really. dammit. I decided to have another look at everything because of what you wrote and now it's hours later and I still haven't slept. And I have to get up in a hour or two. This totally sucks.
But I've sent the cookie to my workplace so I can continue there...
In Amsterdam there are also public internet terminals (on the street) which you can use with a phone card. Also, many coffeeshops and smart shops also have internet termininals. Oh, and the libraries, museums and the Internet Cafes, of course.
an httpd written in IA32 (x86) assembler for linux. It's amazingly fast, doesn't use libc (does straight kernel syscalls) and is, get this, about 750 BYTES! Yes, BYTES! Don't believe me?
Go to http://linuxassembly.org and look at the asmutils package. That Konstantin is one mighty assembler wizard.
That's a load of crap right there. There is no real way to establish the veracity of single log files.
Once you get a lot of logs from many different sources and they show similarities, *then* you have a case that it's very *probable* that the logs are true. But still no absolutes. It's just that tampering is less likely with different sources.
"l0pht taking down the net" etc
also not very likely. Seriously disable several segments, maybe. The closer you get to the core of the internet (there no longer is an actual core, but...) the more highly skilled the operators become. Not to discredit the l0pht people, though. They're definitely on the level.
"buggy routers" etc
Oh, man. Like you wouldn't believe. The main reason routers don't usually come under direct attack is because most of the hacking/cracking/whatever activity comes from 31337 kiddies on IRC. Sure, they have linux on their machine, but how many of them have a stack of Cisco routers to experiment with? IOS doesn't really resemble linux all that much, you know and equipment like this is usually operated and hacked on by people who get paid to keep them running. Not very likely that they'd be spreading around exploit code until after the problem has been fixed, right?
If a corporate IT department hacks The GIMP and then puts the employees to work using it, do they have to provide those employees the source as well?
If those employees asked for it, yes. Definitely. The GPL makes no distinction to the environment software is moved in. It goes from person A to B and if B wants source, he's entitled to it.
Cockroaches serve a useful purpose in our ecosystem.
Crackers thrive on code secrecy.
What a load of horseshit. System crackers thrive on end user ignorance. Most of the machines I see people putting on the net are rootable out of the box and never changed. And most of those machines are Red Hat linux (opensource, yay! *cough* *cough*).
It's time to let the sunlight in.
Or maybe it's time to learn to use Soft-ICE. Or run a unix, of course. Anyway, does this surprise anyone? I mean, we're talking about a company that puts flight simulators in their spreadsheet and a doom clone in their word processor.
Ok, so you obviously haven't read what I wrote. I don't like the idea of BB reading everything I say. I'm all for strong crypto. All the way. I was just trying to raise a point about the non-political views on crypto and some practical issues at stake here. You're preaching to the choir here and have obviously spent less time thinking about these issues than I have. Not that that says much, though...
PS : You might want to tighten the reins on your flame button. The only true 'free' 'freedom' is the survival of the fittest and I like to think we can move just a bit beyond that. I prefer the 'zen' definition of 'freedom', myself.
Now as soon as you mention crypto, a lot of people will start talking about political issues, government snooping into people's mail, etc.
A point I'd like to raise is that strong crypto has many applications and most of them aren't political, just good policy. How many of you would use telnet to log into a remote machine over the internet? I know I never do that. I use ssh (secure shell). How many of you store passwords in plain text? (Those of you not running Windows, that is..) Cryptography also gives us such wonderful things as digital fingerprints/signatures which you can use to verify an identity over untrusted networks. How many of you would run virtual LAN connections unencrypted? The list goes on..
I think that the bottom line is *why* and *with what intent* do you use cryptography?
Anyway, I remember an article by Nicholas Negroponte where he stated that he couldn't understand the Clipper Chip ruckus. Whatever the government does to the communication lines, you can still run your own encrypted data *over* it. And even if it's outlawed, crypto is just a bundle of mathematical algorithms. All you need is a brain and the willingness to do some work on it. Physical goods are much easier to control and look at the state of firearms/drugs/etc control.
