Slashdot Mirror

"already has libraries written" = "someone else had to write it". That tells nothing about how difficult it was.

I could similarly say that "Quicksort can be implemented as 2 lines of C code (because a library's already written)".

Besides, Erlang isn't really a purely functional language. Well, "pure functional" languages hardly ever amount to more than academic toys, but there are other languages that come a lot closer.

Here's a one line Erlang program:
hello() -> io:fwrite("hello\n").

See that "fwrite"? It means "write to the file called io". Telling the computer to do something- that's imperative.

Here's the equivalent in ML:
val it = "hello" : string
The criticial distinction here is that there's no verb-equivalent. In a functional style, everything is either a statement of fact- standalone like a noun (constant), or relative to another like an adjective (function). ML isn't purely functional either, but it looks closer.

Of course, any useful language can be used for programming in either imperative or functional styles (with some small additional awkwardness). Take the QuickSort example someone gave. Even though they're called "imperative" languages, developers working in C++, Java, or Perl would tend to implement something that directly follows the functional outline.

(Note that some academics will say that the criticial distinction of a functional language is that functions are treated as first-class objects. "functional vs non-functional". I'm using the simpler definition- functions as per math functions- which treats the distinction as "functional vs imperative")

Nintendo uses Lisp for game programming, maybe even Mario64.

Of course I haven't seen the code, but if they're at all like most game developers, Mario64 isn't written in Lisp- it is C and assembler. "Behaviors of monsters inside the game" may be in Lisp, that's a fairly common approach. But not "the game" itself. Things like "load the texture resources from disk, calculate normals for polygonal models, run a 40hz event loop on gamepad input"... they're just too hard to describe functionally.

Check out the 3rd-party utilities and web sites to get what you'd like:

• ThemePark : Theme design utility
• Duality : A theme changing and checking utility
• Catalyst : A theme creation utility (recommended for use with ThemePark)
• MetamorphX : Another theme switching utility
• ThemePark : Theme design utility
• ResExcellence Themes page : Get your OS X appearance themes here

Just as Christopher Hitchens does, I do admire the consistancy of the true Pacifist. The admiration ends there.

If you are a true Pacifist, you are relying on everybody else playing by your rules of niceness. Getting pummeled into pulp by an uncooperative, evil foe does neither you nor the cause you advocate any good.

You qualify your statements to allow for this, hopefully when another "Band Aide" event comes along you and others will realize that the problem is not a natural disaster, but one of a brutal government starving people through forced relocation with a solution that must go beyond "chatting it out" and requires the victims be protected through the use of force.

As has been pointed out by many in this forum, Ghandi had the advantage of challenging a foe that posessed a serious "nice streak". Had he been against Milosovich, Pot, Saddam, Stalin, Hitler, etc. the outcome would certainly have been different.

Perhaps you might enjoy reading "A Bed For the Night" by David Reiff for some of the real world implications and complexities of humanitarian causes. I purchased this book a few weeks ago and just got into reading it last night (after seeing the author on C-SPAN several times).

1. Fifty-Year-Old Computer Being Restored

On Monday November 22, @10:50PM with 116 comments

James Green directs us to "a Sunday Age (Melborne) article which describes the discovery of a 52 year old computer found in a dusty warehouse weighing in at...

I guess Geek.Com is behind ;-)

2. The first Transistor computer, TX-0, was restored to demonstratable condition in the 1980's by The Computer Museum. Yes it worked again, No question; as an original member and early volunteer of TCM (before the first tmove), I was there, and saw it run.

