I'm not trying to start an OS-flamewar, but seriously. NetBSD supports almost every piece of hardware out there. In addition, its a Very lean and mean distribution.
Its also quite easy to recompile the entire baby (if you've got enough diskspace, of course). It would take time on a 386 though.
Point is, there _is_ a free unix available that installs in almost no space. And, that unix is _great_.:)
(Note: FreeBSD might be more optimized for i386, but that distro has gotten a bit too bloated imho. at least compared to NetBSD:)
During the olympics there should be a total ceasefire declared by all participating countries, including the hosting country.
This year, that did not happen.
Thus, this is not the olympics.
I refuse to consider these games _olympic_ games.
Of course, that aside, yes, the games should of course have a net-feed. It will, given some time. I guess they've got a demand for everything going smooth, and that nobody really can deliver the necessary bandwidth for net-wide feeds yet.:)
I would like to make an analogy, but it may come out a bit strange, as I'm not sure wheter I know enough english.
If you go to a tivoli/amusement park/theme park/whatever you call it in english, and there are lots of different attractions, say, big dippers, merry go rounds, and so forth. There are only a limited amount of seats in each of'em.
You pay for an all-day-card, to be able to use all the attractions as much as you want.
Now, can you use all the attractions as much as you want? Nope. But you've payed for it!!! Yeah, but you see.. lots of others has payed for it too. So, everybody is queuing up. For the greatest attractions, you may have to stay in a queue for as long as 30-45 minutes.
When you've taken one ride, you have to return to the back of the line, in order to take another ride.
Now, what would you do if the ISP that sold you a line with a 'peak connection' of 500kb/s, and you never was able to get it above 50kb/s, due to congestion? You would complain? Right! So would I! Thus, one has to find an alternative solution, as people expect the Internet to be a tiny bit faster than a theme park.:-)
An 'unlimited' internet connection is _not_ the same as an all-day-pass at a theme park. Those that think so has clearly misunderstood something.
What disgusts me is that the service is advertised as unlimited bandwidth
That obviously is false. You bandwidth won't be higher than the maximum its possible to transfer to your cablemodem/router/whatever. If its 512Kbps, its 512Kbps that is your bandwidth.
The total bandwidth used during a set time cannot be unlimited neither. It should thus be obvious that there are limits to the amount of bandwidth one can use.
Now, if you think it through rationally - and not from a stupid leeching luser perspective - you'll see that everyone will have MORE than enough bandwidth available, if they don't act like idiots. Acting like idiots means maximizing their download all the time. People that does that remind me of the idiots that fired up 5 download sessions at once when I was doing highschool. The entire school shared a 64Kbps connection.
It was at that point I always pulled out my trusty old WinNuke:) As we ran unpatched win95's.. it was a really great tool to do some vigilante bandwith-limiting.:) I hope Rogers starts using the more advanced tool.. called the 'scissors' on the lines of the bandwidth-pigs. It is applied by taking One pair of twisted pair cable between two fingers, and then applying the sharp ends of the scissors with the other hand, to the cable (and be careful to keep it away from the fingers)
I fully understand Rogers. Of course, there will be lots of whiners, that does not understand that there are lots of users on the same network.
Of course you can use the cablemodem for the quick speed, for normal things, and with some extreme spikes when you download things occassionally.
The _problem_ starts when someone starts using 100% of the bandwidth available to them, almost ALL the time. The problem is when there are about 50-100 people that does that. I'm not sure what speed Rogers is offering, but say its 512Kbps. If 100 users use all that, they need a T3 just for 100 users! If they've got, say 1000 users that are like that.. well, then they have a big fucking problem, as an OC3 wouldn't be enough to satisfy them.
Now, if someone does some calculations. How much would three OC3 links cost Rogers? Now, tell me, how much is 1000*45 ? Well, $45.000.. for providing 3 OC3 links per month.. pluss service.. pluss other costs.
It seems like a rotten deal for Rogers, to me. I fully understand that they want to punish the bandwidth-pigs.
