Quite simply that the task of optimising your threads or processes, however you want to make the distinction, is different for different OSes that handle them differently, and for different hardware that has different capabilities. Somehow I dont think this is news:) Thats why a good programmer is a good programmer. I can crank out bad c code all I want, a real artist faced with implementing the same algorithm would turn out something faster and probably smaller. That same skilled programmer would be better able to optimise the code for an OS or a hardware setup and would likely be able to incorporate those tweaks into the code base in a suitably encapsulated form that they'd properly compile if the capabilities they required were present. I'd get lost in that task after the first half dozen #ifdefs
This whole threads vs processes thing is REALLY getting old, since it all boils down to "I want to do it the way I'm used to and since I dont want to learn any alternatives they must all be bad." It doesnt matter a goats fart to me if Jack spawns processes or Jane creates threads so long as their code compiles on my server and gives me the performance I need without me having to mess with it too much. # human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
I dont agree with your opinion, and on one of your points in particular I have to speak out. You state "text-file based system administration has to go" but personally I'd rather have that than some kind of opaque registry. I dont mind if somebody builds a nice easy GUI interface to those files and I may even use it if it makes my life easier but once something breaks I want those files to be readable and FIXABLE with a text editor and the mark 1 eyeball - so that when the system is flailing around in agony and crashing about my ears I can get it into single user mode, grab a tool that I can count on to work even when everything else is pretty much broke and at least get my system to a point where it will boot normally. I'm sure you can come back to me and point out that simple command line tools could be built to do that with any file format but it misses one big advantage of plain old text - the humble comment. If all my config files are pretty much self-documenting (which they should be if I'm doing my job right!) then I can do things like
# yes I know it aint standard, but dont 'fix' this # it breaks xyz if you do!
and be a little more confident that I or a colleague wont forget that little wrinkle and step in the same gotcha later. # human firmware exploit # Word will insert into your optic buffer # without bounds checking
My initial point was that to be on the real bleeding edge you are going to need driver source. If you're on stable releases and not quite on that edge THEN you have the option of binary installs and those are as simple as the "update driver" button. If manufacturers were as quick to put out linux drivers for their hardware as they are for windows then guys with setups like yours would have that option too but at present you dont, not really.
I use linux both at home and at work and at work it doesnt have to be on the edge but it DOES have to work. I have this mental list of hardware that works or gives problems with which distros - For example the only distro that seems to have rpm drivers that work reliably with compaqs older proprietary net cards is redhat - so on a compaq machine I'll usually reach for my RH cds. Systems with no fancy hardware that just need to keep plugging and do one or two jobs well I usually install slackware, workstations where I want the bells and whistles, its back to redhat again. So far I've successfully installed or updated drivers from rpm for 3com, compaq and intel network cards, matrox, 3dfx, older ATIs and compaqs proprietary S3 video cards, Creative sound cards. This is on systems with whatever was the most recent stable kernel release at the time. On test machines or at home where I dont mind breaking it then I tend to use the latest kernel I can get my hands on provided only that its been developed far enough that it will actually compile:). On those machines forget packaged drivers, its either get the source or accept that you have to use the previous generation of peripherals. # human firmware exploit # Word will insert into your optic buffer # without bounds checking
In all my years of using Linux, I have yet to be able to install a driver off an RPM
I'd have to say you were unlucky - I use mainly 2 linux distros, RH & slackware - (and NO I do not think either is "better" than the other so all you distro evangelists dont bother to flame me;) ) If I want slackware drivers I usually build them from source, for RH I use RPMs if they are around. So far they have been in about 80% of the cases. I HAVE had problems with a few of them - usually the driver rpm has not kept step with others and fails the dependency checks. When this happens I can get away with jamming it in using --nodeps about half the time, the only places it is guaranteed to fail is where backwards compatibility breaks from one version of a lib to the other. Yes, these situations do exist but maybe I've just been lucky not to encounter them because I havent run into them that often. In fact I've run into similar problems with win* "driver updates" that broke more than they fixed just about as often so I suspect the playing field on this one is a little more level than it is perceived to be. # human firmware exploit # Word will insert into your optic buffer # without bounds checking
Ever hear of network.vbs? that ones sneaky but doesnt use buffer overflows or other sploits at all.. It just randomly scanns IP addys for windows machines with drive C shared and no password on it. When it finds one it installs itself.
If your firewall is getting hammered by UDP-netbios crap its a fair bet thats where its coming from. If you're a windows user just look for a file called NETWORK.VBS in your startup folder, in c:\windows\system and the root of drive C... if you got them, you got it and are portscanning other folks networks whenever you are online. # human firmware exploit # Word will insert into your optic buffer # without bounds checking
I saw it Friday night (I wasnt planning to, I just tagged along with some friends who happened to mention they were going) and was quite prepared to be disappointed. I was pleasantly surprised. Not particularly with the basic story, that was pretty predictable and I knew a lot of the significant points of it from my memory of the comic books anyway. Where I really was impressed was with the characters and the casting. They looked right! Even viewed in mufti rather than in uniform it was easily possible to recognise them - for Cyclops they picked a guy that looked like he was drawn, Storm was unmistakeable, You take one look at a still shot of Rogue, get told its an xmen movie and you knew who she was playing. Wolverine? Nuff said. Thats even leaving aside the perfect casting of Prof x and Magneto.
