Triangle Boy Lives

mlinksva writes: "Safeweb cancelled their free service late last year, but their P2P anonymizing proxy, Triangle Boy, has been spotted in the wild (south of Fort Worth, Texas). 'Because of its stealth nature, the P2P software does not show up in reports from many filtering products and the administrator doesn't even know the problem exists and has no way to check it.'(via UniteTheCows)."

Yeah. Wow.

Orange, Calif.-based 8e6 Technologies helped conduct the tests.

"The results were startling," said Chad Ingram, network technician at Crowley. "The only filter we tested that stopped Triangle Boy use was the 8e6 Technologies R2000. Then, using the 8e6 Enterprise Reporter, we took a look at the logs to see if we actually had users trying to contact the Triangle Boy network. We found that in the first 48 hours, users had gone to the primary Triangle Boy Website over 30 separate times."

Fucking fancy that! The only way to detect this evil P2P software is to use this peice of software. Of course is just so happens that the people who discovered the shocking truth also sell that product.

It must be the wildest fucking coincedence in the history of computing.

So?

[neksys]

I can understand the concern that people have over Triangle Boy, but one must consider something important (in terms of the school in the article, anyway): Filters in schools are put in place primarily to prevent students from accidentally accessing some content that the parents may sue over. That, and to prevent kids from wasting their schooltime sending emails. However, to make use of the Triangle Boy, one must a) know how to use it, and b) have a specific reason for accessing blocked material. I don't see the liability issue there - its a piece of "stealth" software that the student, of his own free will, has used - despite acceptable measures to prevent he or she from doing so.
*shrug* Just a thought.

Re:So?

[Rhinobird]

I don't see the liability issue there - its a piece of "stealth" software that the student, of his own free will, has used - despite acceptable measures to prevent he or she from doing so.

since when has anything like that stopped people from sueing?

Re:So?

[neksys]

Point taken - my Canadian sensibilities skewed my reply. =)

Re:So?

Accidently accessing? We use filtering software to stop our employees from wacking off all day to online porn. Since we've put in the filter this abuse has decreased a LOT. We still occassionally see people hitting sites that aren't blocked (it's an ocean of porn out there and these filters are just a sieve) but it's better than nothing. Personally I believe it's a management issue and they should keep a better eye on their employees so they don't have time to sit around and wank off, but that's not happening. The management is just as lazy as the fucking employees.

Re:So?

[Eric+Damron]

I've found that firing employees that surf for porn using company equipment is a deterant.

Re:So?

I've found that firing employees that surf for porn using company equipment is a deterant.

And what about the ones who spend all day reading and posting to slashdot?

Re:So?

[Erasmus+Darwin]

"Filters in schools are put in place primarily to prevent students from accidentally accessing some content that the parents may sue over."

Accidentally? Bull. If that were the case, then the filtering software would allow the student the option of immediately overriding it. If, say, a student were surfing Slashdot and accidentally clicked on a hidden porn link, they'd get a window explaining that the site is blocked for sexual content. Then they'd click a confirmation button (or even have to type out "allow site" to prevent accidental clicks), and they'd be able to surf the site. But that's not how it works.

Re:So?

Filters in schools are put in place primarily to
prevent students from accidentally accessing some content that the
parents may sue over.

So basically the school administrators care more
about saving their butts from a lawsuit than they do
giving the kids freedom and a decent education? What
fucked up people. If I were a parent in that school
district, I'd try damn hard to make sure these assholes were
on welfare. There are a lot of people in schools who do
care, but I hear of few of them getting administration jobs.
Once again, the shit floats to the top.

Re:So?

[ryman]

I see your point, and I think it's a valid one, but I believe that there are ways that a student could be accidentally exposed to pornography: say, by a pop-up (or the more deceptive pop-under) window? In those cases, courts might be more willing to side with the parents.

Re:So?

despite acceptable measures to prevent he or she from doing so.

Try "him or her" instead of "he or she".

Re:So?

[pravda]

I don't see it specifically as an issue of accessing content that would be blocked. Any user of Triangle Boy may simply wish to get content anonymously. They may not want the school to watch them go to even permitted sites. We cannot assume that these students are only using it to access forbidden things. There is a use for privacy beyond anonymously downloading "inappropriate content".

Re:So?

[cduffy]

Once again: If that were the sole concern, the blockage (of popunders, like anything else) would be overridable. This would certainly be much more convenient for the sysadmins, who would no longer need to deal with constant one-off unblock requests.

Re:So?

[Patrick13]

....We use filtering software to stop our employees from wacking off all day to online porn... it's a management issue and they should keep a better eye on their employees so they don't have time to sit around and wank off, but that's not happening. The management is just as lazy as the fucking employees.

how is the management going to be able to spend all day wacking off to porn if they have to go around making sure the employees aren't circumventing the firewall?

Re:So?

[arb]

And what about the ones who spend all day reading and posting to slashdot?

Give them a pay-rise of course! ;-)

Re:So?

[ryman]

True. I guess the one truth that overrules all this controversy over school responsibility vs. individual responsibility is that when you combine a lawsuit-happy, victim-mentality populace with an overly-obliging judicial system, anyone can potentially sue anyone else and win. Until there's some meaningful tort reform, everything truly logical goes out the window.

Triangle wins.

[scamcdan]

Triangle Boy, Triangle Boy,
Triangle Boy hates Filtering Boy,
They have a fight, Triangle wins.
Triangle Boy.

Re:Triangle wins.

[Rhinobird]

I was thinking the exact same thing!

Re:Triangle wins.

I've been following this thread, and articles all around the web waiting for someone to say that. You made my day!

Re:Triangle wins.

[Paradise+Pete]

I've been following this thread, and articles all around the web waiting for someone to say that. You made my day!

Your days are easily made, apparently.

Re:Triangle wins.

[ilsa]

I guess we'd better fast forward a verse or so and see if we can get Universe Boy on the job.

Re:Triangle wins.

And it was made at 9AM too.

Re:Triangle wins.

[cdrj]

Where is that from? It sounds so familar, but I just can't place it. Thanks

Re:Triangle wins.

"Particle Man", by They Might Be Giants

What's to keep....

[blazen1]

"The school said it is now adjusting its network to detect Triangle Boy and other similar applications." What if anything about this software will keep it from being filtered in the next revisions of filtering software?

P2P

[Wanker]

Dave Salch, CTO of 8e6 Technologies, said because of its stealth nature, the P2P software does not show up in reports from many filtering products and the administrator doesn't even know the problem exists and has no way to check it.

Since when is a web proxy P2P software?

The same function as Triangle Boy can easily be duplicated by anyone with a linux box on a permanent Internet connection. Just set up an HTTPS squid proxy.

Clever users will also note that you can tunnel this over just about any port you want. Make this an encrypted tunnel and no filter in the world will detect it. If your school/network allows even a single TCP port out to the Internet you can do this. (Some places allow arbitrary TCP ports to be forwarded via the HTTP proxy. Other places may have a SOCKS or similar proxy available. Those would both work for this in the event all direct connections are blocked.)

I do miss Safeweb. That open proxy was very helpful for casual browsing. The closest non-open substitute I've found is http://www.anonymizer.com.

Re:P2P

[God!+Awful]

Clever users will also note that you can tunnel this over just about any port you want. Make this an encrypted tunnel and no filter in the world will detect it.

Unless the filter just blocks all encrypted connections to unknown sites.

-a

Re:P2P

[nosphalot]

While this will seem like a good solution to school boards and parents, most net admins will see two big problems.

