RIAA web site in bad shape (again) . . .

			http://www.riaa.org/
Folks ...

As you may know, last Thursday the RIAA endorsed a bill written by a 
California Representative, Howard Berman.  Though I have not studied 
the bill closely, it reportedly authorizes copyright holders to begin 
"blocking, diverting or otherwise impairing" peer-to-peer networks.

Needless to say, while I certainly don't endorse wholesale music or 
other intellectual property piracy, I worry A LOT when I see reckless 
legislation being purchased by powerful special-interest groups ... 
as is certainly and clearly the case in this instance.

The clueless suits in Hollywood have no idea what a disaster they are 
stepping into if they pursue this course of action. And ... not 
surprisingly, the RIAA web site has been suffering a series of 
powerful Denial of Service attacks in direct response.

The site first became unavailable at the end of last week, shortly 
after the RIAA publicly endorsed the proposed legislation of which it 
would be the greatest immediate beneficiary and user.  The site 
remained under attack and unavailable all weekend.  The attack 
subsided yesterday (Monday) ... but resumed again earlier today 
(Tuesday) ... and it is apparently ongoing as I write and post this 
message Tuesday evening.

I believe that the industry, the government, law enforcement, and the 
public are utterly clueless about the seriousness of the new and 
growing DoS problem -- as demonstrated by several recently created 
DDoS attack tools.  I know much more about what's been going on 
recently than I am any longer willing say. I am mute on the subject, 
not because any agency wants me to stay so, but because anything I 
say at this point would be substantially redundant in nature and 
significantly damaging in detail. It would only make matters worse.

This proposed bill apparently grants "hacking immunity" to Hollywood, 
allowing them to attack the computers of anyone they say they have 
cause to believe may be participating in illegal sharing of 
copyrighted material -- up to and including the deletion of files on 
the target machine.  It's unbelievable.

All things considered, I can't say that I am entirely unhappy that 
the RIAA is getting a nice dose of the vigilante "medicine" it is 
asking for our government's license to pursue for itself.  WHAT are 
they thinking?

I hope, therefore, that industry, government, and law enforcement 
agencies are watching closely to see how readily and easily any site 
can be taken off -- and held off -- the Internet by an ad hoc band of 
pissed off kids.  Whenever I speak to groups about the significant 
and real threat of Internet attacks I try to drive home my absolute 
certainty that the ONLY reason we are not seeing more attacks is that 
the motivation is missing.  Well ... the RIAA has provided the 
missing motive ... and my future presentations will now have a 
perfect case in point, promoting my well-known concerns from theory 
to reality.

Our local DNS server resolves www.riaa.org to: [208.225.90.120] with 
a LONG (604800 second) seven day TTL expiration.  Does anyone get 
anything different from that?  It will be interesting to see whether 
we see some "IP hopping" and whether/when their DNS TTL drops to 
something more agile in the future.

Some further reading ...

http://www.house.gov/berman/p2p062502.html

http://news.com.com/2100-1023-946316.html
http://news.com.com/2100-1023-947072.html
http://news.com.com/2100-1023-945691.html

http://www.pcworld.com/news/article/0,aid,103230,00.asp
http://www.pcworld.com/news/article/0,aid,103451,00.asp

			(Follow-ups to .feedback)

-- 
_________________________________________________________________
Steve.
0
Steve
7/31/2002 8:08:00 AM
grc.news.feedback 4181 articles. 0 followers. Follow

283 Replies
2091 Views

Similar Articles

[PageSpeed] 54

Steve Gibson wrote:

[snip]

> This proposed bill apparently grants "hacking immunity" to Hollywood,
> allowing them to attack the computers of anyone they say they have
> cause to believe may be participating in illegal sharing of
> copyrighted material -- up to and including the deletion of files on
> the target machine.  It's unbelievable.

I just can't wait to get a new dynamic IP that the previous
owner had used to download copyrighted material.

> 
> All things considered, I can't say that I am entirely unhappy that
> the RIAA is getting a nice dose of the vigilante "medicine" it is
> asking for our government's license to pursue for itself.  WHAT are
> they thinking?

Umm... they're thinking that, in a society where it costs
millions of dollars to mount a campaign for political power,
money talks?

[snip]

> Our local DNS server resolves www.riaa.org to: [208.225.90.120] with
> a LONG (604800 second) seven day TTL expiration.  Does anyone get
> anything different from that?  It will be interesting to see whether
> we see some "IP hopping" and whether/when their DNS TTL drops to
> something more agile in the future.

I get no such delay when resolving the address, but the site
is still down.
0
Kenneth
7/31/2002 8:44:00 AM
Greetings,

"Steve Gibson" <support@grc.com> wrote in message
news:MPG.17b13adf8798dc898a7b2@207.71.92.194...
>
> http://www.riaa.org/
> Folks ...
>
> As you may know, last Thursday the RIAA endorsed a bill written by a
> California Representative, Howard Berman.  Though I have not studied
> the bill closely, it reportedly authorizes copyright holders to begin
> "blocking, diverting or otherwise impairing" peer-to-peer networks.

SNIP...

> I hope, therefore, that industry, government, and law enforcement
> agencies are watching closely to see how readily and easily any site
> can be taken off -- and held off -- the Internet by an ad hoc band of
> pissed off kids.  Whenever I speak to groups about the significant
> and real threat of Internet attacks I try to drive home my absolute
> certainty that the ONLY reason we are not seeing more attacks is that
> the motivation is missing.  Well ... the RIAA has provided the
> missing motive ... and my future presentations will now have a
> perfect case in point, promoting my well-known concerns from theory
> to reality.

This would be a "war" that the "establishment" cannot hope to win.

They would be pitting their technical knowledge and skill against a
collection of anonymous people who have access to equal knowledge and skill
and who are motivated, each differently, to bring down those percieved as
the "aggressors" in this instance.

Reminds me of another war that, in hindsight, proved to be "unwinnable" for
much the same reasons. Trouble is that my Country joined the U.S. in that
war and, if recent events are anything to measure by, our law-makers are
likely to propose equally rediculous legislation here :-(

Regards,
Neale NOON
0
noonie
7/31/2002 9:56:00 AM
Steve Gibson wrote:

> Our local DNS server resolves www.riaa.org to: [208.225.90.120] with
> a LONG (604800 second) seven day TTL expiration.  Does anyone get
> anything different from that?  It will be interesting to see whether
> we see some "IP hopping" and whether/when their DNS TTL drops to
> something more agile in the future.

Well, the TTL (how often external isp's etc refresh their data) is
actually one day, and the Expiry (how long before external isp's etc
dump the data if they cant contact the primary dns due to DOS, etc) is 1
Week. Of course ~you~ Steve know that, but it might have been unclear to
others here.

They also have a strange set of MX records, namely they have two mail
servers with the same priority, which would seem to potentially cause
confusion.

-- 
  __ _  ____
 /  ' \/ __/                                    http://mctech.org/
/_/_/_/\__/                                     http://pchelpers.org/
---------------------------------------------------------------------
My email address(s) are my private property.  They are NOT to be used
or recorded for ANY reason without my explicit permission.  Disregard
of this statement is in violation of federal privacy & copyright law.
---------------------------------------------------------------------
"He who would trade an ounce of freedom for a pound of security loses
both and deserves neither."                     ..Benjamin Franklin..
---------------------------------------------------------------------
The World Trade Center II will rise from the flames and ashes of the
original. Just like the PHOENIX of legend, The WTC2 will rise again.
0
mc
7/31/2002 10:25:00 AM
"noonie" <n00nie@telstra.com> wrote in message
news:ai8c9a$1pnk$1@news.grc.com...
> Greetings,
> This would be a "war" that the "establishment" cannot hope to win.
>
> They would be pitting their technical knowledge and skill against a
> collection of anonymous people who have access to equal knowledge and
skill
> and who are motivated, each differently, to bring down those percieved as
> the "aggressors" in this instance.
>
> Reminds me of another war that, in hindsight, proved to be "unwinnable"
for
> much the same reasons. Trouble is that my Country joined the U.S. in that
> war and, if recent events are anything to measure by, our law-makers are
> likely to propose equally rediculous legislation here :-(


Hi Neale ,
I both agree and disagree with your considerations.
I feel it unlikely that the 'establishment' can win a war predicated upon
curtailing a communications system that has now become a cultural
expectation in terms of its freedoms.

Although there are equally able programmers and coders on both sides of the
spectrum........the maxim of Money Talks means that although the war may be
unwinnable ...the battles will be bloody..........and the in vogue term '
collateral damage' means lots of citizenry by the wayside.

I disagree that comparisons between reasons for ..."all the way with
LBJ".....and the current expressions of greed by the gnomes of Hollywood
have any historical similarity.
VietNam was a war fought upon and about idealisms...........the grabs by the
RIAA are simply for protected and greater profits..............and these for
the middlemen.......not so much the creators and artists.

Regards......................................Caligula

 "" Oderint dum metuant ""
0
Caligula
7/31/2002 10:57:00 AM
"Caligula" <mxv714@bigpondREMOVE.com> wrote in message
news:ai8fr5$1t0j$1@news.grc.com
> "noonie" <n00nie@telstra.com> wrote in message
> news:ai8c9a$1pnk$1@news.grc.com...
>> Greetings,
>> This would be a "war" that the "establishment" cannot hope to win.
>>
>> They would be pitting their technical knowledge and skill against a
>> collection of anonymous people who have access to equal knowledge
>> and skill and who are motivated, each differently, to bring down
>> those percieved as the "aggressors" in this instance.
>>
>> Reminds me of another war that, in hindsight, proved to be
>> "unwinnable" for much the same reasons. Trouble is that my Country
>> joined the U.S. in that war and, if recent events are anything to
>> measure by, our law-makers are likely to propose equally rediculous
>> legislation here

>
>
> Hi Neale ,
> I both agree and disagree with your considerations.
> I feel it unlikely that the 'establishment' can win a war predicated
> upon curtailing a communications system that has now become a cultural
> expectation in terms of its freedoms.

Caligula,

We always had a saying about online systems.  If the user never had it, they
never missed it.  That applies to response time as well as content.  If
something is taken away from the "Internet experience", new users will never
know it was there at one time.  And the masses will probably not care,
because they see the Internet as a free ride anyway.

You will have to explain what you mean by "communications system".

--
Robert
List of Lists
http://lists.gpick.com/
Eric Howe's Privacy and Security Site
http://www.staff.uiuc.edu/~ehowes/main-nf.htm
0
Robert
7/31/2002 12:06:00 PM
"Steve Gibson" <support@grc.com> wrote in message
news:MPG.17b13adf8798dc898a7b2@207.71.92.194

> Our local DNS server resolves www.riaa.org to: [208.225.90.120] with
> a LONG (604800 second) seven day TTL expiration.  Does anyone get
> anything different from that?  It will be interesting to see whether
> we see some "IP hopping" and whether/when their DNS TTL drops to
> something more agile in the future.

http://www.dnsreport.com/tools/dnsreport.ch?domain=www.riaa.org

WARNING: Your SOA REFRESH interval is : 86400 seconds. This seems very high.
You should consider decreasing this value to about 3600-7200 seconds.
RFC1912 2.2 recommends a value between 1200 to 43200 seconds (20 minutes to
12 hours), although some registrars may limit you to 10000 seconds or
higher. This value determines how often secondary/slave nameservers check
with the master for updates. A value that is too high will cause DNS changes
to be in limbo for a long time.

--
Robert
List of Lists
http://lists.gpick.com/
Eric Howe's Privacy and Security Site
http://www.staff.uiuc.edu/~ehowes/main-nf.htm
0
Robert
7/31/2002 12:11:00 PM
Greetings,

"Caligula" <mxv714@bigpondREMOVE.com> wrote in message
news:ai8fr5$1t0j$1@news.grc.com...

SNIP...

> Hi Neale ,
> I both agree and disagree with your considerations.
> I feel it unlikely that the 'establishment' can win a war predicated upon
> curtailing a communications system that has now become a cultural
> expectation in terms of its freedoms.

Agreed

> Although there are equally able programmers and coders on both sides of
the
> spectrum........the maxim of Money Talks means that although the war may
be
> unwinnable ...the battles will be bloody..........and the in vogue term '
> collateral damage' means lots of citizenry by the wayside.

I fail to understand why, allegedly, intelligent people would wish to start
such a conflict in the first place.

> I disagree that comparisons between reasons for ..."all the way with
> LBJ".....and the current expressions of greed by the gnomes of Hollywood
> have any historical similarity.

The "ideal" of greater profits is as relevant to some as other "isms". It is
sad but many conflicts, throughout history, have been commercially motivated
rather than idealistically. Some have even suggested this in relation to
VietNam.

> VietNam was a war fought upon and about idealisms...........the grabs by
the
> RIAA are simply for protected and greater profits..............and these
for
> the middlemen.......not so much the creators and artists.

The, rather tasteless, analogy was drawn because of a recent statement by a
high ranking military official in this Country that, in hind-sight, perhaps
(our involvment in) that conflict was a mistake. Then - the belief was that
the war was winnable. The expectation of "collateral damage" was low - even
among those who should have known better and some even believed it was the
"right" thing to do.

I don't want to perpetuate a VietNam analogy however, in my mind, it does
fit what appears to be the path about to be taken by the RIAA and also the
kind of geurilla action that has already commenced against it. Now - it must
be clear, to anyone with even a passing interest in the topics discussed in
these forums, that such an Internet conflict would do, almost, everyone
harm.

--
Regards,
Neale NOON
0
noonie
7/31/2002 12:29:00 PM
The priority of MX records is simply a hint to mailers that want to know.
There should be no confusion. It simply means you should not really prefer
one mail server over the other (at the same priority). Mailers should pick
the priority [the lowest value] MX record (if there are several it likely
will pick the first with that value in the list it receives) and try to use
that server. If that server doesnt respond, they will pick the next MX
record with = or higher preference and move through the list to attempt to
send mail.

The long domain TTL time means that they wont be able to "hop" to a new IP
address quite so quickly to dodge DDos attacks etc that zero in on the IP
address (usually by using a hard-coded value rather than a dns lookup) (that
is what Steve meant by being "agile")...


"mc" <this.address.is.bogus@mctech.org> wrote in message
news:3D47BB14.CA5CBBD1@mctech.org...

....SNIP

> They also have a strange set of MX records, namely they have two mail
> servers with the same priority, which would seem to potentially cause
> confusion.
>
> --
>   __ _  ____
>  /  ' \/ __/                                    http://mctech.org/
> /_/_/_/\__/                                     http://pchelpers.org/
> ---------------------------------------------------------------------
0
Kerry
7/31/2002 1:20:00 PM
On Wed, 31 Jul 2002 01:08:37 -0700, Steve Gibson <support@grc.com> wrote:

>The site first became unavailable at the end of last week, shortly 
>after the RIAA publicly endorsed the proposed legislation of which it 
>would be the greatest immediate beneficiary and user.  The site 
>remained under attack and unavailable all weekend.  The attack 
>subsided yesterday (Monday) ... but resumed again earlier today 
>(Tuesday) ... and it is apparently ongoing as I write and post this 
>message Tuesday evening.

I don't like that kind of response, but it may be the ONLY way to get some
people to understand that they CAN'T write that kind of a law.







             The truth IS out there, 
but most people don't recognize it when they see it!
0
Da
7/31/2002 1:32:00 PM
Steve.. I agree that legislation giving Hollywood cart-blanche to hack or
DOS known "offenders" of their intellectual property is a terrible
precedent... but I was recenly made aware of another way hollywood is
fighting back... they are "poisoning" the file-sharing p2p systems by
actually sharing their OWN "fake" files!

I think this is brilliant! For example, they put up a 400MB VCD "movie" that
proports itself to be "Men in Black II" (or whatever), and after some cheat
downloads it only then do they find out its a 400MB file of unplayable junk!
I have no problems with this sort of activity, as its not actively DoSing or
hacking anything... its simply poisoning content that should not be on the
wire in the first place!

-- 
Jim Michael
Novell Support Connection Sysop
0
Jim
7/31/2002 1:59:00 PM
"Jim Michael" <jmichael@chesterfield.mo.us> wrote in message
news:3D47ED38.8727FFE5@chesterfield.mo.us
> Steve.. I agree that legislation giving Hollywood cart-blanche to
> hack or DOS known "offenders" of their intellectual property is a
> terrible precedent... but I was recenly made aware of another way
> hollywood is fighting back... they are "poisoning" the file-sharing
> p2p systems by actually sharing their OWN "fake" files!
>
> I think this is brilliant! For example, they put up a 400MB VCD
> "movie" that proports itself to be "Men in Black II" (or whatever),
> and after some cheat downloads it only then do they find out its a
> 400MB file of unplayable junk! I have no problems with this sort of
> activity, as its not actively DoSing or hacking anything... its
> simply poisoning content that should not be on the wire in the first
> place!

LOL!  Can anyone come up with a good reason why this is "wrong"?

--
Robert
List of Lists
http://lists.gpick.com/
Eric Howe's Privacy and Security Site
http://www.staff.uiuc.edu/~ehowes/main-nf.htm
0
Robert
7/31/2002 2:18:00 PM
Robert Wycoff wrote:
[...]
>> I think this is brilliant! For example, they put up a 400MB VCD
>> "movie" that proports itself to be "Men in Black II" (or whatever),
>> and after some cheat downloads it only then do they find out its a
>> 400MB file of unplayable junk! I have no problems with this sort of
>> activity, as its not actively DoSing or hacking anything... its
>> simply poisoning content that should not be on the wire in the first
>> place!
>
> LOL!  Can anyone come up with a good reason why this is "wrong"?

Nope.

It just means the next generation p2p systems will have to include
checksums, and allow you to exclude certain checksums from your queries.

400MB isn't that big a "hit" these days anyways.

Regards,
Sam
--
Welcome to Earth. A subsidiary of Microsoft�.
0
Sam
7/31/2002 2:40:00 PM
The riaa has pissed off the EXACT same people who use the p2p networks
so what did they expect - for 1 angry post on a message board
i don't think so!
these people do not mess about (as steve knows all to well)
they have no respect for anyone or anything - if they want to annoy the riaa
than the best way is to launch an DoS attack so they have done just that and
in this case there is defiantely more that 1 person behind the attack and i
don't think they are going to let up - with this many attackers aiming their
hatred at the riaa website i think the site is in some deep sh*t!

The RIAA broke the golden rule - If you have a website don't piss off a DoS
attacker.

--

Jonathan
________________________________
http://www.classickidstv.co.uk
http://www.jonathandavis.info
0
Jonathan
7/31/2002 2:54:00 PM
"Steve Gibson" <support@grc.com> wrote in message
news:MPG.17b13adf8798dc898a7b2@207.71.92.194...
>
> http://www.riaa.org/
> Folks ...

Hackers won't bother with trojans any more. They'll just download a few
music videos and let Hollywood do the dirty work to your hard-drive. I'll
have to add an anti-Britney utility to my arsenal.
0
Today
7/31/2002 3:23:00 PM
Sam Schinke wrote:
 
> It just means the next generation p2p systems will have to include
> checksums, and allow you to exclude certain checksums from your queries.

Checksums won't help here, because "hollywood" is hosting these files on
their OWN machines, which of course will create the correct checksum for
their own content. There is no "global" checksum for content such as a
bootleg movie (recorded in a theater via a camcorder in the booth, for
example) or home-ripped MP3s. 

The most likely defense against this activity is to blacklist such servers
once they are determined to have poison content, but its quite easy to set
up more servers in other domains... and they are supposedly exponentially
adding poison content daily...

> 400MB isn't that big a "hit" these days anyways. No, but what about a 4GB "DVD" of a popular movie. I'm sure even the T3-ers would be miffed to download that baby and find it to be junk. <g>

-- 
Jim Michael
Novell Support Connection Sysop
0
Jim
7/31/2002 3:49:00 PM
Caligula,

> Hi Neale ,
> I both agree and disagree with your considerations.
> I feel it unlikely that the 'establishment' can win a war
> predicated upon curtailing a communications system that has
> now become a cultural expectation in terms of its freedoms.
> 
> Although there are equally able programmers and coders on both
> sides of the spectrum........the maxim of Money Talks means that
> although the war may be unwinnable ...the battles will be bloody
> ..........and the in vogue term 'collateral damage' means lots
> of citizenry by the wayside.

In cases like this I look at the technology.  The trouble is that the 
Internet's autonomous packet switching technology is easily abused. 

Although the Internet is globally stable robust, it is locally 
unstable and unreliable.  And its service delivery model is 
asymmetrical:  It delivers local service only as long as EVERYONE 
wants it to ... but it can be made to fail locally when ANYONE wants 
it to.  That's not a platform of technology upon which a war can be 
waged or won.

The war-games folks must have a vocabulary that I lack for describing 
the effect of a conflict where the weapons are much more powerful 
than, and able to easily overwhelm, any available defenses.

The RIAA presumably imagines that some legislative license will allow 
it to turn that service delivery asymmetry to their advantage -- 
using the technology to attack individuals whom they perceive to be 
violating their rules.  But that will not work.

-- 
_________________________________________________________________
Steve.
0
Steve
7/31/2002 4:06:00 PM
"Steve Gibson" wrote in message:


> Folks ...
> As you may know, last Thursday the RIAA endorsed a bill
> written by a California Representative, Howard Berman.

Let's be serious.  Mr. Berman got a big cheque from some hidden RIAA
account, so he would merely present the bill.  He most likely didn't so much
as bother to even read it for himself before presenting it.  Of course the
RIAA endorsed it...  they wrote it.


> I believe that the industry, the government, law
> enforcement, and the public are utterly clueless
> about the seriousness of the new and growing DoS
> problem -- as demonstrated by several recently
> created DDoS attack tools.

Steve...  why do you always seem to think you're the only one who knows "the
way things REALLY are"?  Nobody understands the seriousness of it, except
you...  yea, ok then.


> I know much more about what's been going on
> recently than I am any longer willing say.
> ... [snip] ...
> anything I say at this point would be
> substantially redundant in nature

Let's recap...  You know more than you're willing to say, but you won't say
it because you've already said it, and it would be redundant?  That makes
sense to me.


> and significantly damaging in detail.

If it would all be "substantially redundant", isn't it somewhat of an
oxymoron to also suggest it would be "significantly damaging" at the same
time?  Honestly... I find it ammusing that you think ANYTHING you say will
shift the balance of power in ANY direction (in terms of this bill being
passed or not).  That is to suggest you probably can't say anything
"significantly damaging" to anyone but you.  You might say something whacky
and get your own site blown off the net again, but I'm stuggling to see what
great, significantly damaging, substantially redundant statement you make in
terms of this bill being passed.


> It would only make matters worse.

For who?


> This proposed bill apparently grants "hacking
> immunity" to Hollywood, allowing them to attack
> the computers of anyone they say they have cause
> to believe may be participating in illegal sharing
> of copyrighted material -- up to and including the
> deletion of files on the target machine.  It's
> unbelievable.

Let's be serious for a second.  This legislation will pass at approximatly
the same time that my ass walks on Jupiter.

The ISPs will have some major issues with the thought of their bandwidth/$$$
(bandwidth = $$$ to them) being sucked up by "completely legal" DDoSes from
the RIAA and the MPAA, so the ISPs will be first in line to shoot this bill
full of holes.  Or did the RIAA and MPAA plan on compensating the owners of
the network's they plan to attack?

Next up comes the "revolving door" IP problem since many ISPs use DHCP.
That'll be just great when 1/2 of their IP pool is flagged for attack by the
MPAA and RIAA, so innocent customers are being attack the second they come
online, and they don't even use P2P software.  Beautiful.  Will the RIAA and
MPAA be held legally reponsible for their "collateral damage"?

Does this law give them rights to attack only American computers?  I'd love
to have them explain how an American law gives them the right to attack a
computer in Canada, Europe, Asia, etc, etc (where much of the piracy
happens).

What computers will the RIAA and MPAA use to attack naughty netizens?  Their
own?  Ok...  their own will be blown off the net not stop by P2P vigilantes.
Will they use trojans?  Oh, that's legal...  yea right.  It's an
impossibility.


> All things considered, I can't say that I am entirely
> unhappy that the RIAA is getting a nice dose of the
> vigilante "medicine" it is asking for our government's
> license to pursue for itself.

Well, many folks weren't entirely unhappy when GRC was being DDoSed.  That
doesn't make it right, or less than stupid for you to suggest it's not a
"bad" thing that it's happening to them.  Come on!!  When else is it
justified?  If "I can't say that I am entirely unhappy" about this site
being blown off the net, why don't we get together and make a big list of
all the occasions where we think it's "OK" to DDoS a website.  We may even
come up with a reason that it was ok for some folks to DDoS GRC a year and
half ago.  Nonsense.  The RIAA has as much right to their corner of the web
as you do.... REGARDLESS of legislation they may have endorsed.


> WHAT are they thinking?

They're just trying to protect their billions dollar industry, but they're
going about it all wrong because at this point, it's their only option.
What else can they suggest to do?  Do I agree with what they want to do?
Hell no, but who cares?  It's not like it will EVER pass into law anyway.
Ever.  If it does, drag this posting up, and throw it back in my face at
some date in the future.  It ain't going to happen.  A legal hack-attack?
Please.  Ain't gonna happen.



> I hope, therefore, that industry, government, and
> law enforcement agencies are watching closely to
> see how readily and easily any site can be taken
> off -- and held off -- the Internet by an ad hoc
> band of pissed off kids.

Or pissed off adults for that matter.



> Whenever I speak to groups about the significant
> and real threat of Internet attacks I try to
> drive home my absolute certainty that the ONLY
> reason we are not seeing more attacks is that
> the motivation is missing.

Jeeze...

http://grc.com/dos/winxp.htm#junior

....and here I thought (and I quote) "All it took was the new release of
Windows".  Now all that's needed is the motivation (and the new release of
Windows still?)... and the sky to fall?  bwaaaaa!


> Well ... the RIAA has provided the missing
> motive ...

For this week.


> and my future presentations will now have a
> perfect case in point, promoting my well-known
> concerns from theory to reality.

"a perfect case in point"?  Doesn't ~every~ site that's ever been DDoSed
represent "a perfect case in point"?  There was a motivation, whatever it
was, for the attack of everyone who's ever been a target...  including
grc.com  Sometimes the motivation is clear, and sometimes it isn't, but it's
always existed.


> Our local DNS server resolves www.riaa.org
> to: [208.225.90.120] with a LONG (604800
> second) seven day TTL expiration.  Does
> anyone get anything different from that?
> It will be interesting to see...

It'll be interesting to see if people ever grow up and stop attacking sites
for *ANY* reason.  A good start would be having prominent security experts
not saying things like, "I can't say that I am entirely unhappy that the
RIAA is getting a nice dose of the vigilante 'medicine' it is asking for our
gov...."

So, is the the official new "panic du jour", or just a pit-stop on the way
to it?

-Stefan
0
Stefan
7/31/2002 4:34:00 PM
Kenneth Doyle wrote:
> 
> Steve Gibson wrote:
> 
> [snip]
> 
> > This proposed bill apparently grants "hacking immunity" to Hollywood,
> > allowing them to attack the computers of anyone they say they have
> > cause to believe may be participating in illegal sharing of
> > copyrighted material -- up to and including the deletion of files on
> > the target machine.  It's unbelievable.
> 
> I just can't wait to get a new dynamic IP that the previous
> owner had used to download copyrighted material.
> 
[]

!!!!!?????!!!!!!

Since I don't have the time, inclination or resources to d/l pirated files,
I (naively) thought the RIAA's latest proposal wouldn't impact me directly.
(No more so than the congestion of traffic caused by the d/l of said files.) 

But as anyone with a reporting firewall will attest, Kenneth has raised a
very interesting point. Getting a dynamically assigned IP previously used by
a file sharing PC is not unusual. The 'hits' on specific ports may continue
indefinitely until the user re-connects to receive a new IP address.

Now enter an aggressive RIAA.  I say "aggressive" since we shouldn't be
surprised if they have been quietly monitoring the volume of swapping
traffic by masquerading as a 'contributor'.  Should they now be permitted to
attack _DYNAMIC_ IP addresses, they are likely to catch a lot more than
their intended 'fish' in their net.
If their desire is to prevent file sharing among _STATIC_ IPs, isn't there a
more effective measure than pressing for more invasive legislation? 

So........
- Now we have the RIAA appearing surreptitiously in firewall logs and
reported by many conscientious users to assorted websites monitoring and
collating such intrusion attempts. 
- The RIAA's scanning and attacking IP addresses will become another target
for vengeful users who are now DoSing their website.
- The proverbial "foot in the door" is introduced into (Y)OUR home via the
internet connection.
- Does the government really believe these "controls" won't be abused?
- Does the RIAA really believe hardcore file swappers can't circumvent
whatever measures are introduced? (...got a magic marker?....)

- How many innocent surfers will be caught in the cross-fire?

"Duck & Cover",
tomZ

"I hereby grant you, the reader, the right to view this post. You are not
permitted to save the content, or forward this post to any other user. If I
believe you have saved a copy of this message, or otherwise caused it to be
redistributed, I will obliterate your newsreader and all of its contents."
:^/  

-- 
If you spam my mailbox, you agree to accept any response I deem appropriate.
Keep SIGNATURE AGREEMENT before replying.
'Any business model that relies on 'caveat emptor' is not ethical.'
0
tomZ
7/31/2002 5:14:00 PM
Stefan,

Yes, I am working, and have always been working, to bring about 
change.  And, yes ... I do seem to have forgotten to ask for your 
permission.

Four weeks ago I spent the morning at the Los Angeles Federal 
Courthouse, speaking to all of Southern California's cybercrime law 
enforcement agents from the FBI, CIA, Secret Service, and other less 
well known agencies.  Afterward, I received an invitation to speak at 
the annual Department of Justice Technology conference in Washington. 

I was explaining the way the Internet works in "attack scenarios" 
exactly like what the RIAA is now experiencing ... because these 
people need to, and want to, understand.  But they are not deep 
technology folks. So they need someone who understands the technology 
and is also able to convey that understanding.  But without any 
examples upon which to draw (other than those attacks back in 2000 
which are fading) everything I say is lines on the whiteboard.

Today, thanks to my talk, and the events of the past week, all of 
those agents are now thinking "Ah!  This is exactly what Steve was 
talking about." ... and now they also understand the political and 
technical realities of such attacks.

So, Stefan, am I trying to change the world?  Yes I am.  And, whether 
you like it or not (you appear not to) I am being extremely 
effective.

-- 
_________________________________________________________________
Steve.
0
Steve
7/31/2002 5:45:00 PM
In article <ai93hr$2h48$1@news.grc.com>, Stefan 
transmitsitlikethis:

> A legal hack-attack?  Please.  Ain't gonna happen.

I gather this RIAA is a very financially powerful 
group?  Yeah, no wonder, not paying those artists any 
money!  I can't *believe* they only get pennies from 
each cd!  It's an outrage!  They should be getting at 
least 50%!  The RIAA are *thieves* of the highest 
order!!!  You people allow thieves to make your laws?  
Though, IF such a "law" got passed, it would be to the 
advantage, also, eventually, in a very short time 
thereafter, to Microsoft.  Then Microsoft could 
legally hack into users' computers and disable/destroy 
unlicensed/paid for software. Would it be helpful if 
Microsoft backed up the RIAA?  Maybe they do already?


Maybe, too, the talk of this "law" is a trap, a trick, 
to catch all the people who would be expected to start  
"ddosing" this RIAA site when they heard the mention 
of same?  I imagine there must be some sort of imaging 
of all traffic, including ddos traffic that can spot 
this stuff and monitor/control it.
0
waves
7/31/2002 5:48:00 PM
Jim Michael wrote:
> Sam Schinke wrote:
>
>> It just means the next generation p2p systems will have to include
>> checksums, and allow you to exclude certain checksums from your
>> queries.
>
> Checksums won't help here, because "hollywood" is hosting these files
> on their OWN machines, which of course will create the correct
> checksum for their own content. There is no "global" checksum for
> content such as a bootleg movie (recorded in a theater via a
> camcorder in the booth, for example) or home-ripped MP3s.

If every file has a checksum it becomes trivially easy to maintain a list of
"known bad" checksums.

Of course, given that one could design a p2p client that just lies about
checksums, some new checksumming technology might need to be created that
allows "incremental" checking of a file. This might result in a 1-2MB
checksum for a 400MB file (with the "known bad" database being of checksums
of those checksums), but it would allow checking after a "trivial" amount is
downloaded to see if it matches.

> The most likely defense against this activity is to blacklist such
> servers once they are determined to have poison content, but its
> quite easy to set up more servers in other domains... and they are
> supposedly exponentially adding poison content daily...

Right. RBL anyone? UDP? heh.

Regards,
Sam
--
Welcome to Earth. A subsidiary of Microsoft�.
0
Sam
7/31/2002 6:16:00 PM
"waves" wrote in message:

> I gather this RIAA is a very financially powerful
> group?  Yeah, no wonder, not paying those artists any
> money!  I can't *believe* they only get pennies from
> each cd!  It's an outrage!  They should be getting at
> least 50%!  The RIAA are *thieves* of the highest
> order!!!

This is related to the topic.... how?


> You people allow thieves to make your laws?

"thieves"?  what'd they steal?  They didn't make a law.  They convinced a
member of congress to present a bill.  That's it.  Nothing more.


> Though, IF such a "law" got passed, it would be to the
> advantage, also, eventually, in a very short time
> thereafter, to Microsoft.

Gee...  I didn't see this coming.  Bill Gates....  Antichrist...  AHHHHH!!!


> Then Microsoft could legally hack into users'
> computers and disable/destroy unlicensed/paid
> for software.

So pay for your f***ing software, or use Linux.  If someone stole something
"physical" from you, it makes perfect sense to go get it back, no?  Do you
have absolutly no concept of intellectual property?


> Would it be helpful if Microsoft backed
> up the RIAA?  Maybe they do already?

I love the way some freaks can take ANYTHING...  absolutly ANYTHING... and
use it as ammo against Microsoft.  I swear...  If innocent people die in
Afghanistan, you most likely have a reason that it's Microsoft's fault, or a
way Microsoft will soon be using it to their advantage...  let it go
already.


> Maybe, too, the talk of this "law" is a trap, a trick,
> to catch all the people who would be expected to
> start  "ddosing" this RIAA site when they heard the
> mention of same?

It's not a law, it's a bill.  And if you think congress passes bills into
law as a "trap", you need be put away in a nut house somewhere.

okeedookee then...

-Stefan.
0
Stefan
7/31/2002 6:24:00 PM
Bad files won't work very well - users will likely delete the duff ones.
Also there are avi preview programs that allow you to check after a few mb's
are downloaded. I gather they are paying a firm in Korea to pump bad files
into the p2p networks already. It hasn't had much effect.

The only thing that will reduce piracy is when a bill is passed to force the
rights holders into sensible online deals. I do not believe they should be
the gatekeepers of content for the purpose of maximising their profit. Nor
should they be able to dictate the hardware I have in my PC.

BTW the riaa site's back - but for how long ?
0
notme
7/31/2002 6:25:00 PM
Sam Schinke wrote:

> Steve Gibson wrote:
> [...]
>> The war-games folks must have a vocabulary that I lack for describing
>> the effect of a conflict where the weapons are much more powerful
>> than, and able to easily overwhelm, any available defenses.
>
> Nuclear winter? *g*

Overkill.

'Seek and ye shall find'
NT Canuck
0
NT
7/31/2002 6:43:00 PM
Steve Gibson wrote:
[...]
> The war-games folks must have a vocabulary that I lack for describing
> the effect of a conflict where the weapons are much more powerful
> than, and able to easily overwhelm, any available defenses.

Nuclear winter? *g*

Regards,
Sam
--
Welcome to Earth. A subsidiary of Microsoft�.
0
Sam
7/31/2002 6:44:00 PM
On Wed, 31 Jul 2002 15:54:25 +0100, "Jonathan Davis"
<everclear_rule@punkass.com> wrote:

>The RIAA broke the golden rule - If you have a website don't piss off a DoS
>attacker.
>
So, any website that pisses you off gives you the entitlement to Ddos
it?  Not really following the logic here.

Geek..
0
handyman
7/31/2002 6:46:00 PM
"Steve Gibson" wrote in message:

> Yes, I am working, and have always been working, to
> bring about change.  And, yes ... I do seem to have
> forgotten to ask for your permission.

Is this a reply to anything in particular, or just an attempt to puff out
your chest and tell me about all the important people you've given lectures
to?  You didn't answer a damn thing, but I guess I'm not too shocked.

Am I supposed to "ooh and ahh" that you got to talk to the "Los Angeles
Federal Courthouse, all of Southern California's cybercrime law enforcement
agents from the FBI, CIA, Secret Service, and other less well known
agencies"?  Sorry, but I fail to see any relation between what I asked, and
what you told me.  It was nothing short of an amazing "blowhard" reply...

> Afterward, I received an invitation to speak at the annual
> Department of Justice Technology conference in Washington.

Be sure to say hi for me.

You said "I believe that the industry, the government, law enforcement, and
the public are utterly clueless about the seriousness of the new and growing
DoS problem".  You actually thinks nobody "gets it", except you.  We're all
"utterly clueless", but not the amazing Steve Gibson.  It's what you said...
go read it.

I'm saying that an over-all understanding may be thin, but there's enough
education out there that this bill would never pass and will never pass.
The world isn't run by complete retards.  the issues I raised will all be on
the table before this bill ever gets even a chance at becoming law.  And it
will die on the very table.

You reply with sarcastic nonsense about needing to ask my permission.
Here's an idea...  Cut the sarcasm, and why not address the point I raised
about you actually *condoning* a DDoS against the RIAA's website.  Is that
what you've become?  Mr. Don't DDoS me... boo hoo hoo....

http://grc.com/dos/openletter.htm

....but the RIAA....  well they endorsed a bill I don't agree with, so go
ahead and DDoS them...  I don't feel bad when they get a taste of some
vigilante medicine.  It's OK to DDoS them....  just not me.


> So, Stefan, am I trying to change the world?  Yes I am.  And, whether
> you like it or not (you appear not to) I am being extremely
> effective.

You want me to actually believe you're out to change the world?  Start by
condemning the DDoS against riaa.org, on the grounds that ALL internet DDoS
attacks are inherently wrong, by nature, and there is NO justification for
it - at all.  Don't feed me this shit about trying to "change the world" out
the left side of your mouth, while whispering "I can't say that I am
entirely unhappy that  the RIAA is getting a nice dose of the vigilante
medicine" out the right side of your mouth.  Am I really to believe you have
a problem with DDoS attacks when you say things such as that?

When else is it justified?  I asked you, and you ignored me.  When is it ok
to not be entirely unhappy that someone is getting a dose of this "vigilante
medicine"?  Go ahead and attempt an answer.  I'd just love to hear the
hypocrisy unfold.  When, oh when, Steve can are we allowed to think that the
"evil" DDoS is a "good thing" (as it is in THIS case)?  Do tell.  I'm
waiting.

-Stefan.
0
Stefan
7/31/2002 6:54:00 PM
Geek wrote:

> On Wed, 31 Jul 2002 15:54:25 +0100, "Jonathan Davis"
> <everclear_rule@punkass.com> wrote:
>
>> The RIAA broke the golden rule - If you have a website don't piss
>> off a DoS attacker.
>>
> So, any website that pisses you off gives you the entitlement to Ddos
> it?  Not really following the logic here.

Hi Geek,

There's an old adage that says...
"Power unused is power lost."

Let me be the first to say that "stupidity" is not a power,
nor should it be considered a reliable ally by those rare few
who choose to cloak themselves within its mantle.

'Seek and ye shall find'
NT Canuck
0
NT
7/31/2002 6:55:00 PM
On Wed, 31 Jul 2002 01:08:37 -0700, Steve Gibson <support@grc.com>
wrote:

>
>			http://www.riaa.org/
>Folks ...
>
>As you may know, last Thursday the RIAA endorsed a bill written by a 
>California Representative, Howard Berman.  Though I have not studied 
>the bill closely, it reportedly authorizes copyright holders to begin 
>"blocking, diverting or otherwise impairing" peer-to-peer networks.
>
Does anyone have information on the actual bill?  I'll like to check
the actual wording on it. 

>Needless to say, while I certainly don't endorse wholesale music or 
>other intellectual property piracy, I worry A LOT when I see reckless 
>legislation being purchased by powerful special-interest groups ... 
>as is certainly and clearly the case in this instance.

Business as usual in Washington.<G>
>

>This proposed bill apparently grants "hacking immunity" to Hollywood, 
>allowing them to attack the computers of anyone they say they have 
>cause to believe may be participating in illegal sharing of 
>copyrighted material -- up to and including the deletion of files on 
>the target machine.  It's unbelievable.

Apparently this mindset is running wild in Washington.
http://www.usatoday.com/tech/news/computersecurity/2002-07-31-security-hacking_x.htm
>
>All things considered, I can't say that I am entirely unhappy that 
>the RIAA is getting a nice dose of the vigilante "medicine" it is 
>asking for our government's license to pursue for itself.  WHAT are 
>they thinking?

So, if a website like GRc ticks you off, it's ok to Ddos?
>
Snipped.....

Personally, I see this as part of the overall deviation from the
original intent of information sharing concept for the internet.
Commercial interests continues to erode that concept, so it would
indeed be interesting.

Geek..
0
handyman
7/31/2002 6:57:00 PM
"Stefan" shoots both barrels:
<snip>
> And if you think congress passes bills into
> law as a "trap", you need be put away in a nut house somewhere.
This is related to the topic.... how? <g>

Relax, "Big Guy", no one's trying to bludgeon you to death here! <g>
I can *clearly* see your point and rate it as extremely valid (no thanks
necessary) but I am beginning to find the "delivery" a little lacking! <g>

Will you flame me too for this? LOL!

Cheer up,
just axn


---
W2K/BIND-PE/ICS/CHX-I PF/KPF:
http://members.shaw.ca/b.e/bind_experiment.htm
---
�,�����,�~�,�����,�~�,��NOSPAM��,�~�,�����,�~�,�����,�
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002
0
just
7/31/2002 6:58:00 PM
On Wed, 31 Jul 2002 11:58:50 -0700, "just axn" <rbeNOSPAM@shaw.ca>
wrote:

>"Stefan" shoots both barrels:

>Relax, "Big Guy", no one's trying to bludgeon you to death here! <g>
>I can *clearly* see your point and rate it as extremely valid (no thanks
>necessary) but I am beginning to find the "delivery" a little lacking! <g>
>
>Will you flame me too for this? LOL!
>
Gotta wonder what he did for the two month Steve was gone.<G>

Geek..
0
handyman
7/31/2002 7:04:00 PM
> >The RIAA broke the golden rule - If you have a website don't piss off a
DoS
> >attacker.
> >
> So, any website that pisses you off gives you the entitlement to Ddos
> it?  Not really following the logic here.
>
> Geek..

i'm not saying it's ok to Ddos a website - in fact it is very wrong to Ddos
a website
i'm just saying that the people who Ddos websites will not hesitate to Ddos
you if you piss them off because they are people who have no respect for
anyone and they are mostly childish people (eg: wicked's attack on grc)

if you don't piss them off they have no reason to attack you
if you do piss them off then they will see you as a good target for their
illegal activities
--

Jonathan
________________________________
http://www.classickidstv.co.uk
http://www.jonathandavis.info
>
0
Jonathan
7/31/2002 7:05:00 PM
"just axn" wrote in message:

> Relax, "Big Guy", no one's trying to bludgeon you to
> death here! <g>

That's only because I'm cleverly hidden in Canada.  :-)


> I can *clearly* see your point and rate it as extremely
> valid (no thanks necessary)

thanks, anyway.


> but I am beginning to find
> the "delivery" a little lacking! <g>

I don't think it deserved much higher.  It didn't address anything on topic.
We covered how the recording industry rips of artists, and how everything
will be an advantage to Microsoft.  Neither was at all on topic, and rather
a waste of time to bother with in the first place.  ahh... c'est la vie.