No, in Jan 2000 all his computers and stuff was confiscated as evidence, he was questioned and so forth. He was not charged with anything - but he was placed 'under investigation'.
do we really want to perpetuate the use of Windows software on a linux platform?"
Face it. There is no way in hell all software will be available for Linux, and if a company cannot run that mission critical app, then they won't switch to Linux.
Let me give you an example. I'm from Norway. Companies tend to want programs where they can do their accounting - which has all norwegian tax-rules, and so forth ad nauseum programmed into them.
In norway we have some software called 'Guru Software' or something like that, and surely others too. Its windows applications.
Now, a company which has done its accounting in that software for a couple of years is quite locked down. Its not an easy task to just switch to Linux. The windows-software _needs_ to run on linux, so that previous years accounting information is easily accessible. Of course, one could always hope that the company would make a linuxversion of the software, but that isn't always easy.
Now, microsoft 'owns' such companies as long until Linux can run this kind of windows software perfectly. And the answer is 'yes' -- we want the ability to run such software under Linux. If not, well then we're not gonna get such companies as users.
Take another example. I'm currently doing civil service in Norway, in part of a city adminstration. We're 'locked in' on using Windows, as a lot of proprietary solutions we are using is windows-only applications. They run on windows servers, and the clients only exist for windows.
These are products in the health and social sectors, with highly specialized use. Its not very likely that the free software movement will produce software that less than 20 relatively small institutions worldwide will use, which is of this enourmous complexity.
The answer is that we _need_ the ability to run windows apps, and yes, it is something we _want_. IF not, we've lost a _LOT_ of potential users, which are 'locked in'.
Slashdot editors should re-read the story instead of making out of hand comments.
West is _not_ criticizing the images that actually get published. She is criticizing all that get deleted. You don't go ahead and save every image you take to your harddrive, as you then have to buy a new harddrive all the time. Its much more convenient to just delete what you think is irrelevant at the moment.
With a film that is not possible. The film stores it, at least "semi-permanent", that is, at least a couple of years or 20.
Of course, you get a buttload of film to handle, and someone needs to review all that film, but thats beside the point.
The point is that she worries that history get lost, due to all the deletion of material. She would NOT be worried, if every journalist/photographer just saved _everything_ to harddrives, and never deleted any pictures. _Then_ she, according to her article, would be perfectly happy with it (she doesn't say so, but its obvious out of her article).
I usually hate me toos -- but in this case, just to show the slashdot crew that more people agree with you.
YES. The 'lameness filters' suck horeshit. They get triggered if you type too fast. It has happened that I've responded to 2-3 comments in a row, and well -- since I'm a fast typer, every so often I get hit by the lameness filter. I think it used to be more than 20 seconds though.
Of course, we need to throttle the trolls, but that shouldn't take priority over regular postings.
I'm more than happy to oblige Intel. I'll just stay clear of their CPU's. Since they're stupid enough to enforce patents like that -- I'll simply not use'em.
While what you say is factually true (spoofing the source is tricky), the principle of not fighting fire with fire is still reasonable. Whenever you automatically respond to an attack with another attack you open up the potential for an explosive situation.
Yes, I agree totally with that principle. I do however prefer to use factual arguments and not bullshit like the commentor that I responded to did.
Anyone who uses a script like that is crazy. Next there will be a Code Red III which spoofs the originating IP and then your perl script becomes an unwitting part of a distributed DOS attack... Then YOU go to jail instead of the Code Red author.
Ohmy, how fscking stupid is it possible to be. Let me give you the hints one by one.
To attack a webserver you need to use http..
http uses tcp
tcp has something called initial sequence numbers
initial sequence numbers have been randomized rather good in more "recent" (think 97->now) operating systems.
spoofing a connection via tcp is almost impossible.
Ahh. It would be So Cool if microsoft actually blocked blackice and zonealarm. Preferrably blocked each new version, with each new update of windows.