1. What does an encrypted connection look like? It's not like a software designed to get around filters will advertise what it is doing. I supposse you could look at the data and only let it by if it looks like text, maybe by word frequency, but what happens when the Spanish class goes to look at spanish language sites? Filter freaks and thinks it's encrypted. Yes, you could add language detection and have patterns for all languages, but how many companies do expect will provide these for free, and how many schools will pay for the upgrades.

I'm sure there are other ways to try and guesss if somehting is encrypted, but there are just as many was to fool those things as well.

2. Who gets to develop this list of known sites? And how often will it get updated? Does it include just the domain name, or the whole url? Is the Google cache on the list?

IMHO filtering is not the solution. Everytime a filter gets tighter, its likely to restrict some content that isn't intended, and two weeks later, there is a new way around it. The only one who makes out is the company writing the filter software. I'd rather that school budgets be spent teaching children, instead of trying to hide the real world, no matter how unseemly, from them.

Re:P2P

[acceleriter]

Check this out. It's a Java anonymizing proxy that should be more than adequate for casual browsing. It's not "terrorist grade" anonymity, but should keep all but the most dedicated network nazis out of your traffic.

Re:P2P

[fetta]

"clever users will also note that you can tunnel this over just about any port you want. Make this an encrypted tunnel and no filter in the world will detect it. If your school/network allows even a single TCP port out to the Internet you can do this. "

Even without an open TCP port, you can do this over HTTP if you have a proxy server. Just tunnel everything over HTTP. Of course, then you're tunneling http over ssh over http , which gets a little complicated, but it works.

See the GNU HTTPtunnel home page for more details.

Re:P2P

[vovin]

Site blocked .. data too random?
Have fun.

Re:Yeah. Wow.

[orthogonal]

No, the wildest "coincidence" is that said software firm put out the press release that the article in siliconvalley.internet.com is surely a rewrite of...

A Calif.-based software company Friday issued a warning for network administrators who think they have total control of content flowing in and out of their systems: Triangle Boy is alive and well...

Spotted in the wild?

[jsse]

Just a discovery of TB being used in Crowley Independent School District and you called it "spotted in the wild"? How wild could it be? Or you mean this school hosting wild animals?

Re:Spotted in the wild?

[quantum+bit]

You obviously haven't been to Crowley. I think the number of cows alone qualifies as "wild".

Oh no!

Sya, which company was it again? This Triangle Boy is surely a threat to my network security! I must go and by the only firewall product that can block this terrorist menace!

Not only do they get their press release on siliconvalley.internet.com, they get a free ad on Slashdot too!

Re:Oh no!

[hdparm]

Let's just /. the bastards.

Anyone know anything more about this?

[joto]

How does it work? What does "stealth" mean in this context? Why wouldn't it be blocked by people having firewalls explicitly for the purpose of locking someone in?

According to this article it works by spoofing the the source address. I know at least my firewall would block that.

And furthermore, it needs to contact a server somewhere (that is, another PC running triangle boy). Now, unless they rely on word-of-mouth to tell people where those servers are, they would have to have one or more (easily blockable) servers to hand out IP-addresses and port numbers to connect to.

I don't know what's the most frightening part. That administrators think they must block users instead of simply having strict but reasonable rules that people will understand and follow? That windows let users install programs like triangle-boy without administrator privileges (or that administrators regularly give users administrator privileges). That most commercial firewalls don't block spoofed addresses? That administrators who for some reason want to lock users in don't know about Triangle boy?

Re:Anyone know anything more about this?

[Quixote]

How does it work? What does "stealth" mean in this context? Why wouldn't it be blocked by people having firewalls explicitly for the purpose of locking someone in?

IIRC, the data is sent to your machine via forged UDP packets. The client on your machine (which is also the proxy for your machine) then reassembles the packets and forwards them to your browser.

Checkout the TriangleBoy Whitepaper

Re:Anyone know anything more about this?

[dohcvtec]

Quoting the article: ... returns the requested page directly to the client browser, "spoofing" the origin address so that it appears to come from the Triangle Boy host.
Unless I'm reading this wrong, or the author of the article doesn't know what they're talking about, the spoofing occurs outside of your network. Apparently, Triangle Boy knows that Safeweb IP addresses will be blocked by some firewalls or filtering software, so the return traffic from Safeweb (e.g. viewing web pages) is spoofed to the IP address of the Triangle Boy host. It's not like clients inside your network are spoofing their source addresses. If that were the case, you would be right and any decent firewall ruleset would block such activity.
I know at least my firewall would block that
Your firewall would block address spoofing from the inside, but not from the outside like in this case. I don't know the details, but I would think that the spoofing on Triangle Boy's part would have to take into account issues like TCP state and TCP sequence numbers to work properly, and IF these issues are taken care of, nothing would look suspicious to your firewall.

Re:Anyone know anything more about this?

[FozzTexx]

Your firewall would block address spoofing from the inside, but not from the outside like in this case.

Um, that's what my firewall does do. If a packet arrives on my external interface that claims to be from an IP on the internal LAN, it's gonna drop it. It's clearly spoofed.

Re:Anyone know anything more about this?

[dohcvtec]

Your statement is true, but irrelevant to what we are talking about. The spoofed packets that will be arriving on the external interface will be from valid external hosts, presumably arriving as part of an existing TCP connection, not spoofed to be from your internal network. Like I said, if you have a stateful firewall and nothing looks fishy, this (spoofed) return traffic will be allowed back in.

Re:Anyone know anything more about this?

You are correct, however, in the sense that you could not connect to a Triangle Boy running on a different computer that was also behind your firewall.

Not all web proxys are p2p software, but...

[Erpo]

...this one is. It just bounces requests off of other triangle boy users, as opposed to a server you've set up at home.

...or SSH

[dmiller]

The same function as Triangle Boy can easily be duplicated by anyone with a linux box on a permanent Internet connection. Just set up an HTTPS squid proxy.

You can do this with SSH too:

ssh -L8080:localhost:8080 yourhomeproxy.org and set http_proxy=http://localhost:8080/

Re:...or SSH

[drsoran]

It's even easier if you're using OpenSSH:

ssh -D 1080 yourhomemachine.org

Point Nutscrape or Mozilla to localhost port 1080 for the Socks4 proxy. Everything will go over the SSH connection and be proxied by your remote machine without a need for Squid or an explicit web proxy. Don't forget to ask your local security team if this is permissible before doing it though! It may be a big violation to circumvent the access controls in place to support a local security policy. You can, may, and will lose your job over it. Make sure it's worth it.

Re:...or SSH

[dmiller]

...that being said, it would be very difficult to prove

Re:...or SSH

[drsoran]

...that being said, it would be very difficult to prove

True, but depending on what kinds of IDS they have in place, a marked increase in SSH activity could alert them to something fishy going on. I just mention it as a CYA notice. :-)

Filters are in danger... Oh no.

[FuegoFuerte]

I personally have been in a University which performed heavy filtering, and even worked in the IT department of the school. I do not have a problem with blocking or lowering priority for certain p2p apps such as Napster (back in the day), kazaa, etc. I do however have a major problem with filtering web access. While p2p is a major problem in terms of bandwidth and is clearly not for academic purposes (the vast majority of the time), many blocked websites are quite useful for academic purposes. As an example, my school blocked the Google cache and pretty much all translation sites, because they could be "used to access pornographic content" (not neccessarily images). It seems that the possible benefits of said cache (which include pdf -> html and .doc -> html converters) and benefits of all the translation software massively outweigh the possible use for reading pornographic content. I must say, I welcome all such apps as triangle boy and hope to see them spread more widely, as it appears that is the only way we will keep the internet a place where information flows freely, without restrictions from those who would love to brainwash the masses. May Triangle Boy, Peekabooty, and any other similar projects flourish.

