If someone already mentioned this, please excuse its duplication - What about Alan Turing's work? Turing laid down the theoretical foundation for most of modern computing, including the concept of an infinite 'tape' of binary-based random access memory. The Turing Test, a basic subjective test for verification for artificial intelligence, is still (at least one of) the defacto standards in the field.
If any of you haven't read it, I can recommend _Alan Turing: The Enigma_ by Andrew Hodges. Although it's a bit lengthy, it gives the reader a good idea of exactly how similar Turing's ideas were relative to modern implementations.
1. Is it true? Did L0pht Heavy Industries actually merge with @Stake?
YES. L0pht Heavy Industries was incorporated, had employees on the payroll, and sold software products and consulting services. In short, we were a real company and had been operating that way for a couple years. L0pht Heavy Industries legally merged with @Stake in the beginning of 2000 so we are all one company now. The new company will go by the name of @Stake.
2. Why did you do it? You seemed to have a perfect club-house environment.
We strived to be (and achieved) a pure R&D environment. Unfortunately pure research and development is not a very profitable arena. In addition, one needs business people, sales and productization of services. So, while we tried to keep the research and fun environment we were fighting a losing battle in making ends meet.
To summarize, we had problems scaling. Everyone was spending more money and effort doing less research and experiments. The L0pht wanted desperately to avoid having to compromise our goals and ideals which would have happened if we had continued to go the route we were. The solution was obvious. We needed to find an organization that valued the R&D work that we did, could benefit from it, profit from it, and enable us to keep contributing to the community.
We feel very fortunate in having come across such people in @Stake. We see this as a win-win situation where we will be able to do a lot of the research that we were unable to do while just being the L0pht. We also feel very fortunate in finding an organization that did not expect us to about-face in the way we approach sharing our findings with people.
3. So, how's the cultural fit with @Stake? How do the L0pht's values fit in there?
Here is a PARTIAL list of components that we find work very well with our VALUES and make us very comfortable about the merger:
@Stake is aiming to be completely product / vendor neutral. This enables them to make the best design decision and recommendations possible to the customer without unknown biases. This is accomplished in the following ways:
@Stake will not take commissions / kick-backs from product vendors for recommending a product into a customer. @Stake is in the business of providing strategic services rather than tactical ones. What this means is that they see the benefit in helping design / implement solutions with security and functionality from the beginning rather than looking for known problems and helping to only remediate them when they could have been avoided all together. @Stake will not sell products. Thus they do not have customers being worried that they will recommend their own product even if it might not be the best solution. What this means to us is that we get to continue coming out with tools and programs but are forced to give them away for free! How cool is that! We are completely non-biased in out opinions of products and technologies, and we are able to continue our experimentation and reverse-engineering of such. This also allows us to continue our "consumer reports"-style announcements, papers and research.
@Stake is committed to a strong research and development leg as a method of always being a leader and not just a follower. @Stake wants smarter customers rather than dumber ones in the community. By helping to educate everyone as much as possible it not only helps differentiate the company but allows more interesting and thorough solutions to be deployed for customers. This is the same belief that the L0pht has always held.
4. So what's going to happen to the old L0pht space you were in?
We still have the space. Some of the hardware projects that were going on over there are just not practical to move. We are also setting up new lab space that has many of the things that we could not manage at the old location.
5. And what about the webpage? Is it going to go away? Is it going to be put on 'atstake.com'?
Not in the immediate future. There will obviously be a period of time before we manage to fully integrate everything. As was stated in a previous response one of the reasons we embarked upon this merger is due to the like-minded beliefs. So, when the two web sites finally merge you can expect to find the same sort of information that is currently published in an even better format. It might even be that they stay as individual web sites, one focusing more on R&D and the other on business angles. What it boils down to is that you can expect some changes but the main focus will be quite similar to what it currently is.
6. What exactly is L0pht doing over at @Stake? Are you consulting now?
The L0pht forms the nucleus of the Research and Development group in @Stake. By continuing to push the envelope in security research we can help productize new services to the consulting and business legs of @Stake.
7. What's going to happen to all the advisories? Are you still going to publish them?
The L0pht will continue to publish advisories. This will not change. The L0pht never did and never will publish an advisory based upon insider information that would betray someones trust. However, we will continue to act as a Consumer Reports style organization in posting our general findings through analysis and evaluation as general customers reviewing software.
We still beleive in Full-Disclosure in our advisories. We are also happy that we will be better able to work with companies in giving them advance notice before posting publicly to the world.
8. Are you still going to sell L0phtCrack? And AntiSniff? Will there be new versions?
Since @Stake is purely a consulting services company, it did not acquire the products that were sold commercialy from the L0pht. L0phtCrack and AntiSniff are being moved to a holding company independent of @Stake and will continue to be sold. We will be donating the proceeds (after operational expenses) to non-profit and educational organizations.
The free versions will continue to be free and include source code. A new version of L0phtCrack was 95% complete at the time of the merger. The authors will probably finish the last bit and release L0phtCrack 3.0 but the schedule is uncertain.
A Linux version of the researchers version of AntiSniff is underway and will be released under the same free researchers license that the command line AntiSniff currently has.
