As for "ALL(ALL) ALL" entries in sudoers, Ubuntu, I hate you for ruining an entire generation of linux users by aping Windows privacy escalations by abusing sudo. Learn to use groups, setfattr and setuid/setgid properly, leave admin commands to administrators, and you won't need sudo.
This surely would not make a difference in cases where there is only one user account on the machine. I imagine that this is the state of a significant portion of Ubuntu installs, if not the majority. I don't have access to an Ubuntu box right now, but Linux Mint Debian Edition's default configuration has the following lines:
Defaults env_reset
root ALL = (ALL:ALL) ALL
%sudo ALL = (ALL:ALL) ALL
Only the user created during installation is placed in group sudo by default. So long as I am the only user who does any administration of the machine, I cannot see how this is a problem. That said, it is a good point that providing a relatively permissive, generic configuration does little to help a budding administrator learn the flexibility of sudo's configuration.
find/home/* -user 0 -print
If this returns ANY files, you've almost certainly abused sudo and run root commands in the context of a user - a serious security blunder in itself.
Tor's great and all, but if we're charged by the SMS message, I don't know anyone who would be willing to be an exit node!
I wonder... if they are able to 'shrink Facebook down so that it fits onto a standard SIM card', could they throw on some data for a one-time pad, too?
... access to the world’s most popular social network, wherever you are and without an Internet connection, could prove very appealing. I think protesters in Egypt would agree.
If I had been a protester in Egypt or Tunisia recently, I would not want my facebook messages going over the wire by SMS.
I believe that the reason people complain about the semantics of hacking is this: they value the definition of 'hack' that first became popular at MIT and is codified in the Hacker HOWTO and the Jargon File. To wit, the application of ingenuity to a problem. This is a beautiful concept, and there is no other word which captures it. I would like to talk to people about this concept, but the vocabulary has been diluted, making my goal more difficult. At the end of the day, though, it is probably futile to attempt to coerce the English-speaking masses towards this definition. That saddens me a bit, although I understand that the Psychology community has suffered much more than those in technology.
All the same, it would be good to have 'malicious' included in the title. From the title, I was expecting seven types in the whole spectrum from white hat to black. It's not like the title was getting overly long.
Hmm. A fair point, if one is talking about a specific collection of boxen. "Bobby, be sure to grab all those lunchboxen on the way out the door so that you and your sisters can eat today."
In the case of our intrepid AC, perhaps we have the "Arcane language is dumb" box and the "Slashdotters live in parents' basements" box. Perhaps these two are the exact boxen outside of which the AC needs to think. But what I wrote was meant to suggest something more holistic: "I don't know what your problem is, but you ought to lighten up!" It suggests thinking outside an indefinite number of boxen. 'The boxen' sounds more abstract than 'those boxen' to my ears. It's not like the AC and I were sitting at a table with a collection of cubes in our hands.
And the intrigue starts in the sprawling, subterranean world of “black hat” optimization, the dark art of raising the profile of a Web site with methods that Google considers tantamount to cheating.
Despite the cowboy outlaw connotations, black-hat services are not illegal, but trafficking in them risks the wrath of Google. The company draws a pretty thick line between techniques it considers deceptive and “white hat” approaches, which are offered by hundreds of consulting firms and are legitimate ways to increase a site’s visibility.
I find it interesting that they are using 'black hat' and 'white hat' to distinguish between different actions and motives in search engine optimization, when the same terms cannot seem to catch on in public discussions of hacking, cracking and computer security. Makes me jealous.
But it is worth noting that those are two separate issues. The signature on the card indicates the cardholder's agreement to the terms of the account. "See ID" is not sufficient to indicate agreement. On the other hand, the signature on the receipt indicates that the person making the purchase is good for the transaction. The only purpose ID serves is to verify that the card owner and the person presenting the card in store are one and the same, but this is not required by the credit card company. I am allowed to lend my card to another to make purchases, and they may use their own signature rather than trying to forge mine.
It proves that, during the interview with your company's healthcare rep, the overwhelming cologne was just bad taste rather than covering for lying about your tobacco addiction.
When this was first announced, I remember looking at the source for the web page ICE was serving, and there was javascript that did, indeed, do some kind of logging. But the page that is being served now does not seem to have this payload.
Of course, that could be because this time I was surfing with wget, and before I was using Chrome. But I cannot imagine ICE going to that kind of trouble (Detecting the client and serving a different page) to conceal the logging.
Afilias is the registry operator of the TLD, not the registrar. They keep the authoritative list of domain name registrations. My hypothesis is that ICE went through GoDaddy, who was the registrar for both rojadirecta.com and rojadirecta.org.
And you, in turn, are my hero. I come to slashdot for the wit and class.
As to your original question... I see on InterNIC's web site that three players are discussed: VeriSign Global Registry Services, Public Interest Registry, and Afilias. I don't really understand their roles, but I believe that verisign is responsible for.com,.net, and.edu domains while Public Interest Registry is in charge of.org. This is what I discern when I run whois queries on (for instance) rojadirecta.com and rojadirecta.org, respectively. However, what I also notice is that the two domains have godaddy.com as registrar.