Of course this is another April Fools joke. Especially the bit about DeCSS'd rips not displaying the images. This would imply that DeCSS uses a different algorithm to decode the image stream. Yeah, right.
It's very amusing none the less. Especially as this is slashdot and most people don't know what they're talking about. I'd bet good money that many people will 'hear about this' and spread it along as truth. I wouldn't be surprised if some non-techie started telling me about subliminal messages in DVDs in a few weeks time.
On the other hand...
*maybe* this is part of the Moral-Right conspiracy. It starts off as a joke and in a few months time no-one will believe that DVDs have subliminal messages.. because we all *know* that that was part of an April Fools Joke. Right?
You just said that to get a fast first post without troll factor, right?
Anyway, this isn't anything to get upset about. If you actually bothered to read Bugtraq, you'd see that this is pretty standard practice.
Most of the time, when an exploitable bug is found, the vendor is contacted first and is given some time to come up with a fix. Sometimes a workaround is posted along with the exploit.
Bottom line : making the world aware of a problem there isn't a fix for is usually bad policy. Don't give me that 'we have a right to know' crap. If you want to know, go and find the bugs yourself. Because otherwise, if you know so do a million script kiddies. And telling people not to use Netscape whilst a fix is being worked on is hardly doable.
The guy says that he uses bochs of OS developement and gets -1'd?
What the hell?
I for one am happy about the LGPL release of bochs, as I'm building a simulator to deconstruct linux viral code. (Oh, you're one of those people who don't believe in linux virusses.. right...)
If it hadn't been publicized on/. in the first place, it might not have been taken down so fast.
On the other hand, now that it has been publicized on/., there is a huge community working on reverse engineering it and creating cross platform implementations...
I totally shit myself when I first read the 'hi people, I've just poured hot grits down my pants and it feels great!' post. I just couldn't believe it. Read it again and completely cracked up.
There was a project called Altima, which was meant to clone Ultima Online, I believe. But they seemed to have teamed up with some other folks to create a generic engine. Open Sourced, of course.
http://www.worldforge.org
The engine looks good and the graphics look great. Go help them out, if you feel so inclined...
I hate responding to a known pro-microsoft troller
While I'll be the first to admit that ZicoKnows can be annoying as shit and does do a lot of pro-MS trolling, he's been around a while and very rarely posts inaccurate information. He does often take things out of context or re-state something in infuriating ways. Which makes for plenty of flaming replies. And those make for good reading (usually).
Heh, I worked at a company where it was mandatory for the employees to get their MCSEs.. I refused and made a lot of fuss about how MCSE papers aren't worth the ink they're written on. Eventually, during a meeting, someone said that I was afraid to pass the exams because they're so difficult. I told them I'd take three exams (TCP/IP, advanced server and one other - I forget..) and if I failed one or even brought back a mediocre grade on one I'd take everything back, get the full MCSE (or even MTE if they insisted) and buy cake and beer for the entire department.
At that company you got 2 1/2 days off to prepare for *each exam*. Nearly two weeks of partying (with pay) followed by three exams, all in 90%+ region. But I never mention this on my resume. No way no how. Outside that company only two people (and slashdot, now:) know I even have some MCP level. (I blame the beer...)
The LKML is very high volume - you might want to look at the archives first. Another *EXCELLENT* site is Kernel Traffic, http://kt.opensrc.org, where the main topics are summed up each week. Do yourself a favour and start over there.
After reading the Tanenbaum book, I decided to tweak some things in the kernel (just for the hell of it) - this became a long-term project to actually understand the code. Comments? We don't need no stinkin' comments! - Well, actually there are a few comments, mostly dating back to pre 1.0 versions...
Glibc is for wusses. People that use rpm to install packets or gcc to compile their programs.
Real Men bypass libc and use straight system calls to interface with the kernel. Ha! And none of this weeny C crap either. Everything handcoded in assembly... I remember the days when we wrote our first assembler in straight binary. Nah, forget that, I remember PUNCH CARDS! And running programs in your head because it took two days to pass through the machine!
