Free Commodities Are Abused

Gene Cash wrote:

"Len" writes:

Yes, Henry. I agree. However, there may be a silver lining in the
stolen boxes problem. I had already considered this problem as a
probability.

For one thing, hijackings would not be charged to the victim.

Why not?

If they aren't inconvenienced, they don't give a damn about cleaning up
their machine. Let 'em pay or **** off. They need to pay through the
nose.

Rather as in credit card fraud, the user might only be hit
for a small fraction of the initial problem - $50, typically.
If they fail to cancel the credit card/dezombie the machine,
however, subsequent bills they owe in full.

Henry

On Tue, 15 Nov 2005 15:07:10 GMT, Henry Vanderbilt
wrote, in part:
Gene Cash wrote:
"Len" writes:

For one thing, hijackings would not be charged to the victim.

Why not?

If they aren't inconvenienced, they don't give a damn about cleaning up
their machine. Let 'em pay or **** off. They need to pay through the
nose.

Rather as in credit card fraud, the user might only be hit
for a small fraction of the initial problem - $50, typically.
If they fail to cancel the credit card/dezombie the machine,
however, subsequent bills they owe in full.

I have a better idea.

Build computers right in the first place, so that they *can't* be
"zombied".

On the other hand, it isn't fair to make Microsoft pay for everything
either; after all, when the first version of MS-DOS was written, there
were computers, but while there were also computer viruses, we didn't
have the kind of problems we do now.

The problem with dialer programs could be solved if *all* telephone
modems were external, *and* there was no such thing as an ATDT command -
you dialed your number by pushing buttons on the modem box. (Of course,
it could also have speed dial buttons - but programming them would still
be done TOTALLY by pushing buttons on the box, not by a signal from the
potentially vulnerable computer.)

So, how about an external box that connects to a computer for sending
E-mails? You want to send an E-mail, you have to push the button. Thus,
existing E-mail protocols (well, at least SMTP) would be replaced by a
new one requiring a secret encryption method done inside the box.

Or, how about this...

an "Internet box". A little like WebTV, I suppose.

It would connect to a monitor and a keyboard and a mouse - and pass all
those connections along to a PC as well. An extra key would switch the
keyboard and mouse from talking to the box to talking to the computer,
and blank out the window from the Internet box (which would be
superimposed, just like the window for adjusting the contrast / width /
height / pincushion and so on that some monitors have...).

The Internet box would have an Ethernet connection and a phone modem in
it, and, on the other end, USB and Ethernet connections one of which
would be used to connect to the computer.

All the basic Internet stuff - E-mail, USENET, and basic browsing -
would be done by programs in ROM in the Internet box. Fancier stuff
would be passed along to the computer, because the computer could be
upgraded with programs to handle new things like streaming video... but
even there, the Internet box would contribute to security, because the
protocol used for communications between it and the computer would
enforce having no buffer overflows - at least _initially_. Of course,
the packet contents could still be mishandled after being unwrapped.

John Savard
http://home.ecn.ab.ca/~jsavard/index.html
http://www.quadibloc.com/index.html
_________________________________________
Usenet Zone Free Binaries Usenet Server
More than 140,000 groups
Unlimited download
http://www.usenetzone.com to open account

Pat Flannery ) wrote:


: Len wrote:

: I feel that a one-cent per outgoing email fee could be an
: effective anti-spam weapon. Perhaps a $10 fee for top-posting
: on certain news groups would mitigate the type of infestation
: that we are currently experiencing on s.s.p.
:
:

: It's time to tax James Oberg? =-O

To use it for Tom DeLay's court costs?

Eric

: Pat

Henry Spencer wrote:
Alas, it would only increase the prevalence of something the spammers
already do a lot of: mailing from hijacked Windows boxes belonging to
other people, so the bill doesn't go to the spammer. This defeats *all*
schemes involving either authenticating the sending machine or making
message-sending an expensive operation.

