Seems like a great system, but I just cant understand this statement: "Currently, Tor development is supported by the Electronic Frontier Foundation. Tor was initially designed and developed as part of the U.S. Naval Research Laboratory's Onion Routing program with support from ONR and DARPA."
*Puts on tinfoil-hat* isn't the guys at *.mil making their jobs harder by doing this? anonymous "terrorists" communicating freely without any traces, or do they already have this covered in the system? a honeypot?
I admit, after I read the article, I turned my head towards my old Amiga sitting lonely in the corner which was humming along while idling in the m68k -linux kernel, hmmm.... OS-X?
Then I turned back, "nah..., I got other things to do." (I swear that I heard a relieved "phew..." just then)
The whole article reminded me of the good old amiga days... - "look! 100 bobs on the screen at the same time! " - "Nah.. thats nothing, here's one million"
I'll tend to agree, but if it's done right, it may be good. F.ex. Shrek is a great 3D cartoon, quite different than the old classics of 2D cartoons, it looses some, but then again, it gains some atmosphere that wasn't there at first.
The trouble is to rewamp a 2D character into 3D, still capturing that magic, Creating a fresh new character in 3D is easier, so I'll wait and see...
There is a couple of gems regarding "3D" adventures out there, so I hope the producers get it right, and let the adventure genre live on... dont spoil the magic of the classics, use new technology if you want, but only as a tool to express the true art if needed, not because its fancy!
Agreed, I hope US will look at European +++ systems at cell phone systems. It requires that the number is telling the users that it is a cell phobe number, eg. number ranges in Norway is either 9xxxxxxx or 4xxxxxxx, and the caller will, by examining the number, decide if he/she is willing to pay the extra cost to call a cell phone. Making the receiver paying the cost of anyone trying to contact him, is just plain stupid, as this case clearly tells.
What if....: Cell phone company; has a list of subscribers; sets up an autodialer calling the list; earns lot of money?
probably sued, but..., what if; the autodialer is resided in a foreign country, with obscure laws (cannot be sued from US, (but most likely in reasonable bombing range)), calls this beforementioned cell-phone list (hitting 30% answer-services in the sweep, utilizing 99% of valuable storage and minutes on-the-air for the poor victims), he is charged for the distance to the US, but the receivers must pay the bills to the cell-company, probably higher than the total cost from the foeign country to the US..., anyone calculating on this, and considering making an agreement on some cell-phone company on US?
Anyhow, except from my ramblings, I'll sincerely congractulate the USA on the Independence Day!, hope y'all have a nice "cell'ebration" as a norwegian would pronounce it...!
My theorem on statistics of this type...: Studying an amount of objects with results(lifespan) of the behaviour (sleep cycle) automatically have two sides; 1. The objects have choosen the behaviour (sleep cycle) and are producing the result (lifespan) 2. The objects don't chooose the behavior, but the majority of the objects prove that the result(lifespan) is directed by the common behavior(sleep cycle) of the objects.
This "news" only considers the 1. posibility, the objects themselves produced the results. I've not once seen an article on this subject that states that the object themselves choosed the behaviour to produce the results, it was the result of the behavior that produced the result. So the conclusion is 50% wrong. choosen sleep cycle (less sleep per day) is _not_ 100% proven for longevity, "people that sleeps less hours per day is proven to live longer". The story only states that people that sleep less in one day probably lives longer, but not necessary by those people's needs. It may be that people that live long, also needs less sleep.... the study or article that references to this study is missing some vital information in my opinion...
When a vulnerability shows up on http://securityfocus.com or the like, specifying a vulnerability in a Microsoft product, e.g. "A special crafted URL will overwrite your files" and then there is no information on what the special crafted URL look like, and there is no fix available from Microsoft or others, do you feel more secure?
Perhaps you could block the request in your packet-filtering system, or at least log it, but without knowing what to look for... what do you do?
And, knowning that experienced black-hat crackers also reads securityfocus and sites like this, they don't need anything more than this information (there is a buffer overflow in IIS... ) and then they have a target for what to do the next couple of hours. It's a competition you know. The best crack wins. Giving away exploits doesn't give much credit to the cracker copying it, but the first one to discover a "new" one, gets a lot of attention...
We need to understand the psychology of what makes a crack worthwile, a published exploit every script kiddie can duplicate, but also can the sysadmins countermeasure this fast (provided that they read the right forums as all sysadms should!)
But a hint of a possibility in a not published exploit gives the black-hats something to compeete for, who is the first one to make the best crack? And the poor end-user is not even knowing what to look for...
