This is a really simple question, and one that hopefully will not be overlooked for its brevity, but I must ask anyway: Just what in the hell makes the FCC think that it has the mandate from the people to defecate on our First Amendment rights and fine radio stations for content?
Also, and on the same vein, while I understand why regulation of radio bands is important to a degree, it is an obvious violation of our Constitutional rights to prevent us from transmitting on X, K, Ka, and other police radar bands. If my car can be bombarded by a cop in support of his local speed tax, I should have the right to return the favor. I'm covered here in so many ways its freaking ridiculous. I have the right to defend myself, especially considering that there is no probable cause to check my speed; I also have freedom of expression, and if that means that I choose to express myself on a police radar band, that's none of your damn business. I understand the arguments on both sides, but the FCC is horibbly wrong here, bowing to the pressures of government, big business, and powerful lobbies. What exactly are the people getting out of your existence?
I'm as big a fan of a conspiracy theory as anybody, but I'm afraid that the root of this problem is in the type of laser used. When the first prototype DVD devices started appearing on the market, I was a lab monkey at Intel, and we noticed the same problems. The issue was eventually resolved, but it made the device $5-20 more expensive. Most likely, Sony has done a market survey and determined that CD-R is not something that is worth adding that much to the cost of the device.
I know this has already been adressed to a small degree in this thread, but not well, and I apologize if this comment seems insensitive or off-topic, but I would be interested to know your opinion.
I agree that SUVs are very dangerous on roads, and it seems that poor drivers are often at the wheel. However, Honda is famous for (at least during the 80's and early 90's) making cars extremely light to improve fuel efficiency. Kia and Hyundai currently do this. This seems extremely irresponsible to me. While these cars can be made in such a way that they do not crush the passenger or driver (which it appears was not the case with your Honda, unfortunately), they still cannot eliminate the biggest problem with lightweight vehicles: instant acceleration. When a light car is struck by a medium to large vehicle (say, 3300 to 4000 lbs.), it accelerates instantly much faster than it would have if it weighed just a bit more. Depending on speed and many other factors, just 500 lbs. can mean the difference between 8 and 12 g-forces. That's a big difference. My car (a 1994 cavalier with a V6) was rear-ended by another vehicle going 55 mph while my vehicle was traveling at 5-7 mph. I was not injured. My sister's Toyota Celica was hit by a car going only 30 mph in front of our house. My dad and I spent 15 minutes tearing the door off to get her out, because the car was thoroughly crushed. Luckily, she recovered in a few weeks, but some people aren't so lucky. I realize that many people are convinced that Asian vehicles are more reliable, nicer, etc.; but they are designed in countries where speeds over 40 mph are very rare, and as such, they often cannot handle a collision that isn't bumper-to-bumper at low speed. I know I'm not giving any empirical evidence here, and I admit that a large part of the problem are vehicles like Suburbans and Excursions, but I won't be caught driving a Honda/Toyota/Nissan or any product of their divisions, because I have seen what happens to them in accidents.
One more bit of info about me: I have, in the past, raced cars semi-professionally. Mostly, I drag-raced, but I also raced a few races at PIR. I've been in my share of wrecks, including an end-over-end incident at 240+ mph at a dragstrip. We can blame the SUVs, but that's only part of the problem, because if I can walk away from that wreck, Japan can definitely add a few pounds of metal to their cars for our safety. I have no desire to be surrounded by plastic when my life is on the line.
This will come off as a bit biased (which it is), but I work for a company that has written some software called Hailstorm that's very good at helping you test your own security. It's especially good in situations where you have written something custom, whether it be a CGI script or some sort of server program. It succeeds where security scanners fail, because it can help you find problems that are previously unknown. To see it in action analyzing IDS systems, check out the article at SecurityFocus. Good security consulting firms are VERY expenseive, so Hailstorm may be a good choice depending on what you are really looking for.
Also, if you are interested in trying out Hailstorm (which, for the time being, only runs on NT 4.0/W2K, although it can test applications on any OS), shoot me an email (removing the obvious part), and I'll help you out. A trial version can be downloaded at www.ClickToSecure.com.
