Slashdot Mirror

← Back to Stories (view on slashdot.org)

Slashback: Disclosure, Maricopa, Telecoms

Posted by ryuzaki0 on from the ants-are-everywhere dept.

Slashback tonight with another round of updates and errata regarding recent Slashdot stories. Read on for more on domain slamming, the process behind fixing and revealing the recent OpenSSH vulnerability, early photography, and a special note for residents of Maricopa County, Arizona.

Quick work by smart people. ciaweb writes "The OpenSSH group has revised its security advisory about the recent OpenSSH vulnerabilities. In it, they describe their decision-making process for releasing the bug information. It is interesting to contrast their procedure, which appears designed to maximize user protection, against Microsoft's, which appears to maximize Microsoft's protection."

Pardon me, sir, would you mind if I SLAMMED THIS HAMMER ON YOUR FINGERS?! D0wnsp0ut writes "I thumbed through my mail today and found what appeared to be a renewal notice for my domain. This one came from "Domain Registry of America." Verisign attempted something similar back in March and Bulkregister.com fought back and won an injunction, against the mailings. So watch out if your domain is getting close to expiring. I talked to my registrar (Register.com) and they're aware of it.
I'll scan the letter but have no place to post the pictures. Can anyone lend some bandwidth?"

Half the world has never eaten a Krispy Kreme donut, either. cshirky writes "I've just written an essay on the phrase ' Half the world has never made a phone call'. It's more 'voice telephony-y' than the usual telecom stories here, but after seeing the interest in media and the market that surfaced during my /. interview, I thought it might be of some interest."

Please stop sending my money to Redmond, OK? TrumpetPower! writes "All that brouhaha over Maricopa County's policy prohibiting companies or persons convicted of antitrust violations has had an effect. I just received the following note announcing a public forum scheduled for this coming Monday.

You recently inquired about the County's use of Microsoft products and the manner in which we license their software. We appreciate your interest in the County's technology plans. To provide a forum in which to discuss our technology direction and address any questions you may have, we will have Information Technology staff members available to meet with citizens at 8:30 am on Monday July 8th. The meeting location will be the County Administration Building at 301 W. Jefferson in Suite 420. Please RSVP your attendance so we can ensure that adequate facilities are available for the meeting.

Thank you for your inquiry,
Paul Allsing
Deputy CIO
Maricopa County
301 W Jefferson, Suite 420
Phoenix, AZ 85003"

Ah, but what about the first annoying family photographer? 7h3_B055 writes: "Contrary to this article on Slashdot claiming the first photograph was created in 1826, much evidence is pointing to the fact that the Shroud of Turin may have been an earlier example (substantially earlier) of photography using ingredients as basic as egg-white for treating cloth (the photopaper) and urine for developing it. The camera itself could have been a simple box with a hole in it and the exposure time would have been lengthy."

Of course, there are a lot of theories about the Shroud of Turin, and a google search is likely to intrigue you for days.

8 of 208 comments (clear)

  1. Re:if i were a county office, by commonchaos · · Score: 4, Interesting

    a quick google search found a page on the meaning of 420.

  2. Vermeer: First Photographer by sjbrown · · Score: 3, Interesting

    ...or perhaps first "camera"

    I recently saw a TV segment about research showing that he quite likely projected an image onto canvas using a lens, then painted or sketched the projected image.

    He probably wasn't the inventor of the technique. I believe it was called a 'camera obscura'.

    Just found a link, thanks to Google:
    Vermeer's Camera

  3. Detailed analysis of the exploit? by MrHat · · Score: 3, Interesting

    Disclaimer: I don't want to know this so I can run around and r00t a bunch of machines. I'm genuinely interested, since the flaw wasn't immediately apparent to me when I glanced at the patch a few days ago.

    With that said - does anyone have an analysis/description of where in the source the overflow was actually exploitable? I followed the auth_chall2.c call path fairly far, and didn't manage to find where nresp > 100 would actually overflow. It doesn't seem to be exploitable in the xmalloc() immediately following the patch, unless I really missed something. I didn't trace into openssl, so if it's an interaction between the two libraries, I wouldn't have hit it.

    Hints, pointers, source snippets? All are appreciated. :)

  4. nose bone? by timothy · · Score: 2, Interesting

    isn't the nose only cartilaginous, rather than true bone?

    Seems like a technicality either way, but still ;)

    My mom's nose was once broken by (someone else's) ski pole. They didn't even stop to apologize, which did not please her.

    Best book I've read on the SoT is the one by (iirc) John Heller, quoted on some of the sites I've seen today ...

    timothy

    --
    jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
  5. snatching domain snatching by ProfKyne · · Score: 2, Interesting

    I talked to my registrar (Register.com) and they're aware of it.

    That's interesting, I have a letter from Register.com asking me if I want to extend my domain name term. But my registrar is easyDNS.com.

    I'm not kidding, I have it right here.

    --
    "First you gotta do the truffle shuffle."
  6. Not all by jcsehak · · Score: 3, Interesting

    My domains are registered through Go Daddy. I used them because they were cheapest and a friend recommended them to me. To date (several months), I have recieved no spam from them other than a notice warning me about Verisign's nasty renewal notices, and a recent notice about how they're making domain transfer free. Also, my normal flow of spam didn't noticeably go up after registering. So while I'd agree that most registrars are scumbags, I gotta say I'm very happy with Go Daddy. So far, at least.

    --

    c-hack.com |
  7. Maricopa Meeting Help by tickticker · · Score: 2, Interesting

    Hello, I am a member of PLUG and have RSVP'd for the meeting and was going to post a request to the slashdot community for documentation on successful conversions from M$ to Linux, including articles or links to sites, so I can go armed with some facts on government conversions including military, local, state, federal, school systems (many of our school systems in AZ use the same rules for contractors as the county does), etc. For instance, about those schools in the northwest that converted their labs recently. thanks, just reply to this thread and i will keep an eye out for it, or email me at the above address.

  8. Re:Great news for Linux! by Quila · · Score: 3, Interesting
    Microsoft is probably not a direct contractor to the county,

    MS likes to think its EULAs are binding contracts. Therefore, if the EULAs are valid, then there is a contract between the county and MS. Conclusion: Whenever someone in the county installs any MS product, MS is de facto a contractor.

    Alternate conclusion: MS wants its products used, and has to admit the EULAs aren't binding contracts in order to not be considered a contractor. All EULAs are then admitted by Microsoft to be invalid.