There is far more diversity in the web development world than on corporate and home desktops. While PHP/MySQL/Linux may be popular for websites, they are hardly a monoculture. I hear Java is pretty popular these days. There's no shortage of jobs for Java developers. Ruby on Rails is up and coming. Plenty of people use ASP(.NET) as well.
If the ILEC finds out what the CLEC is doing with the line, can the ILEC charge the CLEC more for it? I mean, the circuit was run under the false pretense that it was going to be used for 5 phone lines. Almost seems like fraud. Or is it just some loophole in FCC regulations?
$230 for a T1 circuit is pretty damn good... especially one long distance. I know for a fact that just the loop costs about $350 for 1 mile in Chicago. I can't imagine what it costs a rural carrier. Who did you have to sleep with to get that deal? Did you pay for the line card/smart jack? How about the CSU/DSU?
I think you underestimate the economics of the situation. Each year, the companies who make the networking equipment make new breakthroughs in faster telecommunications hardware. That breakthrough means that lots of expensive equipment can be replaced with less equipment at a lower price.
I don't think that is necessarily the trend. Having worked for an ISP, the big routers are still pretty damn expensive and you still need a router per peering point (and then some) unless you want to consolidate your networking into single points of failure. And on top of that, vast amounts of spam and other malicious traffic are clogging up servers. Routing tables are massive and maintenence is general is getting more and more complicated. Things were easy for ISPs when all they had to do was keep centralized banks of dialin ports running. Any mom or pop could open up an ISP back in the day. Didn't need much more than a T1 for data, a PRI circuit, and a modem pool.
That lower price then translates into the ability to add more equipment to produce more bandwidth. Thus there's more bandwidth available at the same price. Ergo, why you're using broadband now instead of a modem, and why DSL and cable providers are able to keep bumping up the speeds on their connections.
They can bump up the speeds because most people still don't really utilize the bandwidth. It is a selling point. Do you remember the days when internet access was was like $20/mo? The cost is going up, not down. Just like cable TV. They kept adding more and more channels to justify higher and higher rates until your once $30 or so cable bill became more like $80 despite newer and better technology.
In other words, Moores Law--while not actually being a law at all--applies to more than just CPUs. All microelectronics benefit from smaller, faster circuitry and more advanced electronic processing technology.
I think uniqutous HiDef over the internet is a long way off. It is barely a standard in broadcast (in the US anyway). The internet bandwidth just isn't there. To get it there, expect to see the bill from your ISP double. But I guess that wouldn't be so bad if you could say good bye to your $100 cable/satelite TV bill...
Free internet access. How do we make money? Volume.
Ya, I know, just the low speed is free. But still, doesn't sound like a solid business plan. From what I understand, what people like most about broadband is the "always on" aspect.. not so much the bandwidth. I wonder if 384/128 is low enough to encourage people to pay for the faster service.
This is true, but how do you tell the difference between a script kiddie, and someone trying to look like one?
Well, that would one clever hacker, I suppose. I guess I'm not that paranoid (a bad thing in this case, I know).
Yes, you could keep a checksum of every file on the system, but verifying that would take longer than just reimaging. If you've set the system up correctly in the first place, with data files on separate partitions from system files, reimaging should be painless.
How can you be sure the rootkit or backdoor wasn't buried in the data files? A web server, for example, may contain thousands of scripts and binaries. A complete system checksum validation will tell you more about what happened and you could even keep the system running if absolutely necessary (depending on the nature of the intrusion and function of the server).
What the fuck, dude? Do you even read past the first line of posts? You don't even seem to know (or care) who you are reponding to. Take a Xanax or something and relax.
Yes, there are. But they don't exist in some magical space. They are written to the disk.
Right, system files that are written to disk but are not part of a package. Therefore, a package validation does not find them. You have to include checking user crontabs as an explict part of your system review.
You don't miss a thing. Every file will belong to a package.
Not true. See above.
You identify the package from the file. That tells you the specs for those files.
Any file that is not identified as part of a package may be a problem.
It's as easy as that.
You're one step away from me questioning your ability to read with comprehension. Don't cross that line.
Now you are just being an ass.
No. You start with validating the packages. That will tell you if you're machine has been compromised.
It will not necessearily tell you anything.
Then you check the accounts.
Is this conditional upon the previous step finding something or are you saying you would do it either way?
If you haven't found any problems at that point, then ANYTHING you do will have the same net effect. But re-building the machine will have taken MORE time and NOT give you the information that none of the files on your system were compromised.
Please check who you are responding you. I never suggested rebuilding a machine before verifying whether or not it has been compromised.
And individual accounts could have ssh identity keys setup such that an intruder would have access to your system even if all passwords were changed and all system config files verified.
Yes, and that would be no different from re-building the machine and having those same users re-create those keys.