For a system to be B-level compliant, it must have mandatory access controls, something that Linux does not have. There are a few 3rd party tools that can help with this, but they are not complete, and not part of Linux. It may be possible to build a B-level box out of Linux, but Linux itself is not, and probably never will be. Believe it or not, it's for the same reason that NT will not: it makes the system very difficult to use. Mind you that NT is only C2 compliant without a network card installed, and Linux would probably fall into the same category. For certification purposes, NT and Linux are on the same playing field, because the certifications are more into the design of the system, and rarely address the implementation, or bugs.
I guess the point is that you could have a B or A level box, but you'd never use it for anything interactive because it would be too inflexible. To answer your question, AIX is fairly secure, but the OS has to go through a number of hoops before it passes any level of certification, which, BTW, NT does also.
CNN, like 2600, is a news organization, staffed by journalists. As journalists, they have the natural and logical instinct that source code is Free Speech, and as such, is covered under the First Amendment. I'm sure that whoever posted the link was unaware of the issue at hand. As I type this, the link has already been removed, but the point remains. Surely, CNN will not be sued, molested, or otherwise punished for this, which says to me that what I've believed all along is true: this lawsuit is not as much about DeCSS as it is an attack on the hacker community as a whole. 2600 was picked because of who they are, not because of what they did, and CNN will be left alone for the same reason. What has it come to that we now live in a society that applies laws differently to each person based on someone's perception of the person in general rather than the legitimacy of the charges? This makes me sick. I'm a security professional, and as such, a big part of what I do is security audits of products. What this ruling means to me is that if some large corporate entity decides they don't like me because I discovered a security hole in a product of theirs, they can sue me to death, but if they did the same thing to me, I would have no recourse. Well, I guess I have only one response to this, "http://magic.hurrah.com/~fireball/dvd/". I'm not linking to anything here, I'm just typing a URL, which surely will be illegal tomorrow, along with quoting the phrase "For Dummies", and writing a disassembler, because after all, I could use it to circumvent copy protection...
As many have mentioned already, this product is so old and out-dated, no one really wants it. However, it allows Procomm to get a free image-enhancement with the Open-Source community. They give away something they don't want anyway, and in return, get lots of fuzzy feelings from us Linux geeks. I'm waiting for the day when a company like this GPLs a serious application that's actually worth something. Then, I'll be impressed.
Even better (worse?) idea
on
A New DeCSS
·
· Score: 2
I'm tempted to just rename every single program I write "DeCSS". I'd just give them all different descriptions. Imagine if, for a couple of months, nearly every Open Source project changed the name of their downloadable package to "decss.tar.gz". So, as a member of the Open Source community, and a DVD owner who would like to use Linux to play his DVDs, I emplore everyone who reads this to consider changing the name of their downloadable files to decss.tar.gz. Thank you.
Ok folks, the list of the mirrors posted in this thread that I promised is running here. Please email me at fireball@magic.hurrah.com if you would like to be added to the list.
Here's my mirror. Alright folks, here's an idea, everyone post their mirrors here (if you don't have one, go to one of the links and get it), and I'll create a link page based off of this thread. I encourage others to do the same. To be honest, I think whacking the mole is a bit of a weak analogy, I think "putting the shit back in the horse" is a bit more analogous.
Maybe it's just me, but I'm overwhelmed with the number of icons that now exist for various news stories. Does Slashdot need to have an icon for every business that ever mentions Linux in a press release? If so, there's going to be about 20 MB of icons in the next few months. One thing I like about slashdot is that the only image I have to reload every time I visit is the banner, so if there's a new icon every time I visit, my brain-dead browser has to download it before it renders the page.
Also, has anyone else noticed that the icons at the top of the page are always 3-8 stories behind? Why is that? When I first saw it, I thought it was a temporary result of some changes, but now it's been there for a couple months.
Just some suggestions. Keep up the good work Rob, Jeff, et al.
Well, Wargames was released in the same year that Mitnick turned 19. He wasn't even arrested until ten years later, and the acts attributed to Kevin do not even mildly resemble the acts depicted in Wargames. This report embodies the biggest problem that the computer security industry has: misinformation. I'm sorry, but this article needed some serious editing before it was released. This one major flub makes me wonder how many errors exist in parts of the article that I'm less familiar with. Put frankly, I'm sick of journalistic incompetence in dealing with computer security issues. When will they learn?
I used to work for a company called Tera Technologies that made a product called EZ-Win that does this exact thing, and yes, it does use the X protocol. This prodcut was created at least two years ago. Someone should slap some sense into the Patent Office. It wouldn't take anyone very long to just do a web search for the appropriate keywords to discover that this was already done.