> Will you flame me too for this?

nah...  you agreed with me....  never flame the people who agree.  ;-)

-S
0
Stefan
7/31/2002 7:06:00 PM
Stefan wrote:
> "Steve Gibson" wrote in message:
>
>
>> Folks ...
>> As you may know, last Thursday the RIAA endorsed a bill
>> written by a California Representative, Howard Berman.
>
> Let's be serious.  Mr. Berman got a big cheque from some hidden RIAA
> account, so he would merely present the bill.  He most likely didn't
> so much as bother to even read it for himself before presenting it.
> Of course the RIAA endorsed it...  they wrote it.
>
>
>> I believe that the industry, the government, law
>> enforcement, and the public are utterly clueless
>> about the seriousness of the new and growing DoS
>> problem -- as demonstrated by several recently
>> created DDoS attack tools.
>
> Steve...  why do you always seem to think you're the only one who
> knows "the way things REALLY are"?  Nobody understands the
> seriousness of it, except you...  yea, ok then.

An interesting way to read more than has been said. The "industry, the
goverment, law enforcement, and the public" is hardly everyone.

Though I would have said "largely" rather than "utterly". But that's me.

>> I know much more about what's been going on
>> recently than I am any longer willing say.
>> ... [snip] ...
>> anything I say at this point would be
>> substantially redundant in nature
>
> Let's recap...  You know more than you're willing to say, but you
> won't say it because you've already said it, and it would be
> redundant?  That makes sense to me.

Who said anything about Steve already having said it? I think the point he
is making is that some security by obscurity is responsible, even if it only
entails not recklessly flaunting potentially hazardous information.

>> and significantly damaging in detail.
>
> If it would all be "substantially redundant", isn't it somewhat of an
> oxymoron to also suggest it would be "significantly damaging" at the
> same time?

Heh. The two aren't, by their nature, contradictory.

> Honestly... I find it ammusing that you think ANYTHING
> you say will shift the balance of power in ANY direction (in terms of
> this bill being passed or not).

Who said anything about what Steve says influencing this bill? I THINK he
meant that the DDOS situation could be made worse if too much information
becomes high-profile.

> That is to suggest you probably
> can't say anything "significantly damaging" to anyone but you.  You
> might say something whacky and get your own site blown off the net
> again, but I'm stuggling to see what great, significantly damaging,
> substantially redundant statement you make in terms of this bill
> being passed.

Again with the straw man.

>> It would only make matters worse.
>
> For who?

For the internet, I'd assume? I doubt Steve is going to martyr himself on
the spike of defending people who trade mp3's via p2p software.

>> This proposed bill apparently grants "hacking
>> immunity" to Hollywood, allowing them to attack
>> the computers of anyone they say they have cause
>> to believe may be participating in illegal sharing
>> of copyrighted material -- up to and including the
>> deletion of files on the target machine.  It's
>> unbelievable.
>
> Let's be serious for a second.  This legislation will pass at
> approximatly the same time that my ass walks on Jupiter.

I agree. But sitting and keeping quiet about opinions against such things
makes them more likely. The RIAA has money, the general public has voices
and lots of them. Such is democracy, eh?

> The ISPs will have some major issues with the thought of their
> bandwidth/$$$ (bandwidth = $$$ to them) being sucked up by
> "completely legal" DDoSes from the RIAA and the MPAA, so the ISPs
> will be first in line to shoot this bill full of holes.  Or did the
> RIAA and MPAA plan on compensating the owners of the network's they
> plan to attack?

Or they may just convince the ISP's to drop the "expensive" customers.

Anyways, tired of replying to you essentially agreeing with Steve that this
act is a bad thing while trying to spite him all you can, so I'll sign off
here.

Regards,
Sam
--
Welcome to Earth. A subsidiary of Microsoft�.
0
Sam
7/31/2002 7:07:00 PM
"Geek" <handyman@firstaid.org> wrote in message
news:3d4830fb.5031563@news.grc.com

> Personally, I see this as part of the overall deviation from the
> original intent of information sharing concept for the internet.
> Commercial interests continues to erode that concept, so it would
> indeed be interesting.

Geek,

I don't follow you.  Information sharing continues on the Internet, despite
the appearance of commercial interests.  Sharing stolen software, music, and
movies are not what I call information sharing.

--
Robert
List of Lists
http://lists.gpick.com/
Eric Howe's Privacy and Security Site
http://www.staff.uiuc.edu/~ehowes/main-nf.htm
0
Robert
7/31/2002 7:08:00 PM
Welcome back Stefan.

-- 
_________________________________________________________________
Steve.
0
Steve
7/31/2002 7:11:00 PM
"Steve Gibson" <support@grc.com> wrote in message

> Welcome back Stefan.

It's nice to know you missed me.  :-)

-Stefan.
0
Stefan
7/31/2002 7:23:00 PM
In article <ai9a12$2o4j$1@news.grc.com>, Stefan 
transmitsitlikethis:
 
> "waves" wrote in message:
 
> > I gather this RIAA is a very financially powerful
> > group?  Yeah, no wonder, not paying those artists any
> > money!  I can't *believe* they only get pennies from
> > each cd!  It's an outrage!  They should be getting at
> > least 50%!  The RIAA are *thieves* of the highest
> > order!!!
 
> This is related to the topic.... how?

You reap what you sow?  Everything's related Stefan, 
this is the problem.  Too much interconnectivity.


> > You people allow thieves to make your laws?
 
> "thieves"?  what'd they steal?  They didn't make a law.  They convinced a
> member of congress to present a bill.  That's it.  Nothing more.

I know, Stefan, calm down, calm down.


> > Though, IF such a "law" got passed, it would be to the
> > advantage, also, eventually, in a very short time
> > thereafter, to Microsoft.
 
> Gee...  I didn't see this coming.  Bill Gates....  Antichrist...  AHHHHH!!!

Don't tell me you're of *that* brigade ... that one 
where you all think Bill Gates is the Antichrist?  I 
think you've got a problem if you think that.  No, I 
was just looking a bit ahead to the future, it was an 
inevitable conclusion to make. The future won't take 
care of itself Stefan, you have to look forward to it.


> > Then Microsoft could legally hack into users'
> > computers and disable/destroy unlicensed/paid
> > for software.
 
> So pay for your f***ing software, or use Linux.  

You are such a savage Stefan.  I do pay for my 
software and I will use Linux.


> If someone stole something
> "physical" from you, it makes perfect sense to go get it back, no?  Do you
> have absolutly no concept of intellectual property?

I understand it completely.  It's just a laughing 
mess. But, kinda serious, too, ya know?


> > Would it be helpful if Microsoft backed
> > up the RIAA?  Maybe they do already?

> I love the way some freaks can take ANYTHING...  absolutly ANYTHING... and
> use it as ammo against Microsoft.  

You are beginning to frighten me, Stefan, with this 
mad talk.  What "freaks" are you talking about and 
well, WHAT are you talking about?! ?


> I swear...  If innocent people die in
> Afghanistan, you most likely have a reason that it's Microsoft's fault, or a
> way Microsoft will soon be using it to their advantage... 
 
Haven't you gotten up to that part in your therapy 
yet, where they teach you about projecting all your 
inner qualities onto others?  Stefan, do you really 
believe what you just wrote?  

> let it go already.

Let *what* "go"?  Your eggo?
 

> > Maybe, too, the talk of this "law" is a trap, a trick,
> > to catch all the people who would be expected to
> > start  "ddosing" this RIAA site when they heard the
> > mention of same?
 
> It's not a law, it's a bill.  And if you think congress passes bills into
> law as a "trap", you need be put away in a nut house somewhere.

Intended to *be* "law", Stefan.  No, I don't need to 
be put away in a "nut house somewhere", are *you* 
crazy? And is this the best you can do? 

 
> okeedookee then...
 
The way you say that, it makes you sound like an 
idiot.  No offence, nothing personal.

 
> -Stefan.

> 
0
waves
7/31/2002 7:24:00 PM
Stefan wrote:
> "Steve Gibson" wrote in message:
>
>> Yes, I am working, and have always been working, to
>> bring about change.  And, yes ... I do seem to have
>> forgotten to ask for your permission.
>
> Is this a reply to anything in particular, or just an attempt to puff
> out your chest and tell me about all the important people you've
> given lectures to?  You didn't answer a damn thing, but I guess I'm
> not too shocked.

About as cogent to your points as your rant was to anything Steve has done.

> Am I supposed to "ooh and ahh" that you got to talk to the "Los
> Angeles Federal Courthouse, all of Southern California's cybercrime
> law enforcement agents from the FBI, CIA, Secret Service, and other
> less well known agencies"?  Sorry, but I fail to see any relation
> between what I asked, and what you told me.

I saw lots of rhetorical questions. Did you want to point out your serious
questions again?

> It was nothing short of
> an amazing "blowhard" reply...
>
>> Afterward, I received an invitation to speak at the annual
>> Department of Justice Technology conference in Washington.
>
> Be sure to say hi for me.
>
> You said "I believe that the industry, the government, law
> enforcement, and the public are utterly clueless about the
> seriousness of the new and growing DoS problem".  You actually thinks
> nobody "gets it", except you.  We're all "utterly clueless", but not
> the amazing Steve Gibson.  It's what you said... go read it.

It's been a while since I have considered myself a member of "the public" in
these matters.

> I'm saying that an over-all understanding may be thin, but there's
> enough education out there that this bill would never pass and will
> never pass. The world isn't run by complete retards.  the issues I
> raised will all be on the table before this bill ever gets even a
> chance at becoming law.  And it will die on the very table.

I've heard the same said about other bills that are now in force (I think).
I'm not sure what objection you have to more information about this act and
more voices calling out against it.

> You reply with sarcastic nonsense about needing to ask my permission.
> Here's an idea...  Cut the sarcasm, and why not address the point I
> raised about you actually *condoning* a DDoS against the RIAA's
> website.  Is that what you've become?  Mr. Don't DDoS me... boo hoo
> hoo....

*laugh*

"I'm not entirely unhappy" is "condoning"? It sounds more like a statement
of neutrality to me.

The rest was based on the same, so I've snipped it. *shrug*

Regards,
Sam
--
Welcome to Earth. A subsidiary of Microsoft�.
0
Sam
7/31/2002 7:24:00 PM
In article <3d4830fb.5031563@news.grc.com>, handyman@firstaid.org 
says...
> Does anyone have information on the actual bill?  I'll like to check
> the actual wording on it. 
> 
http://www.house.gov/berman/pr072502.htm

Bob Vanderveen
0
Anonymous
7/31/2002 7:26:00 PM
"Sam Schinke" <sschinke@myrealbox.com> wrote in message:

> I saw lots of rhetorical questions. Did you want to point
> out your serious questions again?

1. When is a DDoS "evil", and when is it "vigilante medicine" being used in
a good way?

2. Who gets to decide when it's good or bad?


> It's been a while since I have considered myself a
> member of "the public" in these matters.

You'll have forgive me if I don't make that exclusion...  for either of us.


> I've heard the same said about other bills that are now
> in force (I think).

you heard that.....  from me?  no.  So at doesn't really apply here.  I
wasn't exactly shocked when the DMCA passed.  I would be if this is passed.


> I'm not sure what objection you have to more
> information about this act and more voices calling
> out against it.

No objection at all.  I could do without two things...

1. the notion that nobody else alive is smart enough to understand the
consequences.

2. the whacked notion that the DDoS against riaa.org is not every bit as bad
as the DDoS against grc.com was.


> "I'm not entirely unhappy" is "condoning"? It sounds more
> like a statement of neutrality to me.

What do you think "condone" means?
http://www.dictionary.com/search?q=condone

To "overlook", "forgive" or "disregard" without protest.  Sounds about like
what Steve said.  I chose the word carefully.  I didn't say he was asking
everyone here to go and do it...  just that he wasn't looking at it as a
problem.

-Stefan.
0
Stefan
7/31/2002 7:32:00 PM
Sam Schinke wrote:
> *laugh*
>
> "I'm not entirely unhappy" is "condoning"? It sounds more like a
> statement of neutrality to me.

Jeez, and I just went back and re-read the original. Talk about taking it
out of context. For shame Stefan.

Steve CLEARLY indicated that he wasn't unhappy that the RIAA is getting a
dose of the repurcussions of power they are obviously lobbying for.

Here, lets put it back in context:

"All things considered, I can't say that I am entirely unhappy that
the RIAA is getting a nice dose of the vigilante "medicine" it is
asking for our government's license to pursue for itself."

Nope, nothing about "it's ok to DDos people that upset you". It's more of a
statement of humorous irony. I could make anaologies to the gun world, and
gun advocates, but I think you get the idea.

Regards,
Sam
--
Welcome to Earth. A subsidiary of Microsoft�.
0
Sam
7/31/2002 7:33:00 PM
"Sam Schinke" <sschinke@myrealbox.com> wrote in message:


> Nope, nothing about "it's ok to DDos people that
> upset you". It's more of a statement of humorous irony.

I never drew that connection.  I merely pointed out that he DID:
(take your pick)

a) condone
b) dismiss
c) forgive
d) overlook
e) not object to

....the DDoS against the RIAA's website.

So, if this DDoS isn't "bad", when else is it not "bad"?

-S
0
Stefan
7/31/2002 7:38:00 PM
"Stefan" spins perspectively:
> > Relax, "Big Guy", no one's trying to bludgeon you to
> > death here! <g>
>
> That's only because I'm cleverly hidden in Canada.  :-)
You're not a terrorist after all? <g>

> > I can *clearly* see your point and rate it as extremely
> > valid (no thanks necessary)
> thanks, anyway.
(no thanks necessary)

> > but I am beginning to find
> > the "delivery" a little lacking! <g>
 > I don't think it deserved much higher.  It didn't address anything on
topic.
<g>!

> We covered how the recording industry rips off artists, and how everything
> will be an advantage to Microsoft.  Neither was at all on topic, and
rather
> a waste of time to bother with in the first place.  ahh... c'est la vie.
It is the life for some!

> > Will you flame me too for this?
 > nah...  you agreed with me....  never flame the people who agree.  ;-)
More precisely, I agree with you *in point* but not necessarily in "volume".

To try to remain on topic here <g>, I would ask just how P2P'ers are
*supposed* to react? I mean, here's a bunch of rich, powerful lobbyists
trying to ram something down everyone's throat with little regard for
anything else other than money. It at least gives the impression that if one
does not have equal *powers* but does have a computer (*nix or no <g>), you
have a right to defend yourself *in advance* so to speak. P2P'ers en masse
cannot easily wield a bigger stick than their DoS clubs <g>.

From another standpoint, artists have always been ripped off by the
recording companies in one form or another. What better way could they
transfer that animosity than to shift it to us "thieves"? Unfortunately, big
biz pays people to come up with schemes like this, and it will *probably*
always be a big biz "concept".

If the RIIA members don't want to focus on giving more to their artists, but
would rather "buy some time" with clever schemes to circumvent a particular
issue, why can't everyone see it for the smoke-screen it really is?

We all know they don't have a hope in hell of actually getting the billed
passed, and so do they! Meanwhile they can say to their artists "Hang on,
we're doing everything possible to get you more bones, but from the people
who are directly responsible for sales declinations; those 'damn' P2P'ers!"

They (recording industry) know full well that it will be tied up in courts
forever.

I feel better now,
just axn


---
W2K/BIND-PE/ICS/CHX-I PF/KPF:
http://members.shaw.ca/b.e/bind_experiment.htm
---
�,�����,�~�,�����,�~�,��NOSPAM��,�~�,�����,�~�,�����,�
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002
0
just
7/31/2002 7:48:00 PM
Stefan wrote:
> "Sam Schinke" <sschinke@myrealbox.com> wrote in message:
>> "I'm not entirely unhappy" is "condoning"? It sounds more
>> like a statement of neutrality to me.
>
> What do you think "condone" means?
> http://www.dictionary.com/search?q=condone

v : excuse or make allowances for; be lenient with; "excuse someone's
behavior"

*shrug*

I see a difference. It certainly isn't condemning the acts, but there are
shades between condemning and condoning something.

> To "overlook", "forgive" or "disregard" without protest.  Sounds
> about like what Steve said.  I chose the word carefully.  I didn't
> say he was asking everyone here to go and do it...  just that he
> wasn't looking at it as a problem.

I agree with Steve here: A group lobbying for the right to use particular
"offenses" (as in modes of attack) against the public essentially at their
discretionm when it would otherwise be illegal is not a group I would be
unhappy seeing those same modes of attack targetted against. I wouldn't
participate myself, nor "condone" the acts, but I would be less concerned
about it that against other targets.

As a general statement, it works for me. There are some reasonable
exclusions of course, lest I be bludgeoned with them (eg, self defense is
one place where otherwise illegal acts are permissible), but I don't think
defense or retribution against theft is one of them.

Regards,
Sam
--
Welcome to Earth. A subsidiary of Microsoft�.
0
Sam
7/31/2002 7:51:00 PM
Stefan wrote:
> "Sam Schinke" <sschinke@myrealbox.com> wrote in message:
>
>
>> Nope, nothing about "it's ok to DDos people that
>> upset you". It's more of a statement of humorous irony.
>
> I never drew that connection.  I merely pointed out that he DID:
> (take your pick)
>
> a) condone
> b) dismiss
> c) forgive
> d) overlook
> e) not object to
>
> ...the DDoS against the RIAA's website.

Whatever the connection, the circumstance is pretty specific, don't you
think?

> So, if this DDoS isn't "bad", when else is it not "bad"?

I guess to generalize it:

It is humorous to observe DDoS against parties that are lobbying for it to
be legal for them to DDoS or perform various otherwise illegal acts
essentially at their discretion.

Whether or not it makes me unhappy about something though, doesn't reflect
on whether I think it should have been done.

Regards,
Sam
--
Welcome to Earth. A subsidiary of Microsoft�.
0
Sam
7/31/2002 7:56:00 PM
NOW I remember why I unsubscribed to this entire newsgroup...

Bye.
0
Kerry
7/31/2002 8:03:00 PM
In article <ai9ebn$2tep$1@news.grc.com>, Stefan said...
> 
> "Sam Schinke" <sschinke@myrealbox.com> wrote in message:
> 
> 
> > Nope, nothing about "it's ok to DDos people that
> > upset you". It's more of a statement of humorous irony.
> 
> I never drew that connection.  

You didn't? ...

	"...but the RIAA....  well they endorsed a bill I don't agree 
	with, so go ahead and DDoS them...  I don't feel bad when they get 
	a taste of some vigilante medicine.  It's OK to DDoS them....  
	just 	not me."

> I merely pointed out that he DID: (take your pick)
> 
> a) condone
> b) dismiss
> c) forgive
> d) overlook
> e) not object to
> 
> ...the DDoS against the RIAA's website.

Incorrectly, as usual. Also as usual, it appears your written 
comprehension has let you down. 

I don't condone vandalism. And if someone threw your PC out of your 
window as an act of vandalism, I wouldn't condone that. But I imagine I 
wouldn't be the only one here who couldn't say they were entirely 
unhappy that it happened.

You need a dictionary reference, I suppose, even for such an obvious 
concept. Try this ...

	http://www.dictionary.com/cgi-bin/dict.pl?term=schadenfreude

	"schadenfreude
	n. 
	Pleasure derived from the misfortunes of others."

 ... and mix it with the irony Sam describes. Get it now?

> So, if this DDoS isn't "bad", when else is it not "bad"?

They're all bad. Only you see that belief as being mutually exclusive 
with some satisfaction in seeing the RIAA being hoist with own petard. 

No chance of you acknowledging the possibility that you got it wrong, I 
suppose?

-- 
Milly
0
Milly
7/31/2002 8:07:00 PM
"Kerry Liles" wrote in message:

> NOW I remember why I unsubscribed to this entire newsgroup...
>
> Bye.

Don't let the doorknob smack you in the ass on the way out.

-Stefan.
0
Stefan
7/31/2002 8:11:00 PM
"Stefan" <no.sp@m.com> wrote in message ...
> "Steve Gibson" wrote in message ...

After watching that, a line from Bablylon5 comes to mind:

"Worst case of testosterone poisoning I've ever seen."
0
bb
7/31/2002 8:15:00 PM
someones gonna get flamed
:-)

--

Jonathan
________________________________
http://www.classickidstv.co.uk
http://www.jonathandavis.info
0
Jonathan
7/31/2002 8:18:00 PM
I'd like to start a branch of this thread that focuses on the bill itself.

First of all, if you read the text of the bill, it indicates that a
copyright holder would not be permitted to delete files other than those
files whose contents are covered under that person's copyright.  Not sure
that was clear in the first place.

However, something which concerns me a little bit more is the definition of
a "publicly available peer-to-peer" network.  The bill could conceivably be
interpreted to include in this definition Windows networking shares.

Also, the bill mentions that copyright holders would be required, at least 7
days in advance, to notify the Justice Department (in a way that the AG
would specify) of any technologies planned to be used in taking this sort of
action.  I wonder if there are any FOIA-related specifications which would
make such information publicly available, since the action the copyright
holders would be taking is not a law-enforcement action of any sort.

You can access text of the bill at http://www.house.gov/berman/pr072502.htm
..  There is a link to a pdf of the bill at the bottom of the page.

Barry
0
Barry
7/31/2002 8:22:00 PM
Milly wrote: (in response to stefan)

> I don't condone vandalism. And if someone threw your PC out of your
> window as an act of vandalism, I wouldn't condone that. But I imagine I
> wouldn't be the only one here who couldn't say they were entirely
> unhappy that it happened.

ROTFL ROTFL I knew there was a reason I liked you. :)

-- 
  __ _  ____
 /  ' \/ __/                                    http://mctech.org/
/_/_/_/\__/                                     http://pchelpers.org/
---------------------------------------------------------------------
My email address(s) are my private property.  They are NOT to be used
or recorded for ANY reason without my explicit permission.  Disregard
of this statement is in violation of federal privacy & copyright law.
---------------------------------------------------------------------
"He who would trade an ounce of freedom for a pound of security loses
both and deserves neither."                     ..Benjamin Franklin..
---------------------------------------------------------------------
The World Trade Center II will rise from the flames and ashes of the
original. Just like the PHOENIX of legend, The WTC2 will rise again.
0
mc
7/31/2002 8:22:00 PM
In article <ai9a12$2o4j$1@news.grc.com>, Stefan 
transmitsitlikethis:
 
> "waves" wrote in message:

> > Then Microsoft could legally hack into users'
> > computers and disable/destroy unlicensed/paid
> > for software.
 
> If someone stole something
> "physical" from you, it makes perfect sense to go get it back, no?  Do you
> have absolutly no concept of intellectual property?

It may may "perfect sense" to you, but as out here in 
the "real world", possession is nine-tenths or so of 
the law?  You can't just come and break my door down 
to get back whatever I stole from you, now can you?   
You need to go the police, then you've got to go 
through the courts, get warrants and stuff like that.  
So why should this people be be able to break into 
user's computers, their personal property?  I 
think then that we should have the same bill passed 
out here, in the real world, if someone steals 
something from you (even if you're not 100% certain 
that you've got the right thief), it's ok to go and 
knock their door down and check and wreck the place 
while you're at it.  Fair's fair?  The only people who 
work that way are gangsters!  Of course, then 
everybody would be sitting inside their front doors 
with weapons, waiting for the intruders.  It's war 
everywhere you go.

Most of the software's unistaller's are not very good. 
They can sometimes mess up an otherwise good machine.  
What kind of a guarantee could we get that when this 
hacking of a user's computer is undertaken, to remove 
whatever it is the RIAA insists is theirs, is done so 
in such a way as to leave the user's comp is no worse 
a state than it was prior to the removal of whatever 
by the *owners* of some software? 

This idea of "legally hacking" into someone's computer 
to remove something because it is deemed stolen 
property is really a reasonable thing to suggest from 
a legal point of view.  It's one of those things 
though that works good in theory, but not in practice.  
I should think that all these industries who are 
claiming that people are stealing their software 
should just accept that this is the way it will always 
be.  Out there in the "real world", it's accepted that 
a certain proportion of your stock is going to be 
stolen from the general public, or your very own 
employees.  And this happens, no matter how many 
cameras, and how many security tags and security 
guards they put on.  The businesses just accept it and 
get on with it.  Like the RIAA and any other 
interested parties should do. 


> -Stefan.
0
waves
7/31/2002 8:26:00 PM
Steve Gibson wrote:

> 
> http://www.riaa.org/
> Folks ...
> 
> As you may know, last Thursday the RIAA endorsed a bill written
> by a
> California Representative, Howard Berman.  Though I have not
> studied the bill closely, it reportedly authorizes copyright
> holders to begin "blocking, diverting or otherwise impairing"
> peer-to-peer networks.

        Still timing out on 31/07/02 - time 1:26pm pst.

------------------------------------------------------

                DaR
0
DaR
7/31/2002 8:27:00 PM
waves wrote:

> It may may "perfect sense" to you, but as out here in
> the "real world", possession is nine-tenths or so of
> the law?  You can't just come and break my door down
> to get back whatever I stole from you, now can you?
> You need to go the police, then you've got to go
> through the courts, get warrants and stuff like that.
> So why should this people be be able to break into
> user's computers, their personal property?  I
> think then that we should have the same bill passed
> out here, in the real world, if someone steals
> something from you (even if you're not 100% certain
> that you've got the right thief), it's ok to go and
> knock their door down and check and wreck the place
> while you're at it.  Fair's fair?  The only people who
> work that way are gangsters!  Of course, then
> everybody would be sitting inside their front doors
> with weapons, waiting for the intruders.  It's war
> everywhere you go.

You're getting warm Waves. ;-)

USA folk may get this two items that were overlooked better...
Civil liberties
War Measures Act

They're not so much asking for it to be "legal" as they are asking
the courts for "immunity" from prosecution and civil suits.

Also consider that "Kazaa" was negotiating with some
entertainment industry about a royalty fee being paid in
exchange for being allowed to continue the P2P.
So...
Did Kazaa make a deal and Morpheus didn't?
Did Kazaa (or others) "blow" the deal and this is pressure?

IMO...if they catch someone actually ripping off their company
website for some records (smoking gun)...go ahead and toast the line...
but if they're going after someone in any other manner..where's the
"due process" we so admire the USA for preaching and defending?

'Seek and ye shall find'
NT Canuck
0
NT
7/31/2002 8:47:00 PM
> 1. When is a DDoS "evil", and when is it "vigilante
> medicine" being used in a good way?

I don't believe that an abuse of the Internet's protocols for the 
purpose of attacking another machine is ever good. I never meant
to say or imply otherwise, and you appear to have misunderstood my 
intent, either deliberately or not ...

Does that mean that a bad attack can't have something of a silver 
lining, bad though the attack itself is?   No.   I believe that the 
lining of this RIAA attack has some silver.

Unlike an attack against GRC or many of the other small-time 
enterprises that are hugely or entirely dependent upon being online, 
the RIAA will doubtless survive unscathed.  I don't know how 
dependent upon their web presence they are, but I doubt it's a 
crucial component of their existence as the GRC site is for me.

But, as I originally explained, there is a potentially huge benefit 
to be derived from the powerful demonstration of the ability of the 
Internet's hackers to hold the RIAA offline for as long as they wish.  

If you can't understand how this attack could have incredibly 
powerful and important collateral benefits for the Internet, then I 
certainly understand why nothing in my original note would have made 
any sense to you.  (Though your penchant for attacking me personally 
seems more to be something you do for your own self aggrandizement.)

Perhaps because of our difference in experience, or perhaps because 
you really don't have any idea who I am, you misunderstand me at 
every turn. When I mention that I have been invited to speak to the 
DOJ in Washington it's not from a need to puff myself up, but rather 
to clearly demonstrate that some of the people present DO UNDERSTAND 
the inherent importance of the information I am conveying.


> 2. Who gets to decide when it's good or bad?

I just made a little posting of opinion to my newsgroup server.
You appear to take it quite personally.


> No objection at all.  I could do without two things...
> 
> 1. the notion that nobody else alive is smart enough to
> understand the consequences.

I never said anything like that Stefan.  But with all of the contact 
I have with the world through this web site, speaking to large and 
small public and private groups, I have developed a clear sense for 
the fact that most people lack any appreciation for the reality of 
the vulnerability the Internet faces.

I know that you understand it clearly, Stefan, but you are not 
everyone else, and not everyone else understands.

And nowhere have I ever implied that people were not "smart enough" 
to understand.  That's your own peculiar spin Stefan.  I just said 
that all of the evidence I have been in a position to collect 
demonstrates that they don't.  But I am hopeful that the upside of 
this RIAA attack (which I have no control over one way or the other) 
may be that more people will begin to understand.

That would be great for everyone.


> 2. the whacked notion that the DDoS against riaa.org is
> not every bit as bad as the DDoS against grc.com was.

Yes, as I have stated, I believe that the RIAA attack has the 
potential for creating some very beneficial collateral benefits.
The more I read of your ranting about this, Stefan, the less it
seems that you read or understood what I wrote.

-- 
_________________________________________________________________
Steve.
0
Steve
7/31/2002 8:51:00 PM
> I feel better now,

I'm glad that you feel better axn.  But I am less confident about the 
bill's lack of chance for passing.  The unthinkably horrible DMCA 
(Digital Millennium Copyright Act) is certainly here ... and causing 
all manner of trouble.

I just wish that our government had not become a system that's sold 
out to the highest bidder.  This is certainly not the way it was 
designed.  Fortunately we have the Supreme Court, but they can't bear 
the burden for dealing with all of the legislature's grafting 
behavior.

-- 
_________________________________________________________________
Steve.
0
Steve
7/31/2002 9:15:00 PM
Actually if you check the Open Secrets  Websites http://www.opensecrets.org
for Howard Berman you'll find he doesn't have a big war chest.($846,958 as
opposed to say Teddy Kennedy 3,829,750).   He doesn't need one.  His
district is something like 70% Democratic and he's pretty much unopposed .
The same is true of Cong. Waxman who even needs less money for him to stay
in office..  Their power comes not in actually having the money but in their
ability to direct the money to other members and or candidates.  His current
donations from the entertainment industry  was only $186,891 as compared to
Teddy Kennedy's $239,000.

"Stefan" <no.sp@m.com> wrote in message news:ai93hr$2h48$1@news.grc.com...
> "Steve Gibson" wrote in message:

> Let's be serious.  Mr. Berman got a big cheque from some hidden RIAA
> account, so he would merely present the bill.  He most likely didn't so
much
> as bother to even read it for himself before presenting it.  Of course the
> RIAA endorsed it...  they wrote it.
0
Rick
7/31/2002 9:33:00 PM
"Steve Gibson" wrote:
> > I feel better now,
>
> I'm glad that you feel better axn.
Hi Mr.G! Yes, I had a chance to vent and it always makes me feel better! <g>

> But I am less confident about the
> bill's lack of chance for passing.  The unthinkably horrible DMCA
> (Digital Millennium Copyright Act) is certainly here ... and causing
> all manner of trouble.
>
> I just wish that our government had not become a system that's sold
> out to the highest bidder.  This is certainly not the way it was
> designed.  Fortunately we have the Supreme Court, but they can't bear
> the burden for dealing with all of the legislature's grafting
> behavior.
My faith in the US Gov. stems from its origin - the American people.
Fortunately, even in the US, governments have come and gone via the wrath of
the voting public. I can only hope that "untimely' legislation is not
entirely irreversible, like it appears to be in some countires today!

Welcome back, and thank you for giving us a "Gentleman's Platform"! <g>

High Regards,
just axn


---
W2K/BIND-PE/ICS/CHX-I PF/KPF:
http://members.shaw.ca/b.e/bind_experiment.htm
---
�,�����,�~�,�����,�~�,��NOSPAM��,�~�,�����,�~�,�����,�
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002
0
just
7/31/2002 9:33:00 PM
Barry,

> First of all, if you read the text of the bill, it indicates
> that a copyright holder would not be permitted to delete files
> other than those files whose contents are covered under that
> person's copyright.  Not sure that was clear in the first place.

The problem is, I doubt that file deletion will be available. So, in 
the words of the Bill (House Resolution) itself, the ...

	" Copyright owner shall not be liable in any criminal
	or civil action for disabling, interfering with,
	blocking, diverting, or otherwise imparing ... "

To me, this seems onerous in the extreme.  It is a license for Denial 
of Service flooding attacks against individual machines on the 
Internet.

One machine would participate on the peer-to-peer network -- as a 
"sniffer".  When it found a machine believed to be hosting a 
copyrighted work it would pass this information to another machine
-- or network of machines -- with instructions to "disable, interfere 
with, block, divert, or otherwise impair" the operation of that 
hosting machine.

Given the practical limitations of the Internet's technology, this 
appears to be a license to allow entities who believe their material 
is being illegally shared to attack those believed to be sharing it.

Oh ... and it is acceptable for "economic loss" by the file trader to 
be caused as a result ... with full immunity from the government.

-- 
_________________________________________________________________
Steve.
0
Steve
7/31/2002 9:34:00 PM
> My faith in the US Gov. stems from its origin - the American
> people. Fortunately, even in the US, governments have come
> and gone via the wrath of the voting public. I can only hope
> that "untimely' legislation is not entirely irreversible,
> like it appears to be in some countires today!

In principle I agree with you completely.  But I have served as
an expert witness in a number of technical trials, and worked with 
attorneys in other technical cases.  I have become completely 
disillusioned about the ability of the legal system to fairly judge 
in matters which are highly technical.  It just can't.

So today I have hugely diminished faith in our legal system's ability 
to see this new bill, or future bills like it which will surely 
follow, for the dangerous vehicles I think they are.


> Welcome back, and thank you for giving us a "Gentleman's Platform"! <g>

I'm very glad to be back.  Thanks for your welcome.

-- 
_________________________________________________________________
Steve.
0
Steve
7/31/2002 9:39:00 PM
"Steve Gibson" returns:
> > My faith in the US Gov. stems from its origin - the American
> > people. Fortunately, even in the US, governments have come
> > and gone via the wrath of the voting public. I can only hope
> > that "untimely' legislation is not entirely irreversible,
> > like it appears to be in some countires today!
>
> In principle I agree with you completely.  But I have served as
> an expert witness in a number of technical trials, and worked with
> attorneys in other technical cases.  I have become completely
> disillusioned about the ability of the legal system to fairly judge
> in matters which are highly technical.  It just can't.
>
> So today I have hugely diminished faith in our legal system's ability
> to see this new bill, or future bills like it which will surely
> follow, for the dangerous vehicles I think they are.
So, go on doin' what you've been doin' Steve - go kick some butt.
You have the grace and best wishes of everyone in here behind you, that's a
*given*!

I, for one, totally enjoy your eloquently "guarded" posts here (anywhere)
and the literary flavor with which you bundle them!
Thank you very much for sharing those views, and listening to ours.

Go kick some butt the best way you know how - you *rock* d00d!

Regards,
just axn


---
W2K/BIND-PE/ICS/CHX-I PF/KPF:
http://members.shaw.ca/b.e/bind_experiment.htm
---
�,�����,�~�,�����,�~�,��NOSPAM��,�~�,�����,�~�,�����,�
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002
0
just
7/31/2002 9:49:00 PM
notme wrote:
> Bad files won't work very well - users will likely delete the duff
> ones.

Right. That's part of the "power" of P2P networks. Every file is implicitly
peer reviewed. Good files will prosper and spread, bad files will tend to
have limited potential for re-transmission.

> Also there are avi preview programs that allow you to check
> after a few mb's are downloaded. I gather they are paying a firm in
> Korea to pump bad files into the p2p networks already. It hasn't had
> much effect.

The only way it could have a significant (statistically, I guess...) effect
would be if these groups were willing to spend enough to rival the bandwidth
and "presence" (node-wise) on the network that other so-called "legitimate"
users of the network possess. This would be pretty hard to do. I don't
recall where, or what the numbers were (or even if they were from a credible
source), but I've heard that p2p filesharing now consumes some measurable
fraction of the internet's overall bandwidth.

There are some further possibilities involving an extremely high-bandwidth
system set up as a so-called "super node" (in one of the real distributed
p2p systems) that subtly influences search results to the poisoned files.
IMO, the potential here is greater than by simply hosting bad files in a few
locations. Set up super-nodes in most major cities, with a back-channel for
updating "fake" nodes, and you might do some damage.

Also, with the advent of multi-threaded p2p (not so new anymore, I know) it
isn't even neccesary to host all of a bad file (or even host any files at
all). You just have to make sure your host shows up as having a file
matching most of the popular files (to which you have the copyright, of
course! Or not, if you really want to sabotage things), and upload random
data for the segments requested from you. This way you don't have to worry
about your file propogating as you already "have" the stuff that has
propogated well. With sufficient bandwidth spread over a significant area,
the odds of such "fake" nodes being chosen for any given download of
copyrighted material grows.

Of course, solutions to any of these strategies will eventually be developed
if they are put into play. Not that I would advocate or "condone" any such
measures.

The problems this type of thing presents for distributed computing are
interesting, from a more "technical" standpoint. I think the science of
distributed computing could potentially benefit in the long run by having
adversaries oppose its use on a technical front.

> The only thing that will reduce piracy is when a bill is passed to
> force the rights holders into sensible online deals.

An interesting view. But "free" is still "free", right?

Maybe they could just send the bill to my ISP? *grin*

Regards,
Sam
--
Welcome to Earth. A subsidiary of Microsoft�.
0
Sam
7/31/2002 9:58:00 PM
In article <ai9idd$hc$1@news.grc.com>, NT Canuck 
transmitsitlikethis:

> waves wrote:

> > It may may "perfect sense" to you, but as out here in
> > the "real world", possession is nine-tenths or so of
> > the law?  You can't just come and break my door down
> > to get back whatever I stole from you, now can you?
> > You need to go the police, then you've got to go
> > through the courts, get warrants and stuff like that.
> > So why should this people be be able to break into
> > user's computers, their personal property?  I
> > think then that we should have the same bill passed
> > out here, in the real world, if someone steals
> > something from you (even if you're not 100% certain
> > that you've got the right thief), it's ok to go and
> > knock their door down and check and wreck the place
> > while you're at it.  Fair's fair?  The only people who
> > work that way are gangsters!  Of course, then
> > everybody would be sitting inside their front doors
> > with weapons, waiting for the intruders.  It's war
> > everywhere you go.
 
> You're getting warm Waves. ;-)
 
> USA folk may get this two items that were overlooked better...
> Civil liberties
> War Measures Act

> They're not so much asking for it to be "legal" as they are asking
> the courts for "immunity" from prosecution and civil suits.

*Madness*.  Or maybe not.  I want the legal right to 
zap some website that "steals" from me, by stealing my 
privacy with their spyware/adware rubbish.  I want to 
Ddos them to smithereens, that is of course, as soon 
as I figure out how to do that, but the law would take 
a while to come into effect, I expect, so I've got 
some time to learn.  :)

 
> Also consider that "Kazaa" was negotiating with some
> entertainment industry about a royalty fee being paid in
> exchange for being allowed to continue the P2P.

Hey, isn't this some sort of a crime?  


> So...
> Did Kazaa make a deal and Morpheus didn't?
> Did Kazaa (or others) "blow" the deal and this is pressure?

Hmmmm, I'm thinking, but there are too many 
possibilities.  

 
> IMO...if they catch someone actually ripping off their company
> website for some records (smoking gun)...go ahead and toast the line...

What do you mean, "rip off their company website for 
some records"?  By "records", do you mean as in music 
records?  Wouldn't all the music they put on their 
site be there for legal downloading?  ?  What do you 
mean?  

> but if they're going after someone in any other manner..where's the
> "due process" we so admire the USA for preaching and defending?

They don't always practice what they preach.  I must 
have missed somewhere, and maybe you'd know, (with out 
sending me off to googleland) just how much �/$ does 
the music/record industry figure they are losing out  
by these p2p programs?  

 
> 'Seek and ye shall find'
> NT Canuck
0
waves
7/31/2002 10:09:00 PM
Steve Gibson wrote:
>=20
> One machine would participate on the peer-to-peer network -- as a
> "sniffer".  When it found a machine believed to be hosting a
                                                                  ^^^^^^
> copyrighted work it would pass this information to another machine
> -- or network of machines -- with instructions to "disable, interfere
> with, block, divert, or otherwise impair" the operation of that
> hosting machine.

What happened to:  "... innocent until proved guilty..."?  Was that =
thrown=20
away somewhere while my back was turned?
___
Ted
0
Ted
7/31/2002 10:18:00 PM
In article <ai93hr$2h48$1@news.grc.com>, Stefan says...
     <nothing of importance>


The good news is Steve is back.

The bad news about Steve being back is Stefan was close behind.
-- 
Phil
0
Phil
7/31/2002 10:39:00 PM
Stefan wrote:
> 
> When else is it justified?  I asked you, and you ignored me.  When is it ok
> to not be entirely unhappy that someone is getting a dose of this "vigilante
> medicine"?  Go ahead and attempt an answer.  I'd just love to hear the
> hypocrisy unfold.  When, oh when, Steve can are we allowed to think that the
> "evil" DDoS is a "good thing" (as it is in THIS case)?  Do tell.  I'm
> waiting.

Since when does "being not entirely unhappy" with something
equate to an expression that it's "a good and justified
thing"?  Doesn't "not entirely unhappy" bear a much closer
resemblence to "almost completely unhappy"?
0
Kenneth
7/31/2002 10:39:00 PM
What happens if a user gets a dynamically assigned ip address that just
happens to have got onto the RIAA's list of targets and turns out to be an
overseas address.
Most of the companies we are talking about are multinationals and not immune
from foreign laws against hacking which won't have the immunity written into
this proposed US law. Class law suits ? Imagine they DoS a government dept
by mistake.
Could the head of one of these corporations face a jail sentence for hacking
if he steps off the plane ? Maybe Hilary Rosen shouldn't plan a holiday in
Europe !
0
notme
7/31/2002 10:45:00 PM
Ted,

> What happened to:  "... innocent until proved guilty..."?
> Was that thrown away somewhere while my back was turned?

Exactly.  Someone, somewhere, made an insight reference to the lack 
of "due process" in this whole thing.  But the House Resolution 
handily skirts the whole issue of legality by merely stating that 
immunity from prosecution will be granted.

Cute, eh?

-- 
_________________________________________________________________
Steve.
0
Steve
7/31/2002 10:47:00 PM
"Steve Gibson" <support@grc.com> wrote in message:


> I don't believe that an abuse of the Internet's protocols for the
> purpose of attacking another machine is ever good. I never
> meant to say or imply otherwise

You called it a "nice dose of the vigilante 'medicine'".


> and you appear to have misunderstood my
> intent, either deliberately or not ...

Maybe you should have stated your intent a little clearer.  I take the
phrase "nice dose of the vigilante 'medicine'" to have a fairly clear
meaning as an indication of your intent.


> Does that mean that a bad attack can't have something
> of a silver lining, bad though the attack itself is?   No.   I
> believe that the lining of this RIAA attack has some silver.

And I don't.  I think it's an abuse of the technology, and a misuse of the
computers being used to generate it.  I also think it makes the people
generating this attack look like the scum of society that the RIAA wants
them to look like.  If anything, this damages the initiative to have this
bill struck down.  It's obviously pissed off all the right scum, so it must
be a good law, right?



> Unlike an attack against GRC or many of the other
> small-time enterprises that are hugely or entirely
> dependent upon being online the RIAA will doubtless
> survive unscathed.

Oh, I see.  So the fact that they don't depend on the Internet makes it less
of a big deal?  You started your statement with "Unlike an attack against
GRC...".  I'm not seeing the "unlike" part of that statement very clearly.
GRC survived it's ordeal "unscathed".  You even went as far as to say,
"these attacks were stirring up interest in my forthcoming research and it
wasn't even clear that we were going to be economically damaged in any way".


> I don't know how dependent upon their web presence
> they are, but I doubt it's a crucial component of their
> existence as the GRC site is for me.

except, you're still here...  and you've even made claims to suggest the
attacks "helped" you.  If you can justify (even slightly) the attack against
riaa because it won't hurt them, I can CLEARLY go a step further and justify
the attack on grc, because it not only didn't hurt you, it helped you.

(note:  I define "stirring up interest in my forthcoming research" to
loosely be defined as "helping"; in this instance.  If it isn't, please
correct me.)