Question is, how would your method of verifying packages detect and recover from forged user ssh identity keys?
In order to show that I'm wrong, you'll have to come up with a scenario where re-building the box would remove the threat while just validating the box would not. That includes checking the files that are not validated. As I originally stated.
On a system that actually does anything useful, you could have thousands of unvalidated files. On a web server this could be particularly problematic because those unvalidated files often contain code (CGI, PHP, etc). And again, I didn't say anything about rebuilding a machine. I'm simply pointing out the weaknesses in your intrusion detection and recovery methods.
#1. If the vulnerability is there, it is still there when the box is re-built.
And it is still there after validating packages.
#2. If it is a matter of passwords and accounts, those are easily checked after the box is validated.
But there are exceptions like I mentioned with the ssh keys.
#3. If it is something else, then explain how it got there in the first place and why it would not happen again when the box is re-built.
Anyone who simply rebuilds a machine without first identifying the vulnerability used is just a moron. I'm not sure who is advocating that. It certainly isn't me. Rebuilding is meant to be more confident that all backdoors and rootkits are gone. But, again, I'm not necessarily advocating a rebuild in all cases. I've had compromised machines where the attacker never got root and only seemed interested in using the box to relay spam. Rebuilding woudl have been a waste of time. Given a more determined hacker with some serious skills, I might consider rebuilding the box.
During the validation process, the files in the/etc/cron* would also be validated. Anything that didn't match the package would have to be checked by hand. Since all of those should have been setup by you (the admin), it should be easy to quickly validate them.
There are also personal crontabs that are not part of any package. And individual accounts could have ssh identity keys setup such that an intruder would have access to your system even if all passwords were changed and all system config files verified. I'm not saying that one must necessarily reimage/reinstall a machine if compromised. I'm just pointing out that it is much more complicated than simply validating package files.
That said, I think that the "just reinstall" mentality comes from the Windows world where it is accepted practice to just reboot/reinstall/reimage computers when they start acting strange. Not because admins are necessarily imcompetent, but because debugging Windows is often a nightmare filled with voodoo rituals and sacraficed chickens.
So, you're claiming that once I've validated every executable on my system... a config file could still run a rootkit?
Perhaps not a rootkit, per se, but couldn't an intruder simply add a cron job which uses completely legitimate system binaries to either send him/her sensitive information or even provide a backdoor? How about something as simple as creating an account with root/sudo privs?
Your method will work most of the time cleaning up after some peon such as yourself who's just fucked things up, but is is not a wise course of action against a determined, experienced intruder.
Most intruders are either script kiddies or other automated, scripted attack which often have a very obvious signature. These are usually very easy to clean up after on a unix machine.
You clearly do not understand how package managers work. While you would be able to track the base files installed, you wouldn't be able to do so with files generated files (take a look through/var...), nor would you be able to do so with intentionally changed files. (ie, config files, which often point to binaries to be executed) By your method, you'd have to go through every config file by hand, because if you're not keeping backup images, you're probably not keeping logs of what you've changed.
You could, concievable, keep MD5 sums of all significant config files and simply verify them based on a known clean config. It isn't like they change very often on a stable system. Between that and using package managers to verify binaries, and using chkrootkit, you should be able to avoid the downtime and potential data loss of reimaging a machine. If you're dealing with a dedicated and intelligent intruder (not just some script kiddie), you should be worried about what OTHER systems he/she has gotten into.
I do, occasionally (maybe once every 6 months) run the online scanners over my PC. Thus far, no infection has ever been detected.
Well, that is viruses. I would agree that viruses can be easily avoided with a non-OE mail reader, regular security updates, and simply not executing files sent via email. Spyware, on the other hand, is a lot easier to get infected with. It can come bundleed with other software with little or no notice to you before installing. If you happen to use IE (i'm guessing you don't), spyware can be installed just by viewing shady web sites with careless ad providers. You should run a couple spyware scanners. I would be surprised if you are completely clean. But, if you are, congrats on your tech savviness and paranoia. Even the most careful Windows users that I know get spyware now and then. I don't blame the users and I don't necessarily blame MS. I blame the people putting the shit out there in the first place.
So if you used Windows on a daily basis, you would not run a virus scanner or a spyware scanner? You would rely solely on your personal computing prowess to prevent and/or remove all infections? If you say yes, first I'll call bullshit. Then I'll ask how you can expect this kind of tech savvy from your average user.
The my argument stands. We can only assume that other intelligent life is peaceful and seek to be peaceful with them.
I seriously have no idea where you pulled that conclusion from. Just because they aren't attacking us doesn't mean they are enlightened and peaceful. Maybe a rival gas giant race wants to wipe them out and zaps a few of our stars, whoops humanity is collateral damage.