If you need to point-and-click to administer a machine,
This looks pretty cool. It needs some work, but it's a good start. I'm a bit nervous about using/modifying something with such a vague copyright statement. Perhaps we could get some clarification?
If you need to point-and-click to administer a machine,
1. Fail to address any of the allegations against your conduct with a factual, or even coherent, argument.
2. Fail to show any remorse for the hypocritical life you lead and the people you have fscked over.
3. Skirt around the real issues like you're a Presidential candidate.
JP, I suggest you run for office. Lying and deception are your best skills, and it's a shame to let them go to waste on people who don't buy your bullshit.
If you need to point-and-click to administer a machine,
While I'm encouraged that they are fixing the problems with the package, I wish there were an easy way to deal with the inherent problems with the protocol itself. It's still fairly trivial to poison DNS caches, and lookups are still not encrypted, which although not much of a security issue by itself, it's a bit of a privacy issue. We've come to a point where if a program relies on reverse DNS lookups, any DNS expoit used against it is considered a security problem with the program, not DNS. The truth is, however, that the DNS system should be reliable enough that these types of attacks wouldn't even exist. Don't get me wrong, I applaud their work for fixing the bugs that they have, but there is some basic protocol work that needs to be done before I'm happy with it. Here is a interesting example of DNS quirks.
If you need to point-and-click to administer a machine,
JP, I would love to hear you ramble on again about how Jericho is obsessed with you, and how packetstorm was threatening you sister, et al. But really, we all know that you just couldn't stand the competition from the security sites without VC backing, so lets cut to the chase: How do you explain numerous stories that appear on your site that were copied fully or in part from a different commercial news source without their permission, and without giving due credit? Don't deny it, it's pointless. I know you want to, but attrition.org has documented all of it. Also, how do you respond to allegations that you have committed Federal computer crimes, since, by your own admission, you have been in situations before where you could have stopped a crime and didn't? Isn't that a crime itself? I mean really, the only time you've ever had a report on anything less than a month old is when you reported on (cr|h)acks that you were suspected of taking part in. One last question: How does it make you feel to know that you destroyed the life work of a college student that was providing one of the most valuable online security resources (certainly better than another infamous web site) for free in his spare time for no other reason than it bothered you to lose traffic to it?
If you need to point-and-click to administer a machine,
I like this idea on the surface, but one thing scares me a bit. If Dell decides to ship some of these machines with Windows, and some without, the ones using Linux/BSD/BeOS or whatever they use will undoubtably be cheaper. If I were a clue-free end user, that would imply to me that they were inferior OS's, since the hardware was identical. Now, we all know it's not true, and we've fought similar battles before, but for this to be a positive for us, we need to be very vocal about the fact that just because these machines are cheaper does not mean they are inferior. I mean, if I saw two identical guitars, one of which was made in China, and the other in the US, and the one made in China was cheaper, I would assume that the one made in the US was of higher quality. This, however, is a result of my lack of knowledge. For all I know, China has better processes in place, and the only reason it's cheaper is that they have cheaper labor. I think we must tread carefully into this area, and it can really pay off.
If you need to point-and-click to administer a machine,
Well, I respect your right to read whatever you want, but this guy has been part of the scene for almost 20 years. Maybe you should read his story, it's actually quite interesting. He hasn't been part of the news since he was arrested in the 80s.
If you need to point-and-click to administer a machine,
Well, I'm not sure where I got it, but it sure wasn't mine originally:) It really is a good.sig though. I just wish my sig changes weren't retroactive.
