I've made it very clear that my Just another convicted Perl hacker talk is available to anyone who can get a group together expecting 20-ish or more, with a suggested donation of any increased travel cost I incur. And since I'm always bouncing around the country anyway, the additional costs are often near nothing.
The issue is pretty simple: the techniques used by crackers are legitmate techniques used by security concscious sysadmins every day. Will clueless legislation start to put honest, hardworking sysadmins at risk?
My appeal is also primarily based on my claims of constitutionally overbroad and constitutionally vague attributes of the law under which I was convicted.
Even if I win my appeal, and the law is made useless to prosecutors
and harmless to the general populus (who seem to be breaking this
law at least a half dozen times a day for each person who uses
a computer), there will be some who claim "Well, he just got
off on a technicality, or because he had enough money to throw
at the problem."
And then there's the small matter of the quarter million dollars
I've had to spend (subsidized in a small part by my legal defense
fund, thank you!) which doesn't automatically come back if I win
the appeal. Nor does the community service time, or the time I
spent in courts. Or the missed opportunity because of bad timing.
I do not wish what I've been through for anyone else. Even my worst
enemies. And that's why I talk about my personal mistakes in public as often
as I can (including having given my 90 minute Just another Convicted Perl Hacker talk for user groups, universities,
and conferences dozens of times all across the country). The saddest day in my life would be to hear that someone
else was taken down for doing their job because they hadn't heard
about my case. So please, spread the word!
My conviction, still in appeal, has been a significant detriment
to my business operations. Because any "employment" would
have required a note on company letterhead sent to my probation
officer, and at least more than one potential client said that this
would be problematic to get it through their legal department,
I have had to focus on providing Perl training (which did not
have the same requirement) rather than Systems and Network
consulting for the past six years, which is my primary area
of expertise (although I got really good at training as well {grin}).
This makes me less up-to-date on the latest technologies, and
cost me opportunities to do really cool things and be part of a team
somewhere, a part of my "former" life that I sorely miss.
As the requirement for a formal disclosure and acknowledgement
of my current legal status ends in just a few more days, I can once
again look at being involved in direct consulting, rather than training.
(Although being directly employed will almost certainly still
not be possible, I can look for opportunities where a company
contracts with my Stonehenge company once again.)
But the six years in the middle have been very tiring.
That was a pretty important posting in my career. Within a day or two,
I got back a number of flames saying "we know it means 'global'...
why tie up the phone lines with your post?". Heh, my first flame.
But the most important reply I got was a few days later, from none
other than research!dmr himself (Dennis Ritchie, for you
young'uns), explaining not only in detail how the word "glob" was
derived, but also telling me that/etc/glob was the very
first program written in C for the fledgling Unix! The shell at the time
was in assembly, but they wanted to have wildcard filenames,
so one of the guys (can't recall which one now) said "let's do the
expansion in C", and thus the assembly-code shell called the C-based/etc/glob to expand. Yes, the first distribution C program
was/etc/glob. Amazing.
That email was precious to me over the next dozen years. Unfortunately, my only copy is on an old 9-track tape somewhere,
and hasn't seen the light of day. But if I ever meet DMR in person,
I'll be sure to bring it up. {grin}
(DMR has a signed first-printing of the Camel book on his desk,
unless he moved it out of the way by now.)
Yeah, the bug was a pretty tame one, but I was happy to find it,
by zipping through the source code of UUCP (actually, uux).
The problem was the backquotes not being recognized as a special
shell character, so you could insert a command immediately
inside backquotes and it'd be executed. Pretty straightforward.
In my ongoing ongoing legal battle, one of the issues raised in front of the jury was my frequent self description as Just another Perl hacker. I believe the prosecution was able to use this fact, twisted as they wish, to convince the jury that I was basically evil. In fact, I meant nothing like that in my moniker, but I'm sure the jury wasn't able to distinguish that.
If anything, the ending of The Sixth Sense actually *encourages* you to go see the movie again so that you can actually see what clues you missed and if the entire movie was accurate in leading to the end.
The ending to sixth sense made me think exactly one thing -- "remake of Jacob's Ladder - foo!".
There is no boy. We don't see the boy until afterdoc is shot. The entire movie from the shooting forward is doc's hallucination. There is no boy! So it's impossible for it to be "inconsistent". They could have put the entire "mission to mars" movie in the middle of "Sixth Sense" and it still would have been "consistent". It's a nearly-dead-man's deathbed dream, just like "Jacob's Ladder".
I don't see why everyone likes this movie, or wants it to be consistent or inconsistent. <sigh>
I would have compassion if Schwartz would admit his guilt. To this day he has conspired with his cronies to paint Intel as engaging in some sort of witch hunt. I have no compassions for criminals who do not show remorse for their actions.