The "personal firewall" industry is a full-of-crap industry created by the media. There is absolutely NO NEED for a person to install a 'personal firewall'. There is a small set of rules he should follow to be safe from email-viruses, trojans and "crack attempts".
The firewalls prevents crack attempts, and preventes outgoing connections on non-allowed ports from non-allowed software. The first.. well.. normal people with windows (or newser linux distros) really have their computers pretty damn closed down when they buy'em. If they open things up - they really don't need a firewall to "double-check" everything for them.
The "firewall" may prevent them from becomming netbus/back orifice/sub7 victims, but only _after_ they've been stupid enough to run the fscking trojan in the first place. NOrmal rules of conduct on computers really says that they SHOULD NOT RUN PROGRAMS THEY DO NOT KNOW.
The entire 'personal-firewall' industry is a mediahyped hystery that really shouldn't exist. Its an industry that is all about creating 'fear' in the normal citizens, and the SO CALLED "security consultants" that recomends that you should install personal firewalls.. well.. I don't know why they do it -- either they are stupid or they are bought out by the "personal-fw-industry".
Personally I just shake my head when I hear about stupid lusers that has actually INSTALLED such things.
Congratulations, you've just destroyed the referential integrity of the message. If the message had a MIME-encoded cryptographic signature, you rendered the entire message useless.
Time to start using _plain text_ again, isn't it? I've never understood the eagerness of stupid mail clients to use Mime all over the place. Ohwell .
The real solution is a well-designed email client:
Uses cryptography to establish trust.
Only automatically opens/runs attachments via sandboxed methods.
Requires user intervention, and by default displays a warning, for accessing attachments that cannot be sandboxed.
To use your own word. Balderwash!
Cryptography to establish trust? What on earth prevents the virus from using the same crypto? The passphrase? The passphrase that may be sniffed from the keyboard by the virus? Yeahrite.
Sandbox model. Well, sure, but don't you forget something? How should the nice little doc be _saved_ for the cluebie, after he opened it in his nice little sandbox?
Note number 3 is ok. User intervention is OK, but it'll make user just click 'ok' all the time, and have no effect except for the first month or so.:-/
When I join a beta and I am accepted into it. I expect to be able to actually beta test the game, yes.
Let me see.. You couldn't log in, you complained, and it was probably logged together with the other 200 people that suffered the same problem.
Hmm.
Why are you complaining that you weren't able to beta test the product? It sounds to me like you sent of your worries, and that they probably took note of it.
That YOU didn't get a reply.. well so fucking what?
I also expect that they will be responsive to the people show are testing the game for them. I sent them serveral e-mail about my problem and didn't get so much as a auto-response back.
I guess you're one of the idiots that think autoacks are okay. Personally I'm more put of by those FUCKING IDIOTIC AUTOACKS than I am by not getting a response.
Hmf, I read SPAML, but I've got a bit of backlog and haven't seen this. I think I need to catch up. In any case - this seems to be the end of the road for MAPS then.
I won't pay a penny for MAPS. For that, the process of getting domains blacklisted is not good enough. For servers to get listed in the RSS - spam already has to be relayed through an open relay.
This would not have happened had ORBS still existed. ORBS was a creat tool for detecting spam - as you had lists of ALL open relays there.
Now, I wonder what I'm going to do. Using MAPS' payment service is out of the question. Well.. maybe one of those ORBS-clones that are coming up may provide the correct solution.
You know.. a beta is.. guess what? A _beta_:-) If you expect everything to work in a beta, or expect it to work at all - then you're stupid - plain and simple.
To be quite frank, I can fully understand that funcom thinks its more important to fix the damn bug they've had 200 reports about, than to answer every single whiner out there.:)
Actually you are wrong. I've seen several exploits posted to bugtraq over the years - that has been found in the wild.
Also, please remember - there are lots of crackers/programmers in the 'underground circles' on IRC that know how to code exploits. When a vulnerability is found in software - there NEED to be issued a warning about it. There NEED to be issued a patch - and there NEED to be issued what the fsck it was all about.
