Armed with the policy, I could point to that when anyone asked me to install non-legal software without fear of retribution.

Um, I wouldn't stake my career on that. IANAL, but you are never obligated to commit a crime and you can't commit a crime and later claim you are innocent because committing the crime was a matter of company policy or not your responsibility.

You have to tell mgmt what is going on and tell them they need to purchase licensees. If they don't, they are liable for all sorts of headaches. If they don't want to believe you, then ask them to talk to your lawyers.

Under no circumstances should you continue to support or install pirated software. That puts you at legal risk and you can't CYA with a letter stating that mgmt is OK with breaking the law. If you do it, then you are liable.

If mgmt doesn't want to pay for licenses. Leave. Cause if they get caught, you will be the one to pay the price as the IT manager.

Save your self time and pain of automating ip lookups. Make your landing page a login box only adn force users to authenticate prior to any access.

Set-up a script to auto block IP addresses for a time period that fail to login 3 times.

this is not hard.

I am a Verizon customer and I have opted out of sharing CPNI. I don't know what the new privacy statements are, my privacy policy hasn't been updated in the last six months, but I bet it has to do with CPNI. Here is the section from VZW's customer agreement.

What is confusing is whether "personal information" is limited to Name, number, address, etc, or also includes CPNI (the non-identifiable info).

Your Privacy â" IMPORTANT INFORMATION â" PLEASE READ CAREFULLY BEFORE MAKING YOUR PURCHASE DECISION

In the course of providing services to you, we may collect certain information that is made available to us solely by virtue of our relationship with you, such as information about the quantity, technical configuration, type, destination and amount of your use of the telecommunications services you purchase. This information and related billing information is known as Customer Proprietary Network Information, or CPNI. (CPNI does not include your name, address and wireless phone number.) Further, except as provided in this agreement, we won't intentionally share personal information about you without your permission. SUBJECT TO THE FOREGOING, WE MAY USE AND SHARE INFORMATION ABOUT YOU AND HOW YOU USE ANY OF OUR SERVICES: (A) SO WE CAN PROVIDE OUR GOODS OR SERVICES TO YOU; (B) SO OTHERS CAN PROVIDE GOODS OR SERVICES TO US OR TO YOU ON OUR BEHALF; (C) SO WE OR OUR AFFILIATES IN THE VERIZON FAMILY OF COMPANIES CAN COMMUNICATE WITH YOU ABOUT GOODS OR SERVICES THAT ANY OF US OFFER; (D) TO PROTECT OURSELVES; OR (E) AS REQUIRED BY LAW, LEGAL PROCESS OR EXIGENT CIRCUMSTANCES.

IN ADDITION, WE MAY INCLUDE OUR OWN OR THIRDâ"PARTY ADVERTISING IN THE SERVICES YOU PURCHASE FROM US, AND WE MAY COLLECT NONâ"PERSONALLY IDENTIFIABLE INFORMATION ABOUT YOU AND YOUR USE OF THOSE SERVICES. WE MAY SHARE THAT NONâ"PERSONALLY IDENTIFIABLE INFORMATION WITH OTHER VERIZON COMPANIES, VENDORS AND THIRD PARTIES TO PROVIDE RELEVANT ADVERTISING. IF YOU DO NOT WANT US TO COLLECT OR USE SUCH NONâ"PERSONALLY IDENTIFIABLE INFORMATION FOR THIS PURPOSE, YOU SHOULD NOT USE OUR SERVICES; BY USING THE SERVICES, YOU EXPRESSLY AUTHORIZE US TO USE YOUR INFORMATION FOR THIS PURPOSE.

Dunno about music, but with books, the copyright holder is the author who licenses the rights of their work to a publisher. The contract should have language in it about how or when the rights revert back to the author.

Also the scarcity of ammunition and large amount of enemies makes it difficult if not impossible to kill them all by simply shooting them.

I am sure some of you can kill everything in Ravenholm with the crowbar, I can not. :)

This nails Ravenholm. Even though I have replayed that level several times, it still creeps me out becuase I am always making a decision about when to fight and when to run--and then what am I running into? I know what is coming, but I have to be ready. The constant decision making is what makes Ravenholm so much fun.

I also like that most of ravenholm is bright. Extended scenes that rely on obfuscated darkness to up the "scare factor" is distracting.

Nope, Honesty is what it is all about.

Some people steal (yes, pirating is stealing and let's not quibble over the definition) what they can't have. Some people don't have the cranial capacity to understand that downloading stuff off the web is theft. The more that happens, the less money publishers and writers don't make.

