A friend of mine did his M.Sc. in mobile computing. He was attending a conference in probably 97 or 98, and there was a guy there giving a presentation on just this sort of thing.
The primary purpose in this case seemed to be diagnosing battlefield injuries as they happen. If someone gets injured in the battlefield, the piercing of the shirt would be used as a trigger to contact medical personnel. The positioning of the broken fibres would give the location of the wound. The fibres would also convey information about the amount of blood as well as any other fluids that might be present at the wound site. They would use built-in sensors to attempt to determine the trajectory of the projectile.
The result? Medical teams could be dispatched immediately, and would know (more or less) the kind of wound, and what they were likely to find when they got to the wounded soldier.
Of course, the requirements were also for a shirt that could be field washed several hundred times, and costed relatively little.
There is absolutely NO REASON for you to have passwd suid-root. NONE
How about accessing shadow password files? Since you don't want your/etc/passwd (or your shadow password file) writable by your average user, how does a non-suid passwd program work?
All that
would allow you to do is set root's password from a normal user's account.
Please refer to documentation that explains the difference between real and effective user ids.
Ping??? Ummmm.... NO. It can send and recieve packets fine and dandy as an
unpriveleged user.
The message to which I was replying made no indication what OS he/she was speaking in reference to. I was examining my FreeBSD, HP-UX and Solaris machines. My point was not Linux-specific (if that is the OS to which you are referring).
Unless you want to ping-flood, which it will only let root do.
XTERM???? Goodnight, that's most insecure thing I've ever heard! When an xterm starts, it opens up a shell for whatever user it's running as. Even if that means opening up a root shell.
Once again, I believe you're confusing real and effective user ids. Furthermore, this (AFAIK) depends on the restrictions the OS places on the access to system resources.
Top has no need for suid-root.
Once again, I think this point depends on the OS and the implementation of top, and the permissions on devices such as/dev/mem and/dev/kmem (depending on your OS).
Security is your friend.
Finally, something we can agree on.
As I indicated in my first post, depending on your circumstances removing world executable setuid binaries may be an option. For example, on my firewall. This doesn't necessarily make for the most user-friendly system.
You should not have world exec programs set
suid, especialy on a system that you expect to be completely secure.
'Cause no local user ever needs to run passwd.
Or df.
Or ping.
Or xterm.
Or rlogin.
Or su.
Or top.
Or traceroute.
A completely secure machine is a painful thing to work on. Yes, it may be necessary in some circumstances. Banning world executable setuid programs is a securing technique, but it's not the blessed saviour you're making it out to be.
Parallels a situation many governments are facing right now: How much security do you implement to protect your population while still maintaining some semblance of freedom?
freebsdmall.com continues to operate and take orders, and all new and existing
orders from customers for FreeBSD 4.4 or other products will continue to be
fulfilled
Like all customer contracts, subscription orders will continue to be fulfilled.
So, WRS has divested the majority of its expenses related to FreeBSD, but will still sell merchandise and profit from it. Anyone know if they plan to contribute financially to the project based upon revenues/profits from the CD sales?
Let's Hope...
You're proposing diverting a huge space station to rendevous with the return vehicle to collect the rocks. Here's a brain wave: Have the return vehicle reenter Earth's atmosphere on it's own, drop it over the Pacific, deploy your parachute and have ships rendevous with it. What do you think they did before they had a reusable launch vehicles like the Shuttle?
Now for as to why they don't use the ISS to fix and upgrade satellites: It's a really big multi-purpose laboratory! It wasn't designed to be a garage in space populated by astronaut grease-monkeys....
Besides, fixing a satellite is probably a little different than replacing the hard drive in your computer. If something is broken, chances are they are not going to be able to take a spare replacement part from storage. Chances are they'll have to get a replacement part sent up.
The first time you sneeze or cough or answer the phone you could end up with all sorts of gibberish, or maybe even rebooting your computer.
It seems to me that you need some sort of disconnect override. Maybe some sort of camera that can tell when you're looking at the screen. (I seem to recall hearing something about that on here in the past...)
You misunderstand what I am saying. (Everything you say, I concur with.) Allow me to clarify:
What "Linux Desktop Training" means to you may mean something completely different to someone else. There is no broadly-accepted standard for the Linux Desktop, hence, "Linux Desktop Training" is elusive.
Couple that with the fact that what most people would include under the heading of "Linux Desktop Training" are tools that are not tied in any way to Linux (like KDE, Gnome, Star Office) and you only cloud the issue further.
