I did know this, but I didn't know what it was called, saying something like:
bad slash take down that C apache module that doesn't have a name, that Andover.net uses for it's ad placement on the slash/Andover network that was unsed to replace adfu and will be released and open sourced when ready, and wipe that smile off your face...
Nope that is still up for grabs, a long with printed text, pens, roads and hot dogs.
Lay off of cans, bottle, carpet, clocks, sunglasses and the Bible, I have patents pending for those and will have to sue you if you try anything. Oh and also my patents for Rob "CmdrTaco" Malda and killter robots with head mounted missle has finally came though.
Does anyone have a suggestion as to an appropriate place where the countries of the world should have met to discuss the creation of an ICANN-like body?
I would recommened Denny's, they are open 24 hours, have great coffee, and you can order breakest, lunch or dinner at any type of the day or night!
The only thing I wonder, is what would of been producted if you gave ID Software or Blizzard 4 years to produce a game and $20-30 Million (or what ever the amount was) and a hand full of talented developers.
OH wait, Blizzard is a bad example, how long has Diablo II been in production? 2-3, 4 years?? Oh wait, Diablo II looking intresting, fun and graphically appealing though.:)
I would like to see a side by side "deathmatch" or Quake3 vs Dakartina
So what you are saying is, that if some beilives in something strongly, they should just bend over and forget about what they think is The Right Thing(TM)? You got a good point (in a real sacastic kinda way)
"What does the billboard say, come on and let's play, forget about the movement. Anger is a gift" -- RATM
It depends on your defination of what free is. Personally, if it isn't under the GPL or BSD type license, IMHO it isn't free, it is a company trying to get some cool buzzwords for their marketing department, like Open Souce.
Can I modify the Qtlib for my own personl and commerical purposes and make a profit off it, or change it any way I see fit and then distrubate the re-modified version, even if this competes with Troll Tech on a commerical level?
Just depends on what your defination of free is... I think we are differant in that aspect.
this part has nothing to do with the above post, but I will post it here since I see no better place.
I really respect the Debian team for holding strong to their ideals of what is "pure" and how to keep it that way. They have been doing an excellent job in this ascpect for the last years, and also are making a hell of a distro in the meantime.
some people are complaining that Debian is nitt-picking over a "minor" issuse. I don't see it that way. I seen it as a test for Debian, what are they going to do? Will they stick to the game plan and what their defination of "free" is, or will they bow down to compete with the commerical world... Debian is like Jesus walking around in the desert, they know it ALL could be their's, but at what price?
KDE2 looks like a very seducative temptation, I know the Debian team has been looking at it naked in the shower from a small hole in the wall, will Debian abstain from sin, or will they need a tissue?
Come on, the name of the company is Troll Tech, doesn't there NAME tell your something? Just for disclaimer purposes, I have nothing against the KDE team or the Debian team, and not really sure what to make of Troll Tech...
The ISP I work for, has a "Terms and Agreements" in the sign up process, and the user must sign it (can't be done over the web).
If I agree with it or not, that is a differant story, since I could be byasied or dis-gruntled.
In the "Terms and Agreements" it states (this is from memory, so it might be off a few words) that "XXX ISP may cancel your account at anytime for any reason with or without notification or justification and you the user are also free to cacncel your account at anytime for any reason with notification, but with or without justification" Also in there they have "XXX ISP may deny or refuse providing products or services to anyone at anytime for any reason"
From a legal stand point, an ISP is a private company (not goverment owned or funded (in most cases in the United States)) and can pretty much get away with a lot.
If user "Tim" is getting DDOS ever day causing the ISP to deny services to other customers, is that really Tim's fault? No. If they disabled Tim's account would the other users be able to access the Internet (and get what they are paying for)? probably, maybe..
Most business-es (including mine) are hard up for the bottom line, which is money. If they are losing money or non making as much as they could because user Tim is posting strong opinions, from that companies view, which is more important, standing up for some guy they never meet or making money?
I am not saying any of this is right or moral, I am just state-ing what the legal and company point of views might be( not stating these are their points of view, just my interpation of things)
The above post does not represent my employer, they are my humble opinions and mine only.
I am not turning this into a whole OS security model vs stupid user war.