Well, it depends, if the person only stores say $1 worth of stamps at
any one time, then there is no problem. You would need to hack a
computer for every 100 mails you want to send.


Len wrote:
I like the digital stamp idea. How do we make it practical?

Len

What is really needed is a simple way to do the stamps.

A simple process would be:

Your mail client browses to Bank's web-site

Bank sends you an image which is non-machine readable (like when you
setup a free email).

You send text in image back to bank (to confirm who you are) and a
random number (generated by your mail client)

Bank records number in database

You send mail and append the number to the email and also the domain
name of the bank

Receiver sends the number to the bank (if the bank is not a trusted
bank, then it warns user and gives option to add as trusted bank)

Bank replies with "valid number" and deletes the number from the
database

Mail is marked as non-spam by your client

The bank here is just a trusted site. In fact, it could be a major
ISP. In effect, the process confirms that the mail was sent by a
person. This should reduce spamming, especially if there is a delay
before the same IP can ask for another "stamp".

In any case, it would be a relatively simple change to make to email
clients.

If Linux or Mac boxes were as popular, they'd be a problem too, just
maybe a smaller one. You'd see 'em running insecure services that didn't
need to be there, people running crap from their email, and similar.

It's just as hard to secure a UNIX box as it is a Windows box, although
you can make it more secure in the end, and it's easier for the distro
folks to make it secure out-of-the-box.

That is the standard Microsoft lie. It is a lie (although most of those
who repeat it don't know it is a lie), because it tries to obscure a
vital difference. Because many Windows applications do not work unless
run as Administrator, the de facto default user account on a Windows
box is equivalent to "root" on a UNIX-like system.

It is also a lie because it obscures a long history of Microsoft design
choices in favor of "user friendliness" over security. For years
Microsoft argued in public that the Java sandbox is a needless bother
and that ActiveX's power to do anything to any part of the system is
a vital feature. Microsoft has always been bent on confounding
authentication with authorization.

Then there are the many "features" of Internet Explorer and Outlook
(Express) that involve not only running any program that comes along,
but violating official standards to do it. Consider executing mail
messages from perfect strangers as programs despite their explicit
official non-program MIME types because they have names that look like
programs to Windows. Check the old IETF PPPEXT WG mailing list archives
where Microsoft argued strenuously for their notion of link layer
authentication and authorization based on claims that employees of a
bank would share a single user name and password.

Look at the insecurity of relatively recent Microsoft products, such
as MediaPlayer. That those holes are rationalized as protecting the
intellectual property of such as Sony instead of user friendliness is
not a step in the right direction.

Speaking of Sony, contrast the results of using those suddenly infamous
CDs on Windows, Linux, and Mac boxes. On only one are you likely to
get a rootkit. On all three, you'll get music, unless you try to
remove the rootkit, after which that CD drive will be kaput. Sony is
responsible for publishing those CDs, but Microsoft is responsible for
forcing most users to run as Administrators so that the rootkit can
be essentially covertly installed, for making Autorun the default, and
for making a rootkit easy to build compared to the other platforms.

Instead of unthinkingly repeating Mr. Ballmer's blather, really do
contrast Apple's history of security problems with Microsoft's.
Compare Apple's current problems with their current installed base
with any point in Microsoft's history back even to Microsoft's start
with DOS viruses when there were far fewer Microsoft systems than
there are now Macs.

Again, I don't particularly want to insult the other person, because
like most who repeat the Microsoft line, he probably does not know (or
want to know) that it is a pack of lies. I also don't want to minimize
the security problems in other systems. I just would like a reduction
in the dishonest apologia for convicted predatory monopolies.


Vernon Schryver

Vernon Schryver wrote:
If Linux or Mac boxes were as popular, they'd be a problem too, just
maybe a smaller one. You'd see 'em running insecure services that didn't
need to be there, people running crap from their email, and similar.

It's just as hard to secure a UNIX box as it is a Windows box, although
you can make it more secure in the end, and it's easier for the distro
folks to make it secure out-of-the-box.

