sabato, settembre 16, 2006

Schneier on Security: What is a Hacker?

Schneier on Security: What is a Hacker?

Schneier on Security

A weblog covering security and security technology.

« Doublespeak and the War on Terrorism | Main | Defeating a Coin-Op Copy Machine »
September 14, 2006
What is a Hacker?

A hacker is someone who thinks outside the box. It's someone who discards conventional wisdom, and does something else instead. It's someone who looks at the edge and wonders what's beyond. It's someone who sees a set of rules and wonders what happens if you don't follow them. A hacker is someone who experiments with the limitations of systems for intellectual curiosity.

I wrote that last sentence in the year 2000, in my book Secrets and Lies. And I'm sticking to that definition.

This is what else I wrote in Secrets and Lies (pages 43-44):

Hackers are as old as curiosity, although the term itself is modern. Galileo was a hacker. Mme. Curie was one, too. Aristotle wasn't. (Aristotle had some theoretical proof that women had fewer teeth than men. A hacker would have simply counted his wife's teeth. A good hacker would have counted his wife's teeth without her knowing about it, while she was asleep. A good bad hacker might remove some of them, just to prove a point.)

When I was in college, I knew a group similar to hackers: the key freaks. They wanted access, and their goal was to have a key to every lock on campus. They would study lockpicking and learn new techniques, trade maps of the steam tunnels and where they led, and exchange copies of keys with each other. A locked door was a challenge, a personal affront to their ability. These people weren't out to do damage -- stealing stuff wasn't their objective -- although they certainly could have. Their hobby was the power to go anywhere they wanted to.

Remember the phone phreaks of yesteryear, the ones who could whistle into payphones and make free phone calls. Sure, they stole phone service. But it wasn't like they needed to make eight-hour calls to Manila or McMurdo. And their real work was secret knowledge: The phone network was a vast maze of information. They wanted to know the system better than the designers, and they wanted the ability to modify it to their will. Understanding how the phone system worked -- that was the true prize. Other early hackers were ham-radio hobbyists and model-train enthusiasts.

Richard Feynman was a hacker; read any of his books.

Computer hackers follow these evolutionary lines. Or, they are the same genus operating on a new system. Computers, and networks in particular, are the new landscape to be explored. Networks provide the ultimate maze of steam tunnels, where a new hacking technique becomes a key that can open computer after computer. And inside is knowledge, understanding. Access. How things work. Why things work. It's all out there, waiting to be discovered.

Computers are the perfect playground for hackers. Computers, and computer networks, are vast treasure troves of secret knowledge. The Internet is an immense landscape of undiscovered information. The more you know, the more you can do.

And it should be no surprise that many hackers have focused their skills on computer security. Not only is it often the obstacle between the hacker and knowledge, and therefore something to be defeated, but also the very mindset necessary to be good at security is exactly the same mindset that hackers have: thinking outside the box, breaking the rules, exploring the limitations of a system. The easiest way to break a security system is to figure out what the system's designers hadn't thought of: that's security hacking.

Hackers cheat. And breaking security regularly involves cheating. It's figuring out a smart card's RSA key by looking at the power fluctuations, because the designers of the card never realized anyone could do that. It's self-signing a piece of code, because the signature-verification system didn't think someone might try that. It's using a piece of a protocol to break a completely different protocol, because all previous security analysis only looked at protocols individually and not in pairs.

That's security hacking: breaking a system by thinking differently.

It all sounds criminal: recovering encrypted text, fooling signature algorithms, breaking protocols. But honestly, that's just the way we security people talk. Hacking isn't criminal. All the examples two paragraphs above were performed by respected security professionals, and all were presented at security conferences.

I remember one conversation I had at a Crypto conference, early in my career. It was outside amongst the jumbo shrimp, chocolate-covered strawberries, and other delectables. A bunch of us were talking about some cryptographic system, including Brian Snow of the NSA. Someone described an unconventional attack, one that didn't follow the normal rules of cryptanalysis. I don't remember any of the details, but I remember my response after hearing the description of the attack.

"That's cheating," I said.

Because it was.

I also remember Brian turning to look at me. He didn't say anything, but his look conveyed everything. "There's no such thing as cheating in this business."

Because there isn't.

Hacking is cheating, and it's how we get better at security. It's only after someone invents a new attack that the rest of us can figure out how to defend against it.

For years I have refused to play the semantic "hacker" vs. "cracker" game. There are good hackers and bad hackers, just as there are good electricians and bad electricians. "Hacker" is a mindset and a skill set; what you do with it is a different issue.

And I believe the best computer security experts have the hacker mindset. When I look to hire people, I look for someone who can't walk into a store without figuring out how to shoplift. I look for someone who can't test a computer security program without trying to get around it. I look for someone who, when told that things work in a particular way, immediately asks how things stop working if you do something else.

We need these people in security, and we need them on our side. Criminals are always trying to figure out how to break security systems. Field a new system -- an ATM, an online banking system, a gambling machine -- and criminals will try to make an illegal profit off it. They'll figure it out eventually, because some hackers are also criminals. But if we have hackers working for us, they'll figure it out first -- and then we can defend ourselves.

It's our only hope for security in this fast-moving technological world of ours.

This essay appeared in the Summer 2006 issue of 2600.

Posted on September 14, 2006 at 07:13 AM
Trackback Pings

TrackBack URL for this entry:
http://www.schneier.com/cgi-bin/mt/mt-tb.cgi/1103
Comments

Beyond Fear? I think I saw those paragraphs in Secrets & Lies?

Posted by: vwm at September 14, 2006 07:41 AM

@Bruce,

Start looking at the 8-12 year olds, it is around about this time their very curious nature tends to become "what if I did"

A lot of old generation hackers where from a background that naturally led them into electronics (via valve radio's etc).

As has been observed any child with an inate curiosity in the locks on doors etc is almost cursed to become an old style hacker (resources and envioronment permitting).

A young child with a great deal of curiosity and a very good imagination could easily be "trained up" as a hacker. Perhaps the Government should start looking for the type early on, much in the same way that the Australian Gov profiles children for sporting ability.

The small cost involved is likley to reap big dividends fifteen years down the road. The only trouble is what Gov thinks fifteen years down the road (except for the Chinese).

Posted by: Clive Robinson at September 14, 2006 07:47 AM

Though I've read this before I have to officially thank you for it.

Reading your description of what a hacker *is* brings me great relief and inspiration. Hopefully others will some day "get it".

Rock on, Bruce.

Posted by: Zach at September 14, 2006 08:05 AM

My knowledge of hackers is limited to computer software. My first impression - from many years hence - is that a hacker is an ameteur attempting to do a professional's job. A city person with a kitchen knife (or a few them) can hack down a large tree, but he know little of how to make it fall right, and nothing of how to choose which to tree to fall.
The romantic, explorer vision you present is what was grafted on to the word hacker when the dope smokers took over.

Posted by: AsAPro at September 14, 2006 08:13 AM

Lets change the way hackers view our files these days and no longer target computer security. Until now so many people have been unaware of how powerful encryption is and how it can truly secure all of your files in a few simple steps.

How about if hackers could no longer cheat and we would never have to worry about bullying us around the playground again?

Sound reasonable enough?

http://www.gettaceo.com

Posted by: Nate at September 14, 2006 08:27 AM

Nate,

Dropping all network security and switching everything to crypto simply means that the next thing to hack would be crypto. You cannot stop the "bullies" by changing the game. It simply means that bullies will change their game or that you get different bullies.

If the game is cheating, how do you cheat cheating?

Whatever you call it, the profile describes who I would hire for a job in a SOC.

Posted by: Schanulleke at September 14, 2006 08:46 AM

Mr. Schneier,
Excellent. You should speak at Defcon. You would security geeks fainting with some of your brilliant veiws on security.
You would be WELL received.