Go back to my original post. I said I would bet on any given highly advanced intelligent species being peaceful. That is a good bet for a few reasons. First, if I win the bet, I reap the rewards (obviously). Second, if I lose the bet, humans are probably toast, so it doesn't matter. Why would anyone make a bet which they could never collect on if they won?
You can safely ignore everything else I have said on this subject and just focus on those two points. Although I do have reasons to believe that any sufficiently advanced species would be peaceful, those reasons don't matter as far as the quality of the bet goes.
The question isn't on what grounds did they unite and become peaceful (internally). The question is, have they stagnated?
But they [Japan] aren't in a stable equilibrium. There are hostile or at the very least competitive external forces promoting innovation and growth.
Competition is one thing. War is another. Fact is that Japan has advanced without war as a motivation. I didn't say anything about "stable equilibrium." I'm just talking about relative peace.
What about Genghis Khan. How in the world is he an example of a pacifist stagnating for millions of years?
Hes an example of an aggressor riding roughshod over stagnated populations, introducing such technological innovations as the firearm for example.
But this doesn't apply if the whole world is effectively a single population. What happens when the technological differential within the human population becomes negligable and all out war become unfeasable due to overly destructive technology? It seems to me that if humans do not destroy themselves with said technology, they will become peaceful.. or as you say, "stagnate." At some point, the idea of going to war with China, for example, will seem as foreign to people as the idea of going to war with the city across the river would seem to you or me. And I don't think this is being optimistic. I'm just looking at historical trends. First there were tribes, then tribes united to become nations, and nations united to become empires, now globalization is creating meaningful treaties between nations and empires. Yes, there was a lot of war along the way, but who will there be left to fight after globalization is through?
agree. To be honest, I'm not sure what your point is here. I'm saying that its likely that the most technologically advanced species will be aggressive and warlike, you are saying that past a certain level, enlightenment descends for some reason and peace breaks out all over.
No, I'm saying that either enlightment does "descend" upon the world or we destroy ourselves with technology gained through warlike behavior. It is a matter of survival, not optimism. I am not paricularly optistic about humans even surviving to the point where extraterrestrial competition even becomes an issue. Trust me, I'm not a particularly optimistic person by nature.
Whoever said you could? In my estimation humanity would be completely wiped out in such a conflict. Life is hard. The only saving grace we might possibly have is that they might not require similar resources to us, life could have taken any number of shapes and sizes. For all we know the dominant intelligence in the Galaxy could be gas giant based, and would never have any interest in us at all. The only reason they might attack us would be for target practice. Who knows, that might be enough of a reason.
The my argument stands. We can only assume that other intelligent life is peaceful and seek to be peaceful with them. ALthough I think that is the approach that most scientists are taking and will continue to take. So in that respect I am not too worried. It is the rest of the world which watches too much sci-fi and has too many guns that I worry about.
How many more world wars can we sustain before we either detroy ourselves or knock ourselves back into the bronze age?
When open war is no longer a feasable option, the battlefield merely shifts, as history has shown us (for example the cold war).
So "war" as we know it will become obsolete. Is that what you are saying?
But you have very little to base this prediction on.
Except, for example, Genghis Khan. I'm sure a few hundred other examples could be applied.
What about Genghis Khan. How in the world is he an example of a pacifist stagnating for millions of years? I'm looking for evidence that peaceful groups necessarily stagnate.
Sixty years of peace hardly qualifies as a good example. And I should point out that the formation of the EU began on economic grounds, in the face of a far more competitive US.
The question isn't on what grounds did they unite and become peaceful (internally). The question is, have they stagnated? The only thing any country or group of countries needs to progress is good education. You have that, and you have lots of people coming up with new ideas. Again, war is the old motivation.
Japan has no military because it is under the aegis of the US, with US bases and forces in place to protect it. Furthermore is has received massive amounts of foreign aid from the US to prop up its economy, in the name of being a bulwark against communist China, aid which extended until relatively recently. Now that the aid has ceased, guess what? They are jockeying for their own military forces again.
Sure, they were propped up, but they didn't stagnate. Quite the opposite. They progressed faster than most nations have. Look, i'm not saying that countries don't want some kind of military or that any country should just disband their military. I'm just saying that peace does not mean stagnation. On one hand, yes, war has produced a lot of the technology we enjoy today. ON the other hand, such thoughtless and single minded progress has also led to a world where the global environment is in trouble. Something has to change. Technology driven by the military is not going to continue to serve us. The military does not care much about being environmentally friendly.
So I don't buy this idea for a second that we must continue fighting and competing with our brother in order to avoid "stagnation."
Oh I didn't say that. I'm just pointing out the iron hard evidence to the contrary. Frankly I really don't have an opinion on the matter, but if it looks like a duck and quacks like a duck...