Then add an "Ask Slashdot" question about the largest install size based upon this house of cards, and the whole thing begins to seem absurd.
Doesn't this seem like an odd premise for the question? Training people on the Linux desktop. What does that mean exactly? You're trying to make Linux a viable alternative to Windows. A reasonable, commendable to some, desire.
Except, what does Linux training mean within that context? You're likely not teaching people about bourne shell. Or how to use tar, mv, etc. Oh, you're going to teach them about the GUIs. Okay, KDE, Gnome? Application software like Star Office?
But none of those are Linux-specific, either. They could apply equally well to a host of other UN*X-like OSs....
I think at the "desktop" level it's not Windows versus Linux. That's the problem with OSs where you can customize and change the desktop to such an extent that it is totally foreign to someone who is supposedly trained under the "Linux desktop".
"The technique may not be infallible. The methods used by Provos and Honeyman were particularly aimed at uncovering use of steganographic tools already released on the internet."
Yeah, if I was going to hide a message, I'd use commonly available tools already out there. *sigh*
Terrorists are not stupid. I would think a home-brew methods would be better in many circumstances.
These people aren't communicating with 45 meg Powerpoint Presentations outlining the plans. Short, concise messages could be encrypted with previously agreed upon one-time pads, hidden in a few bytes of an image, or even across 8 or 10 images across multiple sites. These people have time and a mountain of data to hide in.
The Slashbox links to the CISC (Criminal Intelligence Service Canada), but the article text refers to CSIS (Canada Security Intelligence Service). Here is the real CSIS site.
Everyone needs to make a conscious effort to finding a mouse and mouse usage technique that minimizes the effort and stress on their body.
How I avoid pain when using mice:
Find a mouse that you can move with your fingers alone.
I use the Logitech Mouseman 3-button mouse at work and at home. I grip the mouse body between my thumb and my last two fingers. Usually, my pinky is actually touching the mousepad, and my wrist is resting on the desk. As a result, the majority of my hand and arm never move.
I can move the mouse from the bottom of the screen to the top of the screen by simply ensuring my pinky is anchored on the mousepand and flexing my thumb. And I'm usually off a straight vertical from where I started (judging by window borders) by fewer than 10 pixels.
Finally, turn mouse acceleration/speed way up. Smaller movements yield the cross-screen movement I need.
Finding a mouse that requires fingers only and finding the techniques to use with that shape of mouse are the keys in my mind.
I haven't used it, but I suspect I'd really dislike this joystick mouse....way to much muscle required.
My fingers are agile, I'll let them do the walking.
But at that point the numbers become meaningless, marketers are left with one less insignificant number to hoist about saying "we're better" with.
At that point, Intel either has to find another way of saying "we're better", or the consumers will start listening to performance numbers in articles and doing real product research.
If it helps AMD get the market share and laurels they seem to deserve, great! Maybe it will force Intel to be more innovative in their architecture design sessions than they are in their marketing sessions.
Less than a week ago I started reading his novel "The Black Cloud"...seems like a very interesting premise thus far.
For anyone that like understanding the science behind fantastic, but possible, lifeforms, read "The Black Cloud" or Robert Forward's "Dragon's Egg". Characters aren't developed all that well in either, but the hard sci fi makes them each very interesting reads...
Correct me if I'm wrong, but I think the banned substances are chosen on a sport by sport basis. Therefore, perhaps steroids would be allowed for chess. Just not some concentration-enchancing drug. Or rather, the IOC has a certain set of standards, and the individual sports have others.
Never mind the fact that, unless we start to migrate to other star systems in the next few
hundred years, there's little chance that any of our descendants will be around to see it.
We're at a very delicate time in the history of our race. If we don't begin to migrate to
other planets and other star systems soon, we'll be doomed. Overpopulation, biological
warfare, mutating viri. All these things can lead to the destruction of all life on this planet.
Anyone interested in this should really check out the book The Mote In Gods Eye by Larry Niven and Jerry Pournelle. Mankinds first encounter with an alien species is with a species in much the situation described above. They can't efficiently get out of their solar system, which has led to all sorts of changes in their society, biology, traits, etc. Makes for an excellent read.
you and your girlfriend work in roughly the same way as me
the computer works on totally different principles
The first, I grant to you, is probably true (but not certain). The second, I'm far less certain about. You could be right, you could be wrong. I simply do not know.