Posted by: schneier at Defcon at September 14, 2006 08:57 AM

@Bruce

I agree with your view of hacker -- after all, this is what I/we did/do... but this is not the common understanding today. Much as it hurts me, we -- those that think of hackers, and hacking, as you point out -- are going to be looked at as purists, clinging desperately to an archaic understanding of a word.

Languages are dynamic, and the meaning of words change with their usage.

@Clive

Indeed. Working on the children of today will guarantee not only the hackers, but also the thinkers of tomorrow.

But... this is then a bit more serious: the children of today, at least in the US, are being trained, by the public school system (and this is a generalisation, based on my personal experience with my sons) to be ignorants.

Currently, form is more important than content. Curiosity has to be fed, and (at least initially) directed. Our school system nowadays feeds boredom only.

Maybe I am getting to be old and cynical.

Posted by: hggdh at September 14, 2006 08:59 AM

Schneier does speak at Defcon.

I'm assuming that the attack Snow was commenting on must have been what we now call a "side channel attack" - as far as I can tell that term covers precisely the interesting class of attacks that "break the rules". I suppose there are other ways - multiple target attacks, for example - of breaking systems in practice without violating their theoretical properties.

Posted by: Paul Crowley at September 14, 2006 09:39 AM

Bruce, you're a little unfair to Aristotle. He was a phenomenally able biologist and zoologist, and an extremely acute observer and taxonomist, who so far from inventing theoretical constructs ad vacuo actually performed much anatomical work on many creatures.

He was the first person to envision biological study as a systematic activity, ever. He basically invented the science. The fact that some of his ideas were wrong, and aren't that useful in a modern lab is not really a valid basis for criticising his outlook. If his kind of curiosity-driven exploration and conceptualization isn't hacking, then I don't know what is.

Posted by: Carlo Graziani at September 14, 2006 09:40 AM

I knew I had read this somewhere before. I read it between talks at HOPE, actually.

Posted by: Michael Hampton at September 14, 2006 09:45 AM

I read it in 2600 a month ago.

Posted by: Jungsonn at September 14, 2006 10:28 AM

Pre-9/11, I was dating a girl who wondered why they took so many details (drivers licence etc) when buying a pre-pay cell-phone or sim card. (I was not in the USA). I explained that its to be able to track down the terrorists/criminals who could use phone to blow stuff up or for illegal activities. She didnt understand, so I explained how the terrorist/criminal can use a pre-pay for various things (bomb/office bug/ransom demand etc), and how law enforcement need the phones details (phone residue, time of call, location etc), and how they then need to tie this to a person.

She thought I was nuts for 'thinking this stuff up' and thought I was the dodgy one. I explained that its because i'm actually security concious, and can see flaws in the current model, and that is why I think of, and learn these things....

The lesson: If you point out flaws in the system to some people, they will think YOU are the terrorist/criminal.

Posted by: Suomynona at September 14, 2006 10:29 AM

I disagree with the notion that hackers are cheating. To cheat, a hacker would have to break the rules. The software and hardware that makes up a computer system constitutes a set of rules for the system. A hacker's goal is to learn these rules so well that s/he can have the system do things that the designer's didn't intend. The fact that these thigns are unintended does not remove the fact that the system's rules allowed them to happen.

Really I think hackers have a lot in common with lawyers. Both have to learn elaborate sets of rules that are incredibly confusing to outsiders and then find loopholes that allow them to do what they want.

Posted by: Jon at September 14, 2006 11:37 AM

"Beyond Fear? I think I saw those paragraphs in Secrets & Lies?"

Oops.

Damn it.

Fixed.

Thanks.

Posted by: Bruce Schneier at September 14, 2006 11:40 AM

"You should speak at Defcon."

I used to be a regular speaker at Defcon. I haven't been there in recent years, because I have a conflicting committment.

You're right; I should get back there.

Posted by: Bruce Schneier at September 14, 2006 11:42 AM

But Bruce, I thought that finding out who bad hackers are, what they're trying to do and attempting to stop them from doing it (intelligence) and then reacting to whatever slips through the cracks after the fact (emergency response) was the best option. That spending time and money on identifying specific threats and changing our defenses was a waste. That hiring good hackers to try to identify vulnerabilities before they are taken advantage of was just overhead, costing money and occasionally impeding our civil liberties, and realized little or no benefit. I thought that there were too many threats and that vulnerabilities were evolving too quickly to make improving our defense systems a good tradeoff.

How are good hackers, and the work/solutions they're devising, in the computer security field different from good hackers in the physical security world? How is analyzing a smart card and its use different from analyzing the process for inspecting luggage at an airport?

Perhaps you should also consider whether the security difference between PACS and LACS are also semantics. If the difference is semantics, then good hackers in both physical and logical security systems are either worthwhile or not and the Intelligence and Response argument either holds water for both or for neither.

Posted by: Mr. Nobody at September 14, 2006 11:44 AM

"Bruce, you're a little unfair to Aristotle."

Fair criticism.

Posted by: Bruce Schneier at September 14, 2006 11:44 AM

The earliest definiton of hacker I ever heard (and this may be worth "what you paid for it") is that it comes from the old Jewish work 'Hak', which translates to

"someone who makes furniture with an axe."

I think this definition is very accurate - it can mean two things:

To "bodge" something with poor quality or
To produce something (of ok quality) with inappropriate tools.

Of course, neither relates to security today, but early security folk were certainly software/hardware 'hackers'.

Share and enjoy.
Dom

Posted by: Dom De Vitto at September 14, 2006 11:56 AM

"Computer hackers are just people who understand the program better than the one who wrote it." I think I read that in a Linux Magazine article in 2002.

Posted by: Krunch at September 14, 2006 12:00 PM

... the examples two paragraphs above were performed by respected security professionals, and all were presented at security conferences.


-And they were therefore criminals under the DMCA, which cares not why or for whom you circumvent a security measure.

Posted by: bob at September 14, 2006 12:03 PM

The best definition I ever had of the types of hacker comes from the book "Out of the Inner Circle" by Bill/William Landreth.

It's a very cool book, written by the kind of person you detail above: a 'Student Hacker' in the book's terms.

Bill Landreth, where are you? Your time of silence is up, come out and enjoy the sunshine of praise from a 1000 hackers - each born of your book, and your wisdom.

Where ever you are Bill: thanks and good luck.

Dom

Posted by: Dom De Vitto at September 14, 2006 12:04 PM

@AsAPro

I know many professionals who are hackers. Most of them got to be pros by starting as hackers, and they never lost the mental agility and thirst that defines hackers.

I also know some professionals who weren't hackers and never will be. This doesn't detract from their knowledge, skills, or professionalism.

Some hackers produce shoddy work, but so do some non-hacker professionals. I can't correlate being a hacker only with slipshod work, nor being a professional only with quality work. Reality is more complex than any two categories can ever express.

Posted by: Anonymous at September 14, 2006 01:01 PM

I totally agree with the article apart from the terminology of a bad hacker - "there are good hackers and bad hackers, just as there are good electricians and bad electricians". Maybe I am just being perdantic but should that not read "there are good ethical hackers and unethical or criminal hackers, just as there are good electricians and bad and bloody dangerous electricians". I know there is a whole white, grey and black thing but to "bad hacker" does not really work. If a hacker is an expert how can he be bad? He can be malicious, criminal, etc. but a bad expert? Harold Shipman was probably a great GP to those he did not kill but was he a "bad Doctor"? Or a good GP and a murderer? Maybe I am being perdantic and I should take myself off to bed!

@AsAPro

"My knowledge of hackers is limited"

That says it all.........

Posted by: james at September 14, 2006 01:56 PM

My favorite hacking story is the one where James T. Kirk "reprograms" the Kobayashi Maru test.

Posted by: Sabeke at September 14, 2006 02:21 PM

There are hackers and there are security professionals. Blurring the lines is a dis-service to the professionals and the kids.