I have given roughly two dozen presentations of a 90 minute talk I title Just another convicted Perl hacker at conferences and groups across the US. At this talk, I describe exactly what I did, what mistakes I made, what I'm sorry about, and try to give some advice about how to have my peers not fall into the same trap set up by overzealous legislators and special interest groups. I make it clear that I don't view Intel as "evil". I do paint the laws under which I was convicted as constitutionally overbroad and vague, and while I have personal digust with the hair-trigger reaction of some of the Intel executives, I can fully understand their responsibility to Intel shareholders, and appreciate their actions from that perspective.
I also don't have an "anti-Intel" agenda. See another post I made to this thread to see how Intel is still a client of mine! If some of my supporters have an "anti-Intel" agenda, it's not from my encouragement.
Oddly enough, I have no problem with Intel. I've even had them as a client of mine in the years since the arrest. See this check as proof.
The issue for me is not Intel's actions, but the law under which I was convicted that permitted an influential large employer in Oregon to use the public resources to handle what was essentially an internal dispute. For a good summary of what's wrong with the law, see Steven McDougall's Rant.
he was convicted of illegally breaking into Intel's computers while he worked as a consultant for them.
No. Read the charges more carefully.
He placed software on computers to snag passwords as users logged on. He kept a record of these recorded passwords and fraudently logged in as these people.
No. Read the charges more carefully.
When he was busted he admitted his guilt but said he wasn't trying to do anything illegal.
No. Read the charges and police reports more carefully.
Randal has a history of placing backdoor's into computer systems so he can "explore".
That statement is not supported in any court record, and borders on libel. Watch yourself.
Having skimmed the +2 or better comments in this thread, I can see that we have a parallel to my own case, although I would argue my intentions were higher.
I had crack, and used it, on my client's "ypcat passwd"-available password file. My intentions were honest - to reveal that the group I had left had fallen down on the job, because when I was there, I had run crack constantly and chastised those with bad passwords. After I had been gone for a year, 48 passwords were found out of 600, including the Vice President's password (pre$ident was his, if I recall).
However, while the State of Oregon couldn't prove that I had done anything wrong with those passwords, I couldn't prove that I had only good intentions. And the confused jury decided against me, making me a triple felon (two of the three counts relating to the "theft" of the publicly available password file, and the "theft" of the passwords by running crack).
This case is still in progress - I'm awaiting the first round of appeals, but I've spent a quarter of a million dollars of my own money on lawyers and fines, and the bills continue to mount.
But there are those of us that prefer words to pretty pictures.
I for one, cannot begin to distinguish what a "pretty little icon" does until I hover my mouse over it and wait for the help text. And I have to do that repeatedly each time. Something in my brain doesn't recognize pictures, but does just fine with complex sequences of words. Button bars are useless, and are the first thing I turn *off* when I see them.
So don't be making all interfaces full of these wizzy little pictures. I'll be locked out.:(
And from my research, it appears that about 10-15% of the people out there are like me.
Data hiding. I really would like the ability to declare some of my object properties private and not have the programmer be able to access them.
Trivial. See Damian's excellent book.
Most people don't do that, because as it turns out, unless the class is very well designed to begin with, anyone extending the class will need access to something that was left out. So most people follow the path of least resistance initially.
But it is indeed possible and simple for me to hand back an opaque reference to you from my constructor that you cannot do anything with except hand back to me in a method call, and you can't even fake one up on your own -- I'll know.
But PHP is only for the "content delivery" phase of Apache. mod_perl has hooks into all 11 phases. You can use Perl to write custom authentication, authorization, logging, and even URI-to-resource translation. And yeah, you can write content handlers too, but that's just one piece.
mod_perl makes Apache scriptable from top to bottom. PHP is just a faster CGI.:)
Java is no more OO than Perl is. If you want OO, then use Smalltalk. Otherwise, stay away from the hybrids, or please lump them in the same category. Basic is not OO. Perl, Java, C++ are all hybrid OO. Smalltalk and Eiffel *are* OO.
You don't need to rewrite this. Apache::DBI (which comes with either mod_perl or DBI, I can't recall) does this automatically. It's as simple as putting "PerlModule Apache::DBI" in your startup mod_perl conf. Your existing DBI scripts go unchanged, and yet now cache all connections.
The "offline downloader" blocker is part of an upcoming column idea, and has not yet been written as a column. I'm still slowly tweaking the code. The mod_perl mailing list archives do indeed hold an older version of what I'm using right now.