If you need to point-and-click to administer a machine,
I've was treated very poorly by the teachers and administration in high-school, so if you are a teacher, principal, etc.; sorry, but this is my experience: The administration at my school had a huge number of draconian rules that made even breathing difficult. We were expected to follow every rule to the letter, and anything less brought down hell on us. More than once, I was reprimanded simply for expressing an opinion that differed from that of the current speaker. There was only one "truth", and the teachers had a corner on the market. I would often find loopholes in the rules to allow me to do things that I wanted to. These efforts were not appreciated. I would be punished for "violating the spirit of the law", and the rules would quickly be changed. The teachers, likewise had a set of rules that they were supposed to live by. They were by no means as strict, and quite fewer in number. However, they were never required to follow those rules. For example, the teachers were required to write up a Disciplinary Action Form if they sent a student to the office for disciplinary reasons. However, they rarely did. More than once I claimed that I was never sent to the office and asked them to produce the forms as proof that I had been sent. They never produced these forms, but (big surprise) I was disciplined again for my challenges. Simply standing up to ridiculousness and having an opinion are important skills that are stamped out in our schools. I'm a free-thinking individual, with no use for these fascist institutions. I'm only 20 years old, but I'll swear to anyone reading right now that I will never cripple my children by subjecting them to such a limiting, brainwashing environment. It's so ridiculous. My school's curriculum preached the values of democracy and a free society out every orifice they had, but when it really came down to it, they practiced fascism, favoritism, and contributed to an animalistic social hierarchy favoring those who did not think for themselves. Pardon my language, but give me a fucking break! Now, the schools in my area are implementing cameras in all areas of the school, including bathrooms. It's an outright violation of privacy. A student shouldn't have to put up with anything at school that his parents don't have to put up with at work. That includes abuse by teachers and students, destruction of free will, etc. If I had to put up with anything even resembling my experience in high school at a job, I'd walk out the door in an instant. I swear, if I could fix this, I'd do it right now. It's one of the biggest tragedies in this country.
If you need to point-and-click to administer a machine,
Absolutely. Also, I agree with the comment later on about the fact that when a market leader acknowledges its competition in PR, it is destined to cease to be the market leader. M$ is running scared, so what are we all so afraid of? We need to realize as a community that this is nothing to fear. We need to fight the FUD with calculated truth that we can back up, not wild defensiveness. I think NIN said it best:
i want to break it up i want to smash it up i want to fuck it up i want to watch it come down maybe afraid of it let's discredit it let's pick away at it i want to watch it come down now doesn't that make you feel better? the pigs have won tonight now they can all sleep soundly and everything is alright
Seems like a good description of MS right now...
If you need to point-and-click to administer a machine,
They mentioned in the article that PepsiCo paid to have a soda can float outside the space shuttle earlier. I'm pretty sure Pizza Hut is owned by Pepsi, so this is really the same company paying again to get more space-exposure. Interesting, because I'll bet the money would have been better spent on that Super-bowl ad. The people interested in space are usually a little bit smarter, and less swayed by advertising stunts than those who watch football games. Before you football fans jump down my throat, I love football as well, and I'm planning to watch the game.:) I just don't think that the side of a rocket that none of their target audience will actually see in person seems like a waste of a couple million bucks.
If you need to point-and-click to administer a machine,
I don't think you are wrong, that exploit shouldn't be there, but it was the default install. If the default NT install was used, it wouldn't have lasted 10 minutes. MS suggest _300_ security checks to do before an NT box is secure. PCWeek went through this checklist to lock down the NT box, but Redhat was left to stand in it's default condition. We should learn from this experience and improve Linux, to be sure; but also keep in mind that this does not indicate that Linux is less secure that NT, or vice-versa. The crontab exploit was only used to gain root, after JFS had already comprimised a local user account by exploiting the CGI. This would have been even easier on the NT box, because there is a program out there that still works called get_admin. It elevates any user to Administrator.
The point is that the biggest hole in the Linux box was not in the Open-Source OS, it was in the one closed-source application it was running. People will argue about the difference in quality of Open-Source vs. closed-source from now until the end of time, but there is so much scrutiny applied to security right now, that Open-Source products have more than proven their superiority in the information security world. Open-BSD allows anyone to look at the source at will, yet an up-to-date Open-BSD install has never been comprimised in it's default configuration.
We all know these things, and it's time that we stop whining about analyses, complaining about FUD; and prove it. We've made our point; everyone knows that the Linux community doesn't agree with any result that shows a deficiency in our work, but it doesn't help our cause. Make Source, not war.
If you need to point-and-click to administer a machine,
What everyone here needs to realize is that speed and price of DSL varies WIDELY depending on where you live, and who you buy it from. In my case, I can get 384/384 for $52/mo, but according to the author, in Boston, that's $300/mo. Also, the speeds I attain a far greater than the cable modems _in this area_. It's very important to mention the geographical differences. Just because my DSL rocks cable here in Oregon, doesn't mean it's going to anywhere else. The moral of this story is that just as always, you need to do your own research so that you don't get burned.