If this is not done, crackers will just do a diff (binary or source) between the program before beeing patched - and afterwards. It'll be quite easy to discover what has been altered/updated - and thus where you need to look for the vulnerability. From that on, its not really difficult to create an exploit.
Unreleased exploits? Lets see.. I think there was a virus that exploited a vulnerability in Outlook. Some 'date' field without bounds checking or something like that. That certainly was 'unreleased' up until the virus got into the wild. There has also been other cases. Rootshell.com was cracked a couple of years back -- remember? I don't think they ever found out how..
Hello Mr. Anonymous Coward. I see that you didn't read my post.
I said:
"Full disclosure of cracking tools are a necessity. I will not argue about wheter it should be punishable to create them, but _Publishing_ them when they exist - is commendable."
Then I went on to argue why we need a full disclosure list such as Bugtraq - where information are freely published.
I did not say anything for or against wheter those that create the tools should be held accountable. I say that when the tools are _made_ -- those that publish them to the general public should be commended, as its better to have'em where everybody can see'em - than to have'em in the hands of a few underground persons.
Now, go back and _read_ the posts you answer to, before you answer.
Full disclosure of cracking tools are a necessity. I will not argue about wheter it should be punishable to create them, but _Publishing_ them when they exist - is commendable.
First, lets dive into the history of computer security. Crackers has existed as long as computers has existed. The term 'worm' was coined for them on usenet in the early eighties. It never caught on. Later the term 'cracker' was coined. They broke into systems, they had their tools - which circulated among the crackers. When a hole in a daemon / some suid software were discovered - the company that created the software often used months and _years_ to plug the holes. It was not a priority. Admins most likely never knew about them.
And onto this scene came the morris worm. It quickly spread to the entire Internet, using bandwidth and CPU power, exhausting disk and memory. The internet was literaly shut down for about a week while people crowded onto FidoNet and other networks to create a solution to remove the menace.
After this, CERT (Computer Emergency Response Team) was created. They was to deal with known vulnerabilities - and get the software vendors to patch up their software. Which they did -- but they gave the vendors far too much time. In the most extreme cases - years. When the vendor had a patch, the vulnerability was published in a cert advisory.
The problem was that crackers found vulnerabilities, and the knowledge about the holes spread underground. Some admins knew about them - and patched their systems manually. Most admins did NOT know about it. The crackers had far too much power.
Enter bugtraq and full disclosure. A mailinglist where people could discuss vulnerabilities they had discovered. A place where they could post tools they had discovered, rootkits, exploits, and so forth. A mailinglist where full disclosure was practiced.
The result? That software vendors were forced to patch up their systems MUCH faster than before, since the exploits that earlier was circulated only among badguys now become widespread and known to the entire world. Consumers would bug their vendors until they delivered a patch.
Today, we can thank Bugtraq - and aleph1 in particular - that we've got extremely fast responses from most software vendors when vulnerabilities are discoverd. From a vulnerability is discovered to the vendor publishes a patch.. well, most of the time its done within a few days - or at a maximum of 10-14 days. That is a hell of an improvement over the time it took to get a patch developed before bugtraq entered the stage.
In short. We _need_ a place where admins can share information about known vulnerabilities. We _need_ a place where tools that are found in the wild can be found by _everyone_. If we don't make that information freely available - a selected few will have the power to wreak havoc upon the net. Without it - admins will remain clueless when it comes to security issues. And that -- that is not a situation we want to return to.
(I'm sorry for any mispellings, inconsistencies or blatant errors in this post, I've written from mind / what I've read - and there are bound to be mistakes)
Slashdot Mirror
I'm not trying to start an OS-flamewar, but seriously. NetBSD supports almost every piece of hardware out there. In addition, its a Very lean and mean distribution.
:)
:)
Its also quite easy to recompile the entire baby (if you've got enough diskspace, of course). It would take time on a 386 though.
Point is, there _is_ a free unix available that installs in almost no space. And, that unix is _great_.
(Note: FreeBSD might be more optimized for i386, but that distro has gotten a bit too bloated imho. at least compared to NetBSD
During the olympics there should be a total ceasefire declared by all participating countries, including the hosting country.
