under "duck".
However, if it employs legal intimidation tactics like a bastard, erodes fair use like a bastard, and price gouges like a bastard, then it will likely be filed under "bastard".
If you go through life acting like a bastard, then don't be suprised if someone calls you a bastard.
I think you have intent confused with method. A port scan is a method by which you determine open ports on a host. There are many types of port scans. There are also many reasons for port scans.
I could scan for a single port (like 80) over an entire class C block, or scan ports 1-1024 on a single host. Who is to say that I am prepairing to crack someone's system? The system's owner? Simson Garfinkel? Janet Reno? Hell no! I alone know what my intentions are.
If you don't want people to port scan you, use a firewall. Better yet, stay off the internet. Otherwise, secure your machine. Laws can't stop crackers, but security can. It's stupid to assume that you won't get port scanned because it's illegal, or wrong.
The "House Analogy" is fundamentally flawed, and needs to be s**tcanned. It assumes that packets on a packet switching network can "trespass" in the real world sense, and that we need to legislate a solution to a technological problem. TCP/IP allows for some intended and unintended functionality. You have the power to regulate how and if other computers talk to your computer. Use it. No stupid law can take the place of good security.
Since when did a port scan constitute an attempt to gain access? You can't know that until AFTER the scan is completed, and an access attempt is made. At that point, the law is almost certainly being broken. Otherwise, you can't gauge intent.
1) Open source isn't not available to commercial companies. Perhaps by design. Otherwise, FALSE. GPLed code is most certainly available to commercial companies, but they have to contact the copyright owner and negotiate different licensing arrangements. This could cost money, or the copyright holder may not be interested in doing such a thing. Thats life. If KM (me) has to pay to use MS software. MS has to pay to use KM software.
2) The way the license is written I am not convinced that this guy has ever really read the license. If he has, I am convinced that he will refuse to demonstrate any practical comprehension or understanding of the license. He has already refused to reveal what license he is talking about. Perhaps he wishes to avoid provoking the wrath of an elder god (whose name is unspellable in the ASCII character set), or a space alien named xenu. I think he is just trying to critisize the GPL without drawing attention to it in the process.
3) if you use any open-source software, you have to make the rest of your software open source. An intentionally sloppy, misleading statement. Ballmer refuses to be clear on this issue. Here he fully obfuscates the distinction between "open-source" and the GPL, and overgeneralizes the GPL with a single vague, offhanded remark.
The Govt needs to release it's code in the public domain, as per the law. This being the case, wouldnt it prevent them from participating in/contributing to open-source projects covered by the GPL? Could the diff files resulting from their participation be released in the PD?
It is sad to hear that narrow minds in high places are intent on trick f**king the Internet into an Entertainment/Marketing medium.
I hope that by the time these QoS enabled routers become ubiquitous enough to annoy me, I will be to old and senile to notice.
Better yet: put this stuff in its own library and make these library routines and functions Do the Right Thing. For example, if your tar program (built with the "--with-popuplib" switch) is run from cron, or with '&!' appended (read: not attached to a terminal), or if the user is not using X, then the "popuplib_progress_bar()" call becomes a clean and silent NOP that returns an errno or status value that a coder can test or ignore. The calling program doesn't absolutely *have* to know whether a pop up progress bar is appropriate (or even possible) in order to run! That is popuplib_progress_bar()'s job. It and it alone, should determine if a progress bar is relevant to it's environmental context (ie, encapsulation), and if so, present the right one for that context (ie, polymophism).
Use the '-nolisten tcp' switch when starting your X server.
Just su yourself to root and then do a
vi `which startx`
Look for this line:
serverargs=""
and make it look like this:
serverargs="-nolisten tcp"
Then, when you start X, you won't feel a cold draft blowing through tcp port 6000.
THAT, my friend, is a revolution in EVERY sense of the word. Remember; behind every set of outdated rules/laws is an ancient, entrenched, and powerful establishment(s) with a vested interest in seeing that those rules/laws do not change!