Slashdot Mirror
But I've sent the cookie to my workplace so I can continue there...
In Amsterdam there are also public internet terminals (on the street) which you can use with a phone card. Also, many coffeeshops and smart shops also have internet termininals. Oh, and the libraries, museums and the Internet Cafes, of course.
Go to http://linuxassembly.org and look at the asmutils package. That Konstantin is one mighty assembler wizard.
"QoS logs don't lie" etc..
That's a load of crap right there. There is no real way to establish the veracity of single log files.
Once you get a lot of logs from many different sources and they show similarities, *then* you have a case that it's very *probable* that the logs are true. But still no absolutes. It's just that tampering is less likely with different sources.
"l0pht taking down the net" etc
also not very likely. Seriously disable several segments, maybe. The closer you get to the core of the internet (there no longer is an actual core, but...) the more highly skilled the operators become. Not to discredit the l0pht people, though. They're definitely on the level.
"buggy routers" etc
Oh, man. Like you wouldn't believe. The main reason routers don't usually come under direct attack is because most of the hacking/cracking/whatever activity comes from 31337 kiddies on IRC. Sure, they have linux on their machine, but how many of them have a stack of Cisco routers to experiment with? IOS doesn't really resemble linux all that much, you know and equipment like this is usually operated and hacked on by people who get paid to keep them running. Not very likely that they'd be spreading around exploit code until after the problem has been fixed, right?
If those employees asked for it, yes. Definitely. The GPL makes no distinction to the environment software is moved in. It goes from person A to B and if B wants source, he's entitled to it.
Ok, so you obviously haven't read what I wrote. I don't like the idea of BB reading everything I say. I'm all for strong crypto. All the way. I was just trying to raise a point about the non-political views on crypto and some practical issues at stake here. You're preaching to the choir here and have obviously spent less time thinking about these issues than I have. Not that that says much, though...
PS : You might want to tighten the reins on your flame button. The only true 'free' 'freedom' is the survival of the fittest and I like to think we can move just a bit beyond that. I prefer the 'zen' definition of 'freedom', myself.
Now as soon as you mention crypto, a lot of people will start talking about political issues, government snooping into people's mail, etc.
A point I'd like to raise is that strong crypto has many applications and most of them aren't political, just good policy. How many of you would use telnet to log into a remote machine over the internet? I know I never do that. I use ssh (secure shell). How many of you store passwords in plain text? (Those of you not running Windows, that is..) Cryptography also gives us such wonderful things as digital fingerprints/signatures which you can use to verify an identity over untrusted networks. How many of you would run virtual LAN connections unencrypted? The list goes on..
I think that the bottom line is *why* and *with what intent* do you use cryptography?
Anyway, I remember an article by Nicholas Negroponte where he stated that he couldn't understand the Clipper Chip ruckus. Whatever the government does to the communication lines, you can still run your own encrypted data *over* it. And even if it's outlawed, crypto is just a bundle of mathematical algorithms. All you need is a brain and the willingness to do some work on it. Physical goods are much easier to control and look at the state of firearms/drugs/etc control.
Enough rambling..
Of course this is another April Fools joke. Especially the bit about DeCSS'd rips not displaying the images. This would imply that DeCSS uses a different algorithm to decode the image stream. Yeah, right.
It's very amusing none the less. Especially as this is slashdot and most people don't know what they're talking about. I'd bet good money that many people will 'hear about this' and spread it along as truth. I wouldn't be surprised if some non-techie started telling me about subliminal messages in DVDs in a few weeks time.
On the other hand...
*maybe* this is part of the Moral-Right conspiracy. It starts off as a joke and in a few months time no-one will believe that DVDs have subliminal messages.. because we all *know* that that was part of an April Fools Joke. Right?
pass the crack pipe, please..
Do I hear the distant sound of 'reverse engineering for purposes of interoperability' ? .. yummy.. borcusorcus likes them binary thingies ..
Anyway, this isn't anything to get upset about. If you actually bothered to read Bugtraq, you'd see that this is pretty standard practice.