TCM was once of Boston, then of Marlboro, now of SilliValley. See the TCM Project Description and the Alumni page. It was built in 1957, so would be only 45 years old. I'm not sure what happened to it when DEC sold the building, or John McKenzie, who got it to work again. Shag Graetz's classic Creative Computing article on PDP-1 SpaceWar includes it's TX-0 predecessor. (and French translation) The TMRC pages include TX-0 history as well. See also Levy/Hackers

-- bill / n1vux

Posted by Charos on Jun 3, 2000
Removed some dead links - 3/29/2001

I'll post a few links...the first few don't have scientific backing and just mention him being catholic...have you ever read Mein Kampf? I have and there is a quote directly from that book where Hitler says something along the lines of "I always have been, and will always be a catholic"

* http://www.richardhoskins.com/hrempir.htm

(read the section on WW2...a small quote "Adolf Hitler was a Catholic. As leader of the German state he signed a concordant with the Pope in 1934 in which it was agreed that he would protect Church assets in Germany in return for Catholic political endorsement and support.")
* http://www.oaktree.net/maranatha/promise.htm
* http://www.americanatheist.org/aut97/T1/editor.htm l
* http://ragnarok.umbc.edu/leonenet/1999-2/6445.html
* http://www.americanatheist.org/aut97/T1/editor.htm l
* http://christianbiblestudy.org/MOS/_MOSOPS/Hitlerc h.htm

OK...I could put more links...but I think you get the idea...but just in case...here's a direct quote from Hitler:

"My feelings as a Christian points me to my Lord and Savior as a fighter. It points me to the One, who once in loneliness surrounded by only a few followers, recognized these Jews for what they were and summoned men to fight against them." --Adolf Hitler, (1889 - 1945) Hitler's Speech in Munich APRIL 12, 1922

Need I go on? Hitler was a devout Catholic who paid his church taxed 'till the day he died...In fact both Pius XI and XII praised him as one of gods warriors...

Even today, when I refer to Hitler's Catholicism in conversation or a speech, it immediately becomes apparent that I have said something "not quite nice," and I am often challenged. Nontheists, I then explain, know that many modem tyrants, whether petty tyrants such as Richard Nixon, or more successful tyrants such as Hitler, have regarded themselves as exemplary Christians, an estimate their followers had no trouble accepting. Hitler's religiosity--he was a Catholic until his death--is often glossed over, but it is critical in understanding his motivation.

I have often reflected, wistfully, on how much happier modern history might have been had Hitler been brought up as an atheist, an agnostic, or, at least, a Unitarian. Born and bred a Catholic, he grew up in a religion and in a culture that was anti-semitic, and in persecuting Jews, he repeatedly proclaimed he was doing the "Lord's work."

You will find it in Mein Kampf.- "Therefore, I am convinced that I am acting as the agent of our Creator. By fighting off the Jews, I am doing the Lord's work."

Hitler said it again at a Nazi Christmas celebration in 1926: "Christ was the greatest early fighter in the battle against the world enemy, the Jews . . . The work that Christ started but could not finish, I--Adolf Hitler--will conclude."

In a Reichstag speech in 1938, Hitler again echoed the religious origins of his crusade. "I believe today that I am acting in the sense of the Almighty Creator. By warding off the Jews, I am fighting for the Lord's work. "

Hitler regarded himself as a Catholic until he died. "I am now as before a Catholic and will always remain so," he told Gerhard Engel, one of his generals, in 1941.

There was really no reason for Hitler to doubt his good standing as a Catholic. The Catholic press In Germany was eager to curry his favor, and the princes of the Catholic Church never asked for his excommunication. Religions encourage their followers to hold authority in unquestioning respect; this is what makes devout religionists such wonderful dupes for dictators.

What happened here is that the submitter read or heard something about a wireless honeypot being used to trap wardriving/walking etc. activity, and thought that the term just meant a free access point. He's confused.

Since when did a honeypot become a free wireless access point? Last time I checked the idea of a honeypot was to log and monitor the activities of Crackers.

For more Details on what a Honeypot REALLY is check out this page

If you're a Network or System Administrator, you should KNOW you're not safe.

You SHOULD be testing your systems constantly.
You SHOULD be installing new patches.
You SHOULD be subscribed to CERT style mailings.

You SHOULD NOT think you are safe because you're small. Security though obscurity is the biggest false sense if security I've seen. Former employees, especially the guy you replaced are a pretty large threat.