A 14 year old dateless male stomping around the local bank's file systems has a completely different mindset than the security professional you hired to help secure that network. The 14 year old has no inclination or need to be careful because it doesn't matter to him if he destroys or accesses something sensitive or important. He also has no reason to alert anyone about his findings except possibly his dateless compadres..."D00d! Look! I just deleted your mom's bank account!"

The security professional, OTOH, has every need to be careful and thorough in his examination and reporting. It's his job to both find and fix the problems without causing unnecessary disruption. The professional is also more skilled. A hacker, for example, isn't going to wonder why your backup mainframe is in the basement of a building in an area that periodically floods - they don't care.

The only similiarity between the two is that they work on the same problem - security vulnerabilities. However, the hacker exploits it while the security professional reports on it and mitigates it.

Glorifying or shrugging off electronic breaking and entering or trespassing only makes educating the kids more difficult because you've given them a pass by saying it's ok. "They're just being kids"
isn't much solace when dad has to go bail his son out of juvenile detention.

Posted by: derf at September 14, 2006 02:26 PM

@AsAPro

Who do you think figured out how to fell a tree? Who do you think figured out which trees to fell? Somebody who looked at his log house and said, "I could build this better, if only I had trees that did..."

Hackers and Ingenuity and creativity. Hackers are the designers, the inventors, the people who make the world work better.

Hackers break systems, and some do it maliciously or for personal gain, but most do it simply to build better ones. "Professionals" are no more than cogs in the machine: If something happens that they cannot deal with, they will not find a way to deal with it, they'll leave it unfixed to cause further problems. Hackers find solutions.

It's true, hackers often create shoddy work when expected to do the work of a "Professional". They're rarely concerned with the mundane work. Most can't stand documenting code that seems obvious and self-explainitory to them. That's a problem of the work they're given, not of the hackers themselves. Don't ask a Hacker to walk the path. Ask them to blaze a new trail.

Posted by: GauntletWizard at September 14, 2006 02:59 PM

@derf
"A 14 year old dateless male stomping around the local bank's file systems has a completely different mindset than the security professional"

Consider Bruce's definition with the first and last sentence removed:

"It's someone who discards conventional wisdom, and does something else instead. It's someone who looks at the edge and wonders what's beyond. It's someone who sees a set of rules and wonders what happens if you don't follow them"

I cannot help thinking that is a reasonable stab at describing a sociopath.

I'm not saying that hackers are sociopaths but maybe their different outlook on life is closer to a sociopath than most people?

Should be interesting to see the recation this gets. Now where's that flameproof suit ...

Posted by: Not a Hax0r at September 14, 2006 03:47 PM

Very interesting definition. I guess I've been a hacker my whole life then, as I've always wanted to know how and why things work. I have always tinkered with things trying to get them to break or work in a different way, only to get them to work normally again. Wow, I really never thought of it that way -- in that I (and probably just about everybody here) was a hacker all along.

Posted by: Steve L. at September 14, 2006 03:55 PM

@GauntletWizard

you're forgetting a far better reason to break a system than malice, personal gain, or to improve it:

you break it because it can be broken.

Posted by: kiwano at September 14, 2006 04:01 PM

"Hacking isn't criminal. "

Bruce seems to waver here and there when it comes to semantics ;)
http://blog.israeltorres.org/?p=35

When the article came out in 2600 I had just figured they pulled an old article out of the drawer from some time ago. Glad to see your upgrade.

Israel Torres

Posted by: Israel Torres at September 14, 2006 04:32 PM

@Dom

IIRC, William Landreth later left a suicide note and disappeared. He was later found alive, and was arrested for violating his parole. I don't know anything after that.

In the book, Landreth felt that security in the future would be greatly improved by increased use of passphrases over passwords, and by training users to be more security-conscious. Unfortunately, passphrases are rarely used (even though many programs support them these days), and given the increased numbers of people using computers with little additional training, the average user may well be dumber now than when the book was written.

Posted by: Timm Murray at September 14, 2006 05:39 PM

Aristotle's failing was that he made claims about the number of teeth that women have without actually counting them. Since you're setting the record straight, I'm trust that you wouldn't make the same mistake. So, how many sets of teeth did you count? What were the actual results?

My point: not only does this story give a false impression of Aristotle's contributions to empirical science (as Carlo Graziani points out), but it's usually trotted out by people who are guilty of the very thing they accuse Aristotle of.

The lesson, I think, is that even the greatest scientific minds can't independently verify every fact that they rely upon.

Posted by: gary at September 14, 2006 05:43 PM

> "That's cheating," I said.

Ah, the naivete of youth, eh, Bruce?

Posted by: Pat Cahalan at September 14, 2006 07:03 PM

I knew I was on the path when solving the rubix cube as an 8 year old I just broke it apart and put it back together in the correct order. People said that was cheating I just thought it was solved.

Posted by: rubix master at September 14, 2006 08:44 PM

"When the article came out in 2600 I had just figured they pulled an old article out of the drawer from some time ago. Glad to see your upgrade."

Yeah.

I actually have gone back and forth and back on this issue. Although I still think that we've largely lost the war on this one, at least in the popular vernacular.

Posted by: Bruce Schneier at September 14, 2006 09:56 PM

@gary

We can all smile at Burtrand Russell's observation about Aristotle's thoughts on womens teeth and the fact he had two wives. It is often (mis) quoted as an example of surety and pride in the profession (hubris).

However one Prof does not think that much of Russell (in an amusing way),

http://unlocked-wordhoard.blogspot.com/2006/06/bertrand-russell-idiot.html

But hey Russell took ten years to prove that 1+1=2 provided you took some things on faith (i.e. Axioms) (see "Principia Mathmatica", Whitehead,Russell).

This feat did not however stop Russell going on to argue (fairly successfully) that life is based on chance (Causality & no "first cause") as in the the throw of a dice, but it is not the hand of god that holds it (upseting amongst others Einstein "God does not play dice"). For which Russell has received condemnation from Christians and other's who have faith in deities ever since.

So as you can see Aristotle is not the only "Big Thinker" to have beliefs that nowadays appear down right odd to some people.

"False belifes are like the money in a drowning misers hand, beyond all rationality they remain firmly grasped until death"

Oh by the way there was a news artical on the Radio yesterday, apparently a scientist (Ontario psychologist J. Philippe Rushton) has "proved" that women are less intelegent than men. The results of their study (apparently) show that women are 3.63 IQ points behind...

http://www.canada.com/topics/news/world/story.html?id=f8cf9b7e-2903-4759-bdc4-f93963688eba&k=13310

I think I hear another round of ridicule rising for a "thinking scientist" ;)

Posted by: Clive Robinson at September 15, 2006 09:38 AM

@rubix master

"I knew I was on the path when solving the rubix cube as an 8 year old I just broke it apart"

Me too (only I was quite a bit older), I was showing this at a friends party for fun as a silly party trick. When a relative of his runied it by showing that he could solve the dam thing faster than I could get it appart...

I suppose proving (as was pointed out to much hilarity) that "cheats don't win"

Oh and to rub it in the "annoying relative" went on to win several major competitions and quite a bit of money for his ability. And yes I hate him still ;)

Posted by: Clive Robinson at September 15, 2006 09:49 AM

"I'm not saying that hackers are sociopaths but maybe their different outlook on life is closer to a sociopath than most people?"

I think the difference between a hacker and a sociopath is the same as the difference between everyone and a sociopath: a moral system.

Just because a hacker can figure out how to blow up an aircraft doesn't mean that goes out and does it, or even wants to go out and do it.

Posted by: Bruce Schneier at September 16, 2006 11:38 AM

Hacker Discovers Adobe PDF Back Doors

Hacker Discovers Adobe PDF Back Doors

A British security researcher has figured out a way to manipulate legitimate features in Adobe PDF files to open back doors for computer attacks.

