This has got to be the most sensible argument I've seen yet.
I definitely think you've hit on something that hasn't been mentioned enough. I'd buy a *lot* more music if there was a reason for me to do so. The current reality, though, is that you might get, at most, a thicker-than-normal cover insert with band photos and maybe lyrics. For me, band photos aren't worth squat, and lyrics can be had off the 'net.
I especially agree that this "superstar" crap has to stop. We have virtually no truely legendary, inspiring bands coming out, so collectible vinyl albums and such are essentially worthless in the long run. To make this idea feasible, I think that the RIAA et al. need to take a good look at their current overall system, not just their physical products.
I'd mod you up, but I'm all outta moderator points.:)
Re:How did the FBI know?
on
Brian West Update
·
· Score: 2, Insightful
I think the key to this is that the Perl scripts were *proprietary*, meaning that they were developed solely by and/or for PDNS. That IS intellectual property.
I don't think anyone would mind if the scripts were freely available, but PDNS spent money on them.
From what I understand, the FBI *didn't* know that he was re-writing them in PHP until AFTER they searched his laptop and workstations. Just the fact that he stole proprietary works was enough for them to initiate a search.
Besides that, the guy downloaded and apparantly changed the password list. That is NOT casual poking around to discover the extent of the vulnerability.
Granted, if I discovered a back door, I would probably poke around too, but I wouldn't download or modify any files... if you're not meant to have it, leave it alone; it wouldn't be ethical to do otherwise.
Yeah, and at worst, they're like every other politician in the world and will go ahead with it anyway, even if the project sinks them even deeper in debt. We're talking about politicians, remember?
Ya know, I've never thought of that, but it actually makes sense. This has to be one of the more thought-provoking posts I've ever seen on Slashdot.
Maybe we should ALL hack M$' crap, but keep it to ourselves until Code Red XVII hits, then we'll be the only ones who know what's going on.:) Or maybe just demand "ransom" from M$. Hehehe.
Did you actually *read* the article? Oh, wait, this is Slashdot, where less than 1% of users read past the 2nd line. In the third line of the article, it says:
"The second time it took just one line."
Sheesh... could they make it anymore obvious? CHRONOLOGICAL ORDER, people... Not "He cracked it in one line... Oh yeah, and the times before that it only took 3 lines of code."
So, really, (1==1) if the pointer is located far enough into the document.
- Jester
They're not offering free 'net access; they're providing free email and web-based word processing. email != Internet !!!
To be able to use the service at home, users still need an account at an ISP. If they don't, then they need to use 'net access at a library or whatever.
I never mentioned sendmail, did I? SMTP != sendmail
I said I've never had a security breach ON MY SERVER. I operate a relatively unknown server, and I haven't had any problems yet. I'm sure they will eventually appear, but it's been going for a year and a half with no problems. A few attempts, but nothing that succeeded.
Agreed, but I think you're missing the point; this person is arguing that you're not actually "circumventing security measures", since there ARE NO SECURITY MEASURES. Doesn't make it right, necessarily, but it's not circumvention.
True, the message IDs *might* be considered "security", but I doubt most security analysts would agree.
Either way, it's definitely food for thought... we might need a whole new definition of "circumvention" or "security" to deal with cases like this.
Bah... real geeks set up their own SMTP and POP3 server.:)
That's what I do, and it works great. No (known!) security breaches so far, and I can access it from pretty much anywhere (from my laptop).
This way, you're not at the mercy of some corporation who doesn't give a shit about your privacy. Or use HushMail. It's pretty damned good, too, if a bit slow.
LOL... I had a post get modded like that the other day: +1 Informative, +1 Interesting, -1 Troll, -1 Flamebait. LOL... I'm having serious doubts about this meta-moderation system now.....
"the quake 3 mod scene is far superior to the half life mods"
Really? Are you including Counter-Strike? Last I checked, CS players outnumbered the players of any other mod for Half-Life OR Quake by at least 5:1 (that number comes from a poll I saw somewhere... I forget where it was though.)
Also, I play both CS and TFC and I've NEVER had a problem finding a lag-free server to play on that had a full room for either mod. Maybe you're just too picky with your filter settings.;)
As you say though, it *does* come down to personal preference. I guess some people just like the kind of mindless shooting associated with Quake and its mods, while more thoughtful, strategy-type people like HL and its mods.
Oh boy! I can't wait to see all the useless benchmarks that this game will generate!
Seriously, though... id Software makes great game ENGINES... they do NOT, however, make great games. I'm sorry, but I had to say it. I always hated Quake, from the first time I played it. Love Half-Life though. I STILL go through the single-player game sometimes because it's FUN! Quake has something lacking in gameplay, always has, and likely always will. Just my thoughts.