No

How do you think you'll get that non-HTTP data through an HTTP proxy? You can't. You have to use an HTTP tunnel that will pass through the proxy.

Need Link to Source Code and or Binary

I google searched for Triangle Boy... and found articles about it... and some stuff saying that the source code was released...

But I gave up trying to find it.
Anybody wanna post where to get it?

Also looking for it on p2p networks...
haven't found it yet

Re:Need Link to Source Code and or Binary

http://www.safeweb.com/pr_tboy1.html says
---
The source code for Triangle Boy 1.0 is available immediately. Those who wish to volunteer to host a Triangle Boy machine can download the free program from the SafeWeb site at http://fugu.safeweb.com/webpage/tboy-1.0.3.tar.gz. Volunteers must have a PC running Linux or Windows NT/2000.

Re:Need Link to Source Code and or Binary

[RazorJ_2000]

Nice one.

Re:Need Link to Source Code and or Binary

[BlowChunx]

That URL now gets redirected to SafeWeb's home... google cache or mirror anyone?

Re:Need Link to Source Code and or Binary

[orthogonal]

Now here's a question:

I don't necessarily want to run Triangle Boy for all and sundry oppressed peoples of Noliberty-istan and pointy-headed-boss.com.

But I'd like to run it for... me. That is, I'd like to be able to https from work to my box at home, have my home box fetch pages from not-approved-websites.com, and re-send that data, encypted, to my work box.

The "obvious" solution seems to be to run Apache with SSL, and create an SSL'd frame around a cgi program that does nothing other than forward. (I'm assuming that clicking a link on an encrypted page generates an encrypted GET; this may be an unfounded assumption.)

Given that I'd already running a web proxy on my home machine, I wonder if anyone has a better suggestion?

Re:Need Link to Source Code and or Binary

[EllisDees]

http://www.jmarshall.com/tools/cgiproxy/

I use it daily...

Re:Need Link to Source Code and or Binary

http://fugu.safeweb.com/webpage/tboy-1.0.3.tar.gz

Also you can get it from the US government at:
http://chinafreenet.50megs.com/softindex.html

Just look for the tboy file if you can't read mandarin.

Re:Need Link to Source Code and or Binary

Look here.

Re:Need Link to Source Code and or Binary

Anyone have a link to a Windows version? I'd say a good deal of the people who are being blocked are on Windows computers...

Re:Need Link to Source Code and or Binary

[Astfgl]

Here's an easier way: Set up a Zebedee tunnel between your work and home machine (http://www.winton.org.uk/zebedee/). It compresses and encrypts all traffic. Zebedee is open-source, and there are compiled versions for Linux and Windows. I've been using it to tunnel between WinNT and Win2K machines for about a year now, and it works great.

Re:Need Link to Source Code and or Binary

yep...

http://web.archive.org/web/20011109105021/http:/ /f ugu.safeweb.com/webpage/tb
oy-1.0.3.tar.gz

MPAA on the prowl!

[DragonTHC]

Great, now Jack Valenti is going to be scouring Texas for an adolescent cowboy jew.

Re:MPAA on the prowl!

uh..sorry, it was a pop-culture reference you might have missed. South Park. There is an episode where a film festival comes to town. Cartman says that all independant films are gay cowboys eating pudding. He is proven right later on in the show...

TMBG

[reduced]

Triangle man, Triangle man Triangle man hates particle man They have a fight, Triangle wins Triangle man

Re:TMBG

[reduced]

oh no, now i'm redundant.

Re:TMBG

oh no, now i'm redundant.

Maybe it was your Evil Twin.

Yes

[dmiller]

squid support the 'CONNECT' method which allows forwarding of arbitrary tcp connections (that's how it supports https).

Public Schools

[DarkZero]

A public school system in a country that values democracy and free speech filters its web access, most likely for not only pornography but also for hate speech, breast cancer information, and 2600.com, and is now desperately trying to get rid of a stealthy program that is meant to circumvent the oppression of free speech in repressive dictatorships.

From what I saw in my time in the US school system, this sad, ironic situation pretty well sums up how the school system here works.

Re:Public Schools

[mrpuffypants]

well, you have to understand where they are coming from. they have to be repressive in schools because that's what school is all about: getting you in a building to 'learn' and basically become a better person for it.

they have to have control over the people in the school to accomplish their goals of structuring the environment in the school, and anything that detracts from the percieved goal of the syllabus in classes is undesirable.

now, i don't like it, but i accept it, even if it SHOULD be changed

Re:Public Schools

[drsoran]

they have to have control over the people in the school to accomplish their goals of structuring the environment in the school, and anything that detracts from the percieved goal of the syllabus in classes is undesirable.

Schools need to wake up and realize, if they haven't already, that they need to just deny everything and have a whitelist of acceptable sites. That's the only way they'll ever make sure the kids aren't accessing porn and inappropriate content. There need to be all-inclusive sites for educational institutions to subscribe to that include all the tools a student would usually need to do research.. encyclopedias, dictionaries, filtered access to periodicals online, etc.

Re:Public Schools

[blue+trane]

now, i don't like it, but i accept it, even if it SHOULD be changed

How long before you start supporting it and enforcing it?

Re:Public Schools

A public school system in a country that values democracy...

You mean a public school system in a country that claims to value democracy, while actually only valuing commerce.

Re:Public Schools

as my former Assoc Principal said, "You have NO rights when you come in the building"

funny, the supreme court disagrees. as well anyone who can legitatemtly call themselves an American

Re:Public Schools

[SpaceJunkie]

You mean like they were before the internet was introduced into schools - at least over here(Uk). Where CD-Rom encyclopepias and Digests are used. Why bother with internet access at all?

I'm sorry but I really dont think such an oppresive level of control will help at all. ou have to remember certain pertinent areas of psychology to know that the harder and stricter you are, the harder someone will push back. In such an environment - a few kids WILL HACK - and some will probably be succesful - even if there method is getting the librarian to retype their password and nicking it(a common one even in the school I went to - we had a small LAN). A blanket ban on anything the school might not agree with is more likely to teach the children that all authority is oppresive (and should be rebelled against) than that pron viewing is not acceptable.

I remember we used to have beebs- which were all replaced by PC's. All the coder types(okay H4x0rs) were dissappointed because we had no access to programming tools - not even a command prompt at first. Although VBasic was clearly on the network -access was denied. We quickly got access to that, and found (having never hacked LANS before) that the security was incredibly poor. The funniest thing was when they disabled my personal user account I wasnt using because I hacked a teachers account which I continued to use - DUH.. And the teacher didnt even attempt to change the password we all new(not really hacking - just stealing a bimbo's password). We originally had just used her account to change our own accounts so they had access to all the software - but following the accounts being locked we just used hers for everything. Although to this day I still VBasic will never live up to BBC basic - ah back in the day...

Re:Public Schools

[Erasmus+Darwin]

"A public school system in a country that values democracy and free speech filters its web access,"

Not only that, but the school library doesn't carry back issues of Playboy. Someone should write to Congress and protest this egregious oversight. It's clear that their failure to carry this fine literary magazine is part of a draconian effort to silence its political messages.

Re:Public Schools

[linzeal]

Um, why shouldn't it carry issues of playboy? Do you really think anything but the most draconian of upbringings would prevent any child from accessing porn. Sexual quandries like this need to be sorted out. People are taught to have shame for their bodies as if we were religious in public schools.