Ok, maybe competition isn't bad, but I see no reason why we must necessarily fight to progress.
In summary I should say I am as pro-peace as the next man, and I think war is an evil that must be stamped out, and soon. The preponderance of evidence is distinctly in favour of aggressive expansionist cultures gaining the upper hand technologically however.
That is until all the world is roughly equal and loose global treaties are taken seriously enough to maintain global peace. The preponderance of evidence is distinctly in favor of larger and larger federations and unions. At some point, our eyes will collectively turn to outer space looking for a new enemy and we'll begin to realize how absolutely hopeless and pointless it would be to try to fight them. We'll either squash some other bronze age budding intelligent species which would give us very little, or we would encounter intelligent life which is far more advanced than us. The chances of meeting another intelligent species which is at or near our own level of advancement to meaninfully compete with is next to nil.
Or they learn how to carry out effective space travel and colonization in time to survive through extreme expansionism that ensures any planet wide destruction won't be a significant detriment to the overall size of the population.... In which case you really wouldn't want to meet them.
If humans are any measure, the ability (and tendancy) for a species to destroy itself comes long before the ability to effectively colonize other planets. And any intelligent life advanced enough to colonize beyond their solar system probably already knows we are here anyway, so it doesn't really matter if we pay them a little visit to say "What's up!" and borrow a cup of sugar.
Chances are that the most advanced species are the most competitive or warlike
If this is the case, then we are doomed. How would you compete with a species that is hundreds, thousands, and possibly millions of years more advanced that us... AND warlike? This isn't "Independance Day" where you can upload a virus to their Mothership using a Powerbook and a 56k modem.
I've heard this before, and the reasoning is a bit suspect. I mean, do you think its coincidence that the greatest advances in technology were achieved during times of war (hot or cold)? I certainly don't. Chances are that the most advanced species are the most competitive or warlike,
I understand that, but what makes you think this model is sustainable? How many more world wars can we sustain before we either detroy ourselves or knock ourselves back into the bronze age? Heck, just look at the environment. Do you think we will ever realy solve enivonrmental problems without advancing to some state of global cooperation rather than competition?
and the pacifists reach a state of equilibrium (stagnation) with their environment for a few million years before the other races find them and wipe them out.
But you have very little to base this prediction on. Perhaps the word "pacifist" is getting in the way here. Maybe it is too foofy for you bringing up images of hippies smoking dope all day long. HOw about just "peaceful" or "educated." So many wars happen because people are just plain ignorant (and desparate). Look at Europe, for example. They've FINALLY found peace after hundreds of years of nearly constant warring. Look at Japan. They have almost no military. Are they stagnating? Hardly. It is the US, the most warlike modern nation, which is falling behind.
So I don't buy this idea for a second that we must continue fighting and competing with our brother in order to avoid "stagnation." Technology through war is the old way. Just like worshipping kings and queens is the old way. We have a good degree of freedom. Now it is time to work on achieving peace. It is either that of destroy outselves like probably many intelligent life forms in the universe already have.
Let me put it this way. Even if we do maintain our competative and warlike tendencies, chances are that most of the intelligent life forms out there are hundreds, thousands, and maybe millions of years more advanced than us. We couldn't compete. THere is no sense in even trying. And if we go out into space with guns blazing, they might just decide to squash us like annoying bugs. I could easily imagine otther intelligent species having a policy which states: "If a budding intelligent species doesn't destroy itself and doesn't drop its warlike attitude, we must destoy it ourselves for the safety of all intelligent-kind." I'm sure someone already knows we are here.
Perhaps these planets contain intelligent life, advanced far beyond our own. Perhaps they have learned the better way of pacifism and build technologies directed toward bettering life rather than destroying it.
I'd bet on it. Seems to me that some form of pacifism would pretty much be a necessity for any intelligent species to survive beyond a certain technological threshhold. I mean, at some point technology advances such that it becomes possible to destroy an entire planet with the push of a button (or a slow death by polution). Either a species learns peace or they destroy themselves. Could be that simple. Humans will soon be put to the test (are we being tested now?). Could be that there is all kinds of intelligent life out there just waiting to see if we pass The Test.
Uh, ya, like anyone is going to send a manned mission to an unknown solar system in the forseable future. How disappointing would it be to wait 100+ years and get NOTHING back because something unforseable happened. We're still debating going back to the MOON, of all places. Mars is still probably 30+ years away. I don't imagine anyone bothering with manned extra-solar trips before faster-than-light travel is discovered. We've still got a hell of lot to learn about our own solar system.
Slashdot Mirror
There is far more diversity in the web development world than on corporate and home desktops. While PHP/MySQL/Linux may be popular for websites, they are hardly a monoculture. I hear Java is pretty popular these days. There's no shortage of jobs for Java developers. Ruby on Rails is up and coming. Plenty of people use ASP(.NET) as well.