For beginners out there, here are some places to start... (Some of these are OLD links, but still contain some useful information and yes, they're Linux oriented.):
Beginners Guide to Armoring Linux
Linux Security Guide
Nessus
Traditional HOWTO

> Remember Copy II+"

What, no mention of COPYA, Muffin, Disk Muncher or Locksmith ? ;-)

I still remember how Copy ][+ had 1 BIG sector on tracks 2 and 3. The thing loaded *FAST*.

"Cracking Techniques" was a bunch of text files describing how to break each game protection. It even had a 'tut on Copy ][+. Copy the ROM over to the language card. Modify the RAM so that reset would enter the "monitor" (built in disassembler on the Apple), and then finally make the 16K language read only. Copy ][+ never checked for the language card, so voila, you had a memory image. Moving the memory down so that DOS 3.3 wouldn't clobber it, and then BSAVE COPY ][+, A$800,L$8E00 :) (Dos3.3 started at 0x9600)

> all those cool things...like modified TOC's....

Sad, that I still remember that the DOS3.3 TOC was on track 17 after all these years. I like how some games would embed control-chars in the filename.

{rant}
My 8-bit Apple had 20 character filenames. Who's the dumbass that limits filenames to 8.3 in CPM and MSDOS ?
{/rant}

> Half tracks....

The Apple drive was actually capable of 1/4 tracks. I believe Broderbund games made use of it. Write a small section on track 0. Increment to track 1/4, write another small section. Repeat. Normally, tracks were 4 quarter tracks apart, due to interference from data written on quarter tracks.

> Modified sector headers....

The thing that made Apple games disk so much fun to backup was that the drive couldn't write 2 consequetive zeros (aside from Sync Bytes, which was 0xFF, followed by two zero bits.) Ah, the days of 5+3 (13 sector tracks) and 6+2 encoding (16 sector tracks). For 6+2, you expand a sector of 256 bytes out to 384 bytes.)
Some interesting technical info here http://www.enteract.com/~enf/afc/apple2

Little bit of history here http://apple2history.org/history/ah15.html

Then someone figured out that you *could* write a few "illegal" bytes, such as C5.

> having to use the nibble editor

Copy ][+ had a ton of options for it's nibble editor. And if you still couldn't make a backup, there was always the option of boot tracing the program. Remember how the first sector had to be delimited by D5 AA 96 because thats what the Disk Prom checked for.

Some interesting cracking technique from yore:

Wildcard and Replay were 2 interesting products. They generated a NMI and let you enter the disassembler. I wanted one, but found out that I didn't really need one after I learnt about that language card trick.

The other trick to "stop" a game, was to search for 30 C0, since that was the address of the speaker! (I was *so* thankfull Copy ][+ ver 7 added a search bytes function!) Change a few bytes, and now the game will stop when it tries to play a sound. ;-)

Cheers

E15: What is the Gazebo story? And what's the Head of Vecna?

Both of these are gaming stories that have been told and retold so many times that they have taken on the air of urban legends--where the original DM is a "friend of my sister-in-law's uncle's second cousin" and if you track that path down, it turns out to be just that, a story. However, in both of these cases, the original tellers are known, the original versions are archived on the web, and both stories really happened!

The Tale of Eric and the Dread Gazebo, by Richard Aronson, is about a player who didn't know that a gazebo is a hutlike building typically found in parks, and had his character attack one. The story was originally written in 1986, and various versions of it can be found all over the web. One such place is the rec.humor.funny webpage; another, with some background into how the story spread, can be found at DreadGazebo.com.

Whereas the tale of Eric and the Gazebo is about how lack of knowledge can be a dangerous thing, The Head of Vecna, by Mark Steuer, is more of a morality tale about how greed can make you stupid. Most *D&D players have heard about the Hand and Eye of Vecna, powerful artifacts which require the owner to cut off his own hand or eye in order to gain the powers. In this case, the characters found what they thought was the Head of Vecna, and ended up with several headless--and thus very dead--characters. The full story can be found at on the web at Stan Berry's webpage.