*/me gets into fire resistant clothing* Quake addicts, feel free to light up the flamethrowers now.
I don't think it would matter. They're essentially the same thing; my understanding (I'm not a DBZ fan) is that Funimation LICENSES the DBZ name/characters/etc from KOEI. Since it's just a license, and not a separate "product" (or trademark, or whatever you want to call it), I don't think that tactic would work.
"I know a girl"
Whoa... back up a sec. You mean, like a 3D entity of the opposite sex? DAAMMMMNNNN... tell me how ya did it, oh grand geek master.:)
I can't meet a chick even when I'm trying. LOL
LOL... AND he has "an in depth background in many software packages and operating systems"... INCLUDING Linux/UNIX... if he has such an indepth background, surely he wouldn't be running a *gasp* GUI-based server, would he?;)
Hey... maybe we can use an M$ exploit to FIX this.
on
Code Red Back For More
·
· Score: 1
I just thought of something.... what would happen if everyone running Apache (or another SECURE httpd) put a default.ida file in their server. Of course, it wouldn't be just any old file... it would be a web page with embedded scripts which would take advantage of OTHER known exploits in M$' IIS/PWS. The scripts could do anything we wanted; INCLUDING cleaning the host of the worm by patching and rebooting the system. Now THAT would be a hell of a hack, if indeed it could be done.
What does the/. community think? Is something like this feasible, or am I just talking out of my ass?
Taking a peek at my (Apache, naturally) server logs, I see something pretty weird, though understandable given the info on CR2... I've had 11 unique IPs try to hit me for CR2, but 56 (!) unique hosts try to hit me with the original Code Red... mind you, my server is on a Class C network (yet my desktop is on a Class B network, and both boxes share the same DSL connection... figure THAT one out.:)), so that probably has something to do with it.
I just found it a little odd that the original worm is still so proliferant.
I'm beginning to think that JonKatz hates all forms of popular media... I can't recall a single movie of late that he hasn't started off by saying "this movie sucks". Is this because the movies really do suck (I'm not much of a moviegoer personally), or is this editorial bias kicking in?
Is this maybe a strike back against the MPAA, in order to make us Slashdotters believe that all movies suck and we shouldn't "waste" our money by supporting the MPAA? Now, I agree that the MPAA is evil, but don't bash the products if they really are good entertainment!
- Jester
Well... interesting. I have the same types of requests that other people have been reporting showing up in my server logs...
But what happens if this worm suddenly turns its wrath onto our favorite site,/. ???
Could/. get slashdotted? By a bunch of M$ products, no less!:)
Actually, I'd tend to say that the rise in number of lame people is growing at a rate proportional to the number of people adopting Windows as a "standard". Oh, wait... that IS exponential growth.;( Hmmm.... makes me want to hit somebody over the head with a pengiun.:)
"you GIMP weenies can burn in hell, I'm not even an advanced user and even I can tell it crumbles and dies next to Photoshop for advanced tasks"
Isn't it kind of hard to compare two programs like this? You state yourself that you're barely even literate with GIMP, and you can "already" see how badly it compares to PS.
Isn't this like dumping a newbie onto a command-line UNIX terminal and telling them "Go!"??? Of course they won't see the power of the system (as compared to their familiar, oh-so-friendly OS make by MicroCrap) because they don't know how to use the advanced functions!!! This is the type of comparison you're making here; if you're going to compare two packages of software, at least compare them properly -- advanced functions vs. advanced functions, etc -- not as you've done -- GIMP's low-level functions vs. Photoshop's brand-new super-duper filtering plugins.
Granted, GIMP may very well NOT be as powerful as Photoshop - I'm not necessarily debating that; you just may want to do fair and informed comparisons in the future.
- Jester
Granted, in those cases I'd agree that they were ingenious solutions... just this particular case made me laugh... I somehow don't think that chilli sauce makes a very good substitute for cleaning solvent....
From the article:
"chilli sauce had to be used instead of a missing cleaning gel."
Well... I've heard of stuff being held together with spit and bailing wire, but chilli sauce?!?! I mean, come on!
You know how people always say "Well I don't know, ferchrissakes! I'm not a rocket scientist, dammit!"? Well, I think in this case I would be PROUD to NOT be a rocket scientist.:) I couldn't stand the embarassment!
These NASA people may have IQs over 140, but some days you have to remind them which end of the pencil to use.....
Sheesh.
"Miller Lite won't get you girls"
It WON'T?!?!! Uh, oh... NOW what the hell am I gonna do with the dozen cases of Millet Lite I have???:)
Shit... all along, I thought that maybe I just wasn't drinking enough to get those kind of results!
Slashdot Mirror
This has got to be the most sensible argument I've seen yet.