-matthew
If the ILEC finds out what the CLEC is doing with the line, can the ILEC charge the CLEC more for it? I mean, the circuit was run under the false pretense that it was going to be used for 5 phone lines. Almost seems like fraud. Or is it just some loophole in FCC regulations?
-matthew
$230 for a T1 circuit is pretty damn good... especially one long distance. I know for a fact that just the loop costs about $350 for 1 mile in Chicago. I can't imagine what it costs a rural carrier. Who did you have to sleep with to get that deal? Did you pay for the line card/smart jack? How about the CSU/DSU?
-matthew
I think you underestimate the economics of the situation. Each year, the companies who make the networking equipment make new breakthroughs in faster telecommunications hardware. That breakthrough means that lots of expensive equipment can be replaced with less equipment at a lower price.
I don't think that is necessarily the trend. Having worked for an ISP, the big routers are still pretty damn expensive and you still need a router per peering point (and then some) unless you want to consolidate your networking into single points of failure. And on top of that, vast amounts of spam and other malicious traffic are clogging up servers. Routing tables are massive and maintenence is general is getting more and more complicated. Things were easy for ISPs when all they had to do was keep centralized banks of dialin ports running. Any mom or pop could open up an ISP back in the day. Didn't need much more than a T1 for data, a PRI circuit, and a modem pool.
That lower price then translates into the ability to add more equipment to produce more bandwidth. Thus there's more bandwidth available at the same price. Ergo, why you're using broadband now instead of a modem, and why DSL and cable providers are able to keep bumping up the speeds on their connections.
They can bump up the speeds because most people still don't really utilize the bandwidth. It is a selling point. Do you remember the days when internet access was was like $20/mo? The cost is going up, not down. Just like cable TV. They kept adding more and more channels to justify higher and higher rates until your once $30 or so cable bill became more like $80 despite newer and better technology.
In other words, Moores Law--while not actually being a law at all--applies to more than just CPUs. All microelectronics benefit from smaller, faster circuitry and more advanced electronic processing technology.
Sure, but ISPs are not selling you electronics.
-matthew
I think uniqutous HiDef over the internet is a long way off. It is barely a standard in broadcast (in the US anyway). The internet bandwidth just isn't there. To get it there, expect to see the bill from your ISP double. But I guess that wouldn't be so bad if you could say good bye to your $100 cable/satelite TV bill...
-matthew
Free internet access. How do we make money? Volume.
Ya, I know, just the low speed is free. But still, doesn't sound like a solid business plan. From what I understand, what people like most about broadband is the "always on" aspect.. not so much the bandwidth. I wonder if 384/128 is low enough to encourage people to pay for the faster service.
-matthew
"XML based programming language" is an oxymoron.
-mattew
This is true, but how do you tell the difference between a script kiddie, and someone trying to look like one?
Well, that would one clever hacker, I suppose. I guess I'm not that paranoid (a bad thing in this case, I know).
Yes, you could keep a checksum of every file on the system, but verifying that would take longer than just reimaging. If you've set the system up correctly in the first place, with data files on separate partitions from system files, reimaging should be painless.
How can you be sure the rootkit or backdoor wasn't buried in the data files? A web server, for example, may contain thousands of scripts and binaries. A complete system checksum validation will tell you more about what happened and you could even keep the system running if absolutely necessary (depending on the nature of the intrusion and function of the server).
-matthew
What the fuck, dude? Do you even read past the first line of posts? You don't even seem to know (or care) who you are reponding to. Take a Xanax or something and relax.
-matthew
Yes, there are. But they don't exist in some magical space. They are written to the disk.
Right, system files that are written to disk but are not part of a package. Therefore, a package validation does not find them. You have to include checking user crontabs as an explict part of your system review.
You don't miss a thing. Every file will belong to a package.
Not true. See above.
You identify the package from the file. That tells you the specs for those files.
Any file that is not identified as part of a package may be a problem.
It's as easy as that.
You're one step away from me questioning your ability to read with comprehension. Don't cross that line.
Now you are just being an ass.
No. You start with validating the packages. That will tell you if you're machine has been compromised.
It will not necessearily tell you anything.
Then you check the accounts.
Is this conditional upon the previous step finding something or are you saying you would do it either way?
If you haven't found any problems at that point, then ANYTHING you do will have the same net effect. But re-building the machine will have taken MORE time and NOT give you the information that none of the files on your system were compromised.
Please check who you are responding you. I never suggested rebuilding a machine before verifying whether or not it has been compromised.
And individual accounts could have ssh identity keys setup such that an intruder would have access to your system even if all passwords were changed and all system config files verified.
Yes, and that would be no different from re-building the machine and having those same users re-create those keys.