I had an account with Enteract for four years, and recently switched to AT&T business DSL. The problem here is that Enteract was bought out by another company about 7 months ago and they don't seem to be honoring cancellation requests by "old" enteract users. I have put in 3 telephone calls and left messages (which they said they would promptly return my call on). I have also e-mailed them 2 times. Still no phone call or e-mail reply, and I just got billed for another quarter of service.

The first step (really!) is to get a security policy in place. This really doesn't have to be anything special-- but it does need the buy-in of ALL groups affected (sysadmins, developers, marketing, sales, executives, etc.) That's really the only hard part.

Probably the quickest way to get started is to head to the SANS security policy project and adapt their sample policies to your company. This is one of those rare cases where it's more important to get something in than it is to get it right the first time. Policies can be changed fairly easily-- but you don't want to go to all the trouble to implement a secure environment only to have someone on the inside fighting you every step of the way.

Now the fun part-- actually securing your systems. Here are some pointers on places to start:

1) Review the SANS "top 10" security vulnerabilities and make sure they're covered.

2) Review Lance Spitz's excellent collection of host security information and make sure to follow his recommendations.

3) Make sure your firewall rules are set up with the security best practice of "minimum access to get the job done". Far too many firewalls allow traffic they shouldn't.

4) Get NMAP, a network mapper, port scanner, and OS identifier and run it from the Internet to your exposed (i.e. DMZ) hosts. Also run it from your exposed hosts to your internal network to validate that only the traffic that should get in can get in. (The traffic allowed back in from your DMZ should be very little, preferably none.) If you find anything that is inconsistent with what you think should be happening, check your firewall rules again.

5) Grab a copy of the Nessus security scanner and run it against your newly secured systems. If it finds anything, read the description of the problem and see if it's something you can fix. You can bet that everything you find here will also show up on your "security audit" since most "audits" are just someone running a tool like this and then feeding the output to the consultants to make it all pretty for management.

6) You should have most of the obvious, widespread holes plugged by now. This would be a good time to get some sysadmins out to some classes. Verisign has a number of excellent general Internet security classes. I'm sure there are lots of other good places, too. I was pleased with Verisign because of their Internet focus. Too many security classes only concentrate on host security and neglect network security.

7) Get the application developers at your site to read and follow Dave Wheeler's writing secure programs guidelines. This is a lower priority than OS/network security since these holes are likely to be specific to your site only. Only a determined hacker is likely to find and exploit them-- however exploiting application bugs/holes can severely disrupt your business. What happens when an electronic data interchange transaction gets bogus data inserted? How far will that bogus information make it in before it's detected? In the worst case these bugs could result in people getting free products/subscriptions, stealing credit card info, or destroying data inside your systems.

8) Now it's time to get that audit. They will be able to tell you what you missed in the previous 7 steps. Why wait so long? Most places will keep looking until they find something to report. If you do this too soon, the subtle security problems will be lost in the noise of all the obvious problems the previous 7 steps would have fixed. If you do this last, only the "hard" problems are left for them to find.

Remember above all that this is an ongoing process. Keep current on your patches, and repeat all the above steps regularly to keep all the bad guys away.

Anyone try riding a bicycle on ice?

You need to take a trip to the ICEBIKE website....

I rode through the Michigan winter this year. It was a pretty mild winter, and they're pretty fast to clear the roads around here. But it is possible to ride under those kinds of conditions--go very slow, and be very sure you know how much turning/braking you can get away with before you skid!

Oh, and get some really, really good protection for your extremities--the rest of your body will stay warm from the exercise, but those fingers can get cold fast....

--Bruce Fields

(BTW, mine is pretty cool too.)

Although his workmanship may have been a little better in creating the box, mine is much cooler looking! And it is running Linux. Heh.

