Slashback: Highness, Hominess, Hole-ines

Slashback tonight with updates on SSH vulnerabilities, the Queen's web server, the European answer to GPS (in danger, it seems) and your ever-thinner rights to use software for anything you don't have specific permission for.

Sometimes being British means self-flagellation. Ferox writes: "The November Web Site Survey from Netcraft reveals something interesting: 'Two years ago the Queen of England became an unlikely icon for the Linux revolution when her webmaster replaced Solaris as the platform for the Royal Family's site, citing the better price/performance of the Dell/Linux platform over the previous incumbent, Sun/Solaris. The open source community celebrated and speculated on when the Apache web server might receive the "By Royal Appointment" moniker. This week the site has changed platforms again, this time to Microsoft-IIS.'"

Keep your hands and passwords inside the car at all times. Niels Provos passed along word of his ongoing research into network security, with some slightly depressing news about the state of Internet security.

Even though the CRC32 bug has been found over a year ago, over 30% of all servers are still vulnerable today. Graph at http://www.citi.umich.edu/u/provos/ssh/crc32.png.

In February 2001, Razor Bindview released their "Remote vulnerability in SSH daemon crc32 compensation attack detector" advisory, which outlined a gaping hole in deployed SSH servers that can lead to a remote attacker gaining privileged access.

In November 2001, Dave Dittrich published a detailed analysis of the "CRC32 compensation attack detector exploit." This exploit is currently widely in use. CERT released Incident Note IN-2001-12.

At the Center for Information Technology Integration, Niels Provos and Peter Honeyman have been scanning the University of Michigan for vulnerable SSH server software to identify and update vulnerable SSH servers. However, scans of the Internet show that system and security administrators must react and update their SSH servers. At this writing, over 30% of all SSH servers appear to have the CRC32 bug.

A simple solution is to remove support for Version One of the SSH protocol. The majority of servers on the Internet support the SSH v2 protocol. To test whether your network has vulnerable SSH servers, you might use the ScanSSH tool.

References: "ScanSSH - Scanning the Internet for SSH Servers", Niels Provos and Peter Honeyman, 16th USENIX Systems Administration Conference (LISA). San Diego, CA, December 2001. This information is also available at http://www.citi.umich.edu/u/provos/ssh/

Don't play with your food, or your games. janolder writes "In the matter of the Civilization III translation project (articles on slashdot, apolyton and heise), the fans have gotten the short end of the stick. The project web site (translation.civ3.de) has been down for a while. Earlier this week, both the web site operator and Kai Fiebach, the project leader, signed Infogrames' cease and desists out of fear of further legal action. The legal position (not to mention the moral postion) of the fans did not appear to be too weak - EULA's are not binding in Germany and supplying patches to a program is certainly not the same as translating a book and distributing the translated manuscript.

Infogrames Germany has issued another press release (translation and my comments) justifying their legal action and position. It makes for an interesting peek into the mindset of a game publisher.

The good news is that Infogrames is considering a more timely release of Civilzation III in Germany.

The bad news is that the cease and desists apparently forbid any modification of Civ3 in any way, shape or form. So no more custom maps for your friends, custom rules or any such copyright infringing activity, please! Is it just me, or has the world suddenly become a less interesting place?"

Not as if Americans always know where we are, either. ByTor-2112 writes "Hate to be the bearer of bad news so soon after a story is posted, but as I commented on the previous story, it appears that galileo has some funding issues. Honestly, did anyone really expect the EU to go through with it? It took them long enough to agree on a common currency!"

Slashdotted already?

[lhand]

Or is the royal web site down? Hmm. Maybe they should have stuck with Linux.

Re:Slashdotted already?

[cosyne]

I like this. I think there should be a link at the top of the /. homepage to "the latest well recognized website that just switched to MS IIS and should have known better." Then everybody will go try to look at the site, it gets slashdotted, the admin sees the errors of their ways, and hopefully switches back before the server has time to catch the worm-of-the-week.

Re:Slashdotted already?

[RogrWilco]

Not to be a M$ advocate, but /. has /.'ed Linux servers as well. Hell even /. has been /.'ed. What I'd like to see is a "Hacked by Chinese... F&cK PoizonBox" on the main page. That's more of a testament.

Re:Slashdotted already?

[SClitheroe]

Or perhaps they were smart enough to block incoming ping requests..Honestly, I'm suprised most web sites allow themselves to be pinged at all...

Re:Slashdotted already?

[Kymermosst]

I don't know about you, but it bothers the crap outta me that I can't ping a web server. It's really damn nice to know if a connection has problems on my end, their end, or somewhere in the middle. Ping is the first choice for troubleshooting... within keystrokes, one can find out: A. Whether packets are traveling at all, B. How fast, and C. How many get lost.

Yes, I realize that one can ping -f -s 65528 hostname and do some simple DoS attacks and such, but I'd argue that MOST pings out there are harmless attempts to check communication.

Furthermore, DoS attacks can be directed at a web server anyway, whether they allow pings or not.

Maybe a solution would be to go ahead and respond to small pings, but ones using a large packet size could be dropped at the router...

Re:Slashdotted already?

Well guys... on to number10.gov.uk next.

Re:Slashdotted already?

[instinctdesign]

Whew, they love their beveled edges on the other side of the pond.

Re:Slashdotted already?

Yeah... you can just tell those are edited by the internal team, there are some other nice British Govt sites though. Parliament has exceeded itself with modernity.

Re:Slashdotted already?

The Foreign & Commonwealth Office seems to have with strained themselves.

Re:Slashdotted already?

That box is vulnerable! I dare ya to send codered over there.

Re:Slashdotted already?

[instinctdesign]

Why do I think "drugs" when I look at this?

Re:Slashdotted already?

[jonathonc]

With all those millions of pounds in taxes stolen from hard working Brits and nothing to spend her money on, I guess it was burning a hole in her pocket. The thought process was something like this...

"I know, I'll spend some of my enormous sums of money on inferior web server software with crap uptime and security holes the size of Fergie's butt". Man, I'm so proud of her.

Re:Slashdotted already?

[haruharaharu]

Yes, I realize that one can ping -f -s 65528 hostname and do some simple DoS attacks and such

And this can be handled by rate-limiting icmp at the ISP. The only challenge is convincing their SAs that it's a good idea.

Re:Slashdotted already?

[Henry_Doors]

If you think that is bad try the 'Ministry of Culture' - just make sure you put your shades on first!

Re:Slashdotted already?

[OSgod]

Or perhaps it (IIS) just worked better?

Microsoft PR?

[sterno]

What do you want to bet that a Microsoft Rep walked in and said, "here's free software and hardware if you switch to IIS".

Re:Microsoft PR?

Imagine a Free Software company being able to do that...

They can barely keep food on the table for themselves, how the hell will they manage to give away expensive machines?

Re:Microsoft PR?

[dirtyhippie]

How much you wanna bet the Royal Family doesn't give 2 shits how much it costs to run their website. Actually, the netblock changed, my guess is they changed webhosts.

Re:Microsoft PR?

Not really... there has been a gradual Microsoftation of the British government and associated insitutions in recent months, they used to run a lot of Solaris and Linux kit internally. But it seems MS came along and a lot of sites are put into outside contractors care, hence the stupidity, it seems letting the civil service IT deptartments to do the job wasn't wasting enough tax money, since HM Tresury is overflowing because they don't want to spend it on something useful like Health.

Re:Microsoft PR?

[corr]

I'm sorry but this has to be said.

What a stupid fucking sig.

I mean, WHAT THE FUCK???

Re:Microsoft PR?

[Henry_Doors]

Correct

The CCTA, a govt agency and the previous host ( they hosted all the .gov.uk sites) - is stopping hosting websites in Jan 2002 so lots of UK govt site are currently looking for new webhosts.

I am sure The Royal Family don't pay for the website out of there own pocket let alone care how much it costs!

Re:Microsoft PR?

[arbofnot]

How much you wanna bet the Royal Family doesn't give 2 shits how much it costs to run their website. Actually, the netblock changed, my guess is they changed webhosts.

To them, the difference between a low-end vhost and dedicated hosting on a 64-way Sun box would be they have to settle for the 2nd-best caviar -- about 3000 years from now.

IIS Uptime Record???

[slugfro]

Hey, the data about the Royal Page says that the Windows 2000 server has been up 5.56 days since the last reboot.
Is that a World Record for IIS?

Re:IIS Uptime Record???

Is that a World Record for IIS?

No.

Re:IIS Uptime Record???

[theantix]

My intranet server (NT4/MSSQL/IIS) has an uptime of 63 days (since a power outage). Before that, I had a running uptime of 121 days. My WinXP laptop has not crashed for over two weeks now, and I'm running a #%@#load (cursing of your choice) of software including Oracle8i, MSSQL7, Cygnus, IIS, VS.NET, VS6, Mozilla, Office2K, and Embedded VC++. A well configured system using any modern Microsoft OS (not of the Win9X line) is quite stable. And, they don't have to be rebooted for every little upgrade.

Yes, they have had problems in the past, and I curse every time I have to deal with Win95/98/ME. But please stop knocking the product just because of it's predecessors.

Re:IIS Uptime Record???

Yeah, knock it because of its memory leaks....

Re:IIS Uptime Record???

Is that a World Record for IIS?

Yes.

Re:IIS Uptime Record???

can you say... flaimbait?

Re:IIS Uptime Record???

Yes.

No.

Re:IIS Uptime Record???

[Lussarn]

Yes, win2k earned the reputation of being stable 2 month before it was released. Thats pretty fast.

Re:IIS Uptime Record???

No.

Yes.

Re:IIS Uptime Record???

5 days is still better than the near limitless supply of successive Lunix kernels released on day 1 with showstopper bugs found on day 2.

Re:IIS Uptime Record???

[madenosine]

How exactly does the parent post get modded up as "funny?" It was one of the dullest replies to the article. They obviously just switched "this week." Not only that, but they are apparently in the process of switching. Not only that, but as another post mentioned, Windows 2000 based systems are usually very stable if configured correctly. Is /. simply going to the dogs?

Re:IIS Uptime Record???

[theantix]

"flamebait" Yup, I can say it. I even tried saying it out loud, and it still works. Whew!

Re:IIS Uptime Record???

[slugfro]

Maybe it got modded as "funny" because it was simply a joke written with the intention of making the typical anti-Microsoft /. reader get a quick laugh. Of course it is obvious that the server was just switched since if clearly states that in the article. And I am running Windows 2000 right now! Remember: it was just a joke!

Re:IIS Uptime Record???

Yes.

No.

Re:IIS Uptime Record???

[madenosine]

Gee...maybe if you read my post, you would see that I thought it was a dull comment. There is no question that it was a "joke" but my point was that it was very dull and should not have been modded up. I do not mind jokes against Microsoft at all, as long as they are not dull. Apparently, however, dull anti-microsoft jokes come first.

Re:IIS Uptime Record???

[czardonic]

Ever heard of NT4?

Re:IIS Uptime Record???

[czardonic]

Don't feed the karma whore!

Re:IIS Uptime Record???

[npietraniec]

Blah... Windows 2000 based systems are usually very stable

Not mine... With 128MB of 266MHz DDR RAM and a 1.13 GHz Athlon, the thing freezes all the time.

Maybe I have something configured incorrectly :)

Just my personal experience.

Re:IIS Uptime Record???

Maybe.

Yes.

No.

Re:IIS Uptime Record???

[Norshire]

5 days is still better than the near limitless supply of successive Lunix kernels released on day 1 with showstopper bugs found on day 2.