Re:YART - Yet Another RMS Triumph
on
RMS The Coder
·
· Score: 1
It's not jr and sr. They are father and son, but they have different middle initials. I know, I've met both of them -- went on a nice sailing trip with the two of them around New York harbor. Bob Morris, the elder, worked for Bell Labs and wrote the bc manual. Robert Morris, the younger, is known for the Internet Worm, for which we both agreed he did much more damage and recieved far less punishment than me in my own celebrated case.
I come from a "traditional" programming background, and like Perl for exactly the reasons that it is not a traditional programming language.
If you want to see whether Perl "sucks" or "rules" compared to other languages, use the "count hits" option of Altavista to count how many times each phrase appears. You'll see that Perl has a better "rules"/"sucks" ratio than almost any other CGI language.:)
mod_php might be more popular than mod_perl because mod_perl is more sophisticated. I bet there are more VB programs in the world than Perl programs. Does that mean we should use VB for advanced stuff? I think not. Programming is not about popularity. Programming is about getting the job done. PHP is fine for web-designers-turned-programmers, but I wouldn't want my hands to be that limited, so I use mod_perl on my website to get twice the power at half the price.
I don't think Slashdot or Freshmeat or Deja or Valueclick or IMDB would be the same with PHP instead of mod_perl.
Slashdot Mirror
I've made it very clear that my Just another convicted Perl hacker talk is available to anyone who can get a group together expecting 20-ish or more, with a suggested donation of any increased travel cost I incur. And since I'm always bouncing around the country anyway, the additional costs are often near nothing.
Even if I win my appeal, and the law is made useless to prosecutors and harmless to the general populus (who seem to be breaking this law at least a half dozen times a day for each person who uses a computer), there will be some who claim "Well, he just got off on a technicality, or because he had enough money to throw at the problem."
And then there's the small matter of the quarter million dollars I've had to spend (subsidized in a small part by my legal defense fund, thank you!) which doesn't automatically come back if I win the appeal. Nor does the community service time, or the time I spent in courts. Or the missed opportunity because of bad timing.
I do not wish what I've been through for anyone else. Even my worst enemies. And that's why I talk about my personal mistakes in public as often as I can (including having given my 90 minute Just another Convicted Perl Hacker talk for user groups, universities, and conferences dozens of times all across the country). The saddest day in my life would be to hear that someone else was taken down for doing their job because they hadn't heard about my case. So please, spread the word!
My conviction is for three state felonies. One felony can get expunged. Two possibly. But three, never. (Or at least that's my understanding.)
This makes me less up-to-date on the latest technologies, and cost me opportunities to do really cool things and be part of a team somewhere, a part of my "former" life that I sorely miss.
As the requirement for a formal disclosure and acknowledgement of my current legal status ends in just a few more days, I can once again look at being involved in direct consulting, rather than training. (Although being directly employed will almost certainly still not be possible, I can look for opportunities where a company contracts with my Stonehenge company once again.) But the six years in the middle have been very tiring.
For more information about my ongoing legal battles, please visit the Friends of Randal Schwartz website or send a blank mail message to my autoreply bot.
But the most important reply I got was a few days later, from none other than research!dmr himself (Dennis Ritchie, for you young'uns), explaining not only in detail how the word "glob" was derived, but also telling me that /etc/glob was the very
first program written in C for the fledgling Unix! The shell at the time
was in assembly, but they wanted to have wildcard filenames,
so one of the guys (can't recall which one now) said "let's do the
expansion in C", and thus the assembly-code shell called the C-based /etc/glob to expand. Yes, the first distribution C program
was /etc/glob. Amazing.
That email was precious to me over the next dozen years. Unfortunately, my only copy is on an old 9-track tape somewhere, and hasn't seen the light of day. But if I ever meet DMR in person, I'll be sure to bring it up. {grin}
(DMR has a signed first-printing of the Camel book on his desk, unless he moved it out of the way by now.)
The problem was the backquotes not being recognized as a special shell character, so you could insert a command immediately inside backquotes and it'd be executed. Pretty straightforward.
Probably the same as everyone else. They've been a client of mine since the incident; for proof, see the check they sent me!
In my ongoing ongoing legal battle, one of the issues raised in front of the jury was my frequent self description as Just another Perl hacker. I believe the prosecution was able to use this fact, twisted as they wish, to convince the jury that I was basically evil. In fact, I meant nothing like that in my moniker, but I'm sure the jury wasn't able to distinguish that.
See literally thousands of examples of my shooting at my picture archive.
The ending to sixth sense made me think exactly one thing -- "remake of Jacob's Ladder - foo!".
There is no boy. We don't see the boy until afterdoc is shot. The entire movie from the shooting forward is doc's hallucination. There is no boy! So it's impossible for it to be "inconsistent". They could have put the entire "mission to mars" movie in the middle of "Sixth Sense" and it still would have been "consistent". It's a nearly-dead-man's deathbed dream, just like "Jacob's Ladder".