Question is, how would your method of verifying packages detect and recover from forged user ssh identity keys?
In order to show that I'm wrong, you'll have to come up with a scenario where re-building the box would remove the threat while just validating the box would not. That includes checking the files that are not validated. As I originally stated.
On a system that actually does anything useful, you could have thousands of unvalidated files. On a web server this could be particularly problematic because those unvalidated files often contain code (CGI, PHP, etc). And again, I didn't say anything about rebuilding a machine. I'm simply pointing out the weaknesses in your intrusion detection and recovery methods.
#1. If the vulnerability is there, it is still there when the box is re-built.
And it is still there after validating packages.
#2. If it is a matter of passwords and accounts, those are easily checked after the box is validated.
But there are exceptions like I mentioned with the ssh keys.
#3. If it is something else, then explain how it got there in the first place and why it would not happen again when the box is re-built.
Anyone who simply rebuilds a machine without first identifying the vulnerability used is just a moron. I'm not sure who is advocating that. It certainly isn't me. Rebuilding is meant to be more confident that all backdoors and rootkits are gone. But, again, I'm not necessarily advocating a rebuild in all cases. I've had compromised machines where the attacker never got root and only seemed interested in using the box to relay spam. Rebuilding woudl have been a waste of time. Given a more determined hacker with some serious skills, I might consider rebuilding the box.
-matthew
During the validation process, the files in the /etc/cron* would also be validated. Anything that didn't match the package would have to be checked by hand. Since all of those should have been setup by you (the admin), it should be easy to quickly validate them.
There are also personal crontabs that are not part of any package. And individual accounts could have ssh identity keys setup such that an intruder would have access to your system even if all passwords were changed and all system config files verified. I'm not saying that one must necessarily reimage/reinstall a machine if compromised. I'm just pointing out that it is much more complicated than simply validating package files.
That said, I think that the "just reinstall" mentality comes from the Windows world where it is accepted practice to just reboot/reinstall/reimage computers when they start acting strange. Not because admins are necessarily imcompetent, but because debugging Windows is often a nightmare filled with voodoo rituals and sacraficed chickens.
-matthew
So, you're claiming that once I've validated every executable on my system ... a config file could still run a rootkit?
Perhaps not a rootkit, per se, but couldn't an intruder simply add a cron job which uses completely legitimate system binaries to either send him/her sensitive information or even provide a backdoor?
How about something as simple as creating an account with root/sudo privs?
-matthew
Your method will work most of the time cleaning up after some peon such as yourself who's just fucked things up, but is is not a wise course of action against a determined, experienced intruder.
/var...), nor would you be able to do so with intentionally changed files. (ie, config files, which often point to binaries to be executed) By your method, you'd have to go through every config file by hand, because if you're not keeping backup images, you're probably not keeping logs of what you've changed.
Most intruders are either script kiddies or other automated, scripted attack which often have a very obvious signature. These are usually very easy to clean up after on a unix machine.
You clearly do not understand how package managers work. While you would be able to track the base files installed, you wouldn't be able to do so with files generated files (take a look through
You could, concievable, keep MD5 sums of all significant config files and simply verify them based on a known clean config. It isn't like they change very often on a stable system. Between that and using package managers to verify binaries, and using chkrootkit, you should be able to avoid the downtime and potential data loss of reimaging a machine. If you're dealing with a dedicated and intelligent intruder (not just some script kiddie), you should be worried about what OTHER systems he/she has gotten into.
-matthew
I do, occasionally (maybe once every 6 months) run the online scanners over my PC. Thus far, no infection has ever been detected.
Well, that is viruses. I would agree that viruses can be easily avoided with a non-OE mail reader, regular security updates, and simply not executing files sent via email. Spyware, on the other hand, is a lot easier to get infected with. It can come bundleed with other software with little or no notice to you before installing. If you happen to use IE (i'm guessing you don't), spyware can be installed just by viewing shady web sites with careless ad providers. You should run a couple spyware scanners. I would be surprised if you are completely clean. But, if you are, congrats on your tech savviness and paranoia. Even the most careful Windows users that I know get spyware now and then. I don't blame the users and I don't necessarily blame MS. I blame the people putting the shit out there in the first place.
-matthew
So if you used Windows on a daily basis, you would not run a virus scanner or a spyware scanner? You would rely solely on your personal computing prowess to prevent and/or remove all infections? If you say yes, first I'll call bullshit. Then I'll ask how you can expect this kind of tech savvy from your average user.
-matthew
The my argument stands. We can only assume that other intelligent life is peaceful and seek to be peaceful with them.
I seriously have no idea where you pulled that conclusion from. Just because they aren't attacking us doesn't mean they are enlightened and peaceful. Maybe a rival gas giant race wants to wipe them out and zaps a few of our stars, whoops humanity is collateral damage.