OK, thats the characters looking right now are they playing the right parts? Cyclops is an uptight arrogant asshole -Check! and whats more he isnt just opening fire on a whim but is constantly adjusting his visor, just like in the comics. Storm is portrayed as she was originally drawn - She was always the most vulnerable of the team in a straight fight until she lost her temper so her fight with toad was particularly well scripted - even down to the snippy one-liner she so often comes out with before she really cuts loose. Jean Grey was a little underused in the story but then she was truly developed as a character much later in the series anyway. Wolverine was properly portrayed as more than the supreme thug he's sometimes characterised as. Rogue was also shown as she truly was in her early days. Add in the cameos by "future" x-men at the school and you realise that this film was made by guys who read the comics.
All in all I went in there fully expecting it to suck as badly as the cartoon series did but it didnt. I heard many hardcore fans saying the same things as they walked out of the movie and the few I talked to tended to agree with me - overall I think this film got it right, but there wasnt enough of it. Just like we always ended up chafing as we waited for the next comic issue I fully expect fans to now be waiting for the sequel to this. # human firmware exploit # Word will insert into your optic buffer # without bounds checking
You are absolutely correct in saying that to install new drivers you have to do scary things.. This is not surprising bearing in mind where in the architecture these particular bricks go. This is true for windows as much as it is for linux, the difference being that windows is sufficiently monolithic that they dont need to offer anything but a binary download and an installer - frequently using the built-in progs for updating system components. That "update driver" button does the same scary things (apart from compiling it but I'll address that below) it just puts a pretty progress bar on it and a user-friendly face. If the average windows user knew what was happening under the hood of that driver update they'd probably be too scared to click the button.
But isnt what I just described just as applicable to the process of pulling down an rpm for a redhat box and installing it as it is to pulling down a zipfile, unpacking it and clicking an "update driver" button? I'm not doing the linux evangelist thing here, I use whatever OS will run the apps I need at the time, but this is one of the points made by the author in the article - you want that kind of convenience, it is a factor in which distro you pick. People putting out drivers for their hardware under linux usualy make rpms available, or debs or both as well as source - if you want bleeding edge latest stuff or if you have a so-called "hardcore" distro, or even a highly customised install of an "easier" one then the source is available and you can use it to build a version of the same driver that is optimised for your box. Downloading source and compiling it yourself is not a scary thing to make folks flee the OS, its a way to ensure that no matter how horribly tweaked your linux system is there is a way to get hold of something that will work on it. Its also something you mostly dont have to do unless you want to. Just look at what formats the drivers you want are available in first - just like making the choice of what OS to load based on the apps you want, pick your distro based on how you want to use it.
# human firmware exploit # Word will insert into your optic buffer # without bounds checking
I'm going to keep this as short as possible because I'm not interested in debating the relative merits of one set of ethics over another...
First point: Animated violence is no big deal, you only have problems with it if you cant teach your kids the difference between that and the real thing - and if you want then by all means forbid the purchase or rental of this game in your household. Its your job to do what you have to in order to raise your kids, you cant expect the government to babysit 'em for you.
Second point: Cruelty to animals sucks, no argument, but I'll still eat 'em. Binocular vision? Omnivorous dentition? yep, this is a meat-eating species. Yes, treat 'em as well as you can whilst they are alive but once they are meat, they are food.
# human firmware exploit # Word will insert into your optic buffer # without bounds checking
First, I do not currently work at an ISP, but I have done. I also have administered arrangements for remote access at educational estabishments, thereby effectively being an ISP for the students and staff. This was a VERY thorny question for us in all those cases. We recorded who connected when, with what IP, and who accessed the services we provided, again recording the source IP. Those logs were kept for a few months. Logs of suspected probes were kept for a few weeks, overt attacks for longer. That was it. With this info we were able to pin down the account associated with any abuse reports and spot a few compromised user accounts (usually because somebody used the same password for everything and it got cracked somewhere else) by seeing the same user pop up twice from different locations at the same time.
The logs we kept on OURSELVES though were much more thorough. Anything one of our machines did was watched somewhere and whilst most of those logs were short-term and verbose enough to require scripted assistance to scan in any meaningful manner we made damn sure that we looked into everything that poked up above the background noise level there.
Privacy was important too - in all cases it was clearly understood that discussing logged info with anyone outside the admin team apart from the customer who owned a suspect account was cause for getting fired immediately. To even discuss it with the customer required written authorisation. If anyone else wanted the info it had to go through the head of the admin team. Marketing folks, the billing dept, top level management (by their own request) or support staff did not have access to that raw data and it would only be turned over to anyone outside the company with a court order.
Other guys at the company sometimes accused us (the admin team) of being anal about it and I guess we were, but the complaints sure dried up when the policy saved us from getting our ass sued.
# human firmware exploit # Word will insert into your optic buffer # without bounds checking
Agreed, and I wasnt holding up one over the other, thats not my place since I'm a member of neither:) - it was simply that one religion lent itself to reactionary behaviour of one kind and the other to a different emphasis. In both cases it was not the faith that encouraged the reactionary behaviour but the politics associated with it. The reason I found it interesting was that whilst both cultures had their reactionary episodes, the results in each one were very different. # human firmware exploit # Word will insert into your optic buffer # without bounds checking
All the more reason to carry on and finish the restoration - Ancient greek science is something we have only dimly been able to view through the distorting lens of several translations preceding the earliest documents in our posession and through the well-intentioned manipulations of monastic editors.
There is abundant evidence that ancient greek society had a far greater understanding of many aspects of the world they lived in that the societies that followed them. Whilst crude by todays standards greek medicine was at a level that was not matched until long after the dark ages. Mathematics in ancient Greece was sufficiently advanced to be the realm of philosophical research and a fundamental tool in their analysis of their world - a level that was not matched in western societies until the time of Galileo.