:)
This year, that did not happen.
Thus, this is not the olympics.
I refuse to consider these games _olympic_ games.
Of course, that aside, yes, the games should of course have a net-feed. It will, given some time. I guess they've got a demand for everything going smooth, and that nobody really can deliver the necessary bandwidth for net-wide feeds yet.
I would like to make an analogy, but it may come out a bit strange, as I'm not sure wheter I know enough english.
:-)
If you go to a tivoli/amusement park/theme park/whatever you call it in english, and there are lots of different attractions, say, big dippers, merry go rounds, and so forth. There are only a limited amount of seats in each of'em.
You pay for an all-day-card, to be able to use all the attractions as much as you want.
Now, can you use all the attractions as much as you want? Nope. But you've payed for it!!! Yeah, but you see.. lots of others has payed for it too. So, everybody is queuing up. For the greatest attractions, you may have to stay in a queue for as long as 30-45 minutes.
When you've taken one ride, you have to return to the back of the line, in order to take another ride.
Now, what would you do if the ISP that sold you a line with a 'peak connection' of 500kb/s, and you never was able to get it above 50kb/s, due to congestion? You would complain? Right! So would I! Thus, one has to find an alternative solution, as people expect the Internet to be a tiny bit faster than a theme park.
An 'unlimited' internet connection is _not_ the same as an all-day-pass at a theme park. Those that think so has clearly misunderstood something.
What disgusts me is that the service is advertised as unlimited bandwidth
:) As we ran unpatched win95's.. it was a really great tool to do some vigilante bandwith-limiting. :) I hope Rogers starts using the more advanced tool .. called the 'scissors' on the lines of the bandwidth-pigs. It is applied by taking One pair of twisted pair cable between two fingers, and then applying the sharp ends of the scissors with the other hand, to the cable (and be careful to keep it away from the fingers)
That obviously is false. You bandwidth won't be higher than the maximum its possible to transfer to your cablemodem/router/whatever. If its 512Kbps, its 512Kbps that is your bandwidth.
The total bandwidth used during a set time cannot be unlimited neither. It should thus be obvious that there are limits to the amount of bandwidth one can use.
Now, if you think it through rationally - and not from a stupid leeching luser perspective - you'll see that everyone will have MORE than enough bandwidth available, if they don't act like idiots. Acting like idiots means maximizing their download all the time. People that does that remind me of the idiots that fired up 5 download sessions at once when I was doing highschool. The entire school shared a 64Kbps connection.
It was at that point I always pulled out my trusty old WinNuke
;-)
I fully understand Rogers. Of course, there will be lots of whiners, that does not understand that there are lots of users on the same network.
.. for providing 3 OC3 links per month.. pluss service.. pluss other costs.
Of course you can use the cablemodem for the quick speed, for normal things, and with some extreme spikes when you download things occassionally.
The _problem_ starts when someone starts using 100% of the bandwidth available to them, almost ALL the time. The problem is when there are about 50-100 people that does that. I'm not sure what speed Rogers is offering, but say its 512Kbps. If 100 users use all that, they need a T3 just for 100 users! If they've got, say 1000 users that are like that.. well, then they have a big fucking problem, as an OC3 wouldn't be enough to satisfy them.
Now, if someone does some calculations. How much would three OC3 links cost Rogers? Now, tell me, how much is 1000*45 ? Well, $45.000
It seems like a rotten deal for Rogers, to me. I fully understand that they want to punish the bandwidth-pigs.
I just gave away a couple of high karma accounts on Slashdot because of:
Haha! So, 'high-karma' accounts is a commodity. How stupid is it possible to get?
If your ISP is fuckwits, switch ISPs, don't complain here.
If that was to techincal for you, go bugger off.
I remember I used a program called 'Speed Read' or 'Speed Reader', not exactly sure. You imported qwk-packets, and it stored it in its own format.
:)
Great reader, payware, for DOS.