:)
I definitely think you've hit on something that hasn't been mentioned enough. I'd buy a *lot* more music if there was a reason for me to do so. The current reality, though, is that you might get, at most, a thicker-than-normal cover insert with band photos and maybe lyrics. For me, band photos aren't worth squat, and lyrics can be had off the 'net.
I especially agree that this "superstar" crap has to stop. We have virtually no truely legendary, inspiring bands coming out, so collectible vinyl albums and such are essentially worthless in the long run. To make this idea feasible, I think that the RIAA et al. need to take a good look at their current overall system, not just their physical products.
I'd mod you up, but I'm all outta moderator points.
I think the key to this is that the Perl scripts were *proprietary*, meaning that they were developed solely by and/or for PDNS. That IS intellectual property.
I don't think anyone would mind if the scripts were freely available, but PDNS spent money on them.
From what I understand, the FBI *didn't* know that he was re-writing them in PHP until AFTER they searched his laptop and workstations. Just the fact that he stole proprietary works was enough for them to initiate a search.
Besides that, the guy downloaded and apparantly changed the password list. That is NOT casual poking around to discover the extent of the vulnerability.
Granted, if I discovered a back door, I would probably poke around too, but I wouldn't download or modify any files... if you're not meant to have it, leave it alone; it wouldn't be ethical to do otherwise.
"This is just politico's talking it up at best."
Yeah, and at worst, they're like every other politician in the world and will go ahead with it anyway, even if the project sinks them even deeper in debt. We're talking about politicians, remember?
Ya know, I've never thought of that, but it actually makes sense. This has to be one of the more thought-provoking posts I've ever seen on Slashdot.
:) Or maybe just demand "ransom" from M$. Hehehe.
Maybe we should ALL hack M$' crap, but keep it to ourselves until Code Red XVII hits, then we'll be the only ones who know what's going on.
- Jester
Did you actually *read* the article? Oh, wait, this is Slashdot, where less than 1% of users read past the 2nd line. In the third line of the article, it says:
"The second time it took just one line."
Sheesh... could they make it anymore obvious? CHRONOLOGICAL ORDER, people... Not "He cracked it in one line... Oh yeah, and the times before that it only took 3 lines of code."
So, really, (1==1) if the pointer is located far enough into the document.
- Jester
They're not offering free 'net access; they're providing free email and web-based word processing. email != Internet !!!
To be able to use the service at home, users still need an account at an ISP. If they don't, then they need to use 'net access at a library or whatever.
- Jester
I never mentioned sendmail, did I? SMTP != sendmail
I said I've never had a security breach ON MY SERVER. I operate a relatively unknown server, and I haven't had any problems yet. I'm sure they will eventually appear, but it's been going for a year and a half with no problems. A few attempts, but nothing that succeeded.
- Jester
Agreed, but I think you're missing the point; this person is arguing that you're not actually "circumventing security measures", since there ARE NO SECURITY MEASURES. Doesn't make it right, necessarily, but it's not circumvention.
True, the message IDs *might* be considered "security", but I doubt most security analysts would agree.
Either way, it's definitely food for thought... we might need a whole new definition of "circumvention" or "security" to deal with cases like this.
- Jester
Bah... real geeks set up their own SMTP and POP3 server. :)
That's what I do, and it works great. No (known!) security breaches so far, and I can access it from pretty much anywhere (from my laptop).
This way, you're not at the mercy of some corporation who doesn't give a shit about your privacy. Or use HushMail. It's pretty damned good, too, if a bit slow.
- Jester
LOL... I had a post get modded like that the other day: +1 Informative, +1 Interesting, -1 Troll, -1 Flamebait. LOL... I'm having serious doubts about this meta-moderation system now.....
"the quake 3 mod scene is far superior to the half life mods" ;)
Really? Are you including Counter-Strike? Last I checked, CS players outnumbered the players of any other mod for Half-Life OR Quake by at least 5:1 (that number comes from a poll I saw somewhere... I forget where it was though.)
Also, I play both CS and TFC and I've NEVER had a problem finding a lag-free server to play on that had a full room for either mod. Maybe you're just too picky with your filter settings.
As you say though, it *does* come down to personal preference. I guess some people just like the kind of mindless shooting associated with Quake and its mods, while more thoughtful, strategy-type people like HL and its mods.
Oh boy! I can't wait to see all the useless benchmarks that this game will generate!
Seriously, though... id Software makes great game ENGINES... they do NOT, however, make great games. I'm sorry, but I had to say it. I always hated Quake, from the first time I played it. Love Half-Life though. I STILL go through the single-player game sometimes because it's FUN! Quake has something lacking in gameplay, always has, and likely always will. Just my thoughts.