And fixed on days 3, 4, 5, and 6 -- as opposed to MONTHS 5, 7, 10, and 14.

Re:IIS Uptime Record???

Perhaps you should find out what is going wrong? Ever heard of "debugging?" Also, he said "usually." And yes, you probably did configure something wrong. Moron.

Re:IIS Uptime Record???

Actually, almost all bugs WERE fixes that went wrong. Is there something wrong with extensive testing so that (very serious) bugs do not appear? Moron.

Re:IIS Uptime Record???

[Cally]

*sigh*. Please don't moderate trolls as anything other that troll, -1.

FWIW I've had 139 days uptime on NT4SP6a running several servers (ssh, web, mail) as well as std workstation and dev stuff - cygwin, emacs, etc etc. No Outlook, no IE and no IIS. Result, happiness - well, as happy as it's possible to be whilst still sullying one's mind fingers with Microsoft stuff. It's the freedom thing that's important, anyway, not the quality of the code.

Re:IIS Uptime Record???

Maybe

No.

Re:IIS Uptime Record???

[Norshire]

Actually, almost all bugs WERE fixes that went wrong. Is there something wrong with extensive testing so that (very serious) bugs do not appear? Moron.

I have some questions for the faceless one.
1. How involved are you with the Linux development community?
2. Of which bugs do you speak - the ones in Windows NT or in the Linux kernel?
3. What development history do you draw from to reach your conclusion?
4. Why am I a moron for pointing out the strength of the development model for the Linux kernel?
5. Do you really believe Microsoft uses extensive testing for any of its products? If so, how do you explain the plethora of bugs that remain in their products?

Re:IIS Uptime Record???

[jrockway]

What's the IP of this server? I'll bet it's still vulnerable to CRC32.

Re:IIS Uptime Record???

[q-soe]

Ye
One of my nt4 file servers here provides file and login for 200 staff and has an uptime of 267 days solid

Uptime discussions are invalid when comparing file app and print servers, availability is how we measure this and that means an uptime is bull - you have to reboot servers of ANY ilk for hotfixes and general maintenance.

Re:IIS Uptime Record???

[SectoidRandom]

I remember about 2 years ago i went to visit one of my clients to check a server problem. Anyway this particular clone NT4 server with i might add pretty shitty hardware (all ide, gigabyte M/b eerrgh!) had an uptime of 400 (and something) days! I was quite impressed, of course since the problem was a failed h/d i had to shut it down then. :(

My 2c.

Re:IIS Uptime Record???

[SectoidRandom]

Sorry to say you have definatly mis-configured something, or your hardware is flakey.

I'd recommend check your drivers, most common cause on Athlon's is lack of recenct VIA4in1 drivers (if its a via chipset).

My athlon runs problem free for weeks, at least except when im home, since i dont quite like the 30something degree's celcius it warms my room upto! :)

Re:IIS Uptime Record???

1. I read the development mailing list, because I roll my own distro. I have also written several kernel modules (mainly for IR devices). I have also written a device driver in DDK (same IR device), and try to keep up with what is going on in the windows kernel.
2. Figure it out, moron (google)
3. Figure it out, moron (google)
4. You did not point out "the strength of the development model in the Linux kernel" at all.
5. Microsoft's newest kernels are hardly buggy at all. Perhaps you are thinking of the user applications

Lastly, I am not going to get into a flameware with someone who asks questions without making any sort of point. No, I do not know everything about the Unix or Windows kernel, and I have not written any myself, but your first post was wrong in many cases. If you really want to find out why you were wrong, do some simple searches on google, do not waste the time of other people.

Re:IIS Uptime Record???

Forgot to add this to my other post, but keep in mind that we are talking about SERIOUS kernel bugs, not minor kernel bugs, as the parent post seems to suggest

Re:IIS Uptime Record???

[jonathonc]

But please stop knocking the product just because of it's predecessors.

Oh, okay then. We Linux/*Nix users will suppress our opinions and thoughts, just for you. Happy now?

Re:IIS Uptime Record???

Maybe

No.

goatse.cx

Re:IIS Uptime Record???

goatse.cx

yes Yes YES!!

Re:IIS Uptime Record???

[jcoy42]

I worked at a good sized ISP in denver which ran it's signup server on NT4 SP3 using IIS. At one point it had an uptime of just under a year and a half- the only reason it went down at all (as far as I know) was we had to move our datacenter to another building.

Nothing quite like having to move a few hundred servers to break your uptime records.

Re:IIS Uptime Record???

>> you have to reboot servers of ANY ilk for hotfixes and general maintenance.

Erm, sure. ANY ilk.

Am I the only one who's had security updates cron'd on debian potato, and not rebooted the server since it was installed?

Re:IIS Uptime Record???

Nope, you fail. He said to say "flaimbait", not "flamebait".

Re:IIS Uptime Record???

One of my nt4 file servers here provides file and login for 200 staff and has an uptime of 267 days solid

You mean to tell me you haven't installed any hotfixes in 267 days??

Uptime discussions are invalid when comparing file app and print servers, availability is how we measure this and that means an uptime is bull - you have to reboot servers of ANY ilk for hotfixes and general maintenance.

That's complete BS. Only on Windows do you have to reboot when you update applications.

Re:IIS Uptime Record???

[jth1234567]

Have you ran the windows 2000 registry fix, which prevents the AGP-related memory corruption with AMD processors? The fix can be found from the following links :

http://www.amd.com/us-en/assets/content_type/utili ties/largePageMinimum.reg

http://support.microsoft.com/default.aspx?scid=kb; EN-US;Q270715

Re:IIS Uptime Record???

[lastninja]

If their Admin had been smarter he would have bought more memory while it was cheep. Then maybe its uptime would have been 8 days.

Re:IIS Uptime Record???

correct me if I'm wrong, but doesn't NT4's uptime clock rollover after 40 days, so how do you know it was up so long? How do you know it didn't do a watchdog reboot in the middle of the night?

Re:IIS Uptime Record???

[carlos_benj]

Nothing quite like having to move a few hundred servers to break your uptime records.

What? You couldn't put them on a cart with their UPS and rush them to the new spot while still running? That many boxes could really skew the "my OS is better than your OS" data...

Re:IIS Uptime Record???

And fixed on days 3, 4, 5, and 6 -- as opposed to MONTHS 5, 7, 10, and 14.


You're full of shit. If we compare the Linux kernel with the NT/2K/XP kernel, Linux comes out looking like the piece of shit it is. For someone like me who doesnt run promiscuous internet software like OE or IE, Windows has proven to be the most secure OS out there and Bugtraq will be happy to verify that for the fact that it is.

On the other hand, you lunatix have different counting rules when it comes to the infinite supply of buggy userland software that comes free with every distribution.

Re:IIS Uptime Record???

[CoolVibe]

I'll probably be modded down for a viewpoint like this, but let me break it to you uptime bigots out there:

Uptime isn't worth jack shit. It's downtime that counts. The less downtime, the better. Ever used FreeBSD? You need to keep FreeBSD up to date with cvs or cvsup. And then you make world and a new kernel, and then you reboot. Big friggin deal. I reboot my FreeBSD boxen probably once every 2 weeks during the maintenace window after a cvsup and make world/kernel session I did the night before. Suffice to say, my FreeBSD boxen never let me down. It takes about 2 minutes every 2 weeks. It pays to have an updated kernel and world on a production box (because bugs get fixed).

So uptime doesn't tell you sh*t. Uptime junkies are a pathetic breed. Also, the longer your boxes are up, the more chance you have being r00ted because some long forgotten update hasn't been applied. I personally like to firewall away boxen that have been up > 100 days.

Re:IIS Uptime Record???

[carlos_benj]

...let me break it to you uptime bigots out there:

Perhaps you should have replied to one then. However, I will take some exception to your assertion that uptime is useless. Try to convince someone with an unstable box that uptime isn't important. I know, you'd swing that around to downtime being the real issue (and you'd be correct), but most OS's have a difficult time measuring their own downtime.

Are they complainin' that it's down or that it ain't up?

Re:IIS Uptime Record???

[CoolVibe]

> Are they complainin' that it's down or that it ain't up?

That is the real issue. As long as nobody (read: the people on your network) don't notice, then you have nothing to worry about.

Re:IIS Uptime Record???

[CoolVibe]

Agh, that should read: "As long as nobody notices"

So english isn't my native language.. Oh well...

Re:IIS Uptime Record???

[carlos_benj]

I just "figgerd" you was keyin' off my use of the word "ain't".

English is my native tounge, and it pains me to see it butchered - especially when I'm holding the cleaver.

Re:IIS Uptime Record???

[carlos_benj]

Eeep! I didn't even see "tounge" (what the heck is that anyway?). I enjoy making a point as much as the next guy, I just hate it when I do it inadvertently.

Re:IIS Uptime Record???

[Cally]

Nope, I checked (w/ M. Zalwevski: cygwin's OpenSSH output is somewhat confusing.) I have 'protocol 2' in sshd_config anyway so that's covered.

Re:IIS Uptime Record???

[npietraniec]

Not a big deal... I only boot into Windows when absolutely necessary. It has been on there a while and there's a ton of junk installed. Linux runs rock solid, so it can't be hardware, unless it's funky drivers. :-/

Re:IIS Uptime Record???

[npietraniec]

When I see posts like these, I can't help but wonder if it's Bill Gates out there trolling for Windows.

I'm not going to waste time debugging my Windows install when I only use it once in a great while. I use it when it's only absolutely necessary... Like when I can't get my windows-only engineering apps running under wine.

Thanks for the advice though, it really helped.

Alert!

[ShinGouki]

"Alert

The operation timed out when attempting to contact www.royal.gov.uk."

*snicker*

Civ III and all

[H310iSe]

Civ III was profoundly boring - well, that is, profoundly un-inspiring, I liked CivII and played it forever and was hoping CivIII would be new and neat and I'd get to take over the world again but it's just CivII w/ some improvements (one of which is to make the game much, much harder but just harder is not really that interesting). Between the insipidness of the game and the foolishness of Interplay Germany CivIII & Interplay are now on my shit list alongside notables like Office 2000 vba, Hewlett Packard, and IIS FTP services.

Re:Civ III and all

[matt.att]

Agreed. Civ III is pretty lame given the wait for it. Vote with your wallet against a dull game and Infogames's stupidity and just don't buy it, and advise your friends not to as well. It's even got copy protection that means it won't run under VMware, so I had to boot to Windoze to play it :-(

Copyright

[Have+Blue]

I disagree with the argument that translating and distribution Civ 3 is not the same as translating and distributing Harry Potter. A better analogy would be the translation and distribution of only the first chapter of Harry Potter: It would not be the complete work and it may stimulate sales, but it's still a copyright violation (hence the "in whole or in part" bit in licenses).

Re:Copyright

[terpia]

I disagree with the argument that translating and distribution Civ 3 is not the same as translating and distributing Harry Potter. A better analogy would be the translation and distribution of only the first chapter of Harry Potter:

Thats seems to me to be closer to distributing a demo of some sort. And definately a copyright violation.

I think an even better analogy would be distributing free glare-reducing transparencies to lay over the pages and reduce eye strain and a free bookmark to help enjoy your purchase. If patches are being distributed that require the game already be installed, there should be no problem (IMHO). But the entire game with reworked languages should not be distibuted, as that would imply that every user already PAID for the game and thats just not reasonable.

Re:Copyright

[Tosta+Dojen]

Except that this seems to be providing a patch, not the entirety of the translated work. In which case, only those who have purchased the full version will have the translation. Without the original work, the patch is just a useless file.