If my grandparents get infected with a virus, worm or buggy program, guess who gets to clean up the mess? Me. I am trying to put some basic sense in their heads so I don't have to go over there and restore it.
If they where running Unix or anything else I would say "Hey when someone says try `rm -rf/` you know they are kidding right?"
I don't know or really care if it is the fault of the user or the security model of the OS, the only thing I know is that I don't like restoring a computer from OS up when it could be prevented with a few precautions (in this case information the user)
Me sending them that program is my way to "test" them, you know those fire drills you had in school? that is what I am trying to do, it is intresting to see users reactions, but that isn't the point.
The point is, when they have a fire in there house they will make it out alive, err I mean when there is a virus in there house they, the point was, as I stating is so that they know how to use fire to kill any virii that may be infecting there house due to biological warfare started by malcious computer users...
As with any system (strong securtiy policy or not), you have to inform the users for the strengths and weaknesses of the system. Even if you have a extremely secure system, if you post the username and password to anyone, it becomes as secure as a overweight high school girl going to a dance...
I am trying to stay away from the "stupid user vs insecure OS" war going on, but I think both sides agree that the user needs to be informed of basic security measures. A Unix system can be secure tell Bob posts the root password on irc...
To test this theorgy someone please post there root password and ip on slashdot.:)
(techinally if it was behind a firewall and had tcpwrappers installed and telnet/ftp/etc disable it still could be consider secure)
I know this, that is why I said for the runtime interputer, ok so it is spelled wrong, but you should still be able get the point of the post with a couple characters misplaced.
Re:Virus to set security settings to paranoid?
on
Gnutella VBS Worm
·
· Score: 2
If someone does make one, I vote for the name "IHATEYOU". Just remove "Windows scripting host" and assocaite the.vbs extension with lets say notepad.exe...
But then again, you are still accessing someone computer and chaning someone else data without their premission. Which even if you heart is in the right place, still might get you in trouble with someone.
Plus what would happen if you script had a bug in it? Also should companies be allowed to "worm hole" hot-fixes into your computer without your premission? When the new service pack 6 screwed up some Lotus mail program, do you think IT managers would be happy that Microsoft automatically "fixed them" without premission?
I remeber when the CIH virus came out, I thought to myself "Dam that is pretty cool". I am not malice and I am sorry for the people that had their bios flashed cause of this, but you got to admit, that is atleast (if nothing else) an intresting payload, compared to say "format C:/q"
You can get basic to work in Linux. I forgot the name of the program, but IIRC it was on Slackware 3.5. I bet you could port visual basic to Linux, and then set the premissions to 4755 with owner root for the runtime interputer, that should work.
I think most people firgure it like this
GNU == Unix UNIX == GNU/Linux GNU/Linux == Linux (GNU *anything* || anything OpenSource) == Linux
which I am not claiming it is right, but when I first heard GNUtella, I thought it was a Unix program from the Free Software Foundations...
I just tested this, I emailed my grandparents and told them to NEVER execute an attachment. I told them it was probably a worm or virus, when into the whole anti-virus/windows progranda and told them not to even click one executables for people they know and exchange email with regular and even trust. They understood it pretty well.
I wrote a quick, "Hello World" command line program in C, emailed it to them, and guess what, they ran it. I just told them 5 minutes ago that it would probably be a virus, did they question it? No, they ran it blindly.
It just printed the string "some one just told you not to double click on executables, if I virus or worm, you would have to restore from backup, do you even have a backup. Glad I like your mug"
They emailed me back saying "opps". I think they better understand now, the real test is when I email them here in a couple weeks and see if they remember then.
They aren't computer savy, they chat with old army buddies via email and view cooking guides on the web, they are "normal users" and don't really have a concept of virii or malice users, even when it is clearly explained to them. Sure they understand it, but do they practice it?
I am going to wait a couple weeks then email the same program from an unknown (atleast to them) hotmail or yahoo email account and see if it "stuck" with them
Yea, here we have 6K people (in the States) and cable is aways away. And DSL? The phone company and ISP here haven't even HEARD of DSL yet...
I wasn't bashing Canada, the post did menation the United States when I was refering to the legaity of selling crack, I am not sure what the laws about crack are in other countries, so I didn't want to be the "We are USA, are laws apply everywhere" type of guy, I was just stating what I knew for a fact, other countries may allow crack and didn't want anyone to get confused on the details of the example.