9. What's the deal with Hacker News Network anyway? Is that actually part of L0pht, and was it picked up by the merger?
Hacker News Network was run by l0pht employees on l0pht equipment so it certainly was a part of l0pht. We feel it provides a valuable news source to the security community so it will continue to operate as part of @Stake. We expect to be able to spend more time and resources in making it an even better resource for the community.
10. How does it feel working with a bunch of business stiffs?
@Stake is definitely not populated with a bunch of business stiffs. One of the reasons L0pht merged with @Stake was the quality of the people there. They understand our vision of computer security. Some of them would even be considered hackers exactly the same way we think of ourselves as hackers.
Things are a bit more businesslike at the merged company but the place is a place that values openness, diversity, creativity, thinking outside of the box, and coming up with non-conventional solutions.
11. What are the financial makings of this merger?
@Stake is not a publicly traded company right now and as such we are not able to give those details. We are happy to say that the main impetus for the merger was the ability to engage in much more grandious research work and not compromise our morals in the process. We started into this field in order to learn, educate, and contribute and are happy to say that we should only be able to do this things even better now.
12. You talk about 'Strategic Security Solutions' on the @Stake webpage, and you talk about being truly 'vendor-neutral'... isn't that what everyone else is doing? What makes @Stake different? Explain in small words.
The answer to question #3 should help on the vendor-neutral aspect being more than just lip service.
As for the 'Strategic Security Solutions' this is similar to how the L0pht always handled customers. An example in the software world between tactical and strategic might help: Problem: A buffer overflow was found in a section of code. The offending call was the unbounded strcpy(). Tactical approach: Replace that particular strcpy() call with the bounded strncpy(). If a similar problem is found elsewhere later on fix that one after it is reported. Repeat as necessary. Strategic approach: From the design point help model with security involved. Use bounded string functions to remove that class of future problems. Obviously the above is just an example of the way we see tactical being different from strategic approaches. This is how we view all projects be they in the infrastructure, content, operational, network, etc. fields. It also does not preclude us from implementing tactical solutions as necessary but the main focus is enabling, not only reacting.
13. I don't trust hackers like you. Why should I?
We call ourselves hackers using the original, positive meaning of the word. A good definition can be found in Eric Raymond's Hacker's Dictionary. We think hackers have higher ethical standards than most in the business world. We do not do anything illegal with our computers or anyone else's. We get our kicks finding and solving security vulnerabilities in products and technologies using our own networks, hardware, and other resource. This is the way we have always operated and that is the way we will continue to operate. If you can't relate to this, then you should probably reinvestigate the meaning of the word 'hacker'.
14. Are you still going to get drunk and rant at cons? What about your 'professional image'?
We will continue to be involved in conferences the way we always have. Don't you think that if @Stake had told Mudge he would not be able to have a beer with his friends and talk about crypto-systems that would have been a show stopper for the merger right there?
15. Are you hiring? Can I be a L0pht Member?
We are definitely hiring. We cannot thrive and be the leader in security without the best people on the planet. Submit your resume to jobs@atstake.com if you are interested. We want to work with the best and you probably do, too. If you have top notch security skills in consulting or research we urge you to apply. That being said, we cannot accept everyone that applies but will do our best to make sure everyone gets a fair shake.
The L0pht is fully integrated with @Stake so there is no seperate group of people called "L0pht Members". We are proud to call ourselves members of the @Stake team. We will now be known as 'The Hackers Formerly Known As The L0pht', or perhaps some unpronouncable symbol.
16. Does @Stake have an open-door policy?
@Stake operates in a similar fashion to most other professional service organizations. The reason we went to the closed door policy at the L0pht was to enable ourselves to get work done and not just have the place be a local hang-out for people wanting to kick back with a beer and watch TV. While we will be more accesible at @Stake, we are there to do R&D work and as such it will continue to not be an open-door-hangout type environment.
Keep in mind, however, that L0pht has not had a true open-door policy for many years. At our original location, the L0pht was more of a club-house and place for general hanging-out of hackers from around the world. When we moved to our new location and decided to do real research and provide to the community, the L0pht was not open for everybody. We occasionally gave tours and threw parties, but the space was not open for visitors 24 hours a day.
17. Are you still going to the MIT Swapfest and selling funky stuff?
We will still be going to the MIT Swapfest to see people and pick up various things. We hope we won't have to sell our scraps at it anymore in order to make ends meet:) However, as most people going to the MIT flea, we will also want to "upgrade our junk pile". We will be selling, just not every month as in the past.
18. Are you still using your handles? Or are you going to use your real names now?
We have been using our handles for over 10 years now. It is what we have published under in academic journals, magazines, books, given training courses under, and provided recommendations to the US Senate under. As such they are as much our recognized names in the security community and we will continue to use them. Many companies seem to be scared of doing business with people using pseudonyms or handles. This is a problem that we would like to solve. We are not really hiding from anyone, but this is how we've been known for a long time, and for some, is what our parents call us. We hope to educate those companies by showing them that its not the name that's important, rather the information and services that can be provided.
19. What's up with Guerilla Net? Are you guys still doing hardware projects over at @Stake?
@Stake has committed to enabling the R&D labs to work on hardware related projects as well as protocol and software ones. We see an ultimate marriage between all of these areas as technology is progressing and would be remiss if we turned a blind eye towards any of them.