David Kierznowski, a penetration testing expert specializing in Web application testing, has released proof-of-concept code and rigged PDF files to demonstrate how the Adobe Reader program could be used to launch attacks without any user action.

"I do not really consider these attacks as vulnerabilities within Adobe. It is more exploiting features supported by the product that were never designed for this," Kierznowski said in an e-mail interview with eWEEK.

The first back door (PDF), which eWEEK confirmed on a fully patched version of Adobe Reader, involves adding a malicious link to a PDF file. Once the document is opened, the target's browser is automatically launched and loads the embedded link.

"At this point, it is obvious that any malicious code [can] be launched," Kierznowski said.

The use of Web-based exploits to launch drive-by malware downloads is a well-known tactic and the discovery of PDF back doors is further confirmation that desktop programs have become lucrative targets for corporate espionage and other targeted attacks.

A second back door demo (PDF) presents an attack scenario that uses Adobe Systems' ADBC (Adobe Database Connectivity) and Web Services support. Kierznowski said the back door can be used to exploit a fully patched version of Adobe Professional.

"The second attack accesses the Windows ODBC (on localhost), enumerates available databases and then sends this information to 'localhost' via the Web service. This attack could be expanded to perform actual database queries. Imagine attackers accessing your internal databases via a user's Web browser," he said.

Kierznowski claims there are at least seven more points in PDF files where an attacker can launch malicious code. "[With] a bit more creativity, even simpler and/or more advanced attacks could be put together," he said, noting that Adobe Acrobat supports the use of "HTML forms" and "File system access."

"One of the other interesting finds was the fact that you can back-door all Adobe Acrobat files by loading a back-doored JavaScript file into [a local] directory," Kierznowski said in a blog entry that includes the proof-of-concept exploit code.

A spokesperson from Adobe's product security incident response team said the company is aware of Kierznowski's discovery and is "actively investigating" the issue.

"If Adobe confirms that a vulnerability might affect one of our products, details of the security vulnerability and an appropriate solution [will be] documented and published," the company, headquartered in San Jose, Calif., said in a statement sent to eWEEK.

Kierznowski said his interest in auditing PDF files for back doors comes from a fascination with the concept of "passive hacking."

"Active exploitation techniques such as buffer overflows are becoming more and more difficult to find and exploit ... The future of exploitation lies in Web technologies," he said, noting that internal users are often in a "relationship of trust" with the surrounding network.

Confirming a trend that sees Microsoft Office applications?Word, Excel, PowerPoint?used in zero-day attacks, Kierznowski sees a future of client-side hacking that expands the functionality of a service.

"This form of hacking merely manipulates the user's client to perform a certain function, effectively using the user's circle of trust," he said.

venerdì, settembre 01, 2006

Bruce Schneier: Focus on terrorists, not tactics

Bruce Schneier: Focus on terrorists, not tactics

It's easy to defend against what they planned last time, but it's shortsighted.

By Bruce Schneier
Minneapolis Star Tribune
August 13, 2006

Hours-long waits in the security line. Ridiculous prohibitions on what you can carry onboard. Last week's foiling of a major terrorist plot and the subsequent airport security graphically illustrates the difference between effective security and security theater.

None of the airplane security measures implemented because of 9/11 -- no-fly lists, secondary screening, prohibitions against pocket knives and corkscrews -- had anything to do with last week's arrests. And they wouldn't have prevented the planned attacks, had the terrorists not been arrested. A national ID card wouldn't have made a difference, either.

Instead, the arrests are a victory for old-fashioned intelligence and investigation. Details are still secret, but police in at least two countries were watching the terrorists for a long time. They followed leads, figured out who was talking to whom, and slowly pieced together both the network and the plot.

The new airplane security measures focus on that plot, because authorities believe they have not captured everyone involved. It's reasonable to assume that a few lone plotters, knowing their compatriots are in jail and fearing their own arrest, would try to finish the job on their own. The authorities are not being public with the details -- much of the "explosive liquid" story doesn't hang together -- but the excessive security measures seem prudent.

But only temporarily. Banning box cutters since 9/11, or taking off our shoes since Richard Reid, has not made us any safer. And a long-term prohibition against liquid carry-ons won't make us safer, either. It's not just that there are ways around the rules, it's that focusing on tactics is a losing proposition.

It's easy to defend against what the terrorists planned last time, but it's shortsighted. If we spend billions fielding liquid-analysis machines in airports and the terrorists use solid explosives, we've wasted our money. If they target shopping malls, we've wasted our money. Focusing on tactics simply forces the terrorists to make a minor modification in their plans. There are too many targets -- stadiums, schools, theaters, churches, the long line of densely packed people before airport security -- and too many ways to kill people.

Security measures that require us to guess correctly don't work, because invariably we will guess wrong. It's not security, it's security theater: measures designed to make us feel safer but not actually safer. Airport security is the last line of defense, and not a very good one at that. Sure, it'll catch the sloppy and the stupid -- and that's a good enough reason not to do away with it entirely -- but it won't catch a well-planned plot. We can't keep weapons out of prisons; we can't possibly keep them off airplanes. The goal of a terrorist is to cause terror. Last week's arrests demonstrate how real security doesn't focus on possible terrorist tactics, but on the terrorists themselves. It's a victory for intelligence and investigation, and a dramatic demonstration of how investments in these areas pay off. And if you want to know what you can do to help? Don't be terrorized. They terrorize more of us if they kill some of us, but the dead are beside the point. If we give in to fear, the terrorists achieve their goal even if they were arrested. If we refuse to be terrorized, then they lose -- even if their attacks succeed. Bruce Schneier is a security technologist and author of "Beyond Fear: Thinking Sensibly About Security in an Uncertain World."

giovedì, agosto 03, 2006

Considerazioni post-prandiali

Tenendo presente che ho pranzato da McDonald con N. e A., credo, fino a prova di smentita, di essere in pace con il mondo.

Tenendo presente che -da Mc- si vede un discreto florilegio di gnocca. Non che si facciano pensieri impudichi, ma almeno ci si 'lavano' gli occhi. È un piacere che la mente si concede mentre si addenta un po' di plastica che ha l'aroma di un panino, ovvero di una patatina.

N. faceva notare che quando da Mc cambiano l'olio, le patatine hanno l'odiosissimo problema di non avere più un sapore definito. Al contrario quando vengono fritte nel solito olio -dove passa di tutto- è piacevole sentire le patatine che sanno un po' di gamberetti, di zucchine, di melanzane... Di tutto un po', insomma.

Bah.

Non mi dispiace fare un salto da Mc per mangiare. Ci vado volentieri, adesso che non c'è la ressa delle scuole aperte. Si trovano tavoli liberi e, perfino, parcheggio!!
Andare a piedi 'con questa canicola' sarebbe assolutamente improponibile.
Mi ricordo che ci siamo andati una volta sola a piedi: era inverno e sono rientrato in ufficio tutto sudato dal caldo...

Dovrei pubblicare una nuova news sul Content Management System, ma il System mi ha cacciato fuori. Meno male che ho letto il forum, altrimenti facevo la figura del pirla con la S.
Hanno buttato giù il sistema a causa di problemi con l'advanced editor.

Mi restano meno di quindici minutini di lavoro, poi a casetta. Vabbé che devo tornare per l'estrazione del lotto, ma preferisco tornare a casa. C'è sempre troppo caldo anche per cazzeggiare in ufficio. Preferisco andare a farmi una dormitina eppoi una doccietta.

Ancora poche orette eppoi sarò anche in ferie. Domattina ne faccio proprio un paio (credo). Poi portiamo E. in chirurgia pediatrica per quella faccenda del perineo. Anzi sarebbe meglio definirla quella storia dell'ano. Checcazzo di storia strana. Sembrano proprio due cornetti.
E più la guardo defecare, seduto sul bidet, mentre lei mi sorride da sopra il cesso, più mi fa' impressione e tenerezza.