Re:Public Schools

[Oswald]

No no no no. You completely misunderstand. We really do value democracy--for ourselves. As for that weirdo down the street or those cretins in the next state, well they would only waste their votes anyway. Interestingly, a lot of this attitude can be laid at the feet of the shitty public schools we are compaining about.

On the other hand, I probably wouldn't be totally thilled with where you live either--humans are so troublesome.

Re:Public Schools

Schools need to wake up and realize, if
they haven't already, that they need to just deny everything and have a whitelist of acceptable sites.

And to make things easy for all you busy admins out there, Disney and Nickelodeon have teamed up to provide free white lists for schools! If you don't see one for your brand of filter, just ask! We'll be happy to help you. Let us do the hard part. Now you can be free to go back out and coach the softball team!

Re:Public Schools

[StupidKatz]

Any chance that your former principal was fresh out of a military career? ;)

Re:Public Schools

Well, geez, I just read it for the articles, honey.

Re:Public Schools

[Leven+Valera]

From what I saw in my time in the US school system, this sad, ironic situation pretty well sums up how the school system here works.

I read an article once in the disinfo.com book You Are Being Lied To that explained that the modern school system was more productive in producing factory workers than educating people.

Nowadays the schools are being used to develop consumers instead of teaching.

LV

Re:Public Schools

[benjamindees]

All I can say is: ditto. (Class of '98)

Re:Public Schools

[DarkZero]

well, you have to understand where they are coming from. they have to be repressive in schools because that's what school is all about: getting you in a building to 'learn' and basically become a better person for it.

If a kid wants to learn about technology, hacking, breast cancer, sex, or unpopular politics during the time when they're forced to be in school but aren't being instructed (from what I saw, the computers get 90% of their use during the lunch hours, with every computer in the school being taken up by students during that time), I don't see what's so wrong with that. The schools, on the other hand, want to make sure that the kids only learn what they want them to learn. That's a way to keep kids stupid and docile, not make them smarter and more worldly. It goes against every reason and principle behind education.

Re:Filters are in danger... Oh no.

[orthogonal]

I personally have been in a University which performed heavy filtering

Did everybody on campus go to chapel together?

Did they also have lights-out in the dorms at 11pm, after the "Dorm Mother" made sure that all members of the opposite sex had signed out and left?

Did they hold seminars explaining that "self-abuse" could lead to blindness and hairy palms?

Did they ban Elvis for swiveling his hips, and look askance at all the "groovy" kids who went to the campus rally for Adlai Stevenson's presidential campaign?

Policies like your uni's scare me a lot more than the thought that some geek might be pullin' his pud to pictures of Paulina Porizkova.

Re:Yeah. Wow.

[squaretorus]

Shouldn't we be able to mod comments down as 'potty mouthed'??

Overlooking Elementary Security

[new500]

. . .

Boy does this sort of advisory wind me up. FUD about users downloading applications, I've seen this on almost every pitch for expensive firwalls and security consultancy recently.

This ought to be so simple - do not allow users to have sufficient priviledges to install software!

Problem solved.

Okay, before I get flamed, this won't work for developer teams or your admins - for whom I merely suggest you can implement a draconian contract - i.e. fire anyone using any software not explicitly authorised (a minimum policy imo) and have a regular *external* audit.

Neither will this work for networks of Win9x clients, because you can't set appropriate secuirity policies. However you could always get SMS from M$$$$ or write your own scripts to call registry entries and check them against a permitted template so as to flag suspicious installations. At the end of the day it may even be worth upgrading your clients. Or just installing Linux and StarOffice, if you can, he he :). But with respect to upgrading even say from Win9x to Win2k, which ain't cheap, it's still probably less expensive than all the FUD claims - even the reality - of lost security and lost productivity from unauthorised use of your network resources and manpower.

Oh yeah, and you *do* only open ports explicitly at your firewall, not close off ports in response to the latest "advisory" don't you :-)

Re:Overlooking Elementary Security

[acceleriter]

I could work just fine in that environment, so long as VMware was on the list of authorised applications :).

Re:Overlooking Elementary Security

What ever happened to simple apps, like it used to be for many DOS programs, where you simply unzip a file to install it? Metapad (a notepad replacement) is installed this way, so why can't other software work like that? I understand that things like Explorer integration (right-click menu) requires admin privs to add the Registry entries, but many other things don't.

Re:Overlooking Elementary Security

[MooseGuy529]

Whoops, wasn't supposed to be anonymous... i'm not a coward, you know!

Re:Overlooking Elementary Security

[Balp]

I have a better idea, don't care :)

Make shure the users gets all software and internet connections they whants. That way there is no problem no-one will ever need this software.

Re:Overlooking Elementary Security

[linzeal]

Trusting the users only goes so far. Has anyone here had to deal with pictorial but textual child porn being downloaded at work? What do you do, is it free speech?

Re:Overlooking Elementary Security

[Balp]

Thats not problem, if they do anything illegal, sush as downloading child porn. They first it's a matter for the law inforcent, and then they will shurely loose there work over it.

Having a filter, only makes a false security around it and it hurst and damage the trust of the empolyees. Then it however clever it is it won't ever stop the one that are clever of at least intrested in getting around doing what they like.

Take a little comarision with life outside the computers, that what you always should do. Do you think that a strip search is good everyime you gets to work (someone might carry with them narcotics). Do you think tapping every phonecall is appropriate, someone might give out secrets or actually doing something even more illigal that way.

Just becaus it's new and relative easy to look at dosn't mean thats it's right. At the moment we are at a crossroad, either we tries to take a little protections around our privacy or we risk loosing even more of it as phonecalls gets into computers and electronity too.

Not permitted to install

[nuggz]

My current company has this policy.
It is a very stable NT network, it works well.
The only real issue is that you have to jump through hoops to get anything non standard installed.

Most users do not need to install applications on their computer.

Blocking Free Speech

[evilviper]

SafeWeb developed the Triangle Boy software for use with its project with Voice of America in an effort to circumvent foreign governments [...] that block free speech.

It says a great deal that software, which was designed to circumvent opressive foreign government, is put into use in public schools, libraries, etc.

Re:Blocking Free Speech

[jafuser]

It says a great deal that software, which was designed to circumvent opressive foreign government, is put into use in public schools, libraries, etc.

Excellent statement.

It won't be long before our ISPs consolodate into one company, and we'll have to do the same type of software on our dial-up and broadband connections at home to let us access news and information that wasn't spoon-fed to us by Disney/AOL/TW/MSN.

And if you're a sociologist doing online research of, for example, the impact of evolving internet connectivity in middle-eastern countries, you might want some encryption as well, to avoid that visit from your friendly local FBI agents.

Re:Blocking Free Speech

[repoleved]

" And if you're a sociologist doing online research of, for example, the impact of evolving internet connectivity in middle-eastern countries, you might want some encryption as well, to avoid that visit from your friendly local FBI agents. "

or else you'll make them even more suspicious and they will closely monitor all of your telephone calls, financial transactions, email correspondence and web traffic for the next few years....

How much of "a problem" is it?

[Eric+Damron]

"Dave Salch, CTO of 8e6 Technologies, said because of its stealth nature, the P2P software does not show up in reports from many filtering products and the administrator doesn't even know the problem exists and has no way to check it."

It seems to me that if the Administrator isn't even aware that it's happening, it must not be too much of "a problem", at least not yet. It's obviously not bringing the network down. Of course as the P2P network grows it might become a problem if users do not act responsibly.

Of course network usage is only part of the equation. Using the network to steal intellectual property is already being used as justification by the entertainment industries to ram digital rights management enabled hardware down out throats.