> But, as I originally explained, there is a potentially huge
> benefit to be derived from the powerful demonstration
> of the ability of the Internet's hackers to hold the RIAA
> offline for as long as they wish.

wicked thought the same about his ability to hold grc.com off the net.  That
doesn't make it so.

If I draw any (even slight) parallel between grc.com and riaa.org, you may
just begin to see that this isn't a "good" thing; in ANY way.  No good
whatsoever will come of it.  It does more towards getting the bill passed
then it does to stop it.  The people who care about issue, already know, so
they don't need to see this "perfect example".  The people who don't care,
aren't paying attention, and most won't notice that riaa.org is even gone.


> If you can't understand how this attack could have
> incredibly powerful and important collateral benefits
> for the Internet, then I certainly understand why nothing
> in my original note would have made any sense to you.

If you can't understand how this attack could do incredibly powerful damage,
then I certainly understand why you refer to my critisism as "ranting".
With every passing day, this attack paints a clearer and clearer picture of
the people who will be affected if this bill is passed.  It groups everyone
defending P2P software in with the people doing these attacks.  It makes the
people in congress start to think that we need a law to stop these people.
Well...  they just happen to have a bill all ready to go.


> (Though your penchant for attacking me personally
> seems more to be something you do for your own
> self aggrandizement.)

yea yea...  You seem to have fun with me too.  Saying directly that I "don't
understand...", "can't figure out...", or "don't have an idea of...", and
now I'm "ranting". okeedookee then.


> Perhaps because of our difference in experience, or perhaps
> because you really don't have any idea who I am, you
> misunderstand me at every turn.

In this case, I see you (again and again) trying to justify and/or point out
all the good things that may come from this DDoS against riaa.org.  you go
as far as to suggest it doesn't matter as much because they don't DEPEND on
their internet presence, etc, etc...

Some schmuck showed up here a while ago suggesting it would be good if
everyone would participate in a DDoS against this company (I don't recall
the name) in the UK that does product testing on animals.  They got shot
down from 75 different directions, and at no point did I feel inclined to
butt in and suggest that since it was for a moral cause....  or since that
company doesn't NEED their internet presence.... heck, why not....  go ahead
and DDoS them....  Maybe it will send a good message, or have a silver
lining...  etc, etc, etc.  no.  no.  no.  no.  no.  It accomplishes nothing
worth having.

If the Yahoo and eBay DDoSes didn't send a clear enough message, this sure
as hell won't either.


> When I mention that I have been invited to speak to the
> DOJ in Washington it's not from a need to puff myself up,
> but rather to clearly demonstrate that some of the people
> present DO UNDERSTAND the inherent importance of
> the information I am conveying.

Steve...  you flip-flop.  you start by saying, "I believe that the industry,
the government, law enforcement, and the public are utterly clueless".  Now,
after a complete 180, you use your example of how you spoke to the "Los
Angeles Federal Courthouse, speaking to all of Southern California's
cybercrime law enforcement agents from the FBI, CIA, Secret Service, and
other less well known agencies" to show us (and I quote), "that some of the
people present DO UNDERSTAND the inherent importance of the information".
So they're not "utterly clueless", after all?


> I just made a little posting of opinion to my newsgroup
> server.  You appear to take it quite personally.

Not at all.  If I come across like that, it's only because I'm arrogant....
not taking it personally.


> > 1. the notion that nobody else alive is smart enough to
> > understand the consequences.
>
> I never said anything like that Stefan.

You said exactly that...

"I believe that the industry, the government, law enforcement, and the
public are utterly clueless".

Did you mean something else?  You accuse me of clearly not understanding
what you're saying, but I'm only looking at exactly what you wrote.  How
would you like me to interperate that?  Does "utterly clueless" have a
meaning that I'm not completely aware of?


> I have developed a clear sense for the fact that
> most people lack any appreciation for the reality
> of the vulnerability the Internet faces.

I wouldn't say I don't like you, but if I've ever thought anything negative
about you, it stems from this one point.  the fact that you honestly do
believe the the Internet faces some great vulberability.  Like, at any
moment, BANG!!!  And it's all gone.  No more Internet.  No more e-mail or
online shopping...  All ancient history.  It's like anything.  there's OF
COURSE snags and problems galore, but on the whole, the Internet isn't
standing in the face of any major crisis.  It's just ducky, and it's going
to stay that way.  First WindowsXP was going to destroy it, then it was the
destruction of the root servers that woulf hamper the DNS system.  Now its
this increased motive for DDoSes that will surely blow us all away...  what
next?  "the reality of the vulnerability the Internet faces" is that the
Internet is doing just fine.


> I know that you understand it clearly, Stefan, but
> you are not everyone else, and not everyone else
> understands.

Understands what?  That at any moment the Internet will fizzle up and burn
out?  Yea, there's problems, and passing this bill into law would be a HUGE
disaster, but it ain't going to happen.  The ISPs won't let it.  The public
won't let it.  congress sure as hell won't let it.


> And nowhere have I ever implied that people were
> not "smart enough"  to understand.  That's your own
> peculiar spin Stefan.  I just said that all of the evidence
> I have been in a position to collect demonstrates that
> they don't.

If you back-peddle any harder, you're going to snap your bicycle in half.
you said that the industry, the government, law enforcement, and the public
are "utterly clueless".  If my exchanging "not smart" in for "utterly
clueless" is what you call "spin", then you have mastered the art of "spin",
Steve.  those were YOUR words, not mine.



> Yes, as I have stated, I believe that the RIAA attack has the
> potential for creating some very beneficial collateral benefits.

I disagree.  Why:

1) the DDoS on eBay and Yahoo (as long ago as they were), are large enough
of an example as will EVER be needed to explain the harm done by DDoS
attacks.

2) It's only a "benefit" until someone targets a site you like, as opposed
to riaa.org -- That's hypocrisy.

3) It paints the people opposing the new bill as being outright immoral,
because it draws a connection between the attackers, and those who oppose
this bill.  This does far more harm than good.


> The more I read of your ranting about this, Stefan, the less it
> seems that you read or understood what I wrote.

ditto, Steve.   ditto.

-Stefan.
0
Stefan
7/31/2002 11:02:00 PM
Barry wrote:
> 
> I'd like to start a branch of this thread that focuses on the bill itself.
> 
> First of all, if you read the text of the bill, it indicates that a
> copyright holder would not be permitted to delete files other than those
> files whose contents are covered under that person's copyright.  Not sure
> that was clear in the first place.
> 

Well, that's a big problem right there.  How is the
copyright holder to know that the contents of a file are
copyrighted?
0
Kenneth
7/31/2002 11:13:00 PM
How about the situation where you've written a review of say a movie and
included clips of the film as allowed by the fair use provisions of the
copyright law. What you've done is legal but in all probability it would
draw an attack.  There is no standard in the safe harbor provisions for the
standards to determine if you have violated the copyright.  If they think
you have then you are guilty and they can attack you anyway they want within
the law.


"Kenneth Doyle" <nobody@spamcop.net> wrote in message
news:3D486F07.E1713C10@spamcop.net...
> Barry wrote:
> >
> > I'd like to start a branch of this thread that focuses on the bill
itself.
> >
> > First of all, if you read the text of the bill, it indicates that a
> > copyright holder would not be permitted to delete files other than those
> > files whose contents are covered under that person's copyright.  Not
sure
> > that was clear in the first place.
> >
>
> Well, that's a big problem right there.  How is the
> copyright holder to know that the contents of a file are
> copyrighted?
0
Rick
7/31/2002 11:19:00 PM
"Steve Gibson" <support@grc.com> wrote in message
news:MPG.17b208e8f4d3610c98a7bd@207.71.92.194...
| Ted,
|
| > What happened to:  "... innocent until proved guilty..."?
| > Was that thrown away somewhere while my back was turned?
|
| Exactly.  Someone, somewhere, made an insight reference to the lack
| of "due process" in this whole thing.  But the House Resolution
| handily skirts the whole issue of legality by merely stating that
| immunity from prosecution will be granted.
|
| Cute, eh?
|
| --
| _________________________________________________________________
| Steve.

Sounds to me like it might be unconstitutional based on lack of due process.
Perhaps the Supreme Court might overturn it if it is passed.  But if I can see
its unconstitutionality,  why would the legislature pass it and what does that
say about them?

Dave
0
Dave
7/31/2002 11:23:00 PM
In article <ai9qa6$9p4$1@news.grc.com>, Stefan said...
> "Steve Gibson" <support@grc.com> wrote in message:
> 
> > I don't believe that an abuse of the Internet's protocols for the
> > purpose of attacking another machine is ever good. I never
> > meant to say or imply otherwise
> 
> You called it a "nice dose of the vigilante 'medicine'".

He said ...

	"All things considered, I can't say that I am entirely unhappy 
	that the RIAA is getting a nice dose of the vigilante "medicine" 
	it is asking for our government's license to pursue for itself.  
	WHAT are they thinking?"

The context is clearly disapproving of vigilantism, and 'nice' is 
clearly sardonic. If I say that am not entirely unhappy that a 
proponent of unsafe sex has got 'a nice dose of the clap', would you 
imagine I approved of the clap? That I think it's nice?

As always, you concentrate on single words and fail, or choose not, to 
understand their context.

> > and you appear to have misunderstood my
> > intent, either deliberately or not ...
> 
> Maybe you should have stated your intent a little clearer.  I take the
> phrase "nice dose of the vigilante 'medicine'" to have a fairly clear
> meaning as an indication of your intent. [...]

Deja vu. You know you have poor comprehension, because you trip 
yourself up *so* often - why not make it a working assumption that you 
may be wrong?

> > > 1. the notion that nobody else alive is smart enough to
> > > understand the consequences.
> >
> > I never said anything like that Stefan.
> 
> You said exactly that...
> 
> "I believe that the industry, the government, law enforcement, and the
> public are utterly clueless".
> 
> Did you mean something else?  You accuse me of clearly not understanding
> what you're saying, but I'm only looking at exactly what you wrote.  How
> would you like me to interperate that?  Does "utterly clueless" have a
> meaning that I'm not completely aware of?

Apparently so. 

'Not smart' and 'clueless' are not synonyms, nor anywhere near. 

'Smart' is about intelligence. 'Clueless' is about knowledge. 

I am clueless about Assembly programming. You are clueless about civil 
discourse. Neither says anything about how smart we are, nor our 
capability to learn. Only about our state of knowledge.

Look ...

	http://www.dictionary.com/cgi-bin/dict.pl?db=*&term=clueless
	clueless
	adj. 
	Lacking understanding or knowledge.


	http://www.dictionary.com/cgi-bin/dict.pl?db=*&term=smart
	smart
	adj.
	Characterized by sharp quick thought; bright. See Synonyms at 
	intelligent. [...]


You were clueless about these meanings. Are you smart enough to learn? 

Do you have the grace to admit your error (though that is another topic 
entirely)? 

> > I have developed a clear sense for the fact that
> > most people lack any appreciation for the reality
> > of the vulnerability the Internet faces.
> 
> I wouldn't say I don't like you, but if I've ever thought anything negative
> about you, it stems from this one point.  the fact that you honestly do
> believe the the Internet faces some great vulberability.  Like, at any
> moment, BANG!!!  And it's all gone.  No more Internet.  No more e-mail or
> online shopping...  All ancient history. [...]

Same tired old gambit. Substituting wild extrapolation and exaggeration 
for what was actually said, then shooting those down as if they were 
the original claim. Utterly pointless.

> > And nowhere have I ever implied that people were
> > not "smart enough"  to understand.  That's your own
> > peculiar spin Stefan.  I just said that all of the evidence
> > I have been in a position to collect demonstrates that
> > they don't.
> 
> If you back-peddle any harder, you're going to snap your bicycle in half.
> you said that the industry, the government, law enforcement, and the public
> are "utterly clueless".  If my exchanging "not smart" in for "utterly
> clueless" is what you call "spin", then you have mastered the art of "spin",
> Steve.  those were YOUR words, not mine.

Are you suitably embarrassed now? Somehow I doubt it ...

-- 
Milly
0
Milly
7/31/2002 11:46:00 PM
> What happens if a user gets a dynamically assigned ip address
> that just happens to have got onto the RIAA's list of targets
> and turns out to be an overseas address.
> 
> Most of the companies we are talking about are multinationals
> and not immune from foreign laws against hacking which won't
> have the immunity written into this proposed US law. Class law
> suits ? Imagine they DoS a government dept by mistake.
> 
> Could the head of one of these corporations face a jail sentence
> for hacking if he steps off the plane ? Maybe Hilary Rosen
> shouldn't plan a holiday in Europe !

Right.  The whole thing seems really ill conceived and half-baked.

-- 
_________________________________________________________________
Steve.
0
Steve
7/31/2002 11:49:00 PM
> Well, that's a big problem right there.  How is the
> copyright holder to know that the contents of a file
> are copyrighted?

Good one.  You're right of course.

-- 
_________________________________________________________________
Steve.
0
Steve
7/31/2002 11:49:00 PM
"Phil Youngblood" <phil587@my_un_realbox.com> wrote in message
news:ai9ouo$6eg$1@news.grc.com...
> In article <ai93hr$2h48$1@news.grc.com>, Stefan says...
>      <nothing of importance>
>
>
> The good news is Steve is back.
>
> The bad news about Steve being back is Stefan was close behind.


Hi Phil ,
This NG is akin to a 'perpetual party' that mostly meanders along.......but
is interspersed with regular bouts of hi-voltage activity..............
It is justification for the many hundreds of Lurkers sitting astride -
waiting for confirmation that it is happening here and
now....................
The  'piece de resistance' is the inimitable Stefan ........somehow bearding
Steve Gibson in his Den (GRC Com) and not being  'smitten' for his
impudence.
The scenario is now old.........but never stale.........and I enjoy Stefans'
arguments ( some show evidence of intellectual delectation ) and frown a
little at his tendency to personally attack our
Host............................but then...............that leaves Gibson
wonderful opportunity to array appropriate refutation and
explanation...................and if none was called for..........then to
blow Stefan off the water ( and all the other breath-holding voyeurs) with a
resigned air (and implicit grin )............" Welcome back ,
Stefan".............
Ahhhh.........the stuff of electronic life !!!!...............'member Tron
??
Regards.................................Caligula

 "" Oderint dum metuant ""
0
Caligula
7/31/2002 11:49:00 PM
> > > First of all, if you read the text of the bill, it indicates that a
> > > copyright holder would not be permitted to delete files other than those
> > > files whose contents are covered under that person's copyright.  Not
> sure
> > > that was clear in the first place.
> > >
> >
> > Well, that's a big problem right there.  How is the
> > copyright holder to know that the contents of a file are
> > copyrighted?

Rick wrote:
> 
> How about the situation where you've written a review of say a movie and
> included clips of the film as allowed by the fair use provisions of the
> copyright law. What you've done is legal but in all probability it would
> draw an attack.

OK, that's an example of how suspicion might be kindled in
the first place.  My question relates to what happens next. 
Even though the copyright holder is allowed to delete only
the files that contain their copyrighted material, how are
they going to know what files to delete (if any)?  The
provision that one can delete one's own material from
someone else's machine, implies that the contents of the
files on someone else's machine are known either to violate
or not to violate the copyright; but exactly how does that
situation (knowledge of violation) come about?  I have
published music in the past, and I retain the copyright. 
Does that give me the right to go foraging through your
hard-drive because you mentioned the name of my band on
Usenet (as unlikely as that might be)?

>  There is no standard in the safe harbor provisions for the
> standards to determine if you have violated the copyright.  If they think
> you have then you are guilty and they can attack you anyway they want within
> the law.
> 
Hmmm, I don't think it's really as simple as that.
0
Kenneth
8/1/2002 12:08:00 AM
"Stefan" stipulates:
<big snip>
Whoa! I seem to have lost "track" of your *point* Stefan. (The "big snipper"
just clipped it to oblivion there!) So how can one possibly agree with *it*?
<g> You are leading me down a path of repetition, <here we go> over, and
over, and over, and over, and over, and
over, and over, and over, and over, and over, and over, and over,
and well... you're beginning to sound like a, umm, er, broken <product of
the RIAA>. LOL!

So far I have deduced ( to determine by deduction) that:
1) You are in "flames" here
2) You know how to use a dictionary
3) You are in "flames" here
4) You know how to use a dictionary
5) You are in "flames" here

Can you add "glutton" to "arrogant"?
(glutton: one that has a great capacity for accepting or enduring something
<a glutton for punishment>) <g>

What's up with that anyways? You're embarrassing yourself dude!

Ouch!
just axn


---
W2K/BIND-PE/ICS/CHX-I PF/KPF:
http://members.shaw.ca/b.e/bind_experiment.htm
---
�,�����,�~�,�����,�~�,��NOSPAM��,�~�,�����,�~�,�����,�
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002
0
just
8/1/2002 12:22:00 AM
waves wrote:

>> They're not so much asking for it to be "legal" as they are asking
>> the courts for "immunity" from prosecution and civil suits.
>
> *Madness*.  Or maybe not.  I want the legal right to
> zap some website that "steals" from me, by stealing my
> privacy with their spyware/adware rubbish.  I want to
> Ddos them to smithereens, that is of course, as soon
> as I figure out how to do that, but the law would take
> a while to come into effect, I expect, so I've got
> some time to learn.  :)

Well..the timing is not within normally accepted boundaries.
If you catch a puppy chewing a slipper and scold it right
away...the puppy may learn, or you move the slippers.
One thing you don't do...is scold it 15 weeks after the event,
that would only confuse the puppy and yourself.

>> Also consider that "Kazaa" was negotiating with some
>> entertainment industry about a royalty fee being paid in
>> exchange for being allowed to continue the P2P.
>
> Hey, isn't this some sort of a crime?

Heh, and irony is Kazaa trying to sue Kazaa-lite for
distributing an adfree copy of Kazaa without compensation.

>> So...
>> Did Kazaa make a deal and Morpheus didn't?
>> Did Kazaa (or others) "blow" the deal and this is pressure?
>
> Hmmmm, I'm thinking, but there are too many
> possibilities.

Yes, a lot to take in at one time...that's how things sneak past
people in the legal arena, by the time you figure it out it's over.

>> IMO...if they catch someone actually ripping off their company
>> website for some records (smoking gun)...go ahead and toast the
>> line...
>
> What do you mean, "rip off their company website for
> some records"?  By "records", do you mean as in music
> records?  Wouldn't all the music they put on their
> site be there for legal downloading?  ?  What do you
> mean?

Most companies in that venue allow downloading music if
you have an account (credit card, paypal etc.) but one could
"swipe" the files or create a phony acount and download them
without paying for the merchandise...if caught "during" that
illegal transmission...(like shoplifting)...then take some action
but that normally ruins the plaintiff's chances to sue or charge
the person or entity attempting the illegal file transfer.

>> but if they're going after someone in any other manner..where's the
>> "due process" we so admire the USA for preaching and defending?
>
> They don't always practice what they preach.  I must
> have missed somewhere, and maybe you'd know, (with out
> sending me off to googleland) just how much �/$ does
> the music/record industry figure they are losing out
> by these p2p programs?

IMO, nothing.  My experience is that those folk don't buy most
of those goods anyway, they copy and swap between themselves
or record off a radio/tv/vcr or just don't bother with them.  Sort
of a switch from warez sites to p2p, just that with p2p you get
a tally on each screen showing total online connections and file
transfers.  They could swap/trade via ftp, internet chat, msn
messenger or aol clients...so nothings going to stop this activity.
The only time the RIAA actually loses money (IMO) is if the
music is "bootlegged" which means copied disks or fake retail
copies are actually "sold" for money...those could have been sales.
Keep in mind...just my personal opinion here..not "definitive".

'Seek and ye shall find'
NT Canuck
0
NT
8/1/2002 12:28:00 AM
Just have your newsreader ignore any message with " Stefan " in it.  Easiest
way.

Regards,

Jim Langston

"Kerry Liles" <kerry.liles@softwareNOSPAMspectrum.com> wrote in message
news:ai9fm4$2uvh$1@news.grc.com...
> NOW I remember why I unsubscribed to this entire newsgroup...
>
> Bye.
>
>
0
Jim
8/1/2002 12:29:00 AM
Stefan wrote:
> "Steve Gibson" <support@grc.com> wrote in message:
>
>
>> I don't believe that an abuse of the Internet's protocols for the
>> purpose of attacking another machine is ever good. I never
>> meant to say or imply otherwise
>
> You called it a "nice dose of the vigilante 'medicine'".

But again, taken out of context. It's a nice dose of the vigilante medicine
the RIAA wishes to be wielding.

>> and you appear to have misunderstood my
>> intent, either deliberately or not ...
>
> Maybe you should have stated your intent a little clearer.  I take the
> phrase "nice dose of the vigilante 'medicine'" to have a fairly clear
> meaning as an indication of your intent.

Again taken out of context. It is only "nice" in that it is what the RIAA
wishes the US government to sanction them to be doing.

>> Does that mean that a bad attack can't have something
>> of a silver lining, bad though the attack itself is?   No.   I
>> believe that the lining of this RIAA attack has some silver.
>
> And I don't.

You are completely oblivious to the irony? The sheer hilarity of it?

> I think it's an abuse of the technology, and a misuse
> of the computers being used to generate it.

I agree here. I think Steve does too. He thought the same about the attacks
on grc.com (abuse of technology, etc).

But such things can have silver linings anyways (and still be bad things,
and abuses of technology, and all those other things).

In this case (RIAA's DDoS) the silver lining to us bystanders is watching
them hoisted by their own petards, so to speak. In Steve's case, he made a
silver lining of it for himself and others, by publishing what is probably
one of the more widely read articles on DDoS attacks in general.

> I also think it makes
> the people generating this attack look like the scum of society that
> the RIAA wants them to look like.  If anything, this damages the
> initiative to have this bill struck down.  It's obviously pissed off
> all the right scum, so it must be a good law, right?

Who's scare-mongering now?

Don't DDoS or they'll take your mp3's away? Riight.

DDoS's now sway political process? Goodness. And a moment ago you were going
on about how NOTHING Steve could say could ever do so.

I know, I want an act to pass, so I'll act like a buffoon and pretend to be
opposed to it! Does that even work?

>> Unlike an attack against GRC or many of the other
>> small-time enterprises that are hugely or entirely
>> dependent upon being online the RIAA will doubtless
>> survive unscathed.
>
> Oh, I see.  So the fact that they don't depend on the Internet makes
> it less of a big deal?  You started your statement with "Unlike an
> attack against GRC...".  I'm not seeing the "unlike" part of that
> statement very clearly.

Did you read it? "Unlike ... many of the ... enterprises that are hugely or
entirely dependent upon being online". Obviously he is stating that the RIAA
is not dependent on it's online presence. Care to debate it?

> GRC survived it's ordeal "unscathed".  You
> even went as far as to say, "these attacks were stirring up interest
> in my forthcoming research and it wasn't even clear that we were
> going to be economically damaged in any way".

The silver lining Steve later made from the DDoS attacks against him is
pretty much irrelevant to the initial attack, and the amount of damage that
_could_ have been done to grc.com had it been flawlessly executed and
maintained for a significant period.

>> I don't know how dependent upon their web presence
>> they are, but I doubt it's a crucial component of their
>> existence as the GRC site is for me.
>
> except, you're still here...  and you've even made claims to suggest
> the attacks "helped" you.  If you can justify (even slightly) the
> attack against riaa because it won't hurt them, I can CLEARLY go a
> step further and justify the attack on grc, because it not only
> didn't hurt you, it helped you.

*lol* This is like saying it would be ok to stab me because I could then sue
you and make lots of money. The benefit one acquires because of a crime
commited against you does not excuse the crime. The same in this case.

I still boggle that you insist that Steve "can justify (even slightly)" the
DDoS. If you say it a few more times, maybe we'll believe you.

> (note:  I define "stirring up interest in my forthcoming research" to
> loosely be defined as "helping"; in this instance.  If it isn't,
> please correct me.)

Hey, I agree. Steve made out pretty well. So what?

>> But, as I originally explained, there is a potentially huge
>> benefit to be derived from the powerful demonstration
>> of the ability of the Internet's hackers to hold the RIAA
>> offline for as long as they wish.
>
> wicked thought the same about his ability to hold grc.com off the
> net.  That doesn't make it so.
>
> If I draw any (even slight) parallel between grc.com and riaa.org,
> you may just begin to see that this isn't a "good" thing; in ANY way.
> No good whatsoever will come of it.

I agree. But this reflects in no way on third parties being able to sit back
and admire the irony.

> It does more towards getting the
> bill passed then it does to stop it.

Heh, this again?

It may make the RIAA more motivated, but I doubt it'll ever be a PR win for
them (who wants to announce an arguably grassroots movement opposing
everything you stand for?).

I can just imagine RIAA executives sitting up and going "wow, DDoS's really
ARE powerful, lets throw more money at that pet project". *shrug*

> The people who care about
> issue, already know, so they don't need to see this "perfect
> example".  The people who don't care, aren't paying attention, and
> most won't notice that riaa.org is even gone.

Ah, so those who care already know, and anyone else won't ever know. And
from that you conclude that the DDoS will damage the "cause" of preventing
this act from passing? The logic lost me again.

>> If you can't understand how this attack could have
>> incredibly powerful and important collateral benefits
>> for the Internet, then I certainly understand why nothing
>> in my original note would have made any sense to you.
>
> If you can't understand how this attack could do incredibly powerful
> damage,

To whom? The RIAA? Sure, yep. It will and has damaged them (some dollar
value, I'm sure -- and probably as much if not more than the lifetime income
of some small companies that might be "broken" by a similar ddos). The
"cause" opposing the RIAA? I think "incredibly powerful damage" is a massive
overstatement of the potential backlash from this.

> then I certainly understand why you refer to my critisism as
> "ranting". With every passing day, this attack paints a clearer and
> clearer picture of the people who will be affected if this bill is
> passed.  It groups everyone defending P2P software in with the people
> doing these attacks.

Really? How so?

> It makes the people in congress start to think
> that we need a law to stop these people. Well...  they just happen to
> have a bill all ready to go.

Heh.

>> (Though your penchant for attacking me personally
>> seems more to be something you do for your own
>> self aggrandizement.)
>
> yea yea...  You seem to have fun with me too.  Saying directly that I
> "don't understand...", "can't figure out...", or "don't have an idea
> of...", and now I'm "ranting". okeedookee then.
>
>
>> Perhaps because of our difference in experience, or perhaps
>> because you really don't have any idea who I am, you
>> misunderstand me at every turn.
>
> In this case, I see you (again and again) trying to justify and/or
> point out all the good things that may come from this DDoS against
> riaa.org.  you go as far as to suggest it doesn't matter as much
> because they don't DEPEND on their internet presence, etc, etc...

I would speculate that the dollar figure on the damage in this case would
probably be enough to destroy a sufficiently smaller company (heh, a safe
speculation if ever there was one!). But I don't think "is it bad enough to
destroy the company" sways how bad (morally?) something is. In the form of a
victim impact statement, however, a dollar value is of a much milder impact
than a statement of bankrupcy.

> Some schmuck showed up here a while ago suggesting it would be good if
> everyone would participate in a DDoS against this company (I don't
> recall the name) in the UK that does product testing on animals.
> They got shot down from 75 different directions, and at no point did
> I feel inclined to butt in and suggest that since it was for a moral
> cause....  or since that company doesn't NEED their internet
> presence.... heck, why not....  go ahead and DDoS them....  Maybe it
> will send a good message, or have a silver lining...  etc, etc, etc.
> no.  no.  no.  no.  no.  It accomplishes nothing worth having.

Right. But I would chuckle at the irony if, lets say, those folks were
subjected to the experiments they are performing on the animals.

[...]
>> When I mention that I have been invited to speak to the
>> DOJ in Washington it's not from a need to puff myself up,
>> but rather to clearly demonstrate that some of the people
>> present DO UNDERSTAND the inherent importance of
>> the information I am conveying.
>
> Steve...  you flip-flop.  you start by saying, "I believe that the
> industry, the government, law enforcement, and the public are utterly
> clueless".  Now, after a complete 180, you use your example of how
> you spoke to the "Los Angeles Federal Courthouse, speaking to all of
> Southern California's cybercrime law enforcement agents from the FBI,
> CIA, Secret Service, and other less well known agencies" to show us
> (and I quote), "that some of the people present DO UNDERSTAND the
> inherent importance of the information". So they're not "utterly
> clueless", after all?

Some of them aren't utterly clueless. It looked pretty clear to me. The
original statement about the industry, etc, can still hold true by and large
though.

But are they management? *grin*

>> I just made a little posting of opinion to my newsgroup
>> server.  You appear to take it quite personally.
>
> Not at all.  If I come across like that, it's only because I'm
> arrogant.... not taking it personally.
>
>
>>> 1. the notion that nobody else alive is smart enough to
>>> understand the consequences.
>>
>> I never said anything like that Stefan.
>
> You said exactly that...
>
> "I believe that the industry, the government, law enforcement, and the
> public are utterly clueless".

Which has nothing else to do with "nobody else alive" nor with "smart enough
to understand".

> Did you mean something else?  You accuse me of clearly not
> understanding what you're saying, but I'm only looking at exactly
> what you wrote.  How would you like me to interperate that?  Does
> "utterly clueless" have a meaning that I'm not completely aware of?

Utterly clueless probably means "has no clue". It doesn't strictly imply
anything about intelligence. I think we've been here before though.

>> I have developed a clear sense for the fact that
>> most people lack any appreciation for the reality
>> of the vulnerability the Internet faces.
>
> I wouldn't say I don't like you, but if I've ever thought anything
> negative about you, it stems from this one point.  the fact that you
> honestly do believe the the Internet faces some great vulberability.
> Like, at any moment, BANG!!!  And it's all gone.  No more Internet.
> No more e-mail or online shopping...  All ancient history.  It's like
> anything.  there's OF COURSE snags and problems galore, but on the
> whole, the Internet isn't standing in the face of any major crisis.

And it stems from a misunderstanding I'm sure.

I am 100% sure that Steve is WELL aware that "the Internet is globally
stable robust" but this is NOT contradictory to the fact that "it is locally
unstable and unreliable".

Read it yourself (this thread):
MPG.17b1aae0ac99072f98a7b4@207.71.92.194

> It's just ducky, and it's going to stay that way.

Globally, yes. But keep your head in the sand about how it is "locally
unstable and runreliable"? It probably pays to be aware.

>  First WindowsXP
> was going to destroy it, then it was the destruction of the root
> servers that woulf hamper the DNS system.  Now its this increased
> motive for DDoSes that will surely blow us all away...  what next?

Talk about blowing it out of proportion. I don't think I've seen anyone
claim the internet as a whole (globally, remember?) would be impacted by
much of anything since code red. But just about anything can "damage" the
internet locally. My cat did it when it knocked the phone off the hook,
killing my dialup. Woops.

> "the reality of the vulnerability the Internet faces" is that the
> Internet is doing just fine.

Globally. But locally "the internet" (meaning that small part of it..)
remains quite vulnerable. If you think this isn't true I'm not sure what to
say.

[...]
>> And nowhere have I ever implied that people were
>> not "smart enough"  to understand.  That's your own
>> peculiar spin Stefan.  I just said that all of the evidence
>> I have been in a position to collect demonstrates that
>> they don't.
>
> If you back-peddle any harder, you're going to snap your bicycle in
> half. you said that the industry, the government, law enforcement,
> and the public are "utterly clueless".  If my exchanging "not smart"
> in for "utterly clueless" is what you call "spin", then you have
> mastered the art of "spin", Steve.  those were YOUR words, not mine.

It's your spin though Stefan. Cluelessness only implies lack of intelligence
in your world, as you have made amply clear in the past.

>> Yes, as I have stated, I believe that the RIAA attack has the
>> potential for creating some very beneficial collateral benefits.
>
> I disagree.  Why:
>
> 1) the DDoS on eBay and Yahoo (as long ago as they were), are large
> enough of an example as will EVER be needed to explain the harm done
> by DDoS attacks.

It wouldn't do for professionals to become complacent. But I agree, those
"old" attacks are ample evidence.

> 2) It's only a "benefit" until someone targets a site you like, as
> opposed to riaa.org -- That's hypocrisy.

I'm pretty sure Steve sought out this same benefit in the attack against his
site. It demonstrated to him, and others, how darned hard it is to keep a
site up if someone wants it down.

> 3) It paints the people opposing the new bill as being outright
> immoral, because it draws a connection between the attackers, and
> those who oppose this bill.  This does far more harm than good.

I guess we'll have to wait and see on this one.

Regards,
Sam
--
Welcome to Earth. A subsidiary of Microsoft�.
0
Sam
8/1/2002 12:33:00 AM
"Stefan" <no.sp@m.com> wrote in message news:ai9dvq$2suk$1@news.grc.com...
> "Sam Schinke" <sschinke@myrealbox.com> wrote in message:
>
> 1. When is a DDoS "evil", and when is it "vigilante medicine" being used
in
> a good way?

DDoS would be evil the same way a handgun would be evil (I am actually pro
gun and NRA, just using as an example) in that it is only created to kill
(machines or people or bandwidth).

The constitution of the U.S. (doesn't matter if you're a US citizen or not,
this is just a point) gives people the right to bear arms to protect
themselves from the government if it becomes corrupt.  So, if the government
of the US became corrupt and I used my gun to help stop them, that would be
an "evil" thing being used in a "good way".  DDoS is a tool, personally I
don't consider it, or hand guns, evil, although some people do.  They are
tools.

> 2. Who gets to decide when it's good or bad?

I guess the Constitution of the US gives the citizens of the US the right to
decide if the US Government has become corrupt.  So, umm, we do?

Regards,

Jim Langston
0
Jim
8/1/2002 12:34:00 AM
Jim Langston wrote:

> DDoS is a tool, personally I don't consider it, or hand guns, evil,
> although some people do.  They are tools.

Hi Jim,

DDOS is not a tool, it is an effect...like a "siege".
Under "siege" nothing gets in or out of the targeted area.

One of the problems with DDOS is that the "siege effect"
is not easily controllable on the target and may include any
or all other computers and websites neighboring the target.

Add to that the fact it is usually an anonymous attack
(like a sniper) .. kind of a hit and run or hit and hide thing.

It gets even worse when innocent machine are "hijacked"
into participating as the senders of the attack...very dirty
business and totally without honor of any kind.

'Seek and ye shall find'
NT Canuck
0
NT
8/1/2002 12:48:00 AM
"waves" <me@one.ok!> wrote in message
news:MPG.17b2579fe89d4dda989c32@207.71.92.194...
>   You can't just come and break my door down
> to get back whatever I stole from you, now can you?

You're darn tootin that if you stole something from me that was in your
house I would bust down your door and take it back.

And you would probably call the police and have me thrown in jail for
breaking and entering, but you wouldn't get the thing you stole back, and
you would wind up going to jail for stealing in the first place.

Now, if I call the police instead, and say, "see that fancy thing there in
the window?  That's mine, they stole it from me." The police could come into
your house and take it back.  No warrent needed as long as I could
substantionally prove to the police that it was in fact mine.

> You need to go the police, then you've got to go
> through the courts, get warrants and stuff like that.

Believe it or not, police do not always need a warrant.

> So why should this people be be able to break into
> user's computers, their personal property?

Break into my computer?  No.  Just as if I broke into your house I would go
to jail (although I would still have my thing back).

> I think then that we should have the same bill passed
> out here, in the real world, if someone steals
> something from you (even if you're not 100% certain
> that you've got the right thief), it's ok to go and
> knock their door down and check and wreck the place
> while you're at it.

You steal something from me and I break into your house and take it back,
when you call the police in most cases I wouldn't be the one going to jail.
Legally, I should, but in practicallity, I wouldn't.

> Fair's fair?  The only people who
> work that way are gangsters!  Of course, then
> everybody would be sitting inside their front doors
> with weapons, waiting for the intruders.  It's war
> everywhere you go.

During the LA riots do you think I was waiting for the police to protect my
house, or do you think I had weapons protecting my house?  Nuff said.

> Most of the software's unistaller's are not very good.
> They can sometimes mess up an otherwise good machine.
> What kind of a guarantee could we get that when this
> hacking of a user's computer is undertaken, to remove
> whatever it is the RIAA insists is theirs, is done so
> in such a way as to leave the user's comp is no worse
> a state than it was prior to the removal of whatever
> by the *owners* of some software?

Now we are on a different point.  If I *think* you stole something but
wasn't sure, if I broke into your house and it wasn't there, I would go to
jail for sure.  If it's not in "plain site".

Now, if I was the RIAA in this, I would simply set up a p2p website and
snatched the info from the people who downloaded from it.  Let the courts
fight about entrapment.

> This idea of "legally hacking" into someone's computer
> to remove something because it is deemed stolen
> property is really a reasonable thing to suggest from
> a legal point of view.  It's one of those things
> though that works good in theory, but not in practice.

Agreed.

> I should think that all these industries who are
> claiming that people are stealing their software
> should just accept that this is the way it will always
> be.  Out there in the "real world", it's accepted that
> a certain proportion of your stock is going to be
> stolen from the general public, or your very own
> employees.  And this happens, no matter how many
> cameras, and how many security tags and security
> guards they put on.  The businesses just accept it and
> get on with it.  Like the RIAA and any other
> interested parties should do.

Bull.  It is not accepted at any company I've worked for.  When people were
caught they were prosecuted.

Now, in all this, I in no way agree with this bill that RIAA is supporting.
Just playing the devil's advocate.

Also, I don't download .mp3's nor do I have a single piece of
unlicensed/paid for software on my computers.

Regards,

Jim Langston
0
Jim
8/1/2002 12:51:00 AM
In article <ai9vb3$etc$1@news.grc.com>, NT Canuck 
transmitsitlikethis:

> waves wrote:

> The only time the RIAA actually loses money (IMO) is if the
> music is "bootlegged" 

Good point and I think you're right. 

> which means copied disks or fake retail
> copies are actually "sold" for money...those could have been sales.
> Keep in mind...just my personal opinion here..not "definitive".

Yeah, but pssst, NT, have you ever had a look at those 
types that do that sort of thing?  Scaree.  I've 
decided to leave them alone.  I think BullMoose once 
said something about letting the craziest guy on the 
bus have the empty seat or not to sit next to him, or 
somethin' like that.  :)  

> 
> 'Seek and ye shall find'
> NT Canuck
0
waves
8/1/2002 1:01:00 AM
In article <ai9t1f$cjj$1@news.grc.com>, Caligula says...
>
>"Phil Youngblood" <phil587@my_un_realbox.com> wrote in message
>news:ai9ouo$6eg$1@news.grc.com...
>> In article <ai93hr$2h48$1@news.grc.com>, Stefan says...
>>      <nothing of importance>
>>
>>
>> The good news is Steve is back.
>>
>> The bad news about Steve being back is Stefan was close behind.
>
>
>Hi Phil ,
>This NG is akin to a 'perpetual party' that mostly meanders along.......but
>is interspersed with regular bouts of hi-voltage activity..............
>It is justification for the many hundreds of Lurkers sitting astride -
>waiting for confirmation that it is happening here and
>now....................
>The  'piece de resistance' is the inimitable Stefan ........somehow bearding
>Steve Gibson in his Den (GRC Com) and not being  'smitten' for his
>impudence.
>The scenario is now old.........but never stale.........and I enjoy Stefans'
>arguments ( some show evidence of intellectual delectation ) and frown a
>little at his tendency to personally attack our
>Host

If it's for intellectual delectation, it is for his own and not mine. 
Stefan would make an excellent political speech writer, given his 
unsurpassed ability to take a few words out of context and distort their 
meaning until the original intent is unrecognizable. Maybe that's why I 
dislike Stefan's posts -- I detest mud-slinging.

-- 
Phil
0
Phil
8/1/2002 1:12:00 AM
All true, Canuck, now tell me, how do your points differ from anything the
RIAA would use?

Let me state that I do not agree with this DDoS attack against the RIAA.
But, if the RIAA started attacking their machines, they I believe they would
be justified.  Maybe not legally, but morally.

As it currently stands, whoever is doing this DDoS attack is wrong.

If this law passes, and RIAA attacks there machines, they would be, IMO,
right.

Personally, I do not break copywrite law.  I do not own illegal software or
download copywritten programs I'm not entitled to.  If the RIAA attacked my
machine, I would defend myself.

Perhaps this was a preemptive attack?

Regards,

Jim Langston

"NT Canuck" <ntcanuck@hot_mail.com> wrote in message
news:aia0gr$g4m$1@news.grc.com...
> Jim Langston wrote:
>
> > DDoS is a tool, personally I don't consider it, or hand guns, evil,
> > although some people do.  They are tools.
>
> Hi Jim,
>
> DDOS is not a tool, it is an effect...like a "siege".
> Under "siege" nothing gets in or out of the targeted area.
>
> One of the problems with DDOS is that the "siege effect"
> is not easily controllable on the target and may include any
> or all other computers and websites neighboring the target.
>
> Add to that the fact it is usually an anonymous attack
> (like a sniper) .. kind of a hit and run or hit and hide thing.
>
> It gets even worse when innocent machine are "hijacked"
> into participating as the senders of the attack...very dirty
> business and totally without honor of any kind.
>
> 'Seek and ye shall find'
> NT Canuck
>
>
0
Jim
8/1/2002 1:16:00 AM
"Jim Langston" goes with:
Very interesting comments Jim.
<snip>
> Perhaps this was a preemptive attack?
Perhaps the RIAA website is faking?
Wouldn't that be a kick in the pants! <g>

Regards,
just axn


---
W2K/BIND-PE/ICS/CHX-I PF/KPF:
http://members.shaw.ca/b.e/bind_experiment.htm
---
�,�����,�~�,�����,�~�,��NOSPAM��,�~�,�����,�~�,�����,�
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002
0
just
8/1/2002 1:19:00 AM
Jim Langston wrote:

> All true, Canuck, now tell me, how do your points differ from
> anything the RIAA would use?

I have no idea since I don't know either their game plan
or their abilities (technical and hardware), and even then
who gets to decide who, what, when, where and why of
every action...is it an executive, a secretary...or anybody.

> Let me state that I do not agree with this DDoS attack against the
> RIAA. But, if the RIAA started attacking their machines, they I
> believe they would be justified.  Maybe not legally, but morally.

Well...
morally one should use common sense and initiate a dialogue.
This scenario you give sounds more like an electronic feud.

> As it currently stands, whoever is doing this DDoS attack is wrong.

DDOS is never right, but neither are trojans or viruses.
In general the entities on the Internet are expected to regulate
themselves...not create enclaves that are above the law.
If this was to combat trojan distributers or virii from spreading
then I could tolerate the activity...as it benefits all of us.
The way the RIAA have gone reads like a "personal" route.

> If this law passes, and RIAA attacks there machines,
> they would be, IMO, right.

Well...you're entitled to have an opinion, but what is being
passed is not so much a law as it is a "suspension of law"
and for a priveleged group...not for all of us.

> Personally, I do not break copywrite law.  I do not own illegal
> software or download copywritten programs I'm not entitled to.
> If the RIAA attacked my machine, I would defend myself.

Heh...I thought you just said it was ok for the RIAA to attack
if the bill passed?  So would you then be a "rebel"?
Anyway...if on a home unit and normal line..there's virtually
no defense against an OC-3 or somesuch flooding your line.

A hardware firewall or veteran IT person might be able to
keep a unit secure...but you won't be able to surf or email.
And an encrypted line like the one I use would require enough
juice that the local node (area service router) could be plugged
causing upto 300 other units to be out of service, I mention this
since I'm not on any unusual service, just a typical broadband.

> Perhaps this was a preemptive attack?

There are and have been for several years many DDOS and
trojan and virii attacks among others...some taking as much
as 3 complete hijacked T-3 (45mb) or better, that were used
against another entity.  On some levels it's a tornado of activity.

Given the special circumstances the USA is under post-9/11
I would expect some alterations in normal methodology in
regard to Internet transmissions and precautions...but not for
purely commercial interests in a single area, also consider that
p2p file trading is not even illegal in several overseas countries
and afaik hasn't been declared illegal in USA, not declared legal
either...and at least one court in Europe said p2p was legal.