*/me gets into fire resistant clothing* Quake addicts, feel free to light up the flamethrowers now.
- Jester
Whooops... I think that should've been TOEI, not KOEI... like I said, not a DBZ fan. I DO like KOEI's RPGs though.... :)
I don't think it would matter. They're essentially the same thing; my understanding (I'm not a DBZ fan) is that Funimation LICENSES the DBZ name/characters/etc from KOEI. Since it's just a license, and not a separate "product" (or trademark, or whatever you want to call it), I don't think that tactic would work.
"I know a girl" :)
Whoa... back up a sec. You mean, like a 3D entity of the opposite sex? DAAMMMMNNNN... tell me how ya did it, oh grand geek master.
I can't meet a chick even when I'm trying. LOL
LOL... AND he has "an in depth background in many software packages and operating systems"... INCLUDING Linux/UNIX... if he has such an indepth background, surely he wouldn't be running a *gasp* GUI-based server, would he? ;)
I just thought of something.... what would happen if everyone running Apache (or another SECURE httpd) put a default.ida file in their server. Of course, it wouldn't be just any old file... it would be a web page with embedded scripts which would take advantage of OTHER known exploits in M$' IIS/PWS. The scripts could do anything we wanted; INCLUDING cleaning the host of the worm by patching and rebooting the system. Now THAT would be a hell of a hack, if indeed it could be done.
/. community think? Is something like this feasible, or am I just talking out of my ass?
What does the
Taking a peek at my (Apache, naturally) server logs, I see something pretty weird, though understandable given the info on CR2... I've had 11 unique IPs try to hit me for CR2, but 56 (!) unique hosts try to hit me with the original Code Red... mind you, my server is on a Class C network (yet my desktop is on a Class B network, and both boxes share the same DSL connection... figure THAT one out. :)), so that probably has something to do with it.
I just found it a little odd that the original worm is still so proliferant.
I'm beginning to think that JonKatz hates all forms of popular media... I can't recall a single movie of late that he hasn't started off by saying "this movie sucks". Is this because the movies really do suck (I'm not much of a moviegoer personally), or is this editorial bias kicking in?
Is this maybe a strike back against the MPAA, in order to make us Slashdotters believe that all movies suck and we shouldn't "waste" our money by supporting the MPAA? Now, I agree that the MPAA is evil, but don't bash the products if they really are good entertainment!
- Jester
Well... interesting. I have the same types of requests that other people have been reporting showing up in my server logs... /. ??? /. get slashdotted? By a bunch of M$ products, no less! :)
But what happens if this worm suddenly turns its wrath onto our favorite site,
Could
Actually, I'd tend to say that the rise in number of lame people is growing at a rate proportional to the number of people adopting Windows as a "standard". Oh, wait... that IS exponential growth. ;( :)
Hmmm.... makes me want to hit somebody over the head with a pengiun.
"you GIMP weenies can burn in hell, I'm not even an advanced user and even I can tell it crumbles and dies next to Photoshop for advanced tasks"
Isn't it kind of hard to compare two programs like this? You state yourself that you're barely even literate with GIMP, and you can "already" see how badly it compares to PS.
Isn't this like dumping a newbie onto a command-line UNIX terminal and telling them "Go!"??? Of course they won't see the power of the system (as compared to their familiar, oh-so-friendly OS make by MicroCrap) because they don't know how to use the advanced functions!!! This is the type of comparison you're making here; if you're going to compare two packages of software, at least compare them properly -- advanced functions vs. advanced functions, etc -- not as you've done -- GIMP's low-level functions vs. Photoshop's brand-new super-duper filtering plugins.
Granted, GIMP may very well NOT be as powerful as Photoshop - I'm not necessarily debating that; you just may want to do fair and informed comparisons in the future.
- Jester
Granted, in those cases I'd agree that they were ingenious solutions... just this particular case made me laugh... I somehow don't think that chilli sauce makes a very good substitute for cleaning solvent....
From the article: :) I couldn't stand the embarassment!
"chilli sauce had to be used instead of a missing cleaning gel."
Well... I've heard of stuff being held together with spit and bailing wire, but chilli sauce?!?! I mean, come on!
You know how people always say "Well I don't know, ferchrissakes! I'm not a rocket scientist, dammit!"? Well, I think in this case I would be PROUD to NOT be a rocket scientist.
These NASA people may have IQs over 140, but some days you have to remind them which end of the pencil to use.....
Sheesh.
"Miller Lite won't get you girls" :)
It WON'T?!?!! Uh, oh... NOW what the hell am I gonna do with the dozen cases of Millet Lite I have???
Shit... all along, I thought that maybe I just wasn't drinking enough to get those kind of results!