Yeah, we all know it is really about profits, being able to prevent people from exercising their fair use rights and thus artificially create a market where the music and video industries can charge us for every piece of music we listen to or video that we watch. Eventually we'll all have to pay EVERYTIME we listen to music or view video because it will all be a service. We will pay each month a little for this service and a little for that service.

We won't own CDs and DVDs any more. In their infinite corporate wisdom, the remaining few largest corporations that haven't been gobbled up by other mega-corporations, will simplify our lives by removing the burden of actually owning anything. Won't that be wonderful! Just like John Lennon said "no possestions. . ." I seem to have gone off on a rant....

I think my original point was that the

Re:How much of "a problem" is it?

[kindbud]

We won't own CDs and DVDs any more.

This of course, is the solution to the whole mess: stop buying CDs and DVDs. Problem solved.

Music will not die for lack of corporate sponsorship. Only corporate-sponsored music will die.

Re:How much of "a problem" is it?

[cduffy]

Ya know, the guy wasn't talking about all P2P software, but rather Triangle Boy in particular. TB has nothing to do with stealing IP -- it isn't a file sharing network in the sense of Gnutella or KaZaa; its sole purpose is providing anonymity.

In short: You've ranted quite far off-topic.

Re:How much of "a problem" is it?

[Eric+Damron]

Of Course TB is used to share files. It also provides anonymiy but what else would P2P software be used for execpt gaming and file sharing?

My post was dead center topic.

Re:How much of "a problem" is it?

[cduffy]

It also provides anonymiy but what else would P2P software be used for execpt gaming and file sharing?

Anonymous web access. That's what TB does. That's all TB does. It does not do gaming, and it does not do file sharing (except in the sense that forwarding HTTP requests and responses is file sharing).

Re:How much of "a problem" is it?

[Eric+Damron]

I thought the article said that it was P2P software?

Re:How much of "a problem" is it?

[cduffy]

Yes. TB is P2P software that anonymizes web browsing.

P2P doesn't mean "file sharing" or "gaming", it simply means "peer-to-peer". There are lots of things that can be done on a peer-to-peer network model that have nothing to do with the former applications.

Re:How much of "a problem" is it?

[Eric+Damron]

I understand what P2P is and a web browser isn't P2P. Why would admins ever be conserned with web browsing?

I admit that I have never run TB so I could be wrong but I am finding myself not buying the anonymous web browser story.

Re:How much of "a problem" is it?

[cduffy]

No, it isn't a web browser. It's an anonymizing proxy which shuttles (encrypted) requests and responses between those using it -- most particularly, between those who can retrieve a given page and those who can't (due to, say, being on the wrong side of the Great Firewall of China). The "servers" which do the data retrieval for those whose access to a given site is blocked aren't dedicated servers -- they're just other peers who happen to be using the Triangle Boy network.

Got it?

Re:How much of "a problem" is it?

[Eric+Damron]

Got it. :-)

Arrgh cut off in the middle of a rant!

[Eric+Damron]

The last part of my rant:

I think my original point was that the bandwidth usage apparently isn't a real problem yet. Sharing information is what the internet is all about. P2P computing IS a big part of the future however don't steal IP because there are people out there that will use any excuse they can to try to take away our right. Let's not give them any extra ammunition.

Interesting

[zoomshorts]

Where can I get a Doze binary for this software, I need to reduce my bandwidth immediately...

Crypto + Stego

[yerricde]

Unless the filter just blocks all encrypted connections to unknown sites.

Unless the proxy steganographically hides its encrypted data inside what appears to be normal text.

still alive..... yes

[amithv]

I had downloaded Triangle Boy and put it on my Linux machine when it was released so I get around various blocks at different places where I used the Internet. When SafeWeb called it quits, my Triangle Boy client continued to work which I found interesting. But I didn't complain.

That is until someone in Taiwan spammed a whole bunch of people with my IP address advertising it as a way to get around Chinese Internet censorship (my friend translated the Simplified Chinese in the e-mail). My ISP found out that my IP address was in the e-mail and was pissed and suspended my account (Ironically not because I was running Triangle Boy, but because my IP address was in the e-mail. They though *I* sent out the spam!) I just shut down the program, but lesson learned I guess.

Re:still alive..... yes

[karnal]

Forgive me, I'm having a little trouble following you -- were the e-mails explicitly from your box? i.e. you had a mail forwarder running, wide open to the world? Or were they somehow sending e-mail through "triangle boy"?

I'm gonna go read the white paper now....

Re:still alive..... yes

[flimflam]

I think the email said that there was an open proxy at his ip address (which I guess there was).

Re:still alive..... yes

[amithv]

i had an open triangle boy proxy..... yes. I never knew where I was going to be and when I needed to use it. I didn't advertise it to anyone though.

However, I never had an open SMTP server running. The SPAM e-mail was sent by someone in Taiwan to other people who used my ISP. . When those people reported the e-mail to the ISP as SPAM, my ISP ran it through SpamCop and found out that my IP was listed in the text of the e-mail.

The stupid tech person didn't realize that the e-mail didn't come from my machine. All she saw was my IP address and assumed that I was advertising server storage or something. She told me that the mail came from my machine, but later confirmed that my SMTP server was not an open relay. The simplified Chinese showed up as junk and she was confused by the whole thing

There is some other way to detect Triangle Boy running. I specifically said *not* to list my machine in the directory of servers running triangle boy. And this happend well over a month ago.

Oh well, I guess i'll have to go back to using a VPN or SSH tunneling.

Re:still alive..... yes

Anyone who is accepting traffic from your proxied server that is running a packet sniffer could easily find out your IP address. I imagine that if I ran this program long enough I could probably create my own directory of proxy servers including the servers not shown on the list.

Mind you I haven't read the white paper so I have no idea how the software decides which IP address to use as the proxy server.

Cheers,

Re:still alive..... yes

Hell you don't even need a packet sniffer. Just run netstat and set the parameters to have it update every few seconds and display all traffic. Pipe that crap to a file and see who's been accessing your machine lately.

Installing programs in /home/pinocchio/bin

[yerricde]

That windows let users install programs like triangle-boy without administrator privileges (or that administrators regularly give users administrator privileges).

The Microsoft Windows 2000 operating system allows unprivileged users to install programs that don't 1. write to the registry outside of HKEY_CURRENT_USER, or 2. write to the filesystem outside of /home (called "/Documents and Settings" in English versions). So do most UNIX systems.

Re:Installing programs in /home/pinocchio/bin

[libertarian]

>The Microsoft Windows 2000 operating system allows unprivileged users to install programs that don't 1. write to the registry outside of HKEY_CURRENT_USER, or 2. write to the filesystem outside of /home (called "/Documents and Settings" in English versions).

Only if the ACLs are set up poorly.

Re:Installing programs in /home/pinocchio/bin

[yerricde]

[Win2k allows unprivileged users to run EXEs from their home directories] Only if the ACLs are set up poorly.

Could you describe how to set up ACLs to prohibit EXEs in /Documents and Settings/ from running?

Stealth installers

[yerricde]

do not allow users to have sufficient priviledges to install software!

write your own scripts to call registry entries

Some programs' installers do NOT write to the registry and do NOT write outside of the user's home directory. How will the Windows operating system detect such an installation?

fire anyone using any software not explicitly authorised

So somebody who in the course of his or her employment happens upon a site with a Java applet (applets are programs) should be fired?

Re:Stealth installers

Trinux, anyone?
but you weren't installing systems with FLOPPY drives, were you. And those CDROMS, set them not bootable and password the bios? Physically lock the case so the CMOS can't be cleared? Just don't include a CDROM?

