Slashdot Mirror

← Back to Stories (view on slashdot.org)

Slashback: Disclosure, Maricopa, Telecoms

Posted by ryuzaki0 on from the ants-are-everywhere dept.

Slashback tonight with another round of updates and errata regarding recent Slashdot stories. Read on for more on domain slamming, the process behind fixing and revealing the recent OpenSSH vulnerability, early photography, and a special note for residents of Maricopa County, Arizona.

Quick work by smart people. ciaweb writes "The OpenSSH group has revised its security advisory about the recent OpenSSH vulnerabilities. In it, they describe their decision-making process for releasing the bug information. It is interesting to contrast their procedure, which appears designed to maximize user protection, against Microsoft's, which appears to maximize Microsoft's protection."

Pardon me, sir, would you mind if I SLAMMED THIS HAMMER ON YOUR FINGERS?! D0wnsp0ut writes "I thumbed through my mail today and found what appeared to be a renewal notice for my domain. This one came from "Domain Registry of America." Verisign attempted something similar back in March and Bulkregister.com fought back and won an injunction, against the mailings. So watch out if your domain is getting close to expiring. I talked to my registrar (Register.com) and they're aware of it.
I'll scan the letter but have no place to post the pictures. Can anyone lend some bandwidth?"

Half the world has never eaten a Krispy Kreme donut, either. cshirky writes "I've just written an essay on the phrase ' Half the world has never made a phone call'. It's more 'voice telephony-y' than the usual telecom stories here, but after seeing the interest in media and the market that surfaced during my /. interview, I thought it might be of some interest."

Please stop sending my money to Redmond, OK? TrumpetPower! writes "All that brouhaha over Maricopa County's policy prohibiting companies or persons convicted of antitrust violations has had an effect. I just received the following note announcing a public forum scheduled for this coming Monday.

You recently inquired about the County's use of Microsoft products and the manner in which we license their software. We appreciate your interest in the County's technology plans. To provide a forum in which to discuss our technology direction and address any questions you may have, we will have Information Technology staff members available to meet with citizens at 8:30 am on Monday July 8th. The meeting location will be the County Administration Building at 301 W. Jefferson in Suite 420. Please RSVP your attendance so we can ensure that adequate facilities are available for the meeting.

Thank you for your inquiry,
Paul Allsing
Deputy CIO
Maricopa County
301 W Jefferson, Suite 420
Phoenix, AZ 85003"

Ah, but what about the first annoying family photographer? 7h3_B055 writes: "Contrary to this article on Slashdot claiming the first photograph was created in 1826, much evidence is pointing to the fact that the Shroud of Turin may have been an earlier example (substantially earlier) of photography using ingredients as basic as egg-white for treating cloth (the photopaper) and urine for developing it. The camera itself could have been a simple box with a hole in it and the exposure time would have been lengthy."

Of course, there are a lot of theories about the Shroud of Turin, and a google search is likely to intrigue you for days.

11 of 208 comments (clear)

  1. Great news for Linux! by PhysicsGenius · · Score: 1, Interesting
    I'm really really really excited to hear about that New Mexico county that has a rule against using Microsoft software. As soon as some Slashdotter points it out to them they'll have no choice but to spend next weekend upgrading to Linux! It'll cost thousands, if not millions, of dollars to convert and retrain everyone, not to mention re-write all their internal software, but it will have the desired effect of marginally reducing M$ income and that means we win!

    Well, unless they decide to use MacOS. Or just change the rule. But honestly, with all the Linux users that probably live in that county, they'd be stupid not to take advantage of it.

    1. Re:Great news for Linux! by Anonymous Coward · · Score: 1, Interesting

      Further defending my great state:

      The city of Phoenix is the 6th largest in population. The city of Phoenix is roughly 12 square miles larger than the city of Los Angeles. Maricopa County, which holds the Metropolitan Phoenix area (Phoenix + suburbs Mesa,Tempe,Glendale etc.) is huge in area and population (roughly 3million). The area is refered to by some as the "Silicon Desert" because of the recent influx of tech companies.

      All that said, It would be interesting to say the least if the local government dediced to move away from Linux.

    2. Re:Great news for Linux! by Quila · · Score: 3, Interesting
      Microsoft is probably not a direct contractor to the county,

      MS likes to think its EULAs are binding contracts. Therefore, if the EULAs are valid, then there is a contract between the county and MS. Conclusion: Whenever someone in the county installs any MS product, MS is de facto a contractor.