So, an even better analogy would be a reading translator that would read the Harry Potter book to you in German. Copyright violation? No. Fair use? Definitely.

Re:Copyright

[rfm]

I certainly haven't read German copyright law cases like I have US, but it sure seems to me that translations have always been covered by the right to control creation of "derivative works" granted by copyright. So the only way that the translation could be legal without permission would for it to be fair use; it seems to be in trouble on the "unrelated to other copying" test, since the translator teams obviously intended that the translation be widely distributed, and it does seem to affect the copyright holder's ability to make money on their work -- presumably Infogrames pays Firaxis money for the right to translate the game; if a free translation were distributed Infogrames would have no reason to pay Firaxis that money.

Whether suppressing "fan" works is good marketing or not is arguable, but it doesn't seem that Infogrames/Firaxis is going beyond traditional copyright (as we knew it in, say, 1970) here.

Re:Copyright

[morcheeba]

No, I don't think that's a good analogy. A chapter is a specific section of a book; it is just as usable as if one were to have the book and read only that chapter. Your analogy would be like releasing a fully-playble version of Doom, but limited to the first level only. (which is pretty close to what happened, but not the point...)

A better analogy would be to offer a list of new character names and objects and where in the book these names should be inserted. The purpose, of course, would be to localize the book: the book could be cajunized-- Jonny Pottieu would be chompin' on crawfish at a charivari, instead of whatever harry potter ate...

There is no copyright violation... you are replacing the text from the original program, and not distributing any byte that was in the original. The user must own the original to apply the patches to; otherwise the patches are useless.

Re:Copyright

[janolder]

I disagree with the argument that translating and distribution Civ 3 is not the same as translating and distributing Harry Potter.

Translating and distributing Civ3 is exactly what didn't happen. The translation team created new text lookup files and offered them as a patch for the US version of Civ3.

Had they instead offered a complete localized package for download, I'd have to agree with you. As it is, Infogrames have really ruined their reputation in this market.

Re:Copyright

[innocent_white_lamb]

I disagree.

The difference between Harry Potter and a computer game is simply that with Harry Potter, the text is the product. Period. Whether that text is read on a computer screen, off of a sheet of paper or off of microfilm, the text is the product that is being sold.

In the case of a computer game, the product is the game, which includes the text, the gameplay, the graphics, music, sound effects, what-have-you.

In the case of someone "ripping off" Harry Potter, the "ripped-off" product would be the complete text of the book, and that's what the publisher is trying to sell. In the case of Civ3, a patch to change the language to something else is nowhere near to being the entire product. In fact, it could be argued that the actual wording of the text is not really part of the game at all - for an example of this, does the fact that a football referee calls a game penalty in Spanish make the penalty any different than if he called it in English or used sign language? The language is not the game. Since it's the game that this outfit wants to sell (though they have a funny way of promoting it, I must say) a language patch is not a violation of "their property".

Which brings up an interesting point. If I am paying my money for "their property", then why can't I do what I want to with it? If I pay money for any other kind of property I'm allowed to do what I choose with the product that I've purchased. Computers are about the only industry where the business revolves around "You pay for my product but I still own it."

Re:Copyright

[AvatarADVathome]

Guys, translations are specifically mentioned as a form of derivative work in US copyright law; I'm not an expert on German law, so things may be different there.

Things get a bit dodgy when you consider that anybody can translate a work into their own language in order to understand it - however, the distribution of that translation is an infringement of copyright law.

Remember, creativity's not all in the code!

Re:Copyright

I'm sure the license says something to the effect of "You cannot modify this software or distribute modifications of this software."

Whoops, I forgot. All software licenses are to be ignored except for the GPL, where we must breakout the pitchforks and torches at the slightest hint of a violation...

Re:Copyright

[cpt+kangarooski]

If there's any accuracy to the story, in which they say EULAs aren't enforcable in Germany, then more or less yeah -- all software licenses period, are to be ignored.

It's not as though Jesus is endorsing these things. Hell, there are strong arguments against them _here_.

Re:Copyright

[Computer+suck!]

if I sold you a house, with the condition that you are NOT alowed to paint it blue, then you can't paint it blue. Even though it's not my house anymore.

Same goes with software, its just software nearly always comes with 'can't paint it blue, red, green...' strings.

Re:Copyright

you realize firaxis could make more money by including the independent translation project as part of the english version of the game? Hell if people are willing to translate a game for free why license it out to a translation company who will be skimming your profits?

Re:Copyright

[chriso11]

Errr - not quite. There used to be covenents and restrictions that wouldn't allow you to sell the house to someone who wasn't white, for example. Clauses of that nature cannot be enforced in the United States anymore ( who says there's no such thing as progress?)

You may be able to attach some clauses to a sale, but you will be responsible for enforcing it. And there is the very good chance that a judge will simply toss your case out. Of course, IANAL.

Now to bring this topic back to the original subject. Although a previous poster stated this quite well, it still seems to have some mentally challenged people tied up. So once again:
1) A book is not a computer game
2) You need to BUY the game to use the translation.

Re:Copyright

Uh, that's because the GPL is a FAIR license?! So many people on slashdot just looovve to draw parallels to things and either deliberately or ignorantly leave out details like that.

Here's an analogy that falls along the lines of your license argument:

Lets say there's a law that exists that states you will be fined $1000 for stating ANY opinion which disagrees with your government.

Now let's say there's a law which fairly penalizes murderers for their doings.

So by your logic, you can't complain about ONLY one of the laws. You have to like or hate both of them. Same goes for software licenses. I don't recall seeing an article on Slashdot that said ALL licenses were crap that should be ignored. Only the ludicrous ones.

But I guess you just couldn't comprehend that.

Re:Copyright

[morcheeba]

Actually, good point. It is a derivative work, I did get a bit carried away. But, from what I remember from playing Civ II, there weren't many sentences to translate -- mainly labels for things. I think that simple translations should be pretty easy to defend against (like making alternate light switch indicators labeled 'auf' and 'weg'), but I don't know how the courts see it. Especially the German courts, who have juristion here (and whoose laws are probably bound by some sort of international treaty).

And, of course, translating the manual is another thing--- I don't think that would be right; aclean-room style manual would be needed.

Re:Copyright

[MrResistor]

Translating and distributing the first chapter of Harry Potter would only be a copyright violation if you were selling it. Otherwise there's a pretty clear case for fair use.

However, software is treated differently. Bad analogy, but still a valid point if they're actually distributed a full translated copy of Civ3. If they're just distributing a patch, as some have said, than I'd say that puts infogrames on shaky ground unless France has a DMCA-type law that prevents reverse-engineering of any sort.

Lame.

[Renraku]

See? Valve and Sierra knew what they were releasing. They knew they could either make thousands of hard working, dedicated, skilled programmers, artists, geniuses into either heros or criminals. Back in the day, I actually just copied Half-Life from a friend. But when I started playing things like TFC and Counter-Strike (mods that could have been made illegal by Sierra/Valve if they wanted to), I ran out and bought a copy, because it was cool. I wish I would have pirated Civ 3 now, they're just being stupid about the whole mess. How could they make a profit from it other than by selling Civ3 in other countries at a much higher price than they're selling it here?

Re:Lame.

Luckily I haven't bought it yet. I was going to, but after this little debacle plus the standard of some of the communication I had with them [1], I'm not. I'll just pirate it if I feel like playing it. Maybe I'll buy another copy of Half-Life instead :) [2]

[1] I filled in the question box with a long, detailed bit of question and commentary and they emailed me back a faq "if your question is not answered, please email us again" WELL WHY BY THE HOLY SCROTUM OF JESUS CHRIST DID YOU WANT ME TO FILL A FORM IN THEN IF YOU WERE JUST GOING TO EMAIL ME A FAQ THAT WAS ALREADY ON THE WEBSITE!?!?! Talk about treating your customers like scum...

[2] Or maybe I'll donate what I would have spent on Civ3 to the EFF instead.

Re:Lame.

Um, TFC was developed by Valve, jackass.

Re:Lame.

the moment Value released the SDK the could NOT of made the mods illegal.

Hell, considering that the game came WITH a mod screen, Value would of looked VERY stuiped if they did.

Always wanted to Ping the Queen

[bstadil]

Alas IP 194.203.40.17 is not answering

Re:Always wanted to Ping the Queen

[suicidal]

I was thinking of finger-ing her myself.....

Securing OpenSSH

[krogoth]

Keeping up to date with the latest OpenSSH releases always helps, but if you want to put an end to those SSH1 attacks (which can affect OpenSSH 2 and above in some cases, and may do so again in the future), add this line to your sshd_config (in /etc or /usr/local/etc):

Protocol 2

This will deny all SSH1 connections and force everyone to use SSH2 to connect.

Re:Securing OpenSSH

[coyote-san]

Unfortunately, it also blocks all Debian users. At least it looks like somebody *finally* packaged ssh2 for woody (ironically, a few days after I last checked for the packages, from the time stamps). Even ssh3 is now listed.

Re:Securing OpenSSH

[krogoth]

To the best of my knowledge, there is no SSH 3 protocol (although I could be wrong). AFAIK, OpenSSH 3+ only supports protocol 1 and 2, so don't be mislead by the version. If you want to support less secure methods, that's your choice (note that OpenSSH is available in source tarballs).

Re:Securing OpenSSH

[Phork]

umm, there have been current openSSH packages in unstable for a long time.

Re:Securing OpenSSH

[gorgon]

Unfortunately, it also blocks all Debian users. At least it looks like somebody *finally* packaged ssh2 for woody

Uhm, you're kind of confused. The main ssh packages in Debian are:

• ssh - OpenSSH port of BSD's version of ssh that branched off the last free version of ssh put out by ssh's original developers. It has supported ssh protocol version 2 since roughly August of 2000, and versions supporting ssh2 made it into Debian soon there after. Currently version 3.01p is in Debian, and I think its pretty much equivalent to to the non-free ssh3.
• ssh-nonfree - non-free version of ssh from its original developers. It only supports ssh protocol version 1.
• ssh2 - Version of ssh supporting ssh protocol 2 from the makers of ssh-nonfree. License is more restrictive than ssh-nonfree's license.
• ssh3 - As far as i can tell its not packaged yet. Is the license more restrictive than ssh3? Regardless, there is no ssh protocol version 3.

Anyway, Debian has had ssh protocol version 2 support for a long time,.

Re:Securing OpenSSH

[ay2b]

While this may be good advice for some, I require the ability to connect from a windows machine to my linux box. The only windows SSH clients that I know of (TeraTerm/TTSSH & PuTTY) only support SSH 1. Can anyone recommend good, free (as in beer), SSH clients for windows that support the SSH 2 protocol?

Re:Securing OpenSSH

[jngadreau]

I have exactly the same problem. Mod this up !!!!

Re:Securing OpenSSH

[Mongr]

Don't state opinions as facts unless you have actually checked them. Otherwise you are helping spread FUD.

From the PuTTY FAQ:
A.1.1 Does PuTTY support SSH v2?

Yes. SSH v2 support has been available in PuTTY since version 0.50. However, currently the default SSH protocol is v1; to select SSH v2 if your server supports both, go to the SSH panel and change the Preferred SSH protocol version option.

Public key authentication (both RSA and DSA) in SSH v2 has been added since version 0.51.

Re:Securing OpenSSH

[Craig+Davison]

SSHWinClient at ftp://ftp.ssh.com/pub/ssh is free as in $0 for non-commercial use. It includes a good SSH terminal and the best SFTP/SCP client out there.