They cost ~£150 (or atlest thats how much I paied when they first came out)
They are pritty cool, and by default you can make some niffty stuff (like RADAR's). See the website, or the back of the box for actual content.

You need a serial port (Mac users think USB to serial port atapter).
To develop "applications" for them, either use
The Stuff That They Come With (crappy, aimmed for kids)
VB, or other OCX-enabled Windows Delopement System

Not Quite C, aviable on most plateforms, including UNIX (and alikes (Linux)), Win32, BeOS and MacOS. As the auther of the BeOS port, I can say it's piss easy to port if you need to.

LegOS, A miniOS for the RCX, looks pritty darn cool.

leJOS, Java RCX and tinyVM for Java based interfaces.

mlk

I've yet to see someone produce a readable guide about version control abstracted at a high level bringing all the terminology together. (Incidentally, I'm about to release one; email me for a draft.)

Some good work in clearing up the CM-terminology has been made in:"Streamed Lines: Branching Patterns for Parallel Software Development"

1. Use a branch-per-task scheme.
2. Enforce via the commit_prep stuff that only the "owner" of a particular branch can commit to that branch. Linus owns the trunk.
3. Small-time kernel contributors can send patches to any major kernel maintainer (someone maintaining a branch) to try to get them to include it.
4. When Linus is happy with somebody's branch, he can merge it into his working branch, and eventually the trunk.
5. Anyone who wants can check out someone else's branch (like Alan Cox's) for their own use.

This Article now moved here (mentioned in this story) gives quite some insight into the psychology of script kiddies.

It is basically about a sysadmin who tracks the people behind the DOS attack and observes them for a while.

Quite interesting read, too paule_

Here are some excellent step-by-step instructions on securing Linux, Solaris, and NT.

Here are some excellent step-by-step instructions on securing Linux, Solaris, and NT.

Here are some excellent step-by-step instructions on securing Linux, Solaris, and NT.

Some of these will be applicable to managing your algorithyms or making your software more flexible.

Am I just being close minded to the ideas of OOP or do my problems just require 'procedural' solutions, which are better solved using procedural techniques?

It is possible that your key algorythyms will remain lumps of procedural code, OO languages allow this. There is advantage in an application of any size in the judicious use of OO techniques.

Follow the arcade link from my home page.

When compiled and run, it prints out the 12 days of Christmas.

12days.c

And this one is has very interesting source, I think it calculates pi.

pi.c

When compiled and run, it prints out the 12 days of Christmas.

12days.c

And this one is has very interesting source, I think it calculates pi.

pi.c

On another note, I don't really see much else that is new with the system. I always found lego's programming language to be clunky to say the least, so I have used NQC (Not Quite C). With that in mind it seems that lego is just trying to create a little hype for the mindstorm kits without having changed them much.

When TSR's Indiana Jones RPG, miniatures, and related products came out, much was made of the "Nazi(tm)" trademarks, used under authorization of LucasFilm. However, the trademark actually applied to the word in conjunction with specific artwork.

I believe EZBoard is written in Smalltalk

Volkswagen Beetles with code in Smalltalk

Extreme Programming was invented while Kent Beck was consulting on Smalltalk projects

I think that's enough for a start :)

The first currency based on a backing with e-gold is Plats, found at a MUD called Dark Castle. I have not played, but if 'net-longevity is anything, it's been around for a WHILE and users don't complain about it to me.
JMR

The first currency based on a backing with e-gold is Plats, found at a MUD called Dark Castle. I have not played, but if 'net-longevity is anything, it's been around for a WHILE and users don't complain about it to me.
JMR

A quick search on Google turned up plenty of examples, like this one.

InfoWorld had an interesting article on the success of using easy to hack systems to trap and analyze hacker attacks

Another article entitled Honey pot networks can gather evidence for catching and prosecuting hackers. is also on InfoWorld

The site these articles are based off of is located here. There are a lot of interesting whitepapers and other materials including the scan of the month to enthrall the slashdot crowds

Recall that originally C++ used the Cfront compiler to generate C code which was then compiled as normal. Also, NQC for Lego Mindstorms is a replacement programming language that surpasses the functionality of the graphical programming tool Lego provides.

