Slashdot Mirror
Nmap Author Receives FBI Subpoenas
spafbnerf writes "Fyodor, author of the open-source network scanning tool Nmap, posted a story to the nmap-hackers list about having received a number of subpoenas from the FBI this year, demanding webserver log data, none of which produced anything, either because they sought old information that had already been deleted from his logs, or because the subpoenas were improperly served. In every case the request was narrowly crafted, usually directed at finding out who visited the site in a very short window of time, such as a five minute period. Fyodor writes: "If they see that an attacker ran the command "wget http://download.insecure.org/nmap/dist/nmap-3.77.t gz" from a compromised host, they assume that she might have obtained that URL by visiting the Nmap download page from her home computer"."
Update: 11/25 20:21 GMT by T :
Reader kv9 adds a link to Kevin Poulson's story at SecurityFocus.
That seems like a legitimate investigative technique. They're probably trying to match up different pieces of evidence to find the person behind things.
Up shit creek sans paddle.
first scan.
the text is here
t gz"
Dear Nmap hackers,
Let me first wish you Americans a happy Thanksgiving. Meanwhile, I'm
hard at work on a holiday Nmap version which should be available by
Christmas.
But enough pleasantries -- I want to discuss a sobering topic. With
increasing regularity this year, FBI agents from all over the country
have contacted me demanding webserver log data from Insecure.Org.
They don't give me reasons, but they generally seem to be
investigating a specific attacker who they think may have visited the
Nmap page at a certain time. If they see that an attacker ran the
command "wget http://download.insecure.org/nmap/dist/nmap-3.77.
from a compromised host, they assume that she might have obtained that
URL by visiting the Nmap download page from her home computer. So
far, I have never given them anything. In some cases, they asked too
late and data had already been purged through our data retention
policy. In other cases, they failed to serve the subpoena properly.
Sometimes they try asking without a subpoena and give up when I demand
one.
One can argue whether helping the FBI is good or bad. Remember that
they might be going after spammers, cyber-extortionists, DDOS kiddies,
etc. In this, I wish them the best. Nmap was designed to help
security -- the criminals and spammers put my work to shame! But the
desirability of helping the FBI is immaterial -- I may be forced by
law to comply with legal, properly served subpoenas. At the same
time, I'll try to fight anything too broad (like if they ask for
weblogs for a whole month). Protecting your privacy is important to
me, but Nmap users should be savvy enough to know that all of your
network activity leave traces. I'm not the only one who gets these
subpoenas -- large ISPs and webmail providers receive them daily.
Most other major security sites probably do too. Most of you probably
don't care if someone finds out that you downloaded Nmap, Nessus,
Hping2, John the Ripper, etc. Nothing on Insecure.Org is illegal.
But for those of you who do care, there are plenty of mechanisms
available to preserve your anonymity. Remember this security mantra:
defense in depth.
Cheers,
Fyodor
Even the Nmap Author seems to agree that it could help in the fight against these undesirable script kiddies, etc. However, I think it is great that this author has brought this to public attention, and will hopefully increase oversight of these cyber-investigations.
Of course, we do need law enforcement and this is a legitimate field to investigate so that we can have protected web commerce. With eyes on their activities, we can hopefully keep the Internet free and safe. Thoughts?
"There's no success like failure, and failure's no success at all."
- Bob Dylan
Are we talking about Trinity?
Well, I'm pretty sure that if a person downloaded nmap to a compromised host that person most likely visited the nmap website some time. The problem is that a lot of people visit that site, and it is nearly impossible to weed out the false positives from the person they are seeking. Furthermore, the FBI approach would only work if the person visisted the site recently, which might not be the case. It'd be impossible to figure it out if the person last visisted the namp website several months ago forexample.
Any sufficiently advanced technology is indistinguishable from magic.
I'm grateful that im not from the USA, so im not paying for this useless waste of money.. :)
They might have a chance for capturing them if they figure out who executed the command.. if youre experienced i this hacking buisness should have the address in their head anyway
Do you know that Google searches are subpoenable?
So Googling your victim, for example, before committing the crime is not very smart.
Unless of course you can randomly change your ip
in a pretty large range of course, heh heh.
If they used Tor, subpoenas wouldn't really have given any useful information away. Then again, it's so sloooow perhaps they'd still be downloading ;).
Let me first wish you Americans a happy Thanksgiving. Meanwhile, I'm hard at work on a holiday Nmap version which should be available by Christmas.
I suppose this new version will give a new meaning to the Xmas scan, no?
In soviet russia, You ask not what country do for you, but what you do for country!
Oh wait...
this reminds me of the script kid who will send a 30 mb/s ddos and then use his home desktop as a tool to see how badly the network is down by pinging it directly.
heh
No wonder he's reticent about providing information.
Fyodors are supposed to remain closed at all times.
(Sorry)
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
"assume that she might have"
wow, all hacker/crackers are girsl now. sweet.
Nathan Friedly
Just asking.
Hehe, that reminds me an old joke:
Why do open source hippies like nmap so much?