There's also OpenSSH for cygwin and a crappy piece of software called telneat which I used before I installed cygwin. Apparently new versions of telneat are commercial now anyway.

See http://ssh.gatordog.com/ for a bazillion others.

Re:Securing OpenSSH

[drsoran]

Or you can just use PuTTY which is distributed under the MIT license and includes the complete source code. $0 for non-commercial use and $0 for commercial use. $0 for a site license, and $0 for a developer license to integrate it into your product.

Re:Securing OpenSSH

[gordon_schumway]

Mindterm is an SSH client written in Java.

You can have a machine serve Mindterm via a Java applet and you don't have to carry an SSH client around with you to connect to that machine. Tres convienent. The source is available but the license is less than ideal -- free for non-commercial, not free otherwise.

quick way to check your openssh

[mwillis]

If you are worried about your machine being out of date, just do this:

% telnet 127.0.0.1 22
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
SSH-1.99-OpenSSH_2.9p2

if you see OpenSSH before version 2.3, you may be vulnerable (iff you have fallback to ssh1)

Re:quick way to check your openssh

[Skuld-Chan]

I hope your sshd is not configured to accept telenet connections too :)

Re:quick way to check your openssh

He's telnetting into port 22. That's the ssh protocol, not telnet.

Re:quick way to check your openssh

Uh-oh.

I'm guessing this applies to OpenBSD, which means my 2.7 box (openssh 2.1) could be vulnerable, and I'm far too lazy to upgrade that.

Re:quick way to check your openssh

[drsoran]

Definitely. Just go grab the openssh (non-portable version) from openssh.com and compile it. It's made for OpenBSD for christ sakes. It compiles very easily. :-)

Re:quick way to check your openssh

Ah crap!

SSH-1.99-OpenSSH_2.3.0 green@FreeBSD.org 20010321

I guess my webhost is vulnerable. I just switched to using ssh2 instead of the ssh1 I've been using for a year. Good thing my websites aren't that visible as hack targets.

Re:quick way to check your openssh

[Progman]

thing my websites aren't that visible as hack targets.

That's totally irrelevant. Targets are identified by scanning zillions of IP. Whether you're NASA or the Wallace and Grommit Fan Club Web Site doesn't make an ounce of different.

Re:quick way to check your openssh

[Skuld-Chan]

my mistake - and that comment is sooooo off-topic. No - it was on topic, just misunderstood.

Hacking Civ III is too easy anyway...

[cperciva]

Things were much more fun with the original Civilization. You had to search through and patch the executable file, instead of editing a text file. And the data format wasn't exactly documented either.

Ah, for the days of 0/99/32 settlers...

Queen's web server on IIS (assorted comments)

[Tsar]

Is it running on a tower server?
The enemy is [at the] Gates!
Is HRH trying to upstage Diana's famous crash?
I'd have thought QE version II wouldn't have this bug.
Wait until they cut her off after three Windows Product Activations.
Already /.ed? See, royal inbreeding does cause DNA problems.

And finally...
"Your highness, the people have no open source..."
"Well, let them run DRDOS!"

Re:Queen's web server on IIS (assorted comments)

as for 'and finally...'

wrong monarchy, country whatever.

that was france.

Re:Queen's web server on IIS (assorted comments)

wrong monarchy, country whatever.
that was france.

It was obvious, you dolt, that he was making a joke, and besides it was never really said anyway.

"Let them eat cake" (or "Qu'ils mangent de la brioche") was attributed to a "great princess" in the sixth book of Jean-Jacques Rousseau's Confessions, which he wrote in 1767-68. Marie-Antoinette (the name for which your addled brain was likely groping) did not arrive in France until 1770, and when famine later struck Paris she worked arduously to relieve the suffering of her subjects.

Later, illiterate goofs such as yourself connected her to the quote in Rousseau's posthumously-published work, and the rest, as they say, is fallacy.

Re:Queen's web server on IIS (assorted comments)

[Paul+the+Bold]

No, it wasn't even royalty. It was Rousseau, from Confessions. You can read more about it here.

Re:Queen's web server on IIS (assorted comments)

[Ed+Avis]

The server is dead! Long live the server!

seven steps to fixing ssh on your OS X box

[imac.usr]

where the config files are slightly different than on other unixes:

1. log in to Mac OS X as an admin user
2. navigate to the /Applications/Utilities folder and open Terminal
3. type sudo perl -i.bk -p -e 's/#Protocol 2,1/Protocol 2/g' /etc/sshd_config at the shell prompt and enter the admin user password when prompted
4. type sudo perl -i.bk -p -e 's/2,1/2/g' /etc/ssh_config
5. type grep SSH /etc/hostconfig to determine whether SSH is enabled on your machine
6. if the response is "YES", type sudo kill -HUP `cat /var/run/sshd.pid` to restart it
7. Quit the Terminal program

So instead..

[i_am_nitrogen]

In reply to this post's grandparent: it has an uptime of 5 days because that's when they installed the new box.

So instead of knocking the product because of its predecessors, you're suggesting we use a more valid reason?

How about security: every time Microsoft releases a bug fix, they introduce a new bug.

Not to mention "Behind the scenes" black magic: whenever my proxy sends an ident request to a Windows box, the box responds with a request for http://windowsupdate.microsoft.com/ident.cab -- filling up the server's /var overnight, before I could do something to fix the problem.
Let's not forget their plans for world domination. I must admit that the Linux community wants world domination too, but it would be an open domination, where anybody can change the source code (then patent it in some obscure country [or the US] and make a billion dollars).

But the world isn't all bad. All these stories about narrowing rights and such can be kind of depressing. I'd like to see Slashdot (and Slashdotters) post more of the non-depressing stuff. There's a lot of good out there too.

Re:So instead..

[czardonic]

How about security: every time Microsoft releases a bug fix, they introduce a new bug.

Bzzt. Try again. Got a non-knee-jerk-propganda example? No?

Re:So instead..

[jazman_777]

ut the world isn't all bad. All these stories about narrowing rights and such can be kind of depressing. I'd like to see Slashdot (and Slashdotters) post more of the non-depressing stuff. There's a lot of good out there too.

Hey, I'd like to be an optimist, but I don't I could do it.

Re:So instead..

Oh, I'm sorry...did you not live through NT4 SP2 or SP4 and it's almost immediate hotfixes to correct errors that caused drive and data corruption?

Slashback: Highness, Hominess, Hole-ines...

[Mockery]

...@Homelessness?

I know the joke's been made, but come on, it would have been so easy do add it to the title!

Re:Slashback: Highness, Hominess, Hole-ines...

[czardonic]

Indeed. Homelessness is very funny!

Re:Slashback: Highness, Hominess, Hole-ines...

not homeless just kicked out for a couple days

bring on the porn!!!

OK, so a double-double standard?

[The+Bungi]

Color me silly here and all, but most of the time the teeming masses are not criticizing Microsoft for releasing a buggy web server they're banging on the IIS SysAdmins for not patching their systems. And here we have 30% of all scanned SSH servers wide open due to a dumb bug that has been documented for ages and ages?

C'mon guys. Either clean up your act or stop being the first ones to throw the stone.

Re:OK, so a double-double standard?

[elem]

A fair point... but SHH doesn't seem to get BugTraq'ed every week... pity about IIS. Although I'm runing XP on my laptop and I've only had one crash in two months. I do admittidly reboot it every week or so when I'm playing around with stuff or I want some 'puter free peace. (oh and I run apache instead of IIS, IIS is evil...)

Re:OK, so a double-double standard?

[osu-neko]

Which message are you replying to, or are you just trolling?

I see no double standard here (if you do, again, please point out which message). I always complain about sysadmins who don't install the latest security patches, regardless of OS. If it appears I complain about IIS sysadmins more than Unix sysadmins, it's only because I get that opportunity more often...

apt-get update && apt-get upgrade regularly (assuming you have security.debian.org in your sources.list, of course -- naturally I'm assuming you use Debian... :)

Re:OK, so a double-double standard?

[marick]

Yeah, you're silly.

repeat after me:

Sysadmins have to patch their systems.
Sysadmins have to patch their systems.
Sysadmins have to patch their systems.
Sysadmins have to patch their systems.
Sysadmins have to patch their systems.
Sysadmins have to patch their systems.
Sysadmins have to patch their systems.
....

(Of course, Microsoft would rather we not know when this has to happen, where as Red Hat has been sending me advisories ever since I installed their distro.)

Re:OK, so a double-double standard?

[The+Bungi]

). I always complain about sysadmins who don't install the latest security patches, regardless of OS. If it appears I complain about IIS sysadmins more than Unix sysadmins, it's only because I get that opportunity more often...

No, I'm not trolling. And no, you obviously did not get the point I was trying to make. And I wasn't thinking about you specifically, so calm down or you're going to pop a coronary. Or something.

Re:OK, so a double-double standard?

[czardonic]

Are you new to this site, or are you just. . .[never mind]

If you are an objective critic when it comes to web-server software, kudos to you. You are one of a very few in a forum crawling with OSS propagandists and knee-jerk M$ bashers.

Re:OK, so a double-double standard?

Enjoy: http://www.microsoft.com//technet/security/bulleti n/notify.asp

Re:OK, so a double-double standard?

Golly gee whiz! Can we do that again? Please?

So these e-mails I get from Microsoft about every single solitary patch they release for every single product my W2K servers use must be coming from Red Hat as well. Thanks for clearing that up. Maybe the ones I get from Debian are really from Microsoft!

Re:OK, so a double-double standard?

[osu-neko]

I got your point just fine, you seem to have missed mine. If you want to complain about some people's posts, reply to their posts at that time. Since you weren't doing that, just complaing in general, I would have to say I don't believe you when you say "no, I'm not trolling". Wait until someone actually does something to complain about before complaining, and then you won't be a troll...

Re:OK, so a double-double standard?

[jmu1]

30%, while a lot, is still am minority. I'd like to see some numbers on unpatched IIS servers. As for casting the first stone... my servers stay patched, I'll say what I goddamned well want to.

Re:OK, so a double-double standard?

[osu-neko]

You are one of a very few in a forum crawling with OSS propagandists and knee-jerk M$ bashers.

I don't care for these any more than you, but I care even less for people who constantly complain about it even when it isn't happening. The fact of the matter is, the number of messages complaining about this are actually greater than the number of messages doing it. Thus, the people complaining are in fact far more annoying most of the time...

Re:OK, so a double-double standard?

[The+Bungi]

You're kidding, yes? Did you read the article at all?

Re:OK, so a double-double standard?

30%, while a lot, is still am minority.

I guess you gotta take 'em any way you can, eh. Does it hurt less that way?

Re:OK, so a double-double standard?

[czardonic]

I don't care for these any more than you, but I care even less for people who constantly complain about it even when it isn't happening. The fact of the matter is, the number of messages complaining about this are actually greater than the number of messages doing it.

In this thread, maybe, but in general, I strongly disagree. No more kudos for you, Hello Kitty.

Re:OK, so a double-double standard?

What?? An insightful post with a Christian allusion?? Somebody pinch me, I don't think I'm on slashdot anymore.

Re:OK, so a double-double standard?

[rhdwdg]

It would have helped if the advisories had said that ssh1 had an exploitable bug instead of saying that there was a purely theoretical way in which sessions might become transparent. Sometimes you don't go messing with your only means of getting into a given box when you don't think you have a reason. Six months later CERT mentioned ssh1 exploits picking up, but by then a person can lose track of which version is safe.