In contrast the arabic world gladly absorbed all the knowledge the greek philosophers produced and combining it with their own insights went on to build upon it. Why do you think that most of the named stars have names derived from arabic languages?
So why the divergence in the way these societies researched and used their knowledge? The only answer I can come up with is the question of religion. I have to say in advance that I am only commenting on the political aspects of the dominant religions rather than the principles on which they are based - after all I cant expect you to respect my faith if I dont respect yours, right? The catholic church dominated western societies and strongly discouraged questioning the fundamental mechanisms by which the world operated, punishing those who attempted to interfere with "the natural order of things" very harshly. Islamic culture on the other hand whilst it had rigid frameworks of its own was not barred from this kind of investigation. This being the case it was inevitable, purely on political grounds, that the two cultures would collide and the social debris of that collision are still being cleaned up today.
Just as ever more powerful telescopes and particle accelerators are being used to more finely analyse the world we live in, documents such as this allow a closer look at the history of scientific thought and a greater understanding of the forces that shape us socially, along with the physically shaping forces that we are getting so good at describing. # human firmware exploit # Word will insert into your optic buffer # without bounds checking
Get root on my box and I find you? I am looking at a BUNCH if time looking for rootkits and backdoors regardless if you have installed them or not.
And thats only if you're not healthily net-paranoid... get root on my box and I find out then I'm not looking for anything but read-only install media and a fresh download of all patches from a trusted source.
# human firmware exploit # Word will insert into your optic buffer # without bounds checking
I understand your position but I do have a question.. When your sisters linux box was cracked the first time I presume you helped her make sure that it was operating a "default deny" type of access control - that the system wasnt running services she didnt need etc - did the cracker get in the second time by exploiting an unpatched hole in one of the services she did need or by a back door you'd missed in the first cleanup? If everything needed was patched to current and everything else was closed off then you were right to tell her to pull the plug - if not then perhaps it was the wrong advice and helping her fix the underlying problem would have been more appropriate.
Other than that I have to agree with you on every point.
# human firmware exploit # Word will insert into your optic buffer # without bounds checking
Many folks have dismissed the concerns about Quova with comments along the lines of "Its just some paranoid sysadmins getting in a knot..." but it isnt paranoia. The usual precursor to an attack on any system is a ping sweep or portscan of your subnet looking for places there might be sploits, therefore its usual for these probes to set off alarms and usual for sysadmins to block them and bitch about them whenever they catch 'em.
I'm not paranoid but I know that by the time a vulnerability is analysed and patched its usually been in the hands of a couple of script kiddies for a while so as well as keeping up to date with my patches I make damn sure that my network gives out as little info as possible - I may have patched my bind but it is still configured not to tell anyone its version, just in case. If somebody is walking down the street jiggling doorknobs to see if they are unlocked, peering over every garden fence and through any windows they can reach how long do you let them do it before calling the cops? So what do you do if there aint no cops? At the very least if you lived on that street you'd want a decent door lock, heavy curtains and you'd warn your neighbors when you saw a total stranger wandering down the road like that. In some parts of town those neighbors might well grab that stranger and try to convince him not to come back... # human firmware exploit # Word will insert into your optic buffer # without bounds checking
Because it works and I cant be bothered rebooting my workstation every time I need a program that I dont have for any platform but win* - Where good alternatives (with either converters available or file-compatibility) exist for linux I use those instead but wine fills up the gaps by letting me use the win* programs. It works the other way around too - if I have the main workstation booted into windows for any reason but I need access to a utility I only have under linux I'll telnet to the other linux box to do it rather than reboot it to switch OSes. After all, in windows it will crash soon enough without me going and telling it to reboot!;)
The better wine gets the closer I can get to my ideal of never having to boot windows at all (at least on my machine - I'll still have to support it, my family still has a couple of windows users in it) # human firmware exploit # Word will insert into your optic buffer # without bounds checking
Its interesting to see the way they approached these kinds of problems, all of which make sense when you look at the ways the two "parent" OSes differ. As far as I can see they took what appears to be an intelligent and practical approach to resolving them too. If they really manage to make it work its certainly going to attract users but whether it lives up to its obvious potetntial remains to be seen. There are compromises that have to made here that MacOS aint used to handling - the hoops they had to jump through to get backwards compatibility illustrates that very clearly. Lets just say that if somebody was to hand me one of those machines I'd not object to beating on it and finding out what it can really do, but I'm not paying for one until lots of other folks have tried it first:) # human firmware exploit # Word will insert into your optic buffer # without bounds checking
You dont try and understand the ants in your kitchen, you find out where they are coming from and block it up. Same for a script kiddie. Keeping them out is just a matter of awareness on the part of the sysadmins and not doing silly things like running services you dont need or failing to keep the ones you do need patched. Much like blocking up the cracks the ants are coming through.
On the other hand, if a real expert cracker wants to smoke my systems then I may as well kiss my digital ass goodbye because I know my limitations and I know theres many folks out there who can find holes in systems that I never even knew were technically possible. The difference is that the real experts are usually more mature than the script kiddies and need some kind of reason to hit a system - and as far as I know they have no such reason to hit mine, theres nothing there that they need.
Just IMHO but as far as I'm concerned the only time I'd bother even trying to catch a script kiddie is if they are doing DoS attacks.. that upgrades 'em from an ant to a roach and I'll go out of my way to squish 'em. Otherwise I just close 'em out and ignore 'em. # human firmware exploit # Word will insert into your optic buffer # without bounds checking
When it comes to communication, we still have not really moved beyond the concepts that were in full use back in the days of stone tablets, have we?