Perhaps someone will build a CFront-like compiler to generate YaBasic statements from a higher level language (such as Perl) allowing for more fully featured programming. YaBasic may be a small step right now, but I can see technically skilled PlayStation2 programmers coming up with replacement (or at least a wrapper) for YaBasic (though Sony UK is not off the hook for supplying a cheesy language for their system).

Note: I'm kidding about using Perl. Ugh... (shudder)

okay, so the link I posted was only a temp link from the thomas search engine. If you would like to read Title VI of the bill, you can read it at:

http://www.enteract.com/~leklund/title6.html

Sorry for the confusion.
lukas

There are some good articles out there. Check out Armoring Linux which has some really nice tips & tricks on how to start out securing your box. Of course, I hadn't done it yet, cause I wasn't that paranoid... however, minds change. :-)

Cheers,

Costyn.

Its a handy little site, covers firewalls in NT and Linux, how to properly armor a NT, Solaris, or Linux install (from the perspective of Redhat, but thats easily adaptable), and for those of you that are a bit more curious, he has a "How to build a honeypot" section.

Enjoy!

I agree with a lot of your points but your Ralph Nader analogy needs some clarification. Nader did what he did because of a genuine concern for safety. His entire purpose was to get these things fixed. Script Kiddies do not do it for this reason...they do it because they can, because they can impress their friends with their cut-and-paste
coding abilities (see this site for what I mean).

But the reason they CAN do it is because of shoddy design or implementation of software by designers and sysadmins. I would rather have everyone know about a buffer overflow problem in sendmail or a DNS exploit than only the black hats. Sometimes sysadmins and designers aren't aware of problems and a "grey hat" who creates a cut-and-paste exploit program makes them aware rather quick. This give impetous to fix it.
For instance, if I found out that every 3rd key in my town could open my back door, I would be concerned. I might have to fix that someday, in case anyone finds out. If I found out that someone published this information in the local paper and was giving away a machine to cut those keys, I would have my locks changed NOW.

And I would test my lock better.

And I would demand a new lock design so this could not happen again.

And I would make sure, possibly by lawsuit, that the lock maker doesn't continue selling that particular lock.

How long do you think MS or some engineer that worked for them knew something like Melissa or ILOVEYOU was possible but didn't bother to fix it until it happened. How long were the other holes around and used by black hats before they were uncoved and "published" by the grey hats?

Makes you wonder...

Included are useful details from somebody who could secure his machines to keep out the script kiddies, but instead choose to leave a few otherwise-unused machines undefended and log the results.

Included are useful details from somebody who could secure his machines to keep out the script kiddies, but instead choose to leave a few otherwise-unused machines undefended and log the results.

SPACE WAR can be played right now right here (if you have Java) - it runs the original PDP-1 code in a Java emulator. Story of it's development in early 60's here

(Thanks JL)

Does tracking what's done and said in public by frauds, liars, and criminals differ all that much from the Honeypot project mentioned right here on Slashdot earlier?

Does libel have a right to stay up? Does terrorism? If a Microsoft toadie went around posting lies about Linux on web discussions, saying blatant, fraudulent untruths to people who don't know better (and wouldn't listen to you anyway), would it worry you if eWatch went to work on them as well?

If you had a company and someone trashed it on the net, saying it slaughtered innocent bunnies in its research (when in fact the only thing slaughtered was a lot of Jolt and pizza by the coders in the basement), would you look to see what they said elsewhere?

You know, so far as the article goes, eWatch isn't doing any spying or invasion of privacy -- it's just tallying up what people see fit to say in public, and sending that information on to people who might be interested. This is a lot like filtering which is a lot like "Open Journalism", right? And free speech works both ways, I guess; if you say something, then someone who disagrees with you has a right to say that too. Or is that not if the other someone is a corporate? Does the bill of rights not apply to them?