Yea, I got hit and lost some serious time and money. It was undoubtedly my fault. But it's not entirely black and white. Not all that far off, but not entirely.

Re:OK, so a double-double standard?

Unless they use debian. Then they don't have to mess around with all that "patch" nonsense.

Just type "apt-get update && apt-get upgrade."

Statistically UI is the most important security consideration there is. Other systems are far too hard.

Take for example Windows update. Some people try to compare it to Debian but this is completely bogus on a close examination.

1) You have to look on web pages to find vulnerabilities. This implies openning a browser. Typing in a URL. Researching. etc...

2) When you go to windows update it has a big list of stuff but it's not clear to me what things are important and what things I don't have installed. This means more research.

3) I don't think you can update all your programs at once. You have to select the upgrades individually. I could be wrong about this.

4) Windows update does not provide any solution for independent vendors so those programs need to researched seperately.

5) Windows update has no undo function so that you can go back to using previous versions if the new one breaks your system.

The problem is that appologists for these crappy systems don't seem to realise the harm they are doing. They think that, "It's just one small extra step so it doesn't matter." When, in reality, they have taken a one step process and made it a two step process. They have doubled the difficulty...

Don't expect people to upgrade their system if it's such a friggin pain in the arse...

Re:OK, so a double-double standard?

[Some+Dumbass...]

C'mon guys. Either clean up your act or stop being the first ones to throw the stone.

Of course, many of us are in the position of being "knowledgeable users". We know that our sysadmin is making a mistake like this, but for whatever reason we can't do anything about it. On one hand, this is very irritating. On the other hand, it lets us complain with impunity :)

"If I was the sysadmin this problem would have been fixed years ago..."

from netcraft:

[Weh]

The site www.whitehouse.gov is running unknown on Linux.

I like it...

Re:from netcraft:

The site www.whitehouse.gov is running unknown on Linux.

I like it...


yeah, so is www.whitehouse.com

i like that too...

Re:from netcraft:

[Cowculator]

And Netcraft also says that www.whitehouse.com is running Apache on BSD.

Not that any of whitehouse.com's visitors care or anything...

Re:from netcraft:

[AlreadyStarted]

Hmm.. Seems www.whitehouse.gov is also running SSH-1.5-1.2.27 Go figure.

Re:from netcraft:

[hoggoth]

> Hmm.. Seems www.whitehouse.gov is also running SSH-1.5-1.2.27 Go figure

Not anymore it isn't. I just 0wn3d it and upgraded to the latest OpenSSH for them.

Oh, look, here's the FBI at my door. Here to thank me, no doubt!

Re:from netcraft:

[istartedi]

That's interesting, especially when you consider that the Bush campaign ran IIS. Of course they probably just inherited the contract for the Whitehouse server from the previous admin. It's hosted by Akamai, so it's possible that the administration didn't make any decision about the OS at all.

As for the Queen, well... she traded in her fancy Sparc hardware for x86 boxes and got tired of Linux. So, if you are in that situation and you want something that's nothing like Linux, what do you choose? Windows.

That in itself is interesting--if people dump Sparc hardware for Linux x86 boxes and then sour on the OS, what will they do? Install Windows.

So, once again, commercial *NIX vendors are the biggest losers to Linux, not MS.

SSH 2

[Jaeger]

Maybe someone can explain this to me, because it doesn't make any sense. Whenever I try to make a ssh2 connection and the server can't reverse-dns my host, it refuses to authenticate me, regardless of whether I supply the correct keys or passwords. My (minimal) survey seems to indicate that this is construed as a "feature". what's up?

Re:SSH 2

[krogoth]

There's probably an option for that, check the manpages and manual.

But I have to slow down now and not be informative more than once every two minutes...

Re:SSH 2

[osu-neko]

A lot of people are under the mistaken impression that this is a useful security check. In fact, it means jack-diddly-squat, as (a) DNS is not a security protocol, so a positive result on this test means nothing, and (b) half the ISP's in the world can't get reverse-DNS set up correctly, so a negative result also means nothing.

If you have known incoming IP's, I believe adding them to /etc/hosts fixes the problem. Complaing to your ISP may help, but if your ISP's DNS admin has a clue, he'll probably point out that this is a really stupid test to be performed to begin with so he doesn't consider it a high priority to fix things on his end so it'll work, but he may get around to it eventually...

royal.gov.uk

[t_allardyce]

The Royal Website has been slashdotted.. long live royal.gov.uk!

You people will pay for this - Infecting a government website with a virus (windows) and then nuking it (slashdot effect). Don't think just because your bigger than us we can't kick your ass - remember, our soldiers can _aim_

Re:royal.gov.uk

[Legion303]

Don't think just because your bigger than us we can't kick your ass - remember, our soldiers can _aim_

And ours can use the Queen's English properly. :P

-Legion

Re:royal.gov.uk

[osu-neko]

Our soldiers don't need to aim, we've got tech! :)

Re:royal.gov.uk

[t_allardyce]

half of which we invented

Re:royal.gov.uk

[osu-neko]

Invented inschmented... what matters is who can pay to put the most toys in the most soldiers hands...

$$$: It's the American Way. :)

Re:royal.gov.uk

[t_allardyce]

what tech? oh yeah, your soldiers all carry gameboys..

Our soldiers could kick your soldiers asss' anyday with bear hands (except in that war between america and england.. um we were out numbered).

Re:royal.gov.uk

[nosferatu1001]

Now that WOULD be a fight - 200 SAS against 5000 US marines....5:1 against the SAS, any takers? ;-)

Re:royal.gov.uk

[t_allardyce]

200 highly trained SAS against 5000 inbred-redneck-yanks who keep shooting each other accidentally. "Gee billy-bob, you shot jimbo! where are them limeys? oh shit AHHHHHHHH.

Sometimes Java Integer makes sense to me...

[imrdkl]

Tight code is great, but:

- static u_int16_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
+ static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE;

Seems a bit zealous.

Uh, ZERO steps to fixing your OSX box

[ehintz]

Only OpenSSH versions prior to 2.3.0 are vulnerable. OS X 10.1 uses 2.9p2; IIRC no version of OS X which included OpenSSH was EVER vulnerable to begin with. So, you can of course turn off ssh 1 if you desire, but you need not do so because of this exploit.

Civ III is about as productive as...

...shooting heroin.

I can't believe how much time I've wasted on that damn game.... It never ends. Never again.

I want a two hour version.

Civ 2 and Civ 3

[proxima]

I don't think the cease and desist order prevents innocent modification of components that Firaxis intended for people to make and distribute. I don't have Civ III (yet), but Civ II was purposely designed so that it could be easily modified by fans. It also included a map editor - I can't imagine that Civ III is any different, but perhaps an owner of the game would like to comment.

Things like rulesets were laid out in simple configuration text files, so that patches could be applied to change the nature and look of the game - right down to individual units and map squares. Civ: CTP 2 (a game I own) also has easily moddable rulesets (the game is so buggy you simply MUST install Apolyton's patch).

Beating down on fans and modding is stupid , the most successful games are those that have been modded (Halflife, StarCraft). Until I see firm evidence of something other than this translation case, I still want Civ III and will enjoy playing it.

Honestly, wait and see Galileo

Yes, it took a while, big changes are always difficult but in some 25 days the Euro will be in our pockets, making the "oh! no!, it will never happen" into something, that in fact, happened.
It will not be anywhere that difficult for Galileo to be approved, an independent positioning system is a strategic technology that is needed and that will be built. Wait and see for yourself.

BBC Say "Bush to Bomb VALinux"

[bfree]

Those communist swine have gone too far attacking her Royal Highness

George W. Bush

We cannot tolerate this kind of mass terrorism. The threat of global "E-terrorism" must be eradicated before it takes hold

Tony Blair

Re:BBC Say "Bush to Bomb VALinux"

[osu-neko]

Why can't American dig up a politician at least half as good as Tony Blair? Any chance we can persuade him to move across the Atlantic and run for President?

Okay, so it would take a constitutional amendment, BFHD. It'd be worth it to get a decent President for once. In my lifetime, each one has been a few notches worse than the last... and I was born during the Nixon administration!

Re:BBC Say "Bush to Bomb VALinux"

"Why can't American dig up a politician at least half as good as Tony Blair? Any chance we can persuade him to move across the Atlantic and run for President?"

Err... you already did, his name was Bill Clinton, Blair's Third Way politics are a direct reflection of Clinton. I think you could really do with Maggie at times like this.

I know you certainly have to be a US Citizen to run for president... but don't you also have to be born in the US?

Btw, Blair isn't meant to be presidential in the slightest, that's not the job of a Prime Minister, the latter has to go before Parliament to be grilled on a regular basis, something which Blair hasn't been too keen on.

Currency.....

[BLAG-blast]

I feel like I've found Taco posting alias....

Honestly, did anyone
really expect the EU to go through with it? It took them long enough
to agree on a common currency!

and North America (Canada, Mexico & USA) has
how many currencies.....

Re:Currency.....

huh?

Re:Currency.....

[Geekboy(Wizard)]

3

and we don't claim to be using the same currancy.

Re:Currency.....

Actually only two. Any mexican would be happy to accept an American Dollar.

Re:Currency.....

[jmu1]

NAFTA aside, I don't believe that any NorthAmerican country has made any claims as to having a unified curreny with it's neighbors... the EU has.

Re:Currency.....

[Computer+suck!]

i hate to stick up for the Amircans, but they are not trying to become one super state.

Re:Currency.....

[BlueGecko]

Bad comparison; a better one would be to point out that the U.S. only has one currency. Way back when, the United States of America was united not by the Constitution, but by the Articles of Confederation, which was actually similar in many respects to the EU, things were quite different. In the single-house Congress, each state got one vote, unanimous consent was required to pass a law, and each state could (and did) coin its own currency, raise its own armies, and so on. As the Europeans have figured out, this doesn't work too well, so when the Articles of Confederation was replaced with the Constitution of the United States of America, the states gave up a number of rights, including the ability to coin their own currencies. So if you want to compare the EU's situation to something, compare it to the American states forming their own union and adopting a common currency, as opposed to North America now.

(As a side note, I don't think the Euro is such a wise idea for Europe. The states had the benefit of having far less economic unbalance at the time it decided to unify their currencies than Europe does right now, which is why countries such as England and Denmark that already have stable currencies and strong economies are loathe to join. This ends up leaving the Euro as the currency of those countries with weaker economies, and then the odd exception of Germany, which is making quick strides to join the crowd via stagflation.)

Re:Currency.....

[Kymermosst]

That's because the Euro was Helmut Kohl's brainchild attempt to take over Europe.

With Germany controlling the strength of the money...

But that's all conspiracy theory anyway.

Re:Currency.....

[osu-neko]

As a side note, I don't think the Euro is such a wise idea for Europe. The states had the benefit of having far less economic unbalance at the time it decided to unify their currencies than Europe does right now, ...

I suspect this problem will fade with time. There's going to be short-term difficulties, but in the long term it'll be a good idea for Europe. The problem was, it should have been done a long time ago. The longer Europe waits to do it, the larger those different economies are going to be when it happens, and thus the more painful a transition it'll likely be. But of course IANAE (I Am Not An Economist). I wouldn't bother to inject my opinion, not being an expert, except I don't believe economists are experts either, they rank somewhere below meteorologists and astrologers IMNSHO... :)

Re:Currency.....

[Guppy06]

To be anal, there are a few more countries in North America than the three largest, even if you ignore the Caribbean.