They love looking for gaping holes!
Seriously, that is the dumbest thing I ever heard.
Nmap is popular as hell - unless they already have a suspect, this isn't going to be useful for them, all it will do is give them a scapegoat 9 times out of 10 - lets say they do get Fyodor's webserver log - which I doubt he'll be keeping in the future, assuming he does now - all that would give them is the IP addresses of a few dozen nmap users - one or two of which may be script kiddies of some sort.
And if they can verify that a script kiddy A downloaded nmap in their window of interest, what are they going to do? Assume they're responsible for the wrong crime and charge him or her. It's stupid and its a witchhunt and it's a shot in the dark.
Of course, if the FBI has already got a suspect, they might be able to strengthen their case, but that's still pretty circumstantial evidence. Not exactly a smoking gun.
Just my $0.02US
Yeah. And Wot? :P
it's the taking apart that counts
I think journalistic language has shifted so instead of typing "he/she" they just type "she" nowadays. I noticed it in a couple of other computer magazines.
It's either lazy typists, new English standards, or some sort of feminist brainwashing.
I wish more webmasters put such letters on their websites. More people would get aware of that surfing the net leaves traces and all of us would have more clear picture of how many subpoenas are served to webmasters.
The FBI has tracked down a perpetrated hacker after a slip-of-tongue by Fyodor in a recent nmap-hackers list posting, relating a female hacker using wget command to get nmap. After searching the homes of the 3 females known by Fyodor, they have identified and captured the assailant.
If they see that an attacker ran the command "wget http://download.insecure.org/nmap/dist/nmap-3.77.t gz " from a compromised host, they assume that she might have obtained that URL by visiting the Nmap download page from her home computer".
Verses cut'n' past from a popular Geek website, perhaps?
"You cannot have a General Will unless you have shared experiences. You cannot be fair to people you don't know."
I assure you that I know at least six females, counting Mary Palm and her five sisters...
I'm not a script kiddie or a cracker, but I have done some interesting things out there. It sends chills up my back to think of the number of times I'd have been caught if a third party download site like this had had a five minute window opened in their logs. I'm impressed by the FBI's request, it's a technique that has a negligible chance of walking over someone's privacy (he even states that there were no results), yet has a good shot of working. I'm surprised that they didn't get anybody. But then again, the FBI aren't in the habit of tracking down small fry.
My first thought when I got that e-mail was that the feds wanted to know who was downloading Nmap pr0n.
Of course, I'm the one who wrote the script and shot the video, so it's only natural.
I think Fyodor is doing the right thing, and I think the feds are just using standard intimidation tactics... but then again, I've always been about state powers as opposed to federal powers. At least with state powers, you can always choose to move to a different state...
HaXXXor.com - Naked Chicks Teach You How To Ha
it's feminism at work. Too many feminists were pissed about journalists using "he" so much that more often they use "she". Enough do it that the feminists can no longer complain to the magazine as a whole about their magazine being sexist as the other articles balance out each other.
Two things are infinite: the universe and human stupidity, though I'm not yet sure about the universe. - A Einstein
Purely for paranoia's sake, the log-to file on my Apache is nul: (Windows system)
And you got a problem with women hackers?
It's time to ditch the male hacker stereotype surrounding computers.
I don't know why it's such a big thing on who hit the site at all. are you embarassed that you downloaded a security tool? is it wrong to download it?.. of course not. so who cares? asking for the main website's logs just gives you who downloaded what. but that doesn't account for the people that get nmap from say ... red hat?.. gentoo mirrors.. etc. are they going to ask for the world's web logs?
Won't visitors just use Google Cache???
I think this is purposeful, and, frankly, smart.
The assumption here is that the person the FBI is looking for is breaking the law, and is cracking boxes and other unsavory things.
Why do we assume that the person is a he?
It is possible that it's a she.
People seem to be more sympathetic to women, and so I'd think this would be a good way to combat the steriotype of male "hackers".
He allowed slashdot to burn his servers in return for giving the FBI a list of several hundred thousand who downloaded the file in a five minute period.
Vote for new mod!!! Score:-2,Imbecile
Anyone else find his (? Fyodor's) cringingly self-conscious use of "she" and "her" for an unknown hacker merely distracts from the story. There is now going to be more discussion of this point than the matter at issue.
In the English language, "he/his" is a neutral term in the context of an unknown person. If Fyodor were really fussy he could have used "they/their". It is not as if there were anything more than an extremely small likelyhood of the hacker being female, for various cultural reasons, nor as if malicious hacking is anything to be proud of.
Last time I heard the nonsense use of "she" in the context of an unknown malicious hacker was in some Microsoft security advice. That also caused much derision at the time, on the lines of : "So from now on guys, don't forget to lift the toilet seat".
Hmmm...
Perhaps they might catch the odd Script Kiddie (provided their "press button to h4X0r" tool doesn't download Nmap automatically, and if they do know that Nmap exists).