I'm going to give the computer a hell of a lot more
structiny before making such claims.
I think we all will. If such a computer comes along that people claim satisfies the Turing Test, I have a sneaking suspicion that every one of us would love a crack at it. See if we can succeed in knocking it off it's pedestal...
---
Slashdot Mirror
The primary purpose in this case seemed to be diagnosing battlefield injuries as they happen. If someone gets injured in the battlefield, the piercing of the shirt would be used as a trigger to contact medical personnel. The positioning of the broken fibres would give the location of the wound. The fibres would also convey information about the amount of blood as well as any other fluids that might be present at the wound site. They would use built-in sensors to attempt to determine the trajectory of the projectile.
The result? Medical teams could be dispatched immediately, and would know (more or less) the kind of wound, and what they were likely to find when they got to the wounded soldier.
Of course, the requirements were also for a shirt that could be field washed several hundred times, and costed relatively little.
Sounded like an extremely cool presentation...
How about accessing shadow password files? Since you don't want your /etc/passwd (or your shadow password file) writable by your average user, how does a non-suid passwd program work?
Please refer to documentation that explains the difference between real and effective user ids.
The message to which I was replying made no indication what OS he/she was speaking in reference to. I was examining my FreeBSD, HP-UX and Solaris machines. My point was not Linux-specific (if that is the OS to which you are referring).
Once again, I believe you're confusing real and effective user ids. Furthermore, this (AFAIK) depends on the restrictions the OS places on the access to system resources.
Once again, I think this point depends on the OS and the implementation of top, and the permissions on devices such as /dev/mem and /dev/kmem (depending on your OS).
Finally, something we can agree on.As I indicated in my first post, depending on your circumstances removing world executable setuid binaries may be an option. For example, on my firewall. This doesn't necessarily make for the most user-friendly system.
I look forward to your response...
My apologies. I was examining my FreeBSD system, as I don't have a Linux system available to me.
I should've preceded my remarks with that caveat.
'Cause no local user ever needs to run passwd.
Or df.
Or ping.
Or xterm.
Or rlogin.
Or su.
Or top.
Or traceroute.
A completely secure machine is a painful thing to work on. Yes, it may be necessary in some circumstances. Banning world executable setuid programs is a securing technique, but it's not the blessed saviour you're making it out to be.
Parallels a situation many governments are facing right now: How much security do you implement to protect your population while still maintaining some semblance of freedom?
Yeah...but does the University know about it? :-)
Huh? Unless I'm completely out to lunch, I don't see this....
Is my math wrong, or is Cliffs?
I'm not saying they're not allowed to do this. It just seems like the ethical thing to do would be to contribute back.
So, WRS has divested the majority of its expenses related to FreeBSD, but will still sell merchandise and profit from it. Anyone know if they plan to contribute financially to the project based upon revenues/profits from the CD sales? Let's Hope...
Okay, I'll bite....
You're not making any sense...
You're proposing diverting a huge space station to rendevous with the return vehicle to collect the rocks. Here's a brain wave: Have the return vehicle reenter Earth's atmosphere on it's own, drop it over the Pacific, deploy your parachute and have ships rendevous with it. What do you think they did before they had a reusable launch vehicles like the Shuttle?
Now for as to why they don't use the ISS to fix and upgrade satellites: It's a really big multi-purpose laboratory! It wasn't designed to be a garage in space populated by astronaut grease-monkeys....
Besides, fixing a satellite is probably a little different than replacing the hard drive in your computer. If something is broken, chances are they are not going to be able to take a spare replacement part from storage. Chances are they'll have to get a replacement part sent up.
The first time you sneeze or cough or answer the phone you could end up with all sorts of gibberish, or maybe even rebooting your computer.
It seems to me that you need some sort of disconnect override. Maybe some sort of camera that can tell when you're looking at the screen. (I seem to recall hearing something about that on here in the past...)
Exactly. This is precisely why large installs at a place like Home Depot will succeed. The user only sees a very simple cash register application.
People can say this is a big win for Linux. It is. But it doesn't bring Linux any closer to replacing Windows on the Desktop.
You misunderstand what I am saying. (Everything you say, I concur with.) Allow me to clarify:
What "Linux Desktop Training" means to you may mean something completely different to someone else. There is no broadly-accepted standard for the Linux Desktop, hence, "Linux Desktop Training" is elusive.
Couple that with the fact that what most people would include under the heading of "Linux Desktop Training" are tools that are not tied in any way to Linux (like KDE, Gnome, Star Office) and you only cloud the issue further.
Then add an "Ask Slashdot" question about the largest install size based upon this house of cards, and the whole thing begins to seem absurd.
Doesn't this seem like an odd premise for the question? Training people on the Linux desktop. What does that mean exactly? You're trying to make Linux a viable alternative to Windows. A reasonable, commendable to some, desire.
Except, what does Linux training mean within that context? You're likely not teaching people about bourne shell. Or how to use tar, mv, etc. Oh, you're going to teach them about the GUIs. Okay, KDE, Gnome? Application software like Star Office?
But none of those are Linux-specific, either. They could apply equally well to a host of other UN*X-like OSs....
I think at the "desktop" level it's not Windows versus Linux. That's the problem with OSs where you can customize and change the desktop to such an extent that it is totally foreign to someone who is supposedly trained under the "Linux desktop".
Yeah, if I was going to hide a message, I'd use commonly available tools already out there. *sigh*
Terrorists are not stupid. I would think a home-brew methods would be better in many circumstances.
These people aren't communicating with 45 meg Powerpoint Presentations outlining the plans. Short, concise messages could be encrypted with previously agreed upon one-time pads, hidden in a few bytes of an image, or even across 8 or 10 images across multiple sites. These people have time and a mountain of data to hide in.
Here are two related articles:
- article at CBC Newsworld
- article at the Globe and Mail
The Slashbox links to the CISC (Criminal Intelligence Service Canada), but the article text refers to CSIS (Canada Security Intelligence Service). Here is the real CSIS site.
Everyone needs to make a conscious effort to finding a mouse and mouse usage technique that minimizes the effort and stress on their body.
How I avoid pain when using mice:
Find a mouse that you can move with your fingers alone.
I use the Logitech Mouseman 3-button mouse at work and at home. I grip the mouse body between my thumb and my last two fingers. Usually, my pinky is actually touching the mousepad, and my wrist is resting on the desk. As a result, the majority of my hand and arm never move.
I can move the mouse from the bottom of the screen to the top of the screen by simply ensuring my pinky is anchored on the mousepand and flexing my thumb. And I'm usually off a straight vertical from where I started (judging by window borders) by fewer than 10 pixels.
Finally, turn mouse acceleration/speed way up. Smaller movements yield the cross-screen movement I need.
Finding a mouse that requires fingers only and finding the techniques to use with that shape of mouse are the keys in my mind.
I haven't used it, but I suspect I'd really dislike this joystick mouse....way to much muscle required.
My fingers are agile, I'll let them do the walking.
But at that point the numbers become meaningless, marketers are left with one less insignificant number to hoist about saying "we're better" with.
At that point, Intel either has to find another way of saying "we're better", or the consumers will start listening to performance numbers in articles and doing real product research.
If it helps AMD get the market share and laurels they seem to deserve, great! Maybe it will force Intel to be more innovative in their architecture design sessions than they are in their marketing sessions.
Less than a week ago I started reading his novel "The Black Cloud"...seems like a very interesting premise thus far.
For anyone that like understanding the science behind fantastic, but possible, lifeforms, read "The Black Cloud" or Robert Forward's "Dragon's Egg". Characters aren't developed all that well in either, but the hard sci fi makes them each very interesting reads...
Correct me if I'm wrong, but I think the banned substances are chosen on a sport by sport basis. Therefore, perhaps steroids would be allowed for chess. Just not some concentration-enchancing drug. Or rather, the IOC has a certain set of standards, and the individual sports have others.
Canadian Olympic Snowboarder Ross Rebagliati tested positive for marijuana use. The IOC has no minimum amount set for marijuana use, but the Internation Ski Federation did...
It's this type of situation that code should unarguably be forevermore open and available for study.
I would refer you to the FOLDOC definition of expert system:
Anyone interested in this should really check out the book The Mote In Gods Eye by Larry Niven and Jerry Pournelle. Mankinds first encounter with an alien species is with a species in much the situation described above. They can't efficiently get out of their solar system, which has led to all sorts of changes in their society, biology, traits, etc. Makes for an excellent read.
The first, I grant to you, is probably true (but not certain). The second, I'm far less certain about. You could be right, you could be wrong. I simply do not know.
I think we all will. If such a computer comes along that people claim satisfies the Turing Test, I have a sneaking suspicion that every one of us would love a crack at it. See if we can succeed in knocking it off it's pedestal...---