That is the standard Microsoft lie. It is a lie (although most of those
who repeat it don't know it is a lie), because it tries to obscure a
vital difference. Because many Windows applications do not work unless
run as Administrator, the de facto default user account on a Windows
box is equivalent to "root" on a UNIX-like system.

It is also a lie because it obscures a long history of Microsoft design
choices in favor of "user friendliness" over security. For years
Microsoft argued in public that the Java sandbox is a needless bother
and that ActiveX's power to do anything to any part of the system is
a vital feature. Microsoft has always been bent on confounding
authentication with authorization.

Then there are the many "features" of Internet Explorer and Outlook
(Express) that involve not only running any program that comes along,
but violating official standards to do it. Consider executing mail
messages from perfect strangers as programs despite their explicit
official non-program MIME types because they have names that look like
programs to Windows. Check the old IETF PPPEXT WG mailing list archives
where Microsoft argued strenuously for their notion of link layer
authentication and authorization based on claims that employees of a
bank would share a single user name and password.

Look at the insecurity of relatively recent Microsoft products, such
as MediaPlayer. That those holes are rationalized as protecting the
intellectual property of such as Sony instead of user friendliness is
not a step in the right direction.

Speaking of Sony, contrast the results of using those suddenly infamous
CDs on Windows, Linux, and Mac boxes. On only one are you likely to
get a rootkit. On all three, you'll get music, unless you try to
remove the rootkit, after which that CD drive will be kaput. Sony is
responsible for publishing those CDs, but Microsoft is responsible for
forcing most users to run as Administrators so that the rootkit can
be essentially covertly installed, for making Autorun the default, and
for making a rootkit easy to build compared to the other platforms.

Instead of unthinkingly repeating Mr. Ballmer's blather, really do
contrast Apple's history of security problems with Microsoft's.
Compare Apple's current problems with their current installed base
with any point in Microsoft's history back even to Microsoft's start
with DOS viruses when there were far fewer Microsoft systems than
there are now Macs.

Again, I don't particularly want to insult the other person, because
like most who repeat the Microsoft line, he probably does not know (or
want to know) that it is a pack of lies. I also don't want to minimize
the security problems in other systems. I just would like a reduction
in the dishonest apologia for convicted predatory monopolies.


Vernon Schryver

I now use a Linux (Linspire) on a $99 (after rebates/before taxes)
Microcenter pentium for almost all of my Internet needs. Spam
is greatly reduced--and no pop-ups.

There are some drawbacks: I can't print directly (Minolta Magicolor
does not bother to support other than Windows on PCs). Moreover, of
late, I have had to post news groups messages from my Windows
laptop, since any reasonable cookie settings on the Linux system
no longer alllows me to post from that system.

Of course, Windows XP does not seem to allow me to use a lot of my
old software such as WordPerfect 9 or X Plane.

I never understood the Defense Department's almost complete
switch to Word from WordPerfect--in spite of the security problems
associated with almost complete dependence of Microsoft
operating systems for other than Macs.

Len

Len wrote:

snip

I never understood the Defense Department's almost complete
switch to Word from WordPerfect--in spite of the security problems
associated with almost complete dependence of Microsoft
operating systems for other than Macs.

Len

The Canadian government made an official switch from WordPerfect to Word many
years ago, The popular story is that it occurred just after the prime minister
had lunch with Bill Gates - recent inquiries have turned up huge kickback
scandals involving the same government.




--

John Halpenny

"Gene Cash" wrote in message
...
Yes, IE sucks. So does ActiveX. So does Outlook. So does the registry.
So does poorly written software that has to run as Admin. So does the
extremely poor documentation. So does Microsoft's attitude in general.

ALL software sucks. Some just sucks less. In my opinion, UNIX sucks a
whole lot less than MS, but it still sucks. Just differently.

http://www.deadtroll.com/index2.html...e.html~content

I have about 12 years experience with UNIX, and I'm posting this (and
the original post) from a Linux box. There isn't even a Windows
partition on this box. I use Linux for all the reasons you listed above,
plus the fact that it makes this Pentium-III 450MHz look fast. I bought
my Epson printer specifically because it had good Linux drivers
available.