Ho decisamente un po' di paura. So per certo che se dovessero operarla, mi stupirà per la sua compostezza e pazienza. Me lo dimostra in continuazione: è proprio la figlia che non mi merito!

Ma tant'è: per ora c'ho questa e me la devo tenere :-Þ

Bah.

Vado a vedere se il CMS sta funzionando, altrimenti me ne vado e tanti saluti alla direttiva n. 8 del 8 agosto 2006.

martedì, luglio 04, 2006

Does Anyone Get Rich on eBay?

Does Anyone Get Rich on eBay? By Elizabeth Millard
July 3, 2006 8:15AM

"There are those who get rich on eBay, but there is also more smoke than fire," says Joe Kennedy, author of "The Small Business Owner's Manual." "There are a lot of people working really hard and not making much money. The kicker is that they don't really realize it."

New browsers are coming that could make or break your online sales. Read ?SSL in High-Security Browsers? to discover the latest best practices for keeping your customers and sales secure.
In its nearly 11 years of existence, the auction site eBay has come a long way from its early days as a souped-up online flea market. Thanks to its anyone-can-sell business model, and a prevailing philosophy that there's a buyer out there for anything, eBay has become the granddaddy of all auction sites. Countless people have managed to sell an item or two at a profit.

Some people have even managed to make a tidy living by selling stuff on eBay, sacrificing nights and weekends to keep their inventories moving. And some of these so-called PowerSellers do well enough to ask themselves a potentially life-changing question: Is eBay a place where I can get rich?

Some PowerSellers claim that riches can be had, but that it takes an almost-obsessive focus on how the selling is done, what's being sold, and how inventory is managed. In other words, if someone selling $1 geegaws on eBay envisions buying a private island someday, he or she had better keep dreaming. If, however, those widgets are $50,000 each, some snorkeling gear might yet lie in the future.

The PowerSellers of eBay know that what seems to be a straightforward business venture -- you sell, someone buys -- is actually a complex maze of strategies, price controls, feedback, and site policies. Playing all of these elements to one's advantage can make the stock exchange seem like a snap. Whether the payoff from eBay can make a seller rich is another question entirely.

Going Past Gold

First, a little insider information. On eBay, to realize an enormous profit, you almost always need to become a Titanium PowerSeller.

A tiered system designed to reward qualified sellers, the PowerSeller program is by invitation only, and has a number of criteria that must be maintained to keep the designation. At the lowest level, Bronze, a PowerSeller must average at least $1,000 in sales per month for three consecutive months; have an account in good standing; and get an overall feedback rating of 100, with at least 98 percent of the comments marked as positive.

Just like credit cards, the more precious the metal, the higher the status. Bronze is followed by Silver ($3,000 in sales per month) and Gold ($10,000). The PowerSeller program makes a big jump at Platinum ($25,000), but that's a minor hop compared to the gulf between Platinum and Titanium. That top-tier designation requires $150,000 per month in sales, and sellers must maintain that level, as well as a 98 percent positive-feedback rating, to keep it. (continued...)

(Page 2 of 6)

Feedback plays an enormous role, which should come as no surprise to anyone who's ever bought something on eBay and been pestered to post positive comments. If feedback levels drop even slightly -- from 100 to 98, for example -- a seller's status is threatened. Once you lose feedback credibility on the site, it can be a hard climb back, even if 97 percent of the comments are positive.

Fortunately, a few annoyed buyers won't completely kick you to the curb, since the program calculates feedback ratings differently than the ratings visible on the member profile pages. What buyers see is a rating based on unique users, while the PowerSeller score is based on total feedback, to reflect the overall happiness of repeat buyers. Because PowerSellers depend heavily on repeat buyers, and Titanium PowerSellers in particular rely on such business, the system helps sellers maintain their status.

EBay does not release any numbers on its PowerSellers. According to Amy Joyner, author of "The eBay Millionaire," less than 4 percent of the millions of eBay merchants have earned PowerSeller status, and of these, only a tiny slice have gone Titanium. What they sell ranges from vintage Rolex watches to designer shoes to sports collectibles, Joyner notes, all the way up to Mini Cooper automobiles, jewelry, and computers.

Select Sellers

Although they are relatively few in number, Titanium PowerSellers do exist, and several started their businesses with modest means.

A prime example is David Wirtenberg, a 28-year-old entrepreneur who runs Outrageous Auctions, which has its own retail arm but also sells enough merchandise on eBay to garner the Titanium tag. Wirtenberg got involved in online auctions in 2003, while unemployed. His father-in-law suggested selling jewelry on eBay, and after only three months, Wirtenberg had lined up a supplier, hit the Titanium level, and began hiring employees.

Such success, seemingly overnight, wasn't without effort or the need for a cash infusion to get started, Wirtenberg says: "To ramp up, you need money, that's just the way it is." Although Wirtenberg shares no details on how he acquired his start-up funds, he does say that once inventory is in place, it's all about buckling down and working hard. He also acknowledges that it doesn't hurt to be selling expensive rings instead of 99-cent CDs.

However, selling expensive wares can be a Catch-22. The path to Titanium status might be shorter, with just a handful of items needing to be sold to hit $150,000 per month, but it's also much harder to convince people to shell out tens of thousands of dollars to an online seller. Even with the ubiquity of online retailers and the success of higher-priced items on home shopping TV channels, many prospective buyers still hesitate when it comes to punching in their credit card number or PayPal account details. (continued...)

(Page 3 of 6)

"If someone is scared to buy a $300 iPod online, think of how nervous they are to buy a $5,000 ring," says Wirtenberg. "That's why PowerSellers have to focus so strongly on conveying trust, and distinguishing themselves as individual sellers. People aren't buying from eBay, they're buying from us. And that's an important distinction."

Most companies are adamant that they provide stellar customer service even if they don't, but when PowerSellers talk about customer care, they mean it -- and the proof is in the ratings. Outrageous Auctions maintains a rating of 100 percent positive feedback, and Wirtenberg emphasizes that earning so many smiley-face icons takes a great deal of work.

"Whatever our customers want, we do," he says. "We follow up on everything. We understand this is a big purchase for most of them, but we know that once we have a new customer, that's our customer for life. So we put a lot of emphasis on giving them the greatest retail experience possible."

Powerful Evidence

Further demonstrating that PowerSellers seem to sprout from humble beginnings, another Titanium member, Mike Shelton, was working at a golf pro shop when he started selling on eBay to help his employer liquidate some extra inventory.

Before long, Shelton had taken on a partner and started a company, Designer Athletic, that sells retailer overstocks. Although the company has several employees to handle sales, Shelton still creates hundreds of auctions every day, and even fills some of the orders himself. In 2004, less than a year after the company was founded, it had revenues of $5 million.

Another Titanium PowerSeller, John Stack, started selling on eBay as he got ready to close his family's restaurant-equipment business in 1999. After putting 50 coffeemakers on the site, and getting far more money for them than he thought he would, Stack became an "eBayer," and began listing more and more items. He reached $10 million in revenues within five years.

Although all of these PowerSellers might hawk different types of items, and at different price ranges, they tend to have certain attributes in common -- for starters, very few start out on eBay looking to become Titanium sellers. Rather, they seem to have a knack for selling and find that eBay is an effective channel for their talents. They're willing to put in the inordinate amount of time it takes to answer e-mails, ship packages, create listings, and find new inventory sources. (continued...)

(Page 4 of 6)

"There are many eBay hucksters around, people who promise that amateurs can earn quick and easy riches by selling on the Web site," Joyner writes. "But these top-level PowerSellers are frank about the hard work that is required to truly build a multimillion-dollar business."