And that program that doesnt write to the registry or outside of [its own] directory -- I think I have that one.

Re:Stealth installers

[millette]

First of all, the point is about not allowing users to install software is a moot. You just you're pc to the network, and nobody can do anything about what sort of softwares you install.

If you don't want people to install software on a machine you control, well, control it. Make it impossible to execute software for your home dir or write to any other part of the hard disk, and you don't care if the program uses the registry.

Re:Filters are in danger... Oh no.

[dillon_rinker]

Paulina Porizkova

You're showing your age, bud. :)

the administrator doesn't even know the problem ex

[squarefish]

Is this a problem? I've never thought I'd read that free speach and access to it is a "problem". We live in a pretty fucked up time!

triangle boy

The only thing that can stop triangle boy is the mighty junior mint :0

Re:Filters are in danger... Oh no.

[orthogonal]

I was looking for alliteration. ;)

It's the Adlai Stevenson part that shows age.

Re:Filters are in danger... Oh no.

What university was this? Vatican City U? Pontiff Technical Institute?

Re:Uh oh.

[orthogonal]

Why is this post considered a troll? Just because it links to goatse?

Filtering from what?

[$criptah]

I have a big problem with filtering. Especially in public schools and universities. First of all, what do you want to filter? Porn? Hate sites? Please, give me a break. If somebody wants to find porn, they will find it anyway. My high school spend a lot of money on filtering software only to find out that I could simply look up a free proxy put the it in my preferences and browse what ever I wanted. With filtering software I found out that I could not do any reseach on the topics of breast cancer, sex education and related stuff. All because they had words like "sex", "breast" and "vagina" in them. I really think that our public schools and universities should not implement cheesy filtering systems that waste our taxpayer's money. Afterall, kids will learn about sex from different sources that are widely available. Just take a look at Cosmopolitan or Maxim these magazines can be seen at any grocery store and anybody who can read can pick it up and read an article on sex and orgasms.

Re:Filtering from what?

[danrees]

When I was at school we needed to use the proxy to be able to gain access to external networks, but I still managed to browse naughty websites by just using Altavista's Translator, and translating pages from Korean (or some other language) to English.

The translator couldn't find any Korean words, so the web page was just served in unspoilt English. :)

TIP: This works well on RM networks in the UK, if anyone is using one. :)

Re:Filtering from what?

I was just wondering, what incredible course of study you must be involved in, that it involves research papers on both breast cancer and sex education.

Everyone knows that filters will limit one's ability to search on such topics, but (mis)representing this as your own experience, just makes you look dumb. (Sorry).

And really, this limitation of filters is just theoretical. I mean, who out there can actually say that their school work has been adversely effected by a filter that won't let them search on "booby" (oops, I mean breast)? I guess if you didn't find info on the net, for whatever reason, you'd have to, I dunno, go to the paper and ink part of the library instead?!

Re:Filtering from what?

[$criptah]

I was just wondering, what incredible course of study you must be involved in, that it involves research papers on both breast cancer and sex education.

The paper was on Women's issues throughout the history of the United States. Nothing offensive. As for the rest of the comment... please read my .sig. Thanks,

Re:Filtering from what?

[billd]

Oh no, you said 'sex, breast, vagina'. Now I can't get at slashdot anymore......... aaaaarrgghhhhh

No Kidding

I was actually one of those HP employees who was fired for emailing pr0n. It seems that goombah bitch Carly Fiorina doesn't appreciate good goatsex pics like the rest of us. Not to mention all my naked RMS pics.

BITCH IF I EVER MEET YOU I WILL GAY BASH YOU, MOFO

See Subject.

I have respect and courtesy

Swearing doesn't make me any less respectful, or any more rude. Why should I be the one to change my standards, when you clearly do not intend to yourself?

By the way, it turns out that not only does Ozzy Ozbourne swear; the Royal Family do too. Does that make the British Royal Family rude and disrepectful?

Re:I have respect and courtesy

The royal family should be lynched.

Re:Yeah. Wow.

[dattaway]

Fucking does not deal with scatology. Shit is a potty mouthed word. But the word fuck can convey an unmistakable domineering attitude as that poster has illustrated. This often abused word is often used to describe arrogance to pinpoint a tyrannical view. Unfortunately, some cultures and religions especially feel there should be a subset of words that have offensive qualities in themselves. You are taught to feel repressed when you hear this word. George Carlin once described this and six other words in a famous amusing skit that got him in trouble with the FCC.

(craws back underneath bridge)

Before you think tboy is safe in US, read this:

http://www.der-keiler.de/Mailing-Lists/securityfoc us/security-basics/2001-11/0344.html

If your speech or desired access is offensive to the Chinese government only, you will be safe, but if it is offensive to the US, think again.

Making your own personal tboy

[sup4hleet]

Apache can do this all by itself, using mod_ssl and mod_proxy you can setup your own personal tboy-like service. Add basic autorization to it and you can even keep the scr1pt k1dd13 spammers out, something tboy won't do!

Re:Uh oh.

this is probably a case of an obvious mismoderation. goatse links won't get much replies anymore so it cannot be a troll. how about redundant?

That old Double standard

[thales]

Spam and Filters.

When the subject is Spam, I see lots of people insisting that they have the right to control what is on their computers. (True)

When the subject changes to filters, suddenly the people who own the computer suddenly lose the right to control the content? The Company you work or or the school that you attend owns that computer that they installed the internet filtering software on, and they have as much right to "censor" internet access on their computer as you have to "censor" email from spammers on your computer.

I'll admit that the commerical filtering software is garbage that often blocks the wrong sites and allows access to some sites that they should have picked up, but that dosen't change the fact that the owners of the computers have the right to install the software.

Don't like the poor software availble? Then start developing an open source filtering software that works better and offer that as an alternitive to the junk that is currently used.

Want full unrestricted access? Use your computer instead of one that was provided to you to do a job or for educational access.

Re:That old Double standard

[bobhope]

suddenly the people who own the computer suddenly lose the right to control the content? The Company you work or or the school that you attend owns that computer that they installed the internet filtering software on, and they have as much right to "censor" internet access on their computer as you have to "censor" email from spammers on your computer.

The reason I have a right to complain when my school/library restricts my access to the internet is because although they own the computers, where do you think they got the money to pay for them?

I have no problem with an employer restricting access, they paid for everything.

Re:That old Double standard

[managementboy]

Might be true, if you don't count in that I pay taxes and therefore OWN the computer at my library (unless it is a Commercial Library or you don't pay taxes :-).
Strange, Webster thinks that libraries are: A considerable collection of books kept for use, and not as merchandise; as, a private library; a public library.
Fee Speach I think...

Re:That old Double standard

[thales]

"where do you think they got the money to pay for them?"

Certainly not from students, most of whom pay little or nothing in taxes, and who's fees are far less than the cost of their education. A large majority of the taxpayers support blocking access on the computers that they paid for.

Re:That old Double standard

[reflective+recursion]

Yes, I would _love_ to see you go down to your public library and walk away with _your_ computer. Paying taxes does not mean ownership in any way shape or form. This is a myth. What you _can_ do is vote on certain issues and get involved. Beyond that, you own that computer just as much as the air your breathe. You can play with it and use it, but it sure isn't _yours_. You can't go and destroy street signs, just because you paid taxes to have them placed there. Nor can you go and drive on the opposite side of the highway. That is a restriction just like filters are a restriction. Don't like it? Too bad. You didn't vote on the issue or get involved when the decision was made.