If you need to point-and-click to administer a machine,
Slashdot Mirror
This is a really simple question, and one that hopefully will not be overlooked for its brevity, but I must ask anyway: Just what in the hell makes the FCC think that it has the mandate from the people to defecate on our First Amendment rights and fine radio stations for content?
Also, and on the same vein, while I understand why regulation of radio bands is important to a degree, it is an obvious violation of our Constitutional rights to prevent us from transmitting on X, K, Ka, and other police radar bands. If my car can be bombarded by a cop in support of his local speed tax, I should have the right to return the favor. I'm covered here in so many ways its freaking ridiculous. I have the right to defend myself, especially considering that there is no probable cause to check my speed; I also have freedom of expression, and if that means that I choose to express myself on a police radar band, that's none of your damn business. I understand the arguments on both sides, but the FCC is horibbly wrong here, bowing to the pressures of government, big business, and powerful lobbies. What exactly are the people getting out of your existence?
I'm as big a fan of a conspiracy theory as anybody, but I'm afraid that the root of this problem is in the type of laser used. When the first prototype DVD devices started appearing on the market, I was a lab monkey at Intel, and we noticed the same problems. The issue was eventually resolved, but it made the device $5-20 more expensive. Most likely, Sony has done a market survey and determined that CD-R is not something that is worth adding that much to the cost of the device.
I know this has already been adressed to a small degree in this thread, but not well, and I apologize if this comment seems insensitive or off-topic, but I would be interested to know your opinion.
I agree that SUVs are very dangerous on roads, and it seems that poor drivers are often at the wheel. However, Honda is famous for (at least during the 80's and early 90's) making cars extremely light to improve fuel efficiency. Kia and Hyundai currently do this. This seems extremely irresponsible to me. While these cars can be made in such a way that they do not crush the passenger or driver (which it appears was not the case with your Honda, unfortunately), they still cannot eliminate the biggest problem with lightweight vehicles: instant acceleration. When a light car is struck by a medium to large vehicle (say, 3300 to 4000 lbs.), it accelerates instantly much faster than it would have if it weighed just a bit more. Depending on speed and many other factors, just 500 lbs. can mean the difference between 8 and 12 g-forces. That's a big difference. My car (a 1994 cavalier with a V6) was rear-ended by another vehicle going 55 mph while my vehicle was traveling at 5-7 mph. I was not injured. My sister's Toyota Celica was hit by a car going only 30 mph in front of our house. My dad and I spent 15 minutes tearing the door off to get her out, because the car was thoroughly crushed. Luckily, she recovered in a few weeks, but some people aren't so lucky. I realize that many people are convinced that Asian vehicles are more reliable, nicer, etc.; but they are designed in countries where speeds over 40 mph are very rare, and as such, they often cannot handle a collision that isn't bumper-to-bumper at low speed. I know I'm not giving any empirical evidence here, and I admit that a large part of the problem are vehicles like Suburbans and Excursions, but I won't be caught driving a Honda/Toyota/Nissan or any product of their divisions, because I have seen what happens to them in accidents.
One more bit of info about me: I have, in the past, raced cars semi-professionally. Mostly, I drag-raced, but I also raced a few races at PIR. I've been in my share of wrecks, including an end-over-end incident at 240+ mph at a dragstrip. We can blame the SUVs, but that's only part of the problem, because if I can walk away from that wreck, Japan can definitely add a few pounds of metal to their cars for our safety. I have no desire to be surrounded by plastic when my life is on the line.
This will come off as a bit biased (which it is), but I work for a company that has written some software called Hailstorm that's very good at helping you test your own security. It's especially good in situations where you have written something custom, whether it be a CGI script or some sort of server program. It succeeds where security scanners fail, because it can help you find problems that are previously unknown. To see it in action analyzing IDS systems, check out the article at SecurityFocus. Good security consulting firms are VERY expenseive, so Hailstorm may be a good choice depending on what you are really looking for.
If you want to hire a security firm, I would suggest a few different companies: Securify, a division of Kroll-O'Gara; Guardent; Ernst & Young; @Stake; and Foundstone.
Also, if you are interested in trying out Hailstorm (which, for the time being, only runs on NT 4.0/W2K, although it can test applications on any OS), shoot me an email (removing the obvious part), and I'll help you out. A trial version can be downloaded at www.ClickToSecure.com.