I don't see why everyone likes this movie, or wants it to be consistent or inconsistent. <sigh>
I also don't have an "anti-Intel" agenda. See another post I made to this thread to see how Intel is still a client of mine! If some of my supporters have an "anti-Intel" agenda, it's not from my encouragement.
The issue for me is not Intel's actions, but the law under which I was convicted that permitted an influential large employer in Oregon to use the public resources to handle what was essentially an internal dispute. For a good summary of what's wrong with the law, see Steven McDougall's Rant.
Having skimmed the +2 or better comments in this thread, I can see that we have a parallel to my own case, although I would argue my intentions were higher.
I had crack, and used it, on my client's "ypcat passwd"-available password file. My intentions were honest - to reveal that the group I had left had fallen down on the job, because when I was there, I had run crack constantly and chastised those with bad passwords. After I had been gone for a year, 48 passwords were found out of 600, including the Vice President's password (pre$ident was his, if I recall).
However, while the State of Oregon couldn't prove that I had done anything wrong with those passwords, I couldn't prove that I had only good intentions. And the confused jury decided against me, making me a triple felon (two of the three counts relating to the "theft" of the publicly available password file, and the "theft" of the passwords by running crack).
This case is still in progress - I'm awaiting the first round of appeals, but I've spent a quarter of a million dollars of my own money on lawyers and fines, and the bills continue to mount.
If you want more info, send my bot an empty mail for a reply or visit the Friends of Randal Schwartz site. You should also check out a well-reasoned treatise by Steven McDougall about what's wrong with laws like the one that convicted me.
But there are those of us that prefer words to pretty pictures.
:(
I for one, cannot begin to distinguish what a "pretty little icon" does until I hover my mouse over it and wait for the help text. And I have to do that repeatedly each time. Something in my brain doesn't recognize pictures, but does just fine with complex sequences of words. Button bars are useless, and are the first thing I turn *off* when I see them.
So don't be making all interfaces full of these wizzy little pictures. I'll be locked out.
And from my research, it appears that about 10-15% of the people out there are like me.
Trivial. See Damian's excellent book.
Most people don't do that, because as it turns out, unless the class is very well designed to begin with, anyone extending the class will need access to something that was left out. So most people follow the path of least resistance initially.
But it is indeed possible and simple for me to hand back an opaque reference to you from my constructor that you cannot do anything with except hand back to me in a method call, and you can't even fake one up on your own -- I'll know.
But PHP is only for the "content delivery" phase of Apache. mod_perl has hooks into all 11 phases. You can use Perl to write custom authentication, authorization, logging, and even URI-to-resource translation. And yeah, you can write content handlers too, but that's just one piece.
:)
mod_perl makes Apache scriptable from top to bottom. PHP is just a faster CGI.
Java is no more OO than Perl is. If you want OO, then use Smalltalk. Otherwise, stay away from the hybrids, or please lump them in the same category. Basic is not OO. Perl, Java, C++ are all hybrid OO. Smalltalk and Eiffel *are* OO.
You don't need to rewrite this. Apache::DBI (which comes with either mod_perl or DBI, I can't recall) does this automatically. It's as simple as putting "PerlModule Apache::DBI" in your startup mod_perl conf. Your existing DBI scripts go unchanged, and yet now cache all connections.
The "offline downloader" blocker is part of an upcoming column idea, and has not yet been written as a column. I'm still slowly tweaking the code. The mod_perl mailing list archives do indeed hold an older version of what I'm using right now.
It's not jr and sr. They are father and son, but they have different middle initials. I know, I've met both of them -- went on a nice sailing trip with the two of them around New York harbor. Bob Morris, the elder, worked for Bell Labs and wrote the bc manual. Robert Morris, the younger, is known for the Internet Worm, for which we both agreed he did much more damage and recieved far less punishment than me in my own celebrated case.
If you want to see whether Perl "sucks" or "rules" compared to other languages, use the "count hits" option of Altavista to count how many times each phrase appears. You'll see that Perl has a better "rules"/"sucks" ratio than almost any other CGI language. :)
mod_php might be more popular than mod_perl because mod_perl is more sophisticated. I bet there are more VB programs in the world than Perl programs. Does that mean we should use VB for advanced stuff? I think not. Programming is not about popularity. Programming is about getting the job done. PHP is fine for web-designers-turned-programmers, but I wouldn't want my hands to be that limited, so I use mod_perl on my website to get twice the power at half the price.
I don't think Slashdot or Freshmeat or Deja or Valueclick or IMDB would be the same with PHP instead of mod_perl.