But on the large, they won't catch any serious hacker - first of all, they gonna run through anonymous proxies, secondly they already know the URL (probably in a txt file or something), and thirdly, if they use some kind of tool to help them, self-made or not, it will have a "get Nmap or similar" button.
All in all, nice try, no cigar though.
+++ MELON MELON MELON +++ Out of Cheese Error +++ redo from start +++
Personally I would like to encourage everyone, escpecially ISPs to not maintain logs. That way they can answer every subpeona as unable to comply. But that is just me.
In a language without a pronoun for a person of unknown gender, she is as good as he.
So because something was thought of by someone else means he can't impliment it?
I guess by the way you state things, all developer tools are crap because the ideas were thought of years ago.
Seriously now, he respects our privacy, the FBI does not. He is being a good guy.
Also, have any proof he has "milked" nmap and its only heard of because dumb people (so you think) use it? A lot of smart net admins use it against their servers, which is the point of it.
What... did Fyodor just call an assumed hacker a she ?! ;)
and how better to assure his post would be read and discussed? smart cookie, that fyodor.
I will bet you a bridge it's a he.
"They".
Reason why there is hope for the future generation #364:
"I wish my grass was emo so it could cut itself."
...who turned out to be a Slashdot troll pretending to be a woman.
What I'm listening to now on Pandora...
> all developer tools are crap because the ideas > were thought of years ago.
> A lot of smart net admins use it against their > servers, which is the point of it.
There are other tools that would work better for them. Nmap was made for backhats. Admins do not use 5% of the features.
-T Paranoid|Sneaky|Polite|Normal|Aggressive|Insane
-D
decoy_host1,decoy2[,...] Hide scan using many decoys
-O Use TCP/IP fingerprinting to guess remote operating system
-sF,-sX,-sN Stealth FIN, Xmas, or Null scan (experts only)
Sure, admins use those features all the time. sure. Fyodor, through his creation, just helps out attackers. This is the same theme of creating a working robust exploit and releasing it to the world. WTF did you think would happen?
No, smart admins use smaller, faster tools that don't break all the time. Nmap is a bloated pile of crap, and is frequently only partly functional on lots of platforms.
Well this is fun... I can search using google's IP... http://translate.google.com/translate?u=http%3A%2F %2Fwww.google.com&langpair=en%7Cen&hl=en&ie=UTF-8& oe=UTF-8&prev=%2Flanguage_tools
http://translate.google.com/translate?u=http%3A%2F %2Fwww.whatismyip.com&langpair=en%7Cen&hl=en&ie=UT F-8&oe=UTF-8&prev=%2Flanguage_tools
seem to be being fairly reasonable. Short extracts of of logs, apaprently realted to specific offences they are investigating. With a bit of luck they will catch a stupid script kiddie or two. There are plenty of examples of law enforcement agencies abusing there powers, I can not see why anyone thinks this is one of them.
The traditional "masculine includes the feminine" standard seems to be pretty well toast. People are experimenting with all the other ways to write about persons of unknown gender, and I think the one that will win out is to use "they"...which would get your knuckles whacked in English class in my day, but hey, I can get along with it.
Using the feminine all the time has its risks; if you wrote "We don't know who plundered the Fund to End World Hunger, but we're trying to identify her," you might have a spot of trouble.
"He/she" is cumbersome, and "(s)he" is just plain ugly.
rj
So, this girl that has been downloading... are there photos of her? Huh? Huh?
'Thats they exact same thing a banana wrench monkey.'
The security issues caused by wild wild web, have in my opinion justified the splitting of the net. The world of international commerce is going to need it. There is no reason why the current net cannot be used for entertainement and education. However the current combination of the world of commerce and cracking is a bad thing. It could lead to an international financial disaster the scale of which would make the 1930s look like a Church picnic. The work being done by real Open Source advocates certainly shows the import of net security, as the need for an educational net and a totally separate business net has become obvious.
I can search using an IP owned by google...
F %2Fwww.google.com&langpair=en%7Cen&hl=en&ie=UTF-8& oe=UTF-8&prev=%2Flanguage_toolsF %2Fwww.whatismyip.com&langpair=en%7Cen&hl=en&ie=UT F-8&oe=UTF-8&prev=%2Flanguage_toolsF %2Fwww.entersitehere.com&langpair=en%7Cen&hl=en&ie =UTF-8&oe=UTF-8&prev=%2Flanguage_tools
http://translate.google.com/translate?u=http%3A%2
http://translate.google.com/translate?u=http%3A%2
http://translate.google.com/translate?u=http%3A%2
There must be huge amount of traffic on the Internet - and I guess if the FBI (and ilk) can tie a download to within five minutes of a person downloading a file (albeit a few months later), then it 95% of traffic MUST be 'big brother' monitoring stations [Y'all hear me, FBI guys!!! -> STOP IT!]
I would have cooperated with the FBI. Most likely, the person they're going after has done something evil (I'd bet my money they're investigating a spammer..). ..
And who uses wget to download something from a website, anyway?
I am the maverick of Slashdot
made for backhats
Are those over by the asshats?
There are so many things wrong with this.