Re:That old Double standard

[belg4mit]

Mmmm statistics made up on the spot
to support one's own opinion, tasty.

Re:That old Double standard

[thales]

You paid part of the cost of that computer, along with a great many other taxpayers, the majority of whom agree with the filtering software. Why should your desire for unfiltered access take precedence over the desire of other taxpayers for filtered access?

Sorry if you want to have public properity, you have to get use to public control of that properity, and in a demoarcy that means accepting whatever restrictions the majority wishes to place on the properity they also paid for.

Now if there should be any "public" properity that some people are forced to contribute towards the purchase of even though it may used in a manner that they object to is another matter.

Re:That old Double standard

[thales]

Oh, I just hallucanated that big budget item for education in the State and Federal budget, and the overwhealming support for software filtering amnog the voters.

Sorry the taxpayers have no intrest in providing you with a source of porn.

Re:The Horrifying Stench Of Open Source Programmer

wtf?
many of us oss programmers like our natural odor. you see, it's you (and taco it seems.. sigh) who try to artificially hide it under some funny smelling liquids. this is mostly because of corporate brainwash. once you get used to it in 20 years or so you just cannot understand why those poor little bastards keep buying all that shit. free your mind - burn all clothes!

Re:Yeah. Wow.

[squaretorus]

Jesus! Sorry to have rattled your cage / bridge dude!

Some words are dirty! My mum told me so!

Ownership as the basis of political rights

[swb]

I guess the biggest objection some people will have is that when you make political rights dependent on ownership of property, a lot of people who don't own property lose their rights.

A lot of people say that mass ownership of property guarantees political rights, since the control of ownership limits the power base of the government or other property owners.

I think our world is turning in a scary world of property being concentrated into the hands of a few who tout the rights granted by their property ownership, which is really is an end run around the implied political rights of others.

Re:Ownership as the basis of political rights

[thales]

" I guess the biggest objection some people will have is that when you make political rights dependent on ownership of property, a lot of people who don't own property lose their rights."

Control of properity that you own is a political right.

"A lot of people say that mass ownership of property guarantees political rights, since the control of ownership limits the power base of the government or other property owners."

Yep, it proteted people in that bastion of civil rights, the Soviet Union.

"I think our world is turning in a scary world of property being concentrated into the hands of a few who tout the rights granted by their property ownership, which is really is an end run around the implied political rights of others."

There is no "right" to control other people's properity.

Re:Ownership as the basis of political rights

[swb]

Control of properity that you own is a political right.

But that's what the Soviets said. The theorists behind democracy reasoned that political rights *came* from ownership of private property; rights over something you own are absolute, they aren't given to you by someone else. If the people as a whole own all the land and means of production they are less subject to the tyranny of government.

Yep, it proteted people in that bastion of civil rights, the Soviet Union.

There was no private property in the Soviet Union, which is why there was no freedom.

There is no "right" to control other people's properity.

Which is why private property is the basis for freedom, according to classical Liberal political thought.

It gets scary when most of the private property is controlled by a small group of people who use the rhetoric of liberty and property to advance an agenda that denies rights like freedom of speech to non-property holders.

Re:Ownership as the basis of political rights

[thales]

30 years ago a lot of people were scared of the implications that computers had for personal freedom. At that time computers were very expensive, and allmost entirely owned by "a small group of people".

The micro computer opened ownership up to millions of people, and that ownership has vastly increased the value of freedom of speech. 30 years ago if you didn't own a TV station, a Radio station or a printing press, your chances of reaching a large audiance were close to nil. Ownership of computers has changed that so that I can reach a fairly large audiance with this post (Hi Folks!) something that I could not have done in 1972.

If restrictions had been placed on media outlets in 1972 to protect me from the few who owned them then, there is no reason to think that those same restrictions wouldn't have been applied to the micro computer when it was developed a few years later, which in the long run would have a negative effect on my freedom of speech.

We have reached the point that used computers capable of handling most people's computing needs can be bought for less than a TV. Budget dial-up internet access is under 10 bucks a month. There are damn few people in the industrilized world who can't afford a computer if they are willing to make a minor adjustment to their lifestyle.

Re:Ownership as the basis of political rights

and your point was ?
The fact that I could or do own a computer doesn't inherently give me more rights over a computer that _you_ own.
This thread is really into spurious logic..

1) The "rights" of which you speak are only guaranteed by a government at their whim. My right to "free speech" here is recognized as fundamental by the USA, but only implied by the government of which I am citizen, and not even recognized at all by more oppressive regimes.
(I had to preface with that.. It's important that people realize what the US thinks of as "self evident" some gov'ts don't even know exist).

2) The ownership of property isn't really the issue. Sure they own the computer and have "rights" concerning that object and it's use. But ownership of the means of censorship doesn't grant the right to censor.

However...
3) The "right" to free expression doesn't really govern your ability to access someone elses free speech. If the dissemination of my free speech doesn't reach you, I haven't hindered your rights. Nor have my own rights been infringed, since I have not been made unable to speak. Sure - it might be tragic and unjust that you can't hear my message, but that's just a shame, not a breach of the Bill of Rights.

The person who was arguing about political rights being related to property missed the point. Political rights based on property are only a basis of democratic freedoms if they don't become bound to the deprivation of freedoms. By granting you the inalienable right to use and dispose of your property you are granted freedoms. They are in addition to other rights guaranteed by your government. These other rights are not restricted to your ownership of property but are IN ADDITION.

Your "right" to speak is most certainly not dependent on owning a computer, or a newspaper, or a chunk of land. A pauper on a street corner has as much right to speak freely as the President of the United States.
It's just that the POTUS usually reaches a wider audience.
(And as I prefaced earlier - flavour to taste for your own nations government.. or your own view of "rights")

Overlooking Elementary Stupidity

Hmpf.

I can think of ten common business applications that /require/ the user to have administrator rights to be useable.

I am not even taking into account the untold piles of in-house applications (and other B-programmer work).

CIA sponsored software - prior to 9/11...

[Lawmeister]

The CIA had their fingers into this software prior to 9/11 - I wonder what logs they are looking at nowdays...:(

"Software that promises users anonymity on the Web has caught the eye of the U.S. Central Intelligence Agency's nonprofit venture capital company, In-Q-Tel, which says the technology can help the spy agency fulfill its mission."

From http://www.pcworld.com/news/article/0,aid,41462,00 .asp Feb 13, 2001.

If you are wondering what 'mission' they are referring to:

"Internet May Threaten National Security:

Wars of the future may be fought with viruses and hack attacks, not with guns and bombs, studies say. During the next 15 years, the U.S. will face a new breed of Internet-enabled terrorists, criminals, and nation/state adversaries that will launch attacks not with planes and tanks, but with computer viruses and logic bombs, according to two reports released last month."

That from http://www.pcworld.com/news/article/0,aid,37483,00 .asp. January 4, 2001.

Open source or not, I wouldn't choose to use this software...

Re:CIA sponsored software - prior to 9/11...

[Etcetera]

Well, this could VERY LEGITIMATELY be used to further their mission as well. For example, a US spy in China can report back to a website or perform some other "trigger action" like posting a code word to a public forum, without the Great (Fire)Wall of China knowing about it.

It can help dissidents in (insert country threating to blow us up here) maintain communication links.

And also.. this is OPEN SOURCE. If you're so paranoid about the CIA putting a back door in, check the source yourself!

(Frankly, putting a back door in would be a pretty stupid thing to do.. it could easily be found in an open source project -- and then who would trust the CIA again?)

((HA))

Re:CIA sponsored software - prior to 9/11...