      Alternate conclusion: MS wants its products used, and has to admit the EULAs aren't binding contracts in order to not be considered a contractor. All EULAs are then admitted by Microsoft to be invalid.

  2. All Registrars are scumbags by Anonymous Coward · · Score: 1, Interesting
    I get snail-mail letters from 'other' registries all the damned time (I have my domains with Verisign/network solutions/whatever the hell their name is). I'm in Canada so I get twice as much... a bunch from americans, and a bunch from canadian places.

    "Internet Registry of Canada"
    "Internic.ca"

    These (among others) send nice official looking letterhead and such to make it look like they're the place you normally have your domain with, whereas 'renewing' with them is transferring over to them. They also have this annoying habit of sending 'renewals' about six months before it's due, hoping I'll accidentally renew with them instead of when the normal Verisign renewals start coming (which is still about three months before it ends).

    I also get a variety of registrar renewal spam. However, I don't think Verisign helps their case by sending me renewals with these bizarre domains in the urls to click on (which do turn out to be actual verisign places). Since I don't click on urls without looking at them even the 'authentic' ones look phoney.

    My normal method is: I wait for the last couple of weeks before the domain expires. I go directly to the Versign site that I know, I do the renewal through the steps there. No fussing with mail or email they've sent me.

  3. Re:if i were a county office, by commonchaos · · Score: 4, Interesting

    a quick google search found a page on the meaning of 420.

  4. Vermeer: First Photographer by sjbrown · · Score: 3, Interesting

    ...or perhaps first "camera"

    I recently saw a TV segment about research showing that he quite likely projected an image onto canvas using a lens, then painted or sketched the projected image.

    He probably wasn't the inventor of the technique. I believe it was called a 'camera obscura'.

    Just found a link, thanks to Google:
    Vermeer's Camera

  5. Detailed analysis of the exploit? by MrHat · · Score: 3, Interesting

    Disclaimer: I don't want to know this so I can run around and r00t a bunch of machines. I'm genuinely interested, since the flaw wasn't immediately apparent to me when I glanced at the patch a few days ago.

    With that said - does anyone have an analysis/description of where in the source the overflow was actually exploitable? I followed the auth_chall2.c call path fairly far, and didn't manage to find where nresp > 100 would actually overflow. It doesn't seem to be exploitable in the xmalloc() immediately following the patch, unless I really missed something. I didn't trace into openssl, so if it's an interaction between the two libraries, I wouldn't have hit it.

    Hints, pointers, source snippets? All are appreciated. :)

  6. nose bone? by timothy · · Score: 2, Interesting

    isn't the nose only cartilaginous, rather than true bone?

    Seems like a technicality either way, but still ;)

    My mom's nose was once broken by (someone else's) ski pole. They didn't even stop to apologize, which did not please her.

    Best book I've read on the SoT is the one by (iirc) John Heller, quoted on some of the sites I've seen today ...

    timothy

    --
    jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
  7. snatching domain snatching by ProfKyne · · Score: 2, Interesting

    I talked to my registrar (Register.com) and they're aware of it.

    That's interesting, I have a letter from Register.com asking me if I want to extend my domain name term. But my registrar is easyDNS.com.

    I'm not kidding, I have it right here.

    --
    "First you gotta do the truffle shuffle."
  8. Not all by jcsehak · · Score: 3, Interesting

    My domains are registered through Go Daddy. I used them because they were cheapest and a friend recommended them to me. To date (several months), I have recieved no spam from them other than a notice warning me about Verisign's nasty renewal notices, and a recent notice about how they're making domain transfer free. Also, my normal flow of spam didn't noticeably go up after registering. So while I'd agree that most registrars are scumbags, I gotta say I'm very happy with Go Daddy. So far, at least.

    --

    c-hack.com |
  9. Maricopa Meeting Help by tickticker · · Score: 2, Interesting

    Hello, I am a member of PLUG and have RSVP'd for the meeting and was going to post a request to the slashdot community for documentation on successful conversions from M$ to Linux, including articles or links to sites, so I can go armed with some facts on government conversions including military, local, state, federal, school systems (many of our school systems in AZ use the same rules for contractors as the county does), etc. For instance, about those schools in the northwest that converted their labs recently. thanks, just reply to this thread and i will keep an eye out for it, or email me at the above address.