At any rate, NAFTA is free trade area, as the name suggests. It is not an uber-government. At best it's a confederation looser even than the UN. Neither of the three members are all that interested in losing national sovereignty by trying to make NAFTA more than it is. Hell, all the member nations are made up of semi-autonomous states/provinces as it is.

See, these are the kinds of friendly, mutual relations you can have with each other when you're able to go for over a century without warring with your neighbors. :)

Re:Currency.....

Neither of the three members are all that interested in losing national sovereignty by trying to make NAFTA more than it is.

<BR>
Really? So why can a canadian corporation reverse californian environmental law?
http://www.corpwatch.org/issues/wto/featured/200 1/ gpalast.html

Re:Currency.....

[Afrosheen]

Germany was hurt by the Euro. They had to introduce inflation to meet the Euro standard which put them in the red. Prior to this they were in the black, i.e. a gold-standard type situation where they had real assets backing their money.

Don't even mention the USA and it's banking situation. I think maybe America has a vault full of golden midgets or something equally valuable but it's nowhere near a gold standard. Our currency is nearly baseless anymore.

Re:Currency.....

[WeaselGod]

I should point out that the U.S. dollar is excepted in more contries then any other currency.

Re:Currency.....

[Bill_Mische]

The trouble with this argument is the issue of nationhood. When several of the States (on a dodgy issue it must be said) tried to leave the US war broke out. Prior to your Civil War the USA was referred to in the plural, afterwards in the singular. As far as I remember General Lee fought for the South not from conviction, but because he considered himself a Virginian rather than an American.

In Britain the situation is even more complex - as a multi-nation state the current trend is to the independence of (or at least devolution of power to) the nations that make it up.

Britain's general apathy regarding Europe in general and the euro in particular makes more sense if you consider we're an island - it's feasible for someone in Masstrict (spelt wrong I know) to shop in 4 different countries - all within an hour or so's reach - for us it's a major expedition costing several hundred pounds. A common currency makes more sense if you can use it on regular basis.

Hole-ines. Like Saltines, without the salt.

[simetra]

But with holes.
Yum.

BSD In-Joke ?

I download the tgz and I build it and I scan around some web pages but I can't find a decent example of how to compile it and make it do something informative.

Takes me a while to find out that I need to do is (1) run nsslookup to get a real, live IP address and then (2) run "/usr/local/bin/scanssh 207.F00.bar", and then (after much mucking about)

I get nice cryptic output "SSH-1.5-1.2.21" ...
so does the host need an upgrade or NOT ?
and where do I find said upgrade ?

no wonder people go for Micro$oft. they ain't so snotty. they BS you around the block, but they have hyperlinks and installers, and I don't hafta be a damned rocket scientist.

p.s. This IS NOT A TROLL, been runnin' Linux and Java for years now.

Re:BSD In-Joke ?

[Zero+Sum]

I download the tgz and I build it and I scan around some web pages but I can't find a decent example of how to compile it and make it do something informative.

Hmm... Pity you didn't just check the README. It gave explicit instructions on how to build the executable. I worked first time on my system and I don't even run Linux.

Takes me a while to find out that I need to do is (1) run nsslookup to get a real, live IP address and then (2) run "/usr/local/bin/scanssh 207.F00.bar", and then (after much mucking about

Hmm... What was wrong with "scanssh -h" to find out how to use it? You do understand what a Domain Name and an Internet Address are?

I get nice cryptic output "SSH-1.5-1.2.21" ... so does the host need an upgrade or NOT ? and where do I find said upgrade ?

Okay. You didn't read the README. You didn't read the help, and now you didn't read the Advisory - or you would know the answer to your first two questions, and to answer the third, well, you don't even say what system you use.

no wonder people go for Micro$oft. they ain't so snotty. they BS you around the block, but they have hyperlinks and installers, and I don't hafta be a damned rocket scientist.

You know, before you drive a car, you have to learn how. MS specialise in 'automatic transmissions'. Trouble is, it doesn't extend to an 'automatic steering wheel' or an 'automatic throttle control'. So, you still have to learn how to drive. People go for MS to avoid having to learn to drive. It doesn't work.

p.s. This IS NOT A TROLL, been runnin' Linux and Java for years now.

A troll is atroll, is a troll. How have you been running Linux and Java without learning to drive?

Re:BSD In-Joke ?

Hi,
Original poster here.

The README for scanssh-1.6b.tar.gz
is only 826 bytes and don't say much.
Which README were _you_ referring to ?

I grabbed this:
51064 scanssh-1.6b.tar.gz
$ wc README
31 119 826 README

It's late at night (I'm in Europe), I'd rilly like
to make it go before beddie-bye, but as I said in
my original post, the stuff I downloaded is way
cryptic. Luckily some posters filled in the gaps.

Re:BSD In-Joke ?

[Zero+Sum]

The README for scanssh-1.6b.tar.gz is only 826 bytes and don't say much. Which README were _you_ referring to ?

That's the one. The one that says run ./configure and then make.

It's late at night (I'm in Europe), I'd rilly like to make it go before beddie-bye, but as I said in my original post, the stuff I downloaded is way cryptic. Luckily some posters filled in the gaps.

Well, it is early afternoon in Australia, and the liquid lunch may have much to do with my acerbicity, but I have trouble seeing why you have had any trouble at all. All the information is presented. Whoa to go too about five minutes including compile time. The following worked for me :-

gunzip scanssh-1.6b.tar.gz; tar xvf scanssh-1.6b.tar ; cd scanssh ; ./configure ; make ; ./scanssh 127.0.0.1

Since your reports a low version number an update is called for OR put the line "protocl 2" or in sshd_config

Good Luck...

Re:BSD In-Joke ?

[Zero+Sum]

Since your reports a low version number an update is called for OR put the line "protocl 2" or in sshd_config

Should be:-

Since your reports a low version number an update is called for OR put the line "protocol 2" or "UseLogin no" in sshd_config.

Re:BSD In-Joke ?

Thanks a lot, Geoff, you fucking sanctimonious git. Thanks for being such a shining example of why Lee-nucks will never catch on with the desktop set.

You see, some poor soul, who confesses some Lee-nucks knowledge, though admittedly maybe overstating his experience, asks a simple question. Some stupid tosser pipes in with "DIDN'T YOU READ THE README||MAN PAGE||SOURCE CODE??? ANY FUCKING IDIOT CAN FIGURE IT OUT! WHY ARE YOU WASTING MY TIME WITH THIS IDIOTIC QUESTION??"

And then our poor newbie/pseudo-newbie wonders why he didn't just buy the Dell with Windows XP installed. Happens in IRC channels like #linux-help every day. Maybe if you went out and got laid rather than recompiling kernels all day, you'd get some stress out and be more inclined to help rather than shoving somebody's face in shit just because you know more Lee-nucks than them.

Cheers, asshole!

Re:BSD In-Joke ?

[Zero+Sum]

Thanks a lot, Geoff [mailto], you fucking sanctimonious git. Thanks for being such a shining example of why Lee-nucks will never catch on with the desktop set. You posted my adress with mailto: link as an anonymous coward and you call me a sanctimonious git?

FWIW, I don't use Linux and never, ever have. In fact I still call it L-i-nux.

The person claimed NOT to be a newbie (and so should have a good idea where to look for help).

The instructions came with the package.

As you can see from other posts, some meaningful dialog has emerged (not this obviously).

The only person you have put down has been yourself.

Re:BSD In-Joke ?

[nosferatu1001]

This case was a case of RTFM

You know, read the instructions, try to do it THEN ask for help?

Civ III walking down the path to oblivion

The bad news is that the cease and desists apparently forbid any modification of Civ3 in any way, shape or form. So no more custom maps for your friends, custom rules or any such copyright infringing activity, please! Is it just me, or has the world suddenly become a less interesting place?"

They've just deep-sixed another game. MMPORGs can take that hit and survive, because learning a map that all must play on gives the learner an edge. But to stay viable, a developing strategy game like CIV III depends on the ability to create your own what-if scenarios and trade them with friends. You see, in time one friend gets a little too good and the rest get sick of playing him. So they play solo until they run out of scenarios and then they move on to the next game. At first it makes business sense because IG can be there to sell the next game grown from your existing code base. But it stinks for players, because they have to wait for it and endure all sorts of hype. However, then games like Freeciv come along filling that void and not costing a dime. So the unspent dimes are spent on games from other genres. Suddenly the IG marketshare has dropped (hey, they can't make every top game in every genre) and the top brass is wondering what went wrong.

The Queen's server...

[nordicfrost]

Actually, they have changed ISP. Check out the netblock owner section of the Netcraft survey, the change in operation system happens at the same time as the change in ISP backbone.

Re:The Queen's server...

[nordicfrost]

...Sorry to comment on my own post, but on other sites like www.ukonline.gov.uk, they have moved back to Solaris (Currently Solaris 8) from Red Hat. Not a good sign.

Re:The Queen's server...

Outside contractors were given the contract.

Adequacy?

What's with Adequacy?

Huh?

The reason royal.gov.uk has switched server...

[Jon+Chatow]

... is that the site is no longer an internal government one (i.e., one handled by the CCTA), but has been contracted out to the combined developers (such is said in the FAQ in the site, wherever that is), and is now hosted on the UK branch of PIPEX, sorry, UUNET. This can be seen on this ppage. All CCTA sites are still hosted on *NIX systems, as you can see.

Netcraft weirdness

[Grond]

Well, as much as www.royal.gov.uk may have turned to Win2k and IIS, www.parliament.uk is runnning...Microsoft-IIS/4.0 on Solaris???
Even more bizarre is that site's history:
Solaris
Microsoft-IIS/4.0
13-Sep-2001
194.60.38.75
Houses of Parliament

NT4/Windows 98
Microsoft-IIS/4.0
2-Apr-2001
194.60.38.75
Houses of Parliament

Solaris
Microsoft-IIS/4.0
4-Jan-2001
194.60.38.75
Houses of Parliament

BSD/OS
Microsoft-IIS/4.0
2-Nov-2000
194.60.38.75
Houses of Parliament

So, not only does Parliament seem to like changing their minds (sometimes radically) every few months, they also like using impossible combinations of OS and server. Hmm....maybe it's symbolic of something...(just kidding!)

Re:Netcraft weirdness

[Vince]

The servers are running on Windows machines behind some sort of proxy, load balancer, redirector, whatever. Thus, a query of the IP stack gives one OS, but the server is from another OS.

Re:Netcraft weirdness

[larien]

Probably not so much a load balancer as a server that checks which server in the farm hasn't crashed yet :)

BTW, this nugget is in the Netcraft FAQ

The White House

Apparently whitehouse.gov runs on Linux.

http://uptime.netcraft.com/up/graph?mode_u=on&mo de _w=on&site=www.whitehouse.gov

Re:The White House

[Guy+Harris]

Apparently whitehouse.gov runs on Linux.

As does one of Slashdot readers' favorite sites.

Royal Family's web site

[Legion303]

Neither the move to linux nor the move to IIS should be news. People continue to use what works best for them, as they have for the past 40,000 years or so.

Move along, nothing to see here.

-Legion

Re:Royal Family's web site

That has got to be the most boring, redundant comment made today - and this is slashdot, so that's saying something. WTF is wrong with you people? If you don't have something worth saying - don't say anything!

Chicks will *not* be impressed with the fact that you made some half-witted sneer and scored some worthless points against some other sad little nerd.