Making Bank

The lure of Titanium status might be compelling, but some eBay sellers believe that it's tough enough to make a decent living on the site, much less become a millionaire. "Can you get rich on eBay? In a word, no," says Terry Gibbs, author of "The Auction Revolution." Gibbs does a weekly eBay educational segment for Clear Channel radio, and was one of the first large consignment operators to do business on the site.

The problem, he notes, is the "volume trap." The only way for a seller to increase income is to list more items, but that means finding more wholesalers, amping up an inventory system, and spending more time packing and shipping.

"If you are selling new items, the competition ends up raising the prices you must pay for your stock," Gibbs says. "Also, once you establish yourself, others will undercut your prices in order to take your sales, driving your profits per auction down."

People selling used items also get slammed by the same market forces, he adds. If you are selling an antique or collectible, you can look up pricing information on eBay first, and then sell the items yourself for slightly less, rather than go through a PowerSeller.

There are sellers who can hack it, Gibbs says, but he believes they're few and far between.

"The majority of the larger eBay sellers sacrifice lifestyle for volume," he says. "The smaller sellers chase this volume because they think it's the only way and ignore the consequences."

But Gibbs does know some sellers who have managed to escape the list-and-ship treadmill by hiring employees. This will ease time restraints and leave the seller more time to investigate alternate sources of inventory, but it comes with its own difficulties. For one thing, paying extra workers eats into profits; for another, having an extra set of hands doesn't automatically mean that inventory issues will be solved. (continued...)

(Page 5 of 6)

"The sellers who can do it are masters at sourcing products," Gibbs says. "That's where the profit really comes from. The eBay auctions are just a sales channel. If eBay wasn't there, these people would still be successful."

Tricky Business

For those eBay sellers who don't trade in expensive goods, the path to riches is likely to be much tougher, maybe even impassable. Hitting the jackpot depends not only on the amount of time seller put into the effort -- which, by many estimates, is "every possible second" -- but also on how they manage inventory and budgets.

To succeed in making a living selling on eBay, one has to go into it with eyes wide open, says Joe Kennedy, author of "The Small Business Owner's Manual." Kennedy advises a number of eBay sellers and sells a modest number of items himself.

"There are those who get rich on eBay, but there is also more smoke than fire," he says. "What I've found is that if you're a buyer, you can get incredible deals, but the flip side of that is the sellers have to sacrifice to offer them. There are a lot of people working really hard and not making much money. The kicker is that they don't really realize it."

Although it seems odd that sellers would be unaware of losing money, Kennedy notes that it happens frequently, because of the way the system is set up. Sellers might turn over a healthy amount of inventory, get it shipped quickly, and have the money in their accounts promptly, but the level of detailed bookkeeping necessary can give sellers a skewed view of their operations. They might look like they're headed toward riches on paper, but in reality, it could be the road to the poorhouse instead.

"Some work like dogs, and they figure that because they're working so hard, they're doing really well," Kennedy says. "But the fee structures are complex with credit card services and auction management, and it could be that they're losing just a little bit of money on every deal. It happens far more often than most people think. EBay buyers wonder how people can sell things for so cheap, and the answer is: They can't."

To pocket a nice amount of revenue, a PowerSeller has to have access to good products at good prices. While that seems obvious, it's certainly not easy, says Kennedy. (continued...)

(Page 6 of 6)

"So many people are scavenging and undercutting each other," he says. "The sellers are a strong community, and support each other, but one thing they won't tell each other is where they get their products."

Going, Going, Gone

If a seller does manage to find a solid supplier, that's when the real work begins. To turn a profit, a seller has to be shipping every day, and often must broaden the product range to capture more buyers.

So, with the right pieces in place, it is possible to get wealthy, even if it means kissing most of your free time goodbye. But look at it this way: If you never take a vacation or have time to go out to dinner or even see a movie, then that just means more money in the bank, right?

"When you offer more products and do that much shipping, it eats up your time," says Kennedy. "To be Titanium, you have to be selling a lot, adding products, changing prices, tweaking your listings. On top of that, you have to figure out where the money is going in an extremely complex system. There are only so many hours in the day, and you'll end up using all of them on eBay."

Jim Griffith, who holds the title of dean of education at eBay, agrees that when it comes to success, eBay tends to foster an environment of "survival of the most dedicated."

"When you have the initial flush of success, it can be overwhelming, and you have to stay nimble," he says. "It's like any marketplace, where you have to constantly be on the lookout for more efficient ways of doing business."

Although eBay doesn't release figures on its PowerSellers, Griffith did note that the number of PowerSellers is climbing, and that those sellers are learning to be more flexible and strategic as the site evolves.

"The glib answer is that it's easy to get rich on eBay if you have the money to do it," he says. "But for those who don't start with capital, it really is possible to reap some serious financial benefits."

sabato, giugno 10, 2006

ALLOFMP3.com

Sito particolarmente interessante dove scaricare legalmente mp3, ogg, wmv e altri formati lossy che adesso mi sfuggono.


Is it legal to download music from AllOFMP3.com?

The availability over the Internet of the ALLOFMP3.com materials is authorized by the license # LS-3?-05-03 of the Russian Multimedia and Internet Society (ROMS) and license # 006/3M-05 of the Rightholders Federation for Collective Copyright Management of Works Used Interactively (FAIR). In accordance to the licenses' terms MediaServices pays license fees for all materials downloaded from the site subject to the Law of the Russian Federation "On Copyright and Related Rights". All these materials are solely for personal use. Any further distribution, resale or broadcasting are prohibited.

The works available from ALLOFMP3.com are protected by the Law of the Russian Federation "On Copyright and Related Rights" and are for personal use of a buyer. Commercial use of such material is prohibited. Recording, copying, distribution on any media is possible only upon special consent of a Rightholder.

The user bears sole responsibility for any use and distribution of all materials received from AllOFMP3.com. This responsibility is dependent on the national legislation in each user's country of residence. The Administration of AllOFMP3.com does not possess information on the laws of each particular country and is not responsible for the actions of foreign users.

domenica, aprile 02, 2006

Felicità pura sulla sabbia

 Posted by Picasa

Una giornata al mare

Meravigliosa giornata di sole e mare. La prima giornata di primavera al mare con la bimba quest'anno.
Impossibile non immortalare la Sella del Diavolo in tutto il suo splendore, sotto il sole di mezzogiorno a Cagliari. Posted by Picasa

April's Fool Day - Pesce d'Aprile

Ho voluto pubblicare un paio di articoli divertenti apparsi sulle pagine html che consulto costantemente. La notizia che mi ha fatto trasalire di più, poiché ero soprapensiero, è quella del kernel Linux in Windows Vista. Ci sono approdato leggendo il blog di un ex-dipendente Microsoft che è appena passato in Google (tale Robert Scoble Announcement, I?m going to Google ). Alla fine del suo articolo, annuncia candidamente "Update: did you see the Windows Vista news? Maybe I should have stayed at Microsoft!" e seguendo, appunto, il link sono arrivato a quella notizia del kernel Linux. Dopo un paio di secondi di atterrimento, leggendo di volata quelle oscure parole inglesi, ho capito che si trattava di un classico pesce d'aprile.

Esattamente come quello tentato in anticipo da N.S. giovedì pomeriggio in ufficio.

Bah...!

Sono un po' stanchino, la mamma non è ancora rientrata dall'addormentare la bimba ed io, come un pirla, non mi sono messo a vedere nemmeno un filmino. Mi sono accontentato di vedere Scrubs e basta.

Bah...! Basta scrivere per oggi.

How to Win a Street Fight - WikiHow

wikiHow by eHow
The How-To Manual That Anyone Can Write or Edit


How to Win a Street Fight

Although the best way to 'win' a street fight is to avoid one, we are not always so lucky. There are many fighting techniques around to deal with combat, should it come down to that, but taking a martial art or self-defense class doesn't guarantee your safety. This is a guide to help you in making simple, deliberate actions to end the fight.