I cannot tell from these articles if the DHS is approaching the registrar (GoDaddy) or the authorities (VeriSign & Public Interest Registry). Or maybe they are approaching InterNIC, who has oversight over these companies, or even ICANN itself. Maybe this has been covered somewhere else. I'm sure that if the warrants were made public, it would be clearer. Thing is, I recall (when this domain seizure trend first appeared) that GoDaddy was mentioned, and I think it would be very interesting to see a list of the various registrars for all the domains which have been seized up to this point.
Hum. Just looked a little harder, and it seems that none of the domains in this story were GoDaddy. But it still seems reasonable to me that the DHS might go to the registrar rather than some higher authority.
I don't know how much of that you already knew. Some of it is new research, for me. Food for thought.
Er, I meant that my link breaks if it points to an IP address, not a domain name (http://74.125.230.116/ instead of http://google.com/). As I think more about this example, the more contrived it feels. Here is a better one: how do you find the IP address of the search engine?
Well, for one thing, the list of things that will break upon the transition to IPv6 will grow by an order of magnitude. Right now, I can have absolute URLs in a web page which point to a domain name. Today, the target of the URL is only accessible via an IPv4 address, but tomorrow maybe they get an IPv6 address, and someday their host drops support for IPv4. When that happens, my link breaks. There are a number of other problems that DNS helps solve, but this is the first that comes to mind.
Holy crap, take a chill pill. I, too, think that due process here is dubious, but the fact remains that I woke up this morning with mod points, and now wish I hadn't burned through them so fast.
If you want DNS to change more quickly you can set the TTL on your DNS to 1 second but then your DNS servers get hammered as you are preventing anyone from caching your DNS records for you, so your servers have to respond every time someone goes to your site.
Also, if you shorten the TTL and your domain then gets seized, all traffic will immediately go to the ICE placeholder rather than some people being able to go to your site for a few hours more. (Those few hours might be enough time for you to get the word out about a new domain name after your old one is seized.)
Slashdot Mirror
As for "ALL(ALL) ALL" entries in sudoers, Ubuntu, I hate you for ruining an entire generation of linux users by aping Windows privacy escalations by abusing sudo. Learn to use groups, setfattr and setuid/setgid properly, leave admin commands to administrators, and you won't need sudo.
This surely would not make a difference in cases where there is only one user account on the machine. I imagine that this is the state of a significant portion of Ubuntu installs, if not the majority. I don't have access to an Ubuntu box right now, but Linux Mint Debian Edition's default configuration has the following lines:
Defaults env_reset
root ALL = (ALL:ALL) ALL
%sudo ALL = (ALL:ALL) ALL
Only the user created during installation is placed in group sudo by default. So long as I am the only user who does any administration of the machine, I cannot see how this is a problem. That said, it is a good point that providing a relatively permissive, generic configuration does little to help a budding administrator learn the flexibility of sudo's configuration.
find /home/* -user 0 -print
If this returns ANY files, you've almost certainly abused sudo and run root commands in the context of a user - a serious security blunder in itself.
Does /home/lost+found count? ;c)
Tor's great and all, but if we're charged by the SMS message, I don't know anyone who would be willing to be an exit node!
I wonder... if they are able to 'shrink Facebook down so that it fits onto a standard SIM card', could they throw on some data for a one-time pad, too?
No, the list including Windows 7 is correct. This strategy won't be deployed widely until Windows 8 is released.
... access to the world’s most popular social network, wherever you are and without an Internet connection, could prove very appealing. I think protesters in Egypt would agree.
If I had been a protester in Egypt or Tunisia recently, I would not want my facebook messages going over the wire by SMS.
I believe that the reason people complain about the semantics of hacking is this: they value the definition of 'hack' that first became popular at MIT and is codified in the Hacker HOWTO and the Jargon File. To wit, the application of ingenuity to a problem. This is a beautiful concept, and there is no other word which captures it. I would like to talk to people about this concept, but the vocabulary has been diluted, making my goal more difficult. At the end of the day, though, it is probably futile to attempt to coerce the English-speaking masses towards this definition. That saddens me a bit, although I understand that the Psychology community has suffered much more than those in technology.
All the same, it would be good to have 'malicious' included in the title. From the title, I was expecting seven types in the whole spectrum from white hat to black. It's not like the title was getting overly long.
Maybe the three of you should start a union to combat hypothetical discrimination from your disparate employers.
And I suppose I should use a different one on every site I register with. I guess I'll just write these down on the back of the slip of paper where I keep my list of secure passwords.
No, the story is that, while a pan-Internet identity is a good thing, good things can be abused.
Not that that is any more newsworthy.
I can see you are proud of that one! I agree, that should definitely be an achievement.
Hmm. A fair point, if one is talking about a specific collection of boxen. "Bobby, be sure to grab all those lunchboxen on the way out the door so that you and your sisters can eat today."