I personally would like to move to Canada, less stupid laws about crypto, better hockey teams, less crime, not so dam hot in the summer... IMHO Canada reminds me on the United States, but without the corrupation or Nuclear Bombs. I know that is stero-typically, but it is J(ust)MHO so don't get to bend out of shape cause of it.
Back in my day we didn't have any scripting launage to code virii/worms in, we had to do it in hard code ASM, by hand, without an assembler, in the middle of winter, without power in middle of a frozen lake. Back then, there wasn't "documenations", we had to reverse engineer the processer to get the correct op codes, then write are own assmebler.
Then when we wanted to run the file, we had to transfer it via 340K 5 1/4 floppy disk, we didn't have networks, the Internet or fancy hard drives.
Then once the floppy was in the users machine, we had to call up and have the user run 4 differant executables, this took a lot of social engineering.
Seriously though, who says Microsoft isn't invonative? If you want to write a virii/worm for DOS you needed with ASM or C/C++, which is differant for the typically script kiddie to understand. Hand someone Visual Basic for dummies book and with a week have a worm that can prograte around the Internet within the matter of days. Thank you Microsoft for your weak securtiy premissions and easy to use high power octane scripting launage.
Seriously though, if Microsoft wanted to make it more security, give it user premissions like Unix, but if they want to keep it easy to use, have a popup box when something (program/script/command) wanted to access/write/read another users file and say "This program needs to run at a differant user level: level foo, are you sure you want to run this?" and when they click "ok" it gives them a popup box to enter username/password for level foo and if they are entered correctly it runs the program with higher premissions. Easy to use and somewhat secure. Just have Unix or Unix like premissions, with the easy of use of Microsofts pop up and dialog boxes, the user won't even have to touch the command line (btw command.com sucks compared to bash, and edit is pathetic compared to vi, I won't wish Microsoft command line interface to my worst enemy)
When I first was learning Linux, I got flamed a couple times because I was IRC-ing as root. Most IRC rooms ban people running as root, because it is well REALLY stupid to do. But what always made me mad, is sure they ban me for being stupid and running root, but they don't ban any Windows95/98 users. What is up with that?
I don't run any user programs as root, only su into it when it is needed for system admin tasks, but I now know why it is stupid. Really stupid.
Yea, but they made it "easier" for the average user, getting Mosaic to work was extremely difficult. Not like IE or Netscape. Please using DUN or a chat script was hard, you had to remember phone numbers, or atleast write them down. Now you don't have to with AOL, Compuserve and the likes of point and click, "we remeber the phone number for you" services.
(The above is sacarism)
5 years ago, when I got 3 wishes granted towards me and I used them all for the good of the Internet:
1) faster bandwidth than 28.8 2) Netscape won't crash as much 3) more people online
1) ok, techinally my wish came true, so now we have 56.6K, wait 5 more years, cable and dsl should be coming around (live in a small town) 2) Uh, ok Netscape doesn't crash the entire system now with it (switched to Linux) and techinally if you don't use it, it won't crash so much 3) Ok, so there is more people
It is like to monkeys paw. Techinally my wishes did come true, but at what price? MUAHAHAHAHA
...
...
...
MUAHAHAHAAHAHA
I think I should of wished for 1 million dollars, I mean 100 BILLION DOLLARS and built my own Internet Super Highway, this one seems to be more like an alleyway in Vegas, slow moving, littered with trash, pimps and whores on both sides and some crazy homeless person standing in front of you car shouting about his shoes.
Yes, but can you check and insure the legality of EVERY link you have EVER posted? What if the file change. Say you put up http://slashdot.org/images/title.gif and claim it to be the logo for slashdot and that it is copyrighted and you can't use it. Say tommorrow rob replaces title.gif on his web server with a naked porno pic.
Can you guarnette that the image with be rated for all ages? What if someones mother tries to sue you because they 5 year old kid seen a porn pic that was linked off your site, and you didn't offer a warning of a "you must be 18" disclaimer?
You can not verfiy the content you link to, no one really can. Who then should be help responsiable for this? The person that linked the content, or the person with the actucally content?
Selling crack is illegal (atleast in the United States), but you can legally say "If you want crack, go down to 6th street and ask for Tony, he will set you up". Say this user goes and buys crack and gets busted. Who commited the crime here? The person that sold the crack? The person that bought the crack? You?
The person that bought the crack will be aresseted for possieon of an illegal substance. The person selling the crack will be arrested for distrubating an illegal substance. What the hell are the going to arrest you with, talking about an illegal substance? Fuck, go arrest half the media and you could even charge cops if "talking about crack" was illegal. %90 of the populas has talked about crack in one form or another.
Say they did make linking illegal, who would decide what was legal and what wasn't?
If someone has illegal content on there web site, then the person responsiable for posting this illegal content should be tried in a court of law for his acts, not the person that was talking or linking to it.
Linking IMHO is a form of free speech. I have the right to say, hey check out this Junk. But that is not my web site, just my words, who is responsiable for the stile projects acts? Me or the webmaster of that site?
Everyone is free to Link to what ever you fucking want. It may be in really bad taste, but it is not illegal.
If you are worried about rootkits (like a fake version of top, who, users, w, etc) you can reinstall those program from you read-only installation medium (ussually a cd-rom) or download and compile them directly from the site (ftp.gnu.org is a great place to start) and turn on a hell of a lot of logging and see if anything pops up.
If you aren't sure or not, backup your data (not programs or config) and reinstall, get lastest patches, configure, secure, test then bring back online
Ussually with linux, if you had your system online for a year, you might want to upgrade any way to your current distro lastest version, just to get the newest and coolest feartures. (Note newest and coolest feartures will have bugs (Note some bugs can be exploited for malice purposes))
If you are unsure, check it out. It is better to find no security holes, then "think" there is no security holes.
Personally (myself included in this) *nix system admin starting working for a complete *nix server farm, management buys into Microsofts PR engine and decides to bring NT into the picture. These *nix system admins (my self included in this) ared pushed into an NT envoriment without an formal or unformal training and have to try and port their "unix skills" over onto NT adminastoration, some unwilling to expect change and re-learn things for this new NT system, and then that is where the shit hits the fan.
The same thing happens if you put an NT admin in front of a Unix box, or a VMS admin in front of a MVS system. They where trained and self-studied and focused on this "type" of system, then for stupid or illogical reasons (read: managment) the admin is forced into a computer envoirment s/he was never trained or studied in, or even claim to know.
I didn't put NT on my resume, because I don't know it that well and I really don't want to or even work with it. When I was hired for the job is was %100 Unix, they asked me "Do you know how to work with NT?" "Nope", "Would you be willing to learn", "Nope"
I know this is close mind but I am a zealot and have a hard on for Unix or Unix like systems. When put in front of an NT machine I don't know the first thing to do, and have you ever tried to configure an NT box though `command.com` and `vim` (Win32 edition)?
If companies would be highly trained and CLUED NT admins (not *nix admins ported to NT admin) in front of the NT boxes and trained *nix admins in front of the *nix boxes, less exploits would happen across the board.
This happens alot, my freinds old college roomate is an NT admin (and a dam good one) and was working for a company with all NT boxes. He did a good job to, everything worked and it had a tight config. Then management decided to throw in 5 Sun Solaris boxes, and didn't hire a *nix admin for it. This NT Admin (which never put any *nix experince on his resume) was required to maintain these boxes. He got a "Unix for dummies" book and installed Red Hat on his home computer. Now lets think about this, when you where first learning your OS of choice, it was hard and you screwed up a lot, right? Everyone does this... now put them in a productive envoriment and that is where it starts going down hill.
royally fscking your home PC is one thing, but taking down a productive server in peak hours without a back up is another thing...
For some reason managment has a hard time understanding things like:
NT admins work on NT boxes. Unix admins work on Unix boxes. Perl programers, program in Perl. Visual Basic programmers, program in VB.
It gets messed up in managements head and comes out all messed up.
Slashdot Mirror
I did know this, but I didn't know what it was called, saying something like:
bad slash take down that C apache module that doesn't have a name, that Andover.net uses for it's ad placement on the slash/Andover network that was unsed to replace adfu and will be released and open sourced when ready, and wipe that smile off your face...
just need make enough sense.
It's really cool they released it though
Is it too late to patent binary computing?
Nope that is still up for grabs, a long with printed text, pens, roads and hot dogs.
Lay off of cans, bottle, carpet, clocks, sunglasses and the Bible, I have patents pending for those and will have to sue you if you try anything. Oh and also my patents for Rob "CmdrTaco" Malda and killter robots with head mounted missle has finally came though.
Bad slash, take adfu down right now and wipe that smile off your face.
Bastard Operator From HELL
Basically a Unix tech support engineer type person that has fun with his users. Try searching google for it, pretty funny.
Can you make a Unix systems administrator into a fictional character who people will find compelling?
Sure you can, make it
1) a good looking women Unix systems administrator
2) the server room is hot, really hot, she has to take her shirt off just to work on the cluster
3) see kills the evil bad guys (ie: suits) with heavy machine guns and high explosives
4) To relax at the end of the day she has multi good looking women freinds join her naked in the hot tub.
Does anyone have a suggestion as to an appropriate place where the countries of the world should have met to discuss the creation of an ICANN-like body?
I would recommened Denny's, they are open 24 hours, have great coffee, and you can order breakest, lunch or dinner at any type of the day or night!
The only thing I wonder, is what would of been producted if you gave ID Software or Blizzard 4 years to produce a game and $20-30 Million (or what ever the amount was) and a hand full of talented developers.
OH wait, Blizzard is a bad example, how long has Diablo II been in production? 2-3, 4 years?? Oh wait, Diablo II looking intresting, fun and graphically appealing though.
I would like to see a side by side "deathmatch" or Quake3 vs Dakartina
So what you are saying is, that if some beilives in something strongly, they should just bend over and forget about what they think is The Right Thing(TM)? You got a good point (in a real sacastic kinda way)
"What does the billboard say, come on and let's play, forget about the movement. Anger is a gift" -- RATM
The QPL (v2.0) *is* free
It depends on your defination of what free is. Personally, if it isn't under the GPL or BSD type license, IMHO it isn't free, it is a company trying to get some cool buzzwords for their marketing department, like Open Souce.
Can I modify the Qtlib for my own personl and commerical purposes and make a profit off it, or change it any way I see fit and then distrubate the re-modified version, even if this competes with Troll Tech on a commerical level?
Just depends on what your defination of free is... I think we are differant in that aspect.
this part has nothing to do with the above post, but I will post it here since I see no better place.
I really respect the Debian team for holding strong to their ideals of what is "pure" and how to keep it that way. They have been doing an excellent job in this ascpect for the last years, and also are making a hell of a distro in the meantime.
some people are complaining that Debian is nitt-picking over a "minor" issuse. I don't see it that way. I seen it as a test for Debian, what are they going to do? Will they stick to the game plan and what their defination of "free" is, or will they bow down to compete with the commerical world... Debian is like Jesus walking around in the desert, they know it ALL could be their's, but at what price?
KDE2 looks like a very seducative temptation, I know the Debian team has been looking at it naked in the shower from a small hole in the wall, will Debian abstain from sin, or will they need a tissue?
Come on, the name of the company is Troll Tech, doesn't there NAME tell your something? Just for disclaimer purposes, I have nothing against the KDE team or the Debian team, and not really sure what to make of Troll Tech...
Sometimes comfort has to be exchanged for freedom
rexplorer.exe
instead of rsh
The ISP I work for, has a "Terms and Agreements" in the sign up process, and the user must sign it (can't be done over the web).
If I agree with it or not, that is a differant story, since I could be byasied or dis-gruntled.
In the "Terms and Agreements" it states (this is from memory, so it might be off a few words) that "XXX ISP may cancel your account at anytime for any reason with or without notification or justification and you the user are also free to cacncel your account at anytime for any reason with notification, but with or without justification" Also in there they have "XXX ISP may deny or refuse providing products or services to anyone at anytime for any reason"
From a legal stand point, an ISP is a private company (not goverment owned or funded (in most cases in the United States)) and can pretty much get away with a lot.
If user "Tim" is getting DDOS ever day causing the ISP to deny services to other customers, is that really Tim's fault? No. If they disabled Tim's account would the other users be able to access the Internet (and get what they are paying for)? probably, maybe..
Most business-es (including mine) are hard up for the bottom line, which is money. If they are losing money or non making as much as they could because user Tim is posting strong opinions, from that companies view, which is more important, standing up for some guy they never meet or making money?
I am not saying any of this is right or moral, I am just state-ing what the legal and company point of views might be ( not stating these are their points of view, just my interpation of things)
The above post does not represent my employer, they are my humble opinions and mine only.
I am not turning this into a whole OS security model vs stupid user war.
If my grandparents get infected with a virus, worm or buggy program, guess who gets to clean up the mess? Me. I am trying to put some basic sense in their heads so I don't have to go over there and restore it.
If they where running Unix or anything else I would say "Hey when someone says try `rm -rf
I don't know or really care if it is the fault of the user or the security model of the OS, the only thing I know is that I don't like restoring a computer from OS up when it could be prevented with a few precautions (in this case information the user)
Me sending them that program is my way to "test" them, you know those fire drills you had in school? that is what I am trying to do, it is intresting to see users reactions, but that isn't the point.
The point is, when they have a fire in there house they will make it out alive, err I mean when there is a virus in there house they, the point was, as I stating is so that they know how to use fire to kill any virii that may be infecting there house due to biological warfare started by malcious computer users...
As with any system (strong securtiy policy or not), you have to inform the users for the strengths and weaknesses of the system. Even if you have a extremely secure system, if you post the username and password to anyone, it becomes as secure as a overweight high school girl going to a dance...
I am trying to stay away from the "stupid user vs insecure OS" war going on, but I think both sides agree that the user needs to be informed of basic security measures. A Unix system can be secure tell Bob posts the root password on irc...
To test this theorgy someone please post there root password and ip on slashdot.
(techinally if it was behind a firewall and had tcpwrappers installed and telnet/ftp/etc disable it still could be consider secure)
I know this, that is why I said for the runtime interputer, ok so it is spelled wrong, but you should still be able get the point of the post with a couple characters misplaced.
If someone does make one, I vote for the name "IHATEYOU". Just remove "Windows scripting host" and assocaite the
But then again, you are still accessing someone computer and chaning someone else data without their premission. Which even if you heart is in the right place, still might get you in trouble with someone.
Plus what would happen if you script had a bug in it? Also should companies be allowed to "worm hole" hot-fixes into your computer without your premission? When the new service pack 6 screwed up some Lotus mail program, do you think IT managers would be happy that Microsoft automatically "fixed them" without premission?
I remeber when the CIH virus came out, I thought to myself "Dam that is pretty cool". I am not malice and I am sorry for the people that had their bios flashed cause of this, but you got to admit, that is atleast (if nothing else) an intresting payload, compared to say "format C:
You can get basic to work in Linux. I forgot the name of the program, but IIRC it was on Slackware 3.5. I bet you could port visual basic to Linux, and then set the premissions to 4755 with owner root for the runtime interputer, that should work.
I think most people firgure it like this
GNU == Unix
UNIX == GNU/Linux
GNU/Linux == Linux
(GNU *anything* || anything OpenSource) == Linux
which I am not claiming it is right, but when I first heard GNUtella, I thought it was a Unix program from the Free Software Foundations...
What does the "tella" stand for anyways?
I just tested this, I emailed my grandparents and told them to NEVER execute an attachment. I told them it was probably a worm or virus, when into the whole anti-virus/windows progranda and told them not to even click one executables for people they know and exchange email with regular and even trust. They understood it pretty well.
I wrote a quick, "Hello World" command line program in C, emailed it to them, and guess what, they ran it. I just told them 5 minutes ago that it would probably be a virus, did they question it? No, they ran it blindly.
It just printed the string "some one just told you not to double click on executables, if I virus or worm, you would have to restore from backup, do you even have a backup. Glad I like your mug"
They emailed me back saying "opps". I think they better understand now, the real test is when I email them here in a couple weeks and see if they remember then.
They aren't computer savy, they chat with old army buddies via email and view cooking guides on the web, they are "normal users" and don't really have a concept of virii or malice users, even when it is clearly explained to them. Sure they understand it, but do they practice it?
I am going to wait a couple weeks then email the same program from an unknown (atleast to them) hotmail or yahoo email account and see if it "stuck" with them
Yea, here we have 6K people (in the States) and cable is aways away. And DSL? The phone company and ISP here haven't even HEARD of DSL yet...
I wasn't bashing Canada, the post did menation the United States when I was refering to the legaity of selling crack, I am not sure what the laws about crack are in other countries, so I didn't want to be the "We are USA, are laws apply everywhere" type of guy, I was just stating what I knew for a fact, other countries may allow crack and didn't want anyone to get confused on the details of the example.
I personally would like to move to Canada, less stupid laws about crypto, better hockey teams, less crime, not so dam hot in the summer... IMHO Canada reminds me on the United States, but without the corrupation or Nuclear Bombs. I know that is stero-typically, but it is J(ust)MHO so don't get to bend out of shape cause of it.
Back in my day we didn't have any scripting launage to code virii/worms in, we had to do it in hard code ASM, by hand, without an assembler, in the middle of winter, without power in middle of a frozen lake. Back then, there wasn't "documenations", we had to reverse engineer the processer to get the correct op codes, then write are own assmebler.
Then when we wanted to run the file, we had to transfer it via 340K 5 1/4 floppy disk, we didn't have networks, the Internet or fancy hard drives.
Then once the floppy was in the users machine, we had to call up and have the user run 4 differant executables, this took a lot of social engineering.
Seriously though, who says Microsoft isn't invonative? If you want to write a virii/worm for DOS you needed with ASM or C/C++, which is differant for the typically script kiddie to understand. Hand someone Visual Basic for dummies book and with a week have a worm that can prograte around the Internet within the matter of days. Thank you Microsoft for your weak securtiy premissions and easy to use high power octane scripting launage.
Seriously though, if Microsoft wanted to make it more security, give it user premissions like Unix, but if they want to keep it easy to use, have a popup box when something (program/script/command) wanted to access/write/read another users file and say "This program needs to run at a differant user level: level foo, are you sure you want to run this?" and when they click "ok" it gives them a popup box to enter username/password for level foo and if they are entered correctly it runs the program with higher premissions. Easy to use and somewhat secure. Just have Unix or Unix like premissions, with the easy of use of Microsofts pop up and dialog boxes, the user won't even have to touch the command line (btw command.com sucks compared to bash, and edit is pathetic compared to vi, I won't wish Microsoft command line interface to my worst enemy)
When I first was learning Linux, I got flamed a couple times because I was IRC-ing as root. Most IRC rooms ban people running as root, because it is well REALLY stupid to do. But what always made me mad, is sure they ban me for being stupid and running root, but they don't ban any Windows95/98 users. What is up with that?
I don't run any user programs as root, only su into it when it is needed for system admin tasks, but I now know why it is stupid. Really stupid.
Yea, but they made it "easier" for the average user, getting Mosaic to work was extremely difficult. Not like IE or Netscape. Please using DUN or a chat script was hard, you had to remember phone numbers, or atleast write them down. Now you don't have to with AOL, Compuserve and the likes of point and click, "we remeber the phone number for you" services.
(The above is sacarism)
5 years ago, when I got 3 wishes granted towards me and I used them all for the good of the Internet:
1) faster bandwidth than 28.8
2) Netscape won't crash as much
3) more people online
1) ok, techinally my wish came true, so now we have 56.6K, wait 5 more years, cable and dsl should be coming around (live in a small town)
2) Uh, ok Netscape doesn't crash the entire system now with it (switched to Linux) and techinally if you don't use it, it won't crash so much
3) Ok, so there is more people
It is like to monkeys paw. Techinally my wishes did come true, but at what price? MUAHAHAHAHA
...
...
...
MUAHAHAHAAHAHA
I think I should of wished for 1 million dollars, I mean 100 BILLION DOLLARS and built my own Internet Super Highway, this one seems to be more like an alleyway in Vegas, slow moving, littered with trash, pimps and whores on both sides and some crazy homeless person standing in front of you car shouting about his shoes.
Yes, but can you check and insure the legality of EVERY link you have EVER posted? What if the file change. Say you put up http://slashdot.org/images/title.gif and claim it to be the logo for slashdot and that it is copyrighted and you can't use it. Say tommorrow rob replaces title.gif on his web server with a naked porno pic.
Can you guarnette that the image with be rated for all ages? What if someones mother tries to sue you because they 5 year old kid seen a porn pic that was linked off your site, and you didn't offer a warning of a "you must be 18" disclaimer?
You can not verfiy the content you link to, no one really can. Who then should be help responsiable for this? The person that linked the content, or the person with the actucally content?
Selling crack is illegal (atleast in the United States), but you can legally say "If you want crack, go down to 6th street and ask for Tony, he will set you up". Say this user goes and buys crack and gets busted. Who commited the crime here? The person that sold the crack? The person that bought the crack? You?
The person that bought the crack will be aresseted for possieon of an illegal substance. The person selling the crack will be arrested for distrubating an illegal substance. What the hell are the going to arrest you with, talking about an illegal substance? Fuck, go arrest half the media and you could even charge cops if "talking about crack" was illegal. %90 of the populas has talked about crack in one form or another.
Say they did make linking illegal, who would decide what was legal and what wasn't?
If someone has illegal content on there web site, then the person responsiable for posting this illegal content should be tried in a court of law for his acts, not the person that was talking or linking to it.
Linking IMHO is a form of free speech. I have the right to say, hey check out this Junk. But that is not my web site, just my words, who is responsiable for the stile projects acts? Me or the webmaster of that site?
Everyone is free to Link to what ever you fucking want. It may be in really bad taste, but it is not illegal.
If you are worried about rootkits (like a fake version of top, who, users, w, etc) you can reinstall those program from you read-only installation medium (ussually a cd-rom) or download and compile them directly from the site (ftp.gnu.org is a great place to start) and turn on a hell of a lot of logging and see if anything pops up.
If you aren't sure or not, backup your data (not programs or config) and reinstall, get lastest patches, configure, secure, test then bring back online
Ussually with linux, if you had your system online for a year, you might want to upgrade any way to your current distro lastest version, just to get the newest and coolest feartures. (Note newest and coolest feartures will have bugs (Note some bugs can be exploited for malice purposes))
If you are unsure, check it out. It is better to find no security holes, then "think" there is no security holes.
That is what I want to know, how the hell did NT get such a high DOD rating C2 or whatever, without having a decent logging/auditing system?
I am not flaming here, I just don't know much about NT and would really like to know how to log more than the default.
Personally (myself included in this) *nix system admin starting working for a complete *nix server farm, management buys into Microsofts PR engine and decides to bring NT into the picture. These *nix system admins (my self included in this) ared pushed into an NT envoriment without an formal or unformal training and have to try and port their "unix skills" over onto NT adminastoration, some unwilling to expect change and re-learn things for this new NT system, and then that is where the shit hits the fan.
The same thing happens if you put an NT admin in front of a Unix box, or a VMS admin in front of a MVS system. They where trained and self-studied and focused on this "type" of system, then for stupid or illogical reasons (read: managment) the admin is forced into a computer envoirment s/he was never trained or studied in, or even claim to know.
I didn't put NT on my resume, because I don't know it that well and I really don't want to or even work with it. When I was hired for the job is was %100 Unix, they asked me "Do you know how to work with NT?" "Nope", "Would you be willing to learn", "Nope"
I know this is close mind but I am a zealot and have a hard on for Unix or Unix like systems. When put in front of an NT machine I don't know the first thing to do, and have you ever tried to configure an NT box though `command.com` and `vim` (Win32 edition)?
If companies would be highly trained and CLUED NT admins (not *nix admins ported to NT admin) in front of the NT boxes and trained *nix admins in front of the *nix boxes, less exploits would happen across the board.
This happens alot, my freinds old college roomate is an NT admin (and a dam good one) and was working for a company with all NT boxes. He did a good job to, everything worked and it had a tight config. Then management decided to throw in 5 Sun Solaris boxes, and didn't hire a *nix admin for it. This NT Admin (which never put any *nix experince on his resume) was required to maintain these boxes. He got a "Unix for dummies" book and installed Red Hat on his home computer. Now lets think about this, when you where first learning your OS of choice, it was hard and you screwed up a lot, right? Everyone does this
royally fscking your home PC is one thing, but taking down a productive server in peak hours without a back up is another thing...
For some reason managment has a hard time understanding things like:
NT admins work on NT boxes. Unix admins work on Unix boxes. Perl programers, program in Perl. Visual Basic programmers, program in VB.
It gets messed up in managements head and comes out all messed up.
J(ust)MHO