For a system to be B-level compliant, it must have mandatory access controls, something that Linux does not have. There are a few 3rd party tools that can help with this, but they are not complete, and not part of Linux. It may be possible to build a B-level box out of Linux, but Linux itself is not, and probably never will be. Believe it or not, it's for the same reason that NT will not: it makes the system very difficult to use. Mind you that NT is only C2 compliant without a network card installed, and Linux would probably fall into the same category. For certification purposes, NT and Linux are on the same playing field, because the certifications are more into the design of the system, and rarely address the implementation, or bugs.
I guess the point is that you could have a B or A level box, but you'd never use it for anything interactive because it would be too inflexible. To answer your question, AIX is fairly secure, but the OS has to go through a number of hoops before it passes any level of certification, which, BTW, NT does also.
CNN, like 2600, is a news organization, staffed by journalists. As journalists, they have the natural and logical instinct that source code is Free Speech, and as such, is covered under the First Amendment. I'm sure that whoever posted the link was unaware of the issue at hand. As I type this, the link has already been removed, but the point remains. Surely, CNN will not be sued, molested, or otherwise punished for this, which says to me that what I've believed all along is true: this lawsuit is not as much about DeCSS as it is an attack on the hacker community as a whole. 2600 was picked because of who they are, not because of what they did, and CNN will be left alone for the same reason. What has it come to that we now live in a society that applies laws differently to each person based on someone's perception of the person in general rather than the legitimacy of the charges? This makes me sick. I'm a security professional, and as such, a big part of what I do is security audits of products. What this ruling means to me is that if some large corporate entity decides they don't like me because I discovered a security hole in a product of theirs, they can sue me to death, but if they did the same thing to me, I would have no recourse. Well, I guess I have only one response to this, "http://magic.hurrah.com/~fireball/dvd/". I'm not linking to anything here, I'm just typing a URL, which surely will be illegal tomorrow, along with quoting the phrase "For Dummies", and writing a disassembler, because after all, I could use it to circumvent copy protection...
As many have mentioned already, this product is so old and out-dated, no one really wants it. However, it allows Procomm to get a free image-enhancement with the Open-Source community. They give away something they don't want anyway, and in return, get lots of fuzzy feelings from us Linux geeks. I'm waiting for the day when a company like this GPLs a serious application that's actually worth something. Then, I'll be impressed.
I'm tempted to just rename every single program I write "DeCSS". I'd just give them all different descriptions. Imagine if, for a couple of months, nearly every Open Source project changed the name of their downloadable package to "decss.tar.gz". So, as a member of the Open Source community, and a DVD owner who would like to use Linux to play his DVDs, I emplore everyone who reads this to consider changing the name of their downloadable files to decss.tar.gz. Thank you.
Ok folks, the list of the mirrors posted in this thread that I promised is running here. Please email me at fireball@magic.hurrah.com if you would like to be added to the list.
Here's my mirror. Alright folks, here's an idea, everyone post their mirrors here (if you don't have one, go to one of the links and get it), and I'll create a link page based off of this thread. I encourage others to do the same. To be honest, I think whacking the mole is a bit of a weak analogy, I think "putting the shit back in the horse" is a bit more analogous.
Maybe it's just me, but I'm overwhelmed with the number of icons that now exist for various news stories. Does Slashdot need to have an icon for every business that ever mentions Linux in a press release? If so, there's going to be about 20 MB of icons in the next few months. One thing I like about slashdot is that the only image I have to reload every time I visit is the banner, so if there's a new icon every time I visit, my brain-dead browser has to download it before it renders the page.
Also, has anyone else noticed that the icons at the top of the page are always 3-8 stories behind? Why is that? When I first saw it, I thought it was a temporary result of some changes, but now it's been there for a couple months.
Just some suggestions. Keep up the good work Rob, Jeff, et al.
Well, Wargames was released in the same year that Mitnick turned 19. He wasn't even arrested until ten years later, and the acts attributed to Kevin do not even mildly resemble the acts depicted in Wargames. This report embodies the biggest problem that the computer security industry has: misinformation. I'm sorry, but this article needed some serious editing before it was released. This one major flub makes me wonder how many errors exist in parts of the article that I'm less familiar with. Put frankly, I'm sick of journalistic incompetence in dealing with computer security issues. When will they learn?
I used to work for a company called Tera Technologies that made a product called EZ-Win that does this exact thing, and yes, it does use the X protocol. This prodcut was created at least two years ago. Someone should slap some sense into the Patent Office. It wouldn't take anyone very long to just do a web search for the appropriate keywords to discover that this was already done.