No, we havent.. and this is to be expected. The whole idea is to make it possible to interact with computers and give them meaningful instructions in as natural a manner as possible - the closer it is to ordinary human communication the more we can use the communication methods in which everyone is "trained" from birth. Apart from text and graphics - both of which are visual symbols that convey meaning - the only other method is audible communication and whilst a very restricted implementation of this is possible with todays technology we're a long way from a real natural-language speaker-neutral interface - when I can just open my mouth and yell "hey, [hostname-of-my-home-machine], I got chicken and lamb in the freezer but I'm out of onions, what decent curries can I cook with what I've got?" and have the machine do the searches, cross-check the results against the (thankfully short) list of ingredients that my wife is allergic to and answer with a list of options, sorted by the kind of stuff we've liked in the past (dont you just love this human fuzzy logic) then we will be able to depart from the purely graphical-symbolic interface model we have now. Until then we'll still be using the high-tech version of clay tablets. # human firmware exploit # Word will insert into your optic buffer # without bounds checking
Until 3D displays are commonplace, whether they use 3D HUD technology, much improved visor displays or the latest of Mad Zacks YetToBeInvented Gizmos, GUIs will be 2D. Until they are 3D the next generation of development wont take place. In the absence of true 3D display theres no point in developing mass-market 3D pointing devices. In the absence of either of those components then theres nowhere a mainstream GUI can go from its current state. Sad but true. # human firmware exploit # Word will insert into your optic buffer # without bounds checking
Big surprise.. NOT! Sitting a kid in front of the WWW isnt going to teach them anything any more than sitting them in front of daytime TV. As the article said, education is about teaching children to handle ideas and think creatively and coherently for themselves, not about feeding them data in the hope that they can someday connect it all into a body of knowledge. My kids access to the net is the same as access to the TV - restricted, monitored and controlled by mom & dad. If it has neither educational value nor acceptable standards of entertainment quality it doesnt get watched, whether its a TV program, a computer game or a www site.
Why is it such a shock to discover that pouring nothing but data into kids minds doesnt teach them to think about it? # human firmware exploit # Word will insert into your optic buffer # without bounds checking
Rather, I would use conventional (video, telephoto) or computer-based methods (sniffers, trojans) to get your password.
Thats exactly my point. Echelon, concealed cameras, net sniffers, wiretaps et al are not the problem - theres already so much info you have to make available in order to have a reasonqably functional lifestyle that in the face of a determined investigation the means used to gain the info are moot. As far as I'm concerned the issue is not what info can they get their hands on but what controls are in place to ensure that they only go looking for the info with a genuine need, and once they find it they validate it properly and use it responsibly. That is where my doubts and distrust lie. If I'm using crypto on the net I'm doing it to validate my own identity and protect my business and myself from gratuitous snooping by individuals or competitors and they dont have the kind of resources your common 3-letter agency does. Regarding Echelon particularly, if they cant play with that toy its no big deal, they have a whole box of others. I just want things to be set up so that mom makes 'em play nice:) # human firmware exploit # Word will insert into your optic buffer # without bounds checking
It is, as you have guessed an acronym - Fear Uncertainty and Doubt - the main tools certain organisations (yes, including M$ but by no means limited to them) use to put folks off considering alternatives to their approach. And, just so you know, its not restricted to positions I disagree with. I'm certainly not speaking for anyone on/. but myself but I'll bitch about FUD whether its rolled out in support of my opinions or against them. M$ make a good OS for the casual desktop user, I'll happily support their products on my network but just dont ask me to put them anywhere mission-critical without a lot of protest, in my experience they aint stable or clean enough for that yet. Maybe they will become so - I hope so because that means less time fixing their problems. Also dont ask me to agree with their corporate strategy either, I dont like it and therefore by association I dislike the company that follows it. # human firmware exploit # Word will insert into your optic buffer # without bounds checking
Yet another blatant attempt to twist things around.. Wonder if all the under the counter PACs that are now going to have to own up to their funding are just going to move into the corporate area.. "We are a grassroots campaign" == "They own us so we say what they want" why the hell would we want to give M$ more freedom to pick our pockets even if they do manage to (just for once) do it in an innovative manner? # human firmware exploit # Word will insert into your optic buffer # without bounds checking
We've had editorial consultants, PR executives, spin doctors and now sensemakers - Is there really anything new about selectively massaging data so that it appears as hard information?
We've also had many attempts by people learned in the "science" of "management" to define values for "data" "information" and "knowledge" whilst flailing around to even grasp the concepts involved. Personally I'm sick of this cult of the buzzword. When was the last time you heard a manager refer to common-sense concepts in plain english (or whatever other plain language - I only picked english because its the language I'm writing this in..)? # human firmware exploit # Word will insert into your optic buffer # without bounds checking
If Big Bro is watching me then I hope he's getting a cheap thrill. They are going to get a whole load of noise before they find any signal in my life. If I'm using such easily intercepted stuff as email for anything critical or secret (like, for example, details of a bid for a contract or anything like that) then of course its going to be GNUPGed with the highest key length my version can generate. In the absence of back doors in the algorithm (which is why I prefer open source - better coders than I have already looked at it in detail and if there were holes I'd have read about it on BUGTRAQ) then the data I'm protecting is not invulnerable but by the time anyone has managed to crack it I'd hope it would be obsolete. Somebody wants to wiretap me? Good luck hearing anything to make it worth your while. Of course, unless you're the government and able to make the laws fit whatever you want to do if you get caught you're in a world of hurt. I can live with that. Government agencies already have so many resources for finding out about people that the addition of things such as Echelon doesnt really make that much difference although it may improve their accuracy.