Can you challenge subpoenas?
Assume I was drunk when I posted this.
I had a friend bring his computer into the office one day, and to our surprise, when he booted it up, it connected to the network without incident. Only thing is, it wasn't OUR network. He has a wireless connection, and interestingly, someone in the area was running completely unprotected wireless access point. Seems like battening down the hatches is a very smart choice- if the IP belongs to your network, it's you the feds will be talking to.
Fyodor's black hat ways exposed in a diary written a while ago. This man is not to be trusted at all.
They're looking for these chicks!
Assume I was drunk when I posted this.
...that it wasn't a Patriot Act subpoena:
he could be prosecuted merely for revealing that he'd RECEIVED it, even AFTER it became defunct.
Welcome to John Ashcroft's post-Constitution USA.
(and why in God's name has he continued preserving logs, after having received even ONE approach from the government?!)
Some people here seem to think that they'd have to be snooping lots and lots of net traffic in order for this to be any good to them. Not so. If you strongly suspect that the perpetrator comes from some small set, like, say, employees of a certain corporation, students at a certain school, etc., then a 5-minute window of logs will likely show only one hit from that IP range. That, along with what they have that leads them to suspect that IP range in the first place could be enough to execute a warrant.
WARNING: there is a trojan on your
I wonder. Why can't they automate the subpoenas?
That way they'd have one ready and well-written in case of a hacker emergency.
Oh well.
If the "translated" site contains any pictures, your browser will download them directly from the server. Unless you're using lynx, or something.
/wideopenbackside.jpg"
The server logs will contain "2004-11-25 23:59 - 80.70.60.50 GET
...all 1337 h4x0rz are goth chicks in black, right? See, coz, if they're a chick, they must be waaaay 1337er than guys. Come on, it's in all the movies and comic books!
... have feelings too, the proper way to refer to something unknown is he/she/it, to be abbrevaiated as s/h/it! ;-)
Paul B.
I know the date of Thanksgivin Day!!! - 10^10 movies speaking about that freakin' day and no one informed me.
PS: I'm spanish
Your head a splode
"Perpetrated" means commited or carried out, as in "a crime was perpetrated by a hacker". A hacker can't be perpetrated.
You must be a smart admin then... perhaps you could enlighten us to these amazing tools of goodness (which should be significantly smaller than ~1.5mb source or ~500kb binary, or else they would be "bloated").
Beware he who would deny you access to information, for in his heart he dreams himself your master. -Anonymous
Perhaps you were not paying attention eariler this month. They showed lots of maps of the states on TV. They were all either red states or blue states. Kind of like pick your poison, But there were no green states. Just different types of evil.
I'm an American. I love this country and the freedoms that we used to have.
Please. I'm not sure that I would call it a "stereotype," even though it probably could be defined as one. It's a legitimate assumption based on experience. Let's face it: On average, as a whole, "hackers" and people knowledgeable about computers are male. I can count the number of females I know who realize that Windows != computers on one hand. This trend is apparent in other science and engineering fields, albiet to a lesser degree. Why is this? I can't really say, and that's beyond the scope of this article. I'm just saying that I don't think it's fair to say that someone is not thinking clearly and being influenced by stereotypes when they refer to an unknown hacker as male. He is probably saying that becuase all of the hackers he knows are male.
Sleep is futile.
I'm all for public access points but I do think that you should know what you're getting yourself into when you run a public AP. Most businesses especially should make sure they are covered.
A little off topic of the FBI but related to public APs.. Something I like to do is run a public AP that doesn't have access to the Internet. It just acts as something of a localized BBS system. Anyone within reach can message each other, trade files, participate in the forums, or check out the wiki. It's not hard to make it so that someone connecting will get you're entrace page anytime they try to connect to something other than your system. With a decent antenea you can reach a fairly large group of people in a crowded metro area. An interesting way to meet your neighbors.
At what price learning? At what cost wisdom? The price is a man's peace of mind, and the cost is his life.
Perhaps you don't understand the point behind nmap, but that is exactly why it was created. The idea was to provide a general purpose tool that gave intelligent admins the ability to scan and "attack" their own network with the exact same tools and techniques used by attackers. Nmap provides a centralized tool for all of these techniques that does not involve combing warez sites looking for each individual tool.
Out of all the options that you listed above, the only one I haven't personally used is the decoy scanning as I don't have a use for it. Combinations of the other settings are very useful for checking the setup of both network monitoring tools as well as verifying configurations very quickly across multiple servers or desktop systems. In addition, I have found nmap to be very useful in tracking down certain virus infections. When I know that a virus opens a specific port on a compromised box, I can do a network wide scan and quickly return all hosts that are potentially compromised (as we are talking student computers at a college, we are not directly responsible for the machines themselves).
True, nmap does put this same power in the hands of potentially malicious users, but given that they would have these same tools whether or not nmap existed, I much prefer being able to access them easily myself.
"His name is Robert Paulson... his name is Robert Paulson... his name is Robert Paulson..."