These are all questions, you know, not statements. Answers will have to come from you.

Lynch has disavowed the TV extended version to the point that it says "an Alan Smithee film" in reference to the Director's Guild pseudonym that is used when a film is abused by the studio w/o the director's consent.

That's interesting. Harlan Ellison uses the pseudonym "Cordwainer Bird" for the same purpose.

See the history articles at http://www.enteract.com/~enf/afc/tty
(scroll down, the X articles are toward the bottom)

How is this different from Mindstorms? It sounds pretty similar, except that the software for MindStorms has been ported to other platforms (like Not Quite C).

darren

If you are looking for scriptkiddies, this type of honeypot is perfect for you. Scriptkiddies look for the easy kill, the box that shows the listening port that they can try the newest 'sploit on. However, the "professional" cracker generally has a specific target in mind, goes for that target and nothing else. The other thing is that he gets in, gets what he wants and gets out, and nobody is the wiser.

The other question that should drive your decision to deploy a dedicated honeypot (and your entire security policy) is what you are trying to protect. Are you using the honeypot for learning purposes? Then this is probably the type of 'pot for you. If you are setting it up as a tripwire or trigger to watch for untoward activities, then you might consider setting up something a little different. You should also consider what type of network you are setting this up on, and what the cracker stands to gain if he owns that particular box.

The second type of honeypot involves setting up scripts and whatnot on existing machines. It falls as much into the range of Intrusion Detection as it does Deception.

This method uses scripts which listen on common unused ports. Not running pop3? Set up a perl script on port 110 that logs activity occuring on it. As Lance Spitzner says in his whitepaper To Build A Honeypot, don't get too fancy, or you're setting yourself up for a DoS attack.

While I am not saying honeypots are inherently bad, I am saying some forthought can save you considerable work. Figure out what you want to do and whether a honeypot is your best solution.

99.9% of the people who consider putting honeypots on their networks should instead spend that time securing their vunlerable networks, checking for and applying the latest patches, and reading up on security trends and issues.

that said, honeypots are a really cool concept, nevertheless. but a network or security admin needs to focus on more fundamental security issues though. those NT network admins, for instance, should be deploying a second, or third, or fourth firewall on BSDi or Linux, instead of wasting time and compromising their security with a misconfigured NT honeypot. honeypots are best left for IT security research environments, or for people who have too much time to waste.

a notable exception is NAI's Cybercop Sting. Sting emulates Cisco IOS 11.2, Solaris 2.6, and WinNT 4, running common services. with Sting, you can pipe all of your legitimate traffic thrugh Sting, and utilize the excellent logging capabilities of Sting for an added layer of security. additionally, Sting can be, should be, and often is utilized to monitor employees (i.e. internal hacking/cracking attempts). since most of the security incidents will be from internal sources, honeypots are an excellent way to monitor for suspicious LAN activity.

there was an excellent discussion recently of the honeypot concept, with a wide range of opinions and views from all sectors of the Net population, on the Security Focus Incidents mailing list. the thread was entitled "Cracked; rootkit - entrapment question?", and was back in late February and early March.

for those who have more interest in honeypots, check out the following:

To Build a Honeypot - article by Lanace Spitzner

CyberCop Sting - product by NAI

dtk - Fred Cohen's Deception Toolkit

NFR's BackOffice Friendly - product by Marcus Ranum and L0pht

and finally, a cool new product that i saw at RSA2000
ManTrap - product by Recourse Technologies that is based on Solaris 7

Speaking of Mother Theresa, hsa anyone really examined the critics of her? I was brought up being told continuiosly that she was a saint despite religious differences. Latter I found some critcism in less trust worthy places that I can't quite discount because it adds up.

The canonical volume in this field is the surprisingly well-received The Missionary Position: Mother Teresa in Theory and Practice , by Christopher Hitchens. Highly recommended.