SSH Vulnerability Overview

[rbeattie]

Okay - so I had slacked and wasn't sure if I was up to date with my patches. I read the Razor link above and if you're lazy like I am here's the meat (and this isn't fscking redundant, there's like 30 links above):

** Vulnerable:

SSH 1.2.24 - 1.2.31 (ssh.com) -- all versions to date of release of this advisory

F-SECURE SSH 1.3.x -- all recent releases

OpenSSH prior to 2.3.0 (unless SSH protocol 1 support is disabled)

OSSH 1.5.7 (by Bjoern Groenvall) and other ssh1/OpenSSH derived daemons

** Not vulnerable:

SSH2 (ssh.com): all 2.x releases NOTE: SSH2 installations with SSH1 fallback support are vulnerable

OpenSSH 2.3.0 (problem fixed)

SSH 1.2.32 (ssh.com, released 10/22/2001)

SSH1 releases prior to 1.2.24 (vulnerable to crc attacks)

Cisco SSH (own implementation)

LSH (SSH protocol 1 not supported)

** Other SSH daemons: not tested

To test your server, do this:

$ ssh -v -l `perl -e '{print "A"x88000}'` localhost

if you get a seg fault like below, you need to upgrade:

Program received signal SIGSEGV, Segmentation fault.
0x806cfbd in detect_attack ( ..., len=88016, IV=0x0) at deattack.c:138
136 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;

Now, happily for me, I didn't have this problem. This is good since I'm logging in remotely to my box in California from Spain, VIA SSH!! I'm an idiot as I've also shut off Telnet and if it DID segfault, I would've been completely screwed.

-Russ

Re:SSH Vulnerability Overview

[osu-neko]

Now, happily for me, I didn't have this problem. This is good since I'm logging in remotely to my box in California from Spain, VIA SSH!! I'm an idiot as I've also shut off Telnet and if it DID segfault, I woud've been completely screwed.

I don't think so... doesn't sshd fork to handle each connection? You'd have crashed the process listening for new connections, but it wouldn't have affected your current connection.

If this isn't true, then I'm baffled as to how I've been accomplishing SSH upgrades on all my servers, few of which have keyboards, video cards, or telnetd running. I down and restart sshd all the time remotely over ssh...

Re:SSH Vulnerability Overview

[psychosystem]

When I upgraded all my ssh servers to fix this last month (after being attacked... argghhh!) I start a new ssh process listening on another port, then connect to that port and restart ssh2 on port 22 from there... then kill my current ssh connection, login back on port 22, and kill the other sshd that i ran on the other port. Probably a roundabout way of doing it, but I locked myself out of a box once accidentally, and it was a PITA to get back in...

Trust in US GPS

Being British I'd much rather rely on the US GPS system than a European one, you know where you stand and can trust the former yet a EU system could get restricted every time the French go off in a tif, which has happened numerous times. This is one bargaining (read: blackmail) chip we can do without.

As for the Royal web server, I'm mythed, I always thought of the Queen has a neo-marxist with a tendency for anarchy, yet MS is more like a omnipotent unelected and overpowering heritable system of which you have no choice ;)

Can I be the first pedant?

[KNicolson]

...to point out there's no such person as the Queen of England? You wouldn't describe George W Bush as "The President of Texas" would you?

Re:Can I be the first pedant?

Technically she is actually the Queen of England like Elizabeth I was, but she is actually the sovereign of the United Kingdom of Great Britain and Northern Ireland and the Commonwealth, 'of English' is a lesser title of the former.

Re:Can I be the first pedant?

[osu-neko]

Are you sure? I recognize that she rules more than just England (Scotland and Wales come to mind), but I thought she still held the title Queen of England, as well as quite probably numerous others (anyone got a full list somewhere)?

If President Bush happened to concurrently be Govenor of Texas (not sure if that's possible, but if it was), it would be proper to refer to him by either title.

[Any actual Brits know the actual facts here?]

Defensive posture

[Cally]

Another good tip with the ssh holes, and as a general priniciple, is to restrict IPs that are allowed to connect to port 22 (or wherever you run sshd) at the firewall.

Are you that stupid?

[Dast]

He called you a troll because your original post made the "Slashdot is one person" logical fallacy. If one slashdoter states an opinion and another slashdoter states a conflicting opinion, there is no double standard. Only if the same slashdoter expresses conflicting opinions is there a double standard.

Repeat after me: slashdot is not one person. Slashdot is not one person. They don't have to all agree and be logically consistant.

If you want to point out logical problems in posters' philosophies, you need to do so by linking to a post where they say one thing and linking to a post where they say the oposite. And this is best done in reply to one of their messages, not as a parent post to a story.

If you don't understand this, you are stupid, or you are a troll.

Re:Are you that stupid?

[Sunir]

You forget one thing: editorial bias. The articles that get posted and the posts that get moderated up describe the average Slashdotter quite well. It doesn't take a genius to notice the Bill Gates icon made up like the Borg as indicating editorial bias, nor does it take a genius to notice the one-sidedness in the "Windows vs. Linux" (non-)issue.

But it's pretty pointless to complain about it. The people who pump Linux/BSD/whatever up so mightily over Windows are beyond hopeless, and Slashdot is their mothership.

Re:Are you that stupid?

[The+Bungi]

Repeat after me: slashdot is not one person. Slashdot is not one person. They don't have to all agree and be logically consistant.
You seem to have this whole double personality thing pat down. Kudos unlimited to you. Damn, and here I was thinking this site was entirely something else. Wow.

If you want to point out logical problems in posters' philosophies, you need to do so by linking to a post where they say one thing and linking to a post where they say the oposite. And this is best done in reply to one of their messages, not as a parent post to a story.
How's this Mr. Rationalization? Does that work for you?

If you don't understand this, you are stupid, or you are a troll
Let me put this as delicately as possible - Fuck You.

Re:Are you that stupid?

[Dast]

Okay, you've finally proved yourself to be simply a troll. Your post doesn't even have any content or a point to it.

If you think your asinine little link proves the double standard of the editors, think again. I make no claim as to their not having one, but you fail to prove it. Firstly, there is ... more ... than ... one ... editor. Secondly, quote them, if you want to prove it. That is, quote the parts they actually write (which is the part not in italics).

Let me put this as delicately as possible - I hope the ass reaming from the fiery clue stick of goodness--studded for your pleasure--was enjoyable. Now go home, kid.

Civ III mods

[Prien715]

Now timothy, i know you're challenged, but could you please read this before making any comments about mods for civ 3?

From the website:
"One of the enduring strengths of the Civilization franchise has been its ability to be customized by the fans...The editors in Civilization III are only the beginning. Based on feedback from the mod and scenario community we will make additional improvements and incorporate new features. The editors are just tools, ones that the fan community needs to make meaningful by creating new scenarios with.. As those in the 'trenches' of creating new content run into limitations, we'll work on eradicating those barriers. Firaxis is very interested in Civilization III having an active mod community, but need to know where our efforts are best spent. Together we can make Civilization III a potent platform for not only exploring factual history, but also your creativity and interests."

I've used the map editor in civ3 and it's quite good. IMHO your view of them wanting us just to play the game as is and not be creative is too simplistic.

Re:Civ III mods

[Gogl]

I'd like to pipe up with a seconding of what you said essentially. I think that bit at the end about how people can't make custom maps or rulesets any more is either blatant exaggeration or just simply confusion and misinformation.

Seriously now, the game *comes* with an editor that is quite flexible. The one thing that bothers me is you can't tie down people to their starting locations (i.e. with say the world map, you might play the American civ and end up in the Japanese starting place). But it allows for completely new maps and changes to all the units and and even more sweeping gameplay changes if I recall correctly.

I'm willing to bet this means if you go out and do stuff that actually requires messing with the main executable, you'll likely get a lawsuit knocking at your door. Making a map will not trigger that same reaction.

Rant

[3ryon]

I am really sick of people on /. and elsewhere bashing MS admins for not patching their systems. There is a very good reason why I didn't patch my IIS servers until Code Red came out, and the same reason why I am always slow to roll out MS patches. BTW, I am a MCSE, and a damned good admin.

When I did start rolling out the patch for Code Red I lost two production servers because the patch was incompatible with older Compaq RAID controller drivers. Microsoft eventually made a note of this on the patch download page, but it was too late for me. If I had been able to wait even longer I would have known about it.

So, still to this day, I do not roll out Microsoft patches as soon as they are available. Not because I am not a good admin, but because I have a healty distrust of Microsoft patches. Please stop blaming the MCSE's, we are not all idiots.

Re:Rant

[ZxCv]

True, true, you're not all idiots. I've certainly known my share of stupid ass MCSE's that were exact pictures of what gave MCSE such a bad name, but I've also known a couple really smart ones.

I suppose its like women and shopping. Sure, you're right in saying that they're not ALL shopaholics, but because so many are, the two are often synonymous.

Soldiers?

[Afrosheen]

What are soldiers? We just bomb the bejeezus out of anyone until they give up.

Re:Soldiers?

[t_allardyce]

Hmmm this interesting story says you bombed your _own_ soldiers ROFL!! with a 50 year old plane!! ROFL oh my god i can't breath! HA HA HA HA HA HA HA HA HA HA HA HA HA oh oh oh god jesus yeah. i can't stand up :(

http://news.bbc.co.uk/hi/english/world/south_asi a/ newsid_1693000/1693451.stm

TV License? WTF?

[clovis]

I had no idea that you could apply online for your TV License in Great Britain. Or had to have one. Do you have to have one to watch your neighbor's TV through the window?

Re:TV License? WTF?

[nosferatu1001]

Nope...

We have a TV licence so we get the great TV service of BBC1,2 [terrestrial] as well as some pretty good raqdio stations

alll for £100 a year. and no advertising!

Re:TV License? WTF?

and the license also funds the BBC's online content, including news.bbc.co.uk
So half of /.'s technology news content is supplied by the British taxpayer.

Re:TV License? WTF?

And we thank you!
If the money involved is a prob, we'll take it off the tab for WWII, ok?

OpenSSH under Cygwin

[Col.+Klink+(retired)]

The latest Cygwin includes openSSH 3.0.1 and supports Protocol 2 (you can even run sshd on a Windows box and ssh into it).

Re:OpenSSH under Cygwin

[Ed+Avis]

Trouble is that as the Cygwin FAQ points out, Cygwin is not secure in a multi-user environment. So if someone is sitting at the machine locally they could exploit the Cygwin DLL to take over your ssh session.

The insecurity of Cygwin doesn't stop it being a very useful tool for single user Windows boxes, but it is kinda silly to use it to compile what's meant to be a security-enhancing program like ssh.

Debian Backports Security Fixes

[John+Hasler]

"To test whether your network has vulnerable SSH servers, you might use the ScanSSH tool."

Which apparently just checks the version number and will therefor falsely identify Debian stable machines as vulnerable despite their being up to date on security patches.

Re:Debian Backports Security Fixes

[Skidmarq]

I'm glad someone pointed this out. Also, the relevant Debain Security Advisory is here.

Re:Debian Backports Security Fixes

[Skidmarq]

...and here

Re:Debian Backports Security Fixes

Also anyone who was really worried when the attack
was announced probably patched the source (1 line)
and recompiled. This will still say ssh-1.2.27.
That's what I did...

Re:Debian Backports Security Fixes

[Anonymous+DWord]

I'd rather get a false vulnerable warning than a false not-vulnerable warning though. Besides, you know whether you've patched it or not.

Good analogy, but...

[fm6]

a reading translator that would read the Harry Potter book to you in German. Copyright violation? No. Fair use? Definitely.