Not talking about Kevin, it's a movie quote which think is appropriate, it's from a movie about sticking it to the man!! Bonus points if you know the movie. AC, coz I'm scared of the Gestapo..
From the "One of the Slashdot Posts Worth Saving" Department:
* --All right, I'm only going to say this once: 'He' is the singular indefinite pronoun in English ("if a person drinks too much, he will likely experience a hangover"). 'He' also happens to be the masculine personal pronoun.
'She' is the singular pronoun of personification in English ("if England fails to advance America's foreign-policy ambitions, she will suffer terrible consequences"). 'She' also happens to be the feminine personal pronoun.
Confusing the two exhibits not a warm-and-fuzzy concern for the inclusion of women so much as a writer's or speaker's ignorance. Using the feminine personal pronoun as an indefinite article is as moronic as using the masculine personal pronoun for personification. Thus the captain greets us: "Welcome to my ship. Isn't he splendid?"
Give it up, people. It's not thoughtful; it's just illiterate. ®
Finally someone who says it like it is. Thank You.
If I had modpoints, you'd get them. Well written!
linguists don't define English. The people who speak/write it do. That's why e.g. doh is now a valid English word.
HAND.
I think it's just from looking at simple security/crypto convention. The two people who want to to "legit" things with their intarWeb are generally named Bob and Alice. Eve is usually the nasty interloper trying to foil all their plans. So... in crypto at least... your attacker is a chick named Eve.
Oh god, that woman is John Romero!
Mother, Sister, or Aunt?
not be saving our web logs. At least not the ones that keep track of visitors. They can't see what doesn't exist. But I wonder if they could force us to keep web logs?
FBI == Fucking Ballbusting Imbeciles
How many FBI agents do you know?
http://tinyurl.com/3t236
This is I think the perfect type of narrowly targeted investigative technique that I would support. The FBI KNOWS a crime has been committed, and is following and building an evidence trail.
The problem is, the FBI has squandered a lot of their social capital in the IT space by pulling all sorts of ugly students in trolling the net to harasss or intimidate folks or prosucte crimes that folks don't consider serious to merit such strong persuit.
Now, when they take an appropriate approach, folks are still skeptical.
'He' is the singular indefinite pronoun in English [...] 'He' also happens to be the masculine personal pronoun.
...", no one would blink.
You say that as if it just "happened". It's also not true; if you wrote "when a nurse comes, she will start by
'She' is the singular pronoun of personification in English
Ships are usually she. That doesn't mean it's the only pronoun of personification; if you wish to personify an object as male, it's entirely correct.
Confusing the two exhibits not a warm-and-fuzzy concern for the inclusion of women so much as a writer's or speaker's ignorance.
A speaker's ignorance for what, some grammarian's rigid idea of what English should be? It's clear, whatever English was a hundred years ago or even 20 years ago, that using she is appropriate in today's English.
This overbearing post about some rigid rules of someone's conception of what English's rules should be is worth trashing, not saving.
It wasn't me.
I guess we should all use www.anonymizer.com from now on, for everything, or just find a random proxy.
I guess if the FBI wanted they could just snipe me.
Why UNIX?
Fyodor writes: "If they see that an attacker ran the command "wget http://download.insecure.org/nmap/dist/nmap-3.77.t gz" from a compromised host, they assume that she might have obtained that URL by visiting the Nmap download page from her home computer"
How do they assume what time the attacker visited nmap's site in the first place? If i was a well grounded hacker i'd probably have visited nmap's site so many times i have the url memorized, only having visited nmap's site in the first place, years before.
and what's with accusing a 'she' to be the perporting hacker? If anything I think it was they.
What the OP wrote was valid - attempts to replace "he" with "she", "Man" with "Woman" is ridiculous. It is only slightly more palatable than the nauseating misspellings such as "womyn" and "hystory" or neologisms such as "personhole" instead of "manhole".
Overly PC changes to language are doing nothing more than causing obfuscation to a language where too many people have difficulty comprehending it adequately.
Though I only have English as an example of a language suffering from this onslaught of stupidity, I fear the "movement" will probably infect other languages around the world with abandon too. Disappointing, and unnecessary.
Why? What's wrong with a narrowly tailored subpoena in regards to a specific, discrete illegal act?
No, the question is "What's wrong with getting a valid subpoena *before* asking for the logs?" The issue is not the worthiness of the cause, but relying on general security paranoia and flag waving to bypass due process. Fyodor is right to demand a valid subpoena -- if the FBI is such a bumbling set of wankers as to not be able to come up with a subpoena, why trust them to accurately identify the suspect, or to not abuse the information they get?
When in doubt, have a man come through a door with a gun in his hand.
Yep.
And she's a beautiful, smart, off-beat, funny, insightful, anti-establishment, slashdot-posting hacker who's hopped up on herbal viagra and waiting for you!
Cheers
Stor
"Yeah well there's a lot of stuff that should be, but isn't"
While I accept what you've said (it at least *sounds* correct), can you please provide a link to a similary well-presented but more authoritative source than yourself posting on Slashdot? This isn't a challenge, but just a request for further information. Thanks.