Go back to my original post. I said I would bet on any given highly advanced intelligent species being peaceful. That is a good bet for a few reasons. First, if I win the bet, I reap the rewards (obviously). Second, if I lose the bet, humans are probably toast, so it doesn't matter. Why would anyone make a bet which they could never collect on if they won?
You can safely ignore everything else I have said on this subject and just focus on those two points. Although I do have reasons to believe that any sufficiently advanced species would be peaceful, those reasons don't matter as far as the quality of the bet goes.
-matthew
The question isn't on what grounds did they unite and become peaceful (internally). The question is, have they stagnated?
But they [Japan] aren't in a stable equilibrium. There are hostile or at the very least competitive external forces promoting innovation and growth.
Competition is one thing. War is another. Fact is that Japan has advanced without war as a motivation. I didn't say anything about "stable equilibrium." I'm just talking about relative peace.
What about Genghis Khan. How in the world is he an example of a pacifist stagnating for millions of years?
Hes an example of an aggressor riding roughshod over stagnated populations, introducing such technological innovations as the firearm for example.
But this doesn't apply if the whole world is effectively a single population. What happens when the technological differential within the human population becomes negligable and all out war become unfeasable due to overly destructive technology? It seems to me that if humans do not destroy themselves with said technology, they will become peaceful.. or as you say, "stagnate." At some point, the idea of going to war with China, for example, will seem as foreign to people as the idea of going to war with the city across the river would seem to you or me. And I don't think this is being optimistic. I'm just looking at historical trends. First there were tribes, then tribes united to become nations, and nations united to become empires, now globalization is creating meaningful treaties between nations and empires. Yes, there was a lot of war along the way, but who will there be left to fight after globalization is through?
agree. To be honest, I'm not sure what your point is here. I'm saying that its likely that the most technologically advanced species will be aggressive and warlike, you are saying that past a certain level, enlightenment descends for some reason and peace breaks out all over.
No, I'm saying that either enlightment does "descend" upon the world or we destroy ourselves with technology gained through warlike behavior. It is a matter of survival, not optimism. I am not paricularly optistic about humans even surviving to the point where extraterrestrial competition even becomes an issue. Trust me, I'm not a particularly optimistic person by nature.
-matthew
Whoever said you could? In my estimation humanity would be completely wiped out in such a conflict. Life is hard. The only saving grace we might possibly have is that they might not require similar resources to us, life could have taken any number of shapes and sizes. For all we know the dominant intelligence in the Galaxy could be gas giant based, and would never have any interest in us at all. The only reason they might attack us would be for target practice. Who knows, that might be enough of a reason.
The my argument stands. We can only assume that other intelligent life is peaceful and seek to be peaceful with them. ALthough I think that is the approach that most scientists are taking and will continue to take. So in that respect I am not too worried. It is the rest of the world which watches too much sci-fi and has too many guns that I worry about.
-matthew
How many more world wars can we sustain before we either detroy ourselves or knock ourselves back into the bronze age?
When open war is no longer a feasable option, the battlefield merely shifts, as history has shown us (for example the cold war).
So "war" as we know it will become obsolete. Is that what you are saying?
But you have very little to base this prediction on.
Except, for example, Genghis Khan. I'm sure a few hundred other examples could be applied.
What about Genghis Khan. How in the world is he an example of a pacifist stagnating for millions of years? I'm looking for evidence that peaceful groups necessarily stagnate.
Sixty years of peace hardly qualifies as a good example. And I should point out that the formation of the EU began on economic grounds, in the face of a far more competitive US.
The question isn't on what grounds did they unite and become peaceful (internally). The question is, have they stagnated? The only thing any country or group of countries needs to progress is good education. You have that, and you have lots of people coming up with new ideas. Again, war is the old motivation.
Japan has no military because it is under the aegis of the US, with US bases and forces in place to protect it. Furthermore is has received massive amounts of foreign aid from the US to prop up its economy, in the name of being a bulwark against communist China, aid which extended until relatively recently. Now that the aid has ceased, guess what? They are jockeying for their own military forces again.
Sure, they were propped up, but they didn't stagnate. Quite the opposite. They progressed faster than most nations have. Look, i'm not saying that countries don't want some kind of military or that any country should just disband their military. I'm just saying that peace does not mean stagnation. On one hand, yes, war has produced a lot of the technology we enjoy today. ON the other hand, such thoughtless and single minded progress has also led to a world where the global environment is in trouble. Something has to change. Technology driven by the military is not going to continue to serve us. The military does not care much about being environmentally friendly.
So I don't buy this idea for a second that we must continue fighting and competing with our brother in order to avoid "stagnation."
Oh I didn't say that. I'm just pointing out the iron hard evidence to the contrary. Frankly I really don't have an opinion on the matter, but if it looks like a duck and quacks like a duck...