'Seek and ye shall find'
NT Canuck
0
NT
8/1/2002 1:49:00 AM
"Kenneth Doyle" <nobody@spamcop.net> wrote in message
news:3D487C06.E9835DE6@spamcop.net...
..
>
> OK, that's an example of how suspicion might be kindled in
> the first place.  My question relates to what happens next.
> Even though the copyright holder is allowed to delete only
> the files that contain their copyrighted material, how are
> they going to know what files to delete (if any)?  The
> provision that one can delete one's own material from
> someone else's machine, implies that the contents of the
> files on someone else's machine are known either to violate
> or not to violate the copyright; but exactly how does that
> situation (knowledge of violation) come about?

Thats a good question unless you examine every file on someone else's
computer.  Of course those copyright owners get to do it just like a sneak
thief in the night and don't even have to let you know they've been there.
 >
> Hmmm, I don't think it's really as simple as that.

It is unfortunately. They are allowed to take proactive measures.  I've read
the darn bill.  They aren't supposed to be allowed to search the non public
areas of a computer but other than that if you have P2P which is available
to the public then they can look.  I suppose the idea is simialar to your
right to privacy when you are in a public place. It's much lower than when
you have the expectation of privacy.
0
Rick
8/1/2002 2:38:00 AM
Steve Gibson wrote:
> 
> > I feel better now,
> 
> I'm glad that you feel better axn.  But I am less confident about the
> bill's lack of chance for passing.  The unthinkably horrible DMCA
> (Digital Millennium Copyright Act) is certainly here ... and causing
> all manner of trouble.
> 
> I just wish that our government had not become a system that's sold
> out to the highest bidder.  This is certainly not the way it was
> designed.  Fortunately we have the Supreme Court, but they can't bear
> the burden for dealing with all of the legislature's grafting
> behavior.
> 
> --
> _________________________________________________________________
> Steve.

_This_ Supreme Court has come down on (what I see as) the wrong side of
too many issues for your last line to bring me any comfort, Steve.  The
principle of the Supreme Court would protect us from this danger, but
i'm not so sure about the fact of it right now in history...
This thread is taking a turn toward politics we might want to avoid
here, however...

Corey
0
corey
8/1/2002 3:15:00 AM
Go ahead and obliterate away - I just sent it to my wife, just dont expect
your service to be continuous when you hit me... <g>
Thats what they will be seeing a lot of.

>
> "I hereby grant you, the reader, the right to view this post. You are not
> permitted to save the content, or forward this post to any other user. If
I
> believe you have saved a copy of this message, or otherwise caused it to
be
> redistributed, I will obliterate your newsreader and all of its contents."
> :^/
>
> --
> If you spam my mailbox, you agree to accept any response I deem
appropriate.
> Keep SIGNATURE AGREEMENT before replying.
> 'Any business model that relies on 'caveat emptor' is not ethical.'
0
OneDeej
8/1/2002 5:53:00 AM
hey stefan you don't run www.grcsucks.com by any chance do you?



--

Jonathan
________________________________
http://www.classickidstv.co.uk
http://www.jonathandavis.info
0
Jonathan
8/1/2002 6:07:00 AM
On Wed, 31 Jul 2002 14:08:48 -0500, "Robert Wycoff"
<Don't.use.Lockdown@any.price> wrote:


>I don't follow you.  Information sharing continues on the Internet, despite
>the appearance of commercial interests.  Sharing stolen software, music, and
>movies are not what I call information sharing.
>
Robert

Yes, information sharing does continue, but it coming more with a
price tag.  Now some sites are requiring registration and subscription
along with cookies and JS.  I just commenting that the concept of
freely sharing info is being corrupted by commercialism, and this
lastest flap is one of the symptoms. 

As for stolen goodies, I am very aware as my work is copyrighted
material too.  I don't think the internet was intend to be sharing
those!

Geek..
0
handyman
8/1/2002 6:43:00 AM
On Wed, 31 Jul 2002 19:23:16 -0400, "Dave" <ddi20@xyz.net> wrote:

>Sounds to me like it might be unconstitutional based on lack of due process.
>Perhaps the Supreme Court might overturn it if it is passed.  But if I can seeits unconstitutionality,  why would the legislature pass it and what does that say about them?
>
Dave

Congress passes laws all the time that might be considered
"unconstitutional". What that say about them is that this is par for
the course.  

Many laws has been challedged in court.  However, it takes time and
money which I see the RIAA having more of than any opposition.

Geek..
0
handyman
8/1/2002 6:47:00 AM
"Steve Gibson" <support@grc.com> wrote in message
news:MPG.17b13adf8798dc898a7b2@207.71.92.194...

> All things considered, I can't say that I am entirely unhappy that
> the RIAA is getting a nice dose of the vigilante "medicine" it is
> asking for our government's license to pursue for itself.  WHAT are
> they thinking?
>
> I hope, therefore, that industry, government, and law enforcement
> agencies are watching closely to see how readily and easily any site
> can be taken off -- and held off -- the Internet by an ad hoc band of
> pissed off kids.  Whenever I speak to groups about the significant
> and real threat of Internet attacks I try to drive home my absolute
> certainty that the ONLY reason we are not seeing more attacks is that
> the motivation is missing.  Well ... the RIAA has provided the
> missing motive ... and my future presentations will now have a
> perfect case in point, promoting my well-known concerns from theory
> to reality.

Steve, can I add that I have long thought that you have a unique ability to
blend technical excellence with human feeling. That's a pretty unique
ability, and while many of us here share some of both aspects you have a
talent for getting the message across.

Motivation, as you say, is the key to many things, and it is good to know
that someone is aware of the situation. It's even better to know that the
folks here are aware because there may be occasions where otherwise opposing
sides may need to form an alliance. There is a bigger threat than the RIAA.

Charlie
0
Charlie
8/1/2002 12:38:00 PM
"just axn" <rbeNOSPAM@shaw.ca> wrote in message
news:ai9l48$3m4$1@news.grc.com

> My faith in the US Gov. stems from its origin - the American people.
> Fortunately, even in the US, governments have come and gone via the
> wrath of the voting public. I can only hope that "untimely'
> legislation is not entirely irreversible, like it appears to be in
> some countires today!

ax,

Those are nice words coming from a Canadian.  I appreciate the support
Canada has given the US over the years, as evidenced most recently in
Afghanistan.  My apologies for the unfortunate accident.

Robert
0
Robert
8/1/2002 1:19:00 PM
"Jonathan Davis" <everclear_rule@punkass.com> wrote in message
news:aiajap$12pd$1@news.grc.com
> hey stefan you don't run www.grcsucks.com by any chance do you?

Jonathan,

Absolutely not.

Robert
0
Robert
8/1/2002 1:21:00 PM
Completely OT, but -

Jim Langston wrote:

> I guess the Constitution of the US gives the citizens of the US the right to
> decide if the US Government has become corrupt.  So, umm, we do?

David Koresh, Ruby Ridge...others I'm sure...

I think my point is that it would take an enormous citizen response to affect
governmental change using guns. "Loners" or small groups have no chance, they
simply get squashed by what they perceived as a corrupt government, probably
reinforcing the notion in others that the government is corrupt.

Dave
---
Hell, I can't even think straight!
0
Partners
8/1/2002 3:03:00 PM
> ..........'member Tron
>

yup, and there is going to be a sequel... next year....
http://www.tron20.net/
0
blood
8/1/2002 4:14:00 PM
> Motivation, as you say, is the key to many things, and it is good
> to know that someone is aware of the situation. It's even better
> to know that the folks here are aware because there may be
> occasions where otherwise opposing sides may need to form an
> alliance. There is a bigger threat than the RIAA.

The tragic events of last September 11th were all about motivation.
I don't place a packet flood anywhere near the same category as 
deliberate acts which result in the deaths of thousands of people. 
But people who plan for the future need to understand that as we move 
toward an ever increasing reliance upon the Internet, we are relying 
upon a system which is globally robust but locally vulnerable.

A perfect example of this is a conversation I had after my "Wicked" 
report had become popular.  I received a call from a representative 
of the association of fire and burglar alarm companies.  He said that 
he had sort of heard of these denial of service attacks before, but 
he'd never really paid them any attention since he didn't understand 
them. But he said that my site's explanations had changed that. So he 
wanted to ask whether he was correct in assuming that using the 
Internet -- as all of the companies in the association were starting 
to think seriously about -- for their alarm signalling, would be a 
bad idea.

I told him that I thought he was VERY correct to be worried. An alarm 
monitoring company could be the target of a denial of service attack 
which would flood its ability to receive notifications from its 
customers. As opposed to interrupting a traditional and comparatively 
expensive individual physical phones line being used for monitoring, 
an Internet based attacker would not need to have physical access 
anywhere and could seriously monitoring disrupt service at will.

Technology is something that inherently spreads. At one time, not too 
long ago, no one had graphical windowing systems.  Then a few people 
had them, but no one really knew "how to do them" so they were 
amazing and not very available.  But today everyone who wants to can 
easily have graphical windowing systems.  Toolkits abound, books have 
been written, samples are everywhere ... and so are the windowing 
systems.

Someone earlier in this thread mentioned that he/she might be 
inclined to DoS-blast someone whom they believed had malicious intent 
toward them or their system (much as the script-kiddies do today). 
That person said that they didn't know how or have the capability 
yet.  But the technology is out there ... and it's spreading.  Before 
long, a random burglar or arsonist may be able to DoS-blast an alarm 
monitoring company and blind them to a situation they would have 
otherwise been able to detect.

As you said Charlie ... Means, Motive, and Opportunity.

-- 
_________________________________________________________________
Steve.
0
Steve
8/1/2002 4:43:00 PM
> DDOS is not a tool, it is an effect...like a "siege".
> Under "siege" nothing gets in or out of the targeted area.
> 
> One of the problems with DDOS is that the "siege effect"
> is not easily controllable on the target and may include any
> or all other computers and websites neighboring the target.

Right, we see this all the time.  Many unrelated and unintended 
servers being adversely affected by an attack upon one specific
site and IP.  Siege Overspill.

-- 
_________________________________________________________________
Steve.
0
Steve
8/1/2002 4:54:00 PM
"Steve Gibson" <support@grc.com> wrote in message
news:MPG.17b3050ae8244a0798a7c1@207.71.92.194...

> Someone earlier in this thread mentioned that he/she might be
> inclined to DoS-blast someone whom they believed had malicious intent
> toward them or their system (much as the script-kiddies do today).
> That person said that they didn't know how or have the capability
> yet.  But the technology is out there ... and it's spreading.  Before
> long, a random burglar or arsonist may be able to DoS-blast an alarm
> monitoring company and blind them to a situation they would have
> otherwise been able to detect.
>
> As you said Charlie ... Means, Motive, and Opportunity.

Hi Steve ,
I consider myself a technological naif.........however ,. in the past couple
of years I have been able to access an amazing amount of hacker tools that
even to me seem ridiculously easy to 'drive'.
I am becoming increasingly aware of a large arsenal being added to every
day...........and available for mindless adolescent vandalism as well as
more serious and nefarious visions.
Is it merely a matter of time ?.....................or am I  too ,  an
alarmist from a different posture ??
Regards.................................Caligula

 "" Oderint dum metuant ""
0
Caligula
8/1/2002 4:58:00 PM
Steve Gibson wrote:

> Right, we see this all the time.  Many unrelated and unintended
> servers being adversely affected by an attack upon one specific
> site and IP.  Siege Overspill.

Yup, when a thunderstorm hits..everbody gets soaked.

I wonder...or at least food for thought....

Can a percentage say 5-10% of bandwidth be locked somehow
or via some technology for emergency use?
The idea came to me when looking at the reserved bandwidth
settings for "QOS" (although not really same thing, but interesting).

I suppose Steve, that unless you have some breakthrough and
invent a "nano-umbrella" this may just be my hypothetical musings.

'Seek and ye shall find'
NT Canuck
0
NT
8/1/2002 5:20:00 PM
In article <ai93hr$2h48$1@news.grc.com>, no.sp@m.com, 
 Stefan nibbled our ears by saying...

> Let's be serious for a second.  This legislation will pass at approximatly
> the same time that my ass walks on Jupiter.

Funny, I would have thought the same thing about the DMCA given how 
egregiously it violates personal and civil liberties along with 
previous legislation covering "fair use" rights ...


> Does this law give them rights to attack only American computers?  I'd love
> to have them explain how an American law gives them the right to attack a
> computer in Canada, Europe, Asia, etc, etc (where much of the piracy
> happens).

Try prosecuting them in China, Europe, Asia, etc. for doing it ...


> What computers will the RIAA and MPAA use to attack naughty netizens?  Their
> own?  Ok...  their own will be blown off the net not stop by P2P vigilantes.
> Will they use trojans?  Oh, that's legal...  yea right.  It's an
> impossibility.

Actually, part of their goal appears to make such devices legal for 
them to use to protect their property.


> They're just trying to protect their billions dollar industry, but they're
> going about it all wrong because at this point, it's their only option.

It is?  You mean that they can't avail themselves of the legal system 
and prosecute those who offer pirated material for download?

> What else can they suggest to do?  Do I agree with what they want to do?
> Hell no, but who cares?  It's not like it will EVER pass into law anyway.
> Ever.  If it does, drag this posting up, and throw it back in my face at
> some date in the future.  It ain't going to happen.  A legal hack-attack?
> Please.  Ain't gonna happen.

There are many laws that exist that people said would never happen 
....


-- 
Michael
- "anyone who is honestly trying to [live a life of belief] will soon 
find his intelligence sharpened."  C.S. Lewis
0
Anonymous
8/1/2002 6:19:00 PM
In article <aia0gu$g4q$1@news.grc.com>, Jim Langston 
transmitsitlikethis:

> "waves" <me@one.ok!> wrote in message
> news:MPG.17b2579fe89d4dda989c32@207.71.92.194...

> >   You can't just come and break my door down
> > to get back whatever I stole from you, now can you?
 
> You're darn tootin that if you stole something from me that was in your
> house I would bust down your door and take it back.

The rottweilers would get you first.  :)


> Now, if I was the RIAA in this, I would simply set up a p2p website and
> snatched the info from the people who downloaded from it.  Let the courts
> fight about entrapment.


The user was "entrapped" much earlier on.  Especially 
if their first introduction to being on the interest 
was courtesy of AOL's 100 free internet hours!!!  
Hooray! I have been to MSN's site for example and I've 
seen on MSN's *homepage* a flashing icon inviting 
users to "meet new friends online", it was some sort 
of chatroom.  We all know what goes on in those chat 
rooms.  For one thing, we know this is where they can 
swap music files.  I can't really blame a new user to 
the internet for "stealing" anything if they've heard 
about it via AOL's free 100-hours internet usage.  Or, 
if on the homepage of AOL there is an invitation for a 
chatroom to meet new friends, now THAT's entrapment!  
It's like they're orchestrating the whole thing from 
start to finish.  They offer FREE online time, 
introduce new users to all the stuff that can get them 
into *trouble* one way or another.  AOL, MSN and all 
those other similar sites, need to accept the 
responsiblity for the wreckless behaviour they have 
created in their users. 
 

> Jim Langston
0
waves
8/1/2002 6:20:00 PM
In article <ai9ebn$2tep$1@news.grc.com>, no.sp@m.com, 
 Stefan nibbled our ears by saying...

> > Nope, nothing about "it's ok to DDos people that
> > upset you". It's more of a statement of humorous irony.
> 
> I never drew that connection.  I merely pointed out that he DID:
> (take your pick)
> 
> a) condone
> b) dismiss
> c) forgive
> d) overlook
> e) not object to
> 
> ...the DDoS against the RIAA's website.

You should try putting Steve's comments here in the larger context of 
his writings as a whole.  He has stood staunchly opposed to such 
abuses of technology for a number of years.  Put that staunch 
opposition into the reading of his message to which you objected and 
you get that he is against such tactics and doesn't approve of them, 
but he wasn't unhappy that it happened.  It doesn't say he was happy 
that it happened.  It doesn't say that he supported the attacks, just 
that he wasn't "unhappy".  That is not condoning or forgiving.  It is 
not dismissing or overlooking - to the contrary, he is writing about 
it.  He doesn't object to it?  That is not supportable given his 
repeated objections and outrage at such acts and his efforts to 
educate the various law enforcement/intelligence gathering 
communities regarding the issue.

-- 
Michael
- "anyone who is honestly trying to [live a life of belief] will soon 
find his intelligence sharpened."  C.S. Lewis
0
Anonymous
8/1/2002 6:31:00 PM
"Steve Gibson" <support@grc.com> wrote in message
news:MPG.17b21774cf5d99fe98a7c0@207.71.92.194...
>
> > Well, that's a big problem right there.  How is the
> > copyright holder to know that the contents of a file
> > are copyrighted?
>
> Good one.  You're right of course.

Presumably, agents for the various copyright holders would download suspect
files and listen to/view them.  If they contained material for which they
held the copyright, they could then begin their attack.

One thing that didn't really get picked up out of my earlier post was that
the methods by which a copyright holder would attempt to remove these files
from the network would have to be submitted to the DoJ at least a week
before those methods were employed.  I have since read through the statute
regarding the Freedom of Information Act (FOIA) (5 USC 552)
http://www.usdoj.gov/oip/foia_updates/Vol_XVII_4/page2.htm , and it appears
that of the nine exemptions specified in section (b), only item (4) is of
interest:  "trade secrets and commercial or financial information obtained
from a person and privileged or confidential".  I don't *think* that the
methods submitted to the DoJ could be considered trade secrets, since
according to 18 USC 1839 (3), a "trade secret" requires that "(A) the owner
thereof has taken reasonable measures to keep such information secret"
(which, having disclosed such information to the DoJ, is not secret), and
"(B) the information derives independent economic value, actual or
potential, from not being generally known to, and not being readily
ascertainable through proper means by, the public" (methods of peer-to-peer
sharing prevention do not have independent economic value; rather, the
economic value is held in the copyrighted material).

The only other way that the information could be held unobtainable through
FOIA is if the Berman bill were altered to make a specific provision
thereto.

I'm most definitely *not* a lawyer, but you better believe that if the
Berman bill were to become law, I would (on a weekly basis) request (for the
past week) all filings pursuant to that law, and post the materials received
publicly.  And I'd have fun every moment of it.

But here's hoping I don't have to.

Barry
0
Barry
8/1/2002 6:40:00 PM
> The problem is, I doubt that file deletion will be available. So, in
> the words of the Bill (House Resolution) itself, the ...
>
> " Copyright owner shall not be liable in any criminal
> or civil action for disabling, interfering with,
> blocking, diverting, or otherwise imparing ... "
>
> To me, this seems onerous in the extreme.  It is a license for Denial
> of Service flooding attacks against individual machines on the
> Internet.

The problem (as you have seen many times, Steve) is that in many cases (and
almost always, when it comes to home users) one cannot use DoS to target one
individual machine.  The bill provides an exception to the immunity if

(Proposed 5 USC 514 (b), excerpted):  Subsection (a) shall not apply to a
copyright owner in a case in which (1) in the course of taking an action
permitted by subsection (a), the copyright owner--(A) impairs the
availability...of a computer file or data that does not contain a work, or
portion thereof, in which the copyright owner has an exclusive
right...except as may be reasonably necessary to impair the
distribution...--(B) causes economic loss to any person other than affected
file traders...

So, if they prevent files over which they don't have *exclusive* copyright
rights from being shared, they aren't immune.  Therefore, the RIAA can't
hire agents to do their dirty work, because the RIAA doesn't have said
rights.  Also, if any other person (say, your local ISP) suffers an economic
loss, they would also not be held immune.

In other words, DoS would be a very, very dangerous game to play.



> Oh ... and it is acceptable for "economic loss" by the file trader to
> be caused as a result ... with full immunity from the government.

No more than $50 of economic loss (not counting any loss associated with
losing the files containing material over which the copyright is held).
That's in item (C) in the above list.

I'm certainly not defending this bill - I think it sucks.  But I also want
to make sure everyone understands what it truly does, so that we can all
carry on a well-informed conversation.

Barry
0
Barry
8/1/2002 6:53:00 PM
> So, if they prevent files over which they don't have *exclusive* copyright
> rights from being shared, they aren't immune.  Therefore, the RIAA can't
> hire agents to do their dirty work, because the RIAA doesn't have said
> rights.  Also, if any other person (say, your local ISP) suffers an
economic
> loss, they would also not be held immune.

Bad form replying to my own post, but I was wrong on this one (partially).
Record labels could authorize the RIAA to take these measures.  It is
unclear whether they could act on behalf of several record labels en bloc,
however, in the same DoS attack.

The dangers inherent in using DoS still exist.

Also, anyone interested in the penalties for intruding on a computer (as in,
what applies if a copyright owner isn't exempted) is found in 18 USC 1030:

http://www4.law.cornell.edu/uscode/18/1030.html

Barry
0
Barry
8/1/2002 6:59:00 PM
"Robert Wycoff" Resoundly Writes:
 > > My faith in the US Gov. stems from its origin - the American people.
> > Fortunately, even in the US, governments have come and gone via the
> > wrath of the voting public. I can only hope that "untimely'
> > legislation is not entirely irreversible, like it appears to be in
> > some countires today!
> ax,
> Those are nice words coming from a Canadian.  I appreciate the support
> Canada has given the US over the years, as evidenced most recently in
> Afghanistan.  My apologies for the unfortunate accident.
Hi Robert,
We're kind of "All In This Together" aren't we!
Things suck sometimes, and when you get a bunch of folks with weapons
together in one place, things can really suck. That is probably another
inevitible Tragedy of Life.

Not to detract from the import of the aforementioned, anothe "ToL" would be
if the RIAA inadvertantly (oops!) scrubbed every hard-drive on the Internet!
Get your RIAA patch *quick*! <g>

Thx,
just axn


---
W2K/BIND-PE/ICS/CHX-I PF/KPF:
http://members.shaw.ca/b.e/bind_experiment.htm
---
�,�����,�~�,�����,�~�,��NOSPAM��,�~�,�����,�~�,�����,�
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002
0
just
8/1/2002 7:24:00 PM
In article <MPG.17b3050ae8244a0798a7c1@207.71.92.194>, 
Steve Gibson transmitsitlikethis:

Hello, Steve Gibson,
 
> Someone earlier in this thread mentioned that he/she might be 
> inclined to DoS-blast someone whom they believed had malicious intent 
> toward them or their system (much as the script-kiddies do today). 

That was I. However, you have taken it out of context 
just a bit.  :)  I was suggesting that if the likes of 
the RIAA's bill got passed which would in essence 
allow "legal hacking", on the grounds of users 
"stealing" something, then I, too, would like the 
legal right to retain what I believe is being 
chisled away, stolen from me, namely, my privacy 
whilst online.  Hey, it's you, Steve Gibson who's 
inspired my interest in security and privacy.  So, you 
know what I'm talking about when I speak of privacy 
issues?  And how some sites want to steal that from 
users?  Users are just consumers, and the internet is 
just a billboard to some minds. These sites are 
stealing people's personal information.  And stealing 
is stealing, is it not?  So I was just thinking if 
such a bill got passed, then I think it should be 
across the board, let ME have the legal right to get 
into a site's system when I discover that THEY have 
stolen from ME.  In this way, it would be a much 
fairer playing/battle field.

Am I mistaken in thinking that the user's privacy is 
of no value?  Some sure seem to be making money from 
it.


> That person said that they didn't know how or have the capability 
> yet.  But the technology is out there ... and it's spreading. 

Usually I'm not too keen to follow links, but I'll 
make an exception with you.  :)


>  Before 
> long, a random burglar or arsonist may be able to DoS-blast an alarm 
> monitoring company and blind them to a situation they would have 
> otherwise been able to detect.

Is there such a site that has a list of all the ddos'd 
sites?  What do these sites have in common?  Who are 
all the people who are doing this ddosing?  Surely 
they are not all "kiddies" as you seem to suggest. And 
there's not just one lot of them, is there?  There 
must be several different groups, etc., some just 
devilish little kids, and other more reasonable 
people.  

This probably isn't gonna sound right to some 
unthinking people, but the ability to "ddos" some site 
is a good tool to have.  And it can be used for GOOD 
means, as well as bad means, like any tool.  Just 
remember, that the bad guys will always have the best 
tools, and so it is a wise move to be able to know how 
to use the same tools as they do.  Ddosing is not 
necessarily a BAD thing, it just depends on who's 
doing it.  

 
> As you said Charlie ... Means, Motive, and Opportunity.

But it's just like that with everything in life, isn't 
it?
0
waves
8/1/2002 8:14:00 PM
"NT Canuck" <ntcanuck@hot_mail.com> wrote in message
news:aia43b$jra$1@news.grc.com...
> Jim Langston wrote:
>
> > If this law passes, and RIAA attacks there machines,
> > they would be, IMO, right.
>
> Well...you're entitled to have an opinion, but what is being
> passed is not so much a law as it is a "suspension of law"
> and for a priveleged group...not for all of us.

Er, I didn't word that quite right.  the "they" would be right is not
refering to the RIAA, but to the attackee.  In other words, even if this law
passes and RIAA attacked someones machine, that someone would be morally
right to defend themselves with DDoS IMO.

>
> > Personally, I do not break copywrite law.  I do not own illegal
> > software or download copywritten programs I'm not entitled to.
> > If the RIAA attacked my machine, I would defend myself.
>
> Heh...I thought you just said it was ok for the RIAA to attack
> if the bill passed?  So would you then be a "rebel"?

Read my correction above.

Regards,

Jim Langston
0
Jim
8/1/2002 8:43:00 PM
"waves" <me@one.ok!> wrote in message
news:MPG.17b38b9965677c86989c3a@207.71.92.194...

> The user was "entrapped" much earlier on.  Especially
> if their first introduction to being on the interest
> was courtesy of AOL's 100 free internet hours!!!

I think it goes deeper than that.  "How do I download warez programs?"
people ask me.  "That's wrong, I won't tell you."  "But everyone does it."
is their reply.  So everyone (us) are the ones who entraped them (warez).

Regards,

Jim Langston
0
Jim
8/1/2002 8:45:00 PM
> Actually, part of their goal appears to make such devices
> legal for them to use to protect their property.

Right.  And as all of us here (in this newsgroups) appreciate, the 
problem is that there is not a technically feasible means for making 
this possible.  It just can't be done accurately and without all 
sorts of mistakes and dangers like "siege overspill", targeting the 
wrong IP, etc., etc.

(What about when someone is running through a public proxy and that's 
the only IP that can be seen outside the proxy?  Gonna blast the 
whole proxy and disconnect everyone who's behind it?  :)

So what this proposed legislation is doing is allowing "Internet 
Attack" ideas to be legal within some contexts.  But Internet attack 
ideas ought NEVER to be allowed to be legal under ANY context.

We need to be moving forward, not backward ... and this probably 
means that the MODEL of music and movie sales and marketing needs to 
change. Sure, I understand and appreciate the frustration that the 
RIAA and MPAA must be feeling ... but technological progress is 
creating new possibilities and is changing the behavior of many 
people.

Global CD (compact disc) sales were down 7 percent last year -- but 
to blame this on file trading is certainly wrong headed.  Hasn't 
everyone SEEN the huge PYRAMIDS of CD-R's which now decorate consumer 
and office supply stores?  I watch people purchasing 50 and 100-disc 
"jumbo packs" of CD-R discs ... and I think to myself "Hmmmm, I doubt 
they are burning copies of software they have written, or songs they 
have recorded."  And I really wonder ... what are they DOING with all 
of those discs?????  They've GOT to be copying (pirating) CD's.

-- 
_________________________________________________________________
Steve.
0
Steve
8/1/2002 9:36:00 PM
> I'm certainly not defending this bill - I think it sucks.
> But I also want to make sure everyone understands what it
> truly does, so that we can all carry on a well-informed
> conversation.

Thanks for the comments Barry.  I'm glad you've read it as
closely as you clearly have.

-- 
_________________________________________________________________
Steve.
0
Steve
8/1/2002 9:38:00 PM

Steve Gibson wrote:

>
> The war-games folks must have a vocabulary that I lack for describing
> the effect of a conflict where the weapons are much more powerful
> than, and able to easily overwhelm, any available defenses.
>

Mutually Assured Destruction.
0
Normski
8/1/2002 10:19:00 PM
"Steve Gibson" <support@grc.com> wrote in message
news:MPG.17b349cd41feaadc98a7ca@207.71.92.194...

> We need to be moving forward, not backward ... and this probably
> means that the MODEL of music and movie sales and marketing needs to
> change. Sure, I understand and appreciate the frustration that the
> RIAA and MPAA must be feeling ... but technological progress is
> creating new possibilities and is changing the behavior of many
> people.

Very astute analysis and a perfect example of the coder and the human. <g>

> Global CD (compact disc) sales were down 7 percent last year -- but
> to blame this on file trading is certainly wrong headed.  Hasn't
> everyone SEEN the huge PYRAMIDS of CD-R's which now decorate consumer
> and office supply stores?  I watch people purchasing 50 and 100-disc
> "jumbo packs" of CD-R discs ... and I think to myself "Hmmmm, I doubt
> they are burning copies of software they have written, or songs they
> have recorded."  And I really wonder ... what are they DOING with all
> of those discs?????  They've GOT to be copying (pirating) CD's.

Yes, and just as compact cassettes were going to destroy the huge music
industry the current scapegoat is the computer because that's the most
common copying tool. But it was the music industry that forced us ALL to go
buy CD players because they withdrew vinyl. Did they give us a choice? You
used to be able to buy a "Single". Now you more or less have to buy the CD.
Not much of a price difference there, and most often there are 2 good tracks
and a bunch of crap. It's no real surprise that people like to make their
own CDs for use in the car etc. I agree absolutely that DoS attacks are
wrong whatever the circumstances, but I can see why it's happening. I used
to pay $2 for the music of my choice but now have to pay $15 for it because
it's bundled with junk. So you can bet I'm going to win that $13 back if I
can.

Charlie
0
Charlie
8/1/2002 11:17:00 PM
Steve Gibson wrote:
[...]
> Global CD (compact disc) sales were down 7 percent last year -- but
> to blame this on file trading is certainly wrong headed.  Hasn't
> everyone SEEN the huge PYRAMIDS of CD-R's which now decorate consumer
> and office supply stores?  I watch people purchasing 50 and 100-disc
> "jumbo packs" of CD-R discs ... and I think to myself "Hmmmm, I doubt
> they are burning copies of software they have written, or songs they
> have recorded."  And I really wonder ... what are they DOING with all
> of those discs?????  They've GOT to be copying (pirating) CD's.

And they likely think they are already paying for just this "right", given
the levies and fees on such raw media.

Of course, such levies and fees serve to entrench the "monopoly" of "big"
music by punishing small artists, but I have to wonder that they wouldn't
realize that the public might feel justified using their raw media to make
illegal copies -- since they are by rights already paying to do so.

Regards,
Sam
--
Welcome to Earth. A subsidiary of Microsoft�.
0
Sam
8/1/2002 11:23:00 PM
"Sam Schinke" <sschinke@myrealbox.com> wrote in message
news:aicfmm$318b$1@news.grc.com...

> Of course, such levies and fees serve to entrench the "monopoly" of "big"
> music by punishing small artists, but I have to wonder that they wouldn't
> realize that the public might feel justified using their raw media to make
> illegal copies -- since they are by rights already paying to do so.

Yep, that's exactly right, the RIAA are determined to create a "No Lose"
economy all for themselves.

Charlie
0
Charlie
8/2/2002 12:53:00 AM
Steve Gibson <support@grc.com> wrote in news:MPG.17b349cd41feaadc98a7ca@
207.71.92.194:

> 

> Global CD (compact disc) sales were down 7 percent last year -- but 
> to blame this on file trading is certainly wrong headed.  Hasn't 
> everyone SEEN the huge PYRAMIDS of CD-R's which now decorate consumer 
> and office supply stores?  I watch people purchasing 50 and 100-disc 
> "jumbo packs" of CD-R discs ... and I think to myself "Hmmmm, I doubt 
> they are burning copies of software they have written, or songs they 
> have recorded."  And I really wonder ... what are they DOING with all 
> of those discs?????  They've GOT to be copying (pirating) CD's.
> 

Actually, some of use those CD-R's for archiving family photos, backing up 
data, and so on. Which, by the way, we pay a premium for (Canada) to 
support artists, based on the assumption that we're going to steal their 
music...
0
Leslie
8/2/2002 1:13:00 AM
Barry wrote:

> I'm most definitely *not* a lawyer, but you better believe that if the
> Berman bill were to become law, I would (on a weekly basis) request (for the
> past week) all filings pursuant to that law, and post the materials received
> publicly.  And I'd have fun every moment of it.

I'll be the first looking forward to that website. :)

-- 
  __ _  ____
 /  ' \/ __/                                    http://mctech.org/
/_/_/_/\__/                                     http://pchelpers.org/
---------------------------------------------------------------------
My email address(s) are my private property.  They are NOT to be used
or recorded for ANY reason without my explicit permission.  Disregard
of this statement is in violation of federal privacy & copyright law.
---------------------------------------------------------------------
"He who would trade an ounce of freedom for a pound of security loses
both and deserves neither."                     ..Benjamin Franklin..
---------------------------------------------------------------------
The World Trade Center II will rise from the flames and ashes of the
original. Just like the PHOENIX of legend, The WTC2 will rise again.
0
mc
8/2/2002 1:42:00 AM
Steve Gibson wrote:

> and office supply stores?  I watch people purchasing 50 and 100-disc
> "jumbo packs" of CD-R discs ... and I think to myself "Hmmmm, I doubt
> they are burning copies of software they have written, or songs they
> have recorded."  And I really wonder ... what are they DOING with all
> of those discs?????  They've GOT to be copying (pirating) CD's.

Sorry to dissappoint you Steve, but some of us use those cd's to make
backups/archives of all sorts of things. If not for my cd's I'd have to
buy several new hard drives to store crap, and they'd be more prone to
errors and erasure than the cd's and less portable. With them I still
manage to operate with a 10 gig hard drive (barely) and I am able to
take my various diagnostic and repair tools with me to a clients house,
take my digital photos to a family reunion, etc etc.

-- 
  __ _  ____
 /  ' \/ __/                                    http://mctech.org/
/_/_/_/\__/                                     http://pchelpers.org/
---------------------------------------------------------------------
My email address(s) are my private property.  They are NOT to be used
or recorded for ANY reason without my explicit permission.  Disregard
of this statement is in violation of federal privacy & copyright law.
---------------------------------------------------------------------
"He who would trade an ounce of freedom for a pound of security loses
both and deserves neither."                     ..Benjamin Franklin..
---------------------------------------------------------------------
The World Trade Center II will rise from the flames and ashes of the
original. Just like the PHOENIX of legend, The WTC2 will rise again.
0
mc
8/2/2002 1:50:00 AM
Barry wrote:

> Presumably, agents for the various copyright holders would download suspect
> files and listen to/view them.

Curiosity makes me ask some questions on this topic.

And how does the agent determine what to download? More 
importantly...who's to confirm the ethics of said agent? Who's to 
confirm that a gossip or thief hasn't been hired?

Who's going to be held responsible for errors in filechecking 
that end up harming someone?

Who's going to ensure nothing untoward gets done with files that 
get checked and found not illegal, but are still private files? 
Put the fox in charge of the chickens, who's going to ensure the 
foxes' honesty?

Who's responsible for preventing function creep of what this law 
gets used for? Today, copyrighted materials checks ...tomorrow 
....what? What if they find somebody who could be a legit 
competitor to them? What then? Who guarantees these 
'investigators' don't end up screwing over honest people?

> If they contained material for which they
> held the copyright, they could then begin their attack.

Who guarantees this is the ***only*** circumstance under which 
they make their attacks?

Who's to prevent them attacking somebody who merely doesn't like 
them, or says something about them that they don't like?

The list of potential misuses of a law like this are nearly 
endless. And you can bank the only people who would suffer would 
be innocent people. Another outlet for selling even more private 
information to the highest bidder.

Please...don't tell me 'penalties' for wrongful uses. Enron is a 
hint. Worldcom is a hint.

I'm not saying this will all happen, but I think seriously that 
an enormous opportinity for abuse has been introduced.

Remember...this is essentially Hollywood with which you're 
dealing here. Do you trust Hollywood? If you do, I have a bridge 
boutique you might like to visit. Bring all your credit cards and 
all your checkbooks. I've got a deal for ya.

Cheers

Waldo
0
Waldo
8/2/2002 2:00:00 AM
> Sorry to dissappoint you Steve, but some of us use those cd's
> to make backups/archives of all sorts of things. If not for my
> cd's I'd have to buy several new hard drives to store crap, and
> they'd be more prone to errors and erasure than the cd's and
> less portable. With them I still manage to operate with a 10
> gig hard drive (barely) and I am able to take my various
> diagnostic and repair tools with me to a clients house, take my
> digital photos to a family reunion, etc etc.

That doesn't disappoint me at all, though the demographics of the 
people I've watched purchasing the mega-packs of CD's lead me to 
believe they have other uses than storing their own content.

Like you, I keep lots of archives of drive images, etc.  And just 
recently I created a killer bootable mini-CD (185 megs) which allows 
me to carry *all* of my utilities from machine to machine here when 
I'm maintaining partitions, making images, etc. etc.  :)

-- 
_________________________________________________________________
Steve.
0
Steve
8/2/2002 2:00:00 AM
Steve Gibson wrote:
> 
> > Sorry to dissappoint you Steve, but some of us use those cd's
> > to make backups/archives of all sorts of things. If not for my
> > cd's I'd have to buy several new hard drives to store crap, and
> > they'd be more prone to errors and erasure than the cd's and
> > less portable. With them I still manage to operate with a 10
> > gig hard drive (barely) and I am able to take my various
> > diagnostic and repair tools with me to a clients house, take my
> > digital photos to a family reunion, etc etc.
> 
> That doesn't disappoint me at all, though the demographics of the
> people I've watched purchasing the mega-packs of CD's lead me to
> believe they have other uses than storing their own content.

Yea, and I do agree that quite likely a large portion of those bulk
buyers are indeed using them for music (or program) cd copying.

> Like you, I keep lots of archives of drive images, etc.  And just
> recently I created a killer bootable mini-CD (185 megs) which allows
> me to carry *all* of my utilities from machine to machine here when
> I'm maintaining partitions, making images, etc. etc.  :)

Hehe, Im still working on that, when buying my last batch of cd's I
considered getting some of those mini's, but woulda had to forego a pack
of badly needed cases for my cds. Oh well, next time. In the mean time I
can work on my constantly evolving tool pack and figure out how to make
a proper bootable cd, something that has so far escaped me.

-- 
  __ _  ____
 /  ' \/ __/                                    http://mctech.org/
/_/_/_/\__/                                     http://pchelpers.org/
---------------------------------------------------------------------
My email address(s) are my private property.  They are NOT to be used
or recorded for ANY reason without my explicit permission.  Disregard
of this statement is in violation of federal privacy & copyright law.
---------------------------------------------------------------------
"He who would trade an ounce of freedom for a pound of security loses
both and deserves neither."                     ..Benjamin Franklin..
---------------------------------------------------------------------
The World Trade Center II will rise from the flames and ashes of the
original. Just like the PHOENIX of legend, The WTC2 will rise again.
0
mc
8/2/2002 2:18:00 AM
Jonathan Davis wrote:
> if you don't piss them off they have no reason to attack you
> if you do piss them off then they will see you as a good target for their
> illegal activities

I think Niven's Law sums up the situation quite well. Niven's Law is:
Never throw shit at an armed man.
Never stand next to someone throwing shit at an armed man.

Mal-2
-- 
The facts are unambiguous - most of us are normal or close to normal.
And yet we're surrounded by so much stupidity. What gives? - Jeff Justin
snoop bait: jihad ballistic explosive marijuana c-4
Orquesta Guayao Online http://www.geocities.com/orqguayao * ICQ:11401527
0
Malaclypse
8/2/2002 2:55:00 AM
"Leslie McRae" <lamcrae.remove.abuse@clanmacrae.org> wrote in message
> > Global CD (compact disc) sales were down 7 percent last year -- but
> > to blame this on file trading is certainly wrong headed.  Hasn't
> > everyone SEEN the huge PYRAMIDS of CD-R's which now decorate consumer
> > and office supply stores?  I watch people purchasing 50 and 100-disc
> > "jumbo packs" of CD-R discs ... and I think to myself "Hmmmm, I doubt
> > they are burning copies of software they have written, or songs they
> > have recorded."  And I really wonder ... what are they DOING with all
> > of those discs?????  They've GOT to be copying (pirating) CD's.
> >
>
> Actually, some of use those CD-R's for archiving family photos, backing up
> data, and so on. Which, by the way, we pay a premium for (Canada) to
> support artists, based on the assumption that we're going to steal their
> music...

I believe that the RIAA gets a premium on each CD as well.  There is such a "tax" on
cassette and video tapes ...

Michael
0
Anonymous
8/2/2002 2:57:00 AM
"Steve Gibson" <support@grc.com> wrote in message
news:MPG.17b349cd41feaadc98a7ca@207.71.92.194...

Hello Steve,

> > Actually, part of their goal appears to make such devices
> > legal for them to use to protect their property.
>
> Right.  And as all of us here (in this newsgroups) appreciate, the
> problem is that there is not a technically feasible means for making
> this possible.  It just can't be done accurately and without all
> sorts of mistakes and dangers like "siege overspill", targeting the
> wrong IP, etc., etc.


Well, it can be done, but the ability to do so based solely upon IP addresses is
fraught with dangers of "accidents" and such as you noted.  Actually, I have a longer
term concern.  Suppose this legislation passes and then implementation gets coupled
with Longhorn and a GUID/WPA key?!  No errors, direct targeting.  No trial, no
warrant, no judge, no jury.  Your machine deletes files, won't play music, refuses to
let you log on ...  Until you pay a fine, or a toll, or a penalty, whatever ...

> We need to be moving forward, not backward ... and this probably
> means that the MODEL of music and movie sales and marketing needs to
> change. Sure, I understand and appreciate the frustration that the
> RIAA and MPAA must be feeling ... but technological progress is
> creating new possibilities and is changing the behavior of many
> people.

We are all paying the consequences of a generation or two of "situational ethicists"
....  "well, they charge too much so it's okay for me to steal"  ... "I can't afford
to pay $16 a CD so I have to steal to get my music" ...


> Global CD (compact disc) sales were down 7 percent last year -- but
> to blame this on file trading is certainly wrong headed.  Hasn't
> everyone SEEN the huge PYRAMIDS of CD-R's which now decorate consumer
> and office supply stores?  I watch people purchasing 50 and 100-disc
> "jumbo packs" of CD-R discs ... and I think to myself "Hmmmm, I doubt
> they are burning copies of software they have written, or songs they
> have recorded."  And I really wonder ... what are they DOING with all
> of those discs?????  They've GOT to be copying (pirating) CD's.

Yes, I have wondered about that as well.  I am sure they are stealing software and
music.  I make copies of my original CD's that I travel with or all my children to
play.  I also make archives and such.  I firmly believe in the rights of the artists
to get paid for their work, so I have purchased my music (and software).

M. Robar
0
Anonymous
8/2/2002 3:14:00 AM
"mc" <this.address.is.bogus@mctech.org> wrote in message
news:3D49E56B.5CFBC1D8@mctech.org...
> errors and erasure than the cd's and less portable. With them I still
> manage to operate with a 10 gig hard drive (barely) and I am able to
> take my various diagnostic and repair tools with me to a clients house,
> take my digital photos to a family reunion, etc etc.

You are just a tight bastard, you can bet I'd employ you to fix my computer
when the best you have got is 10 gig...

You use most of it in the newsgroup signature....

Charlie
0
Charlie
8/2/2002 3:20:00 AM
Steve Gibson wrote:

<<snip>>

> Like you, I keep lots of archives of drive images, etc.  And just 
> recently I created a killer bootable mini-CD (185 megs) which allows 
> me to carry *all* of my utilities from machine to machine here when 
> I'm maintaining partitions, making images, etc. etc.  :)

I'm sure some would pay dearly for a bootlegged copy of that CD ... 
<VBE-grin>

BTW, Welcome back Steve, the summer has been long without your little 
projects ...