One of the philosophies that I have heard many of the RECREATIONAL cracker/script kiddie types espouse is the "j00r 4dm|n iz uh 1am3r s0 j00 d3s3rv3 2B h4x0red 4nd 4ny d4mag3 eye d00 70 j00r syztum iz j00r f4u1t!" diatribe. It seems to be the "groupthink" for recreational cracker types. They see a target system and go for it. Initially with the purpose of gaining acceptance and status within their peer group. Very little thought is given to the victim; Who they are, what they stand for or whatever. The victim is simply a means to and end, chosen at random, and vulnerable to the latest exploit-du-jour. Even less thought is given to any consequences that their actions might carry. Harsher punishment is not an effective deturrent for this type of behaviour. The cracker cites preceived lameness on the part of the victim as the reason for the attack (i.e. "its the victims's fault").
Also stupid acts like this are just making it so much easier for various governments to sneak in with legislation that is inthe end just going to make it harder for everyone, and turn the internet into little more than a commercial, monitored service (anyone ever used aol?).
People who would tyrannize other people commonly cite flaws in human nature as a valid reason for their tyranny. Its called Funadamental Attribution Error: the behaviour of others is attributed to dispositional factors, while situational factors are underemphasized. From there you go on to appointing a czar, declaring a war, and telling the world how you are "getting tough" on whatever media hyped problem you think will get you the most votes/campaign $$.
This is a peek DEEP inside the mind if a corporatist. Key phrase: We will transcend the individual....
We will firewall Napster at source -- we will block it at your cable company, we will block it at your phone company, we will block it at your [Internet-service provider]. We will firewall it at your PC.
and lever our monopoly against...
Again, deep seated corporatist mindset. Note the monopolistic mentality and naive assumption of technical superiority over "The Individual". I find it disturbing to think that this guy is probably a key decision maker at Sony. Is this representative of the type of mentality found in "high places"?! Brrrrr!
"These strategies," Heckler said, "are being aggressively pursued because there is simply too much at stake."
So what I get from this statement is: We will transcend the individual...and (aggressively) lever our monopoly (real or imagined) against...anyone or anything (real or imagined) that threatens OUR revenue stream! Read: our revenue streams transcend the individual, and thus take precedence over individual rights (e.g. fair use, free speech, etc). The statement smacks of the kind of ruthlessness that is just shy of malevolence (IMO). At least thats what I infer from it.
When you --the reader-- create an account at /. you are given an option to be a moderator. This makes it possible for a reader, moderator, and poster to be the same individual. Moderators are volunteers (aka. the public), NOT EMPLOYEES OF SLASHDOT.
Bearing this in mind, your "expert legal opinion" give me the creeps (and is grieviously flawed). Good thing it was free. I would hate to have paid money for it.
As far as your anonynimity is concerned, I could care less. In this particular case it costs you a great deal of credibility.
Sorry, but that is how I feel.
M$ has a long, well known, and well documented history of standards hijacking and proprietarianism. See Java, HTML, and HTTP for just starters.
Yeah, its called IP spoofing. Its a feature in hping2, nmap, and every SYN flooder I've ever examined.
:/
Charging per byte is not feasable in IPv4. The protocol was never intended to be metered in such a fashion. A meterable protocol would need to be designed from the ground up as such. It would require built-in encryption if it were to offer any sort of security or privacy!
At least thats what I think.
I don't see what similaritys you can draw from The computer software industry and some Usenet news group? When a gigantic software company gets out of control, the law must step in, to some extent. When a Usenet kook runs off at the mouth, you put him in your killfile. If the legal system has to step in on every USENET flame war, then not only are they trying to do for me that which I can do for myself, they are wasting MY TAX DOLLARS! If they put Microsoft in check for BREAKING THE LAW, then they are doing their jobs!
At least he made interesting music at some point in his life, which is far more than you could ever claim to have done. With your attitude, I'll bet that nobody has ever given a shit about anything you have ever said in your entire life. Of course, being such an expert on crap, you probably already know that.