Dont know about you but I'd rather if folks were going to be looking over my shoulder they got it right rather than confusing me with somebody that has the same name that happens to be a serial goat-rapist believed to be hiding out somewhere in Montana. In all seriousness, with minimal info to start from any governmental agency can find out all they need about you. Provided there are controls in place to ensure the info is accurate and open to challenge it doesnt really matter how they get it, because they COULD find it out anyway, Echelon or not. Unfortunately with recent reports of the use of "secret evidence" by government agencies in the US it seems those controls are not in place... The problem is not Echelon or any other info-collecting tool, its what is done with the info afterwards. Do you trust 'em? I sure dont. # human firmware exploit # Word will insert into your optic buffer # without bounds checking
Slashdot Mirror
Quite simply that the task of optimising your threads or processes, however you want to make the distinction, is different for different OSes that handle them differently, and for different hardware that has different capabilities. Somehow I dont think this is news :) Thats why a good programmer is a good programmer. I can crank out bad c code all I want, a real artist faced with implementing the same algorithm would turn out something faster and probably smaller. That same skilled programmer would be better able to optimise the code for an OS or a hardware setup and would likely be able to incorporate those tweaks into the code base in a suitably encapsulated form that they'd properly compile if the capabilities they required were present. I'd get lost in that task after the first half dozen #ifdefs
This whole threads vs processes thing is REALLY getting old, since it all boils down to "I want to do it the way I'm used to and since I dont want to learn any alternatives they must all be bad." It doesnt matter a goats fart to me if Jack spawns processes or Jane creates threads so long as their code compiles on my server and gives me the performance I need without me having to mess with it too much.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
I dont agree with your opinion, and on one of your points in particular I have to speak out. You state "text-file based system administration has to go" but personally I'd rather have that than some kind of opaque registry. I dont mind if somebody builds a nice easy GUI interface to those files and I may even use it if it makes my life easier but once something breaks I want those files to be readable and FIXABLE with a text editor and the mark 1 eyeball - so that when the system is flailing around in agony and crashing about my ears I can get it into single user mode, grab a tool that I can count on to work even when everything else is pretty much broke and at least get my system to a point where it will boot normally. I'm sure you can come back to me and point out that simple command line tools could be built to do that with any file format but it misses one big advantage of plain old text - the humble comment. If all my config files are pretty much self-documenting (which they should be if I'm doing my job right!) then I can do things like
and be a little more confident that I or a colleague wont forget that little wrinkle and step in the same gotcha later.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
My initial point was that to be on the real bleeding edge you are going to need driver source. If you're on stable releases and not quite on that edge THEN you have the option of binary installs and those are as simple as the "update driver" button. If manufacturers were as quick to put out linux drivers for their hardware as they are for windows then guys with setups like yours would have that option too but at present you dont, not really.
I use linux both at home and at work and at work it doesnt have to be on the edge but it DOES have to work. I have this mental list of hardware that works or gives problems with which distros - For example the only distro that seems to have rpm drivers that work reliably with compaqs older proprietary net cards is redhat - so on a compaq machine I'll usually reach for my RH cds. Systems with no fancy hardware that just need to keep plugging and do one or two jobs well I usually install slackware, workstations where I want the bells and whistles, its back to redhat again. So far I've successfully installed or updated drivers from rpm for 3com, compaq and intel network cards, matrox, 3dfx, older ATIs and compaqs proprietary S3 video cards, Creative sound cards. This is on systems with whatever was the most recent stable kernel release at the time. On test machines or at home where I dont mind breaking it then I tend to use the latest kernel I can get my hands on provided only that its been developed far enough that it will actually compile :). On those machines forget packaged drivers, its either get the source or accept that you have to use the previous generation of peripherals.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
In all my years of using Linux, I have yet to be able to install a driver off an RPM
I'd have to say you were unlucky - I use mainly 2 linux distros, RH & slackware - (and NO I do not think either is "better" than the other so all you distro evangelists dont bother to flame me ;) ) If I want slackware drivers I usually build them from source, for RH I use RPMs if they are around. So far they have been in about 80% of the cases. I HAVE had problems with a few of them - usually the driver rpm has not kept step with others and fails the dependency checks. When this happens I can get away with jamming it in using --nodeps about half the time, the only places it is guaranteed to fail is where backwards compatibility breaks from one version of a lib to the other. Yes, these situations do exist but maybe I've just been lucky not to encounter them because I havent run into them that often. In fact I've run into similar problems with win* "driver updates" that broke more than they fixed just about as often so I suspect the playing field on this one is a little more level than it is perceived to be.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
Ever hear of network.vbs? that ones sneaky but doesnt use buffer overflows or other sploits at all.. It just randomly scanns IP addys for windows machines with drive C shared and no password on it. When it finds one it installs itself.
If your firewall is getting hammered by UDP-netbios crap its a fair bet thats where its coming from. If you're a windows user just look for a file called NETWORK.VBS in your startup folder, in c:\windows\system and the root of drive C... if you got them, you got it and are portscanning other folks networks whenever you are online.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
I saw it Friday night (I wasnt planning to, I just tagged along with some friends who happened to mention they were going) and was quite prepared to be disappointed. I was pleasantly surprised. Not particularly with the basic story, that was pretty predictable and I knew a lot of the significant points of it from my memory of the comic books anyway. Where I really was impressed was with the characters and the casting. They looked right! Even viewed in mufti rather than in uniform it was easily possible to recognise them - for Cyclops they picked a guy that looked like he was drawn, Storm was unmistakeable, You take one look at a still shot of Rogue, get told its an xmen movie and you knew who she was playing. Wolverine? Nuff said. Thats even leaving aside the perfect casting of Prof x and Magneto.