Ok, maybe competition isn't bad, but I see no reason why we must necessarily fight to progress.
In summary I should say I am as pro-peace as the next man, and I think war is an evil that must be stamped out, and soon. The preponderance of evidence is distinctly in favour of aggressive expansionist cultures gaining the upper hand technologically however.
That is until all the world is roughly equal and loose global treaties are taken seriously enough to maintain global peace. The preponderance of evidence is distinctly in favor of larger and larger federations and unions. At some point, our eyes will collectively turn to outer space looking for a new enemy and we'll begin to realize how absolutely hopeless and pointless it would be to try to fight them. We'll either squash some other bronze age budding intelligent species which would give us very little, or we would encounter intelligent life which is far more advanced than us. The chances of meeting another intelligent species which is at or near our own level of advancement to meaninfully compete with is next to nil.
-matthew
Yeah, that is just what the world needs, a digital version of the military-industrial complex. How depressing.
-matthew
Or they learn how to carry out effective space travel and colonization in time to survive through extreme expansionism that ensures any planet wide destruction won't be a significant detriment to the overall size of the population.... In which case you really wouldn't want to meet them.
If humans are any measure, the ability (and tendancy) for a species to destroy itself comes long before the ability to effectively colonize other planets. And any intelligent life advanced enough to colonize beyond their solar system probably already knows we are here anyway, so it doesn't really matter if we pay them a little visit to say "What's up!" and borrow a cup of sugar.
-matthew
I wanted to comment on this separately:
Chances are that the most advanced species are the most competitive or warlike
If this is the case, then we are doomed. How would you compete with a species that is hundreds, thousands, and possibly millions of years more advanced that us... AND warlike? This isn't "Independance Day" where you can upload a virus to their Mothership using a Powerbook and a 56k modem.
-matthew
I've heard this before, and the reasoning is a bit suspect. I mean, do you think its coincidence that the greatest advances in technology were achieved during times of war (hot or cold)? I certainly don't. Chances are that the most advanced species are the most competitive or warlike,
I understand that, but what makes you think this model is sustainable? How many more world wars can we sustain before we either detroy ourselves or knock ourselves back into the bronze age? Heck, just look at the environment. Do you think we will ever realy solve enivonrmental problems without advancing to some state of global cooperation rather than competition?
and the pacifists reach a state of equilibrium (stagnation) with their environment for a few million years before the other races find them and wipe them out.
But you have very little to base this prediction on. Perhaps the word "pacifist" is getting in the way here. Maybe it is too foofy for you bringing up images of hippies smoking dope all day long. HOw about just "peaceful" or "educated." So many wars happen because people are just plain ignorant (and desparate). Look at Europe, for example. They've FINALLY found peace after hundreds of years of nearly constant warring. Look at Japan. They have almost no military. Are they stagnating? Hardly. It is the US, the most warlike modern nation, which is falling behind.
So I don't buy this idea for a second that we must continue fighting and competing with our brother in order to avoid "stagnation." Technology through war is the old way. Just like worshipping kings and queens is the old way. We have a good degree of freedom. Now it is time to work on achieving peace. It is either that of destroy outselves like probably many intelligent life forms in the universe already have.
Let me put it this way. Even if we do maintain our competative and warlike tendencies, chances are that most of the intelligent life forms out there are hundreds, thousands, and maybe millions of years more advanced than us. We couldn't compete. THere is no sense in even trying. And if we go out into space with guns blazing, they might just decide to squash us like annoying bugs. I could easily imagine otther intelligent species having a policy which states: "If a budding intelligent species doesn't destroy itself and doesn't drop its warlike attitude, we must destoy it ourselves for the safety of all intelligent-kind." I'm sure someone already knows we are here.
-matthew
Perhaps these planets contain intelligent life, advanced far beyond our own. Perhaps they have learned the better way of pacifism and build technologies directed toward bettering life rather than destroying it.
I'd bet on it. Seems to me that some form of pacifism would pretty much be a necessity for any intelligent species to survive beyond a certain technological threshhold. I mean, at some point technology advances such that it becomes possible to destroy an entire planet with the push of a button (or a slow death by polution). Either a species learns peace or they destroy themselves. Could be that simple. Humans will soon be put to the test (are we being tested now?). Could be that there is all kinds of intelligent life out there just waiting to see if we pass The Test.
-matthew
Uh, ya, like anyone is going to send a manned mission to an unknown solar system in the forseable future. How disappointing would it be to wait 100+ years and get NOTHING back because something unforseable happened. We're still debating going back to the MOON, of all places. Mars is still probably 30+ years away. I don't imagine anyone bothering with manned extra-solar trips before faster-than-light travel is discovered. We've still got a hell of lot to learn about our own solar system.
-matthew