Here is a side effect of pirating books. Publishers are prone to market conditions too. When the market goes south, publishers tighten up and stop taking on new writers. They also start knocking off low performing writers (low performing compared to others in the stable.) Every book that is pirated, and to the same degree where a book is swapped on an internet site, means one less sale to the author which means less money in their pocket, 6-8% of the cover price AND one less sale in their numbers column. Under performers are cut.

Pirating is NOT new, but the SCALE at which it can occur on the Internet is new. Back when vinyl was copied to cassettes, I bet the total impact was less than 1% of album sales because there really wasn't a big distribution channel, at least not in the US for illegal album copies.

But you know as well as I that with electronic copies, the barriers are completely removed.

That is why publishers want DRM. And, I think what killed the music industry and put Apple on top was NOT DRM, but the stakeholders--labels, distributors, and sellers--to come up with an *interoperable* format and method so that any song could be played on any device while still enforcing DRM.

The solution to this problem is simple, and I'm surprised browsers don't do this already: add fake '/' character isn't in the IDN blacklist. In Firefox, network.IDN.blacklist_chars already contains plenty of things that look like '/'. Maybe other browsers need to follow its example.

Do you know if FF will detect blacklist characters for all TLD's or just the non-IDN TLD's like .com and .net?

SSL is NOT broken. It is still an effective way to encrypt network traffic.

The attack breaks down two ways. Proxying web traffic between a user and a sensitive site like a bank and/or repsenting a URL to a user that looks legitimate but isn't.

The indicators that you are on an SSL site are varied. A lock in the lower right of the window (FF3), to the right of an address bar (IE 6 and below), or a green address bar (IE7 EV cert) or a green indicator to the left of the address bar (FF3). All except the EV SSL certs are pretty subtle. The success relies on the fact that there are so many varied ways that SSL protection is presented to the user, can you keep track of it all. Quick, which sites use EV certs? You don't know so you don't know what to expect.

So, the attack does a couple of things to fool you. First it proxies your web traffic to secure sites re-writing urls that start with HTTPS to HTTP. The only indicator in browsers is no lock. If you are not looking for it, then you probably won't miss it. But wait, since we are rewriting URL's, why not replace the favicon with a lock. Yummy.

The second type of attack is to proxy HTTPS to HTTPS, but this time the SSL session between you and the proxy is enabled with a valid and trusted SSL certificate. No SSL dialog boxes. Here is how it works. IDN is used so that countries can represent URL in their native character sets. Some non-ascii characters look like characters. So use them to fool the user. These are called homographs. Browsers will convert some IDN based on the TLD. But other TLD, like country codes TLD, the browser won't. The assumption being a .com hostname should be ASCII while a TLD for China should be IDN. Knowing that, get a hostname in a CC TLD. Get a certificate for your hostname. Then create a really long hostname using IDN so that the TLD portion will be pushed off the end of the address bar. You can forge any legitimate web site this way and the only indicator is either examining the certificate or looking at the TLD in the URL. There are IDN that look like slashes, so making a "path" is easy.

Moxies video is pretty clear.

Apparently this only affects those who don't pay attention...nothing to see here.

Can you make the claim you are 100% vigilant 100% of the time?

It's more subtle than that. It takes away one of the biggest indicators that there is an SSL problem--the dialogs. Watch the presentation video. It's pretty cool. What Moxie shows is that often the indicators of SSL enabled and not enabled are practically non-existent. It's easy to see how most users, even tech savvy ones, could be fooled.

No

Why? Because this doesn't allow victims to harass their abusive partners anonymously?

spoken like a true 'tard. Is that the only reason you can see for wanting to hide your number? so that you can harass someone?

never been abused or threatened, have you? Maybe a case is made because someone wants to call a person who is abusive and you don't want them to call you back? Say, you have an abusive spouse but you have to share custody. You need to call them but don't want them calling you and abusing you? Hrm, maybe that's a good idea.

Abusive people will go along way to make others lives miserable.

Good for you junior. I lived it. sheesh. Is anyone over 20 on /. any more?

There are many commonly known ones. Some even made it into 688(I) Hunter/Killer. There were a few scenarios where you had to hunt a corridor. Pretty cool stuff.

Russians used to do what were called "Crazy Ivans." If you are running at high speed, you can't hear squat, so to check for chasers, they'd do a 180 course change and run back down their track. You can't get precise position using passive means--there is always room for error, so the chasing sub would move out of the way, quickly and often noisily telling the Russian sub it was being followed.

If the Russian didn't detect the follower, the evasion tactic was enough to make the following captain cautious.

good times, good times.