If you need to point-and-click to administer a machine,
This looks pretty cool. It needs some work, but it's a good start. I'm a bit nervous about using/modifying something with such a vague copyright statement. Perhaps we could get some clarification?
If you need to point-and-click to administer a machine,
Yet again, you,
1. Fail to address any of the allegations against your conduct with a factual, or even coherent, argument.
2. Fail to show any remorse for the hypocritical life you lead and the people you have fscked over.
3. Skirt around the real issues like you're a Presidential candidate.
JP, I suggest you run for office. Lying and deception are your best skills, and it's a shame to let them go to waste on people who don't buy your bullshit.
If you need to point-and-click to administer a machine,
While I'm encouraged that they are fixing the problems with the package, I wish there were an easy way to deal with the inherent problems with the protocol itself. It's still fairly trivial to poison DNS caches, and lookups are still not encrypted, which although not much of a security issue by itself, it's a bit of a privacy issue. We've come to a point where if a program relies on reverse DNS lookups, any DNS expoit used against it is considered a security problem with the program, not DNS. The truth is, however, that the DNS system should be reliable enough that these types of attacks wouldn't even exist. Don't get me wrong, I applaud their work for fixing the bugs that they have, but there is some basic protocol work that needs to be done before I'm happy with it. Here is a interesting example of DNS quirks.
If you need to point-and-click to administer a machine,
JP, I would love to hear you ramble on again about how Jericho is obsessed with you, and how packetstorm was threatening you sister, et al. But really, we all know that you just couldn't stand the competition from the security sites without VC backing, so lets cut to the chase: How do you explain numerous stories that appear on your site that were copied fully or in part from a different commercial news source without their permission, and without giving due credit? Don't deny it, it's pointless. I know you want to, but attrition.org has documented all of it. Also, how do you respond to allegations that you have committed Federal computer crimes, since, by your own admission, you have been in situations before where you could have stopped a crime and didn't? Isn't that a crime itself? I mean really, the only time you've ever had a report on anything less than a month old is when you reported on (cr|h)acks that you were suspected of taking part in. One last question: How does it make you feel to know that you destroyed the life work of a college student that was providing one of the most valuable online security resources (certainly better than another infamous web site) for free in his spare time for no other reason than it bothered you to lose traffic to it?
If you need to point-and-click to administer a machine,
I like this idea on the surface, but one thing scares me a bit. If Dell decides to ship some of these machines with Windows, and some without, the ones using Linux/BSD/BeOS or whatever they use will undoubtably be cheaper. If I were a clue-free end user, that would imply to me that they were inferior OS's, since the hardware was identical. Now, we all know it's not true, and we've fought similar battles before, but for this to be a positive for us, we need to be very vocal about the fact that just because these machines are cheaper does not mean they are inferior. I mean, if I saw two identical guitars, one of which was made in China, and the other in the US, and the one made in China was cheaper, I would assume that the one made in the US was of higher quality. This, however, is a result of my lack of knowledge. For all I know, China has better processes in place, and the only reason it's cheaper is that they have cheaper labor. I think we must tread carefully into this area, and it can really pay off.
If you need to point-and-click to administer a machine,
Well, I respect your right to read whatever you want, but this guy has been part of the scene for almost 20 years. Maybe you should read his story, it's actually quite interesting. He hasn't been part of the news since he was arrested in the 80s.
If you need to point-and-click to administer a machine,
Well, I'm not sure where I got it, but it sure wasn't mine originally :) It really is a good .sig though. I just wish my sig changes weren't retroactive.
If you need to point-and-click to administer a machine,
I've was treated very poorly by the teachers and administration in high-school, so if you are a teacher, principal, etc.; sorry, but this is my experience:
The administration at my school had a huge number of draconian rules that made even breathing difficult. We were expected to follow every rule to the letter, and anything less brought down hell on us. More than once, I was reprimanded simply for expressing an opinion that differed from that of the current speaker. There was only one "truth", and the teachers had a corner on the market. I would often find loopholes in the rules to allow me to do things that I wanted to. These efforts were not appreciated. I would be punished for "violating the spirit of the law", and the rules would quickly be changed.