Harold
0
Harold
8/2/2002 3:30:00 AM
"Harold Wilkinson" <roywfgs@cox.net> wrote in message
news:3D49FCDC.9050809@cox.net...

> BTW, Welcome back Steve, the summer has been long without your little
> projects ...
>
> Harold


<g> Harold.... "Little" is a definite compliment to an assembler
programmer... what MS do in a megabyte Steve can do in a lot less.

Charlie
0
Charlie
8/2/2002 3:38:00 AM
Steve Gibson wrote:
> We need to be moving forward, not backward ... and this probably
> means that the MODEL of music and movie sales and marketing needs to
> change. 

Just so. I've been writing on this in other fora for some time,
suggesting that the marketing paradigm has a fundamental flaw. The fact
is, in today's world the music is free; the packaging is what has value.
That is, the real, official CD has cachet, the poster, tee shirt, badge
of honor or whatever has value, but while the music may be valuable to
the listener, its distribution cannot be limited.

Those idiots are even using copy-protection schemes which make the
pirates better than the originals. The "protection" can be broken in
various ways. A good copy from that is identical musically but
unprotected, therefore better than the original.

> Global CD (compact disc) sales were down 7 percent last year -- but
> to blame this on file trading is certainly wrong headed.  Hasn't
> everyone SEEN the huge PYRAMIDS of CD-R's which now decorate consumer
> and office supply stores?  I watch people purchasing 50 and 100-disc
> "jumbo packs" of CD-R discs ... and I think to myself "Hmmmm, I doubt
> they are burning copies of software they have written, or songs they
> have recorded."  And I really wonder ... what are they DOING with all
> of those discs?????  They've GOT to be copying (pirating) CD's.

No doubt some are pirating, but others are copying legal material
(concert recordings, for example), making compilations or otherwise
operating cleanly. I buy blanks 500-1000 at a time, but copy only
material I create myself from public-domain material. Granted, few
people spend hundreds of discs to make a master for pressing, but
assuming that the bulk of the purchases are for illegal purposes is
going too far.

Hey, some people use cigarette papers to roll their own cigarettes. <G>

Mike
-- 
mrichter@cpl.net
http://www.mrichter.com/
0
Mike
8/2/2002 5:40:00 AM
> Hehe, Im still working on that, when buying my last batch of
> cd's I considered getting some of those mini's, but woulda had
> to forego a pack of badly needed cases for my cds. Oh well,
> next time. In the mean time I can work on my constantly
> evolving tool pack and figure out how to make a proper bootable
> cd, something that has so far escaped me.

We're sliding *way* off topic here ... but "Nero" makes creating a 
bootable CD a breeze.  You give it a diskette which already boots the 
way you want.  I load a bunch of config.sys drivers and one which 
scans for any CD-ROM drives and  installs a driver.  Then in 
AUTOEXEC.BAT I load up MSCDEX and assign the CD-ROM the drive letter 
"r:".  The end of the AUTOEXEC.BAT switches over to the "r:" drive 
and clears the screen.  (I also load himem.sys and smartdrv.exe for 
performance.)

This diskette then becomes Nero's template for the emulation of a 
diskette at boot time ... and the rest of the contents of the CD-ROM 
will always be located at "r:" once the boot is complete.

-- 
_________________________________________________________________
Steve.
0
Steve
8/2/2002 5:44:00 AM
On Wed, 31 Jul 2002 12:33:52 -0700, "Sam Schinke" <sschinke@myrealbox.com>
wrote:

>Nope, nothing about "it's ok to DDos people that upset you". It's more of a
>statement of humorous irony. I could make anaologies to the gun world, and
>gun advocates, but I think you get the idea.

It's OK to demonstrate to people that trying to BUY a law allowing YOU to do
what everyone ELSE can't do is bad.







             The truth IS out there, 
but most people don't recognize it when they see it!
0
Da
8/2/2002 8:17:00 AM
On Wed, 31 Jul 2002 20:49:23 -0500, "NT Canuck" <ntcanuck@hot_mail.com> wrote:

>DDOS is never right, 

That's ALL that is important, along with the fact that the RIAA
and other entertainment producers what ONLY themselves 
exempt from laws that prohibit DoS and other hacking.








             The truth IS out there, 
but most people don't recognize it when they see it!
0
Da
8/2/2002 8:24:00 AM
Malaclypse the Younger wrote:
> 
> Jonathan Davis wrote:
> > if you don't piss them off they have no reason to attack you
> > if you do piss them off then they will see you as a good target for their
> > illegal activities
> 
> I think Niven's Law sums up the situation quite well. Niven's Law is:
> Never throw shit at an armed man.
> Never stand next to someone throwing shit at an armed man.

You forgot:
If the person next to you unexpectedly throws shit at an armed man ...
DUCK!

-- 
  __ _  ____
 /  ' \/ __/                                    http://mctech.org/
/_/_/_/\__/                                     http://pchelpers.org/
---------------------------------------------------------------------
My email address(s) are my private property.  They are NOT to be used
or recorded for ANY reason without my explicit permission.  Disregard
of this statement is in violation of federal privacy & copyright law.
---------------------------------------------------------------------
"He who would trade an ounce of freedom for a pound of security loses
both and deserves neither."                     ..Benjamin Franklin..
---------------------------------------------------------------------
The World Trade Center II will rise from the flames and ashes of the
original. Just like the PHOENIX of legend, The WTC2 will rise again.
0
mc
8/2/2002 12:10:00 PM
Steve Gibson wrote:
> http://www.riaa.org/
> Folks ...
>
> As you may know, last Thursday the RIAA endorsed a bill written by a
> California Representative, Howard Berman.  Though I have not studied
> the bill closely, it reportedly authorizes copyright holders to begin
> "blocking, diverting or otherwise impairing" peer-to-peer networks.

I also wonder how the RIAA proposes to determine that a _particular_ p2p
downloader or what-have-you doesn't actually own a legitimate copy of an
album containing the particular song being downloaded.

I'm not sure exactly how it works, but if I own a CD I am reasonably certain
that a copy of songs from that CD residing on my computer is well within my
rights. How those copies get onto my computer is my business. I could own
one of the rare computers without a CD drive, or perhaps one of those
hand-helds with no PC, for example.

It is less problematic to target the providers of the pirated music than the
downloaders or possesors of it, on this basis at least. And note, just
because you get a match for me having a song on a p2p network does NOT mean
I have neccesarily made it possible for you to download it from me. It seems
to me that some substantial verification would be neccesary even for
entirely legal proceedings.

Regards,
Sam
--
Welcome to Earth. A subsidiary of Microsoft�.
0
Sam
8/2/2002 2:22:00 PM
Sam Schinke wrote:

> I also wonder how the RIAA proposes to determine that
> a _particular_p2p downloader or what-have-you doesn't
> actually own a legitimate copy of an album containing the
> particular song being downloaded.

Sam...I suspect another bill or "leveraged" ploy to force
hardware as well as software developers into "compliance"
with any required detail work needed to ensure the above
bill (if passed) is executible using some RIAA specified
methodology to do just what you mentioned. ;-(

There could well be a large snake nest of exptrapolated and
not even recorded or mentioned "support structures" for this bill!

'Seek and ye shall find'
NT Canuck
0
NT
8/2/2002 2:29:00 PM
Steve Gibson <support@grc.com> wrote in
news:MPG.17b349cd41feaadc98a7ca@207.71.92.194: 

> Global CD (compact disc) sales were down 7 percent last year --
> but to blame this on file trading is certainly wrong headed. 
> Hasn't everyone SEEN the huge PYRAMIDS of CD-R's which now
> decorate consumer and office supply stores?  I watch people
> purchasing 50 and 100-disc "jumbo packs" of CD-R discs ... and I
> think to myself "Hmmmm, I doubt they are burning copies of
> software they have written, or songs they have recorded."  And I
> really wonder ... what are they DOING with all of those discs?????
>  They've GOT to be copying (pirating) CD's. 

No they do not "GOT to be copying (pirating) CDs".  At least not all of 
us are.  I will tell you what I do with my stacks of CD-Rs.  I am 
(slowly) moving all my music on vinyl (I have close to 1,000 LPs and 
some 78s) to CD so I can continue to play it (and not wear out the 
vinyl to boot <g>).  

In a sense I guess that this *might* cut into the CD sales to some 
extent since I won't have to buy CD copies of that music I already own.  
But in my case, that probably isn't much of a loss since much of what I 
am copying is not available in CD anyway.   

This is not, IMHO, much different that what folks did with cassette 
tapes when that was the defacto music source in cars ... except I now 
have a much more robust copy of my originals <g>

MikeD
0
MikeD
8/2/2002 4:44:00 PM
MikeD wrote:

> No they do not "GOT to be copying (pirating) CDs".  At least not all
> of us are.  I will tell you what I do with my stacks of CD-Rs.  I am
> (slowly) moving all my music on vinyl (I have close to 1,000 LPs and
> some 78s) to CD so I can continue to play it (and not wear out the
> vinyl to boot <g>).

Hi MikeD, you have a good point.
I know many folk with CDRW's (burners) and they are on
the Internet but the reason they got the burner in the first
place are all as follows:

1) to make a copy of what they have, for the car CD player.
    You "have to" do this...if the CD gets hit by sunlight for
     an afternoon you have a warped and unusable disk.
2) to make a copy for the kids, portable CD/Boombox
3) so the original CD is not scratched up or destroyed.
4) to compile from an assortment of CD's...a personal "favorites"
    with just the tunes they like to hear (mix and match).
5) a "very rare" few will give one copy to a friend for the car.
    All in all this just "stimulates" sales by hearing and then wanting
    more of the artist they just got a "sample" of...in my experience.
6) I have to go over a mile just to find someone who even heard
    of kazaa or somesuch...and it was only to find some 20 year
    old (or more) hard to find song for their mix and match CD.
7)  If you have 100-200 $20 each CD's...you don't want the
     originals used if you have a party or bar-b-que...get broken.
8)  The quality and "speed" of the CDRW I have (not expensive)
      let's me cut an exact duplicate in less than 3 minutes of an
      MP3 CD and that's what I may carry to a buddy's home
      without worrying about leaving or losing the original.  AND
      top quality blanks (in bulk) are only 60 cents each here.
9)   I even copy all my OS CD's and games ~ especially the
      games that require a CD in CDR or they won't play, those
      things are often "out of print" in a few years so it's the only
      way I can ensure my games last, and stay clean for installs.

Anyway...what I would *really* like to know is...
What's so wrong in teaching the World to sing?
Come sing a song...sing the whole night long...sing a song of freedom.

I think it boils down to...commerce attempting to swallow the Internet.
Ever since the Military loosened their control on the Internet
giant commercial enterprises have been fighting for control.

Ok, just my opinions...commercials on the radio forced me to CD's.

'Seek and ye shall find'
NT Canuck
0
NT
8/2/2002 5:10:00 PM
"Anonymous Mike" <anony@abuse_columbus.rr.com> wrote in message
news:aicsd3$c35$1@news.grc.com...
>
> "Leslie McRae" <lamcrae.remove.abuse@clanmacrae.org> wrote in message
> >
> > Actually, some of use those CD-R's for archiving family photos, backing
up
> > data, and so on. Which, by the way, we pay a premium for (Canada) to
> > support artists, based on the assumption that we're going to steal their
> > music...
>
> I believe that the RIAA gets a premium on each CD as well.  There is such
a "tax" on
> cassette and video tapes ...

I paid the piracy 'taxes', doesn't this give me the right to copy onto the
taxed CD's?

BTW: Did you know that Canadian authors recieve a check from the gov't every
year based on the # of books they have in Canadian libraries? A mildly
successful author can make $1000-2000/year. Its based on # of copies in
libraries not # of times its taken out.
0
Today
8/2/2002 5:24:00 PM
In article <aieeeh$1qvb$1@news.grc.com> NT Canuck wrote:
> 
> Ok, just my opinions...commercials on the radio forced me to CD's.
> 
Ain't *that* the truth!

-- 
Alan
Hermital's Essays and Verses:
< http://www.cox-internet.com/hermital/index.htm >
0
hermital
8/2/2002 5:50:00 PM
In article <aief22$1rl6$1@news.grc.com>, todayiam@myrealbox.com, 
 Today I am Philo Farnsworth nibbled our ears by saying...

> > > Actually, some of use those CD-R's for archiving family photos, backing
> up
> > > data, and so on. Which, by the way, we pay a premium for (Canada) to
> > > support artists, based on the assumption that we're going to steal their
> > > music...
> >
> > I believe that the RIAA gets a premium on each CD as well.  There is such
> a "tax" on
> > cassette and video tapes ...
> 
> I paid the piracy 'taxes', doesn't this give me the right to copy onto the
> taxed CD's?

Unfortunately, the media "taxes" go to the RIAA, not the artists. 
They are the ones who count.  Tell you what, send each of the artists 
whose music you have pirated 50 cents (us) per song ... Hmmmm.  A 
movement like that could give birth to an entirely new Recording Arts 
industry ...
 
> BTW: Did you know that Canadian authors recieve a check from the gov't every
> year based on the # of books they have in Canadian libraries? A mildly
> successful author can make $1000-2000/year. Its based on # of copies in
> libraries not # of times its taken out.

Heh, you wouldn't even have to be moderately successful ... Just send 
the libraries "donated" copies!!

-- 
Michael
- "anyone who is honestly trying to [live a life of belief] will soon 
find his intelligence sharpened."  C.S. Lewis
0
Anonymous
8/2/2002 6:25:00 PM
Anonymous Mike wrote:

> I believe that the RIAA gets a premium on each CD as well.
> There is such a "tax" on cassette and video tapes ...

Hi Michael,

Forgive a Canadian for interfering but...

Why not mark the P2P networks...
(need to apply for registration).

As some type of open source/access Public Library,
Based on downloads (single songs less than a CD)
the RIAA could recieve some token payment
similar to what libraries give?

Or open the public libraries to this venture
and maybe... we can save some Libraries too.

Sounds fair to me...stops the RIAA and lets
us get back on track again without all the hassle.

I'm saying this because then the whole mess fits
into current legislations and payment protocols
and we can all go home happy.  Your thoughts?

'Seek and ye shall find'
NT Canuck
0
NT
8/2/2002 6:45:00 PM
NT Canuck wrote:
> 1) to make a copy of what they have, for the car CD player.
>     You "have to" do this...if the CD gets hit by sunlight for
>      an afternoon you have a warped and unusable disk.
> 2) to make a copy for the kids, portable CD/Boombox
> 3) so the original CD is not scratched up or destroyed.
> 4) to compile from an assortment of CD's...a personal "favorites"
>     with just the tunes they like to hear (mix and match).
> 5) a "very rare" few will give one copy to a friend for the car.
>     All in all this just "stimulates" sales by hearing and then wanting
>     more of the artist they just got a "sample" of...in my experience.
> 6) I have to go over a mile just to find someone who even heard
>     of kazaa or somesuch...and it was only to find some 20 year
>     old (or more) hard to find song for their mix and match CD.
> 7)  If you have 100-200 $20 each CD's...you don't want the
>      originals used if you have a party or bar-b-que...get broken.
> 8)  The quality and "speed" of the CDRW I have (not expensive)
>       let's me cut an exact duplicate in less than 3 minutes of an
>       MP3 CD and that's what I may carry to a buddy's home
>       without worrying about leaving or losing the original.  AND
>       top quality blanks (in bulk) are only 60 cents each here.
> 9)   I even copy all my OS CD's and games ~ especially the
>       games that require a CD in CDR or they won't play, those
>       things are often "out of print" in a few years so it's the only
>       way I can ensure my games last, and stay clean for installs.

Depending on your location, some of the above may be legal but many are
not. You do not have the right to copy a book lest the original be
damaged; why should you have the right to copy a game or an audio CD? 

The processes you outline are "justified" only because:

a. The copy is functionally identical to the original
b. The cost of copying is far less than the cost of replacement
c. Laws against personal copying are essentially unenforceable

Those facts are being ignored by the industry - they are trying to make
one or more of them untrue. I am reminded of the laws of a century ago
requiring a 'flagman' to walk beside a horseless carriage so that it
would not frighten the horses drawing the buggies in which the proper
folk rode.

Mike
-- 
mrichter@cpl.net
http://www.mrichter.com/
0
Mike
8/2/2002 7:25:00 PM
In article <aiek0h$214s$1@news.grc.com>, ntcanuck@hot_mail.com, 
 NT Canuck nibbled our ears by saying...
> Anonymous Mike wrote:
> 
> > I believe that the RIAA gets a premium on each CD as well.
> > There is such a "tax" on cassette and video tapes ...
> 
> Hi Michael,
> 
> Forgive a Canadian for interfering but...

Discussion is not interfering.  My remarks need to be taken in that 
context of what I saw as the activism of *one* individual and not the 
open discussion of many.

> 
> Why not mark the P2P networks...
> (need to apply for registration).
> 
> As some type of open source/access Public Library,
> Based on downloads (single songs less than a CD)
> the RIAA could recieve some token payment
> similar to what libraries give?
> 
> Or open the public libraries to this venture
> and maybe... we can save some Libraries too.
> 
> Sounds fair to me...stops the RIAA and lets
> us get back on track again without all the hassle.
> 
> I'm saying this because then the whole mess fits
> into current legislations and payment protocols
> and we can all go home happy.  Your thoughts?

Hey, works for me.  Just imagine how their profits would soar:  No 
advertisement costs.  No distribution costs.  No cut to the record 
stores.  No manufacturing costs.  Record the music and give it to the 
P2P network and sit back and let the money roll in ...

I think the RIAA is missing the boat completely.  I also think that 
the recording artists are missing a great opportunity to break free 
of the RIAA - an organization which seems likely to be in violation 
of the Racketeering statutes.

-- 
Michael
- "anyone who is honestly trying to [live a life of belief] will soon 
find his intelligence sharpened."  C.S. Lewis
0
Anonymous
8/2/2002 7:49:00 PM
"Mike Richter" <mrichter@cpl.net> wrote in message
news:3D4ADC94.A0766839@cpl.net...

> You do not have the right to copy a book lest the original be
> damaged; why should you have the right to copy a game or
> an audio CD?


Section 117 of the Copyright Law of the United States of America states:

**************************************************
117. Limitations on exclusive rights: Computer programs

(a) Making of Additional Copy or Adaptation by Owner of Copy. -
Notwithstanding the provisions of section 106, it is not an infringement for
the owner of a copy of a computer program to make or authorize the making of
another copy or adaptation of that computer program provided:

     (1) that such a new copy or adaptation is created as an essential step
in the utilization of the computer program in conjunction with a machine and
that it is used in no other manner, or

     (2) that such new copy or adaptation is for archival purposes only and
that all archival copies are destroyed in the event that continued
possession of the computer program should cease to be rightful.
**************************************************

ttyl,
-Stefan.
0
Stefan
8/2/2002 7:54:00 PM
In article <3D4ADC94.A0766839@cpl.net>, mrichter@cpl.net, 
 Mike Richter nibbled our ears by saying...

> 
> Depending on your location, some of the above may be legal but many are
> not. You do not have the right to copy a book lest the original be
> damaged; why should you have the right to copy a game or an audio CD? 

I believe you are incorrect.
You can copy the book all day long for your personal use.  You may 
not distribute it in any form but you could make 500 copies if you 
wanted to do so for your personal use.

-- 
Michael
- "anyone who is honestly trying to [live a life of belief] will soon 
find his intelligence sharpened."  C.S. Lewis
0
Anonymous
8/2/2002 7:56:00 PM
"Anonymous Mike" wrote in message:

> you could make 500 copies if you
> wanted to do so for your personal use.

It's not as clear-cut as saying you can copy anything you already own (for
personal use) at free will.  Under copyright law, section 107  (
http://www4.law.cornell.edu/uscode/17/107.html )  ...you could make an
argument that it was "fair use" under the law, given that you are a rightful
owner of the copy, but if the police came in your house and found 500 copies
of a book that you've made for "personal use", I suggest you get a good
lawyer.  107 might not save you.

-S
0
Stefan
8/2/2002 8:10:00 PM
In article <aieovj$26nd$1@news.grc.com>, no.sp@m.com, 
 Stefan nibbled our ears by saying...
> "Anonymous Mike" wrote in message:
> 
> > you could make 500 copies if you
> > wanted to do so for your personal use.
> 
> It's not as clear-cut as saying you can copy anything you already own (for
> personal use) at free will.  Under copyright law, section 107  (
> http://www4.law.cornell.edu/uscode/17/107.html )  ...you could make an
> argument that it was "fair use" under the law, given that you are a rightful
> owner of the copy, but if the police came in your house and found 500 copies
> of a book that you've made for "personal use", I suggest you get a good
> lawyer.  107 might not save you.

<chuckle> Yes, you are probably correct, they would wonder why you 
had 500 copies.  The point was though, that you can copy a book which 
you own for your own personal use.

-- 
Michael
- "anyone who is honestly trying to [live a life of belief] will soon 
find his intelligence sharpened."  C.S. Lewis
0
Anonymous
8/2/2002 9:28:00 PM
Steve Gibson wrote:

> All things considered, I can't say that I am entirely unhappy that
> the RIAA is getting a nice dose of the vigilante "medicine" it is
> asking for our government's license to pursue for itself.  WHAT are
> they thinking?

"WHAT are they thinking?".....I think they're thinking...

Since the bill seems to stipulate freedom from suits where
the damage was less than $50 USA...almost $70 Canadian.
And since $70 Canadian is just a bit more than my monthy
cable internet access bill...if I was *wrongly* DDOS'd for
"an entire month"...I'd be SOL as that doesn't meet the
$50 USD minimum guideline for pursuing remedial claims.

So yes...one "whoops, sorry..tough luck"...
would tick me off bigtime.
Or did I misread something?

'Seek and ye shall find'
NT Canuck
0
NT
8/2/2002 9:34:00 PM
"Anonymous Mike" wrote in message:

> <chuckle> Yes, you are probably correct, they would
> wonder why you had 500 copies.  The point was though,
> that you can copy a book which you own for your own
> personal use.

Interestingly enough, while most copyright infringement falls almost
completly under civil law  (aka - you get sued by someone, not charged with
a crime, per se), in cases involving over 10 copies or $2500 value, it is
actually a felony and you can be charged under criminal law.

You may want to make only 9 copies of that book, and make sure it's not an
expensive one.  :-)

-S
0
Stefan
8/2/2002 10:34:00 PM
"Stefan" <no.sp@m.com> wrote in message news:aif1co$2ffj$1@news.grc.com...
>
> "Anonymous Mike" wrote in message:
>
> > <chuckle> Yes, you are probably correct, they would
> > wonder why you had 500 copies.  The point was though,
> > that you can copy a book which you own for your own
> > personal use.
>
> Interestingly enough, while most copyright infringement falls almost
> completly under civil law  (aka - you get sued by someone, not charged with
> a crime, per se), in cases involving over 10 copies or $2500 value, it is
> actually a felony and you can be charged under criminal law.
>
> You may want to make only 9 copies of that book, and make sure it's not an
> expensive one.  :-)

Dang!  I guess I'll have to burn those extra copies of the Guttenberg Bible ...
0
Anonymous
8/2/2002 11:38:00 PM
> No they do not "GOT to be copying (pirating) CDs".  At least not
> all of us are.

Indeed not.  :)

> I will tell you what I do with my stacks of CD-Rs.  I am (slowly)
> moving all my music on vinyl (I have close to 1,000 LPs and some
> 78s) to CD so I can continue to play it (and not wear out the 
> vinyl to boot <g>).

Yep, I've (literally) dusted off my old turntable also, after 
tracking down the card with the best A/D (analog to digital) 
converters (one by Turtle Beach).  And I moved a whole bunch of 
irreplaceable "College Vinyl" over to disc.

> In a sense I guess that this *might* cut into the CD sales to
> some extent since I won't have to buy CD copies of that music
> I already own. But in my case, that probably isn't much of a
> loss since much of what I am copying is not available in CD anyway.

And even if it was ... you clearly own the rights to listen to
that music -- which you purchased -- in any way that you see fit.

-- 
_________________________________________________________________
Steve.
0
Steve
8/3/2002 12:04:00 AM
Steve Gibson wrote:

<snipped>

> We're sliding *way* off topic here ...

<snipped>

I agree with Steve (again), most of this thread has strayed WAY off topic.

This NG was relativly quite (as it should have been) while Steve was away.
Please don't use this 'thread' as an excuse to prattle on.

IIRC the Subject Line IS supposed to describe the content of the posting
Abusing this principal makes it impossible to find out what is being
discussed (& therefore if it is interesting to the reader) without reading
EVERY post in thread. Please STAY on topic or start another thread, in the
appropriate NG that is.

--


BullBar
0
BullBar
8/3/2002 12:41:00 AM
"BullBar" <bullbar@dev.null> wrote in message
news:aif988$2ncp$1@news.grc.com...
> Steve Gibson wrote:
>
> <snipped>

> > We're sliding *way* off topic here ...
>
> <snipped>

> I agree with Steve (again), most of this thread has strayed WAY off topic.

Yes, you have turned it into a lecture and obfuscated the proper title

> This NG was relativly quite (as it should have been) while Steve was away.
> Please don't use this 'thread' as an excuse to prattle on.

This is off topic, please cease prattling on

> IIRC the Subject Line IS supposed to describe the content of the posting
> Abusing this principal makes it impossible to find out what is being
> discussed (& therefore if it is interesting to the reader) without reading
> EVERY post in thread. Please STAY on topic or start another thread, in the
> appropriate NG that is.

Yet another different topic

> BullBar

Duh! I was intending to continue the discussion on the RIAA. Now I have to
go back and find an on topic post, don't I?

Charlie
0
Charlie
8/3/2002 1:41:00 AM
"Steve Gibson" <support@grc.com> wrote in message
news:MPG.17b3bc20cb86033398a7cf@207.71.92.194...

> This diskette then becomes Nero's template for the emulation of a
> diskette at boot time ... and the rest of the contents of the CD-ROM
> will always be located at "r:" once the boot is complete.
>
> --
> _________________________________________________________________
> Steve.

Right, an example of what I would consider legitimate use of a copy, just as
NT suggested a "Disposable" music CD for use in the car. Now supposing you
just happen to have made such a CD and there's a copy on the drive
somewhere, maybe a temp file or something, and you start up a P2P client for
some completely unconnected purpose. Do they plan to put something on your
PC to search for such things or analyze traffic or what? I can't see that
reading a listing of shared filenames is much use and I don't see the
analysis plan being much of a flyer either.

The only use I CAN see for this legislation is to legalize a DoS attack on a
user, a number of users, or the P2P connection servers. The rebounding
traffic could become a nightmare to a lot of perfectly legitimate services.

And what happens when IPV6 is adopted? Will they still be able to do it?
Does this imply that maybe some sort of filtering would be placed on the ISP
servers so that users' traffic can be recorded for evidence?

I can see this legislation imposing a terrific burden (and cost) upon the
infrastructure as a whole.

Charlie
0
Charlie
8/3/2002 2:04:00 AM
"tomZ" <WebMaster@127.0.0.1> wrote in message
news:3D481AE4.4899F63A@127.0.0.1
> So........
> - Now we have the RIAA appearing surreptitiously in firewall logs and
> reported by many conscientious users to assorted websites monitoring
> and collating such intrusion attempts.
> - The RIAA's scanning and attacking IP addresses will become another
> target for vengeful users who are now DoSing their website.

What happens if the RIAA uses DRDoS techniques?  People would start
attacking random Internet nodes, and probably high profile sites.

e.g.

1. I get a new dynamic IP from a file sharing host.
2. The RIAA launch an attack, reflected off a router bigrouter.majorisp.com
3. This happens often to many users, and the results appear on the websites.
4. Bunches of 13 year olds use the IP addresses as a list of targets.
5. majorisp.com loses one massive router (at least) in an enormous Denial of
Service.

Ouch.

> - The proverbial "foot in the door" is introduced into (Y)OUR home
> via the internet connection.
> - Does the government really believe these "controls" won't be abused?
> - Does the RIAA really believe hardcore file swappers can't circumvent
> whatever measures are introduced? (...got a magic marker?....)
>
> - How many innocent surfers will be caught in the cross-fire?

Could be lots on broadband.

> "I hereby grant you, the reader, the right to view this post. You are
> not permitted to save the content, or forward this post to any other
> user. If I believe you have saved a copy of this message, or
> otherwise caused it to be redistributed, I will obliterate your
> newsreader and all of its contents." :^/

LOL :)
--
Robert Bradley

I am not a mindreader, so I don't know everything.
0
Robert
8/3/2002 1:21:00 PM
"Charlie Tame" <charlie@tames.net> wrote in
news:aifdo2$2rhc$1@news.grc.com: 


> Do they plan to put something on your PC to search for such things or 
> analyze traffic or what? I can't see that reading a listing of shared 
> filenames is much use and I don't see the analysis plan being much of 
> a flyer either. 


Besides, just because an MP3 file is named "Yesterday-The Beatles" for 
example, doesn't necessarily mean that the file actually consists of that 
song, or any song by the Beatles for that matter.  Along those same lines, 
I know that towards the end of Napster, when their software was modified to 
not search for copy written music, people would rename the songs and/or the 
artists to something similar to the real name or something real obvious 
that most people would get.  I remember my friend telling me back then that 
if you tried searching for The Beatles, you'd get very few hits, but if you 
tried Fab Four instead, you'd get several hundred hits.  So what if people 
just rename their songs now, what are they going to do then?  Listen to 
them first?  They won't be able to tell by size, since the size varies 
according to the bitrate, and you could always cut off a second or so at 
the end off most songs if you had to.

I'm probably missing something obvious here, but since I don't know what 
that might be, I figured I'd give you guys my 2 cents, and maybe you can 
set me straight if I'm not understanding this correctly.

~Adrenalyn~
0
Adrenalyn
8/3/2002 1:59:00 PM
Robert Bradley wrote:


Hi Robert,

> What happens if the RIAA uses DRDoS techniques?
>  People would start attacking random Internet nodes,
> and probably high profile sites.

This brought up an interesting question from my viewpoint...
How does one know it's the RIAA attacking a unit...
and not someone else?

Or do ISP's have to give RIAA "special considerations".
(The ISP not to interfere on behalf of it's clients)
Heh...ISP's are going to be in the "doghouse" here, especially
when trying to collect monthly fee's from DDOS'd clients.

So what happens to ISP's if they block the RIAA websites
IP's to protect their clients and bandwidth?  ISP's pay
for bandwidth up/down just like any one else, they just
buy in larger volumes and split it among their customers.

Most folk don't even have firewalls...probably less than 5%
of the computers on the Internet have any protection or logging
facilities active or installed (home users).  In any case..if you
are hit with a decent DDOS...the logs may be overwhelmed.

The more we look at this RIAA request/bill....the dumber it gets.

One also has to consider the "precedents" being set here.
ie: will firewalls be legislated to allow RIAA through?

'Seek and ye shall find'
NT Canuck
0
NT
8/3/2002 2:50:00 PM
This has been bothering me for a while.  Many many posts (like the one I
replied to) have screwed up formatting due to (presumably) hard returns,
so that when one doesn't use the same screen width in their reader, or
when the screen width is reduced by thread carats, the formatting gets
staggered.  Most of these posts seem to be with OE.  Are these hard CR's
an OE "feature"?  Is there any way to turn them off?  Can any reader
remove them?
0
corey
8/3/2002 3:29:00 PM
waves wrote:
> 
> This probably isn't gonna sound right to some
> unthinking people, but the ability to "ddos" some site
> is a good tool to have.  And it can be used for GOOD
> means, as well as bad means, like any tool.  Just
> remember, that the bad guys will always have the best
> tools, and so it is a wise move to be able to know how
> to use the same tools as they do.  Ddosing is not
> necessarily a BAD thing, it just depends on who's
> doing it.

This is a bunch of crap and it is making me angrier every time I see
it.  Just because I am an idiot or a newbie or technologically
incompetent or lazy or just too damn busy to keep up with the patches
necessary to keep my system security up to date doesn't make it OK for
someone (ANYONE) to hijack my system and use it for their crusade (ANY
CRUSADE) to punish or otherwise interfere with someone else's (ANYONE
ELSE'S) computer system!  DDOS is NOT a tool, it is a weapon.  And I
give NO ONE permission to use MY COMPUTER for anything without
discussing it with me first.  And if I have not given you explicit
permission, STAY THE F*** OUT OF MY COMPUTER!
Is that clear enough?  Does that make me an "unthinking person"?  

Corey
0
corey
8/3/2002 3:54:00 PM
So very OT I am setting follow-ups to techtalk... <g>

corey@nomailplease.inv writes:

>This has been bothering me for a while.  Many many posts (like the one I
>replied to) have screwed up formatting due to (presumably) hard returns,
>so that when one doesn't use the same screen width in their reader, or
>when the screen width is reduced by thread carats, the formatting gets
>staggered.  Most of these posts seem to be with OE.

So it seems, but Barry's post (width=76) looked fine to me, so it looks
as though Mozilla isn't so generous in what it accepts.

>Are these hard CR's an OE "feature"?

As is stripping off trailing spaces. :(

>Is there any way to turn them off?  Can any reader remove them?

I can 'Reflow text' (sticky setting) here so that the article can flow
to the window width, or configurable default width setting (72) if the
window is wide.

I can also 'Reformat paragraph' and 'Equalise quote level' to help tidy
up OE excrescence's.

Sending 'Format-flowed' would seem to be the most helpful to most
people, but some clients can get foxed by indented text as in the
example below.


From rfc2646:

--------------------------------------
4.  The Format Parameter to the Text/Plain Media Type

   This document defines a new MIME parameter for use with Text/Plain:

      Name:  Format
      Value:  Fixed, Flowed

   (Neither the parameter name nor its value are case sensitive.)

   If not specified, a value of Fixed is assumed.  The semantics of the
   Fixed value are the usual associated with Text/Plain [MIME-IMT].

   A value of Flowed indicates that the definition of flowed text (as
   specified in this memo) was used on generation, and MAY be used on
   reception.

   This section discusses flowed text; section 5 provides a formal
   definition.

   Because flowed lines are all-but-indistinguishable from fixed lines,
   currently deployed software treats flowed lines as normal Text/Plain
   (which is what they are).  Thus, no interoperability problems are
   expected.

   Note that this memo describes an on-the-wire format.  It does not
   address formats for local file storage.

4.1.  Generating Format=Flowed

   When generating Format=Flowed text, lines SHOULD be shorter than 80
   characters.  As suggested values, any paragraph longer than 79
   characters in total length could be wrapped using lines of 72 or
   fewer characters.  While the specific line length used is a matter of
   aesthetics and preference, longer lines are more likely to require
   rewrapping and to encounter difficulties with older mailers.  It has
   been suggested that 66 character lines are the most readable.

   (The reason for the restriction to 79 or fewer characters between
   CRLFs on the wire is to ensure that all lines, even when displayed by
   a non-flowed-aware program, will fit in a standard 80-column screen
   without having to be wrapped.  The limit is 79, not 80, because while
   80 fit on a line, the last column is often reserved for a line-wrap
   indicator.)

   When creating flowed text, the generating agent wraps, that is,
   inserts 'soft' line breaks as needed.  Soft line breaks are added
   between words.  Because a soft line break is a SP CRLF sequence, the
   generating agent creates one by inserting a CRLF after the occurance
   of a space.

   A generating agent SHOULD NOT insert white space into a word (a
   sequence of printable characters not containing spaces).  If faced
   with a word which exceeds 79 characters (but less than 998
   characters, the [SMTP] limit on line length), the agent SHOULD send
   the word as is and exceed the 79-character limit on line length.

   A generating agent SHOULD:

      1.  Ensure all lines (fixed and flowed) are 79 characters or
          fewer in length, counting the trailing space but not
          counting the CRLF, unless a word by itself exceeds 79
          characters.
      2.  Trim spaces before user-inserted hard line breaks.
      3.  Space-stuff lines which start with a space, "From ", or
          ">".

   In order to create messages which do not require space-stuffing, and
   are thus more aesthetically pleasing when viewed as Format=Fixed, a
   generating agent MAY avoid wrapping immediately before ">", "From ",
   or space.

   (See sections 4.4 and 4.5 for more information on space-stuffing and
   quoting, respectively.)

   A Format=Flowed message consists of zero or more paragraphs, each
   containing one or more flowed lines followed by one fixed line.  The
   usual case is a series of flowed text lines with blank (empty) fixed
   lines between them.

   Any number of fixed lines can appear between paragraphs.

   [Quoted-Printable] encoding SHOULD NOT be used with Format=Flowed
   unless absolutely necessary (for example, non-US-ASCII (8-bit)
   characters over a strictly 7-bit transport such as unextended SMTP).
   In particular, a message SHOULD NOT be encoded in Quoted-Printable
   for the sole purpose of protecting the trailing space on flowed lines
   unless the body part is cryptographically signed or encrypted (see
   Section 4.6).

   The intent of Format=Flowed is to allow user agents to generate
   flowed text which is non-obnoxious when viewed as pure, raw
   Text/Plain (without any decoding); use of Quoted-Printable hinders
   this and may cause Format=Flowed to be rejected by end users.

4.2.  Interpreting Format=Flowed

   If the first character of a line is a quote mark (">"), the line is
   considered to be quoted (see section 4.5).  Logically, all quote
   marks are counted and deleted, resulting in a line with a non-zero
   quote depth, and content. (The agent is of course free to display the
   content with quote marks or excerpt bars or anything else.)
   Logically, this test for quoted lines is done before any other tests
   (that is, before checking for space-stuffed and flowed).

   If the first character of a line is a space, the line has been
   space-stuffed (see section 4.4).  Logically, this leading space is
   deleted before examining the line further (that is, before checking
   for flowed).

   If the line ends in one or more spaces, the line is flowed.
   Otherwise it is fixed.  Trailing spaces are part of the line's
   content, but the CRLF of a soft line break is not.

   A series of one or more flowed lines followed by one fixed line is
   considered a paragraph, and MAY be flowed (wrapped and unwrapped) as
   appropriate on display and in the construction of new messages (see
   section 4.5).

   A line consisting of one or more spaces (after deleting a stuffed
   space) is considered a flowed line.
--------------------------------------

-- 
Jim Crowther                      "It's MY computer" (tm)
OEnemy tamed by OE-quotefix: <http://jump.to/oe-quotefix>
0
Jim
8/3/2002 3:56:00 PM
corey@nomailplease.inv dipped a quill in the inkwell and wrote...
> waves wrote:
> > 
> > This probably isn't gonna sound right to some
> > unthinking people, but the ability to "ddos" some site
> > is a good tool to have.  And it can be used for GOOD
> > means, as well as bad means, like any tool.  Just
> > remember, that the bad guys will always have the best
> > tools, and so it is a wise move to be able to know how
> > to use the same tools as they do.  Ddosing is not
> > necessarily a BAD thing, it just depends on who's
> > doing it.
> 
> This is a bunch of crap and it is making me angrier every time I see
> it.  Just because I am an idiot or a newbie or technologically
> incompetent or lazy or just too damn busy to keep up with the patches
> necessary to keep my system security up to date doesn't make it OK for
> someone (ANYONE) to hijack my system and use it for their crusade (ANY
> CRUSADE) to punish or otherwise interfere with someone else's (ANYONE
> ELSE'S) computer system!  DDOS is NOT a tool, it is a weapon.  And I
> give NO ONE permission to use MY COMPUTER for anything without
> discussing it with me first.  And if I have not given you explicit
> permission, STAY THE F*** OUT OF MY COMPUTER!
> Is that clear enough?  Does that make me an "unthinking person"?  

What that statement makes you, Corey, is a normal human being, trying to 
cope with a complex technology, and doing the best you can with what you 
have. Just like the rest of us...

Don
0
Don
8/3/2002 6:06:00 PM
Jim Crowther <Don't.use.Lockdown@any.price> wrote in
news:yxpfi3eC1$S9EA42@grc.com.ngs: 

> 
> So very OT I am setting follow-ups to techtalk... <g>
> 
> corey@nomailplease.inv writes:
> 
>>This has been bothering me for a while.  Many many posts (like the one
>>I replied to) have screwed up formatting due to (presumably) hard
>>returns, so that when one doesn't use the same screen width in their
>>reader, or when the screen width is reduced by thread carats, the
>>formatting gets staggered.  Most of these posts seem to be with OE.
> 
> So it seems, but Barry's post (width=76) looked fine to me, so it
> looks as though Mozilla isn't so generous in what it accepts.
> 
>>Is there any way to turn them off?  Can any reader remove them?
> 
> I can 'Reflow text' (sticky setting) here so that the article can flow
> to the window width, or configurable default width setting (72) if the
> window is wide.
> 
> I can also 'Reformat paragraph' and 'Equalise quote level' to help
> tidy up OE excrescence's.
 

Not directly going to help the original poster but I was just reading a
web site that has some tips for displaying text in X-news. The more I
use X-news the more I prefer it over Gravity. 

http://www.geocities.com/d4vidb/x_setup12.html#fixwrap

Even has a tip for fixing OE sigs. :-)

Front page is here http://www.geocities.com/d4vidb/ of course.

Paul,
-- 
Hey, I don't block the adds, I just let Ad Zapper read them for me.
0
Lurker
8/3/2002 11:29:00 PM
"NT Canuck" <ntcanuck@hot_mail.com> wrote in message
news:aigqjq$12d7$1@news.grc.com...

> This brought up an interesting question from my viewpoint...
> How does one know it's the RIAA attacking a unit...
> and not someone else?

Interesting indeed. Will they be allowed to use other "Agents" too?

> Or do ISP's have to give RIAA "special considerations".
> (The ISP not to interfere on behalf of it's clients)
> Heh...ISP's are going to be in the "doghouse" here, especially
> when trying to collect monthly fee's from DDOS'd clients.

Too true.

> So what happens to ISP's if they block the RIAA websites
> IP's to protect their clients and bandwidth?  ISP's pay
> for bandwidth up/down just like any one else, they just
> buy in larger volumes and split it among their customers.

The RIAA have a target that's worthwhile suing.

> Most folk don't even have firewalls...probably less than 5%
> of the computers on the Internet have any protection or logging
> facilities active or installed (home users).  In any case..if you
> are hit with a decent DDOS...the logs may be overwhelmed.
>
> The more we look at this RIAA request/bill....the dumber it gets.
>
> One also has to consider the "precedents" being set here.
> ie: will firewalls be legislated to allow RIAA through?

NT I am curious, maybe you can offer an opinion. We know the attacks on GRC
were from multiple machines, in other words the only possible bottleneck to
the incoming packets was the point where they first converged upon Verio.
Subsequently that would become Steve's T1 or whatever to the actual machine
itself, right?

If the RIAA did plan to use this method to disrupt machines wouldn't they
need a similar distibution to avoid blocking their own outgoing lines? I
mean we're talking millions of users here. Knocking one user off the net at
a time isn't going to do any good at all, and even 1000 at a time will be a
fairly limited success as many will come back with a new IP right away, most
of them probably not even aware what has happened. IF this is the plan it
seems very ill conceived to me.

I can't see how they are going to identify what is being shared for a start,
but even if they manage that for many users it seems a little hit and miss.
Surely they don't think a few hundred people prosecuted is going to scare
everyone away?

Charlie
0
Charlie
8/4/2002 8:13:00 AM
Charlie Tame wrote:

Hi Charlie, inline.

> "NT Canuck" <ntcanuck@hot_mail.com> wrote in message
> news:aigqjq$12d7$1@news.grc.com...
>
>> This brought up an interesting question from my viewpoint...
>> How does one know it's the RIAA attacking a unit...
>> and not someone else?
>
> Interesting indeed.
> Will they be allowed to use other "Agents" too?

They have raised my suspicions, and to follow up..
How do we know they haven't "tested" using other
"agents" (which could be anyone) already?  hmm...

>> Or do ISP's have to give RIAA "special considerations".
>> (The ISP not to interfere on behalf of it's clients)
>> Heh...ISP's are going to be in the "doghouse" here, especially
>> when trying to collect monthly fee's from DDOS'd clients.
>
> Too true.

I "imagine" this should be uncomfortable for the ISP's,
and really goes against "expanding" the internet.

>> So what happens to ISP's if they block the RIAA websites
>> IP's to protect their clients and bandwidth?  ISP's pay
>> for bandwidth up/down just like any one else, they just
>> buy in larger volumes and split it among their customers.
>
> The RIAA have a target that's worthwhile suing.

The ISP's will certainly have enough "grounds" to meet
the $50 minimum for lawsuits, and perhaps even class action.

>> Most folk don't even have firewalls...probably less than 5%
>> of the computers on the Internet have any protection or logging
>> facilities active or installed (home users).  In any case..if you
>> are hit with a decent DDOS...the logs may be overwhelmed.
>>
>> The more we look at this RIAA request/bill....the dumber it gets.
>>
>> One also has to consider the "precedents" being set here.
>> ie: will firewalls be legislated to allow RIAA through?
>
> NT I am curious, maybe you can offer an opinion. We know the attacks
> on GRC were from multiple machines, in other words the only possible
> bottleneck to the incoming packets was the point where they first
> converged upon Verio. Subsequently that would become Steve's T1 or
> whatever to the actual machine itself, right?

If it was here...I'd be all over the ISP for "interrupted service".
Steve hasn't been breaking any unwritten "social laws" so there's
no legitimate reason for him to be targeted or denied internet access.
And Steve missed something in his estimated "claim" of damages
to the FBI...many coming here (ng and website) are high profile
educatinal facilities, other nations citizens, many high-tech contacts
so you HAVE TO include this premise in damage claims...

There's no second chance for *first impressions*.

Steve is a public figure and is in fact something of a technological
ambassador for the USA by virture of site content.  In fact Steve
has freely given many small programs to secure or information
to secure remote user computers from KNOWN vulnerabilties
(UPnP, MS patch checks) that "without" could cause damages
on remote units...so this is something also to consider.

> If the RIAA did plan to use this method to disrupt machines wouldn't
> they need a similar distibution to avoid blocking their own outgoing
> lines? I mean we're talking millions of users here. Knocking one user
> off the net at a time isn't going to do any good at all, and even
> 1000 at a time will be a fairly limited success as many will come
> back with a new IP right away, most of them probably not even aware
> what has happened. IF this is the plan it seems very ill conceived to
> me.

I don't know they'll attack individuals..maybe a "rider" on the bill
will allow "follow-ups" and "additional clauses" dynamically.  But
I do know the Supernodes are *vulnerable* using built in abilities
to recieve uploaded (kazaa initiated) files in Kazaa and Kazaa lite.
This was intended so some music vendors could "sell" through
the network..but it does give an easily hackable 3rd party entry.
As for the clients..I already worked out ways to make hacking
the individual a fruitless exercise, and if the supernodes just copy
back onto HDD (or serve from a cd) it's fruitless there as well.
Heck...go ahead and delete a file from my ram drive..up again
in 20 seconds.

Fact is...the technologically inept politicians are going to possibly
pass a bill that is itself useless.  Only concern is the unprecedented
elimination of civil rights and due process, which in my mind is
definately a "crime" against that country.  There..I said it.

> I can't see how they are going to identify what is being shared for a
> start, but even if they manage that for many users it seems a little
> hit and miss. Surely they don't think a few hundred people prosecuted
> is going to scare everyone away?

Judging by the criminal intent (IMO) of this proposed bill...
perhaps who is and isn't being lawful should be looked at again.

'Seek and ye shall find'
NT Canuck
0
NT
8/4/2002 1:19:00 PM
"NT Canuck" <ntcanuck@hot_mail.com> wrote in message
news:aij9lu$9ir$1@news.grc.com...

Thanks for the info, I have to say as far as the mechanics of the internet
are concerned you are in a totally different league to me.

However it seems we agree that what has been suggested is highly impractical
and unless the hope is to make an example of a few it's pretty much useless.

However if something could be held against ISP's maybe the hope is that they
can be bludgeoned into doing the RIAA's job for them?

I definitely agree about the ineptitude of some politicians.

Charlie
0
Charlie
8/4/2002 5:42:00 PM
Charlie Tame wrote:

> Thanks for the info, I have to say as far as the mechanics of the
> internet are concerned you are in a totally different league to me.

There are a couple of scenario's that could cause the RIAA
(I believe the bill allows for other copyright holders?) to be
"tricked" into hitting legitimate institutes, ISP's *directly* and
even this NG, those "red herrings" could be set up in "minutes".

> However it seems we agree that what has been suggested is highly
> impractical and unless the hope is to make an example of a few it's
> pretty much useless.

Close enough to what I said, but if I can figure out how to bypass
these things and even use it attack innocents in only a few days...
imagine what people who live a malicious life on the Internet
could do or have already calculated, hopefully it's just hypothetical.

> However if something could be held against ISP's maybe the hope is
> that they can be bludgeoned into doing the RIAA's job for them?

I don't see it, the ISP's are not supposed to be overly "regulated"
In fact the RIAA could be initiating some very dangerous scenario's.

> I definitely agree about the ineptitude of some politicians.

It's not the politician's milieu to know everything about everything,
so we can't always expect too much of them.

'Seek and ye shall find'
NT Canuck
0
NT
8/4/2002 6:56:00 PM
"Steve Gibson" <support@grc.com> wrote in message
news:MPG.17b349cd41feaadc98a7ca@207.71.92.194...
> Global CD (compact disc) sales were down 7 percent last year -- but
> to blame this on file trading is certainly wrong headed.  Hasn't
> everyone SEEN the huge PYRAMIDS of CD-R's which now decorate consumer
> and office supply stores?  I watch people purchasing 50 and 100-disc
> "jumbo packs" of CD-R discs ... and I think to myself "Hmmmm, I doubt
> they are burning copies of software they have written, or songs they
> have recorded."  And I really wonder ... what are they DOING with all
> of those discs?????  They've GOT to be copying (pirating) CD's.
>

So what?
The idea that someone can own music is fundamentally flawed, you can't own
sound waves.
I don't see a difference between me humming or singing in the shower, and
downloading music. Not at all.

Artists shouldn't be able to live off of just what they make from CD's,
vinyl, or cassette, perhaps from concert, but not an individual medium.

There are some things that cannot be owned, music is one of those things.

--
Flower: 7oh31sixatefor
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS d--- s+:-- a--- C++ UL++++ P++ L++ E W+++ N+++ w M- PS+++ PE++
PGP++ t+ 5-- R tv+ b++ DI++ D+ G e- h! r y++
------END GEEK CODE BLOCK------
rap sucks
0
sean
8/4/2002 7:25:00 PM
The answer to the question about the use agent is they will be able to. It's
not specifically excluded which is the only way they wouldn't be able to use
an agent.   Agents act as the company or individual the work for as if they
are that person or entity.  They have to stay within the boundaries of
agency that have been set for them either in writing or verbally.  As long
as they are within that scope then the person, corporation or entity is
responsible for their actions.  If they step outside those boundaries then
they become liable and let the controlling party off the hook at least
partially.  It's my guess that the industry will set up several agents who
in tern will have subagents who do the actual dirty work.  They will set up
a structure that protects them from suit in case anything goes on.  The
companies doing the actual dirty work will carry a minimum of liability
coverage if any at all.  If anyone sues the subagent it will fold like a
cheap tent taking along with it the primary target while those above in the
chain proclaim that they didn't know what the subagent was doing.  They will
make it as tough as possible to pierce the multiple corporate veils to get
at the real copyright holders as possible.  They will put their best legal
brains on this.  As soon as one subagent has a serious problem they will be
discarded and a new one set up.


"Charlie Tame" <charlie@tames.net> wrote in message
news:aiino4$2rdh$1@news.grc.com...
>
> > Interesting indeed. Will they be allowed to use other "Agents" too?
>
> If the RIAA did plan to use this method to disrupt machines wouldn't they
> need a similar distibution to avoid blocking their own outgoing lines? I
> mean we're talking millions of users here. Knocking one user off the net
at
> a time isn't going to do any good at all, and even 1000 at a time will be
a
> fairly limited success as many will come back with a new IP right away,
most
> of them probably not even aware what has happened. IF this is the plan it
> seems very ill conceived to me.
>
Not only would they block their own lines but because of the size of the
attack they would have to launch they'd put a dent into the capacity
available at the various backbone and other key router sites. This would
cause disruption for everyone whose traffic flows through that site and as a
result it would affect other parts of the net as well as traffic is
rerouted.
0
Rick
8/4/2002 9:31:00 PM
Rick wrote...

<...>
> They will make it as tough as possible to pierce the multiple corporate
> veils to get at the real copyright holders as possible.  They will put
> their best legal brains on this.  As soon as one subagent has a serious
> problem they will be discarded and a new one set up.


As the "authorized agents" are, at all times, acting "on the [copyright]
owner's behalf", any paper trail has to lead back to the corporation, which
is ultimately responsible:


"(6) the term �copyright owner� means a legal or beneficial owner of an
exclusive right under section 106 and any party authorized to act on the
owner�s behalf.��

http://www.house.gov/berman/p2p.pdf


"�514(g)(6) defines the term �copyright owner.�  The term includes both the
owner of one of the exclusive rights in a work, and any party authorized to
act on the owner�s behalf.  This definition allows an authorized agent, such
as an interdiction company or trade association, to undertake interdiction
efforts on the owner�s behalf."

http://www.house.gov/berman/p2psection.html


Note:  Although the "Section-by-Section Analysis" at url 2 has this
definition as (g)(6), the bill at url 1 has the definition at (h)(6).
Indication, perhaps, that the "Nondisclosure of information" paragraph
actually at (g) in the Bill was an afterthought:

��(g) NONDISCLOSURE OF INFORMATION.�Information contained in any
notification under subsection (c)(1)(A) may not be made available to the
public under section 552 of title 5."

subsection (c)(1)(A) being the bit where copyright owners tell the DoJ what
technology they intend using to "impair the unauthorized distribution,
display, performance, or reproduction of the owner�s copyrighted works over
a publicly accessible peer-to-peer file trading network"
0
reader
8/5/2002 9:44:00 AM
"sean" wrote...

<...>
> So what?
> The idea that someone can own music is fundamentally flawed,
> you can't own sound waves.


Who needs sound waves where copyright disputes are involved?

http://news.bbc.co.uk/1/hi/entertainment/music/2133426.stm

Quiet at the back there!
0
reader
8/5/2002 9:57:00 AM
Steve Gibson <support@grc.com> wrote in 
news:MPG.17b4bdfda3101c8398a7d1@207.71.92.194:

>> In a sense I guess that this *might* cut into the CD sales to
>> some extent since I won't have to buy CD copies of that music
>> I already own. But in my case, that probably isn't much of a
>> loss since much of what I am copying is not available in CD anyway.
> 
> And even if it was ... you clearly own the rights to listen to
> that music -- which you purchased -- in any way that you see fit.

I agree that I have the right to make those copies.  I mentioned it 
though, since it does reflect back on the 'arguments' of the music ... 
publishers (I was going to say industry, but the 'musicians' seem to be 
getting as 'raw' a deal as the consumers with only the "publishers" 
getting any benefit.) ... since it is their rhetoric that we are trying 
to refute.<g>

MikeD
 
0
MikeD
8/5/2002 2:04:00 PM
Anonymous Mike <anony@abuse_columbus.rr.com> wrote in
news:MPG.17b4ac7185930012989957@news.grc.com: 

> I think the RIAA is missing the boat completely.  I also think
> that the recording artists are missing a great opportunity to
> break free of the RIAA - an organization which seems likely to be
> in violation of the Racketeering statutes.

Actually some artists have "caught on" and are using the internet to 
distribute their work without going through the "industry".  
Unfortunately it is just a handful of (mostly) obscure artists.  Most 
artists are worried about offending TPTB by such a bold move.

MikeD
0
MikeD
8/5/2002 2:09:00 PM
> Since the bill seems to stipulate freedom from suits where
> the damage was less than $50 USA...almost $70 Canadian.
> And since $70 Canadian is just a bit more than my monthy
> cable internet access bill...if I was *wrongly* DDOS'd for
> "an entire month"...I'd be SOL as that doesn't meet the
> $50 USD minimum guideline for pursuing remedial claims.

You can include the personal costs ... the missed business meeting 
because your email couldn't reach you ... or your bill payment didn't 
go out so there are penalties and the like.  I suspect that I could 
come up with a pretty expensive and extensive list of costs if I had 
been held 'off line' for a month. <weg>

MikeD
0
MikeD
8/5/2002 2:12:00 PM
I don't believe that "they" can just look around your file system and 
decide.  They would ... I believe ... have to actually catch you in the 
act of transferring that file to someone before there would be any 
infringement.

Besides, keeping them out of my pc is easy enough with a NAT router, 
personal firewall and anti-trojan / anti-virus software.

MikeD
0
MikeD
8/5/2002 2:15:00 PM
MikeD wrote:
>> Since the bill seems to stipulate freedom from suits where
>> the damage was less than $50 USA...almost $70 Canadian.
>> And since $70 Canadian is just a bit more than my monthy
>> cable internet access bill...if I was *wrongly* DDOS'd for
>> "an entire month"...I'd be SOL as that doesn't meet the
>> $50 USD minimum guideline for pursuing remedial claims.
>
> You can include the personal costs ... the missed business meeting
> because your email couldn't reach you ... or your bill payment didn't
> go out so there are penalties and the like.  I suspect that I could
> come up with a pretty expensive and extensive list of costs if I had
> been held 'off line' for a month. <weg>

On subsequent readings of the bill's reviewers...those costs
are "per incident" which means if there were 3 files in dispute
and for example 3 "4 hour" interruptions...that would be 3
seperate claims, so it's already getting "muddled".  My concern
is because it's not any "acual fact" that allows them these actions..
so they can act on "suspicion" without consequence since the
"average Joe/Jane user" out there won't have a clue what's going on...
they'll just think they got a service interruption or a virus.

I really am tired of all this RIAA interference...blocking and suing
tape drive manufacturers, cassette recorders, CDRW's, DVD,
RIO portable units, and holding back DVD recording capabilities
for over 3 years and now they're after folk on the Internet itself!
There are royalties paid via blank CDR media and cassette tapes
already in place (I think they "killed" magnetic tape drive market)
and I suppose if there were royalties paid by hard drive
manufacturers and the Internet itself that they might be
*temporarily satiated*.  So at least in my case...30+ years of BS.

I totally agree with these sentiments...and items of reference.
http://www.virtualrecordings.com/dmda.html

'Seek and ye shall find'
NT Canuck
0
NT
8/5/2002 3:23:00 PM
They are only authorized to examine the public areas of P2P networks.  If
you have a P2P network set up then all that protection you listed won't do
much good in that public area.  Also because of the nature of P2P your NAT
router and other firewalls have a rather big hole in them which eventually
is going to result in someone figuring out how to exploit it.

"MikeD" <miked@msn-nospam.com> wrote in message
news:Xns92615E24F6B42mikedmsncom@207.71.92.194...
> I don't believe that "they" can just look around your file system and
> decide.  They would ... I believe ... have to actually catch you in the
> act of transferring that file to someone before there would be any
> infringement.
>
> Besides, keeping them out of my pc is easy enough with a NAT router,
> personal firewall and anti-trojan / anti-virus software.
>
> MikeD
0
Rick
8/5/2002 5:21:00 PM
That's true they are unless the agent acts outside of their authority.  If
you put enough barriers between you and the actual agent it's going to be
tough to get them to pay anything when each level above says that the people
below them exceeded their authority (my guess is that the agent will really
have free reign but the actual contracts will be very limited on what they
can do so this defense will work.  No it's not honest or ethical but we are
talking about the entertainment industry.).  To finally get at them will
cost lots and lots of $$$$ and except for a class action lawyer who has that
kind of $$$.  The big firms holding the copyrights have the attorneys on
staff who just love to drag stuff out for as long as possible including
appealing every decision that goes against them.  They are betting that you
run out of $ before they do if you are trying to recover damages.  They make
you the example to keep others from suing.  If they roll over and play dead
they invite more suits if they fight the first ones with everything they
have the scare almost everyone away..

"reader" <reader@yghtjjdsb.com> wrote in message
news:aili5m$2dnv$1@news.grc.com...
> Rick wrote...
>
>
>
> As the "authorized agents" are, at all times, acting "on the [copyright]
> owner's behalf", any paper trail has to lead back to the corporation,
which
> is ultimately responsible:
>
0
Rick
8/5/2002 7:25:00 PM
Steve Gibson <support@grc.com> wrote in
<news:MPG.17b4bdfda3101c8398a7d1@207.71.92.194>:

> Yep, I've (literally) dusted off my old turntable also, after
> tracking down the card with the best A/D (analog to digital)
> converters (one by Turtle Beach).  And I moved a whole bunch of
> irreplaceable "College Vinyl" over to disc.

Eventually, I've got to do that as well.  Is the card you're talking
about the Santa Cruz, or do they make some better model I can't find?

-- 
�Q�
0
ISO
8/5/2002 8:51:00 PM
I was sleeping peacefully, when "Sam Schinke" woke me by saying:

> In this case (RIAA's DDoS) the silver lining to us bystanders is watching
> them hoisted by their own petards.

Ok, class:  Who knows what a "petard" is?

I prefer the classical definition (see the word's etiology, below).

<Dictionary>

http://www.dictionary.com/cgi-bin/dict.pl?db=*&term=petard

pe�tard (p-t�rd)   n.
1. A small bell-shaped bomb used to breach a gate or wall.
2. A loud firecracker.

-------
[ French p�tard, from Old French, from peter, to break wind, from pet, a
breaking of wind, from Latin pditum, from neuter past participle of pdere,
to break wind. See pezd- in Indo-European Roots. ]

Word History: The French used p�tard, �a loud discharge of intestinal gas,�
for a kind of infernal engine for blasting through the gates of a city. �To
be hoist by one's own petard,� a now proverbial phrase apparently
originating with Shakespeare's Hamlet (around 1604) not long after the word
entered English (around 1598), means �to blow oneself up with one's own
bomb, be undone by one's own devices.� The French noun pet, �fart,�
developed regularly from the Latin noun pditum, from the Indo-European root
*pezd-, �fart.�

</Dictionary>

Ergo: "Hoisted upon his own petard" means, "Raised into the air by his own
fart."

That applies to *LOTS* of people.

Barn

P.S. sorry to post this so late: I've been away.
--
Meddle ye not in the affairs of dragons.
For thou art crunchy, and good with ketchup!
0
Barn
8/5/2002 10:42:00 PM
reader wrote:
[...]
> ��(g) NONDISCLOSURE OF INFORMATION.�Information contained in any
> notification under subsection (c)(1)(A) may not be made available to
> the public under section 552 of title 5."

So what's Section 552 of title 5?

Is this seriously saying the public can't make FOI requests to learn of the
intended techniques? Great.

> subsection (c)(1)(A) being the bit where copyright owners tell the
> DoJ what technology they intend using to "impair the unauthorized
> distribution, display, performance, or reproduction of the owner�s
> copyrighted works over a publicly accessible peer-to-peer file
> trading network"

Which is apparently now intended to be a secret notification.

Regards,
Sam
--
Welcome to Earth. A subsidiary of Microsoft�.
0
Sam
8/5/2002 11:17:00 PM
Sam Schinke asked...

> [...]
> > ��(g) NONDISCLOSURE OF INFORMATION.�Information contained in any
> > notification under subsection (c)(1)(A) may not be made available to
> > the public under section 552 of title 5."
>
> So what's Section 552 of title 5?


The Freedom of Information Act.  A link, and comments, were posted earlier
in this thread by Barry in Message-ID: <aibuau$2cpc$1@news.grc.com>
on the 1st Aug.


The Freedom of Information Act,
5 U.S.C. � 552,
As Amended By Public Law No. 104-231,
110 Stat. 3048
http://www.usdoj.gov/oip/foia_updates/Vol_XVII_4/page2.htm



> Is this seriously saying the public can't make FOI requests to learn of
> the intended techniques? Great.

That's exactly what is proposed.



> > subsection (c)(1)(A) being the bit where copyright owners tell the
> > DoJ what technology they intend using to "impair the unauthorized
> > distribution, display, performance, or reproduction of the owner�s
> > copyrighted works over a publicly accessible peer-to-peer file
> > trading network"
>
> Which is apparently now intended to be a secret notification.

The notification isn't secret, as those affected - Axis of Evil [MP3
Division], ISP's - can confirm they have been "impaired" according to para
(c)(2).  What's secret is the "how we're going to do it" advance
notification to the DoJ.
0
reader
8/6/2002 8:46:00 AM
reader wrote:
> Sam Schinke asked...
[...]
>> Which is apparently now intended to be a secret notification.
>
> The notification isn't secret, as those affected - Axis of Evil [MP3
> Division], ISP's - can confirm they have been "impaired" according to
> para (c)(2).  What's secret is the "how we're going to do it" advance
> notification to the DoJ.

So does this mean that once a copyright holder uses a method they have
informed the DoJ about, it no longer has protected status from the public?
Or does it only mean that people who have been affected can be given a
generic "you've been hit" notice? How do they propose to keep technically
minded folks from publishing papers about their techniques after the fact?

I wonder if they'll try to market their DDoS's as copy prevention
techniques, thereby making sharing information how to avoid or bypass them
illegal under the DMCA. *chuckle*

Regards,
Sam
--
Welcome to Earth. A subsidiary of Microsoft�.
0
Sam
8/6/2002 2:35:00 PM
"NT Canuck" <ntcanuck@hot_mail.com> wrote in 
news:aim59r$3152$1@news.grc.com:

> http://www.virtualrecordings.com/dmda.html

An excellent document.  I have been a fan of the EFF for years (well 
occasionally they do get a bit carried away, but, hey!  Sometimes that 
is what is needed, it seems <sigh>).  Anyway, they deserve our support 
.... if you are not already supporting them!<g>

MikeD
0
MikeD
8/6/2002 4:26:00 PM
"Rick" <NoSpam@NoSpam.com> wrote in news:aimc73$741$1@news.grc.com:

> They are only authorized to examine the public areas of P2P
> networks.  

Hmmm ... I would think (but I am no legal scholar) that they would have 
to actually document the transferral of the copyrighted material not 
just see some file names listed.  But I could be wrong, of course :-/

> If you have a P2P network set up then all that
> protection you listed won't do much good in that public area. 
> Also because of the nature of P2P your NAT router and other
> firewalls have a rather big hole in them which eventually is going
> to result in someone figuring out how to exploit it. 

Yes, that is true.  But I suspect that it won't take the code geeks out 
there long to figure out a way to hide all that info ... set up a 
server outside the US to 'sanitize' the lists or some such.  The RIAA 
is trying to put the soup back in the can with a fork.  It ain't gonna 
happen.  This **feels** a lot like the XP activation fiasco.  All they 
will do is alienate the general populace without much impact on the 
large scale pirates.

MikeD
0
MikeD
8/6/2002 4:32:00 PM
So squids are not the only creatures using 'jet propulsion' <weg>

MikeD
0
MikeD
8/6/2002 4:35:00 PM
Sam Schinke wrote...

<...>
> > The notification isn't secret, as those affected - Axis of Evil [MP3
> > Division], ISP's - can confirm they have been "impaired" according to
> > para (c)(2).  What's secret is the "how we're going to do it" advance
> > notification to the DoJ.
>
> So does this mean that once a copyright holder uses a method they have
> informed the DoJ about, it no longer has protected status from the public?


Not as I understand what's proposed.  It's a secret.



> Or does it only mean that people who have been affected can be given a
> generic "you've been hit" notice?


Axis of Evil [MP3 Division] Yo Ho Ho Mi'harties (aka File Traders) can
*request*, from the copyright owner, details of the reason they are being
impaired, the name and address of the copyright owner and details of the
impairee's rights to bring an action for wrongful impairment.  If you don't
ask, they won't tell.

What's not explained is how the Axis of Evil [MP3 Division] member, or even
their ISP, is supposed to know exactly which copyright owner, or "any party
authorized to act on the owner�s behalf��, is impairing them.



> How do they propose to keep technically
> minded folks from publishing papers about their techniques after the fact?
>
> I wonder if they'll try to market their DDoS's as copy prevention
> techniques, thereby making sharing information how to avoid or bypass them
> illegal under the DMCA. *chuckle*


See how the pieces are coming together?
0
reader
8/6/2002 7:32:00 PM
Did you ever read this?

http://www.tames.net/ramblings/treachery.htm

Charlie

"reader" <reader@yghtjjdsb.com> wrote in message
news:aip8q0$602$1@news.grc.com...

> What's not explained is how the Axis of Evil [MP3 Division] member, or
even
> their ISP, is supposed to know exactly which copyright owner, or "any
party
> authorized to act on the owner's behalf'', is impairing them.
0
Charlie
8/6/2002 8:15:00 PM
> >This has been bothering me for a while.  Many many posts (like the one I
> >replied to) have screwed up formatting due to (presumably) hard returns,
> >so that when one doesn't use the same screen width in their reader, or
> >when the screen width is reduced by thread carats, the formatting gets
> >staggered.  Most of these posts seem to be with OE.
>
> So it seems, but Barry's post (width=76) looked fine to me, so it looks
> as though Mozilla isn't so generous in what it accepts.

Not sure if this helps you out with tracking this down, but I have the
"plain text" setting selected for my news posts.  It may happen more with
people who have HTML selected for their posting.  I don't remember what the
default is.

I suppose I could install Agent on this machine, though.  It'd feel good to
use one less piece of Microsquish software, especially the vile and foul
Outlook Express....

Barry
0
Barry
8/6/2002 8:32:00 PM
Charlie Tame asked...

> Did you ever read this?
>
> http://www.tames.net/ramblings/treachery.htm


I hadn't... but now I am enlightened.

Not being a Napster user, how old is the information?


PS  I'd love to know how they determine MP3 files on a user's machine are
copyrighted.

PPS  I also note on your page's copy of the "Sue Me Please, Mr Designated
Copyright Agent" form that the "Name of party denying you access" is blank,
which goes back to the question I posed earlier, how is a user supposed to
know *who* is doing the denying?
0
reader
8/7/2002 12:17:00 AM
"reader" <reader@yghtjjdsb.com> wrote in message
news:aipr0b$ris$1@news.grc.com...
> Charlie Tame asked...
>
> > Did you ever read this?
> >
> > http://www.tames.net/ramblings/treachery.htm
>
>
> I hadn't... but now I am enlightened.
>
> Not being a Napster user, how old is the information?

Pretty old, but the Iframe is a genuine copy of the message.

> PS  I'd love to know how they determine MP3 files on a user's machine are
> copyrighted.

I don't know, I guess at that time just by name.

> PPS  I also note on your page's copy of the "Sue Me Please, Mr Designated
> Copyright Agent" form that the "Name of party denying you access" is
blank,
> which goes back to the question I posed earlier, how is a user supposed to
> know *who* is doing the denying?

Well of course in that particular case it was Napster themselves, but later
P2P systems don't use the same system. However at least Napster did tell you
what had happened and why. The RIAA it seems don't intend to do that, just
make the service unusable.

But it was your comment earlier that reminded me of that page.

Charlie
0
Charlie
8/7/2002 1:07:00 AM
Charlie Tame wrote: 
> 
> "reader" wrote...
>> 
>> PS  I'd love to know how they determine MP3 files on a user's machine
>> are copyrighted.
> 
> I don't know, I guess at that time just by name.

Don't forget that MP3s have a data header -- called an ID3 tag -- that can 
hold information about the song, including its year of release, the song's 
performer, the album the song came from, and other stuff. MP3 players like 
Winamp and MusicMatch Jukebox make extensive use of ID3 tags, as does the 
Gracenote Compact Disc Database.

If Winamp et al can read ID3 tags, it's not too much of a stretch to assume 
that RIAA can do the same.

--
Glenn Shaw
Indianapolis, IN USA
0
Glenn
8/8/2002 12:17:00 AM
Glenn Shaw wrote:
[...]
> Don't forget that MP3s have a data header -- called an ID3 tag --
> that can hold information about the song, including its year of
> release, the song's performer, the album the song came from, and
> other stuff. MP3 players like Winamp and MusicMatch Jukebox make
> extensive use of ID3 tags, as does the Gracenote Compact Disc
> Database.
>
> If Winamp et al can read ID3 tags, it's not too much of a stretch to
> assume that RIAA can do the same.

I think it is important to note, however, that these ID3 tags are at the END
of mp3 files. I forget the exact specification, but drop an mp3 into a hex
editor sometime.

Unless the p2p software supports only downloading a segment of the file (eg,
resumable or parallel downloads), the RIAA would have to download the entire
file to read the ID3 tag.

However, the ID3 tag itself is no guarantee of content (they are trivially
falsified), unless you want to argue that song names are copyrightable
themselves in this context (which is something I would dispute). But then
again, mere suspicion is enough under these laws, so that may be irrelevant.

Regards,
Sam
--
Welcome to Earth. A subsidiary of Microsoft�.
0
Sam
8/8/2002 12:45:00 AM
On Tue, 6 Aug 2002 20:07:59 -0500, "Charlie Tame" <charlie@tames.net> wrote:

>> PS  I'd love to know how they determine MP3 files on a user's machine are
>> copyrighted.

>I don't know, I guess at that time just by name.

That wouldn't mean they're pirated, you might have all the CDs the MP3 files
came from.






             The truth IS out there, 
but most people don't recognize it when they see it!
0
Da
8/8/2002 1:21:00 PM
Da Kat wrote:
> On Tue, 6 Aug 2002 20:07:59 -0500, "Charlie Tame" <charlie@tames.net>
wrote:
>
>>> PS  I'd love to know how they determine MP3 files on a user's
>>> machine are copyrighted.
>
>> I don't know, I guess at that time just by name.
>
> That wouldn't mean they're pirated, you might have all the CDs the
> MP3 files came from.

But if you are offering them in the public area of a p2p network, then you
are "distributing" them, and are in violation of the copyright holder's
copyright.

Your right to listen to your music how you wish does not extend to having
the right to give copies to arbitrary people.

Regards,
Sam
--
Welcome to Earth. A subsidiary of Microsoft�.
0
Sam
8/8/2002 2:43:00 PM
"Sam Schinke" <sschinke@myrealbox.com> wrote in message
news:aitvs7$1tn6$1@news.grc.com...
>
> Your right to listen to your music how you wish does not extend to having
> the right to give copies to arbitrary people.
>

Agreed.  My problem is the way that almost all P2P software (by default)
"searches" your HDD for media for you to share.  If the RIAA has a beef with
anyone, they should target the companies making/distributing P2P clients;
not the users of the network.  Now, far be it from me to attempt mounting an
argument that users should be allowed to be too stupid to bother changing a
defualt setting (that argument is usually *your* side of these
conversations, Sam...  *g*), but when I have 30GB worth of my entire CD
collection sitting on my harddrive, I'd like to think that companies
shouldn't be making software that (by default) causes me to violate every
copyright law on the planet.

-S
0
Stefan
8/8/2002 3:24:00 PM
Stefan <no.sp@m.com> wrote:

> Agreed.  My problem is the way that almost all P2P software (by default)
> "searches" your HDD for media for you to share.  If the RIAA has a beef
> with anyone, they should target the companies making/distributing P2P
> clients; not the users of the network.  Now, far be it from me to attempt
> mounting an argument that users should be allowed to be too stupid to
> bother changing a defualt setting (that argument is usually *your* side
> of these conversations, Sam...  *g*), but when I have 30GB worth of my
> entire CD collection sitting on my harddrive, I'd like to think that
> companies shouldn't be making software that (by default) causes me to
> violate every copyright law on the planet.

Stefan,

I am probably taking you out of context, but what can happen if someone has
open shares on the Internet?  Aren't they making everything on their hard
drive available to anyone on the Internet?  If the answer is yes, maybe we
should move this to grc.security, since I am getting away from the RIAA
issue.

Oh, well, I'll just change followups to grc.security.

-- 
Robert
List of Lists
http://lists.gpick.com/
Eric Howe's Privacy and Security Site
http://www.staff.uiuc.edu/~ehowes/main-nf.htm
0
Robert
8/8/2002 4:52:00 PM
"Robert Wycoff" wrote in message

> Oh, well, I'll just change followups to grc.security.

Forgive my reversal on that.  It just appears to me that this is all falling
perfectly within the contect of the original thread, and chasing it across
multiple newsgroups would serve no real purpose outside of creating
confusion.  The topic here is about the RIAA, what they're doing to pass a
bill into law, why they're doing it, and the fact their site was being
attacked because of it.  If discussing what we think they ~should~ do (as an
alternative) doesn't fit the context of this thread, what does?  hence...
posted and f-ups set back to grc.news.feedback


> I am probably taking you out of context

I don't see how that would be possible.  The meaning of my post was fairly
clear.


> but what can happen if someone has
> open shares on the Internet?  Aren't
> they making everything on their hard
> drive available to anyone on the Internet?

Yes.  The difference is that windows shares are not turned on (sharing
anything) by default.  Much of the P2P software out there does seek out and
share everything by default.  It's then up to the user to go and de-select
all the stuff this new software is sharing.  I think the P2P software should
take a more clear "opt-in" approach to file sharing.  Then if someone is
sharing copyrighted works, it's nobody's fault except their own.  Of course,
we all know that if it the P2P software took this sort of "opt-in" approach,
the network would fail miserably, because everyone would follow the "I'll
take but won't give" line of thinking.  the programmers of the P2P clients
know this all too well, so they set up full sharing as the default, with a
reckless disregard for the possible copyright (or even private) nature of
the files being shared.  Since windows file shares are turned off be
default, this same disregard for copyright laws simply does not exist.


> If the answer is yes, maybe we should move this to
> grc.security, since I am getting away from the RIAA
> issue.

No.  It's makes for an interesting comparison (hence, still falls in the
context of the original topic).  The people sharing files via an open
windows file share clearly decided to do that on their own (completely
regardless of the possibility they maybe didn't understand the entire
Internet would be able to accesss those shares).  They did it to themselves.
No default setting ANYWHERE shared those files out across the Internet.
With many (most?) of the P2P clients, they *default* to searching for and
sharing all your media files, when you install the software.  In that case,
the default setting has a reckless disregard for copyright laws.  No such
disregard exists with file shares.  If you don't want to share them with the
entire Internet, don't.... turn.... them.... on.  The default windows
setting sure as hell won't turn them on (unlike the default P2P software
settings).

-S
0
Stefan
8/8/2002 6:15:00 PM
Stefan <no.sp@m.com> wrote:
> "Robert Wycoff" wrote in message
>
>> Oh, well, I'll just change followups to grc.security.
>
> Forgive my reversal on that.  It just appears to me that this is all
> falling perfectly within the contect of the original thread, and chasing
> it across multiple newsgroups would serve no real purpose outside of
> creating confusion.  The topic here is about the RIAA, what they're doing
> to pass a bill into law, why they're doing it, and the fact their site
> was being attacked because of it.  If discussing what we think they
> ~should~ do (as an alternative) doesn't fit the context of this thread,
> what does?  hence... posted and f-ups set back to grc.news.feedback
>
>
>> I am probably taking you out of context
>
> I don't see how that would be possible.  The meaning of my post was fairly
> clear.

OK.

>> but what can happen if someone has
>> open shares on the Internet?  Aren't
>> they making everything on their hard
>> drive available to anyone on the Internet?
>
> Yes.  The difference is that windows shares are not turned on (sharing
> anything) by default.  Much of the P2P software out there does seek out
> and share everything by default.  It's then up to the user to go and
> de-select all the stuff this new software is sharing.  I think the P2P
> software should take a more clear "opt-in" approach to file sharing.
> Then if someone is sharing copyrighted works, it's nobody's fault except
> their own.  Of course, we all know that if it the P2P software took this
> sort of "opt-in" approach, the network would fail miserably, because
> everyone would follow the "I'll take but won't give" line of thinking.
> the programmers of the P2P clients know this all too well, so they set up
> full sharing as the default, with a reckless disregard for the possible
> copyright (or even private) nature of the files being shared.  Since
> windows file shares are turned off be default, this same disregard for
> copyright laws simply does not exist.

Hmm.  I was under the impression that many people who used ShieldsUp! never
knew they had open shares and didn't know how they got that way.  What about
the count of open machines here?  3 million?  And dslreports shows open
shares every day, practically.  Hopefully, with the transition from Win9x to
XP, it will get better.

http://grc.com/x/ne.dll?bh1akydu

>> If the answer is yes, maybe we should move this to
>> grc.security, since I am getting away from the RIAA
>> issue.
>
> No.  It's makes for an interesting comparison (hence, still falls in the
> context of the original topic).  The people sharing files via an open
> windows file share clearly decided to do that on their own (completely
> regardless of the possibility they maybe didn't understand the entire
> Internet would be able to accesss those shares).  They did it to
> themselves. No default setting ANYWHERE shared those files out across the
> Internet. With many (most?) of the P2P clients, they *default* to
> searching for and sharing all your media files, when you install the
> software.  In that case, the default setting has a reckless disregard for
> copyright laws.  No such disregard exists with file shares.  If you don't
> want to share them with the entire Internet, don't.... turn.... them....
> on.  The default windows setting sure as hell won't turn them on (unlike
> the default P2P software settings).

I'm not following you.  I can imagine that people who use p2p don't have a
clue about copywrite law.  The first time my teenager downloaded and started
using Napster, he did not understand copywrite law well enough to know what
he should or shouldn't be downloading from the Internet.

And I still think there are users today who have no clue that their computer
is connected to the Internet with open shares.  Which means that they are
sharing their music, etc., with everyone on the 'net.

-- 
Robert
List of Lists
http://lists.gpick.com/
Eric Howe's Privacy and Security Site
http://www.staff.uiuc.edu/~ehowes/main-nf.htm
0
Robert
8/8/2002 6:40:00 PM
"Robert Wycoff" wrote in message:

> Hmm.  I was under the impression that many people
> who used ShieldsUp! never knew they had open shares
> and didn't know how they got that way.

That doesn't mean they were on by default.  In fact, they weren't.  Only
after someone turned them on, did the users have open shares.  How they got
turned on is the user's problem, nobody elses.


> What about the count of open machines here?  3 million?

There could be 10 million.  so what?  they weren't on by default.  That's
all I'm saying.  You'd think this would be common knowledge by now.


> I'm not following you.  I can imagine that people who use p2p
> don't have a clue about copywrite law.  The first time my
> teenager downloaded and started using Napster, he did not
> understand copywrite law well enough to know what he
> should or shouldn't be downloading from the Internet.

The problem here isn't really what you take...  it's what you give.  the
RIAA is only out to stop the people sharing copyrighted material.  They have
no honest way of decting the "leeches" (people downloading, but not sharing
their own).

That said...  Ignorance of the law is not a defence from the law.  Just
because someone didn't know they couldn't freely distribute copyrighted
material, doesn't mean they're welcome to go ahead and do it.


> And I still think there are users today who have no clue that
> their computer is connected to the Internet with open shares.

Well, that's their own problem - created only by themselves.  It wasn't the
default setting that got them that way.


> Which means that they are
> sharing their music, etc., with everyone on the 'net.

ditto on most of what I've already said...  defaults and what-not.

-S
0
Stefan
8/8/2002 6:57:00 PM
In article <aiu2e7$20cg$1@news.grc.com>, no.sp@m.com, 
 Stefan nibbled our ears by saying...

> but when I have 30GB worth of my entire CD
> collection sitting on my harddrive, I'd like to think that companies
> shouldn't be making software that (by default) causes me to violate every
> copyright law on the planet.

Heh, I agree.

However, according to Bloated Elvis, any such default settings are 
the responsiblity of the user to deal with and not the problem of the 
vendor, even if they cause you to break the law or leave your 
computer/server wide-open to attack because you didn't know all the 
defaults or forgot to change one here or there.  That's your fault 
not the vendor's <G>
-- 
Michael
- "anyone who is honestly trying to [live a life of belief] will soon 
find his intelligence sharpened."  C.S. Lewis
0
Anonymous
8/8/2002 7:30:00 PM
Anonymous Mike <anony@abuse_columbus.rr.com> wrote:
> In article <aiu2e7$20cg$1@news.grc.com>, no.sp@m.com,
>  Stefan nibbled our ears by saying...
>
>> but when I have 30GB worth of my entire CD
>> collection sitting on my harddrive, I'd like to think that companies
>> shouldn't be making software that (by default) causes me to violate every
>> copyright law on the planet.
>
> Heh, I agree.
>
> However, according to Bloated Elvis, any such default settings are
> the responsiblity of the user to deal with and not the problem of the
> vendor, even if they cause you to break the law or leave your
> computer/server wide-open to attack because you didn't know all the
> defaults or forgot to change one here or there.  That's your fault
> not the vendor's <G>

Hmm.  I thought Stefan said something similar.

-- 
Robert
List of Lists
http://lists.gpick.com/
Eric Howe's Privacy and Security Site
http://www.staff.uiuc.edu/~ehowes/main-nf.htm
0
Robert
8/8/2002 8:01:00 PM
In article <aiuimf$2k3g$2@news.grc.com>, Don't.use.Lockdown@any.price 
says...
<snip>
> > However, according to Bloated Elvis, any such default settings are
> > the responsiblity of the user to deal with and not the problem of the
> > vendor, even if they cause you to break the law or leave your
> > computer/server wide-open to attack because you didn't know all the
> > defaults or forgot to change one here or there.  That's your fault
> > not the vendor's <G>
> 
> Hmm.  I thought Stefan said something similar.
> 
Well, I said it and I stand by it. 
Go download redhat 6.2 and leave it on the internet for a few hours, 
then go blame redhat becuase you got rooted.
Once you get the computer home, your damn right it's your fault.

-- 
Bloated Elvis
0
bloated
8/8/2002 8:17:00 PM
bloated elvis <thel8elvis@hotmail.com> wrote:
> In article <aiuimf$2k3g$2@news.grc.com>, Don't.use.Lockdown@any.price
> says...
> <snip>
>>> However, according to Bloated Elvis, any such default settings are
>>> the responsiblity of the user to deal with and not the problem of the
>>> vendor, even if they cause you to break the law or leave your
>>> computer/server wide-open to attack because you didn't know all the
>>> defaults or forgot to change one here or there.  That's your fault
>>> not the vendor's <G>
>>
>> Hmm.  I thought Stefan said something similar.
>>
> Well, I said it and I stand by it.
> Go download redhat 6.2 and leave it on the internet for a few hours,
> then go blame redhat becuase you got rooted.
> Once you get the computer home, your damn right it's your fault.

Elvis,

Good example.  Much better than an analogy. <g>

-- 
Robert
List of Lists
http://lists.gpick.com/
Eric Howe's Privacy and Security Site
http://www.staff.uiuc.edu/~ehowes/main-nf.htm
0
Robert
8/8/2002 8:27:00 PM
"Anonymous Mike" wrote in message:

> However, according to Bloated Elvis...

Well, you should listen to B.E.; he's a smart guy...  *g*


> That's your fault
> not the vendor's <G>

I agree with what you just said.  Yes, it *IS* the user's fault.  I'm merely
saying that (in this case) the RIAA should first set their collective sites
on the producers (xolox, kazaa, limewire, bearshare, gnutella, morpheus,
etc, etc) and distridutors (download.com, etc, etc) of P2P software.  They
are making/distributing a product that (when using default settings) shows a
certain reckless disregard for potential copyright laws.

This thought WAS NOT my was of passing the buck, and saying the stupid user
has no responsibility to obey copyright laws.  Not at all.  However, IMHO,
it would just be a MUCH more logical *next step* for the RIAA....  you
know... before they propose open season DDoSing on clueless users.

-S
0
Stefan
8/8/2002 9:14:00 PM
"Stefan" <no.sp@m.com> wrote in message news:aiuceq$2buk$1@news.grc.com
> "Robert Wycoff" wrote in message
>
>> Oh, well, I'll just change followups to grc.security.

>
> Forgive my reversal on that.  It just appears to me that this is all
> falling perfectly within the contect of the original thread, and
> chasing it across multiple newsgroups would serve no real purpose
> outside of creating confusion.  The topic here is about the RIAA,
> what they're doing to pass a bill into law, why they're doing it, and
> the fact their site was being attacked because of it.  If discussing
> what we think they ~should~ do (as an alternative) doesn't fit the
> context of this thread, what does?  hence... posted and f-ups set
> back to grc.news.feedback
>
>
>> I am probably taking you out of context
>
> I don't see how that would be possible.  The meaning of my post was
> fairly clear.
>
>

>> but what can happen if someone has
>> open shares on the Internet?  Aren't
>> they making everything on their hard
>> drive available to anyone on the Internet?
>

> Yes.  The difference is that windows shares are not turned on (sharing
> anything) by default.  Much of the P2P software out there does seek
> out and share everything by default.  It's then up to the user to go
> and de-select all the stuff this new software is sharing.  I think
> the P2P software should take a more clear "opt-in" approach to file
> sharing.  Then if someone is sharing copyrighted works, it's nobody's
> fault except their own.  Of course, we all know that if it the P2P
> software took this sort of "opt-in" approach, the network would fail
> miserably, because everyone would follow the "I'll take but won't
> give" line of thinking.  the programmers of the P2P clients know this
> all too well, so they set up full sharing as the default, with a
> reckless disregard for the possible copyright (or even private)
> nature of the files being shared.  Since windows file shares are
> turned off be default, this same disregard for copyright laws simply
> does not exist.
>
>
>> If the answer is yes, maybe we should move this to
>> grc.security, since I am getting away from the RIAA
>> issue.
>

> No.  It's makes for an interesting comparison (hence, still falls in
> the context of the original topic).  The people sharing files via an
> open windows file share clearly decided to do that on their own
> (completely regardless of the possibility they maybe didn't
> understand the entire Internet would be able to accesss those
> shares).  They did it to themselves. No default setting ANYWHERE
> shared those files out across the Internet. With many (most?) of the
> P2P clients, they *default* to searching for and sharing all your
> media files, when you install the software.  In that case, the
> default setting has a reckless disregard for copyright laws.  No such
> disregard exists with file shares.  If you don't want to share them
> with the entire Internet, don't.... turn.... them.... on.  The
> default windows setting sure as hell won't turn them on (unlike the
> default P2P software settings).
>
> -S

Hang on a minute Stefan...

This thread is SUPPOSED to be discussing the Up's & Down's of the RIAA web
site, NOT the behaviour of P2P Sharing software.

Wouldn't it be more appropriate to move this discussion to grc.tectalk and
start another thread? I would think so.

Cross-Posted to grc.techtalk

Follwup set to grc.techtalk

--


BullBar
0
BullBar
8/9/2002 6:11:00 AM
> Hang on a minute Stefan...

Ok, I'm hangin'


> This thread is SUPPOSED to be discussing the Up's & Down's
> of the RIAA web site, NOT the behaviour of P2P Sharing software.

No.


> Wouldn't it be more appropriate to move this discussion to
> grc.tectalk and start another thread? I would think so.

No.


> Cross-Posted to grc.techtalk
>
> Follwup set to grc.techtalk

No, and no.


Go read Steve's first posting in "news"....

**************************************************
As you may know, last Thursday the RIAA endorsed a bill written by a
California Representative, Howard Berman.  Though I have not studied
the bill closely, it reportedly authorizes copyright holders to begin
"blocking, diverting or otherwise impairing" peer-to-peer networks.

Needless to say, while I certainly don't endorse wholesale music or
other intellectual property piracy, I worry A LOT when I see reckless
legislation being purchased by powerful special-interest groups ...
as is certainly and clearly the case in this instance.
**************************************************

Now, you may enjoy chasing a single discussion across 17 threads in 4
different newsgroups, but I couldn't be bothered.  The "rule nazis" get so
uptight about anything being posting that might not be a clear and direct
reply to something that Steve said, but this is all quite on topic, and
perfectly in-line with the original poting in 'news'.

What would you rather we do?  Discuss the Up's & Down's of the RIAA web
site?  ok then...  let's do that...

Gee...  It's up.

Oh...  It's down...

Oh, it's up again....

no wait.... it's down...

holy crap... it's up...

no wait, it's down.

If we want that converation, we'll give Jerry Falwell a bag of Viagra and
we'll discuss the results in ten.forward.  Until then...

-S
0
Stefan
8/9/2002 2:23:00 PM
"Stefan" <no.sp@m.com> wrote:

>"Robert Wycoff" wrote in message:

>> Hmm.  I was under the impression that many people
>> who used ShieldsUp! never knew they had open shares
>> and didn't know how they got that way.

>That doesn't mean they were on by default.  In fact, they weren't.  Only
>after someone turned them on, did the users have open shares.  How they got
>turned on is the user's problem, nobody elses.

Users have oftimes had no way of knowing their shares were open.  At
least as late as Win98SE, when sharing is enabled for LAN use, it is by
default enabled on all network devices.  Users of the 9x O/Ses at least,
were/are not adequately warned of this.

Also trojans may enable sharing.  Bear in mind such insanity as the
various IE and OE vulnerabilities that pop up regularly which may
execute hostile code without the user having done anything to cause it.

Though you might be accurate to say it's the user's PROBLEM, it may
often not be the user's FAULT.


>> What about the count of open machines here?  3 million?

>There could be 10 million.  so what?  they weren't on by default.  That's
>all I'm saying.  You'd think this would be common knowledge by now.

But it isn't common _enough_ knowledge, and in practical terms it isn't
accurate or workable to blame the users.

pchelp
0
pchelp
8/9/2002 4:20:00 PM
"pchelp" wrote in message:

> Users have oftimes had no way of knowing their shares were open.

C:\>NET VIEW \\127.0.0.1

I know it's a earth shattering concept that people be expected to know
something about the piece of equipment they just purchased, but...


> Users of the 9x O/Ses at least,
> were/are not adequately warned of this.

I'm lighting a candle for them as we speak.


> Though you might be accurate to say it's the user's
> PROBLEM, it may often not be the user's FAULT.

http://www.banda.ca/x/dh.jpg


> But it isn't common _enough_ knowledge, and in practical
> terms it isn't accurate or workable to blame the users.

In life, you will encounter many problems that do not fall under the
umbrella of "common _enough_ knowledge".  That doesn't make your problem
somebody else's fault.

-S
0
Stefan
8/9/2002 4:34:00 PM
Stefan <no.sp@m.com> wrote:

> In life, you will encounter many problems that do not fall under the
> umbrella of "common _enough_ knowledge".  That doesn't make your problem
> somebody else's fault.

Stefan,

We aren't trying to establish blame or fault.  We are just stating facts.
You want to place blame on the user for not knowing about C:\>NET VIEW
\\127.0.0.1 and what it means.  You must live in a very isolated world if
you think that.  And I know from your previous posts that you do *not* live
in an isolated world.

The fact is, millions of Windows users don't know that they have open shares
and they have no clue how they were "opened".  And they have no clue as to
the Internet security implications.


-- 
Robert
List of Lists
http://lists.gpick.com/
Eric Howe's Privacy and Security Site
http://www.staff.uiuc.edu/~ehowes/main-nf.htm
0
Robert
8/9/2002 5:24:00 PM
Stefan posted the following to grc.news.feedback:

<snip>

> -S

<<PLONK!>>

-- 
    "Fish"  (David B. Trout)

(spamblocks in place; actual email
 is fish (at) infidels (dot) org)
0
Fish
8/9/2002 5:28:00 PM
"Robert Wycoff" wrote in message:

> We aren't trying to establish blame or fault.  We are just
> stating facts.

Yes and No.  were very clearly trying to establish blame and fault, to a
degree.  This was the basis of the entire point that the RIAA should first
target the makers/distributors of P2P software.  I feel the P2P software
companies are (to a degree) at fault because they release/market a product
that has default settings that will openly disregard law while it shares
potentially copyrighted material.  On that same token, I was saying it is
NOT the fault of the software makers when the same sharing is done via an
'open share' - since no default setting caused any copyright material to be
shared.


> You want to place blame on the user for not knowing
> about C:\>NET VIEW \\127.0.0.1 and what it means.

No.  I was replying directly to pchelp who said that, "Users have oftimes
had no way of knowing their shares were open".  I showed that all it takes
to know if your shares are open is about 20 keystrokes -- less than it takes
many people to type their full name.  Is it that hard to do?  Is it that
hard to remember?  did I miss something?  So many of these people can learn
anything they want if it involves getting free music and/or pornography, but
we pat them on the back and hold their hand while excusing their inability
to learn one or two very basic things about computer security.  When they
fail to do that, it's never their fault, problem, or responsibility.

There are places out there where they can get help...
http://www.satirewire.com/features/siliconpines/



> The fact is, millions of Windows users don't know that they
> have open shares and they have no clue how they were
> "opened".  And they have no clue as to the Internet security
> implications.

..... and the fact they have no clue is the fault of ________________?

A) Their mother
B) Bill Gates
C) Themselves
D) The anti-christ
E) Hey...  "B" and "D" are the same answer!

-S
0
Stefan
8/9/2002 5:48:00 PM
"Stefan" <no.sp@m.com> wrote:

>"pchelp" wrote in message:

>> Users have oftimes had no way of knowing their shares were open.

>C:\>NET VIEW \\127.0.0.1

>I know it's a earth shattering concept that people be expected to know
>something about the piece of equipment they just purchased, but...

You have no slightest concept of reality, have you?  How many users
really know -- or will ever know -- arcane command-lines?  How many
could begin to interpret what they produce?


>> Users of the 9x O/Ses at least,
>> were/are not adequately warned of this.

>I'm lighting a candle for them as we speak.

You could hardly care, could you?  Look at your posts.  Or shall I call
them the trolls they are?


>> But it isn't common _enough_ knowledge, and in practical
>> terms it isn't accurate or workable to blame the users.

>In life, you will encounter many problems that do not fall under the
>umbrella of "common _enough_ knowledge".  That doesn't make your problem
>somebody else's fault.

You're lost in a vicious fantasy, dude.  Obviously there's nothing I can
do for you.  You clearly think very poorly of your fellw man.  By
default, one might say.

I do though, wish you'd go away and cease the propaganda.  It's
misleading and/or of no practical value, save only to your pathetic ego.

pchelp
0
pchelp
8/9/2002 6:42:00 PM
In article <aj0v84$21cg$1@news.grc.com>, no.sp@m.com says...
<snip>
> So many of these people can learn
> anything they want if it involves getting free music and/or pornography, but
> we pat them on the back and hold their hand while excusing their inability
> to learn one or two very basic things about computer security.  When they
> fail to do that, it's never their fault, problem, or responsibility.

LOL - I like that point :-)

<snip>

-- 
Bloated Elvis
0
bloated
8/9/2002 6:42:00 PM
"Da Kat" <thekat@san.rxyzr.com> wrote in message
news:tsr4lu03ekck2ooemkshlub9r1ns73frac@4ax.com...
> On Tue, 6 Aug 2002 20:07:59 -0500, "Charlie Tame" <charlie@tames.net>
wrote:
>
> >> PS  I'd love to know how they determine MP3 files on a user's machine
are
> >> copyrighted.
>
> >I don't know, I guess at that time just by name.
>
> That wouldn't mean they're pirated, you might have all the CDs the MP3
files
> came from.

Yep, I did and had and still got blocked though it wasn't actually being
shared...

Hmm.

Charlie
0
Charlie
8/9/2002 7:10:00 PM
"pchelp" wrote in message:

> You have no slightest concept of reality, have you?
> How many users really know -- or will ever know
> -- arcane command-lines?  How many could begin
> to interpret what they produce?

I don't intend to repeat myself, ad nauseam, but you're not listening.  I
never said that I thought very many users ALREADY -- or will ever -- know
how to secure more than a toaster oven.  I was only showing how stupifyingly
easy it is....

C:\>NET VIEW \\127.0.0.1

....now...  does the fact that most people don't know that command mean that
it's in some way difficult to understand?  No.  They do not know, only
because they do not care.  Gimme a stack of banana'a, and I could teach a
room full of retarded monkeys to figure it out.  If users don't like command
line stuff, there's pleanty of point-n-click ways to get the job done...
RTFM.

Your EXACT words were "Users have oftimes had no way of knowing their shares
were open".  I'm sorry, but is what I just showed you not a way of knowing
their shares were open?  Yes, it is.  So what did you MEAN to say?  Were you
trying to suggest that users did/do, in fact, have a way, but you think
you're smarter then they are, so it's ok for them to never learn what the
rest of us find to be painfully trivial?  That's not what you said, so I'm
curious.


> You could hardly care, could you?  Look at your posts.
> Or shall I call them the trolls they are?

Trolls?  No...  If I were trying to troll you, I could certainly do better
than that...  Hands up everyone here who's ended up having to defend
themselves in court because of their inability to shut up...

oh...  I see.


> You're lost in a vicious fantasy, dude.  Obviously there's
> nothing I can do for you.

What ever would make you think I need you to do something for me?  You
appear to have a nasty messiah complex of some sort...  believing we all, in
some way, need your help.



> You clearly think very poorly of your fellw man.  By
> default, one might say.

No.   You clearly think very poorly of your fellow man.  I look at them as
capable of being an equal.  I look at everyone, who wants to, as being
capable of learning the fundamental basics behind the technology, and able
to obtain the skills they need to function properly with technology.  You
think they can't be expected to accomplish the most painfully easy tasks
without a good, steady hand holding....  like learning one DOS command is a
"vicious fantasy".


> I do though, wish you'd go away and cease the propaganda.
> It's misleading and/or of no practical value, save only to your
> pathetic ego.

propaganda?  like what?  like yours?  what's misleading?  you're talking out
of your ass here.

Who has an ego?  me, who thinks that anyone can learn this stuff, or you,
who thinks you're so much smarter than the average user that they can't be
expected to have your great wisdom on the subject?  and I have an ego (as
opposed to you)?  ho hum indeed.

-S
0
Stefan
8/9/2002 7:19:00 PM
"Stefan" <no.sp@m.com> wrote:


>"pchelp" wrote in message:
>
>> You have no slightest concept of reality, have you?
>> How many users really know -- or will ever know
>> -- arcane command-lines?  How many could begin
>> to interpret what they produce?

>I don't intend to repeat myself, ad nauseam, but you're not listening.  I
>never said that I thought very many users ALREADY -- or will ever -- know
>how to secure more than a toaster oven.  I was only showing how stupifyingly
>easy it is....

>C:\>NET VIEW \\127.0.0.1

Sorry, that doesn't wash.  The command line is simple.  Typing it is
simple.  But there s a rather large amount of basic knowledge that
underlies it.


>...now...  does the fact that most people don't know that command mean that
>it's in some way difficult to understand?  No.  They do not know, only
>because they do not care.

They do not know, because they aren't even told in the remotest way that
it EXISTS as a possibility.


>Gimme a stack of banana'a, and I could teach a
>room full of retarded monkeys to figure it out.  If users don't like command
>line stuff, there's pleanty of point-n-click ways to get the job done...
>RTFM.

Find that in the WindowsWhatever Help files.  You'll look long and hard.


>Your EXACT words were "Users have oftimes had no way of knowing their shares
>were open".  I'm sorry, but is what I just showed you not a way of knowing
>their shares were open?  Yes, it is.

No.  It isn't.  It's something users -- I mean ordinary people, who want
to browse the Net and write letters, not geeks -- will NOT know and
unless they look and look HARD, they will not know it's even there to BE
known.


>So what did you MEAN to say?  Were you
>trying to suggest that users did/do, in fact, have a way, but you think
>you're smarter then they are, so it's ok for them to never learn what the
>rest of us find to be painfully trivial?  That's not what you said, so I'm
>curious.

You delight in degradation, don't you?  Your words, snipped below, imply
that you champion people, even as you denigrate them.  What a sad lie.

People CAN indeed understand all these things.  But you don't get it
across to them by means of abuse, nor by blaming them for having no clue
when their O/S is poised to betray them and their software CLAIMS to
have the matter well in hand, even as their manuals omit to provide them
the means even to find out whether that is so.

If I could see where you'd spent a minute of your precious time actually
trying to help someone who hadn't a clue by no fault of their own, I
might give you some credence.  As it is, I see only a vicious troll, who
finds his pleasure in self-aggrandizement of the worst sort -- that
which, instead of elevating oneself, seeks to reduce others.  What a
FINE way to feel superior.  I do feel sorry for you, Stefan.

pchelp
0
pchelp
8/9/2002 7:33:00 PM
"Stefan" <no.sp@m.com> wrote in message news:aiumug$2pcs$1@news.grc.com...

> This thought WAS NOT my was of passing the buck, and saying the stupid
user
> has no responsibility to obey copyright laws.  Not at all.  However, IMHO,
> it would just be a MUCH more logical *next step* for the RIAA....  you
> know... before they propose open season DDoSing on clueless users.

I tend to agree with Keith that users cannot be expected to know great
detail, just as a driver doesn't need to know how to assemble a
transmission, but as you rightly point out the authors of P2P do know this
and should therefore take their share of the responsibility. I rather think
this backs up your point somewhat.

You are exactly right that were it not for the default scavenging these
things do there would be many sharing nothing but downloading everything.
That's why all the systems insist on sharing the downloads folder whatever
other choices you make. But then it's also true that people learn how to get
the stuff but not how to secure their system. There are media files in the
system folders... not a good thing to share.

But the real issue is numbers. Just exactly how many people will they have
to disrupt to make anything other than a negligible difference? Hasn't the
horse already left the stable and disappeared over the horizon? Almost
everything ever recorded must be sitting on a PC somewhere by now.

Frankly I think if record companies produced cheaper stuff with decent
sleeve notes (anybody remember them?) many fans would genuinely support
their favourite bands. Most casual listeners won't buy music at the prices
they charge so I reject their claims of huge losses. Keeping prices rising
is damaging sales, not the people who were never going to buy it anyway.

I suspect the perceived greed is damaging the RIAA website more than the
threats to P2P users.

Charlie
0
Charlie
8/9/2002 7:35:00 PM
In <aj0qu5$1s6u$1@news.grc.com>, Stefan 
transmitsitlikethis:

> "pchelp" wrote in message:

> > Users have oftimes had no way of knowing their shares were open.
 
> C:\>NET VIEW \\127.0.0.1

I tried that and have "no such file".  So I guess this 
means I have no "open shares".  Is it really as simple 
as typing "C:\>NET VIEW \\127.0.0.1" into our 
browsers?  Or that should be in the MS-DOS "command" 
prompt?  Nothing showed up there either, just another 
prompt.  I don't recall that being mentioned here 
before. Does this work for all versions of Windows 
OS's?  Can you post an example of what would be seen 
using "C:\>NET VIEW \\127.0.0.1" if a person did have 
open shares.  

(I've set followups to grc.security.)
0
waves
8/9/2002 7:52:00 PM
waves <me@one.ok!> wrote:
> In <aj0qu5$1s6u$1@news.grc.com>, Stefan
> transmitsitlikethis:
>
>> "pchelp" wrote in message:
>
>>> Users have oftimes had no way of knowing their shares were open.
>
>> C:\>NET VIEW \\127.0.0.1
>
> I tried that and have "no such file".  So I guess this
> means I have no "open shares".  Is it really as simple
> as typing "C:\>NET VIEW \\127.0.0.1" into our
> browsers?  Or that should be in the MS-DOS "command"
> prompt?  Nothing showed up there either, just another
> prompt.  I don't recall that being mentioned here
> before. Does this work for all versions of Windows
> OS's?  Can you post an example of what would be seen
> using "C:\>NET VIEW \\127.0.0.1" if a person did have
> open shares.

In an MS-DOS window:

C:\WINDOWS>NET VIEW \\127.0.0.1

Error 53: The computer name specified in the network path cannot be located.
Make sure you are specifying the computer name correctly, or try again later
when the remote computer is available.


C:\WINDOWS>


-- 
Robert
List of Lists - http://lists.gpick.com/
Eric Howe's Privacy and Security Site -
http://www.staff.uiuc.edu/~ehowes/main-nf.htm
0
Robert
8/9/2002 8:06:00 PM
In <aj14i5$27dm$1@news.grc.com>, Stefan 
transmitsitlikethis:
> 
> "pchelp" wrote in message:
> 
> > You have no slightest concept of reality, have you?
> > How many users really know -- or will ever know
> > -- arcane command-lines?  How many could begin
> > to interpret what they produce?
> 
> I don't intend to repeat myself, ad nauseam, but you're not listening.  I
> never said that I thought very many users ALREADY -- or will ever -- know
> how to secure more than a toaster oven.  I was only showing how stupifyingly
> easy it is....

Since when do toaster ovens have to be "secured"???  I 
don't have one personally, but if I run into someone 
who does, I'd like to be able to assist them.  Thanks 
for the hedzup.
 
> C:\>NET VIEW \\127.0.0.1
> 
> ...now...  does the fact that most people don't know that command mean that
> it's in some way difficult to understand?  No.  They do not know, only
> because they do not care.  Gimme a stack of banana'a, and I could teach a
> room full of retarded monkeys to figure it out.  

Waves hands Stefan a "stack of banana'a" and asks him 
to proceed with his "teachings".  


> If users don't like command
> line stuff, there's pleanty of point-n-click ways to get the job done...
> RTFM.

What "manual" are you talking about?
0
waves
8/9/2002 8:14:00 PM
"pchelp" <pchelp@pc-help.org> wrote in message:


> Sorry, that doesn't wash.  The command line is simple.  Typing
> it is simple.  But there s a rather large amount of basic knowledge
> that underlies it.

There's a lot of technology required to make my computer even turn on when I
push the button.  I don't understand all of it, but that doesn't prevent me
from using the computer.  Sure, I know about resistors, transistors, and
capacitors, but I don't need to know all about them to figure out how to use
my computer...  I just go ahead and use it without a great need to
understand everything about the underlying technology.


>> They do not know, only  because they do not care.
>
> They do not know, because they aren't even told in the
> remotest way that it EXISTS as a possibility.

I wasn't told about a lot of the things I know.  That didn't stop me from
learning about them.


> Find that in the WindowsWhatever Help files.
> You'll look long and hard.

I must have misplaces my "WindowsWhatever Help files".  Let's try an
internet search...

http://www.google.ca/search?q=file+sharing+in+windows

wow!


> No.  It isn't.  It's something users -- I mean ordinary
> people, who want to browse the Net and write letters,
> not geeks -- will NOT know and unless they look and
> look HARD, they will not know it's even there to BE
> known.

Ohhh...  so one must be a "geek" to learn something?  I get it.  I'm a
"computer geek".  My uncle is a "car geek".  My friend is a "construction
geek".  God knows we can't understand something unless we're a "geek" on the
subject.

Interesting enough, a "geek"...
http://www.dictionary.com/search?q=geek
....is someone who is "regarded as foolish, inept, or clumsy".

....I fail to see how being that would help.

Or did you mean the 2nd definition...  someone who is "single-minded or
accomplished in scientific or technical pursuits but is felt to be socially
inept".

So we have to be "socially inept" to figure it out?  o-k-a-y.

  Or were you referring to the third definition?  Someone who is a "carnival
performer whose show consists of bizarre acts, such as biting the head off a
live chicken".

I like the third one...  let's go with it.


> You delight in degradation, don't you?  Your words, snipped
> below, imply that you champion people, even as you denigrate
> them.  What a sad lie.

I would insult those who claim they "can't" learn it.  I'm of the belief
that anyone could learn it if they want to, and that doesn't require being a
"geek".


> People CAN indeed understand all these things.

Really?  Because just an hour ago you said that, "Users have oftimes had no
way of knowing their shares were open".


> But you don't get it across to them by means of
> abuse, nor by blaming them for having no clue

When did I suggest that's the way to teach something to someone?


> when their O/S is poised to betray them and their
> software CLAIMS to have the matter well in hand,
> even as their manuals omit to provide them the
> means even to find out whether that is so.

Their "O/S is poised to betray them"?  That's beautiful.  You know, it's
funny, but none of mine ever betrayed me, so I can personally vouch that
Windows 95, 98, Me, NT, 2kPro, 2kServer, as well as Redhat7.2, and SuSE8.0
are all non-betraying O/Ses.  Go ahead, and use any of them at free will.


> If I could see where you'd spent a minute of your precious
> time actually trying to help someone who hadn't a clue by
> no fault of their own, I might give you some credence.

Well, you don't know me, what I do, or how many people I've helped, so keep
your self-serving egotistical nonsense to yourself.


>  As it is, I see only a vicious troll, who
> finds his pleasure in self-aggrandizement
> of the worst sort

yea, yea...  all because I happen to believe that the same people capable of
downloading mass quantities of free music may also be capable of running a
single DOS command, and understanding it's results.


> that which, instead of elevating oneself, seeks to
> reduce others.  What a FINE way to feel superior.

I'm not out to feel superior.  If I were, I'd say ignorant things about how
nobody can be expected to know all the things that I know...  unless they
were a geek.


>  I do feel sorry for you, Stefan.

Don't.  I'm not the one blinded my own self image.  However, it's
interesting that you go from calling me a "troll" (someone who bugs others
just to get a negative reaction), to saying you feel sorry for me (which
would imply you think I honestly believe what I'm saying).  You really don't
know what you think, do you?

-S
0
Stefan
8/9/2002 8:15:00 PM
"waves" wrote in message:

> Since when do toaster ovens have to be "secured"???

http://www.dictionary.com/search?q=facetious


>> Gimme a stack of banana'a, and I could teach
>> a room full of retarded monkeys to figure it out.
>
> Waves hands Stefan a "stack of banana'a" and asks
> him to proceed with his "teachings".

That's just the banana's...  We still need a room full of retarded monkeys.


> What "manual" are you talking about?

http://makeashorterlink.com/?K1C521B71

-S
0
Stefan
8/9/2002 8:34:00 PM
In article <aj17lq$2aro$1@news.grc.com>, Don't.use.Lockdown@any.price says...
> waves <me@one.ok!> wrote:
> > In <aj0qu5$1s6u$1@news.grc.com>, Stefan
> > transmitsitlikethis:
> >
> >> "pchelp" wrote in message:
> >
> >>> Users have oftimes had no way of knowing their shares were open.
> >
> >> C:\>NET VIEW \\127.0.0.1
> >
> > I tried that and have "no such file".  So I guess this

 <snip>

> > using "C:\>NET VIEW \\127.0.0.1" if a person did have
> > open shares.
> 
> In an MS-DOS window:
> 
> C:\WINDOWS>NET VIEW \\127.0.0.1
> 
> Error 53: The computer name specified in the network path cannot be located.
> Make sure you are specifying the computer name correctly, or try again later
> when the remote computer is available.
> 
> 
> C:\WINDOWS>
> 
> 
> 

I tried it, in a command prompt window, and got the following:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Claude J>NET VIEW \\127.0.0.1
Shared resources at \\127.0.0.1

Medion

Share name    Type   Used as  Comment

-------------------------------------------------------------------------------
My Documents  Disk
Panasoni      Print           Panasonic KX-P1124
seti          Disk
The command completed successfully.


C:\Documents and Settings\Claude J>

 ******************************

I'm behind a nat router, so I'm not too worried.

Claude
0
Claude
8/9/2002 8:40:00 PM
>
> > C:\>NET VIEW \\127.0.0.1
>
> I tried that and have "no such file".  So I guess this
> means I have no "open shares".  Is it really as simple
> as typing "C:\>NET VIEW \\127.0.0.1" into our
> browsers?  Or that should be in the MS-DOS "command"
> prompt?  Nothing showed up there either, just another
> prompt.  I don't recall that being mentioned here
> before. Does this work for all versions of Windows
> OS's?  Can you post an example of what would be seen
> using "C:\>NET VIEW \\127.0.0.1" if a person did have
> open shares.
>
> (I've set followups to grc.security.)


If you have file/printer sharing installed, and NetBIOS bound to TCP/IP
(something that's necessary for shares to be exposed over the Internet),
then that command, ran from a DOS prompt, will yield results similar to
this:

************************************************************
C:\>NET VIEW \\127.0.0.1

Shared resources at \\127.0.0.1

Share name   Type         Used as  Comment
------------------------------------------------------------
C                Disk
D                Disk
Desktop      Disk

The command completed successfully.

C:\>
************************************************************

I'm hiding behind a NAT, but typically, you want the result to say that
their are no entries in the list -- or give an error implying that the
computer isn't even configured properly to be sharing files over the
Internet -- meaning that you're probably safe.

-S
0
Stefan
8/9/2002 8:43:00 PM
"Stefan" <no.sp@m.com> wrote in message news:aj19gh$2crb$1@news.grc.com...
>
> >
> > > C:\>NET VIEW \\127.0.0.1
> >
> > I tried that and have "no such file".  So I guess this
> > means I have no "open shares".  Is it really as simple
>
> Shared resources at \\127.0.0.1
>
> Share name   Type         Used as  Comment
> ------------------------------------------------------------
> C                Disk
> D                Disk
> Desktop      Disk
>
> The command completed successfully.
>
> C:\>
> ************************************************************
>
> I'm hiding behind a NAT, but typically, you want the result to say that
> their are no entries in the list -- or give an error implying that the
> computer isn't even configured properly to be sharing files over the
> Internet -- meaning that you're probably safe.
>

On some flavors of Windows (NT and XP come to mind) you can issue a "net
share" which will show hidden shares as well.    Shares such as "ADMIN$" and
"C$" are "well known" hidden shares.    I get rid of these on my PC.   Other
shares that I have created terminate with a "$" character to hide these
shares from public view.   In addition, netbios over TCP can be configured
with a scope ID, which I have done with my PC's.   PC's supposedly have to
have the same NBT scope ID in order to make netbios connections.   (I have
two PC's behind a NAT - they also run software firewalls.)
AL
0
AL
8/9/2002 9:10:00 PM
pchelp wrote in message <3d541677.8377964@news.grc.com>...
>"Stefan" <no.sp@m.com> wrote

<UBER SNIP>


 I do feel sorry for you, Stefan.
>
>pchelp
>

Wise man now proceeds to fridge, withdraws cool beer and drinks slowly
whilst thinking, "Life is short, this beer is good and Stefan - heck, this
beer is good."

Charlie.
www.wymsey.co.uk
0
Charlie
8/9/2002 9:14:00 PM
Stefan wrote:

> "waves" wrote in message:
>
>> Since when do toaster ovens have to be "secured"???
>
> http://www.dictionary.com/search?q=facetious

I would have gone for "when you're in the shower".
Or when the neighbors kid mistakes it for a CD tray. (6 yo)

'Seek and ye shall find'
NT Canuck
0
NT
8/9/2002 9:45:00 PM
In <MPG.17be2d971275bc7989c92@207.71.92.194>, waves 
transmitsitlikethis:

> In <aj0qu5$1s6u$1@news.grc.com>, Stefan 
> transmitsitlikethis:
 
> > "pchelp" wrote in message:

> > > Users have oftimes had no way of knowing their shares were open.
 
> > C:\>NET VIEW \\127.0.0.1
 
> I tried that and have "no such file".  So I guess this 
> means I have no "open shares".  Is it really as simple 
> as typing "C:\>NET VIEW \\127.0.0.1" into our 
> browsers?  Or that should be in the MS-DOS "command" 
> prompt?  Nothing showed up there either, just another 
> prompt.  I don't recall that being mentioned here 
> before. Does this work for all versions of Windows 
> OS's?  Can you post an example of what would be seen 
> using "C:\>NET VIEW \\127.0.0.1" if a person did have 
> open shares.  

Or, in lieu of Stefan, perhaps our resident pchelp 
could fill in?
 
> (I've set followups to grc.security.)
0
waves
8/9/2002 9:47:00 PM
Stefan wrote:

>>> C:\>NET VIEW \\127.0.0.1

> If you have file/printer sharing installed, and NetBIOS bound to
> TCP/IP (something that's necessary for shares to be exposed over the
> Internet), then that command, ran from a DOS prompt, will yield
> results similar to this:
>
> ************************************************************
> C:\>NET VIEW \\127.0.0.1
>
> Shared resources at \\127.0.0.1
>
> Share name   Type         Used as  Comment
> ------------------------------------------------------------
> C                Disk
> D                Disk
> Desktop      Disk
>
> The command completed successfully.
>
> C:\>
> ************************************************************

Just to help the thread...my results...WinXP Pro.

C:\>NET VIEW \\127.0.0.1
The Workstation service has not been started.
More help is available by typing NET HELPMSG 2138.

Mind you, I had to jump two hoops and climb one tree
just to access the command line and then net view.
No bananas, but I did have some toast. .-)

'Seek and ye shall find'
NT Canuck
0
NT
8/9/2002 10:02:00 PM
"NT Canuck" wrote in message:

> I would have gone for "when you're in the shower".

You have a toaster oven by your shower?  Jeeze NT...  you're the one making
us Canadians look crazy.  :-)


> Or when the neighbors kid mistakes it for a
> CD tray. (6 yo)

Well, you should certainly stop letting him watch Red Green on TV.  Granted,
if you've never seen the show you may not have a clue what I'm talking
about...  There's the "Handyman's Corner" segment, done in the style of a
Bob Vila home improvement show where he's always making outlandish projects
from household junk...  I actually managed to find a web page on this
non-sense...
http://www.ioweb.com/redgreen/archive/handyarchive.html

If you scroll a few screens down, you'll see the CD player made from
"Toaster, duct tape, and alumninum foil".  It was one of my favorite
episodes, but I'm quite sure you have to see it first-hand for it to be
funny, but even if you've never seen it, just read some of the things he's
made, and you'll quickly get the idea...  there's just something you have to
enjoy about watching a guy add an air-bag to his car by using a garbage bag,
duct tape, and a fire extinguisher.

-S
0
Stefan
8/9/2002 10:08:00 PM
waves <me@one.ok!> wrote in news:MPG.17be2d971275bc7989c92@
207.71.92.194:

> In <aj0qu5$1s6u$1@news.grc.com>, Stefan 
> transmitsitlikethis:
> 
>> "pchelp" wrote in message:
> 
>> > Users have oftimes had no way of knowing their shares were open.
>  
>> C:\>NET VIEW \\127.0.0.1
> 
> I tried that and have "no such file".  So I guess this 
> means I have no "open shares".  Is it really as simple 
> as typing "C:\>NET VIEW \\127.0.0.1" into our 
> browsers?  Or that should be in the MS-DOS "command" 
> prompt?  Nothing showed up there either, just another 
> prompt.  I don't recall that being mentioned here 
> before. Does this work for all versions of Windows 
> OS's?  Can you post an example of what would be seen 
> using "C:\>NET VIEW \\127.0.0.1" if a person did have 
> open shares.  
> 
> (I've set followups to grc.security.)
> 
I wasn't going into that, "over there" <G>.  This is a new thread.

Win2K, SP3  additional details not provided.
Administrator account logged on.

net view \\127.0.0.1
  blocked by software firewall  (Directory Services)

net view \\computername
 Shared resources at \\computername
 Share name   Type         Used as  Comment
 --------------------------------------------------
 HPDJ         Print                 Shared
 TRANS        Disk                  TRANSfer share
 The command completed successfully.

net share
  Share name   Resource                        Remark
 --------------------------------------------------------------------
 IPC$                                         Remote IPC
 D$           D:\                             Default share
 print$       C:\WINNT\System32\spool\drivers Printer Drivers
 Q$           Q:\                             Default share
 R$           R:\                             Default share
 C$           C:\                             Default share
 ADMIN$       C:\WINNT                        Remote Admin
 TRANS        C:\TRANS                        TRANSfer share
                                              Offline cache disabled
 HPDJ         LPT1:                  Spooled  Shared
 The command completed successfully.

Computer Management (GUI)
  System Tools
   Shared Folders
    Shares
displays same data as NET SHARE, except the "HPDJ" named share is 
absent.  Also allows you to get the same Properties sheet as if you 
were in Explorer.
0
Mark
8/9/2002 10:39:00 PM
"Stefan" <no.sp@m.com> wrote in message news:aj1901$2chu$1@news.grc.com
> "waves" wrote in message:
>
>> Since when do toaster ovens have to be "secured"???
>
> http://www.dictionary.com/search?q=facetious
>
>
>>> Gimme a stack of banana'a, and I could teach
>>> a room full of retarded monkeys to figure it out.
>>
>> Waves hands Stefan a "stack of banana'a" and asks
>> him to proceed with his "teachings".
>
> That's just the banana's...  We still need a room full of retarded
> monkeys.

I am sure YOU could be substitued for the monkeys! <ducks-for-cover>


>
>
>> What "manual" are you talking about?
>
> http://makeashorterlink.com/?K1C521B71

Wow, a link to a book shop.

--


BullBar
0
BullBar
8/9/2002 11:44:00 PM
In <aj17lq$2aro$1@news.grc.com>, Robert Wycoff 
transmitsitlikethis:

Here is where the continuation of this post was 
hiding, I was having difficulty in finding it.  Duh.  
 :)

> waves <me@one.ok!> wrote:

> > In <aj0qu5$1s6u$1@news.grc.com>, Stefan
> > transmitsitlikethis:

> >> "pchelp" wrote in message:

> >>> Users have oftimes had no way of knowing their shares were open.

> >> C:\>NET VIEW \\127.0.0.1

> > I tried that and have "no such file".  So I guess this
> > means I have no "open shares".  Is it really as simple
> > as typing "C:\>NET VIEW \\127.0.0.1" into our
> > browsers?  Or that should be in the MS-DOS "command"
> > prompt?  Nothing showed up there either, just another
> > prompt.  I don't recall that being mentioned here
> > before. Does this work for all versions of Windows
> > OS's?  Can you post an example of what would be seen
> > using "C:\>NET VIEW \\127.0.0.1" if a person did have
> > open shares.

> In an MS-DOS window:
 
> C:\WINDOWS>NET VIEW \\127.0.0.1

I just can't believe this, but I want to be able to 
copy and paste something into an MS-DOS window, and 
when I went to Start > Run > Command, a small window 
used to come up, now it fills the whole screen, with 
no options (cut, copy, paste, etc.) visible.  How do I 
get back that smaller again?  Especially since I am 
having a "bad command" error message when I type in 
what you've written.  And I can't access the 
copy/paste controls from this big window.  Help.
 
> Error 53: The computer name specified in the network path cannot be located.
> Make sure you are specifying the computer name correctly, or try again later
> when the remote computer is available.

So, this is the message I should be seeing, too?

> C:\WINDOWS>

?  What?

I accidently typed in only "net view" into MS-DOS 
window and received this Error:

  "Error 3534:  You cannot start/stop the network from           
within an MS-DOS window".

What does this mean, "start/stop" the "network"? If I 
can't do it from an MS-DOS window, how could I do it?
0
waves
8/10/2002 12:05:00 AM
In <aj19gh$2crb$1@news.grc.com>, Stefan 
transmitsitlikethis:

     <cut>

> If you have file/printer sharing installed, and NetBIOS bound to TCP/IP
> (something that's necessary for shares to be exposed over the Internet),
> then that command, ran from a DOS prompt, will yield results similar to
> this:

     <cut>  Thanks for that.

> I'm hiding behind a NAT, but typically, you want the result to say that
> their are no entries in the list -- or give an error implying that the
> computer isn't even configured properly to be sharing files over the
> Internet -- meaning that you're probably safe.

"probably"?  

> 
> -S
0
waves
8/10/2002 12:05:00 AM
waves <me@one.ok!> wrote in news:MPG.17be670699cf8977989ca4@
207.71.92.194:

> I just can't believe this, but I want to be able to 
> copy and paste something into an MS-DOS window, and 
> when I went to Start > Run > Command, a small window 
> used to come up, now it fills the whole screen, with 
> no options (cut, copy, paste, etc.) visible.  How do I 
> get back that smaller again?

Try pressing Alt+Enter...that should take it back down to the normal 
size.

-- 
BlueJAMC

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
8/10/2002 12:08:00 AM
"waves"
Is it really as simple
> Can you post an example of what would be seen
> using "C:\>NET@VIEW@\\127.0.0.1" if a person did have
> open shares.
> (I've set followups to grc.security.)

Try typing it into a command prompt.  Note please: leave a space where I
placed the @ signs
Cheers
Oh your answer should be something like, - nothing shown in the list or no
entries shown in the list, I forget which
0
Tommy
8/10/2002 12:52:00 AM
> Try pressing Alt+Enter...that should take it back down to the normal 
> size.

Thank you. But I don't know what I did to make it keep 
coming up full screen.  In the options, I have checked 
in properties/usage and have it set for "window".  And 
I appreciate your "Alt+Enter" and it works, but just 
wondering why it now has decided to open in full 
rather than a window.  I would just like to account 
for the change is all.  Thanks for your reply.
0
waves
8/10/2002 12:56:00 AM
Robert Wycoff <Don't.use.Lockdown@any.price> wrote:

> In an MS-DOS window:
>
> C:\WINDOWS>NET VIEW \\127.0.0.1
>
> Error 53: The computer name specified in the network path cannot be
> located. Make sure you are specifying the computer name correctly, or try
> again later when the remote computer is available.
>
>
> C:\WINDOWS>

Win2KPro SP2:
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

D:\>cd\winnt

D:\WINNT>NET VIEW \\127.0.0.1
Shared resources at \\127.0.0.1



Share name   Type         Used as  Comment

----------------------------------------------------------------------------
---
DeskJet500   Print                 HP DeskJet 500
KT7-A        Disk
KT7-C        Disk
KT7-D        Disk
KT7-E        Disk
M            Disk
M-KT7        Disk
The command completed successfully.


D:\WINNT>

That tells me I am sharing those resources, but since I am running behind a
BEFSR41, it doesn't mean I am sharing them with the Internet, just with my
LAN.

--�
Robert
List of Lists
http://lists.gpick.com/
Eric Howe's Privacy and Security Site
http://www.staff.uiuc.edu/~ehowes/main-nf.htm
0
Robert
8/10/2002 1:15:00 AM
"waves" <me@one.ok!> wrote in message
news:MPG.17be73fc23024037989ca8@207.71.92.194...

> Thank you. But I don't know what I did to make it keep
> coming up full screen.  In the options, I have checked
> in properties/usage and have it set for "window".  And
> I appreciate your "Alt+Enter" and it works, but just
> wondering why it now has decided to open in full
> rather than a window.  I would just like to account
> for the change is all.  Thanks for your reply.

Use CMD instead of typing command.

To paste into it first copy the selection
net view 127.0.0.1
Then simply go straight to the dos window and right click. Press enter to
execute it.

(You can also right click on the blue bar and find editing stuff like copy
and paste there)

To copy from the dos window simply highlight and right click (or use the top
bar again).

In other words right click with nothing highlighted is Paste... Right click
with something highlighted is Copy.

C:\>net view 127.0.0.1
Shared resources at 127.0.0.1

Share name   Type         Used as  Comment

--------------------------------------------------
Archives     Disk
DE6          Disk
Max3         Disk
Max4         Disk
The command completed successfully.

Hope this helps

Charlie
0
Charlie
8/10/2002 1:42:00 AM
In article <aj19gh$2crb$1@news.grc.com>, no.sp@m.com says...
> 
> >
> 
> If you have file/printer sharing installed, and NetBIOS bound to TCP/IP
> (something that's necessary for shares to be exposed over the Internet),
> then that command, ran from a DOS prompt, will yield results similar to
> this:
> 
> ************************************************************
> C:\>NET VIEW \\127.0.0.1
> 
> Shared resources at \\127.0.0.1
> 
> Share name   Type         Used as  Comment
> ------------------------------------------------------------
> C                Disk
> D                Disk
> Desktop      Disk
> 
> The command completed successfully.
> C:\>
> ************************************************************

> 
> I'm hiding behind a NAT, but typically, you want the result to say that
> their are no entries in the list -- or give an error implying that the
> computer isn't even configured properly to be sharing files over the
> Internet -- meaning that you're probably safe.

Stefan,

I followed the discussion in feedback and "net view" is all well and 
good, but "net share" is a different story. This is on w2ksp3 - stand 
alone system - no client software installed - only the nic and TCP/IP 
w/o netbios:

Share name   Resource                        Remark
------------------------------------------------------------------------
IPC$                                         Remote IPC                        
D$           D:\                             Default share                     
G$           G:\                             Default share                     
F$           F:\                             Default share                     
ADMIN$       F:\WINNT                        Remote Admin                      
H$           H:\                             Default share                     
C$           C:\                             Default share                     
E$           E:\                             Default share                     
The command completed successfully.
------------------------------------------------------------------------

Where did all these default shares come from and how do I get rid of 
them? Remote IPC? Remote Admin? GAAK!

