And yet a quick apt-get update/upgrade on my Debian Etch box reports absolutely nothing in need of an upgrade.
Shouldn't the Debian guys be the first to have this fix ready to go in their repository?
...oh, wait, this isn't Digg. Could've fooled me. Slashdot is now linking to a Youtube video that uses "Princess Penis" like it's a clever joke. (That's as far as I got before closing it.)
If you have multiple accounts in the computer, the installer won't scan/home for users, so you will have to add them manually... Not to claim that I am by any means an expert with this, but shouldn't it be using/etc/shadow instead of directories under/home anyway?
What if some piece of software captured your password and sent it home, and then somebody maliciously hijacked or wiped out your account? You'd really wish you had it all backed-up.
Really ironic in this case, when you think about it.
At least the admitted to something and pulled to product. Admitted to what?
He admitted that his software was harvesting private account information, but that's not any sort of commendable admission.
However, where there might not be imagination, there is common sense. Think about this: Why in the world would it be necessary to have the software phone home with the user's information if it could just dump it to a local log file?
If it turned out that the software was dumping the user's account information into a local text file, then the author's "oops forgot about that debug feature" excuse would have been believable. But to have it actively phone home with every user's account information? This clearly took more thought and effort to implement than simply outputting a text file. There's no reason he couldn't just use log files for debug purposes, because it's all-around quicker and easier from a programming point of view.
Other people will argue against you that the developer would have noticed the 1700+ emails in his inbox. I'll side with you by saying this: If he created a separate GMail account just for debugging purposes, then perhaps he would have checked it once or twice in the beginning and never checked back again, not realizing the stream of incoming messages. I'd be curious to know how many of them were marked as read when Dustin Brooks found his way in.
But yeah, ultimately, I'd say that all the signs lean very heavily toward active password harvesting.
And then maybe my cascading style sheets will finally be standards-compliant with W3C's test. Not that it was ever a big deal to me, but the thing fails only because of really strange CSS trickery I've have to use to make IE properly display a page that already looks perfect in Firefox, Opera, Safari, Konq... etc.
MS-DOS 8.0 anyone? Kinda more like MS-DOS NT since it's quite different from the true MS-DOS family... Which is actually a pretty cool idea. The kernel itself that drives any NT-based OS (particularly Win2k and XP) is admittedly quite stable. Without the graphical userland, I would imagine it to be relatively (emphasis there) secure from exploitation.
So in other words, I could commit some of my own code to a CVS repository, find some errors that I missed, fix them, commit it again, decide to add more comments, commit it again, find one more thing I probably could have done differently and then rewrite it, commit it again...
And I would be ranked highly as a great developer?
...you won't be able to say, "In space no one can hear your ringtone." Well that's a damn shame, considering how everyone uses that phrase all the time.
Slashdot Mirror
And yet a quick apt-get update/upgrade on my Debian Etch box reports absolutely nothing in need of an upgrade. Shouldn't the Debian guys be the first to have this fix ready to go in their repository?
OMG THIS IS SO BURIED
...oh, wait, this isn't Digg. Could've fooled me. Slashdot is now linking to a Youtube video that uses "Princess Penis" like it's a clever joke. (That's as far as I got before closing it.)
This is what we call "jumping the shark."
Stuff That Matters.
Anybody else twitch at the sight of that headline?
I believe the meat product sold in cans often is, too.
Google.
"Daily Caffeine Protects Rabbits' Brains"
Dunno about anyone else here, but I'm at least fairly certain that I'm not a rabbit...
Where?
What if some piece of software captured your password and sent it home, and then somebody maliciously hijacked or wiped out your account? You'd really wish you had it all backed-up.
Really ironic in this case, when you think about it.
He admitted that his software was harvesting private account information, but that's not any sort of commendable admission.
Yes, that is a great point you make.
However, where there might not be imagination, there is common sense. Think about this: Why in the world would it be necessary to have the software phone home with the user's information if it could just dump it to a local log file?
If it turned out that the software was dumping the user's account information into a local text file, then the author's "oops forgot about that debug feature" excuse would have been believable. But to have it actively phone home with every user's account information? This clearly took more thought and effort to implement than simply outputting a text file. There's no reason he couldn't just use log files for debug purposes, because it's all-around quicker and easier from a programming point of view.
Other people will argue against you that the developer would have noticed the 1700+ emails in his inbox. I'll side with you by saying this: If he created a separate GMail account just for debugging purposes, then perhaps he would have checked it once or twice in the beginning and never checked back again, not realizing the stream of incoming messages. I'd be curious to know how many of them were marked as read when Dustin Brooks found his way in.
But yeah, ultimately, I'd say that all the signs lean very heavily toward active password harvesting.
At first I read that as "Rings Discovered Around the Moon for the First Time."
...but can it run Linux?
* Runs away *
And then maybe my cascading style sheets will finally be standards-compliant with W3C's test. Not that it was ever a big deal to me, but the thing fails only because of really strange CSS trickery I've have to use to make IE properly display a page that already looks perfect in Firefox, Opera, Safari, Konq... etc.
* Warm toasted bread ejects from the NetBSD-powered penguin *
> [FreeBSD] would be a much more sensible solution. HOLY WAR!
* Knocks you upside the head with a giant plush Tux penguin *
* Runs away *
Web != Web Application
So if local coffee shops offer internet access with one of these, they can advertise that they have wireless G-spots!
So in other words, I could commit some of my own code to a CVS repository, find some errors that I missed, fix them, commit it again, decide to add more comments, commit it again, find one more thing I probably could have done differently and then rewrite it, commit it again...
And I would be ranked highly as a great developer?
Supports "the big four." And then some.
...you won't be able to say, "In space no one can hear your ringtone." Well that's a damn shame, considering how everyone uses that phrase all the time.