Most of the time, when an exploitable bug is found, the vendor is contacted first and is given some time to come up with a fix. Sometimes a workaround is posted along with the exploit.
Bottom line : making the world aware of a problem there isn't a fix for is usually bad policy. Don't give me that 'we have a right to know' crap. If you want to know, go and find the bugs yourself. Because otherwise, if you know so do a million script kiddies. And telling people not to use Netscape whilst a fix is being worked on is hardly doable.
There was a linux virus list at (might be down now)
http://virus.beergrave.net
it's owner has several interesting (low-level, assembler/C, ELF) documents with linux virusses and descriptions. Find them here:
http://www.big.net.au/~silvio
Also, there's a linux virus at
http://www.mixter.org
For more low-level linux stuff go to
http://hculinux.cjb.net
Yeah, they get paid for it.
Welcome to the bottom line, folks.
This is ridiculous.
The guy says that he uses bochs of OS developement and gets -1'd?
What the hell?
I for one am happy about the LGPL release of bochs, as I'm building a simulator to deconstruct linux viral code. (Oh, you're one of those people who don't believe in linux virusses.. right...)
ZicoKnowsShit,
no-one's building derivative works off of MP3s. This is Zico trolling at his best.
If it hadn't been publicized on /. in the first place, it might not have been taken down so fast.
/., there is a huge community working on reverse engineering it and creating cross platform implementations...
On the other hand, now that it has been publicized on
You do the math.
Usenet isn't centralized, but we all know it's regulated by the Cabal (there is no Cabal).
Yeah, the hot grits guy was cool.
I totally shit myself when I first read the 'hi people, I've just poured hot grits down my pants and it feels great!' post. I just couldn't believe it. Read it again and completely cracked up.
There was a project called Altima, which was meant to clone Ultima Online, I believe. But they seemed to have teamed up with some other folks to create a generic engine. Open Sourced, of course.
http://www.worldforge.org
The engine looks good and the graphics look great. Go help them out, if you feel so inclined...
Fool! There is nothing perl cannot do! Nothing! Nothing, I tell you!
[starts frothing at the mouth...]
While I'll be the first to admit that ZicoKnows can be annoying as shit and does do a lot of pro-MS trolling, he's been around a while and very rarely posts inaccurate information. He does often take things out of context or re-state something in infuriating ways. Which makes for plenty of flaming replies. And those make for good reading (usually).
There goes my no-existant karma.
Heh, I worked at a company where it was mandatory for the employees to get their MCSEs.. I refused and made a lot of fuss about how MCSE papers aren't worth the ink they're written on. Eventually, during a meeting, someone said that I was afraid to pass the exams because they're so difficult. I told them I'd take three exams (TCP/IP, advanced server and one other - I forget..) and if I failed one or even brought back a mediocre grade on one I'd take everything back, get the full MCSE (or even MTE if they insisted) and buy cake and beer for the entire department.
:) know I even have some MCP level. (I blame the beer...)
At that company you got 2 1/2 days off to prepare for *each exam*. Nearly two weeks of partying (with pay) followed by three exams, all in 90%+ region. But I never mention this on my resume. No way no how. Outside that company only two people (and slashdot, now
The LKML is very high volume - you might want to look at the archives first. Another *EXCELLENT* site is Kernel Traffic, http://kt.opensrc.org, where the main topics are summed up each week. Do yourself a favour and start over there.
After reading the Tanenbaum book, I decided to tweak some things in the kernel (just for the hell of it) - this became a long-term project to actually understand the code. Comments? We don't need no stinkin' comments! - Well, actually there are a few comments, mostly dating back to pre 1.0 versions...
Real Men bypass libc and use straight system calls to interface with the kernel. Ha! And none of this weeny C crap either. Everything handcoded in assembly... I remember the days when we wrote our first assembler in straight binary. Nah, forget that, I remember PUNCH CARDS! And running programs in your head because it took two days to pass through the machine!
libc
don't make me laugh....