Second. published exploits are easy to scan for... known, but not published exploits will fluctuate in their signature.
E.g. special HTTP GET request to look for in the logs... you just scan your logs for exactly the string published in the exploit. (or put it in your packet-filter) a not published exploit will result in several different cracks, using the same vulnerability, but probably vary a bit in the exploit methodology, making it harder to scan for.
Would you dare to use your car if the factory sent you a note that "it has a fault", but not providing any details of the fault? It could be anything...
Probably the next thing in the MS EULA is;
Any SECURITY HOLE bundled with the SOFTWARE PRODUCT is the property of Microsoft and protected by copyright laws and international copyright threaties.
My question, or perhaps suggestion, relates to application support, and making this easier for developers.
Now that you've got konquerors http-renderer implemented in AtheOS, you've probably made a small compability layer for QT -apps, or atleast hacked konqueror's http-renderer to use AheOS GUI subsystem, would it be possible to make a more complete "GUI-emulator" for easier ports of other QT-apps? or possible make a X-emulator lib for AtheOS? There is a good deal of applications either supporting X directly, QT or GTK around, and making these easily available for AtheOS, would be a nice start for more interrest in AtheOS. Don't misunderstand, I also understand the need for a GUI -API that is not X, especially for a desktop OS wich AtheOS is, but to make the transition easier I mean...
"GNU is not UNIX, and AtheOS is not linux"
And to you others wondering what Kurt's day job is, he is working for a game company called Funcom, maker of Anarchy Online.
Personal regards from an ex- co-worker Kurt, I still wonder how you get time to do all this wonderfull stuff.
Being able to come back to the same setup of xterms, emacs-windows, day after day, month after month, have all the code in the editor's buffer, knowing that the only thing that will destroy the setup is a failure in my company's UPS's just makes it worth it... No blue screen and booting..., it just works, no interrupts in the workflow, no illegal operation that forces me to wait for the disks to spin up again,... how many of your windows coders know exactly the checksum of your bios that is printed each time your box is rebooted?, my last uptime before upgrading the kernel was about 120 days... it takes time to set up those terms exactly where I'm used to, but I know they will be standing there the next day, and the next day, and the next day... I can consentrate on coding, not reinstall windows every time it begins to be unstable for unknown reasons... no need to reboot because I installed some new software... IMHO.
Slashdot Mirror
Seems like a great system, but I just cant understand this statement: "Currently, Tor development is supported by the Electronic Frontier Foundation. Tor was initially designed and developed as part of the U.S. Naval Research Laboratory's Onion Routing program with support from ONR and DARPA."
*Puts on tinfoil-hat* isn't the guys at *.mil making their jobs harder by doing this? anonymous "terrorists" communicating freely without any traces, or do they already have this covered in the system? a honeypot?
I admit, after I read the article, I turned my head towards my old Amiga sitting lonely in the corner which was humming along while idling in the m68k -linux kernel, hmmm.... OS-X?
Then I turned back, "nah..., I got other things to do." (I swear that I heard a relieved "phew..." just then)
The whole article reminded me of the good old amiga days...
- "look! 100 bobs on the screen at the same time! "
- "Nah.. thats nothing, here's one million"
I'll tend to agree, but if it's done right, it may be good. F.ex. Shrek is a great 3D cartoon, quite different than the old classics of 2D cartoons, it looses some, but then again, it gains some atmosphere that wasn't there at first.
The trouble is to rewamp a 2D character into 3D, still capturing that magic, Creating a fresh new character in 3D is easier, so I'll wait and see...
There is a couple of gems regarding "3D" adventures out there, so I hope the producers get it right, and let the adventure genre live on... dont spoil the magic of the classics, use new technology if you want, but only as a tool to express the true art if needed, not because its fancy!
Agreed, I hope US will look at European +++ systems at cell phone systems. It requires that the number is telling the users that it is a cell phobe number, eg. number ranges in Norway is either 9xxxxxxx or 4xxxxxxx, and the caller will, by examining the number, decide if he/she is willing to pay the extra cost to call a cell phone.
Making the receiver paying the cost of anyone trying to contact him, is just plain stupid, as this case clearly tells.
What if....: Cell phone company; has a list of subscribers; sets up an autodialer calling the list; earns lot of money?
probably sued, but..., what if;
the autodialer is resided in a foreign country, with obscure laws (cannot be sued from US, (but most likely in reasonable bombing range)), calls this beforementioned cell-phone list (hitting 30% answer-services in the sweep, utilizing 99% of valuable storage and minutes on-the-air for the poor victims), he is charged for the distance to the US, but the receivers must pay the bills to the cell-company, probably higher than the total cost from the foeign country to the US..., anyone calculating on this, and considering making an agreement on some cell-phone company on US?