OK, thats the characters looking right now are they playing the right parts? Cyclops is an uptight arrogant asshole -Check! and whats more he isnt just opening fire on a whim but is constantly adjusting his visor, just like in the comics. Storm is portrayed as she was originally drawn - She was always the most vulnerable of the team in a straight fight until she lost her temper so her fight with toad was particularly well scripted - even down to the snippy one-liner she so often comes out with before she really cuts loose. Jean Grey was a little underused in the story but then she was truly developed as a character much later in the series anyway. Wolverine was properly portrayed as more than the supreme thug he's sometimes characterised as. Rogue was also shown as she truly was in her early days. Add in the cameos by "future" x-men at the school and you realise that this film was made by guys who read the comics.
All in all I went in there fully expecting it to suck as badly as the cartoon series did but it didnt. I heard many hardcore fans saying the same things as they walked out of the movie and the few I talked to tended to agree with me - overall I think this film got it right, but there wasnt enough of it. Just like we always ended up chafing as we waited for the next comic issue I fully expect fans to now be waiting for the sequel to this.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
You are absolutely correct in saying that to install new drivers you have to do scary things.. This is not surprising bearing in mind where in the architecture these particular bricks go. This is true for windows as much as it is for linux, the difference being that windows is sufficiently monolithic that they dont need to offer anything but a binary download and an installer - frequently using the built-in progs for updating system components. That "update driver" button does the same scary things (apart from compiling it but I'll address that below) it just puts a pretty progress bar on it and a user-friendly face. If the average windows user knew what was happening under the hood of that driver update they'd probably be too scared to click the button.
But isnt what I just described just as applicable to the process of pulling down an rpm for a redhat box and installing it as it is to pulling down a zipfile, unpacking it and clicking an "update driver" button? I'm not doing the linux evangelist thing here, I use whatever OS will run the apps I need at the time, but this is one of the points made by the author in the article - you want that kind of convenience, it is a factor in which distro you pick. People putting out drivers for their hardware under linux usualy make rpms available, or debs or both as well as source - if you want bleeding edge latest stuff or if you have a so-called "hardcore" distro, or even a highly customised install of an "easier" one then the source is available and you can use it to build a version of the same driver that is optimised for your box. Downloading source and compiling it yourself is not a scary thing to make folks flee the OS, its a way to ensure that no matter how horribly tweaked your linux system is there is a way to get hold of something that will work on it. Its also something you mostly dont have to do unless you want to. Just look at what formats the drivers you want are available in first - just like making the choice of what OS to load based on the apps you want, pick your distro based on how you want to use it.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
I'm going to keep this as short as possible because I'm not interested in debating the relative merits of one set of ethics over another...
First point: Animated violence is no big deal, you only have problems with it if you cant teach your kids the difference between that and the real thing - and if you want then by all means forbid the purchase or rental of this game in your household. Its your job to do what you have to in order to raise your kids, you cant expect the government to babysit 'em for you.
Second point: Cruelty to animals sucks, no argument, but I'll still eat 'em. Binocular vision? Omnivorous dentition? yep, this is a meat-eating species. Yes, treat 'em as well as you can whilst they are alive but once they are meat, they are food.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
First, I do not currently work at an ISP, but I have done. I also have administered arrangements for remote access at educational estabishments, thereby effectively being an ISP for the students and staff. This was a VERY thorny question for us in all those cases. We recorded who connected when, with what IP, and who accessed the services we provided, again recording the source IP. Those logs were kept for a few months. Logs of suspected probes were kept for a few weeks, overt attacks for longer. That was it. With this info we were able to pin down the account associated with any abuse reports and spot a few compromised user accounts (usually because somebody used the same password for everything and it got cracked somewhere else) by seeing the same user pop up twice from different locations at the same time.
The logs we kept on OURSELVES though were much more thorough. Anything one of our machines did was watched somewhere and whilst most of those logs were short-term and verbose enough to require scripted assistance to scan in any meaningful manner we made damn sure that we looked into everything that poked up above the background noise level there.
Privacy was important too - in all cases it was clearly understood that discussing logged info with anyone outside the admin team apart from the customer who owned a suspect account was cause for getting fired immediately. To even discuss it with the customer required written authorisation. If anyone else wanted the info it had to go through the head of the admin team. Marketing folks, the billing dept, top level management (by their own request) or support staff did not have access to that raw data and it would only be turned over to anyone outside the company with a court order.
Other guys at the company sometimes accused us (the admin team) of being anal about it and I guess we were, but the complaints sure dried up when the policy saved us from getting our ass sued.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
Agreed, and I wasnt holding up one over the other, thats not my place since I'm a member of neither :) - it was simply that one religion lent itself to reactionary behaviour of one kind and the other to a different emphasis. In both cases it was not the faith that encouraged the reactionary behaviour but the politics associated with it. The reason I found it interesting was that whilst both cultures had their reactionary episodes, the results in each one were very different.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
All the more reason to carry on and finish the restoration - Ancient greek science is something we have only dimly been able to view through the distorting lens of several translations preceding the earliest documents in our posession and through the well-intentioned manipulations of monastic editors.