No, in Jan 2000 all his computers and stuff was confiscated as evidence, he was questioned and so forth. He was not charged with anything - but he was placed 'under investigation'.
The investigation took two fucking years.
Bullshit, he has never claimed to be the author of the entire program.
do we really want to perpetuate the use of Windows software on a linux platform?"
Face it. There is no way in hell all software will be available for Linux, and if a company cannot run that mission critical app, then they won't switch to Linux.
Let me give you an example. I'm from Norway. Companies tend to want programs where they can do their accounting - which has all norwegian tax-rules, and so forth ad nauseum programmed into them.
In norway we have some software called 'Guru Software' or something like that, and surely others too. Its windows applications.
Now, a company which has done its accounting in that software for a couple of years is quite locked down. Its not an easy task to just switch to Linux. The windows-software _needs_ to run on linux, so that previous years accounting information is easily accessible. Of course, one could always hope that the company would make a linuxversion of the software, but that isn't always easy.
Now, microsoft 'owns' such companies as long until Linux can run this kind of windows software perfectly. And the answer is 'yes' -- we want the ability to run such software under Linux. If not, well then we're not gonna get such companies as users.
Take another example. I'm currently doing civil service in Norway, in part of a city adminstration. We're 'locked in' on using Windows, as a lot of proprietary solutions we are using is windows-only applications. They run on windows servers, and the clients only exist for windows.
These are products in the health and social sectors, with highly specialized use. Its not very likely that the free software movement will produce software that less than 20 relatively small institutions worldwide will use, which is of this enourmous complexity.
The answer is that we _need_ the ability to run windows apps, and yes, it is something we _want_. IF not, we've lost a _LOT_ of potential users, which are 'locked in'.
Hmm. nice. :)
:)
You did a nice little selfadd there. And, I enjoyed the music.
Slashdot editors should re-read the story instead of making out of hand comments.
West is _not_ criticizing the images that actually get published. She is criticizing all that get deleted. You don't go ahead and save every image you take to your harddrive, as you then have to buy a new harddrive all the time. Its much more convenient to just delete what you think is irrelevant at the moment.
With a film that is not possible. The film stores it, at least "semi-permanent", that is, at least a couple of years or 20.
Of course, you get a buttload of film to handle, and someone needs to review all that film, but thats beside the point.
The point is that she worries that history get lost, due to all the deletion of material. She would NOT be worried, if every journalist/photographer just saved _everything_ to harddrives, and never deleted any pictures. _Then_ she, according to her article, would be perfectly happy with it (she doesn't say so, but its obvious out of her article).
I usually hate me toos -- but in this case, just to show the slashdot crew that more people agree with you.
YES. The 'lameness filters' suck horeshit. They get triggered if you type too fast. It has happened that I've responded to 2-3 comments in a row, and well -- since I'm a fast typer, every so often I get hit by the lameness filter. I think it used to be more than 20 seconds though.
Of course, we need to throttle the trolls, but that shouldn't take priority over regular postings.
I'm more than happy to oblige Intel. I'll just stay clear of their CPU's. Since they're stupid enough to enforce patents like that -- I'll simply not use'em.
:)
There are good alternatives available.
While what you say is factually true (spoofing the source is tricky), the principle of not fighting fire with fire is still reasonable. Whenever you automatically respond to an attack with another attack you open up the potential for an explosive situation.
Yes, I agree totally with that principle. I do however prefer to use factual arguments and not bullshit like the commentor that I responded to did.
Anyone who uses a script like that is crazy. Next there will be a Code Red III which spoofs the originating IP and then your perl script becomes an unwitting part of a distributed DOS attack... Then YOU go to jail instead of the Code Red author.
Ohmy, how fscking stupid is it possible to be. Let me give you the hints one by one.
To attack a webserver you need to use http..
http uses tcp
tcp has something called initial sequence numbers
initial sequence numbers have been randomized rather good in more "recent" (think 97->now) operating systems.
spoofing a connection via tcp is almost impossible.