20. Will you be coming out with any more T-shirts?
The T-shirts were fun little projects that we did more out of amusement than anything else. Should the opportunity and inspiration strike again we would not rule out the possibility of coming out with some new designs.
Just out of curiosity, has the GPL been legally tested in court yet? Last I checked (and it wasn't that long ago) it hadn't, although there was talk of a test case.
GPL software, at least until now, hasn't come in contact with a lot of the "money grubbing" that infests the commercial software industry, not to mention things like the movie/music industry (hrm... DVDs anyone?). Get ready for it though: following the "there's money to be made in everything" mantra, more and more companies will hop on the Linux bandwagon, disregarding any petty "philosophy" concerns for concrete and immediate fiscal gain. Corel seemed to want to do it, LinuxOne obviously wants to do it, and many hardware manufacturers seem to want to do it. The recent trend is somewhat disturbing - companies release binary-only modules as "open-source", and even work hard to claim a part of Linux as their intellectual property. Even the name "Linux" has caused a few instances of trademark litigation.
Has there been any work toward the formation of a body of lawyers to defend the principles of free software and Linux? I know the EFF helped out with the CSS suit - any chance of getting this type of defense for the GPL? I can't wait to see the day we take the offensive - when we (the free software community) start suing the "money-grubbing" for GPL violations.
You're right: in looking back on my comment, I underemphasized the poor software engineering part of NT. *Programmers* can also be lazy, and the need for Administrative priviliges for some software to run is really bad. Running NT (at least to me) can feel like running a Unix box with every binary set as SUID-root.;)
...it's probably going to be the cheapest (or nearly the cheapest) part of an evolving system. Although your specs did seem somewhat low-budget (e.g. no SCSI), follow a couple simple rules to ensure upgradablilty:
Just say no to integrated components Integrated or on-board components, such as video, ethernet, and sound are Bad Things (tm). You may be tossing the main board in about a year, you don't want to lose half of your "cards" with it. As far as I can tell, the PCI spec will be in force much longer than any processor bus/slot spec.
Fast RAM, Fast Bus If you can, get faster RAM or a motherboard that supports faster bus speeds. 133mHz RAM (PC-133) will work on 66, 100, and upcoming 133mHz boards. When you upgrade, that'll be one less component to throw away.
Balance cost with upgradability Think (for each individual component) if it will cost you more to fend off obselence by paying more, or to simply buy a new SuperMegaDevice 2002 to replace your 2000 model. Celeron processors (which you seemed decided on) are a good example - they're amazingly cheap, with almost little or no performance penalty. You can buy four or five for the price of one high-powered Pentium III chip, and the PIII may only last you 2-3 more months.
...not the "cure-all" for a insecure system. Chmod and chgrp are tools, just like/etc/hosts.deny. Security is a combination of a software engineering issue and a policy issue: great security ideas are often poorly implemented, either in software, or by a particular system administrator (*cough*... NT... *cough*).
For example, Windows NT has a much more granular permissions implementation than most Unix systems (NT uses ACLs), but viruses still run rampant on NT boxes due to poor administration. If I had a dollar (or hell, even five cents) for every time I saw someone logged in as Administrator to use M$ Office, I'd be a rich man. The virus problem is even worse under Win9x variants: there aren't any (or very many) security tools, including filesystem permissions, to use.
A well-thought out security policy can guard against most any virus - it's ignorance that viruses prey on, regardless of the OS.
And please: the plural of virus is viruses, not viri or any other abuse of Latin;). Check out this page for an explanation. (Link kindly donated by a previous/. article.)
A previous Slashdot article included reactions to the settling of Caldera's lawsuit regarding DR-DOS, their non-free DOS clone. What are your feelings on the lawsuit and its settlement? Even though your development isn't focused upon running Windows, have you ever run into any similar "forced incompatibility" issues (Microsoft-related or otherwise)?
w3m (a console-based WWW browser with frames and tables support) lets you do the same thing with gpm, and even implements scrolling through a click-and-drag motion on the console. I've been playing around with it for the past couple of days, and I already almost like it better than netscape (which doesn't say too much)...:)
I've played around with Linuxconf and the Gnome configuration tools, and have been generally unimpressed with the "embed everything into one tabbed panel" approach of the two. I use simple console-based tools or vi to edit the config files, but would welcome a set of *loosely integrated* tools, each specialized to work with modems, mice, etc. under X.
One approach, although windows-like, would be to make each applet a dynamically-linked library. A central "control-panel" applet could enumerate the shared libraries in a directory, calling some function like 'struct cp_ops init_panel(void);" to get a list of the functions to call for opening the applet, closing the applet, or assigning the applet an "owner window" (if such a thing exists). Among the "struct cp_ops" members could be a name, description, etc. This would be highly extensible, and wouldn't be limited to any one "master" application: other client programs could easily link in the "official" control panel operations, or simply reimplement them by calling into the applets directly.
I'm sure there's some really good argument for the ORBit/COM-like OO approach to configuration tools, but in practice I just haven't seen it work. If the embedded applets wouldn't do funny things like disappear when I press OK (GNOME), I would probably be singing their praises right now.