In the case of our intrepid AC, perhaps we have the "Arcane language is dumb" box and the "Slashdotters live in parents' basements" box. Perhaps these two are the exact boxen outside of which the AC needs to think. But what I wrote was meant to suggest something more holistic: "I don't know what your problem is, but you ought to lighten up!" It suggests thinking outside an indefinite number of boxen. 'The boxen' sounds more abstract than 'those boxen' to my ears. It's not like the AC and I were sitting at a table with a collection of cubes in our hands.
I'm not in my mom's basement. I'm in my office, finishing my PhD. Just as secluded, but more socially acceptable.
Language is hardly worth using if we can't have fun with it. Perhaps you need to think outside the boxen.
And the intrigue starts in the sprawling, subterranean world of “black hat” optimization, the dark art of raising the profile of a Web site with methods that Google considers tantamount to cheating.
Despite the cowboy outlaw connotations, black-hat services are not illegal, but trafficking in them risks the wrath of Google. The company draws a pretty thick line between techniques it considers deceptive and “white hat” approaches, which are offered by hundreds of consulting firms and are legitimate ways to increase a site’s visibility.
I find it interesting that they are using 'black hat' and 'white hat' to distinguish between different actions and motives in search engine optimization, when the same terms cannot seem to catch on in public discussions of hacking, cracking and computer security. Makes me jealous.
But it is worth noting that those are two separate issues. The signature on the card indicates the cardholder's agreement to the terms of the account. "See ID" is not sufficient to indicate agreement. On the other hand, the signature on the receipt indicates that the person making the purchase is good for the transaction. The only purpose ID serves is to verify that the card owner and the person presenting the card in store are one and the same, but this is not required by the credit card company. I am allowed to lend my card to another to make purchases, and they may use their own signature rather than trying to forge mine.
It proves that, during the interview with your company's healthcare rep, the overwhelming cologne was just bad taste rather than covering for lying about your tobacco addiction.
When this was first announced, I remember looking at the source for the web page ICE was serving, and there was javascript that did, indeed, do some kind of logging. But the page that is being served now does not seem to have this payload.
Of course, that could be because this time I was surfing with wget, and before I was using Chrome. But I cannot imagine ICE going to that kind of trouble (Detecting the client and serving a different page) to conceal the logging.
Afilias is the registry operator of the TLD, not the registrar. They keep the authoritative list of domain name registrations. My hypothesis is that ICE went through GoDaddy, who was the registrar for both rojadirecta.com and rojadirecta.org.
Video footage of soccer games is hardly questionable material.
And you, in turn, are my hero. I come to slashdot for the wit and class.
As to your original question... I see on InterNIC's web site that three players are discussed: VeriSign Global Registry Services, Public Interest Registry, and Afilias. I don't really understand their roles, but I believe that verisign is responsible for .com, .net, and .edu domains while Public Interest Registry is in charge of .org. This is what I discern when I run whois queries on (for instance) rojadirecta.com and rojadirecta.org, respectively. However, what I also notice is that the two domains have godaddy.com as registrar.
I cannot tell from these articles if the DHS is approaching the registrar (GoDaddy) or the authorities (VeriSign & Public Interest Registry). Or maybe they are approaching InterNIC, who has oversight over these companies, or even ICANN itself. Maybe this has been covered somewhere else. I'm sure that if the warrants were made public, it would be clearer. Thing is, I recall (when this domain seizure trend first appeared) that GoDaddy was mentioned, and I think it would be very interesting to see a list of the various registrars for all the domains which have been seized up to this point.
Hum. Just looked a little harder, and it seems that none of the domains in this story were GoDaddy. But it still seems reasonable to me that the DHS might go to the registrar rather than some higher authority.
I don't know how much of that you already knew. Some of it is new research, for me. Food for thought.
Actually, http://rojadirecta.us/ is a completely different site! (Based in Uruguay, according to whois.)
Er, I meant that my link breaks if it points to an IP address, not a domain name (http://74.125.230.116/ instead of http://google.com/). As I think more about this example, the more contrived it feels. Here is a better one: how do you find the IP address of the search engine?
Well, for one thing, the list of things that will break upon the transition to IPv6 will grow by an order of magnitude. Right now, I can have absolute URLs in a web page which point to a domain name. Today, the target of the URL is only accessible via an IPv4 address, but tomorrow maybe they get an IPv6 address, and someday their host drops support for IPv4. When that happens, my link breaks. There are a number of other problems that DNS helps solve, but this is the first that comes to mind.
Holy crap, take a chill pill. I, too, think that due process here is dubious, but the fact remains that I woke up this morning with mod points, and now wish I hadn't burned through them so fast.
If you want DNS to change more quickly you can set the TTL on your DNS to 1 second but then your DNS servers get hammered as you are preventing anyone from caching your DNS records for you, so your servers have to respond every time someone goes to your site.
Also, if you shorten the TTL and your domain then gets seized, all traffic will immediately go to the ICE placeholder rather than some people being able to go to your site for a few hours more. (Those few hours might be enough time for you to get the word out about a new domain name after your old one is seized.)
Don't have anything to write with! :/ I sent an email, though. She usually checks it within a week.