Ahh. It would be So Cool if microsoft actually blocked blackice and zonealarm. Preferrably blocked each new version, with each new update of windows.
.. well .. normal people with windows (or newser linux distros) really have their computers pretty damn closed down when they buy'em. If they open things up - they really don't need a firewall to "double-check" everything for them.
/sub7 victims, but only _after_ they've been stupid enough to run the fscking trojan in the first place. NOrmal rules of conduct on computers really says that they SHOULD NOT RUN PROGRAMS THEY DO NOT KNOW.
.. well .. I don't know why they do it -- either they are stupid or they are bought out by the "personal-fw-industry".
The "personal firewall" industry is a full-of-crap industry created by the media. There is absolutely NO NEED for a person to install a 'personal firewall'. There is a small set of rules he should follow to be safe from email-viruses, trojans and "crack attempts".
The firewalls prevents crack attempts, and preventes outgoing connections on non-allowed ports from non-allowed software. The first
The "firewall" may prevent them from becomming netbus/back orifice
The entire 'personal-firewall' industry is a mediahyped hystery that really shouldn't exist. Its an industry that is all about creating 'fear' in the normal citizens, and the SO CALLED "security consultants" that recomends that you should install personal firewalls
Personally I just shake my head when I hear about stupid lusers that has actually INSTALLED such things.
Congratulations, you've just destroyed the referential integrity of the message. If the message had a MIME-encoded cryptographic signature, you rendered the entire message useless.
:-/
Time to start using _plain text_ again, isn't it? I've never understood the eagerness of stupid mail clients to use Mime all over the place. Ohwell .
The real solution is a well-designed email client:
Uses cryptography to establish trust.
Only automatically opens/runs attachments via sandboxed methods.
Requires user intervention, and by default displays a warning, for accessing attachments that cannot be sandboxed.
To use your own word. Balderwash!
Cryptography to establish trust? What on earth prevents the virus from using the same crypto? The passphrase? The passphrase that may be sniffed from the keyboard by the virus? Yeahrite.
Sandbox model. Well, sure, but don't you forget something? How should the nice little doc be _saved_ for the cluebie, after he opened it in his nice little sandbox?
Note number 3 is ok. User intervention is OK, but it'll make user just click 'ok' all the time, and have no effect except for the first month or so.
--
Bull. 3 espresso coffee contains about 450mg caffeine.
2dl RedBull contains about 70mg caffeine.
--
When I join a beta and I am accepted into it. I expect to be able to actually beta test the game, yes.
.. well so fucking what?
Let me see.. You couldn't log in, you complained, and it was probably logged together with the other 200 people that suffered the same problem.
Hmm.
Why are you complaining that you weren't able to beta test the product? It sounds to me like you sent of your worries, and that they probably took note of it.
That YOU didn't get a reply
I also expect that they will be responsive to the people show are testing the game for them. I sent them serveral e-mail about my problem and didn't get so much as a auto-response back.
I guess you're one of the idiots that think autoacks are okay. Personally I'm more put of by those FUCKING IDIOTIC AUTOACKS than I am by not getting a response.
ohwell
newbies.
--
Hmf, I read SPAML, but I've got a bit of backlog and haven't seen this. I think I need to catch up. In any case - this seems to be the end of the road for MAPS then.
.. maybe one of those ORBS-clones that are coming up may provide the correct solution.
I won't pay a penny for MAPS. For that, the process of getting domains blacklisted is not good enough. For servers to get listed in the RSS - spam already has to be relayed through an open relay.
This would not have happened had ORBS still existed. ORBS was a creat tool for detecting spam - as you had lists of ALL open relays there.
Now, I wonder what I'm going to do. Using MAPS' payment service is out of the question. Well
Harumpfh.
--
Its a bit obvious that you're an AOL user. ;)
.. a beta is .. guess what? A _beta_ :-) If you expect everything to work in a beta, or expect it to work at all - then you're stupid - plain and simple.
:)
You know
To be quite frank, I can fully understand that funcom thinks its more important to fix the damn bug they've had 200 reports about, than to answer every single whiner out there.