Anyhow, except from my ramblings, I'll sincerely congractulate the USA on the Independence Day!, hope y'all have a nice "cell'ebration" as a norwegian would pronounce it...!
My theorem on statistics of this type...:
Studying an amount of objects with results(lifespan) of the behaviour (sleep cycle) automatically have two sides;
1. The objects have choosen the behaviour (sleep cycle) and are producing the result (lifespan)
2. The objects don't chooose the behavior, but the majority of the objects prove that the result(lifespan) is directed by the common behavior(sleep cycle) of the objects.
This "news" only considers the 1. posibility, the objects themselves produced the results. I've not once seen an article on this subject that states that the object themselves choosed the behaviour to produce the results, it was the result of the behavior that produced the result.
So the conclusion is 50% wrong. choosen sleep cycle (less sleep per day) is _not_ 100% proven for longevity, "people that sleeps less hours per day is proven to live longer". The story only states that people that sleep less in one day probably lives longer, but not necessary by those people's needs. It may be that people that live long, also needs less sleep.... the study or article that references to this study is missing some vital information in my opinion...
When a vulnerability shows up on http://securityfocus.com or the like, specifying a vulnerability in a Microsoft product, e.g. "A special crafted URL will overwrite your files" and then there is no information on what the special crafted URL look like, and there is no fix available from Microsoft or others, do you feel more secure?
Perhaps you could block the request in your packet-filtering system, or at least log it, but without knowing what to look for... what do you do?
And, knowning that experienced black-hat crackers also reads securityfocus and sites like this, they don't need anything more than this information (there is a buffer overflow in IIS... ) and then they have a target for what to do the next couple of hours. It's a competition you know. The best crack wins. Giving away exploits doesn't give much credit to the cracker copying it, but the first one to discover a "new" one, gets a lot of attention...
We need to understand the psychology of what makes a crack worthwile, a published exploit every script kiddie can duplicate, but also can the sysadmins countermeasure this fast (provided that they read the right forums as all sysadms should!)
But a hint of a possibility in a not published exploit gives the black-hats something to compeete for, who is the first one to make the best crack? And the poor end-user is not even knowing what to look for...
Second. published exploits are easy to scan for... known, but not published exploits will fluctuate in their signature.
E.g. special HTTP GET request to look for in the logs... you just scan your logs for exactly the string published in the exploit. (or put it in your packet-filter) a not published exploit will result in several different cracks, using the same vulnerability, but probably vary a bit in the exploit methodology, making it harder to scan for.
Would you dare to use your car if the factory sent you a note that "it has a fault", but not providing any details of the fault? It could be anything...
Probably the next thing in the MS EULA is;
Any SECURITY HOLE bundled with the SOFTWARE PRODUCT is the property of Microsoft and protected by copyright laws and international copyright threaties.
Hi Kurt,
My question, or perhaps suggestion, relates to application support, and making this easier for developers.
Now that you've got konquerors http-renderer implemented in AtheOS, you've probably made a small compability layer for QT -apps, or atleast hacked konqueror's http-renderer to use AheOS GUI subsystem, would it be possible to make a more complete "GUI-emulator" for easier ports of other QT-apps? or possible make a X-emulator lib for AtheOS? There is a good deal of applications either supporting X directly, QT or GTK around, and making these easily available for AtheOS, would be a nice start for more interrest in AtheOS. Don't misunderstand, I also understand the need for a GUI -API that is not X, especially for a desktop OS wich AtheOS is, but to make the transition easier I mean...
"GNU is not UNIX, and AtheOS is not linux"
And to you others wondering what Kurt's day job is, he is working for a game company called Funcom, maker of Anarchy Online.
Personal regards from an ex- co-worker Kurt, I still wonder how you get time to do all this wonderfull stuff.
H.
Being able to come back to the same setup of xterms, emacs-windows, day after day, month after month, have all the code in the editor's buffer, knowing that the only thing that will destroy the setup is a failure in my company's UPS's just makes it worth it... No blue screen and booting..., it just works, no interrupts in the workflow, no illegal operation that forces me to wait for the disks to spin up again, ... how many of your windows coders know exactly the checksum of your bios that is printed each time your box is rebooted?, my last uptime before upgrading the kernel was about 120 days... it takes time to set up those terms exactly where I'm used to, but I know they will be standing there the next day, and the next day, and the next day... I can consentrate on coding, not reinstall windows every time it begins to be unstable for unknown reasons... no need to reboot because I installed some new software... IMHO.