There is abundant evidence that ancient greek society had a far greater understanding of many aspects of the world they lived in that the societies that followed them. Whilst crude by todays standards greek medicine was at a level that was not matched until long after the dark ages. Mathematics in ancient Greece was sufficiently advanced to be the realm of philosophical research and a fundamental tool in their analysis of their world - a level that was not matched in western societies until the time of Galileo.
In contrast the arabic world gladly absorbed all the knowledge the greek philosophers produced and combining it with their own insights went on to build upon it. Why do you think that most of the named stars have names derived from arabic languages?
So why the divergence in the way these societies researched and used their knowledge? The only answer I can come up with is the question of religion. I have to say in advance that I am only commenting on the political aspects of the dominant religions rather than the principles on which they are based - after all I cant expect you to respect my faith if I dont respect yours, right? The catholic church dominated western societies and strongly discouraged questioning the fundamental mechanisms by which the world operated, punishing those who attempted to interfere with "the natural order of things" very harshly. Islamic culture on the other hand whilst it had rigid frameworks of its own was not barred from this kind of investigation. This being the case it was inevitable, purely on political grounds, that the two cultures would collide and the social debris of that collision are still being cleaned up today.
Just as ever more powerful telescopes and particle accelerators are being used to more finely analyse the world we live in, documents such as this allow a closer look at the history of scientific thought and a greater understanding of the forces that shape us socially, along with the physically shaping forces that we are getting so good at describing.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
Get root on my box and I find you? I am looking at a BUNCH if time looking for rootkits and backdoors regardless if you have installed them or not.
And thats only if you're not healthily net-paranoid... get root on my box and I find out then I'm not looking for anything but read-only install media and a fresh download of all patches from a trusted source.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
I understand your position but I do have a question.. When your sisters linux box was cracked the first time I presume you helped her make sure that it was operating a "default deny" type of access control - that the system wasnt running services she didnt need etc - did the cracker get in the second time by exploiting an unpatched hole in one of the services she did need or by a back door you'd missed in the first cleanup? If everything needed was patched to current and everything else was closed off then you were right to tell her to pull the plug - if not then perhaps it was the wrong advice and helping her fix the underlying problem would have been more appropriate.
Other than that I have to agree with you on every point.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
Many folks have dismissed the concerns about Quova with comments along the lines of "Its just some paranoid sysadmins getting in a knot..." but it isnt paranoia. The usual precursor to an attack on any system is a ping sweep or portscan of your subnet looking for places there might be sploits, therefore its usual for these probes to set off alarms and usual for sysadmins to block them and bitch about them whenever they catch 'em.
I'm not paranoid but I know that by the time a vulnerability is analysed and patched its usually been in the hands of a couple of script kiddies for a while so as well as keeping up to date with my patches I make damn sure that my network gives out as little info as possible - I may have patched my bind but it is still configured not to tell anyone its version, just in case. If somebody is walking down the street jiggling doorknobs to see if they are unlocked, peering over every garden fence and through any windows they can reach how long do you let them do it before calling the cops? So what do you do if there aint no cops? At the very least if you lived on that street you'd want a decent door lock, heavy curtains and you'd warn your neighbors when you saw a total stranger wandering down the road like that. In some parts of town those neighbors might well grab that stranger and try to convince him not to come back...
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
Because it works and I cant be bothered rebooting my workstation every time I need a program that I dont have for any platform but win* - Where good alternatives (with either converters available or file-compatibility) exist for linux I use those instead but wine fills up the gaps by letting me use the win* programs. It works the other way around too - if I have the main workstation booted into windows for any reason but I need access to a utility I only have under linux I'll telnet to the other linux box to do it rather than reboot it to switch OSes. After all, in windows it will crash soon enough without me going and telling it to reboot! ;)
The better wine gets the closer I can get to my ideal of never having to boot windows at all (at least on my machine - I'll still have to support it, my family still has a couple of windows users in it)
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
Its interesting to see the way they approached these kinds of problems, all of which make sense when you look at the ways the two "parent" OSes differ. As far as I can see they took what appears to be an intelligent and practical approach to resolving them too. If they really manage to make it work its certainly going to attract users but whether it lives up to its obvious potetntial remains to be seen. There are compromises that have to made here that MacOS aint used to handling - the hoops they had to jump through to get backwards compatibility illustrates that very clearly. Lets just say that if somebody was to hand me one of those machines I'd not object to beating on it and finding out what it can really do, but I'm not paying for one until lots of other folks have tried it first :)
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
You dont try and understand the ants in your kitchen, you find out where they are coming from and block it up. Same for a script kiddie. Keeping them out is just a matter of awareness on the part of the sysadmins and not doing silly things like running services you dont need or failing to keep the ones you do need patched. Much like blocking up the cracks the ants are coming through.
On the other hand, if a real expert cracker wants to smoke my systems then I may as well kiss my digital ass goodbye because I know my limitations and I know theres many folks out there who can find holes in systems that I never even knew were technically possible. The difference is that the real experts are usually more mature than the script kiddies and need some kind of reason to hit a system - and as far as I know they have no such reason to hit mine, theres nothing there that they need.
Just IMHO but as far as I'm concerned the only time I'd bother even trying to catch a script kiddie is if they are doing DoS attacks.. that upgrades 'em from an ant to a roach and I'll go out of my way to squish 'em. Otherwise I just close 'em out and ignore 'em.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
When it comes to communication, we still have not really moved beyond the concepts that were in full use back in the days of stone tablets, have we?