The teachers, likewise had a set of rules that they were supposed to live by. They were by no means as strict, and quite fewer in number. However, they were never required to follow those rules. For example, the teachers were required to write up a Disciplinary Action Form if they sent a student to the office for disciplinary reasons. However, they rarely did. More than once I claimed that I was never sent to the office and asked them to produce the forms as proof that I had been sent. They never produced these forms, but (big surprise) I was disciplined again for my challenges. Simply standing up to ridiculousness and having an opinion are important skills that are stamped out in our schools. I'm a free-thinking individual, with no use for these fascist institutions. I'm only 20 years old, but I'll swear to anyone reading right now that I will never cripple my children by subjecting them to such a limiting, brainwashing environment.
It's so ridiculous. My school's curriculum preached the values of democracy and a free society out every orifice they had, but when it really came down to it, they practiced fascism, favoritism, and contributed to an animalistic social hierarchy favoring those who did not think for themselves. Pardon my language, but give me a fucking break! Now, the schools in my area are implementing cameras in all areas of the school, including bathrooms. It's an outright violation of privacy. A student shouldn't have to put up with anything at school that his parents don't have to put up with at work. That includes abuse by teachers and students, destruction of free will, etc. If I had to put up with anything even resembling my experience in high school at a job, I'd walk out the door in an instant. I swear, if I could fix this, I'd do it right now. It's one of the biggest tragedies in this country.
If you need to point-and-click to administer a machine,
Absolutely. Also, I agree with the comment later on about the fact that when a market leader acknowledges its competition in PR, it is destined to cease to be the market leader. M$ is running scared, so what are we all so afraid of? We need to realize as a community that this is nothing to fear. We need to fight the FUD with calculated truth that we can back up, not wild defensiveness. I think NIN said it best:
i want to break it up
i want to smash it up
i want to fuck it up
i want to watch it come down
maybe afraid of it
let's discredit it
let's pick away at it
i want to watch it come down
now doesn't that make you feel better?
the pigs have won tonight
now they can all sleep soundly
and everything is alright
Seems like a good description of MS right now...
If you need to point-and-click to administer a machine,
They mentioned in the article that PepsiCo paid to have a soda can float outside the space shuttle earlier. I'm pretty sure Pizza Hut is owned by Pepsi, so this is really the same company paying again to get more space-exposure. Interesting, because I'll bet the money would have been better spent on that Super-bowl ad. The people interested in space are usually a little bit smarter, and less swayed by advertising stunts than those who watch football games. Before you football fans jump down my throat, I love football as well, and I'm planning to watch the game. :) I just don't think that the side of a rocket that none of their target audience will actually see in person seems like a waste of a couple million bucks.
If you need to point-and-click to administer a machine,
I don't think you are wrong, that exploit shouldn't be there, but it was the default install. If the default NT install was used, it wouldn't have lasted 10 minutes. MS suggest _300_ security checks to do before an NT box is secure. PCWeek went through this checklist to lock down the NT box, but Redhat was left to stand in it's default condition. We should learn from this experience and improve Linux, to be sure; but also keep in mind that this does not indicate that Linux is less secure that NT, or vice-versa. The crontab exploit was only used to gain root, after JFS had already comprimised a local user account by exploiting the CGI. This would have been even easier on the NT box, because there is a program out there that still works called get_admin. It elevates any user to Administrator.
The point is that the biggest hole in the Linux box was not in the Open-Source OS, it was in the one closed-source application it was running. People will argue about the difference in quality of Open-Source vs. closed-source from now until the end of time, but there is so much scrutiny applied to security right now, that Open-Source products have more than proven their superiority in the information security world. Open-BSD allows anyone to look at the source at will, yet an up-to-date Open-BSD install has never been comprimised in it's default configuration.
We all know these things, and it's time that we stop whining about analyses, complaining about FUD; and prove it. We've made our point; everyone knows that the Linux community doesn't agree with any result that shows a deficiency in our work, but it doesn't help our cause. Make Source, not war.
If you need to point-and-click to administer a machine,
What everyone here needs to realize is that speed and price of DSL varies WIDELY depending on where you live, and who you buy it from. In my case, I can get 384/384 for $52/mo, but according to the author, in Boston, that's $300/mo. Also, the speeds I attain a far greater than the cable modems _in this area_. It's very important to mention the geographical differences. Just because my DSL rocks cable here in Oregon, doesn't mean it's going to anywhere else. The moral of this story is that just as always, you need to do your own research so that you don't get burned.
If you need to point-and-click to administer a machine,