Steps

  1. Try walking or talking your way out of it. Most people are only trying to establish a "tough," respected image. Nevertheless, don't "tip your hand" by letting them know your intentions in any given situation. If you can resolve a dispute without having to trade blows, do so, but don't invite a fight by looking weak, backing away too quickly, or showing too much fear or anxiety. Don't let your ego (or lack of it) become a liability to your safety.
  2. Know when and how to run:

    • If you are outmatched or outnumbered, or just not willing to fight, then run with the first opportunity.
    • Try to run towards public, well-lit areas where there will be others.
  3. Be aware of your environment:

    • Aside from various objects that can be used as weapons and traps, knowing where to run is very important--especially when you're outnumbered.
    • Use all of your senses fully. Don't just look around directly--use shadows and reflections to your advantage. Keep your ears open as well.
  4. Err on the side of caution, by assuming the following:

    • Your opponent is a better fighter, and has back-up.
    • He/she has a blunt or edged weapon, such as brass knuckles or a knife.
    • You will be hit. This is less of an assumption than a certainty, if you keep fighting after being hurt, you are less likely to submit.
  5. Keep your guard up. Even if it's only by extending your hands in a 'stay-back' type pose, it places something between you and your opponent. Nevertheless, do not allow your hands to become too far extended to harm either balance or striking ability. Also, do not allow the opponent to grab your hands or arms (break the grip with a quick rotation in the "weak" direction toward the opponent's thumbs) as either your balance or your orientation (by the cross-arm pull) may be easily compromised.
  6. Stay roughly two arms' length (about five and a half to six feet) from your opponent, allowing the distance to shorten only to attack or counter an opponent.

    • Try to stay on an opponent's 'outside' (i.e. towards the side, rather than directly in front). Remember that they can be an obstacle to themselves.
    • If fighting more than one opponent, move in such a way as to keep them in each other's way. Don't stay between them, and if possible limit the directions they can attack from.
  7. Attempt to evade an attack completely. Simply blocking an opponent with your arms or legs leaves the rest of your body in the way.
  8. Stay on your feet. Going to ground is very dangerous to the untrained fighter, especially if they have weapons, back-up or ground-fighting experience. Conversely, it is to your advantage to have your opponent(s) on the ground. Watch your opponent's balance for over-extension or other instabilities, and then quickly put him on the ground.
  9. Equally, minimize grappling time, as such opens windows of opportunities and exposure to other fighters. As arresting attacks tend to grappling, use leverage to put the aggressor on the ground.
  10. Balance is key. Keep your balance, and attack your opponents' balance when you can. Limit the opponent's movement of the feet and/or legs with your own feet and legs, move the opponent off balance, and protect your own balance by breaking the opponent's grip and by striking at the face (for instant disorientation during the fall).
  11. Attack any open, vulnerable spot without exposing too much of yourself. Damage to the face, temples, throat, kidneys, solar plexus, etc. may eventually incapacitate your opponent. Strategic strikes to the groin, the back of the head (temporarily disrupts vision), the knees, and the eyes are particularly effective without requiring much force, effort, or time. Attack the eyes with sand, dirt, mace, or other sprays. Fight, pursuit, and flight are all equally ineffective without sight (even temporarily).
  12. Phone the police or alert some other authority, even if you do escape. If you're in a club, and someone is up for a fight, find a bouncer. The 'fighter' may not just be looking at you for a fight. Such authorities are here to protect people, and are trained in dealing with this sort of thing.
  13. Remember in order of priority: walk, talk, fight. Fighting is an absolute last resort.


Tips

  • Keep calm. If you need to, breathe deeply. If you know how to clear your head, do so. Unwanted distractions will only make you more likely to get hurt.
  • If someone else is better trained at dealing with this situation, leave it to them. Don't try to interfere, as you may end up causing more trouble. Follow any reasonable commands they give you.
  • If attempting to escape in the 'middle' of a confrontation, you should ideally kick, trip, or send opponents off balance before running.
  • Keep things simple. Fights in films are choreographed. Real ones aren't.
  • Attacks from behind are difficult to see and avoid, and in a real fight, it is not 'cowardly' to strike from behind. Watch your back, and attack that of your opponent(s).
  • Many of the weakest spots are down the 'center-line' of the body (i.e. down an imaginary line drawn from forehead to groin). Take advantage of this in offense and defense, and try to face an opponent almost side-on, as it makes your 'center-line' more difficult to attack.
  • Be aware of the 'zones' of fighting (from the most distant); weapons, feet, hands, knees, elbows, grappling.
  • Think before you act. Only employ an attack, grab, or other offensive technique when you are almost certain it will work the way you want it to.


Warnings

  • High kicks are rarely a good idea, especially if your opponent is untangled. Keep them below the waist for best effect.
  • Fighting can cause injury or death, and land you in jail. Conversely, ineffective fighting can cost your life at the end of the day.
  • This guide is presented as an assistant for a difficult situation, and is not intended as a substitute for actual martial arts training. If you are concerned with learning to defend yourself against physical violence, find a reputable self-defense class in your area. If you do not know where to begin, consider asking at your local police station.


China buys Google | The Register

China buys Google

Mu Shu Porked

Published Saturday 1st April 2006 04:24 GMT

Exclusive The People's Republic of China has acquired a controlling stake in the United States' fastest growing technology company, Google.

Google announced the transfer of 140m shares of Class B stock to a new entity owned by the Chinese Ministry of Information in typically forthright style. The news was disclosed in a Captcha graphic on its Google Canteen Menu weblog; investors had to click a hidden link to see the announcement, and then decode a stenographically-hidden message watermarked into the JPG file. Once decrypted, the message read:

gee it's raining here in mountain view and my cats hungry so we thought we'd better update you on our corporate finances. we've sold out to china. have a great weekend boo-yah!! lol

No other details were forthcoming.

The deal raises urgent national security questions, a six month investigation by The Register's Silicon Valley staff can reveal.

Amongst the assets acquired by the Chinese government is NASA's Ames Research Center. Google announced a partnership with Ames last year, and, as it turns out, the move laid the groundwork for the takeover by the PRC. The Chinese will gain control of the world's largest wind tunnels - devices that when opened up could be used to push the smell of Mu Shu Pork across much of Silicon Valley, or conversely be used to spread avian bird flu, or mind-altering substances.

Ministry of Information officials were conducting examinations at the Ames facility today, and requested rush hour traffic on the adjacent Highway 101 be re-routed. Caltrans officials agreed to the request.

President Bush uses Ames as his landing pad for Northern California visits and is expected to do so under the Chinese ownership.

"The Chinese make the blankets, headphones, chopsticks, stereos and tires on Air Force One," said White House spokesman, Scott McLellan. "I don't see why they can't land the damn thing too."

How we didn't break the news

It was a picture taken by a Register reader from inside the Chinese Propaganda Ministry six months ago that prompted our investigation. The shot appeared to show Government artists harnessing the youthful charisma of Google's founders for a productivity campaign.

Only when we saw further evidence of the artwork did the penny drop.

China's Google: putting the charisma to work

[ Click to unblur]

Google's founders have reciprocated the gesture, and as this photograph ahead of today's official announcement shows, they are making extraordinary efforts to have the company's new management feel at home.

Google's China: we welcome our new overlords

[ Click to see excellent Plastic Sergey-ry ]

The cosmetic surgeon who supplied the evidence confirmed the operations had been successful.

Our investigations suggest that Google has been working on behalf of the People's Republic for many years. Its activities include collecting data on US citizens - Google recently fought a US government request to hand over its data in the courts - and owning key parts of the nation's communications infrastructure.

In fact, security analysts who've seen the evidence suggest that Google is little more than a PRC front organization.

Behind the colored balls

The roots of the Google/China conspiracy can be traced back to Sergey Brin's father Michael Brin. The Russian-born mathematician grew disaffected with the USSR's brand of communism and joined an elite task force of communist China sympathizers operating out of Moscow. Members of the organization - Chinuks - would pass messages to each other inside of plastic, colored balls. Their shared mission was to revive a purer Maoist form of Communism in China, and they planned to aid the country through technology advances.

Sergey grew up learning the ways of the Chinuks and from an early age committed himself to bringing Michael's dreams to fruition.

A team of Chinuks worked with Sergey for fifteen years to create a search algorithm powerful enough to attract hundreds of millions of people to their product. The Chinuks and Brin managed to convince Stanford, and later German Andy Bechtolsheim, to fund their efforts. The group also handpicked Larry Page as an American patsy to distract attention away from their dark ambitions, and then cemented the masquerade by hiring a retired teacher, Eric Schmidt.

Until early this week, Schmidt had no idea he was fronting a data gathering operation for a foreign power, and had told friends and family he was supervising an after hours therapy center for local children suffering from Asperger's Syndrome.

Billions of dollars and a steady supply of crayons have kept Page and Schmidt quiet.

In peril: Our Nation's Youth

The Register's investigation has turned up evidence that Google has been feeding data on US citizens to China for years. But more disturbingly, psychological experts and economists are concerned that Google's enthusiasm for addictive and distracting technologies such as "Web 2.0" will fatally sap US productivity for years to come.

"It's the Opium Wars in reverse," said one former national security adviser, speaking under condition of anonymity.

The deal also compromises the United States' lead in the strategically vital areas of blogging software, AJAX-powered PowerPoint clones, and dysfunctional video services of cats falling out of trees.

Glimpses of what the new Google website looks like can be seen here.

China's Google: Great Leap Forward In Search Quality

[ Click to see Great Leap Forward in Search Quality ]

Even Google's Maps has not escaped the PRC-initiated makeover. International policy relations experts tonight expressed concern about some of the changes:

China's Google: Ominous warning

[ Click to see Ominous Warning ]

Coincidentally, today, the Chinese news service Xinhua reported that dot com era publisher John Battelle has been appointed to the Ministry of Information's Propaganda Unit. ®

[Thanks to Splinter Products for the shots from inside the Chinese Propanda Ministry, and inside the Sergeyry.]

Microsoft Patents Ones, Zeroes | The Onion - America's Finest News Source

Microsoft Patents Ones, Zeroes | The Onion - America's Finest News Source: "Microsoft Patents Ones, Zeroes

March 25, 1998 | Issue 33?11

REDMOND, WA?In what CEO Bill Gates called 'an unfortunate but necessary step to protect our intellectual property from theft and exploitation by competitors,' the Microsoft Corporation patented the numbers one and zero Monday.

Enlarge ImageMicrosoft Patents 01

At a press conference beamed live to Microsoft shareholders around the globe, Bill Gates announces the company's patenting of the binary system.

With the patent, Microsoft's rivals are prohibited from manufacturing or selling products containing zeroes and ones?the mathematical building blocks of all computer languages and programs?unless a royalty fee of 10 cents per digit used is paid to the software giant.

'Microsoft has been using the binary system of ones and zeroes ever since its inception in 1975,' Gates told reporters. 'For years, in the interest of the overall health of the computer industry, we permitted the free and unfettered use of our proprietary numeric systems. However, changing marketplace conditions and the increasingly predatory practices of certain competitors now leave us with no choice but to seek compensation for the use of our numerals.'

A number of major Silicon Valley players, including Apple Computer, Netscape and Sun Microsystems, said they will challenge the Microsoft patent as monopolistic and anti-competitive, claiming that the 10-cent-per-digit licensing fee would bankrupt them instantly.

'While, technically, Java is a complex system of algorithms used to create a platform-independent programming environment, it is, at its core, just a string of trillions of ones and zeroes,' said Sun Microsystems CEO Scott McNealy, whose company created the Java programming environment used in many Internet applications. 'The licensing fees we'd have to pay Microsoft every day would be approximately 327,000 times the total net worth of this compa"

Microsoft Buys OpenOffice.org!

OpenOffice.org: Home: "Microsoft Buys OpenOffice.org!"

For an undisclosed sum reputed to be in the billions, Microsoft's Bill Gates has personally bought the leading open-source desktop project. Saying he 'was sick and tired of open-source eating away at his profits,' the world's richest man decided to put an end to the nuisance and simply buy OpenOffice.org. It will form part of a growing list of Microsoft acquisitions, including several erstwhile competitors, a considerable number of prominent politicians, and a few small governments.

The initially stunned OpenOffice.org community--a happy-go-lucky international band numbering in the hundreds of thousands--later turned to champagne to celebrate their newfound wealth. 'Bless Bill!' one happy Torontonian exclaimed, bubbly in hand. 'With all this money, I can beat Mark's time in orbit!'

Gates has assured all current OpenOffice.org users that their future migration path to Microsoft Office is guaranteed thanks to OpenOffice.org's faultless support of MS Office files formats. Users can further rest assured that the full functionality currently provided by OpenOffice.org 2.0 will be available in MS-Office 2020 - or possibly 2030.

* Full Press Release"

sabato, aprile 01, 2006

Microsoft to release Vista with a Linux kernel

The Tech Journal » Microsoft to release Vista with a Linux kernel: "Microsoft to release Vista with a Linux kernel April 1, 2006

After years of delays and months of rewriting code the Microsoft Corporation has taken a new direction with Windows Vista. Microsoft will release Vista with a Linux kernel. At the press conference Bill Gates had this to say 'We are very excited at the new direction of Windows Vista. With help from Novell and IBM we have leveraged the Linux kernel and have built our GUI as a Window Manager on top of X.org. This brings the friendliness and usability model of our Windows operating system and married it to the stability and rock solid security of Linux.' When asked why Microsoft took this route Jim Allchin said ' For years our competitors and business partners have been telling us they want everything the Linux kernel offers. It was the right thing to do.' Allchin also had this to say 'With such great work being done in the Open Source community we also will be using OpenOffice.org as the base of our Office 12.' When asked how long the delays would be to bring these products to market Gates said 'What delays? 90% of the work is done for us and we didnt have to pay, this cuts our development costs and time to market considerably.'

Linus Torvalds took the stage and after a heartwarming embrace of Bill Gates Linus had these remarks, 'Its so wonderful that Microsoft has taken our work and used it to bring to market this incredible new OS. I am ecstatic of these changes'

It has been confirmed that Linus will start a new job at Microsoft as the President of Platform Strategies. When asked of his new job at Microsoft Linus said 'OSDL wasnt doing anything to help Linux along, all they did was siphon money off of our key members. Im very excited at the direction Microsoft plans to take Linux and finally feel Im in the presence of people that care.'

The new OS will be available under Microsofts"

domenica, marzo 19, 2006

Zoom sul prodotto

Questo è il telefonino che mi sta' facendo impazzire in questi giorni.
Il mio Siemens S55 ha fatto un volo di troppo dalle mie mani e, cadendo a terra, ha fracassato il tasto "3".
Ora sono tremendamente indeciso sul telefonino nuovo da prendere. Mi sembro orientato a prendere di nuovo un Motorola, non mi sento ancora molto pronto a passare a Nokia...
Per quanto il Nokia 7210 con quei tasti disposti in maniera così inusuale mi ispiri qualcosa.

Mi odio...
Ci metto 5 secondi per decidere se comprarmi una penna e faccio la tragedia greca quando si tratta di un telefonino: in effetti non è che l'effetto patrimoniale-economico sia esattamente comparabile... Però, Sant'Iddio, potrei avere anche le idee un po' più chiare.

Bah...
Me ne vado a letto ché sono stanco morto, anche se ho dormito tre ore (3) nel pomeriggio. Domani pranzo con i suoceri... Non sarà uno scherzo!!!