By convention, Eve is a passive attacker, the active attacker is named Mallory, which is usually regarded as a male persona.
So I'm sorry, but that's not the reason Fyodor used "she."
I touch computers in naughty places
So, you have to always say "policeman" and never "policewoman" or "police officer" because doing so would be overly PC? What if you know it probable the person is female? Isn't this precisely the reason the example of nurse was she, as until recently nurses were virtually solely female? What if you have no way of telling the likelihood? Why can't the author of a work decide to use he or she as they will it? If they write a fictional work about the military, can it not include females or females being stronger than males?
The only real complaint I have about she use versus he use is that it's still somewhat unexpected, so there is a certain amount of expectation to its meaning. But, that can easily change if people are willing to use either for any profession, generic reference, or other. Or we can all just use he for everything that's a person, like the OP wrote. I guess I just don't understand why it's considered PC when people assume a generic pronoun is female vs male but for the reverse it's not.
> Give it up, people. It's not thoughtful; it's just illiterate. ®
Using male and female pronouns to generate a more gender neutral and life-like (sp?) text has quite a tradition specifically in system administration.
I'm quite amazed that this must be new and controversial to all those old-school hackers on slashdot...
k2r
For an example, one study (Briere & Lanktree, 1983) examined the reactions of students to two sentences: "The psychologist believes in the dignity and worth of the individual human being. He is committed to increasing man's understanding of himself and others" and "Psychologists believe in the dignity and worth of the individual human being. They are committed to increasing people's understanding of themselves and others." The subjects were asked to rate the attractiveness of psychology for the different genders; those who saw the first statement generally rated it as less attractive for women than those who read the second statement.
Bít, zabít, jen proto, ze su liska!
I realize that /. likes to keep the activity up for the advertisers, but I appreciate these serious posts and sift through the noise to find it.
NMAP has been an institution in the networking world and I'm comforted in Fyodor's position on the matter. I've worked with the FBI on several occaisions myself. I respect the work that is being done yet power must not go unchecked.
The poster who grabbed his statement and posted here, the moderators who ranked it high and quickly so I could find it, thank you.
Happy Thanksgiving,
american rugby networking guy
There is a long running debate between the prescriptivist, and the descriptivist. That whole "he is a faster runner than I" rule? Made up by some guy in an ivory tower, because that's how it's done in Latin, and that's how we should do it in English. Since then, the prescriptivist have been arguing that we should speak the way they want us to. We descriptivist have ignored them because they're not thoughtful, they're just arrogant.
You sir (I assume according to your rules) need to get out more often. I did graduate work at the University of Iowa which is renouned for their writing program. As a participant of this program, I can confidently say that the parent's post lacked a clear explanation of why said rule is true. Yes, the post had some grammar notions, however the grammar arguments were non-sequitor to the issue at hand, which is the he/she problem. Please comeback later with some concrete examples instead of busying slashdotters with your logical fallicies.
You get a C- for that comment. :P
Fuck what is attractive to women. Why do you pussy ass men give a damn?
Mallory? .... never seen that in any crypto books or papers I've read. Any online pubs you could point me to that use it? I'm not disputing it (I even mentioned in my post that I thought it was because of the whole "Eve" thing) I've just never seen it.
Oh god, that woman is John Romero!
So, re-serve the warrent.
All complaining about improper service does is buy you some time.
I'm all for overthrowing rigid grammars, as long as there is a valid reason to do it. As it is now, the reason is apparently political correctness, which is the dumbest reason for anything in the world.
Is the University of Iowa renowned for its spelling program?
:P
You get a D for that comment.
Or we could call ourselves I/We/Gaia and have done with all this distrust and computer nonsense.
This is an Asimov reference from reading he/she/it.
Do not meddle in the affairs of geeks for they are subtle and quick to anger
Women should merely be slaves for their husbands, they shouldn't be screwing up the world as they are now.
This is what I believe.
--MikeeUSA--
As it is now, the reason is apparently political correctness, which is the dumbest reason for anything in the world.
Calling something "Political correctness" is just a way to say that you think the change is stupid. To dismiss something for political correctness is circular reasoning; it's politically correct because it's stupid, it's stupid because it's politically correct.
Use of the male pronoun frequently colors the perception of people as to the possible gender. Switching between male and female is not really a change; as I pointed out, people will frequently use the female pronouns if most of the people in that position are female. To almost exclusively use the male pronoun encourages people to think exclusively in terms of females. At worst, using the female pronoun is equally correct.
An access point without Internet? Sounds exiting! Let us know when you get an actual user.
Life in Orange County
Quote from the jargon file:
In Bruce Schneier's definitive introductory text "Applied
Cryptography" (2nd ed., 1996, John Wiley & Sons, ISBN 0-471-11709-9)
he introduces a table of dramatis personae headed by Alice and Bob.
Others include Carol (a participant in three- and four-party
protocols), Dave (a participant in four-party protocols), Eve (an
eavesdropper), Mallory (a malicious active attacker), Trent (a
trusted arbitrator), Walter (a warden), Peggy (a prover) and Victor
(a verifier). These names for roles are either already standard or,
given the wide popularity of the book, may be expected to quickly
become so.
I love the Google ads that come up on this page: 'Subpoena Servers', 'Download Subpoena Forms', 'Process Server Directory'.
150 Opening BINARY mode data connection for slashdot.sig (129323052 bytes).
I'm not using political correctness as a euphemism for stupid, or for change being stupid. I do regard political correctness as stupid, but not all that is stupid is politically correct. You're making a straw man out of my argument.
"To almost exclusively use the male pronoun encourages people to think exclusively in terms of females" - I don't understand? I think you meant something else here.
There is no security breach! There is no data! The FBI has no ri... Who keeps ringing the door bell? What do you want? No you can't... Hey, get away from my comptuer! Stay away from the compu. Oww you're hurting my arm! Hey that really hurts! Oooowwww. heeeellllpp mmmeeeeee.
Do you suggest that the major contributing factor to the dearth of women in Computer Science and IT is the language which assumes a male subject? I find that hard to swallow, and I suspect others who feel the same way will be reluctant to change their language to pretend that people of either gender are equally likely to be knowledgeable about computers when a quick look around them will show that to be untrue.
I don't think that women are incapable of mastering computer technology or that they shouldn't, but changing around some pronouns is neither the first step or a very important one in getting more women into the field. The language reflects reality.
Sleep is futile.
I'm glad I read at troll +6. That's just funny =)
I don't believe that it is the major contributing factor; it's a small part of a pervailing attitude, and that attitude is what needs to be changed.
Bít, zabít, jen proto, ze su liska!
Yeah, right.
...
Umm, sorry."
If you give government power - and money is economic power - that power will be abused.
So don't give 'em any!
D/L from the box you've already cracked!
Is it renowned for its English program, since that would seem a lot more relevant to a specific grammar question? Part of writing (especially as an art form) grants a lot of leniency in these kinds of areas, so any citations of particular rules would be a pointless.
Given the popularity of nmap, wouldn't that still be a bit of a needle in a haystack? If the FBI had a 5-minute window, and knew that the attacker had connected to, say, /., in a certain 5-minute window, would getting a subpoena really have any effect besides information overload?
To fight the war on terror, stop being afraid.
in a fascist state.
.. like the CIA they feed of their own crooked, intertwined cops and robbers game.
The FBI would sooner torture you and let you rot in a cell for the rest of your life than spend one ounce of energy going after actual threats to society
It is a sick fact that open source computer code, messages like this one, and anything hinting at the 1st amendment is now "noted" and blacklisted by the vast networks of informants set up by the economic draft of our very own secret police.
Welcome to the U SS A.
SA Thigpen
http://sthigpen.freeshell.org
By chance I have used a system which makes me mostly untrackable by their idea. I usually don't go to a webpage to find Stuff I have previously downloaded but instead do a grep -i exodus /var/log/squid/access.log and then get something like
m v - DIRECT/194.105.226.148 text/plain
1099791026.435 1899 10.0.3.82 TCP_MISS/200 171397 GET http://eve.skjalfti.is/video/EXODUS_Trailer_v1a.w
And I am not even a hobbyist hacker, just someone too lazy to search through web-pages over and over again and with a little technological background.
"Life is short and in most cases it ends with death." Sir Sinclair
I've had actual users. It's a pretty nifty little service to offer. It has a nice community portal feel to it. I think it has a lot of potential for something like a matchmaking site. It is, of course, a lot more fun to get a hookup with someone that lives a block away than someone that lives dozens or hundreds of miles away. And it's a way to swap files with much less chance of having anyone bust you. Things like that make it good.
At what price learning? At what cost wisdom? The price is a man's peace of mind, and the cost is his life.
Think about it.
Hacker uses own browser to find url for nmap
does wget on compromised box to nmap.org
Hacker uses own browser to find url for tcpdump
does wget to download tcpdump
hacker does lookup of url to rootkit on packetstorm on their machine
hacker wgets rootkit from shell
Chances are that if there are matching ip addresses in all 3 logs to separate sites in a short span of time that that person is responsible. Not listing the parent pieces of the website to find the download link is another clue.....
Remember that you are unique, just like everybody else.
(s)he" is just plain ugly
Yeah, reminds me of lisp too.
I do regard political correctness as stupid, but not all that is stupid is politically correct.
"Political correctness" basically means "something pointless that you do for purely political reasons". The line between verbal "political correctness" and "politeness" is whether you think something is a good idea. If you call Ms. Ferraro a "stupid whore", are you being politically incorrect, or rude? What about if you call her "Mrs. Zaccaro" instead of "Ms. Ferraro"?
If something is politically correctness, it is obviously bad. Therefore, if people think something is good, then it's obvious they don't think it's political correctness, and saying it is doesn't forward the argument.
"To almost exclusively use the male pronoun encourages people to think exclusively in terms of females" - I don't understand? I think you meant something else here.
Of course, sorry. Switch the last word of that sentence.
But I've got a more direct argument that this isn't politically correctness. Politically correctness centers around forcing other people to conform to your rules. If I were arguing that you should use both she and he as generic pronouns, that might be politically correctness. But I'm not; I'm arguing that those of us who want to can use them as generic pronouns. That's not political correctness; that's freedom of choice.
Kevin Poulsen: The author of the popular freeware hacking tool Nmap warned users this week that FBI agents are increasingly seeking access to information from the server logs of his download site, insecure.org.
I'd like to know exactly when nmap was officially dubbed a "hack tool." It is merely a port scanner! Port scanning != hacking. One might argue the article is writen in laymans terms -- as most news is. However, I think in the case of nmap, a politically technilogically correct phrase would be "a tool commonly used by 'hackers.'" Negative conotations bother me.
No, the 'slip' by Fyodor indicated that the intruder was none other than a local slashdot troll.
but some of my friends got busted for smoking pot in their dorm... except they werent - they had smoked off campus hours before. anyway, the cops "smell" it from the hallway after being notified by an RA and then push open the door to the room to see 4 people passed out around a tv and a half empty forty. so now the cops are in the room to stay - half an hour later there's a warrant, and i was doing my best to advise my friends so i told them to read it to me. the cops close the door. so i shout for them to yell it; the cops say we're being too loud after midnight. so my friend calls me on the phone - and we see the warrant is dated for the NEXT day. blah blah, another warrant comes in, things get confiscated, papers are filled out and such.
end of the story? no charges were ever filed, not only due to the whole debacle of a post dated warrant, but also because they failed to knock and announce themselves before opening the door.
just know your rights and read the paperwork - dont let them drown you in it. and if youre too bored to, hire a lawyer
You're right, someone get me my lawyer, that bastard Shaggy took my lyrics.
Homer J. Simpson
Perhaps the English language requires a new term to represent a gender irrelevant person. After all, the language is shaped by usage. My suggestion is 's/he'. I generally use this as the meaning is clear without any political (i.e. feminist) agenda or alternate inference detracting from the substance of my statement.
Another version: He, She, or It becomes H/or/sh/it.
I am officially gone from
Most businesses especially should make sure they are covered.
What do you suggest? My theory.. The business may have been used as the ramp but they should not be liable. I can use a payphone anonymously and Verizon is not to blame. The act of putting a quarter in first changes nothing. It is not a crime to not have evidence. Unless there is a specific law that you shall provide a trackable indentifier to something, you should not be liable. You may exceed or violate a civel TOS agreement but nothing that will be considered a criminal charge/
This was modded *insightful* ?
Are you saying that the FBI should be banned from investigating any and all activities occurring on the internet ?
Or are you just a flaming idiot ?
Cheers.
*I almost typed "gives the right" but that is NOT how the Bill of Rights works
--Hooptie
"Heavens, it appears that my weewee has been stricken with rigor mortis!" -- Stewie Griffin
Maybe you can do this. However the law requires some record to be kept. Some places (stockbrokers) need to keep email for 7 years. Fail to keep the records, and they may not get you on the records, but typically not keeping records is a crime worse than what you hid. (if it was less everyone would destroy records and take the reduced sentence if caught)
Of course you would need a lawyer to figure out when you are allowed to delete what. I guess thats my point though: ask a lawyer what you should do.
...it WASN'T a PATRIOT Act subpoena, and you STILL got modded to +4 for the tired references to it and Ashcroft.
And he's resigned, for fuck's sake. Can we be on with it now?
Why does it need to change you piece of shit? Women can go to hell when they die, they are absolutly worthless as they come now, feminism and rights inside and all. Fuck them... no just spurn them and hate them.
Thanks
Oh god, that woman is John Romero!
Don't worry, the FBI has a backup.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
nmap is not a crack tool. It is a dual-use product useful to netadmins. While it can be used by crackers, its intended function is to investigate networks. Money can be used by terrorists to buy weapons, but I haven't seen anybody to say that money is a terrorist tool. Also, we should say "cracking" instead of "hacking".
not s/he. [s]he
"Reality is that which, when you stop believing in it, it doesn't go away." - Philip K. Dick
wget --user-agent="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" http://download.insecure.org/nmap/dist/nmap-3.75.t ar.bz2
Does that not solve the problem?
I'm ROTFL practically.
Too bad Acronym Finder won't carry it due to the profanity.
Time for the paranoid to secure their transmissions with encryption wherever legal to do so. Otherwise, consider using 'chaffing and winnowing' concived by Ron Rivest of the RSA encryption method.
Anyway, if the FBI and their ilk had their act together properly, 2001-09-11 probably would not have happened.
"They" is the singular indefinite pronoun in my dialect of English ("If a person drinks too much, they will likely experience a hangover"). "They" also happens to be the indefinite plural pronoun.
Shakespeare's, too.
Become a FSF associate member before the low #s are used
If I ever get spam with your description of "her" as the subject line, I am so going to buy in.