A very good analogy. If we push it a little further, we see what's wrong your your other assertions.

Suppose Voldemort Publications sells you an PDF of Black Magic for Beginners on CD. The text is copyrighted, but that's not enough for VP. So they make you accept a license agreement that specifies that you can only read the book directly off the CD and you may not manipulate the text in any way.

You pop the CD in your computer and discover that the text is in Ancient Etruscan. When you call up to complain, they explain that the English translation is licensed to Massively Manipulative Monopolies. No they don't know when it will come out.

No problem. You go to the Hogwarts web site and download a translation spell. But as soon as you begin to incant Logos Anglicia! a VP legal troll appears in a puff of yellow-green smoke. He accuses you of violating the no-manipulation clause in your license agreement. You try to tell him that such a clause is unenforceable, but he just shrugs and says, "We think it will stand up in court. You're welcome to consult your own lawyer, of course."

"This is ridiculous!" you say. "I acquired the book legitimately, and I have a right to read it."

"Well, we have a right to maximize our return on our investment. That's why MMM is handling the English version -- they're much better at marketing to muggles than we are. Now cut it out. This agreement is enforcable in the Court of Giant Warts!"

Re: Civ3 modifications

This wouldn't have been an issue with free software (modifying software is one of the fundamental freedoms all software users should have!). Stop spending your time and with proprietary software and spend that time with free software. Even if you're legally on the right side you'll get hassled by people who don't share the ethics of free software (corporation lawyers and government agencies that areunfortunatelyrapidly adopting a US view of copyrights, trademarks and patents).

The Royal Family would like to thank Microsoft

[CaptainCarrot]

I'm not an acutal Brit, but I play one at the Renaissance Faire...

...she still held the title Queen of England, as well as quite probably numerous others (anyone got a full list somewhere)?

Indeed she does still hold that title. I used to know her full grand gitre but it's slipped out of my mind for some reason. The natural place to look it up is on the Royal Family's website, but, oddly enough since they moved to IIS (another fine Microsoft product) it's down right now. Funny, I never can remember it going down before...

(I think it highly unlikely that it's slashdotted. Government servers designed for worldwide access are generally well able to handle this kind of load.)

OK, so I found it at the alt.talk.royalty FAQ. In the UK, she's called "United Kingdom: Elizabeth the Second, by the Grace of God of the United Kingdom of Great Britain and Northern Ireland and Her other Realms and Territories Queen, Head of the Commonwealth, Defender of the Faith". In her other realms and territories, she's styled slightly differently. The full list is rather lengthy, so check the FAQ to see it. Although "Queen of England" isn't found in there, it's certainly not incorrect to call her that.

Re:The Royal Family would like to thank Microsoft

[Salsaman]

And of course, from Carl Orf's 'Carmina Burana':

Were diu werlt alle min (Were all the world mine)

Were all the world mine
from the sea to the Rhine,
I would starve myself of it
so that the queen of England
might lie in my arms.

Though obviously he was referring to a different Queen than our present monarch...!!

It's rather simple...

[Brendan+Byrd]

You get an advisory for something, anything... then you check versions and patch the software. It really don't matter what the advisory says. After all, they aren't going to send out an advisory for something trivial. If it's on a security mailing list, it's a potential hack or DoA, or at the very least, a user escalation.

Especially for SSH. If -ANYTHING- for ssh comes up, just shut yo mouth and upgrade the damn software :)

Maybe you can aim...

[Grog6]

...But all our people have guns.
The average American both has, and knows how to use weapons, not just in Quake!
Our average guys here in the south can shoot off a fly's nads at fifty yards.
Didn't you ever watch Jethro and Jed Clampett?

Re:Maybe you can aim...

[t_allardyce]

Yes, all your teenagers are allowed guns... I'm just thinking of another country where all the teenagers carry guns OH YEAH its Afganistan!

Bad hardware dude

[itwerx]

I hate MS as much as the next guy, but in supporting several hundred business clients I have to work with their products all day every day.
In short, if Win2K is locking daily then yes, something is misconfigured (try setting your CMOS to safe defaults) or actually broken (bad RAM or mbd) or you have a virus.
Sorry!

translation of Civilization

[vscjoe]

I think their position is that people are creating and distributing a German translation of English content that is copyrighted by them. That seems like a valid point to me, and it is probably enforceable under copyright law.

You may still be able to make other modifications to their software and distribute the patches, whether they like it or not.

Of course, instead of contributing to a commercial game without getting compensated for your work, why not just contribute to FreeCiv or similar games? Civilization itself seems mostly like a clone of older games anyway.

Lameness filter encountered while trying to reply

8 * "Sysadmins have to patch their systems."

How the HECK did you get past the compression filter?

answering everyone at once....

[coyote-san]

Answering everyone at once, when I do "apt-get update; apt-get upgrade" I still get (open)ssh 1.2.3.

Installing "unstable" is *not* an option at many (most?) sites. You install an unstable package on a live server, you die. Or at least you lose all root access on the live servers. The problem isn't any single unstable package, it's their tendency to pull in other unstable packages. This can get out of control real fast.

Even installing from pool is problematic, but usually acceptable since you're compiling it locally and can avoid creeping dependencies... but some Debian tools require Perl 5.5 which breaks stable systems. If you're willing to devote a system to unstable, you might be able to create an installable package... but this is not something Joe User is going to be able to do.

So I stand by my point. If you require SSH protocol 2 (supported by OpenSSH 2.x and 3.x), you will knock out most Debian users until either Woody is released or somebody takes a honking big clue-stick at the appropriate Debian maintainers and openssh 2.x is released as a Potato security bug-fix.

Re:answering everyone at once....

[Progman]

yadda yadda yadda ... use the source, Luke. This is so lame. Wonderful, the world of distros and apt-foo has created a generation of incompetent admins who only know how to install packages. Sheesh. Download OpenSSH, sh configure, make, make install and you're done. Relying on vendor packages is fine. Relying exclusively on vendor packages is lazy and dangerous.

Re:answering everyone at once....

[gorgon]

Well, you should say what you mean then. You said:

Unfortunately, it also blocks all Debian users.

When you really meant that it blocks all Debian potato users who haven't manually updated ssh. This is quite different from what you said.

Re:answering everyone at once....

Yeah, that's great and all. Really. The problem, as I see it is not OpenSSH itself, but the newest libraries that it needs. The second you do this upgrade, you need to upgrade those libraries, and here is where the conflicts start. Say, someday down the road, that you need to update libraries related to openssl, but since you had to manually compile and stuff that sucker where it don't belong, about 80 other packages' dependancies are b0rked. Debian is fameous for this, and truth be told it's a real bugger. Apt-* work great when you use them, and them alone, but screw with it, and you have problems.

This is why I really like the ports system used by so many BSD systems. If there's a vunerability, it's probably been updated in ports. CVS updrade your ports collection, and make install. Kill the daemons, and call the script that initializes them. Done.

Re:answering everyone at once....

[Tupper]

Its version 1.2.3, but its been patched by debian. This hole has been fixed in stable since feb 11 on security.debian.org
(deb http://security.debian.org/ potato/updates main contrib non-free)
and since april 17 in unpatched potato >= 2.2r3
(deb ftp://non-us.debian.org/debian-non-US potato non-US/main)

potato is getting quite long in the tooth, but the security patches are timely.

So, in other words

The dude mails Infogrames. The mail goes unread. The dude starts localizing the Civ3 files. The dude gets a shit-o-gram. The dude complies. Then another bunch of dudes come up and take the localization work underground under pseudonymes and they can't be tracked. Who lost here?

lizards

It's true! It's true! The royal family are all shape-changing lizard people! David Icke was right all along!

www.reptilianagenda.com

Royal.gov.uk is back

[blibbleblobble]

Royal.gov.uk is back

And it's displaying M$'s default page...
Snapshot

Quick! Someone Hack The Royal Website!

[erroneus]

Clearly, Microsoft marketting saw this move to Linux as a major threat just as they did with the city of Largo in Florida. This time, they got through... who knows how they got past the "price/performance" issue though... (maybe they paid the guy off)

Anyway, I'm sure there are enough vigilantes out there who will be targetting this IIS implementation eh? Hehehehe

(...why do I get this creepy feeling as I write this? Ah well, I'll just take a nap... Oh yeah, disclaimer -- I don't really advocate or invite illegal activities. I'm just saying in my own way that I can see it happening.)

Royal Server changed IP too?!

[gosand]

In looking at their web server history, while on Linux, their IP and Netblock Owner was consistent. When they switched to IIS and Win2K, those changed. Part of the reason for the change?

Disclaimer: I have no idea what I am talking about.

Re:Lameness filter encountered while trying to rep

How the HECK did you get past the compression filter?

Sysadmins have to patch their systems.
Sysadmins have to patch their systems.
Sysadmins have to patch their systems.
Sysadmins have to patch their systems.
Sysadmins have to patch their systems.
Sysadmins have to patch their systems.
Sysadmins have to patch their systems.

Voila

YOU'RE wrong!

IN> How about security: every time Microsoft releases a bug fix, they introduce a new bug.

C>Bzzt. Try again. Got a non-knee-jerk-propganda example? No?

It's the same thing for all programmers. See?

PROGRAMMER'S DRINKING SONG

100 little bugs in the code,
100 bugs in the code,

fix one bug, compile it again,
101 little bugs in the code.

101 little bugs in the code.....

Re:Good response, but...

[actiondan]

EULA's are not legally binding in Germany.

Well..

[mindstrm]

I'll be the first to say that, all jokes aside.. as a Canadian, I find Americans, in general, to respect us as a country, and neighbor.

However.. ever heard of "manifest destiny"?

IT has long been part of the American culture tha the whole continent should be the United States.

About downtime ... and Windows 2000

[Odhran]

Dear all, Thank you for your comments on the new UK Royal website. I am the lead developer of the web site and the content management system that powers it. We have spent the last 2 months feverishly working to get the site ready for launch day and all went well thankfully. The new site features many improvements including a Kid's Zone with Painting games, a complete and concise History of the Monarchy, and much much more. Please feel free to take a browse! Unfortunately, the recent outage (from about 8am GMT Tuesday 4th dec 2001 to 1pm Wednesday 5th dec 2001) was due entirely to out internet connection being physically severed. The line is owned by our ISP, and as such there was nothing we could do from our side as regards connectivity. Needless to say, the Windows 2000 servers stayed running the entire time during this outage. As an Internet company, we appreciate the benefits of many different operating systems, Linux included. But, considering the budget, the maintenance costs, and the development costs of this particular project, Windows 2000 is a no-brainer! I hope this clears up any questions you may have, and thank you for your opinions.

German EULAs

[fm6]

Gee, I'll bet magic spells don't work there either ;)

Point is that people who sell IP want to control how it's distributed. That's what drives their decision making. And the law, be it copyright, licensing, whatever, is almost always is on their side. Given the way the law is made, that's hardly suprising.

From the POV of consumers and artists, the results are often absurd. German gamers who can't play games they've paid for is one example. Another is music and literature that you can't listen to or read because the copyright holder is sitting on it. I myself know a couple of musicians who feel damn frustrated because their work is controlled by publishers who won't release or sell it back. Unfair? Absolutely. But perfectly legal.

And you'd never pass muster...

[OSgod]

.. in a production shop where NO PATCH WILL BE APPLIED TO A PRODUCTION SERVER UNTIL IT HAS BEEN TESTED AND CERTIFIED IN HOUSE.

And yes, I'm yelling here! This is a cardinal rule -- don't break it or your out the door.