Yes I found out the hard way that HP doesn't realize that non windows OSes
exist. Of course I should have guessed that with their 500 mb driver.

I also spent 5-1/2 hours this weekend trying to figure out how to make
hotplug and udevd play well together on 2.6 so that I could automount my
USB stick. There's the good and bad.

I will concede, you are on a higher plane than myself.

UNIX just has different problems with regards to security, and you have
to keep on top of your patches and security alerts just like with
Microsoft or anything else. It just takes one hole. People think they
can put up a box, patch it once, and not worry about it.

Ah but wouldn't that be nice!

I'm familiar with a whole university of curious computer-science
students trying out their cracking skills. I'm also familiar with a
disgruntled set of very sharp developers trying out their cracking
skills.

I have no such familiarity, but I imagine it takes a lot of frustration or
boredom to produce the number of exploits and viruses we see out there.

Now I did say "you can make it more secure in the end and it's easier
for the distro folks to make it secure out-of-the-box" because you do
have full control over what services you're running, and usually over
the software all the way back to the source code. You also have nice
things like tcp-wrappers and tripwire if you're extra paranoid.

Forgive my ignorance . . but . . .tripwire?

However, just as with a Windows box, you have to know a little about
what you're doing and have some idea of how the box usually gets
attacked.

A lot of people that are running Linux boxes these days don't.

*raises hand*

Personally I feel Microsoft is not going to do so well much longer.
People are getting more sophisticated and realizing that insecure
computers can cost them a lot of money, and DRM-friendly OSes can really
hinder what they want to do. They're beginning to give the finger to
people like Sony. I'm really happy that Sony has been forced to back
down, and I think it shows a basic and important sea-change. People used
to say "oh well, my compooter isn't fast enough to play the CD or I'm
doing something wrong" and now they say "I want to play my goddamn CD I
paid money for, bitch!!" and they forced a very large multi-national
corporation to back off. That's a very positive thing.

I disagree. People want media; the producers are sick of being screwed
over. The producers won't allow non DRM material to be produced, and the
market will go to those who can make it the most invisible. I imagine it
will get as simple as putting in the disk once, and then you can listen to
it on that computer forever more. I don't think it was ever intended or
able to keep out serious hackers. But make it inconvenient, make it
illegal to download these hacks and this kind of thing will slow down. DRM
is in its infancy, the companies are still learning. And some rebel music
buyers may open the door for some non DRM ventures. But unfortunately for
them, the people who hate DRM are the people who want to share their media
illegally.

--
LTP

Gene Cash wrote:

:If they aren't inconvenienced, they don't give a damn about cleaning up
:their machine. Let 'em pay or **** off. They need to pay through the
:nose.

So how much should we charge mugging and rape victims?

--
"Some people get lost in thought because it's such unfamiliar
territory."
--G. Behn

Luc The Perverse wrote:
"Gene Cash" wrote in message
...

I have about 12 years experience with UNIX, and I'm posting this (and
the original post) from a Linux box. There isn't even a Windows
partition on this box. I use Linux for all the reasons you listed above,
plus the fact that it makes this Pentium-III 450MHz look fast. I bought
my Epson printer specifically because it had good Linux drivers
available.


Yes I found out the hard way that HP doesn't realize that non windows OSes
exist. Of course I should have guessed that with their 500 mb driver.

I use a Sun running Solaris 2.9 Unix and a Macintosh running Mac OS X
which has a Darwin 7.9 Unix kernel. Both workstations are hooked up to
a HP printer running just fine. I have been using Unix workstations for
about 20 years, I don't remember using anything else than a HP printer,
though I don't really remember what printer model I had in the 80's.
I haven't bought a new printer for over 5 years, maybe HP has changed
since, but what you are describing doesn't fit with my experience of
HP printers.


Alain Fournier