No, we havent.. and this is to be expected. The whole idea is to make it possible to interact with computers and give them meaningful instructions in as natural a manner as possible - the closer it is to ordinary human communication the more we can use the communication methods in which everyone is "trained" from birth. Apart from text and graphics - both of which are visual symbols that convey meaning - the only other method is audible communication and whilst a very restricted implementation of this is possible with todays technology we're a long way from a real natural-language speaker-neutral interface - when I can just open my mouth and yell "hey, [hostname-of-my-home-machine], I got chicken and lamb in the freezer but I'm out of onions, what decent curries can I cook with what I've got?" and have the machine do the searches, cross-check the results against the (thankfully short) list of ingredients that my wife is allergic to and answer with a list of options, sorted by the kind of stuff we've liked in the past (dont you just love this human fuzzy logic) then we will be able to depart from the purely graphical-symbolic interface model we have now. Until then we'll still be using the high-tech version of clay tablets.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
Until 3D displays are commonplace, whether they use 3D HUD technology, much improved visor displays or the latest of Mad Zacks YetToBeInvented Gizmos, GUIs will be 2D. Until they are 3D the next generation of development wont take place. In the absence of true 3D display theres no point in developing mass-market 3D pointing devices. In the absence of either of those components then theres nowhere a mainstream GUI can go from its current state. Sad but true.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
Big surprise.. NOT! Sitting a kid in front of the WWW isnt going to teach them anything any more than sitting them in front of daytime TV. As the article said, education is about teaching children to handle ideas and think creatively and coherently for themselves, not about feeding them data in the hope that they can someday connect it all into a body of knowledge. My kids access to the net is the same as access to the TV - restricted, monitored and controlled by mom & dad. If it has neither educational value nor acceptable standards of entertainment quality it doesnt get watched, whether its a TV program, a computer game or a www site.
Why is it such a shock to discover that pouring nothing but data into kids minds doesnt teach them to think about it?
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
Rather, I would use conventional (video, telephoto) or computer-based methods (sniffers, trojans) to get your password.
Thats exactly my point. Echelon, concealed cameras, net sniffers, wiretaps et al are not the problem - theres already so much info you have to make available in order to have a reasonqably functional lifestyle that in the face of a determined investigation the means used to gain the info are moot. As far as I'm concerned the issue is not what info can they get their hands on but what controls are in place to ensure that they only go looking for the info with a genuine need, and once they find it they validate it properly and use it responsibly. That is where my doubts and distrust lie. If I'm using crypto on the net I'm doing it to validate my own identity and protect my business and myself from gratuitous snooping by individuals or competitors and they dont have the kind of resources your common 3-letter agency does. Regarding Echelon particularly, if they cant play with that toy its no big deal, they have a whole box of others. I just want things to be set up so that mom makes 'em play nice :)
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
It is, as you have guessed an acronym - Fear Uncertainty and Doubt - the main tools certain organisations (yes, including M$ but by no means limited to them) use to put folks off considering alternatives to their approach. And, just so you know, its not restricted to positions I disagree with. I'm certainly not speaking for anyone on /. but myself but I'll bitch about FUD whether its rolled out in support of my opinions or against them. M$ make a good OS for the casual desktop user, I'll happily support their products on my network but just dont ask me to put them anywhere mission-critical without a lot of protest, in my experience they aint stable or clean enough for that yet. Maybe they will become so - I hope so because that means less time fixing their problems. Also dont ask me to agree with their corporate strategy either, I dont like it and therefore by association I dislike the company that follows it.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
Yet another blatant attempt to twist things around.. Wonder if all the under the counter PACs that are now going to have to own up to their funding are just going to move into the corporate area.. "We are a grassroots campaign" == "They own us so we say what they want" why the hell would we want to give M$ more freedom to pick our pockets even if they do manage to (just for once) do it in an innovative manner?
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
We've had editorial consultants, PR executives, spin doctors and now sensemakers - Is there really anything new about selectively massaging data so that it appears as hard information?
We've also had many attempts by people learned in the "science" of "management" to define values for "data" "information" and "knowledge" whilst flailing around to even grasp the concepts involved. Personally I'm sick of this cult of the buzzword. When was the last time you heard a manager refer to common-sense concepts in plain english (or whatever other plain language - I only picked english because its the language I'm writing this in..)?
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
If Big Bro is watching me then I hope he's getting a cheap thrill. They are going to get a whole load of noise before they find any signal in my life. If I'm using such easily intercepted stuff as email for anything critical or secret (like, for example, details of a bid for a contract or anything like that) then of course its going to be GNUPGed with the highest key length my version can generate. In the absence of back doors in the algorithm (which is why I prefer open source - better coders than I have already looked at it in detail and if there were holes I'd have read about it on BUGTRAQ) then the data I'm protecting is not invulnerable but by the time anyone has managed to crack it I'd hope it would be obsolete. Somebody wants to wiretap me? Good luck hearing anything to make it worth your while. Of course, unless you're the government and able to make the laws fit whatever you want to do if you get caught you're in a world of hurt. I can live with that. Government agencies already have so many resources for finding out about people that the addition of things such as Echelon doesnt really make that much difference although it may improve their accuracy.
Dont know about you but I'd rather if folks were going to be looking over my shoulder they got it right rather than confusing me with somebody that has the same name that happens to be a serial goat-rapist believed to be hiding out somewhere in Montana. In all seriousness, with minimal info to start from any governmental agency can find out all they need about you. Provided there are controls in place to ensure the info is accurate and open to challenge it doesnt really matter how they get it, because they COULD find it out anyway, Echelon or not. Unfortunately with recent reports of the use of "secret evidence" by government agencies in the US it seems those controls are not in place... The problem is not Echelon or any other info-collecting tool, its what is done with the info afterwards. Do you trust 'em? I sure dont.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking