Create a box running Apache SSL and have it firewalled / protected like crazy and locked down with LIDS or the NSA patches to linux. Use this box as the "password server" and have access to each and every password logged. And have each NOC employee be part of access groups that say "router access" or "colo access" or something so they can ONLY access data available for their group.
On the logging tables in the database, make sure they aren't readable or writeable by the web-user. They should only allow INSERT queries.
At least they did not call it one of the following:
1) Bloody Tiananmen Square Linux 2.0
2) Red Star Linux
3) Linux CodeRed
4) Mao and Red Catsup on a Linux Patty
5) Chinaman Linix
Please remember that the 2.5.x series is a development series and is NOT meant to be deployed in a stable environment. You are to expect bugs and problems with the 2.5.x series and generally it is not recommended that you install it UNLESS you can program and debug kernel stuff.
You may want to just continue upgrading on the 2.4.x series and wait until 2.6.x is stable.
Now wait a minute. Here on/., MS gets slammed because they want bugtraq and whoever to wait before they publicize a security hold until a fix can be reasonably made.
Microsoft is bashed because they take so long to release a fix that they know will work. RedHat releases a FIX immediately when they know it works.
Which company would you rather have a support / maintainance contract with ? Yeah, I thought so.
CERT had knowledge of the bug, a patch available, and quality assured with that patch... yet they still asked for a delay in publicizing the bug. Why ? The question should not be about RedHat, who acted responsibly, but instead why CERT is causing holdups that allow people in the underground communities more time.
Hmm... I wonder if the FBI, NSA, or CIA is on the list of "early notifications".... FBI intel. probably uses these early notifications
So once a month, right before the transmission drops you are faced with a major dilemma... your care suddenly becomes quite bitchy and participates in road rage. When a car in front of you signals a turn into your lane, your car speeds up to block it off... "It's my lane! HONK HONK!" your car screams like the grinding of bad breaks.
You tell your call to "knock it off and be polite" but it doesn't want to listen, so it cranks up the radio playing Britney Spears, locks the doors, locks the seat belts, and deploys the airbags. Suddenly over the radio you hear "I'll teach you to be mean to me"... just as your car starts accelerating to 120 MPH on a rough, windy, mountainous road with a cliff on one side.
I'd had to see what tractor-trailers equipped with this kind of attitude do.
Well, what an idiot...... "LETS POST A LINK DIRECTLY TO THE MAIN FTP ON SLASHDOT!"
Maybe someone kind enough to share might want to mirror the linux release. This is crazy that jon_c posted a direct link and michael approved it.
Maybe next time posting the game to freenet first would be a good idea. Freenet is now a stable enough network to handle a/. load IF more people would utilize it.
The problem with security today is the lack of it. Generally security on the Internet today is the same as how secure businesses are physically. Many businesses leave filing cabinet doors unlocked, rooms open, and papers unshredded.
Now in the company where you work, how hard would it be for a person in the general public to walk-in and act like a new client or staff member and gain access to sensitive information?
The problem with computing security in general is that it is more often exploited than flaws in physical security. IT departments don't know how to read www.microsoft.com/security and RedHat's update/errata page. They find security too difficult and do not place it high on their priority lists.
The 3Com OfficeConnect 812 modem supports NAT, bridging, bridging firewall, multiple ATM connections, and all the features found on normal "firewalling" DSL modems.
The key feature that stands out on this modem is the ability to use NAT at the same time as using bridging (optionally with firewalling rules).
The modem has a console interface along with a web-based interface to configure with. The modem a number of other neat features that normally don't exist on DSL modems and allows a very complex DSL installation to be performed with ease.
I'm lucky enough to have a friend at an ISP that hooked me up with one to replace my 3Com Dual Connect (Ethernet and USB), and two other modems from 3Com (beta equipment... from an official beta test).
I'd recommend 3Com modems over any linksys modem any day.
This file may be of use to all you network security guys wishing to investigate the stuff for yourselves. I do not recommend running it outside of a secured lan that has NO internet connectivity. You've been warned.
A valid URL to download this "worm"
that is going around right now in Outlook is:
>Certainly not criminal law, since you did not do it "willfully and for the purposes
>of commercial advantage or private financial gain.
He is making money for slashdot, a commercial business, by using a document owned by the United States of America.
> In fact, you can't even be sued for under civil law, since no one was injured
>by your violation.
I was... You see, here in China we don't believe in these basic rights. Now you have infected by mind with the ideas of Western government and my communist leaders are gonna roll over me with a tank as punishment! You dont think thats injurement?
----
Damn you idiots, don't you see whats going on here?
Can I take part in the individual survey?
I don't want to answer all your questions. Can I take part at all?
May I refer other software developers to your site?
Who are you?
There are many other studies about that topic! Why another one?
What kind of answers to you expect?
Why is the inquiry not in my language?
I'm a bit concerned about my personal data. What do you do with these informations?
Will the results be published in any form?
Question: Can I take part in the individual survey?
Answer: Of course. However, you must be involved in any open source/free software project.
Question: I don't want to answer all your questions. Can I take part at all?
Answer: Yes. All answers are optional. Please choose the option "no entry" if you dont want to give an answer to a specific question.
Question: May I refer other software developers to your site?
Answer: Definitly yes. We highly dependend on the amount of people taking part in our survey. Every open source/free software developer is welcome.
Question: Who are you?
Answer: We are a group of computer science students at the Technical University of Berlin. This survey is part of our studies, trying to get an empirical picture about the social and economic aspects of open source / free software developers.
Question: There are many other studies about that topic! Why another one?
Answer: Our study is digging deeper into the social aspects of open source developers. Therefore, we try to extend the value of former studies to get a even better and detailed result.
Question: What kind of answers to you expect?
Answer: The main target is to get an overview about the geographic location of open source developers. This can be socialy, economicaly and politicaly highly important. Finally, we want to take a closer look at the current developer scene.
Question: Why is the inquiry not in my language?
Answer: e translated the inquiry to all the languages we speak ourself. However, if your perferred language is not available, support us by translating the survey to the language of your choice.
Question: I'm a bit concerned about my personal data. What do you do with these informations?
Answer: Please take a look at our privacy policy.
Question: Will the results be published in any form?
Answer: Yes, we will publish our results on the WIDI-Homepage.
Since when can you trademark a work as common as "illustrator" when applied to computer programs?
Seriously, I've seen many programs that are advertised as an "illustrator tool" or such.
I mean, look in the dictionary, it has 4 different definitions! Can you trademark all four uses for it?
Re:If these guys had any sense at all...
on
Eco-Terrorism
·
· Score: 3
1. Releasing a little mercury will not destroy the environment as much as 100,000 miles on the engine... with gasoline and oil.
2. See #1
3. Freon (R12) hasn't really been used in cars since 1994... meaning these SUVs did not have it.
Organization:
Secaucus Group Inc
Secaucus Group Inc
295 Greenwich Street (Suite 184)
New York, NY 10007
US
Phone: (973) 503 1785
Email: dparisi@garden.net
Created on..............: Fri, Sep 25, 1998
Expires on..............: Tue, Sep 24, 2002
Record last updated on..: Fri, Feb 23, 2001
Administrative Contact:
Secaucus Group Inc
Secaucus Group Inc
295 Greenwich Street (Suite 184)
New York, NY 10007
US
Phone: (973) 503 1785
Email: dparisi@garden.net
Technical Contact:
Dan Parisi
Dan Parisi
295 Greenwich Street (Suite 184)
New York, NY 10007
US
Phone: (973) 503 1785
Email: dparisi@garden.net
Zone Contact:
Dan Parisi
Dan Parisi
295 Greenwich Street (Suite 184)
New York, NY 10007
US
Phone: (973) 503 1785
Email: dparisi@garden.net
Could this be used as a "legitimate use of p2p"?
on
Swarmcast GPLed
·
· Score: 5
The EFF is seeking help in this area of finding legitimate uses of peer to peer technologies...
Maybe this might be a very good argument in court... content distribution at high speeds.
Microsoft has stated on numerous occasions that SMB on Win9x (and NT) is a peer-to-peer based system when the machine is not part of a Windows NT domain.
SMB on windows is used as both a server and client. SMB is used to share files among linux systems and windows computers.
SMB is indeed a peer-to-peer system of sharing legitimate data. Many business offices, schools, and government use SMB to share files. Why don't we use RIAA as a good example of someone using peer-to-peer to share their MS Word documents about the trial on their lan?
More info...
The bank considered my request for using encryption as a "threat" instead of a precaution against interception of data.
The bank said I was guilty of extortion, even though I never asked for anything from the bank except to have them make sure they were protected against the vulnerabilities I reported one year prior.
The bank is trying to squish me from talking. In order to avoid a legal hassle, I must agree not to write about what bank it was and how stupid they were not to fix their problems immediately.
I detailed to the bank how to fix ONE of their problems, but mentioned there were more. They only fixed the one issue that I reported how to fix (they may have fixed the others months later... but I didn't check... its not my job).
The bank's CEO only cares about his bank's reputation... not about my rights to publish what I found. (thats why he has lawyers)
I did this recently and documented steps to show the intrusion technique (only one of many) and how to fix the problem. I submitted this information in a report to a bank...
Now, one year after the report was sent to the bank, I re-sent the report via PGP-crypted mail and said I wanted to publish the report publically.
They turned around and filed a report with the FBI which sparked an investigation into me (still going on).
Plus they started unleashing their lawyers on me.
Luckily I am a minor and it would look really bad for a bank to attack a kid who only wanted to exercise his first amendment rights to publish such information (none of which was illegal).
I suggest not using your approach of "showing the problem in a report." It has only caused troubles for me. Unless you have a ton of lawyers to protect you, this method isn't recommended.
In order to maintain an open and free government, the people must be able to understand all governmental processes (including limitations with their computers). It is not safe for any government to run software which it does not know how it operates... being able to review the source code and compile it yourself ensures security.
Also, since the government pays for all software with tax money, why shouldn't the people have access to that software? If I pay for the government to use software on its computers... I want access to that software I paid for.
Society has it embedded into its mind that "Corporations are always good, they always have the best interests of the market in mind" when that is not true. They instead have the best interests of their wallet in mind. Software companies do take bribes to modify software to suit certain people's needs... I would not doubt that the NSA has never paid MS for certain code changes to Windows that make spying easier.
if the United States government were to switch totally to open source software under the GPL. How many billions of dollars would be saved annually?
I wish the US Govt would jump on board and create a law like this. Just imagine, they would actually give tax cuts... instead of asking to increase taxes!
Slashdot Mirror
Create a box running Apache SSL and have it firewalled / protected like crazy and locked down with LIDS or the NSA patches to linux. Use this box as the "password server" and have access to each and every password logged. And have each NOC employee be part of access groups that say "router access" or "colo access" or something so they can ONLY access data available for their group.
On the logging tables in the database, make sure they aren't readable or writeable by the web-user. They should only allow INSERT queries.
This might be the best way.
x
The official mirrors haven't rsync'd yet. Anyone mind posting a mirror of the sources for this sucker ?
At least they did not call it one of the following:
1) Bloody Tiananmen Square Linux 2.0
2) Red Star Linux
3) Linux CodeRed
4) Mao and Red Catsup on a Linux Patty
5) Chinaman Linix
Why don't we have an ipv6 subnet that is allocated for the purpose of GPS-coordinate based 'websites'?
Please remember that the 2.5.x series is a development series and is NOT meant to be deployed in a stable environment. You are to expect bugs and problems with the 2.5.x series and generally it is not recommended that you install it UNLESS you can program and debug kernel stuff.
You may want to just continue upgrading on the 2.4.x series and wait until 2.6.x is stable.
-
Now wait a minute. Here on /., MS gets slammed because they want bugtraq and whoever to wait before they publicize a security hold until a fix can be reasonably made.
.... FBI intel. probably uses these early notifications
Microsoft is bashed because they take so long to release a fix that they know will work. RedHat releases a FIX immediately when they know it works.
Which company would you rather have a support / maintainance contract with ? Yeah, I thought so.
CERT had knowledge of the bug, a patch available, and quality assured with that patch... yet they still asked for a delay in publicizing the bug. Why ? The question should not be about RedHat, who acted responsibly, but instead why CERT is causing holdups that allow people in the underground communities more time.
Hmm... I wonder if the FBI, NSA, or CIA is on the list of "early notifications"
So once a month, right before the transmission drops you are faced with a major dilemma... your care suddenly becomes quite bitchy and participates in road rage. When a car in front of you signals a turn into your lane, your car speeds up to block it off... "It's my lane! HONK HONK!" your car screams like the grinding of bad breaks.
You tell your call to "knock it off and be polite" but it doesn't want to listen, so it cranks up the radio playing Britney Spears, locks the doors, locks the seat belts, and deploys the airbags. Suddenly over the radio you hear "I'll teach you to be mean to me"... just as your car starts accelerating to 120 MPH on a rough, windy, mountainous road with a cliff on one side.
I'd had to see what tractor-trailers equipped with this kind of attitude do.
Well, what an idiot...... "LETS POST A LINK DIRECTLY TO THE MAIN FTP ON SLASHDOT!"
/. load IF more people would utilize it.
Maybe someone kind enough to share might want to mirror the linux release. This is crazy that jon_c posted a direct link and michael approved it.
Maybe next time posting the game to freenet first would be a good idea. Freenet is now a stable enough network to handle a
The problem with security today is the lack of it. Generally security on the Internet today is the same as how secure businesses are physically. Many businesses leave filing cabinet doors unlocked, rooms open, and papers unshredded.
Now in the company where you work, how hard would it be for a person in the general public to walk-in and act like a new client or staff member and gain access to sensitive information?
The problem with computing security in general is that it is more often exploited than flaws in physical security. IT departments don't know how to read www.microsoft.com/security and RedHat's update/errata page. They find security too difficult and do not place it high on their priority lists.
- x-empt
The 3Com OfficeConnect 812 modem supports NAT, bridging, bridging firewall, multiple ATM connections, and all the features found on normal "firewalling" DSL modems.
The key feature that stands out on this modem is the ability to use NAT at the same time as using bridging (optionally with firewalling rules).
The modem has a console interface along with a web-based interface to configure with. The modem a number of other neat features that normally don't exist on DSL modems and allows a very complex DSL installation to be performed with ease.
I'm lucky enough to have a friend at an ISP that hooked me up with one to replace my 3Com Dual Connect (Ethernet and USB), and two other modems from 3Com (beta equipment... from an official beta test).
I'd recommend 3Com modems over any linksys modem any day.
- x-empt
Could this all be connected with the raids on the data farms in texas this past week?
I think our govt knew about this stuff a few weeks in advance. Coverup continues.
This file may be of use to all you network security guys wishing to investigate the stuff for yourselves. I do not recommend running it outside of a secured lan that has NO internet connectivity. You've been warned.
A valid URL to download this "worm"
that is going around right now in Outlook is:
http://206.106.0.240/~x-empt/FEDEX1.doc.com
x-empt
> What law?
The Digital Millennium Copyright Act (DMCA).
>Certainly not criminal law, since you did not do it "willfully and for the purposes
>of commercial advantage or private financial gain.
He is making money for slashdot, a commercial business, by using a document owned by the United States of America.
> In fact, you can't even be sued for under civil law, since no one was injured
>by your violation.
I was... You see, here in China we don't believe in these basic rights. Now you have infected by mind with the ideas of Western government and my communist leaders are gonna roll over me with a tank as punishment! You dont think thats injurement?
----
Damn you idiots, don't you see whats going on here?
Fast?
Nope... the GRAPES are each one sweet system!
Frequently Asked Questions
Can I take part in the individual survey?
I don't want to answer all your questions. Can I take part at all?
May I refer other software developers to your site?
Who are you?
There are many other studies about that topic! Why another one?
What kind of answers to you expect?
Why is the inquiry not in my language?
I'm a bit concerned about my personal data. What do you do with these informations?
Will the results be published in any form?
Question: Can I take part in the individual survey?
Answer: Of course. However, you must be involved in any open source/free software project.
Question: I don't want to answer all your questions. Can I take part at all?
Answer: Yes. All answers are optional. Please choose the option "no entry" if you dont want to give an answer to a specific question.
Question: May I refer other software developers to your site?
Answer: Definitly yes. We highly dependend on the amount of people taking part in our survey. Every open source/free software developer is welcome.
Question: Who are you?
Answer: We are a group of computer science students at the Technical University of Berlin. This survey is part of our studies, trying to get an empirical picture about the social and economic aspects of open source / free software developers.
Question: There are many other studies about that topic! Why another one?
Answer: Our study is digging deeper into the social aspects of open source developers. Therefore, we try to extend the value of former studies to get a even better and detailed result.
Question: What kind of answers to you expect?
Answer: The main target is to get an overview about the geographic location of open source developers. This can be socialy, economicaly and politicaly highly important. Finally, we want to take a closer look at the current developer scene.
Question: Why is the inquiry not in my language?
Answer: e translated the inquiry to all the languages we speak ourself. However, if your perferred language is not available, support us by translating the survey to the language of your choice.
Question: I'm a bit concerned about my personal data. What do you do with these informations?
Answer: Please take a look at our privacy policy.
Question: Will the results be published in any form?
Answer: Yes, we will publish our results on the WIDI-Homepage.
Since when can you trademark a work as common as "illustrator" when applied to computer programs?
Seriously, I've seen many programs that are advertised as an "illustrator tool" or such.
I mean, look in the dictionary, it has 4 different definitions! Can you trademark all four uses for it?
1. Releasing a little mercury will not destroy the environment as much as 100,000 miles on the engine... with gasoline and oil.
2. See #1
3. Freon (R12) hasn't really been used in cars since 1994... meaning these SUVs did not have it.
Organization:
Secaucus Group Inc
Secaucus Group Inc
295 Greenwich Street (Suite 184)
New York, NY 10007
US
Phone: (973) 503 1785
Email: dparisi@garden.net
Registrar Name....: Register.com
Registrar Whois...: whois.register.com
Registrar Homepage: http://www.register.com
Domain Name: DANPARISISUCKS.COM
Created on..............: Fri, Sep 25, 1998
Expires on..............: Tue, Sep 24, 2002
Record last updated on..: Fri, Feb 23, 2001
Administrative Contact:
Secaucus Group Inc
Secaucus Group Inc
295 Greenwich Street (Suite 184)
New York, NY 10007
US
Phone: (973) 503 1785
Email: dparisi@garden.net
Technical Contact:
Dan Parisi
Dan Parisi
295 Greenwich Street (Suite 184)
New York, NY 10007
US
Phone: (973) 503 1785
Email: dparisi@garden.net
Zone Contact:
Dan Parisi
Dan Parisi
295 Greenwich Street (Suite 184)
New York, NY 10007
US
Phone: (973) 503 1785
Email: dparisi@garden.net
The EFF is seeking help in this area of finding legitimate uses of peer to peer technologies...
Maybe this might be a very good argument in court... content distribution at high speeds.
Microsoft has stated on numerous occasions that SMB on Win9x (and NT) is a peer-to-peer based system when the machine is not part of a Windows NT domain.
SMB on windows is used as both a server and client. SMB is used to share files among linux systems and windows computers.
SMB is indeed a peer-to-peer system of sharing legitimate data. Many business offices, schools, and government use SMB to share files. Why don't we use RIAA as a good example of someone using peer-to-peer to share their MS Word documents about the trial on their lan?
:)
More info...
The bank considered my request for using encryption as a "threat" instead of a precaution against interception of data.
The bank said I was guilty of extortion, even though I never asked for anything from the bank except to have them make sure they were protected against the vulnerabilities I reported one year prior.
The bank is trying to squish me from talking. In order to avoid a legal hassle, I must agree not to write about what bank it was and how stupid they were not to fix their problems immediately.
I detailed to the bank how to fix ONE of their problems, but mentioned there were more. They only fixed the one issue that I reported how to fix (they may have fixed the others months later... but I didn't check... its not my job).
The bank's CEO only cares about his bank's reputation... not about my rights to publish what I found. (thats why he has lawyers)
I did this recently and documented steps to show the intrusion technique (only one of many) and how to fix the problem. I submitted this information in a report to a bank...
Now, one year after the report was sent to the bank, I re-sent the report via PGP-crypted mail and said I wanted to publish the report publically.
They turned around and filed a report with the FBI which sparked an investigation into me (still going on).
Plus they started unleashing their lawyers on me.
Luckily I am a minor and it would look really bad for a bank to attack a kid who only wanted to exercise his first amendment rights to publish such information (none of which was illegal).
I suggest not using your approach of "showing the problem in a report." It has only caused troubles for me. Unless you have a ton of lawyers to protect you, this method isn't recommended.
No! No! Its "Microsoft good, open source bahhhd! Microsoft good, open source bahhhd! Microsoft good, open source bahhhd!"
In order to maintain an open and free government, the people must be able to understand all governmental processes (including limitations with their computers). It is not safe for any government to run software which it does not know how it operates... being able to review the source code and compile it yourself ensures security.
Also, since the government pays for all software with tax money, why shouldn't the people have access to that software? If I pay for the government to use software on its computers... I want access to that software I paid for.
Society has it embedded into its mind that "Corporations are always good, they always have the best interests of the market in mind" when that is not true. They instead have the best interests of their wallet in mind. Software companies do take bribes to modify software to suit certain people's needs... I would not doubt that the NSA has never paid MS for certain code changes to Windows that make spying easier.
if the United States government were to switch totally to open source software under the GPL. How many billions of dollars would be saved annually?
... instead of asking to increase taxes!
I wish the US Govt would jump on board and create a law like this. Just imagine, they would actually give tax cuts