Is the aforementioned (and simple ) approach adequate? Is there some use or situation for which it would fail?
[A commercial is playing] Guy: What is the future of America? Is it the money we make?
[A dollar flies by the screen] Guy: The quests we conquer
[Shot of Neil Armstrong on the moon flies by] Guy: No. It's the children.
[Shows a pic of the five boys] Guy: So what do the children have to say about Microsoft?
[Kyle's head flies by] Kyle: I don't like big corporations.
[Then Stan] Stan: I like small businesses.
[Then Cartman] Cartman: I believe in the family owned enterprise.
[Kenny] Kenny: To get back to the home owned enterprise.
[And finally Tweek] Tweek: Ah!
Guy: It's time to stop large corporations. Prop Ten is about children. Vote yes on Prop Ten or else you hate children. You don't hate children, do you? Remember, keep American business small or else.
[Show a pic of all five boys' heads as burnt skulls with hats]
Guy: Paid for by Novell and citizens for a fair and equal way to get Microsoft kicked out of town forever.
This isn't unprecedented or uncalled-for by any means. Microsoft struck first - with their "informative" article entitled "Windows 2000 Server: A Prime Choice over Novell's Netware 5.0", similar to their "Linux Myths" article and (my favorite) "How to remove Linux from your computer and install NT".
Novell is responding just like the Open source community did to the "Linux Myths" article. What are they supposed to do? Stay quiet and take it like a man? Of course, this just increases the FUD-to signal ratio.
What kind of reply would anyone here like to have seen?
This is one of the questions I really would have liked to hear asked at the press conference - "Are there any plans/hooks in place for SMP operation?".
Massive SMP looked very probable IMHO - especially the heat/power consumption angle of it.
I watched the entire Transmeta presentation yesterday (~2 hrs long). From what I saw, I got the impression that the "Code Morphing Software" also serves as a layer of abstraction, allowing Transmeta to change the underlying CPU implementation or instruction set without breaking applications. I even saw (I think in another/. post) that even the VLIW instructions are at least partially translated by the "Code-Morphing" software into a lower-level format.
Playing around with the low-level stuff - including branching, etc - would be a blast, but I got the impression that Transmeta would remain reluctant to release specs, for fear of being forced into the backward-compatibility game, much like Intel.
Is there any way to capture and archive the stream as it plays? We could mirror it afterwards for those whom the Slashdot/Firewall effect squeezes out...
I tried to grab the G2 Linux Player from www.real.com, but I got a big red message saying "This Product/OS/Processor combination is not available". Is Realplayer 5 the latest version? If there is a G2, where can I find it?
If anyone reading this article hasn't already, check out some of the posts about this on the "Open Forum" at http://www.arstechnica.com. Some of the more interesting comments on the Apex player mentioned an inability to do low bitrates (less than 32kbps), an 8-character track name limitation on the unit's display, and weird problems with audio sync on certain DVDs.
Still, the overall consensus was that the unit was a bargain despite these limitations. Of course, I recommend you read and decide for yourself before you throw your money at Best Buy employees.:-)
You probably want GLX for XFree86 4.0;) - it's going to take quite a bit of work to get the CVS code to work as an XFree86 4.0 module. Oh well... the GLX site has been unreachable (at least where I am) for the last two days anyway.
Is MGA support different from a direct-rendering GLX driver?
If it isn't, and you haven't checked it out yet, head over to http://glx.on.openprojects.net/ and grab the Utah GLX source out of CVS. The Matrox G400 OpenGL drivers are supposedly "at the level of the windows drivers" already.
Does the xinerama extention in V4 support single-card multihead yet (a la the Matrox G400)? So far all of the documentation I've seen refers to an AGP/PCI combination.
As of 11:40 AM EST, Linux is ahead of Windows NT Server, 3.1 to 3.0. Linux has a total of 9250 votes, while NT has a total of 7483 votes. The deja.com servers are slowing to a crawl, with something like 100 votes/minute being posted to the poll. I wonder if the deja.com staff might notice the system load, and get rid of these stupid polls. Oh well, I can hope...
Can we stop now? I'm trying to actually *use* the DejaNews search...;-)
If you're going to slam someone's grammar, try using 'its' for *it is*, rather than the possessive 'it's', which denotes something *belonging to it*. The original article said nothing about the PDF format belonging to Compaq, either.
Why can't we comment on the article, rather than pick at HeUnique's grammar?
The.plan file talks at length about cheating related to the GPL'ing of the original Quake - and then goes on to talk about a Quake 3 source release. Is this just the virtual machine code? Can cheating be accomplished with a Quake 3 release also (be it the VM code or actual source)?
Slashdot Mirror
I had no problems with the story's URL. In fact, both http://server51.freshmeat.net and http://server51.net work from where I am.
If someone already mentioned this, please excuse its duplication - What about Alan Turing's work? Turing laid down the theoretical foundation for most of modern computing, including the concept of an infinite 'tape' of binary-based random access memory. The Turing Test, a basic subjective test for verification for artificial intelligence, is still (at least one of) the defacto standards in the field.
If any of you haven't read it, I can recommend _Alan Turing: The Enigma_ by Andrew Hodges. Although it's a bit lengthy, it gives the reader a good idea of exactly how similar Turing's ideas were relative to modern implementations.
Here's the full text of the article:
:)
1. Is it true? Did L0pht Heavy Industries actually merge with @Stake?
YES. L0pht Heavy Industries was incorporated, had employees on the payroll, and sold
software products and consulting services. In short, we were a real company and had
been operating that way for a couple years. L0pht Heavy Industries legally merged
with @Stake in the beginning of 2000 so we are all one company now. The new
company will go by the name of @Stake.
2. Why did you do it? You seemed to have a perfect club-house environment.
We strived to be (and achieved) a pure R&D environment. Unfortunately pure research
and development is not a very profitable arena. In addition, one needs business people,
sales and productization of services. So, while we tried to keep the research and fun
environment we were fighting a losing battle in making ends meet.
To summarize, we had problems scaling. Everyone was spending more money and
effort doing less research and experiments. The L0pht wanted desperately to avoid
having to compromise our goals and ideals which would have happened if we had
continued to go the route we were. The solution was obvious. We needed to find an
organization that valued the R&D work that we did, could benefit from it, profit from it,
and enable us to keep contributing to the community.
We feel very fortunate in having come across such people in @Stake. We see this as a
win-win situation where we will be able to do a lot of the research that we were unable
to do while just being the L0pht. We also feel very fortunate in finding an organization
that did not expect us to about-face in the way we approach sharing our findings with
people.
3. So, how's the cultural fit with @Stake? How do the L0pht's values fit in there?
Here is a PARTIAL list of components that we find work very well with our VALUES and
make us very comfortable about the merger:
@Stake is aiming to be completely product / vendor neutral. This enables them to
make the best design decision and recommendations possible to the customer
without unknown biases. This is accomplished in the following ways:
@Stake will not take commissions / kick-backs from product vendors for
recommending a product into a customer.
@Stake is in the business of providing strategic services rather than
tactical ones. What this means is that they see the benefit in helping design
/ implement solutions with security and functionality from the beginning
rather than looking for known problems and helping to only remediate them
when they could have been avoided all together.
@Stake will not sell products. Thus they do not have customers being
worried that they will recommend their own product even if it might not be
the best solution. What this means to us is that we get to continue coming
out with tools and programs but are forced to give them away for free!
How cool is that! We are completely non-biased in out opinions of products
and technologies, and we are able to continue our experimentation and
reverse-engineering of such. This also allows us to continue our "consumer
reports"-style announcements, papers and research.
@Stake is committed to a strong research and development leg as a method of
always being a leader and not just a follower.
@Stake wants smarter customers rather than dumber ones in the community. By
helping to educate everyone as much as possible it not only helps differentiate
the company but allows more interesting and thorough solutions to be deployed
for customers. This is the same belief that the L0pht has always held.
4. So what's going to happen to the old L0pht space you were in?
We still have the space. Some of the hardware projects that were going on over there
are just not practical to move. We are also setting up new lab space that has many of
the things that we could not manage at the old location.
5. And what about the webpage? Is it going to go away? Is it going to be put on
'atstake.com'?
Not in the immediate future. There will obviously be a period of time before we manage
to fully integrate everything. As was stated in a previous response one of the reasons
we embarked upon this merger is due to the like-minded beliefs. So, when the two web
sites finally merge you can expect to find the same sort of information that is currently
published in an even better format. It might even be that they stay as individual web
sites, one focusing more on R&D and the other on business angles. What it boils down
to is that you can expect some changes but the main focus will be quite similar to what
it currently is.
6. What exactly is L0pht doing over at @Stake? Are you consulting now?
The L0pht forms the nucleus of the Research and Development group in @Stake. By
continuing to push the envelope in security research we can help productize new
services to the consulting and business legs of @Stake.
7. What's going to happen to all the advisories? Are you still going to publish them?
The L0pht will continue to publish advisories. This will not change. The L0pht never did
and never will publish an advisory based upon insider information that would betray
someones trust. However, we will continue to act as a Consumer Reports style
organization in posting our general findings through analysis and evaluation as general
customers reviewing software.
We still beleive in Full-Disclosure in our advisories. We are also happy that we will be
better able to work with companies in giving them advance notice before posting
publicly to the world.
8. Are you still going to sell L0phtCrack? And AntiSniff? Will there be new versions?
Since @Stake is purely a consulting services company, it did not acquire the products
that were sold commercialy from the L0pht. L0phtCrack and AntiSniff are being moved
to a holding company independent of @Stake and will continue to be sold. We will be
donating the proceeds (after operational expenses) to non-profit and educational
organizations.
The free versions will continue to be free and include source code. A new version of
L0phtCrack was 95% complete at the time of the merger. The authors will probably
finish the last bit and release L0phtCrack 3.0 but the schedule is uncertain.
A Linux version of the researchers version of AntiSniff is underway and will be released
under the same free researchers license that the command line AntiSniff currently has.
9. What's the deal with Hacker News Network anyway? Is that actually part of L0pht, and
was it picked up by the merger?
Hacker News Network was run by l0pht employees on l0pht equipment so it certainly
was a part of l0pht. We feel it provides a valuable news source to the security
community so it will continue to operate as part of @Stake. We expect to be able to
spend more time and resources in making it an even better resource for the community.
10. How does it feel working with a bunch of business stiffs?
@Stake is definitely not populated with a bunch of business stiffs. One of the reasons
L0pht merged with @Stake was the quality of the people there. They understand our
vision of computer security. Some of them would even be considered hackers exactly
the same way we think of ourselves as hackers.
Things are a bit more businesslike at the merged company but the place is a place that
values openness, diversity, creativity, thinking outside of the box, and coming up with
non-conventional solutions.
11. What are the financial makings of this merger?
@Stake is not a publicly traded company right now and as such we are not able to give
those details. We are happy to say that the main impetus for the merger was the ability
to engage in much more grandious research work and not compromise our morals in the
process. We started into this field in order to learn, educate, and contribute and are
happy to say that we should only be able to do this things even better now.
12. You talk about 'Strategic Security Solutions' on the @Stake webpage, and you talk about
being truly 'vendor-neutral'... isn't that what everyone else is doing? What makes @Stake
different? Explain in small words.
The answer to question #3 should help on the vendor-neutral aspect being more than
just lip service.
As for the 'Strategic Security Solutions' this is similar to how the L0pht always handled
customers. An example in the software world between tactical and strategic might help:
Problem:
A buffer overflow was found in a section of code. The offending call was the
unbounded strcpy().
Tactical approach:
Replace that particular strcpy() call with the bounded strncpy(). If a
similar problem is found elsewhere later on fix that one after it is reported.
Repeat as necessary.
Strategic approach:
From the design point help model with security involved. Use bounded
string functions to remove that class of future problems.
Obviously the above is just an example of the way we see tactical being different from
strategic approaches. This is how we view all projects be they in the infrastructure,
content, operational, network, etc. fields. It also does not preclude us from
implementing tactical solutions as necessary but the main focus is enabling, not only
reacting.
13. I don't trust hackers like you. Why should I?
We call ourselves hackers using the original, positive meaning of the word. A good
definition can be found in Eric Raymond's Hacker's Dictionary. We think hackers have
higher ethical standards than most in the business world. We do not do anything illegal
with our computers or anyone else's. We get our kicks finding and solving security
vulnerabilities in products and technologies using our own networks, hardware, and
other resource. This is the way we have always operated and that is the way we will
continue to operate. If you can't relate to this, then you should probably reinvestigate
the meaning of the word 'hacker'.
14. Are you still going to get drunk and rant at cons? What about your 'professional image'?
We will continue to be involved in conferences the way we always have. Don't you
think that if @Stake had told Mudge he would not be able to have a beer with his friends
and talk about crypto-systems that would have been a show stopper for the merger
right there?
15. Are you hiring? Can I be a L0pht Member?
We are definitely hiring. We cannot thrive and be the leader in security without the
best people on the planet. Submit your resume to jobs@atstake.com if you are
interested. We want to work with the best and you probably do, too. If you have top
notch security skills in consulting or research we urge you to apply. That being said, we
cannot accept everyone that applies but will do our best to make sure everyone gets a
fair shake.
The L0pht is fully integrated with @Stake so there is no seperate group of people called
"L0pht Members". We are proud to call ourselves members of the @Stake team. We
will now be known as 'The Hackers Formerly Known As The L0pht', or perhaps some
unpronouncable symbol.
16. Does @Stake have an open-door policy?
@Stake operates in a similar fashion to most other professional service organizations.
The reason we went to the closed door policy at the L0pht was to enable ourselves to
get work done and not just have the place be a local hang-out for people wanting to
kick back with a beer and watch TV. While we will be more accesible at @Stake, we are
there to do R&D work and as such it will continue to not be an open-door-hangout type
environment.
Keep in mind, however, that L0pht has not had a true open-door policy for many years.
At our original location, the L0pht was more of a club-house and place for general
hanging-out of hackers from around the world. When we moved to our new location
and decided to do real research and provide to the community, the L0pht was not open
for everybody. We occasionally gave tours and threw parties, but the space was not
open for visitors 24 hours a day.
17. Are you still going to the MIT Swapfest and selling funky stuff?
We will still be going to the MIT Swapfest to see people and pick up various things. We
hope we won't have to sell our scraps at it anymore in order to make ends meet
However, as most people going to the MIT flea, we will also want to "upgrade our junk
pile". We will be selling, just not every month as in the past.
18. Are you still using your handles? Or are you going to use your real names now?
We have been using our handles for over 10 years now. It is what we have published
under in academic journals, magazines, books, given training courses under, and
provided recommendations to the US Senate under. As such they are as much our
recognized names in the security community and we will continue to use them. Many
companies seem to be scared of doing business with people using pseudonyms or
handles. This is a problem that we would like to solve. We are not really hiding from
anyone, but this is how we've been known for a long time, and for some, is what our
parents call us. We hope to educate those companies by showing them that its not the
name that's important, rather the information and services that can be provided.
19. What's up with Guerilla Net? Are you guys still doing hardware projects over at @Stake?
@Stake has committed to enabling the R&D labs to work on hardware related projects
as well as protocol and software ones. We see an ultimate marriage between all of
these areas as technology is progressing and would be remiss if we turned a blind eye
towards any of them.
20. Will you be coming out with any more T-shirts?
The T-shirts were fun little projects that we did more out of amusement than anything
else. Should the opportunity and inspiration strike again we would not rule out the
possibility of coming out with some new designs.
Just out of curiosity, has the GPL been legally tested in court yet? Last I checked (and it wasn't that long ago) it hadn't, although there was talk of a test case.
/slashdot-1.0/rant
GPL software, at least until now, hasn't come in contact with a lot of the "money grubbing" that infests the commercial software industry, not to mention things like the movie/music industry (hrm... DVDs anyone?). Get ready for it though: following the "there's money to be made in everything" mantra, more and more companies will hop on the Linux bandwagon, disregarding any petty "philosophy" concerns for concrete and immediate fiscal gain. Corel seemed to want to do it, LinuxOne obviously wants to do it, and many hardware manufacturers seem to want to do it. The recent trend is somewhat disturbing - companies release binary-only modules as "open-source", and even work hard to claim a part of Linux as their intellectual property. Even the name "Linux" has caused a few instances of trademark litigation.
Has there been any work toward the formation of a body of lawyers to defend the principles of free software and Linux? I know the EFF helped out with the CSS suit - any chance of getting this type of defense for the GPL? I can't wait to see the day we take the offensive - when we (the free software community) start suing the "money-grubbing" for GPL violations.
make: Leaving
You're right: in looking back on my comment, I underemphasized the poor software engineering part of NT. *Programmers* can also be lazy, and the need for Administrative priviliges for some software to run is really bad. Running NT (at least to me) can feel like running a Unix box with every binary set as SUID-root. ;)
- Just say no to integrated components
- Fast RAM, Fast Bus
- Balance cost with upgradability
Good luck with the building.Integrated or on-board components, such as video, ethernet, and sound are Bad Things (tm). You may be tossing the main board in about a year, you don't want to lose half of your "cards" with it. As far as I can tell, the PCI spec will be in force much longer than any processor bus/slot spec.
If you can, get faster RAM or a motherboard that supports faster bus speeds. 133mHz RAM (PC-133) will work on 66, 100, and upcoming 133mHz boards. When you upgrade, that'll be one less component to throw away.
Think (for each individual component) if it will cost you more to fend off obselence by paying more, or to simply buy a new SuperMegaDevice 2002 to replace your 2000 model. Celeron processors (which you seemed decided on) are a good example - they're amazingly cheap, with almost little or no performance penalty. You can buy four or five for the price of one high-powered Pentium III chip, and the PIII may only last you 2-3 more months.
...not the "cure-all" for a insecure system. Chmod and chgrp are tools, just like /etc/hosts.deny. Security is a combination of a software engineering issue and a policy issue: great security ideas are often poorly implemented, either in software, or by a particular system administrator (*cough*... NT... *cough*).
;). Check out this page for an explanation. (Link kindly donated by a previous /. article.)
For example, Windows NT has a much more granular permissions implementation than most Unix systems (NT uses ACLs), but viruses still run rampant on NT boxes due to poor administration. If I had a dollar (or hell, even five cents) for every time I saw someone logged in as Administrator to use M$ Office, I'd be a rich man. The virus problem is even worse under Win9x variants: there aren't any (or very many) security tools, including filesystem permissions, to use.
A well-thought out security policy can guard against most any virus - it's ignorance that viruses prey on, regardless of the OS.
And please: the plural of virus is viruses, not viri or any other abuse of Latin
A previous Slashdot article included reactions to the settling of Caldera's lawsuit regarding DR-DOS, their non-free DOS clone. What are your feelings on the lawsuit and its settlement? Even though your development isn't focused upon running Windows, have you ever run into any similar "forced incompatibility" issues (Microsoft-related or otherwise)?
w3m (a console-based WWW browser with frames and tables support) lets you do the same thing with gpm, and even implements scrolling through a click-and-drag motion on the console. I've been playing around with it for the past couple of days, and I already almost like it better than netscape (which doesn't say too much)... :)
I've played around with Linuxconf and the Gnome configuration tools, and have been generally unimpressed with the "embed everything into one tabbed panel" approach of the two. I use simple console-based tools or vi to edit the config files, but would welcome a set of *loosely integrated* tools, each specialized to work with modems, mice, etc. under X.
One approach, although windows-like, would be to make each applet a dynamically-linked library. A central "control-panel" applet could enumerate the shared libraries in a directory, calling some function like 'struct cp_ops init_panel(void);" to get a list of the functions to call for opening the applet, closing the applet, or assigning the applet an "owner window" (if such a thing exists). Among the "struct cp_ops" members could be a name, description, etc. This would be highly extensible, and wouldn't be limited to any one "master" application: other client programs could easily link in the "official" control panel operations, or simply reimplement them by calling into the applets directly.
I'm sure there's some really good argument for the ORBit/COM-like OO approach to configuration tools, but in practice I just haven't seen it work. If the embedded applets wouldn't do funny things like disappear when I press OK (GNOME), I would probably be singing their praises right now.
Is the aforementioned (and simple ) approach adequate? Is there some use or situation for which it would fail?
Or, in South Park-speak:
[A commercial is playing]
Guy: What is the future of America? Is it the money we make?
[A dollar flies by the screen]
Guy: The quests we conquer
[Shot of Neil Armstrong on the moon flies by]
Guy: No. It's the children.
[Shows a pic of the five boys]
Guy: So what do the children have to say about Microsoft?
[Kyle's head flies by]
Kyle: I don't like big corporations.
[Then Stan]
Stan: I like small businesses.
[Then Cartman]
Cartman: I believe in the family owned enterprise.
[Kenny]
Kenny: To get back to the home owned enterprise.
[And finally Tweek]
Tweek: Ah!
Guy: It's time to stop large corporations. Prop Ten is about children. Vote yes on Prop Ten or else you hate children. You don't hate children, do you? Remember, keep American business small or else.
[Show a pic of all five boys' heads as burnt skulls with hats]
Guy: Paid for by Novell and citizens for a fair and equal way to get Microsoft kicked out of town forever.
Hate to reply to myself...
;-)
Whoops... clarification: Perhaps the Open Source community was *a bit* more analytical in their rebuttal of Microsoft's allegations...
This isn't unprecedented or uncalled-for by any means. Microsoft struck first - with their "informative" article entitled "Windows 2000 Server: A Prime Choice over Novell's Netware 5.0", similar to their "Linux Myths" article and (my favorite) "How to remove Linux from your computer and install NT".
Novell is responding just like the Open source community did to the "Linux Myths" article. What are they supposed to do? Stay quiet and take it like a man? Of course, this just increases the FUD-to signal ratio.
What kind of reply would anyone here like to have seen?
This is one of the questions I really would have liked to hear asked at the press conference - "Are there any plans/hooks in place for SMP operation?".
Massive SMP looked very probable IMHO - especially the heat/power consumption angle of it.
I watched the entire Transmeta presentation yesterday (~2 hrs long). From what I saw, I got the impression that the "Code Morphing Software" also serves as a layer of abstraction, allowing Transmeta to change the underlying CPU implementation or instruction set without breaking applications. I even saw (I think in another /. post) that even the VLIW instructions are at least partially translated by the "Code-Morphing" software into a lower-level format.
Playing around with the low-level stuff - including branching, etc - would be a blast, but I got the impression that Transmeta would remain reluctant to release specs, for fear of being forced into the backward-compatibility game, much like Intel.
Is there any way to capture and archive the stream as it plays? We could mirror it afterwards for those whom the Slashdot/Firewall effect squeezes out...
Just a thought...
I tried to grab the G2 Linux Player from www.real.com, but I got a big red message saying "This Product/OS/Processor combination is not available". Is Realplayer 5 the latest version? If there is a G2, where can I find it?
;-)
Quick! I've got 30 minutes!
If anyone reading this article hasn't already, check out some of the posts about this on the "Open Forum" at http://www.arstechnica.com. Some of the more interesting comments on the Apex player mentioned an inability to do low bitrates (less than 32kbps), an 8-character track name limitation on the unit's display, and weird problems with audio sync on certain DVDs.
:-)
Still, the overall consensus was that the unit was a bargain despite these limitations. Of course, I recommend you read and decide for yourself before you throw your money at Best Buy employees.
Grr... Posted too quickly again.
;) - it's going to take quite a bit of work to get the CVS code to work as an XFree86 4.0 module. Oh well... the GLX site has been unreachable (at least where I am) for the last two days anyway.
You probably want GLX for XFree86 4.0
Is MGA support different from a direct-rendering GLX driver?
If it isn't, and you haven't checked it out yet, head over to http://glx.on.openprojects.net/ and grab the Utah GLX source out of CVS. The Matrox G400 OpenGL drivers are supposedly "at the level of the windows drivers" already.
Does the xinerama extention in V4 support single-card multihead yet (a la the Matrox G400)? So far all of the documentation I've seen refers to an AGP/PCI combination.
This appears to be working.
;-)
As of 11:40 AM EST, Linux is ahead of Windows NT Server, 3.1 to 3.0. Linux has a total of 9250 votes, while NT has a total of 7483 votes. The deja.com servers are slowing to a crawl, with something like 100 votes/minute being posted to the poll. I wonder if the deja.com staff might notice the system load, and get rid of these stupid polls. Oh well, I can hope...
Can we stop now? I'm trying to actually *use* the DejaNews search...
Holy shit. I really need to read over these comments before I post them. Wrong. Wrong wrong wrong. Its the other way around.
MrHat slides down in his chair and runs toward the nearest English class.
If you're going to slam someone's grammar, try using 'its' for *it is*, rather than the possessive 'it's', which denotes something *belonging to it*. The original article said nothing about the PDF format belonging to Compaq, either.
Why can't we comment on the article, rather than pick at HeUnique's grammar?
The .plan file talks at length about cheating related to the GPL'ing of the original Quake - and then goes on to talk about a Quake 3 source release. Is this just the virtual machine code? Can cheating be accomplished with a Quake 3 release also (be it the VM code or actual source)?