[symbolic]

This is interesting...how will they prove something in court that would seem to have no audit trail?

Re:CIA sponsored software - prior to 9/11...

[ShaunC]

The CIA had their fingers into this software prior to 9/11 - I wonder what logs they are looking at nowdays...:(

I think you've got it backwards. To me that quote infers that the CIA is going to use anonymizing proxies, not monitor them, log them, or take them down... And indeed, the secondary headline for that article is: "Triangle Boy will let agents surf Web anonymously." The article goes on to mention that "the CIA will use the technology primarily to protect the anonymity of its own employees as they go about their jobs."

The only thing that bothers me is the idea that the CIA is just now learning about and considering open proxies :)

Shaun

Uni students and pr0n

Good grief. If there's any group of people in the world that don't consume pr0n, it's uni students at any co-educational university (which is pretty much all of them in the civilized world now). All those young horny students are going to bars and frat parties to hook up, not wanking on the net!

If anything, students are net PRODUCERS of pr0n. Perhaps your uni is trying to block all the OUTGOING "dorm sluts live!" feeds?

Re:Uni students and pr0n

frat parties to hook up, not wanking on the net

You don't know where the term "circle jerk" originates, do you?

Re:The Horrifying Stench Of Open Source Programmer

[Zabu]

It wouldn't hurt to be socially acceptable.

I know you prolly take pride in smelling like ass, but I work with 100 something college kids, all CS, EE, or math majors. They aren't exactly the clean bunch, but when your odor is offensive, for god sake... spare us your lack of embarrassment, it is fucking gross.
and brush your teeth, damn!

Re:the administrator doesn't even know the problem

[nurb432]

Free speech doesnt apply in the work place on company owned equipment / bandwidth.

On a side note, the quarantee is only that you are allowed free speech, not that somone must give you the means to speak beyond what your voice can do on its own. ( or for us to listen )

But again, that only in a PUBLIC arena..

Troll PR

[UncleGizmo]

...so 8e6 tested and found that 8e6 apps [two specifically named in the story] found Triangle Boy, when other filters didn't? Wow.

Nothing to see here folks, move along.

Oh no, the Censorship Police!

The second any responsible administrator attempts to put controls on their network we get cries of censorship.

Let's put things in perspective: About 80 years ago, the boarding school I work at STOPPED censoring SNAIL MAIL! The headmaster or headmistress prior to this, would censor handwritten mail for inappropriate content. This fact wasn't hidden from the students, it was written policy. It may sound totally horrifying today, but back then, it was standard practice at many girls' schools.

In my organization, there simply has to be a balance between free use, bandwidth, and site rights. While some many here are concerned about free speech and online rights, you have to consider special circumstances.

Free speech doesn't mean one of our 6th graders should be able to view pr0n or learn bombmaking skills - at least not with our stamp of approval. Legally and morally, for us NOT to filter is reprehensible and can make us liable. NOTE: This doesn't mean that we expect our filtering system to be perfect; but it's perfect enough for 99% of the student body here.

And last time I checked, underage children still can't buy a pack of cigarettes or pick up a pr0n magazine at the 7-11. Isn't that a reasonable control? Why is this any different than that?

how do you make /home non-exe?

[yerricde]

Make it impossible to execute software for your home dir

Is this straightforward under FreeBSD, GNU/Linux, or Microsoft Windows? If so, how does one go about it?

Re:how do you make /home non-exe?

[falzer]

In FreeBSD and Linux, I believe the users directory (say, /home) can be mounted with options that disallow execution of binaries. See the man pages for mounting options.

In windows, go to a directory's properties -> security -> permissions. Then for the user's group (or everyone, or whatever) change the type of access to special file access, uncheck 'execute (X)'. Something like that.

Yes it does,

[Archfeld]

as well as woefully out of touch, and fairly well inbred as well. They gotta stop sleeping with cousins there.

Terrorist

[Jagasian]

How long before those who use this are labelled "terrorist" in the new USA?

I suggest everyone chips in and runs a copy on a dedicated server with broadband internet access.

Internet Archive has copies of it

[speedfreak_5]

Just grabbed it. Go to this site and get it.

Triangle Boy and Chinese Firewall

Is Triangle Boy a proven method to breach the Chinese internet censorship? Are there other techniques that work aside from running a proxy computer in north american that allows me to access stuff like CNN.com while i am in China?

Re:Filters are in danger... Oh no.

[Moofie]

Dude, Paulina Porizkova was FINE. I still have happy memories... : )

Re:Yeah. Wow.

[Saeger]

Hello little boy.

Thought you'd like to know that I've added you to my shitlist. Why? Well, I don't get along with people who think that certain words should be left unspoken, and you even went so far as to suggest that you would suppress "potty mouths" even in the case of the parent post where it's used tastefully and correctly.

Fucking-A man... Grow up. (In this case, 'Fucking-A' is colorful but neutral, and "Grow up" is the actual insult.)

--

Triangle Boy Servers

[redgekko]

Odd that this seems to even be a signifigant issue, I've found and used several Triangle Boy servers "in the wild" in just the last few months while working on a 'project'. Admitedly, they're scarce, and the last working one I knew of is now dead, but then I haven't been looking anymore either. I'm sure there's dozens if not hundreds of Triangle Boy servers active.

On a side note for paranoid sysadmins: if you want to block Triangle Boy, just filter requests that look like:

http(s)://URL/_u(http://...):{query strings}
ie: https://10.0.0.42/_u(http://www.yahoo.com)

Any knowledgeable Chinese residents here ?

[parasite]

Thanks to some comment links I finally downloaded the tarball.

I hope someone in CHINA is knowledgeable about this and can tell me though... Since I'll be moving to China in about 30 days, what is the best way to smuggle this software into the country ?? Will customs likely search my laptop harddrive, or my CD-R labeled 'Metallica' that actually has TriangleBoy burned on it ?? Or is that dangerous ground, and I should instead have my friend e-mail it to my pop3 once I arrive ??

Furthermore, does the program still work good -- and since I don't want to install it now, lest I leave traces on my machine, do I need any special ips to actually get it up and running ? Anything that I can take with me, written down in a secret code language so I can get it up and running ? I'll go crazy if I spend a year in China and can't read www.capitalismmagazine.com or the like!

Thanks

Re:Yeah. Wow.

[squaretorus]

Fuck Me! Who took YOUR funny bone!

Re:Filters are in danger... Oh no.

[FuegoFuerte]

Did everybody on campus go to chapel together?

yes

Did they also have lights-out in the dorms at 11pm, after the "Dorm Mother" made sure that all members of the opposite sex had signed out and left?

no

Did they hold seminars explaining that "self-abuse" could lead to blindness and hairy palms?

no

Did they ban Elvis for swiveling his hips, and look askance at all the "groovy" kids who went to the campus rally for Adlai Stevenson's presidential campaign?

no

Policies like your uni's scare me a lot more than the thought that some geek might be pullin' his pud to pictures of Paulina Porizkova.

Interesting that you say that without knowing which university I attended (note the past tense) or what their policies were. Instead you are making wild assumptions. There are many, many universities which do heavy internet filtering of many different types of materials. That in itself bothers me a lot. However, people such as yourself who make such wild unfounded assumptions also bother me quite a lot. You may wish to work on that.

Uh, I don't think you can filter that

[splorf]

Remember that in https, the URL path (i.e. the part after the hostname) is sent through the SSL channel, i.e. it's encrypted by the browser. The firewall can't read it.

Re:Uh, I don't think you can filter that

Correct...I ran snort while using a TB "server" - No url seen to look for....