Bob Vanderveen
0
Anonymous
8/10/2002 3:44:00 AM
In <aj1r1v$2v6v$1@news.grc.com>, Charlie Tame 
transmitsitlikethis:
 
> "waves" <me@one.ok!> wrote in message
> news:MPG.17be73fc23024037989ca8@207.71.92.194...
 
> > Thank you. But I don't know what I did to make it keep
> > coming up full screen.  In the options, I have checked
> > in properties/usage and have it set for "window".  And
> > I appreciate your "Alt+Enter" and it works, but just
> > wondering why it now has decided to open in full
> > rather than a window.  I would just like to account
> > for the change is all.  Thanks for your reply.
 
> Use CMD instead of typing command.

"Cannot find the file "cmd" or one of its components."

 
> To paste into it first copy the selection
> net view 127.0.0.1
> Then simply go straight to the dos window and right click. 

Right click doesn't do anything.

> Press enter to
> execute it.
 
> (You can also right click on the blue bar and find editing stuff like copy
> and paste there)
 
> To copy from the dos window simply highlight and right click (or use the top
> bar again).
> 
> In other words right click with nothing highlighted is Paste... Right click
> with something highlighted is Copy.

In an MS-DOS window?  It doesn't work for me.

> 
> C:\>net view 127.0.0.1

> Shared resources at 127.0.0.1

And what I get is nothing, except the "prompt" coming 
up again.  There is no listing such as you've shown, 
nor was there any "errors" messages.  So, I am 
"probably", ok?

 
> Share name   Type         Used as  Comment
 
> --------------------------------------------------
> Archives     Disk
> DE6          Disk
> Max3         Disk
> Max4         Disk
> The command completed successfully.
 
> Hope this helps

Somewhat, yes.
 
> Charlie
0
waves
8/10/2002 3:46:00 AM
In <Xns9265BDDCE4ABFz9zzaQ2btw@207.71.92.194>, Mark V 
transmitsitlikethis:

> waves <me@one.ok!> wrote in news:MPG.17be2d971275bc7989c92@
> 207.71.92.194:
 
> > In <aj0qu5$1s6u$1@news.grc.com>, Stefan 
> > transmitsitlikethis:

> >> "pchelp" wrote in message:

     <cut>

> > (I've set followups to grc.security.)

> I wasn't going into that, "over there" <G>.  This is a new thread.

But I'm sure I read about it in feedback.  ?  That's 
why I said I was setting followups to here.  

 
> Win2K, SP3  additional details not provided.

Are you saying you left out/changed some information?


> Administrator account logged on.
 
> net view \\127.0.0.1
>   blocked by software firewall  (Directory Services)

Your firewall, named Directory Services, blocked this 
MS-DOS prompt?  What is the rule you have written for 
this?
 
> net view \\computername
>  Shared resources at \\computername
>  Share name   Type         Used as  Comment

(except, why didn't your fw block this?>

     <cut> 

Thanks for all that info, which only makes me want to 
ask many more questions, but I won't. Thanks for 
your reply.
0
waves
8/10/2002 3:46:00 AM
"Anonymous Bob" <No.How@No.Way> wrote in message
news:MPG.17be5611d050eebc9896c6@news.grc.com...
> In article <aj19gh$2crb$1@news.grc.com>, no.sp@m.com says...
> I followed the discussion in feedback and "net view" is all well and
> good, but "net share" is a different story. This is on w2ksp3 - stand
> alone system - no client software installed - only the nic and TCP/IP
> w/o netbios:
>
> Share name   Resource                        Remark
> ------------------------------------------------------------------------
> IPC$                                         Remote IPC
> D$           D:\                             Default share
> G$           G:\                             Default share
> F$           F:\                             Default share
> ADMIN$       F:\WINNT                        Remote Admin
> H$           H:\                             Default share
> C$           C:\                             Default share
> E$           E:\                             Default share
> The command completed successfully.
> ------------------------------------------------------------------------
>
> Where did all these default shares come from and how do I get rid of
> them? Remote IPC? Remote Admin? GAAK!
>
> Bob Vanderveen
http://www.jsiinc.com/SUBA/TIP0000/RH0096.HTM
I've not tried it myself - but I'm considering it.)
By default, if you delete the C$, D$, etc.. Administrative shares, they will
be recreated when you reboot. To disable this feature, edit:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters

Double click on AutoShareServer and set it to 0 to disable it for a server.
Double click on AutoShareWks and set it to 0 to disable it for a
workstation.
If the entries are not present, Add Value of type REG_DWORD. The Range is 0
(disable) or 1 (enable - the default).

AL
0
AL
8/10/2002 3:59:00 AM
"AL" <nospam@nospam.com> wrote in message news:aj232k$5pr$1@news.grc.com...
> http://www.jsiinc.com/SUBA/TIP0000/RH0096.HTM
> I've not tried it myself - but I'm considering it.)

   I just tried it - all administrative shares removed - excep IPC$.   I
think I have some service running that uses it - will explore further.
   AL
0
AL
8/10/2002 4:05:00 AM
"waves" <me@one.ok!> wrote in message
news:MPG.17be9b411247facb989cae@207.71.92.194...

> > Use CMD instead of typing command.
>
> "Cannot find the file "cmd" or one of its components."

I was under the impression you had W2000 or XP, you still have 98?

Charlie
0
Charlie
8/10/2002 4:21:00 AM
In article <aj23f9$6bu$1@news.grc.com>, nospam@nospam.com says...
> 
> "AL" <nospam@nospam.com> wrote in message news:aj232k$5pr$1@news.grc.com...
> > http://www.jsiinc.com/SUBA/TIP0000/RH0096.HTM
> > I've not tried it myself - but I'm considering it.)
> 
>    I just tried it - all administrative shares removed - excep IPC$.   I
> think I have some service running that uses it - will explore further.
>    AL
> 

Al,

Thank you! Big time!

Adding AutoShareWks to lanmanworkstation had no effect, so I added it to 
lanmanserver as well. That worked.

Now to see what that breaks.<g>

Bob Vanderveen
0
Anonymous
8/10/2002 4:29:00 AM
"Anonymous Bob" <No.How@No.Way> wrote in message > Al,
> Adding AutoShareWks to lanmanworkstation had no effect, so I added it to
> lanmanserver as well. That worked.

The hack was to add it to:
LanmanServer\Parameters

The biggie is to add a "scope id".   I have a "scope id" coded on my XP and
my Windows 95.  I recommend this unless you are using a computer that is
regularly connected to one network ie; the laptop that is connected at work
and to your lan at home.   In my case that is not applicable so I coded a
non dictionary word as my netbios ID.

Win 95:
WARNING: Using Registry Editor incorrectly can cause serious, system-wide
problems that may require you to reinstall Windows 95 to correct them.
Microsoft cannot guarantee that any problems resulting from the use of
Registry Editor can be solved. Use this tool at your own risk.


  1.. Run Registry Editor (REGEDIT.EXE).
  From the HKEY_LOCAL_MACHINE subtree, go to the following key:
  2..       System\CurrentControlSet\Services\VXD\MSTCP
  3.. Add the new ScopeID by clicking on Edit, then on New, then select
"String Value = ScopeID" and press ENTER. Double-click on the value. A
window appears for Edit String. Enter your Scope ID under Value data.

XP:
I went to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NetBT
Created a new string value of ScopeID and entered a value of something like
"xCdferRgh" , matching the value I put in the Windows 95 machine.
      Machine supposedly have to have a matching scope id in order to
negotiate netbios communications.   While I have NAT, while I have software
firewalls, I do not depend at a single point (of failure) in order to
protect this PC.   In particular, since I don't have to do any additional
work after setup, although the setup is involved, I strongly recommend
setting a scope id for netbios if you are going to enable file sharing or
run the "server" service on NT/XP.
    If you are on cable, the scope id would be sniffable from anyone on your
subnet.  However it is my understanding that netbios broadcasts don't pass
through routers, so you have shut off 99.9% of the internet from getting
your personal information.  Remember, even if you have shut off file shares,
if Netbios is enabled over TCP, things like "computer name" is available, so
your computer name should not contain personally identifiable information.
AL

I'm sure that if you went to a search engine and put in an argument like
+xp +"scope id" +nbt
you would get a slew of information on the subject.  I saved the appropriate
information for my two pc's to the hard drive quite a while ago.
0
AL
8/10/2002 5:10:00 AM
In <aj1o5g$2saq$1@news.grc.com>, Tommy transmitsitlikethis:
> 
> "waves"
> Is it really as simple
> > Can you post an example of what would be seen
> > using "C:\>NET@VIEW@\\127.0.0.1" if a person did have
> > open shares.
> > (I've set followups to grc.security.)
> 
> Try typing it into a command prompt.  Note please: leave a space where I
> placed the @ signs

Using Win98, when I type in   C:\>NET VIEW \\127.0.0.1  the "prompt" 
just comes up again.  

> Cheers
> Oh your answer should be something like, - nothing shown in the list or no
> entries shown in the list, I forget which

I get, No error messages, no listings.  Not quite what you have suggested would be 
shown, or is the command line prompt coming up again after I click 
enter for  C:\>NET VIEW \\127.0.0.1  what you mean? 
0
waves
8/10/2002 12:17:00 PM
In <aj1pf9$2tom$1@news.grc.com>, Robert Wycoff transmitsitlikethis:
> Robert Wycoff <Don't.use.Lockdown@any.price> wrote:
 
> > In an MS-DOS window:

> > C:\WINDOWS>NET VIEW \\127.0.0.1

> > Error 53: The computer name specified in the network path cannot be
> > located. Make sure you are specifying the computer name correctly, or try
> > again later when the remote computer is available.

I am using win98 and when I enter that command I get:  "Bad command or 
file name".  I cut and pasted, so there should be no error.


> > C:\WINDOWS>
 
> Win2KPro SP2:
> Microsoft Windows 2000 [Version 5.00.2195]
> (C) Copyright 1985-2000 Microsoft Corp.
 
> D:\>cd\winnt
> D:\WINNT>NET VIEW \\127.0.0.1
> Shared resources at \\127.0.0.1

> Share name   Type         Used as  Comment
> 
> ----------------------------------------------------------------------------
> ---
> DeskJet500   Print                 HP DeskJet 500
> KT7-A        Disk
> KT7-C        Disk
> KT7-D        Disk
> KT7-E        Disk
> M            Disk
> M-KT7        Disk
> The command completed successfully.

> D:\WINNT>
 
> That tells me I am sharing those resources, but since I am running behind a
> BEFSR41, it doesn't mean I am sharing them with the Internet, just with my
> LAN.

Thank you for posting that for me.  It does help in understanding, 
although it also generates tons more questions, which I'm just gonna 
put aside for the time being until I understand it better and then 
maybe I won't even *have* to ask the questions.  :)  Thanks for your 
reply. 
0
waves
8/10/2002 12:17:00 PM
In <aj24cc$72d$1@news.grc.com>, Charlie Tame transmitsitlikethis:
 
> "waves" <me@one.ok!> wrote in message
> news:MPG.17be9b411247facb989cae@207.71.92.194...
 
> > > Use CMD instead of typing command.

> > "Cannot find the file "cmd" or one of its components."
 
> I was under the impression you had W2000 or XP, you still have 98?

Hey, I almost detect some sort of snobbery :), yes, I *still* have 98.  
Hey, yer makin' poor little 98 feel a bit insecure.  It seems to be 
doing everything I need it to do.  I suppose this is for another 
thread, but it there really some big advantage to be moving up to 
another OS? My win98 has all its "critical patches" and some not-so-
critical applied, so I am ok?  But I would only be wishing to update 
OS if it improved my privacy/security.  Is this the case with W2000 or 
XP?  Please start a new thread if you have the time to briefly outline 
the advantages.  I've heard lots of good things about W2000 whilst 
glancing at some threads, although right now, I am unable to recall 
precisely why this is the case.

Thanks for your reply.
 
> Charlie

 
0
waves
8/10/2002 12:17:00 PM
"Anonymous Bob" <No.How@No.Way> wrote in message
news:MPG.17be5611d050eebc9896c6@news.grc.com...
> In article <aj19gh$2crb$1@news.grc.com>, no.sp@m.com says...
> Share name   Resource                        Remark
> ------------------------------------------------------------------------
> IPC$                                         Remote IPC
> D$           D:\                             Default share
> G$           G:\                             Default share
> F$           F:\                             Default share
> ADMIN$       F:\WINNT                        Remote Admin
> H$           H:\                             Default share
> C$           C:\                             Default share
> E$           E:\                             Default share
> The command completed successfully.
> ------------------------------------------------------------------------
>
> Where did all these default shares come from and how do I get rid of
> them? Remote IPC? Remote Admin? GAAK!
>
> Bob Vanderveen

http://www.labmice.net/articles/winxpsecuritychecklist.htm

  scroll down to Disable default shares,
Disable default shares
Windows XP automatically creates a number hidden administrative shares that
the operating system uses to manage the computer environment on the network.
These default shares can be disabled via the Computer Management console in
the Control Panel, but they are re-enabled by the system after you restart
your computer. The default hidden shares are:

            Path and Function
            C$ D$ E$ Root of each partition. For a Windows XP Professional
computer, only members of the Administrators or Backup Operators group can
connect to these shared folders.
            ADMIN$ %SYSTEMROOT%  This share is used by the system during
remote administration of a computer. The path of this resource is always the
path to the Windows XP system root (the directory in which Windows XP is
installed: for example, C:\Winnt).
            FAX$ This used by fax clients in the process of sending a fax.
The shared folder temporarily caches files and accesses cover pages stored
on the server.
            IPC$ Temporary connections between servers using named pipes
essential for communication between programs. It is used during remote
administration of a computer and when viewing a computer's shared resources
            NetLogon This is used by the Netlogon service to process log on
requests
            PRINT$ %SYSTEMROOT%\SYSTEM32\SPOOL\DRIVERS  Used during remote
administration of printers.


To prevent these shares from being created at startup, open RegEdit and edit
the following key: HKeyLocal
Machine\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters Create a
DWORD value called AutoShareWks and set the parameter to 0. (Note: This does
not disable the IPC$ share in our tests, we're still working on a solution).
You should test the functionality of your programs and services after you
disable the default administrative shares. Some Windows services depend on
the existence of these shares. In addition, some third-party programs may
require that some of the administrative shares exist. For example, some
backup programs may require these shares. You may be able to restore
functionality by manually creating the required shares.
0
Kript
8/10/2002 2:13:00 PM
waves <me@one.ok!> wrote:
> In <aj1o5g$2saq$1@news.grc.com>, Tommy transmitsitlikethis:
>>
>> "waves"
>> Is it really as simple
>>> Can you post an example of what would be seen
>>> using "C:\>NET@VIEW@\\127.0.0.1" if a person did have
>>> open shares.
>>> (I've set followups to grc.security.)
>>
>> Try typing it into a command prompt.  Note please: leave a space where I
>> placed the @ signs
>
> Using Win98, when I type in   C:\>NET VIEW \\127.0.0.1  the "prompt"
> just comes up again.
>
>> Cheers
>> Oh your answer should be something like, - nothing shown in the list or
>> no entries shown in the list, I forget which
>
> I get, No error messages, no listings.  Not quite what you have suggested
> would be shown, or is the command line prompt coming up again after I
> click enter for  C:\>NET VIEW \\127.0.0.1  what you mean?

I get a message saying I have to log on in order to issue the command.

http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q141229&

--�
Robert
List of Lists - http://lists.gpick.com/
Eric Howe's Privacy and Security Site -
http://www.staff.uiuc.edu/~ehowes/main-nf.htm
0
Robert
8/10/2002 2:15:00 PM
waves <me@one.ok!> wrote in news:MPG.17be9b7c6fcaaffb989caf@
207.71.92.194:

> In <Xns9265BDDCE4ABFz9zzaQ2btw@207.71.92.194>, Mark V 
> transmitsitlikethis:
> 
>> waves <me@one.ok!> wrote in news:MPG.17be2d971275bc7989c92@
>> 207.71.92.194:
>  
>> > In <aj0qu5$1s6u$1@news.grc.com>, Stefan 
>> > transmitsitlikethis:
> 
>> >> "pchelp" wrote in message:
> 
>      <cut>
> 
>> > (I've set followups to grc.security.)
> 
>> I wasn't going into that, "over there" <G>.  This is a new thread.
> 
> But I'm sure I read about it in feedback.  ?  That's 
> why I said I was setting followups to here.  
Sorry,  I meant a new thread in a structural sense.  This one is a 
bit more focused.
>  
>> Win2K, SP3  additional details not provided.
> 
> Are you saying you left out/changed some information?
I did not include another several paragraphs detailing networking 
setup, software/hardware firewalls .....
> 
>> Administrator account logged on.
>  
>> net view \\127.0.0.1
>>   blocked by software firewall  (Directory Services)
I was too shorthanded :-)  That command in that format on this system 
with my configuration triggers Microsoft Directory Services to use a 
port which is here blocked by my software firewall.  My software 
firewall is Kerio (KPF).
 
> Your firewall, named Directory Services, blocked this 
> MS-DOS prompt?  What is the rule you have written for 
> this?
>  
>> net view \\computername
>>  Shared resources at \\computername
>>  Share name   Type         Used as  Comment
> 
> (except, why didn't your fw block this?>
This command works differently using a cumputername as opposed to the 
loopback (an IP) address.  Computername is a NBname (NetBIOS) name as 
opposed to an IP "name".  The same "NET VIEW" actually uses different 
parts of code in this case.
> 
>      <cut> 
> 
> Thanks for all that info, which only makes me want to 
> ask many more questions, but I won't. Thanks for 
> your reply.
Ask away.  That's why these news groups exist.

I made the mistake of jumping into this _continued_ thread without 
reading all the previous posts.  You wanted some examples of how to 
see what's shared on your system.  I gave some examples (for _my_ 
system).

It seems you are running W98 (other post).  MANY things are different 
in networking between W98 and NTx (NT4, W2k, XP).  Actually a huge 
number of things are different!

I don't have an W98 systems handy at the moment...  NET.exe has very 
different options under W9x.  At the command prompt enter
 net /? | more 
to see what's available.

BTW  If you create a shortcut on your Desktop to  command.com
you should be able to use the Properties of that to set up 
Copy/Cut/Paste and other options.
0
Mark
8/10/2002 2:16:00 PM
Anonymous Bob <No.How@No.Way> wrote in
news:MPG.17be5611d050eebc9896c6@news.grc.com: 

> In article <aj19gh$2crb$1@news.grc.com>, no.sp@m.com says...
>> 
>> >
>> 
>> If you have file/printer sharing installed, and NetBIOS bound to
>> TCP/IP (something that's necessary for shares to be exposed over
>> the Internet), then that command, ran from a DOS prompt, will
>> yield results similar to this:
>> 
>> ************************************************************
>> C:\>NET VIEW \\127.0.0.1
>> 
>> Shared resources at \\127.0.0.1
>> 
>> Share name   Type         Used as  Comment
>> ------------------------------------------------------------
>> C                Disk
>> D                Disk
>> Desktop      Disk
>> 
>> The command completed successfully.
>> C:\>
>> ************************************************************
> 
>> 
>> I'm hiding behind a NAT, but typically, you want the result to
>> say that their are no entries in the list -- or give an error
>> implying that the computer isn't even configured properly to be
>> sharing files over the Internet -- meaning that you're probably
>> safe. 
> 
> Stefan,
> 
> I followed the discussion in feedback and "net view" is all well
> and good, but "net share" is a different story. This is on w2ksp3
> - stand alone system - no client software installed - only the nic
> and TCP/IP w/o netbios:
> 
[snip]

> ----- 
> 
> Where did all these default shares come from and how do I get rid
> of them? Remote IPC? Remote Admin? GAAK!
> 
> Bob Vanderveen

Those default shares are created automatically... see other post to 
remove some of them.

But wait.  They are not _neccessarily_ (or intrinsically) bad.  All 
depends on how you have both the local computer security and your 
networking set up.  And your firewalling set up. ...
0
Mark
8/10/2002 2:21:00 PM
waves <me@one.ok!> wrote in
news:MPG.17bf1181fa996898989cb4@207.71.92.194: 

> In <aj1o5g$2saq$1@news.grc.com>, Tommy transmitsitlikethis:
>> 
>> "waves"
>> Is it really as simple
>> > Can you post an example of what would be seen
>> > using "C:\>NET@VIEW@\\127.0.0.1" if a person did have
>> > open shares.
>> > (I've set followups to grc.security.)
>> 
>> Try typing it into a command prompt.  Note please: leave a space
>> where I placed the @ signs
> 
> Using Win98, when I type in   C:\>NET VIEW \\127.0.0.1  the
> "prompt" just comes up again.  
> 
>> Cheers
>> Oh your answer should be something like, - nothing shown in the
>> list or no entries shown in the list, I forget which
> 
> I get, No error messages, no listings.  Not quite what you have
> suggested would be shown, or is the command line prompt coming up
> again after I click enter for  C:\>NET VIEW \\127.0.0.1  what you
> mean? 
> 
AFAIK this won't work on W98.

 
0
Mark
8/10/2002 2:22:00 PM
waves <me@one.ok!> wrote:

> I get, No error messages, no listings.  Not quite what you have suggested
> would be shown, or is the command line prompt coming up again after I
> click enter for  C:\>NET VIEW \\127.0.0.1  what you mean?

Once I logged on, here is what I was able to do with the NET VIEW command on
Win98SE:

C:\NET VIEW \\BH6-CELERON

Shared resources at \\BH6-CELERON

Sharename    Type         Comment
----------------------------------------------
BH6-A        Disk         BH6-Celeron
BH6-D        Disk         BH6-Celeron
BH6-M        Disk         Pioneer DVD 10X
MAXTOR86     Disk         BH6-Celeron
The command was completed successfully.

Obviously, BH6-CELERON is the name of the Win98SE computer.

--�
Robert
List of Lists - http://lists.gpick.com/
Eric Howe's Privacy and Security Site -
http://www.staff.uiuc.edu/~ehowes/main-nf.htm
0
Robert
8/10/2002 3:20:00 PM
In <Xns92666885F5F0z9zzaQ2btw@207.71.92.194>, Mark V 
transmitsitlikethis:

     <cut>

> >> Win2K, SP3  additional details not provided.

> > Are you saying you left out/changed some information?
> I did not include another several paragraphs detailing networking 
> setup, software/hardware firewalls .....

Well, it does hamper my understanding a bit :), but I realize why you 
had to do that.  

> >> Administrator account logged on.

> >> net view \\127.0.0.1
> >>   blocked by software firewall  (Directory Services)

> I was too shorthanded :-)  That command in that format on this system 
> with my configuration triggers Microsoft Directory Services to use a 
> port which is here blocked by my software firewall.  My software 
> firewall is Kerio (KPF).

Ok, thanks.
  
> > Your firewall, named Directory Services, blocked this 
> > MS-DOS prompt?  What is the rule you have written for 
> > this?

> >> net view \\computername
> >>  Shared resources at \\computername
> >>  Share name   Type         Used as  Comment

> > (except, why didn't your fw block this?>

> This command works differently using a cumputername as opposed to the 
> loopback (an IP) address.  Computername is a NBname (NetBIOS) name as 
> opposed to an IP "name".  The same "NET VIEW" actually uses different 
> parts of code in this case.

Ok, it's startin' to make some kind of strange sense ... mind you, I 
did say it was only *startin* to make sense.  :)

> >      <cut> 

> > Thanks for all that info, which only makes me want to 
> > ask many more questions, but I won't. Thanks for 
> > your reply.

> Ask away.  That's why these news groups exist.

Well, I was under that impression myself, but ... well, OK, if you 
insist :).

> I made the mistake of jumping into this _continued_ thread without 
> reading all the previous posts.  You wanted some examples of how to 
> see what's shared on your system.  I gave some examples (for _my_ 
> system).

> It seems you are running W98 (other post).  MANY things are different 
> in networking between W98 and NTx (NT4, W2k, XP).  Actually a huge 
> number of things are different!
 
> I don't have an W98 systems handy at the moment...  NET.exe has very 
> different options under W9x.  At the command prompt enter
>  net /? | more 
> to see what's available.

Here's what's available:  

NET CONFIG   Displays your current workgroup settings.
NET DIAG     Runs the Microsoft Network Diagnostics program to
             display diagnostic information about your network.
NET HELP     Provides information about commands and
             error messages.
NET INIT     Loads protocol and network-adapter drivers without
             binding them to Protocol Manager.
NET LOGOFF   Breaks the connection between your computer and
             the shared resources to which it is connected.
NET LOGON    Identifies you as a member of a workgroup.
NET PASSWORD Changes your logon password.
NET PRINT    Displays information about print queues
             and controls print jobs.
NET START    Starts services.
NET STOP     Stops services.
NET TIME     Displays the time on or synchronizes your computer's
             clock with the clock on a Microsoft Windows for
             Workgroups, Windows NT, Windows 95, or NetWare time              
             server.
NET USE      Connects to or disconnects from a shared
             resource or displays information about
             connections.
NET VER      Displays the type and version number of the
             workgroup redirector you are using.
NET VIEW     Displays a list of computers that share
             resources or a list of shared resources
             on a specific computer.

I tried a couple of commands:

  C:\WINDOWS\Profiles\dla\Desktop>net config

  Error 3545: You cannot start or stop the network from within an MS-
  DOS window.

So in order to ues this command, I would first have to be online?

I tried another command:

 C:\WINDOWS\Profiles\dla\Desktop>net start
 The command was completed successfully.

 C:\WINDOWS\Profiles\dla\Desktop>net stop

 Error 3545: You cannot start or stop the network from within an MS-
 DOS window.

So, now I'm just getting frustrated in trying to understand this.  
When I typed in "net start", it said the command was completed 
successfully, but then when I try "net stop", it tells me I can't 
START or STOP the network ... but I thought the START command was 
successful.  Growl.  
 
> BTW  If you create a shortcut on your Desktop to  command.com
> you should be able to use the Properties of that to set up 
> Copy/Cut/Paste and other options.

I now have a shortcut in my tray, which is quicker than 
start/run/command, etc.  It also has less "paths"?. Having created the 
shortcut from command.com, all that shows up in the window is 
C:\WINDOWS versus what you can see above.  I don't know if that makes 
any difference to anything or not?  And I don't know how to get rid of 
that longer version.  I actually have a book:  DOS For Dummies.  I'll 
have a look through that and try to let you people be.  :)  Thanks.
0
waves
8/10/2002 6:17:00 PM
"waves"
> Using Win98, when I type in   C:\>NET VIEW \\127.0.0.1  the "prompt"
> just comes up again.

Your question has been answered previously :)
I was not aware you were using 98.

I have a few MEs, a few 98s, a few 95s and 3 x 2000 pros.  This particular
machine is at home (2k pro).  I'm not getting any younger or brainier, but
if you need anything - gimme a call :-))
Cheers
Tommy
0
Tommy
8/10/2002 6:28:00 PM
In article <Xns9266696F6A52Ez9zzaQ2btw@207.71.92.194>, 
invalid@notvalid.net says...
> Anonymous Bob <No.How@No.Way> wrote in
> news:MPG.17be5611d050eebc9896c6@news.grc.com: 
> > Stefan,
> > 
> > I followed the discussion in feedback and "net view" is all well
> > and good, but "net share" is a different story. This is on w2ksp3
> > - stand alone system - no client software installed - only the nic
> > and TCP/IP w/o netbios:
> > 
> [snip]
> 
> > ----- 
> > 
> > Where did all these default shares come from and how do I get rid
> > of them? Remote IPC? Remote Admin? GAAK!


> Those default shares are created automatically... see other post to 
> remove some of them.
> 
> But wait.  They are not _neccessarily_ (or intrinsically) bad.

If some day I do something stupid (I've do that on occasion) I want to 
limit the possibly damage and I don't anticipate any need for these 
shares. In part my post was a dig at NoDefaultSharesInWindowsStefan.

As sometimes happens, I've learned something.<g>

> All 
> depends on how you have both the local computer security and your 
> networking set up.  And your firewalling set up. ...
> 
> 

Thanks for the reply. I'm behind a NAT router and if someone should 
breach that he'll still have a couple of challenges.<g>

Bob Vanderveen
0
Anonymous
8/10/2002 7:21:00 PM
In article <aj372d$190j$1@news.grc.com>, kriptzzz@atc-pazzz.com says...
> 
> 
> http://www.labmice.net/articles/winxpsecuritychecklist.htm
> 
Thanks for that link. I tried to add it to my favorites only to discover 
it was already there (well, the w2k version anyhow). I have *a lot* of 
links I've intended to pursue, but just as I can't keep up with all the 
posts in the newsgroups, I can't keep up with all the good links, leads, 
and ideas I get here either.

Bob Vanderveen
0
Anonymous
8/10/2002 7:33:00 PM
Anonymous Bob <No.How@No.Way> wrote in
news:MPG.17bf31dfdb79bfa89896c9@news.grc.com: 

[]
> 
>> Those default shares are created automatically... see other post
>> to remove some of them.
>> 
>> But wait.  They are not _neccessarily_ (or intrinsically) bad.
> 
> If some day I do something stupid (I've do that on occasion) I
> want to limit the possibly damage and I don't anticipate any need
> for these shares. In part my post was a dig at
> NoDefaultSharesInWindowsStefan. 
 
> As sometimes happens, I've learned something.<g>
> 
>> All 
>> depends on how you have both the local computer security and your
>> networking set up.  And your firewalling set up. ...
>> 
>> 
> 
> Thanks for the reply. I'm behind a NAT router and if someone
> should breach that he'll still have a couple of challenges.<g>
> 
> Bob Vanderveen
> 

The more mousetraps spread across the floor, the better.  
0
Mark
8/11/2002 2:38:00 AM
waves <me@one.ok!> wrote in
news:MPG.17bf4e723de23e2f989cc0@207.71.92.194: 

[big snip]
>> Ask away.  That's why these news groups exist.
> 
> Well, I was under that impression myself, but ... well, OK, if you
> insist :).
> 
>> I made the mistake of jumping into this _continued_ thread
>> without reading all the previous posts.  You wanted some examples
>> of how to see what's shared on your system.  I gave some examples
>> (for _my_ system).
> 
>> It seems you are running W98 (other post).  MANY things are
>> different in networking between W98 and NTx (NT4, W2k, XP). 
>> Actually a huge number of things are different!
 
>> I don't have an W98 systems handy at the moment...  NET.exe has
>> very different options under W9x.  At the command prompt enter
>>  net /? | more 
>> to see what's available.
> 
> Here's what's available:  
  
> NET CONFIG   Displays your current workgroup settings.
> NET DIAG     Runs the Microsoft Network Diagnostics program to
>              display diagnostic information about your network.
> NET HELP     Provides information about commands and
>              error messages.
> NET INIT     Loads protocol and network-adapter drivers without
>              binding them to Protocol Manager.
> NET LOGOFF   Breaks the connection between your computer and
>              the shared resources to which it is connected.
> NET LOGON    Identifies you as a member of a workgroup.
> NET PASSWORD Changes your logon password.
> NET PRINT    Displays information about print queues
>              and controls print jobs.
> NET START    Starts services.
> NET STOP     Stops services.
> NET TIME     Displays the time on or synchronizes your computer's
>              clock with the clock on a Microsoft Windows for
>              Workgroups, Windows NT, Windows 95, or NetWare time  
                           server.
> NET USE      Connects to or disconnects from a shared
>              resource or displays information about
>              connections.
> NET VER      Displays the type and version number of the
>              workgroup redirector you are using.
> NET VIEW     Displays a list of computers that share
>              resources or a list of shared resources
>              on a specific computer.
 
> I tried a couple of commands:
> 
>   C:\WINDOWS\Profiles\dla\Desktop>net config
> 
>   Error 3545: You cannot start or stop the network from within an
>   MS- DOS window.
> 
> So in order to ues this command, I would first have to be online?
Ah, well this is probably more confusing....
If the DOS mode refirector had been started first (before Win98), 
then that command would work....  You really don't want to know...  
Goes back to DOS networking and Win31 and in some cases WFWorkgroups
> 
> I tried another command:
> 
>  C:\WINDOWS\Profiles\dla\Desktop>net start
>  The command was completed successfully.
> 
>  C:\WINDOWS\Profiles\dla\Desktop>net stop
> 
>  Error 3545: You cannot start or stop the network from within an
>  MS- DOS window.
Mostly the same answer as above.  The concept behind this is W9x does 
all it's networking within itself (not at DOS level) in the protected 
mode environment.  The NET.exe is from "olden times" although it has 
been expanded in areas, some of the old stuff is still there as 
legacy.  Starting a DOS box in Win9x is not the same as native DOS.  
Close enough for most things.  Not networking (W9x).
> 
> So, now I'm just getting frustrated in trying to understand this. 
> When I typed in "net start", it said the command was completed 
> successfully, but then when I try "net stop", it tells me I can't 
> START or STOP the network ... but I thought the START command was 
> successful.  Growl.  
I think I remember how this all started...(I think.).  People were 
discussing Windows NTx versions.  NET.exe under W9x is so different 
it will likely do nothing but confuse and frustrate you.  There is 
very very little NET can do for you in W9x.  The built-in / add-on 
GUI tools are more usable by far.  Do you have (I think it was 
called) NetWatch on the system?  My memory may be bad on that one :-) 

Any chance you'll be using NT/2K/XP soon?

>> BTW  If you create a shortcut on your Desktop to  command.com
>> you should be able to use the Properties of that to set up 
>> Copy/Cut/Paste and other options.
> 
> I now have a shortcut in my tray, which is quicker than 
> start/run/command, etc.  It also has less "paths"?. Having created
> the shortcut from command.com, all that shows up in the window is 
> C:\WINDOWS versus what you can see above.  I don't know if that
> makes any difference to anything or not?  And I don't know how to
> get rid of that longer version.  I actually have a book:  DOS For
> Dummies.  I'll have a look through that and try to let you people
> be.  :)  Thanks. 
> 
The "long" and "short" stuff is the path to the directory you are 
starting the command processor in.  Can be changed in the shortcut 
Properties.  See:  Start In:   (I think it's called).

A DOS book would be great for working at the command prompt and 
applies in large part to command.com in Win9x and CMD.exe in NTx.

Try to find one that is geared toward Windows or at least has a 
section on Windows VDMs (virtual DOS machines).  Also, I seem to 
recall there are still some good sites for DOS and command line usage 
out there.
0
Mark
8/11/2002 3:01:00 AM
Mark V <invalid@notvalid.net> wrote:

> I think I remember how this all started...(I think.).  People were
> discussing Windows NTx versions.  NET.exe under W9x is so different
> it will likely do nothing but confuse and frustrate you.  There is
> very very little NET can do for you in W9x.  The built-in / add-on
> GUI tools are more usable by far.  Do you have (I think it was
> called) NetWatch on the system?  My memory may be bad on that one :-)

Mark,

Tell that to Stefan.  He's the one who started this "NET" thing.

--�
Robert
List of Lists - http://lists.gpick.com/
Eric Howe's Privacy and Security Site -
http://www.staff.uiuc.edu/~ehowes/main-nf.htm
0
Robert
8/11/2002 4:42:00 AM
On Sun, 11 Aug 2002 03:01:07 +0000 (UTC), Mark V <invalid@notvalid.net>
wrote:

>A DOS book would be great for working at the command prompt and 
>applies in large part to command.com in Win9x and CMD.exe in NTx.
>
>Try to find one that is geared toward Windows or at least has a 
>section on Windows VDMs (virtual DOS machines).  Also, I seem to 
>recall there are still some good sites for DOS and command line usage 
>out there.

http://www3.sympatico.ca/rhwatson/dos7/

http://www.houlden.f9.co.uk/msdos/

http://users.cybercity.dk/~bse26236/batutil/help/INDEX.HTM

Foe a couple.

-- 
 Buzz
0
Buzz
8/11/2002 5:25:00 AM
Buzz Walradt <buzz@iadfw.net.gov> wrote:

Buzz!!  Great to e-see you!!

-- 
Robert
List of Lists - http://lists.gpick.com/
Eric Howe's Privacy and Security Site -
http://www.staff.uiuc.edu/~ehowes/main-nf.htm
0
Robert
8/11/2002 5:41:00 AM
On Sun, 11 Aug 2002 00:41:22 -0500, "Robert Wycoff"
<Don't.use.Lockdown@any.price> wrote:

>Buzz Walradt <buzz@iadfw.net.gov> wrote:
>
>Buzz!!  Great to e-see you!!

I still duck in quite often for a quick read thru.
Finally getting a little time to myself again.

-- 
 Buzz
0
Buzz
8/11/2002 4:11:00 PM
"Robert Wycoff" <Don't.use.Lockdown@any.price> wrote in
news:aj4q05$2ucm$1@news.grc.com: 

> Mark V <invalid@notvalid.net> wrote:
> 
>> I think I remember how this all started...(I think.).  People
>> were discussing Windows NTx versions.  NET.exe under W9x is so
>> different it will likely do nothing but confuse and frustrate
>> you.  There is very very little NET can do for you in W9x.  The
>> built-in / add-on GUI tools are more usable by far.  Do you have
>> (I think it was called) NetWatch on the system?  My memory may be
>> bad on that one :-) 
> 
> Mark,
> 
> Tell that to Stefan.  He's the one who started this "NET" thing.
> 
Yeah?  And I only see one post from Stephan in this thread.
Naw, I think I'll just get out now <G>
0
Mark
8/11/2002 6:37:00 PM
On Fri, 9 Aug 2002 17:02:53 -0500, "NT Canuck" <ntcanuck@hot_mail.com> wrote:

>Just to help the thread...my results...WinXP Pro.
>
>C:\>NET VIEW \\127.0.0.1
>The Workstation service has not been started.
>More help is available by typing NET HELPMSG 2138.

WIth W2K SP2, sharing enabled, and using Outpost Pro, I get

C:\>NET VIEW \\127.0.0.1
System error 53 has occurred.

The network path was not found.







             The truth IS out there, 
but most people don't recognize it when they see it!
0
Da
8/12/2002 12:26:00 AM
In <75tblu04agfirk35k9mlogiunlu2hp4dti@news.grc.com>, Buzz Walradt 
transmitsitlikethis:

Hello, Buzz,

> On Sun, 11 Aug 2002 03:01:07 +0000 (UTC), Mark V <invalid@notvalid.net>
> wrote:
 
> >A DOS book would be great for working at the command prompt and 
> >applies in large part to command.com in Win9x and CMD.exe in NTx.

> >Try to find one that is geared toward Windows or at least has a 
> >section on Windows VDMs (virtual DOS machines).  Also, I seem to 
> >recall there are still some good sites for DOS and command line usage 
> >out there.
 
> http://www3.sympatico.ca/rhwatson/dos7/
 
> http://www.houlden.f9.co.uk/msdos/
 
> http://users.cybercity.dk/~bse26236/batutil/help/INDEX.HTM
 
> Foe a couple.

Thank you for those links, I will follow them all up.  

I remember your good name from a while back! You have have been absent 
for some time now.  Your site was very helpful to me a while back, but 
even then, you were complaining that you didn't have time to update 
the site, etc.  Have you had the time since?  And, I've lost the link 
to your site, would you mind posting it?  Thanks.

Thanks for your reply.
0
waves
8/12/2002 7:36:00 AM
In <Xns9266EA28E15C2z9zzaQ2btw@207.71.92.194>, Mark V 
transmitsitlikethis:

> waves <me@one.ok!> wrote in
> news:MPG.17bf4e723de23e2f989cc0@207.71.92.194: 

    <big cut>

Mark V,

THANK YOU for being so generous with your time and patience.  I am 
grateful.  :)
0
waves
8/12/2002 7:36:00 AM
In <aj3ns8$1q4j$1@news.grc.com>, Tommy transmitsitlikethis:
 
> "waves"
> > Using Win98, when I type in   C:\>NET VIEW \\127.0.0.1  the "prompt"
> > just comes up again.
 
> Your question has been answered previously :)
> I was not aware you were using 98.
 
> I have a few MEs, a few 98s, a few 95s and 3 x 2000 pros.  This particular
> machine is at home (2k pro).  I'm not getting any younger or brainier, but
> if you need anything - gimme a call :-))

Well, ok, Tommy, thanks for your reply.  I have a funny (to me) Irish 
joke that I heard the other day, I will tell it to you in 10-f (I hope 
no one has already posted it before.)  :)

> Cheers
> Tommy
0
waves
8/12/2002 7:36:00 AM
In <aj3b07$1ct8$1@news.grc.com>, Robert Wycoff transmitsitlikethis:
> waves <me@one.ok!> wrote:

Thanks again for posting your displays, they have been helpful.
 

 
0
waves
8/12/2002 7:36:00 AM
waves <me@one.ok!> wrote:

> I remember your good name from a while back! You have have been absent
> for some time now.  Your site was very helpful to me a while back, but
> even then, you were complaining that you didn't have time to update
> the site, etc.  Have you had the time since?  And, I've lost the link
> to your site, would you mind posting it?  Thanks.

http://web2.airmail.net/buzz/faqlinks.html

-- 
Robert
List of Lists - http://lists.gpick.com/
Eric Howe's Privacy and Security Site -
http://www.staff.uiuc.edu/~ehowes/main-nf.htm
0
Robert
8/12/2002 1:20:00 PM
On Mon, 12 Aug 2002 08:20:55 -0500, "Robert Wycoff"
<Don't.use.Lockdown@any.price> wrote:

>waves <me@one.ok!> wrote:
>
>> I remember your good name from a while back! You have have been absent
>> for some time now.  Your site was very helpful to me a while back, but
>> even then, you were complaining that you didn't have time to update
>> the site, etc.  Have you had the time since?  And, I've lost the link
>> to your site, would you mind posting it?  Thanks.
>
>http://web2.airmail.net/buzz/faqlinks.html

No ,, no time yet. A link here and there only.

I am going to try and get around to it in the next few weeks.

As long as the systems stay healthy and we don't add another 1000 netra
cluster nodes with servers to front end them again. But then we will
have to move into a bigger building to be able to add the extra power
and AC for them.

Plans for that are in the works for year end tho.

-- 
 Buzz
0
Buzz
8/13/2002 12:05:00 AM
>>I just wish that our government had not become a system that's sold
>>out to the highest bidder.  This is certainly not the way it was
>>designed.  Fortunately we have the Supreme Court, but they can't bear
>>the burden for dealing with all of the legislature's grafting
>>behavior.

----I like what Steve Gibson says here......except that I would have used
the word
"GRIFTING".
Nevertheless, SG is fast becoming one of my heroes, next to Leon Russell, of
course, and Bucky Fuller.

Cheers,
JeffH
0
jhaas84
8/27/2002 5:57:00 AM
[snip] RIAA Web Site Defaced, Taken Offline
(NewsFactor) - After drawing the ire of the online file-swapping community
and Internet users at large, the Recording Industry Association of America
(RIAA) Web site was defaced and taken offline Wednesday. The defacement,
described as "the funniest hack ever" on a forum site, resembled the normal
RIAA site but featured such links as "Piracy can be beneficial to the music
industry" and "Where can I find information on giant monkeys?"...[snip]
http://news.com.com/i/ne/p/082802riaa.jpg
0
SRC335362
8/30/2002 6:23:00 AM
"SRC335362" wrote...

> [snip] RIAA Web Site Defaced, Taken Offline
> (NewsFactor) - After drawing the ire of the online file-swapping community
> and Internet users at large, the Recording Industry Association of America
> (RIAA) Web site was defaced and taken offline Wednesday. The defacement,
> described as "the funniest hack ever" on a forum site, resembled the normal
> RIAA site but featured such links as "Piracy can be beneficial to the music
> industry" and "Where can I find information on giant monkeys?"...[snip]
> http://news.com.com/i/ne/p/082802riaa.jpg


Nice "tag" line:

"The RIAA Web site is attacked by opponents of the group's efforts to stem
online music trading."
0
reader
8/30/2002 7:33:00 PM
Reply: