Only open source systems like Unix can be made reasonably secure. Ahemm... the flaw is not platform or OS related. It is related to a specific series of Wifi chips and drivers, regardless of which OS is installed on the host computer.
This flaw can be exploited on Unix, Linux, BSD, Windows, OS X. If the Olsen-twins made an OS using the same hardware and code base for network drivers, their Olsen-twin-OS would have the same flaw as well. In fact, the wide application of this flaw is the main reason it is truly newsworthy.
I politely recommend reading the article, and studying the problem in more depth before your next post.
Just another case of Slashdot treating its visitors like criminals.
Worse yet: Slashdot probably encrypts that password before storing it in their database!!! The bastards!!!
Yes. I agree. They are no better than the RIAA. Death to all websites who use passwords and enrypt them before storing them. We want freedom for all!
Btw, what is the username for your PayPal account?
But that does not invalidate my observation: Nobody showed any interest in the actual license. How on earth can we even debate a license issue, if nobody knows what it says in the actual license???
Could be a violation. Sure. But the only way to know would be... looking in the license?
Funny, everybody is whining (or anti-whining) about the release (or lack thereof) of the sourcecode.
But what about the GPL license?
If the people making this software are claiming it is GPL'ed, shouldn't the actual GPL license document be the first thing you were looking for?
What license ACTUALLY comes with the software in question? Forget what is says on outdated web pages. What does it say in the license which followed the product?
Only after examining the ACTUAL license, can we decide if there is a license violation or not. And as a user of the product, who wants to know what your rights and privileges are, you should focus your attention on the license - not buried within the sales pitch of a web page.
Can someone explain how this sort of machine could be used, practically speaking, to break e.g. an email encrypted with PGP, or/etc/shadow? It probably can't, really. But it is useful for two things:
1.) It can be used to crack passwords/passkeys encrypted in this manner. It makes it possible for the owner of the device to obtain the actual password/passkey if he can get a hold of the hashed version. This may be useful in cracking networks or security barriers.
2.) It can display to the world, just how cheat it is to build a device which can reverse hashed data. If he can get his hands on this device for small money, imagine how many FPGAs the CIA or NSA could cramp into one of their facilities?
It seems to be the logical step. But how does this decision actually stand with current rules on the topic?
We might all oppose Microsofts methods of getting the "yes" vote, but as an IT geek working with protocols and OO encapsulation I would say this: Rules are rules! Protocols are protocols! If they are weak, fix them for the future. Don't whine about the past flaws in your protocols.
While Microsofts methods were perhaps immoral, they DID follow the protocol. Do we really want a situation where votes can be nullified in spite of the fact that they were obtained by following the rules? And could such practice be a disadvantage for F/OSS projects/standards/protocols in the future?
I just illustrated your idiotic argument of everybody (religious, not really everybody) being treated equally. Equally bad.
Comprende, moron?
Stop writing to me, my IQ is plummeting because of those conversations with such idiots like you. Question: Can a negative IQ actually be "plummeting"?
I don't think you have illustrated anything, other than your apparent lack of arguments, and your inability to engage in a good debate. Your response to solid arguments and fair questions is foul language and negative attitude.
And you still haven't explained how or why (from a sociological point of view) you think having rules in a society is bad, or why religious needs should exceed the needs of society as a whole.
Like that DVD Jon guy, other people did the work, but they are adults, adults with jobs, and they don't want to get sued to death, so they let an underage person take the credit and press. Who would dare sue a kid, because the press luv the fantasy story of some hacker kid sticking it to the man, and companies don't want the bad press of sueing a kid. Hmm... let me see...
1.) DVD Jon was actualy a pretty knowledgeable hardcore geek way before he did the CSS crack.
2.) He actually DID get sued. By big companies. On several occasions.
Untrue. And I could give you many examples. For now I will just stick with one: DotNetNuke, an OpenSource and free CMS of quite good quality for the.NET platform. They make a great product, have a good community, give their product away for free (free as in "beer), and supply the sourcecode along with it with a semi-free (as in "freedom") license which compares somewhat to an LGPL.
Can you please describe to me, in what way you think they are evil?
(because I surely can't see it).
I think your statement is just a bit troll-ish and unfair (not enough to be moderated down though).
While I agree that the OOXML approval process in certain countries sucks ass, that is not in itself a proof that *ALL* Microsoft Partners are dishonorable.
They could have avoided a lot of trouble, if they had just signed up as a Microsoft Partner. It costs nothing and would have made them "a co-player" rather than a "security risk".
Are you trying to say, that the Islamic injunction which oppresses women and forces them to wear headscarfs (no matter if they want or not) is less oppressive than laws in France or Germany which dictate that nobody may wear strong religious symbols in public institutions? (btw while totally allowing them to wear whatever they please when they are not in a public institution)
Btw...
German laws circa 1937 were quite neutral to all Jews. Do you listen to yourself, atheists? I looked into that. You seem to be mistaken. Or perhaps you would elaborate what you mean, and which laws you refer to?
YOU personally can not. Except perhaps in your own home, where they would have the choice of either complying or leaving.
If society tells my daughter to wear clothes in public, she has to comply or stay home. If she choses to disobey society and go out in the public totally naked, she will be arrested and taken of the streets.
If society tells my daughter she can not pursue a political career wearing a Burka (or becoming a Police officer wearing a Burka) she will have to choose another line of work or loose the burka.
How on earth is it BS? I need arguments, not bad language.
Society is allready telling you what to wear, and in part how to wear it (for instance if you wear your pants on your head and your t-shirt on your ass you will be locked away by society as well). The ONLY thing which is open for debate here, is the limits of these restrictions. Not if they do or do not exist. They do - beyond any questioning.
Wearing anything at all sends a religious message, namely, I am not a Jain. It could be that you were really a Jain who temporarily tolerated societies demand that you not be naked in public - while you exercised your right to be naked at home and in the company of your Jain friends?
equal persecution of all religions (except Buddhism) You must be joking.
Allowing or accepting the uncontrolled exercise of all religious aspects is unacceptable in any modern society.
Society as a whole is (and should be) dominated by non-religious values. In fact, that is the only way to ensure equal space for all religions. If the moral/ethical ways of the society I live in has decided that "murder is illegal", but my religion dictates that I must make a human sacrifice every month, which should win? If the moral/ethical ways of the society I live in has decided that stealing is wrong, but my religion dictates that I must covertly acquire other peoples values on a daily basis, which should win?
If the society I live in dictates that we must all be able to see the face of every public worker we encounter, but some religion dictates that all women should wear a Burka (Muslim full-body ghost-like clothing, typically all black or brown), which point of view should have precedence? Should women wearing a Burka be allowed to become public workers? Like police officers? Or politicians? Or bureaucrats? Would you call it "religious persecution" if I opposed a law which accepted police officers to wear a Burka (I am sure some of them would just love that)?
Religion is often in conflict with the ethics and moral values of society in general (and with other religions). The only way to ensure maximum space for everyone is by letting the general moral and ethical values take precedence. In a democratic society, these values are enforced by the government (who passes laws which reflect values in society). And while we all may disagree with the governments decisions sometimes, it is still the best way to ensure maximum space for everyone.
Personally I think that making laws about headscarfs is pretty silly. But i certainly understand the underlying arguments for doing so. Perhaps it seems stupid looking at the headscarfs, but on the other hand, the Burka is a pretty good example of the reason we have to draw a line SOMEWHERE. The result is simple: we must allow people to exercise whatever religion they want, as long as this exercise conforms to the moral and ethical values of society. For example: We must allow women to wear a Burka as long as they accept that they cannot become police officers at the same time.
Making laws that prohibit police officers from being fully masked is not an oppression or persecution of religion. It is a fair and necessary step which ensures that society works as a whole.
Actually they didn't. They banned people who are wearing clear religious signs, including (BUT NOT LIMITED TO) a headscarf. The law permits wide interpretations which in effect also prohibits funny little Jewish hats, big necklaces, big crucifixes, etc. The prohibition is for ANY religion.
It is therefore fair to consider the laws you refer to as being "neutral", because they simply prohibit strong religious signals IN GENERAL and not in opposition of a single religion.
They also don't tell you what you can or can't do in the privacy of your own home.
Your comparison to this new and very sad Chinese law is flawed.
You sound like you're a non-technical Windows user who knows Windows because that is what you've always used. You also sound like someone who has never tried to administer (in depth) both Windows and Linux servers (including email, web servers, VPNs, SQL servers, backups, patching, etc).
With all respect, that is not the case:-) And you also make a number of critical mistakes which display your Windows-ignorance. I will address those in a second.
With Windows GUI interfaces, you'd have to login to each server 1 by 1 and configure each one by hand manually.
That is a very widespread and common misunderstanding, which is totally untrue. Any Windows server since NT 4 supports remote scripting. A Windows SA who knows hes way around VBS can access virtually any element of a Windows Server through COM, and execute these scripts remotely. The scripts can also be propagated to any number of servers, either by naming the servers or by propagating them using the Domain/AD specifications (site, organization, country, company, etc). I don't know where you picked up this misconception, but when you accuse others of not knowing what they are talking about, the least you could do is get your facts right.
Want to automatically update your software on Windows? Have fun visiting dozens of third party websites, downloading installation files and installing them one-by-one, trying to avoid...
That is yet another common and very untrue misconception. It is no more difficult to get the correct downloads for Windows applications that it is for Linux applications. While it is true that many Linux distros have good packaging systems (which many Windows admins may envy), consider what happens if you have software that is not in your packet manager? Like commercial software from Oracle or IBM? (yes - businesses actually use such commercial products). Or 3rd party open source software which has not been compiled? Good luck compiling it for your specific distro and all the different hardware if you are just an average admin.
I am not saying Windows is better in this respect. But you shouldn't pretend it is 100 times as bad either. Rolling out updates on multiple servers can be done with the Windows Installing service, which can propagate properly formed MSI packages to any number of machines you like (including thousands of Windows clients and hundreds of servers in a single roll-out). It requires the same care and the same planning as rolling out updates on non-Windows machines - just using different tools.
In addition there are many software managing systems which can handle these things for you. Some are commercial (like Tivoli and HP Openview) and others are free. They support both Windows and non-Windows technology, so in many cases you can design roll-out projects for many different platforms with the same tool. They will even make sample scripts for you, or have agent-software you can install on the target machines to be managed.
while totally ignoring the *MASSIVE* inefficiencies and problems of using a proprietary Microsoft environment.
If you refer to your apparent lack of knowledge on how to handle large Windows environments, then you are correct. But an experienced Windows SA will never have the difficulties you describe, and will handle things in a very different manner. Your example is flawed.
You can't claim Linux is "too hard" just because you've never taken more than 5 minutes to learn the basics. If you did know anything about "Linux" you'd understand that the command line is a specific and very important feature which many administrators swear by.
The same goes the other way around:-) Scripting and shell commands is used just as much in large Windows environments by experienced Windows SAs.
Being a former Debian user, and now an openSUSE and Windows user, I feel I know many of the differences between Windows
Download a freeware web-poll product that will allow you to ask all users in the company (or at least your geographical location) which systems are "business critical" and to what extent they would be able to service their customers if they didn't have them. Example: "How many sales orders would you get, Mr. Sales Guy, if you didn't have e-mail?" or perhaps "Mr. Customer Tech, how many support incidents could you service without the main web-based knowledge database?"
Divide the numbers they give you with the total sales/incidents, and convert the result into a percentage of the company's total annual revenue or turnover. Compare the result with the IT spendings.
You can't quantify SA productivity. I respectfully disagree.
You can evaluate how many users the SA's systems serve, how many systems the SA maintains, and how much data throughput all these users/systems generate.
A confused Microsoft-SA running in circles around an Exchange server all day in order to serve 200 users is not "efficient" compared to a Linux-SA running an MTA which services 25.000 users (with better response times).
On the other hand, a non-skilled Linux-SA who is fiddling with a SAMBA server in order to maintain 200 users with Windows clients is not very "efficient" compared to a skilled Microsoft-SA with a well configured AD.
Off course you can measure SA efficiency. And there is nothing bad about it. In most cases it is even a benefit for the *nix admins.
Slashdot Mirror
they mean a Bozo-Einstein compensate. http://en.wikipedia.org/wiki/Bozo%E2%80%93Einstein_compensate/
[/fakequote] I totally object to your post!
Einstein was certainly not a Bozo, and nobody should be compensated for saying that!
This flaw can be exploited on Unix, Linux, BSD, Windows, OS X. If the Olsen-twins made an OS using the same hardware and code base for network drivers, their Olsen-twin-OS would have the same flaw as well. In fact, the wide application of this flaw is the main reason it is truly newsworthy.
I politely recommend reading the article, and studying the problem in more depth before your next post.
Lasers?
That won't even penetrate our navigational shields!
Where are your phasers?
Just another case of Slashdot treating its visitors like criminals.
Worse yet: Slashdot probably encrypts that password before storing it in their database!!! The bastards!!!
Yes. I agree. They are no better than the RIAA. Death to all websites who use passwords and enrypt them before storing them. We want freedom for all!
Btw, what is the username for your PayPal account?
Perhaps.
... looking in the license?
:-)
But that does not invalidate my observation: Nobody showed any interest in the actual license. How on earth can we even debate a license issue, if nobody knows what it says in the actual license???
Could be a violation. Sure. But the only way to know would be
- Jesper
Funny, everybody is whining (or anti-whining) about the release (or lack thereof) of the sourcecode.
But what about the GPL license?
If the people making this software are claiming it is GPL'ed, shouldn't the actual GPL license document be the first thing you were looking for?
What license ACTUALLY comes with the software in question? Forget what is says on outdated web pages. What does it say in the license which followed the product?
Only after examining the ACTUAL license, can we decide if there is a license violation or not. And as a user of the product, who wants to know what your rights and privileges are, you should focus your attention on the license - not buried within the sales pitch of a web page.
- Jesper
1.) It can be used to crack passwords/passkeys encrypted in this manner. It makes it possible for the owner of the device to obtain the actual password/passkey if he can get a hold of the hashed version. This may be useful in cracking networks or security barriers.
2.) It can display to the world, just how cheat it is to build a device which can reverse hashed data. If he can get his hands on this device for small money, imagine how many FPGAs the CIA or NSA could cramp into one of their facilities?
Knowledge is power.
- Jesper
It seems to be the logical step. But how does this decision actually stand with current rules on the topic?
...
We might all oppose Microsofts methods of getting the "yes" vote, but as an IT geek working with protocols and OO encapsulation I would say this: Rules are rules! Protocols are protocols! If they are weak, fix them for the future. Don't whine about the past flaws in your protocols.
While Microsofts methods were perhaps immoral, they DID follow the protocol. Do we really want a situation where votes can be nullified in spite of the fact that they were obtained by following the rules? And could such practice be a disadvantage for F/OSS projects/standards/protocols in the future?
Just a thought
- Jesper
No matter who made the original decryption routine, DVD Jon was still the first to make it available for end-users with the DeCSS program.
:-)
- Jesper
True, but he was still the first to wrap it all up in a package/program usable by non-technical users.
:-)
His DeCSS program was the first of its kind, no matter if he obtained the actual decryption surcecode from somewhere/someone else.
- Jesper
Comprende, moron?
Stop writing to me, my IQ is plummeting because of those conversations with such idiots like you.
Question: Can a negative IQ actually be "plummeting"?
I don't think you have illustrated anything, other than your apparent lack of arguments, and your inability to engage in a good debate. Your response to solid arguments and fair questions is foul language and negative attitude.
And you still haven't explained how or why (from a sociological point of view) you think having rules in a society is bad, or why religious needs should exceed the needs of society as a whole.
1.) DVD Jon was actualy a pretty knowledgeable hardcore geek way before he did the CSS crack.
2.) He actually DID get sued. By big companies. On several occasions.
- Jesper
Untrue. And I could give you many examples. For now I will just stick with one: DotNetNuke, an OpenSource and free CMS of quite good quality for the .NET platform. They make a great product, have a good community, give their product away for free (free as in "beer), and supply the sourcecode along with it with a semi-free (as in "freedom") license which compares somewhat to an LGPL.
Can you please describe to me, in what way you think they are evil?
(because I surely can't see it).
I think your statement is just a bit troll-ish and unfair (not enough to be moderated down though).
While I agree that the OOXML approval process in certain countries sucks ass, that is not in itself a proof that *ALL* Microsoft Partners are dishonorable.
They could have avoided a lot of trouble, if they had just signed up as a Microsoft Partner. It costs nothing and would have made them "a co-player" rather than a "security risk".
- Jesper
That is not in dispute here? Please explain your point more clear?
- Jesper
OK, I still don't understand you.
...
Are you trying to say, that the Islamic injunction which oppresses women and forces them to wear headscarfs (no matter if they want or not) is less oppressive than laws in France or Germany which dictate that nobody may wear strong religious symbols in public institutions? (btw while totally allowing them to wear whatever they please when they are not in a public institution)
Think well before you answer
- Jesper
German laws circa 1937 were quite neutral to all Jews. Do you listen to yourself, atheists? I looked into that. You seem to be mistaken. Or perhaps you would elaborate what you mean, and which laws you refer to?
YOU personally can not. Except perhaps in your own home, where they would have the choice of either complying or leaving.
If society tells my daughter to wear clothes in public, she has to comply or stay home. If she choses to disobey society and go out in the public totally naked, she will be arrested and taken of the streets.
If society tells my daughter she can not pursue a political career wearing a Burka (or becoming a Police officer wearing a Burka) she will have to choose another line of work or loose the burka.
How on earth is it BS? I need arguments, not bad language.
Society is allready telling you what to wear, and in part how to wear it (for instance if you wear your pants on your head and your t-shirt on your ass you will be locked away by society as well). The ONLY thing which is open for debate here, is the limits of these restrictions. Not if they do or do not exist. They do - beyond any questioning.
- Jesper
Allowing or accepting the uncontrolled exercise of all religious aspects is unacceptable in any modern society.
Society as a whole is (and should be) dominated by non-religious values. In fact, that is the only way to ensure equal space for all religions. If the moral/ethical ways of the society I live in has decided that "murder is illegal", but my religion dictates that I must make a human sacrifice every month, which should win? If the moral/ethical ways of the society I live in has decided that stealing is wrong, but my religion dictates that I must covertly acquire other peoples values on a daily basis, which should win?
If the society I live in dictates that we must all be able to see the face of every public worker we encounter, but some religion dictates that all women should wear a Burka (Muslim full-body ghost-like clothing, typically all black or brown), which point of view should have precedence? Should women wearing a Burka be allowed to become public workers? Like police officers? Or politicians? Or bureaucrats? Would you call it "religious persecution" if I opposed a law which accepted police officers to wear a Burka (I am sure some of them would just love that)?
Religion is often in conflict with the ethics and moral values of society in general (and with other religions). The only way to ensure maximum space for everyone is by letting the general moral and ethical values take precedence. In a democratic society, these values are enforced by the government (who passes laws which reflect values in society). And while we all may disagree with the governments decisions sometimes, it is still the best way to ensure maximum space for everyone.
Personally I think that making laws about headscarfs is pretty silly. But i certainly understand the underlying arguments for doing so. Perhaps it seems stupid looking at the headscarfs, but on the other hand, the Burka is a pretty good example of the reason we have to draw a line SOMEWHERE. The result is simple: we must allow people to exercise whatever religion they want, as long as this exercise conforms to the moral and ethical values of society. For example: We must allow women to wear a Burka as long as they accept that they cannot become police officers at the same time.
Making laws that prohibit police officers from being fully masked is not an oppression or persecution of religion. It is a fair and necessary step which ensures that society works as a whole.
- Jesper
Actually they didn't. They banned people who are wearing clear religious signs, including (BUT NOT LIMITED TO) a headscarf. The law permits wide interpretations which in effect also prohibits funny little Jewish hats, big necklaces, big crucifixes, etc. The prohibition is for ANY religion.
It is therefore fair to consider the laws you refer to as being "neutral", because they simply prohibit strong religious signals IN GENERAL and not in opposition of a single religion.
They also don't tell you what you can or can't do in the privacy of your own home.
Your comparison to this new and very sad Chinese law is flawed.
You sound like you're a non-technical Windows user who knows Windows because that is what you've always used. You also sound like someone who has never tried to administer (in depth) both Windows and Linux servers (including email, web servers, VPNs, SQL servers, backups, patching, etc).
With all respect, that is not the case :-) And you also make a number of critical mistakes which display your Windows-ignorance. I will address those in a second.
With Windows GUI interfaces, you'd have to login to each server 1 by 1 and configure each one by hand manually.
That is a very widespread and common misunderstanding, which is totally untrue. Any Windows server since NT 4 supports remote scripting. A Windows SA who knows hes way around VBS can access virtually any element of a Windows Server through COM, and execute these scripts remotely. The scripts can also be propagated to any number of servers, either by naming the servers or by propagating them using the Domain/AD specifications (site, organization, country, company, etc). I don't know where you picked up this misconception, but when you accuse others of not knowing what they are talking about, the least you could do is get your facts right.
Want to automatically update your software on Windows? Have fun visiting dozens of third party websites, downloading installation files and installing them one-by-one, trying to avoid...
That is yet another common and very untrue misconception. It is no more difficult to get the correct downloads for Windows applications that it is for Linux applications. While it is true that many Linux distros have good packaging systems (which many Windows admins may envy), consider what happens if you have software that is not in your packet manager? Like commercial software from Oracle or IBM? (yes - businesses actually use such commercial products). Or 3rd party open source software which has not been compiled? Good luck compiling it for your specific distro and all the different hardware if you are just an average admin.
I am not saying Windows is better in this respect. But you shouldn't pretend it is 100 times as bad either. Rolling out updates on multiple servers can be done with the Windows Installing service, which can propagate properly formed MSI packages to any number of machines you like (including thousands of Windows clients and hundreds of servers in a single roll-out). It requires the same care and the same planning as rolling out updates on non-Windows machines - just using different tools.
In addition there are many software managing systems which can handle these things for you. Some are commercial (like Tivoli and HP Openview) and others are free. They support both Windows and non-Windows technology, so in many cases you can design roll-out projects for many different platforms with the same tool. They will even make sample scripts for you, or have agent-software you can install on the target machines to be managed.
while totally ignoring the *MASSIVE* inefficiencies and problems of using a proprietary Microsoft environment.
If you refer to your apparent lack of knowledge on how to handle large Windows environments, then you are correct. But an experienced Windows SA will never have the difficulties you describe, and will handle things in a very different manner. Your example is flawed.
You can't claim Linux is "too hard" just because you've never taken more than 5 minutes to learn the basics. If you did know anything about "Linux" you'd understand that the command line is a specific and very important feature which many administrators swear by.
The same goes the other way around :-) Scripting and shell commands is used just as much in large Windows environments by experienced Windows SAs.
Being a former Debian user, and now an openSUSE and Windows user, I feel I know many of the differences between Windows
Download a freeware web-poll product that will allow you to ask all users in the company (or at least your geographical location) which systems are "business critical" and to what extent they would be able to service their customers if they didn't have them. Example: "How many sales orders would you get, Mr. Sales Guy, if you didn't have e-mail?" or perhaps "Mr. Customer Tech, how many support incidents could you service without the main web-based knowledge database?"
:-)
Divide the numbers they give you with the total sales/incidents, and convert the result into a percentage of the company's total annual revenue or turnover. Compare the result with the IT spendings.
That should get his attention.
- Jesper
You can evaluate how many users the SA's systems serve, how many systems the SA maintains, and how much data throughput all these users/systems generate.
A confused Microsoft-SA running in circles around an Exchange server all day in order to serve 200 users is not "efficient" compared to a Linux-SA running an MTA which services 25.000 users (with better response times).
On the other hand, a non-skilled Linux-SA who is fiddling with a SAMBA server in order to maintain 200 users with Windows clients is not very "efficient" compared to a skilled Microsoft-SA with a well configured AD.
Off course you can measure SA efficiency. And there is nothing bad about it. In most cases it is even a benefit for the *nix admins.
- Jesper