--
Actually you are wrong. I've seen several exploits posted to bugtraq over the years - that has been found in the wild.
..
Also, please remember - there are lots of crackers/programmers in the 'underground circles' on IRC that know how to code exploits. When a vulnerability is found in software - there NEED to be issued a warning about it. There NEED to be issued a patch - and there NEED to be issued what the fsck it was all about.
If this is not done, crackers will just do a diff (binary or source) between the program before beeing patched - and afterwards. It'll be quite easy to discover what has been altered/updated - and thus where you need to look for the vulnerability. From that on, its not really difficult to create an exploit.
Unreleased exploits? Lets see.. I think there was a virus that exploited a vulnerability in Outlook. Some 'date' field without bounds checking or something like that. That certainly was 'unreleased' up until the virus got into the wild. There has also been other cases. Rootshell.com was cracked a couple of years back -- remember? I don't think they ever found out how
--
Hello Mr. Anonymous Coward. I see that you didn't read my post.
I said:
"Full disclosure of cracking tools are a necessity. I will not argue about wheter it should be punishable to create them, but _Publishing_ them when they exist - is commendable."
Then I went on to argue why we need a full disclosure list such as Bugtraq - where information are freely published.
I did not say anything for or against wheter those that create the tools should be held accountable. I say that when the tools are _made_ -- those that publish them to the general public should be commended, as its better to have'em where everybody can see'em - than to have'em in the hands of a few underground persons.
Now, go back and _read_ the posts you answer to, before you answer.
--
Full disclosure of cracking tools are a necessity. I will not argue about wheter it should be punishable to create them, but _Publishing_ them when they exist - is commendable.
.. well, most of the time its done within a few days - or at a maximum of 10-14 days. That is a hell of an improvement over the time it took to get a patch developed before bugtraq entered the stage.
First, lets dive into the history of computer security. Crackers has existed as long as computers has existed. The term 'worm' was coined for them on usenet in the early eighties. It never caught on. Later the term 'cracker' was coined. They broke into systems, they had their tools - which circulated among the crackers. When a hole in a daemon / some suid software were discovered - the company that created the software often used months and _years_ to plug the holes. It was not a priority. Admins most likely never knew about them.
And onto this scene came the morris worm. It quickly spread to the entire Internet, using bandwidth and CPU power, exhausting disk and memory. The internet was literaly shut down for about a week while people crowded onto FidoNet and other networks to create a solution to remove the menace.
After this, CERT (Computer Emergency Response Team) was created. They was to deal with known vulnerabilities - and get the software vendors to patch up their software. Which they did -- but they gave the vendors far too much time. In the most extreme cases - years. When the vendor had a patch, the vulnerability was published in a cert advisory.
The problem was that crackers found vulnerabilities, and the knowledge about the holes spread underground. Some admins knew about them - and patched their systems manually. Most admins did NOT know about it. The crackers had far too much power.
Enter bugtraq and full disclosure. A mailinglist where people could discuss vulnerabilities they had discovered. A place where they could post tools they had discovered, rootkits, exploits, and so forth. A mailinglist where full disclosure was practiced.
The result? That software vendors were forced to patch up their systems MUCH faster than before, since the exploits that earlier was circulated only among badguys now become widespread and known to the entire world. Consumers would bug their vendors until they delivered a patch.
Today, we can thank Bugtraq - and aleph1 in particular - that we've got extremely fast responses from most software vendors when vulnerabilities are discoverd. From a vulnerability is discovered to the vendor publishes a patch
In short. We _need_ a place where admins can share information about known vulnerabilities. We _need_ a place where tools that are found in the wild can be found by _everyone_. If we don't make that information freely available - a selected few will have the power to wreak havoc upon the net. Without it - admins will remain clueless when it comes to security issues. And that -- that is not a situation we want to return to.
(I'm sorry for any mispellings, inconsistencies or blatant errors in this post, I've written from mind / what I've read - and there are bound to be mistakes)
--