Slashdot Mirror


User: commodoresloat

commodoresloat's activity in the archive.

Stories
0
Comments
5,963
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,963

  1. Re:Pfft on Interview with SubEthaEdit Developer · · Score: 2, Funny
    (what happens when I hit "d" depends on the mode--when I hit "d" in subethaedit I see a "d").

    But that's the beauty of vi -- the joy of the unexpected lurking in every keystroke.

  2. Re:journalists on Meet Joe Blog · · Score: 1
    there're some bloggers out there who might as well be professionals. Matt Drudge comes to mind

    My body can't decide whether to laugh or vomit.

  3. A legitimate complaint? large music libraries on iTunes 4.6, DRM, and Hymn · · Score: 3, Interesting

    These are whines, as others point out. My problem with iTunes is that it is not graceful at handling large song libraries. A library of 14k songs for example is difficult to navigate (scrolling randomly slows down, and sometimes the computer completely stalls when iTunes is running, which I believe is related to the library size, since it doesn't happen on my laptop). Is this a common problem for people with large music libraries? Or does it sound like I messed something else up? The sluggishness would be ok if the crashes stopped; when this kind of crash happens nothing works except manually restarting.

  4. Actually on Happy Birthday, UNIVAC I · · Score: 1

    This posting is just a dupe of the story from 3 years ago.

  5. What your saying is on Dog Trained on 200-Word Vocabulary · · Score: 3, Funny

    A dog may be able to bark, but a dog cannot bark about barking.

  6. Re:Obligatory Chappelle "Balck Bush" quote on Preview of Moon-To-Mars Report · · Score: 3, Funny

    Doesn't the last line technically make this a Howard Dean quote?

  7. It's probably illegal but on Labels Find New Method of Payola · · Score: 1

    it does show the hypocrisy of what the RIAA is trying to accomplish. On the one hand, they're suing to prevent you from distributing the song; on the other hand, they're paying radio stations to distribute the same song.

  8. Re:Not surprising, and not bad. on RIP G4 PowerMac · · Score: 1
    I'm not *confusing* them. I'm just not bothering to draw an arbitrary distinction between them for purposes of weasling out of an argument.

    It's not an arbitrary distinction. You buy the OS and webserver separately, from different companies. Most people who run the OS never buy the webserver. They are different products. You could just as easily attribute all Word Macro viruses to the MacOS and refuse to draw an arbitrary distinction between the OS and the word processer.

    No, it's not. It's the only point that's relevant to this discussion: no Mac running classic Mac OS has ever been hacked into. That means a Mac running the classic Mac OS is a very secure platform indeed.

    No. It means no Mac running Classic has ever been hacked into. Period. Any other statement is a hypothesis, which is perfectly acceptable, but I offered a much more credible hypothesis. Your hypothesis is circular. What is it about the MacOS that you think makes it more secure?

    You're ignoring the fact that the lack of a command shell basically makes running arbitrary commands remotely a complete impossibility on a classic Mac. You're saying "if it happened, it would suck" while ignoring the fact that it cannot happen.

    The equivalent of a command shell can be installed on a Mac; I gave you two examples in my first post in this discussion. The command shell is harder to separate from the OS itself than the webserver, perhaps, from the user's perspective, but from the perspective of the computer OS I don't see why the command shell is different from the GUI. It's a way of inputting commands to the computer; perhaps it is easier for most hackers to type commands from memory than to interact with the computer through a series of arcane mouse movements, but if I am controlling a computer through a program like Timbuktu that computer is just as owned as if I was doing it from a $ prompt. More so, in fact, because for me, like most Mac users, the mouse movements are way more intuitive than the command prompt. If this is the sole reason you think OS9 was safer, you might have mentioned it earlier in this discussion. And it's not a good reason -- Timbuktu, while not a shell, is a way of running commands remotely. Apple Remote Access, and the file sharing and program linking built into the OS also give one the ability to execute commands remotely. And the program whose name I can't remember that I mentioned earlier was itself a command shell you could install that used AppleScript (I believe) to give commands to other programs. You seem to think that such programs don't exist on a Mac, or to think that if they do exist, they should not be considered part of MacOS security assessments, while similar programs on UNIX should be considered while making assessments about UNIX security.

    The point is that compromising the system once -- by tricking someone into running a program that installs invisible extensions for example (something that was easily accomplished in the OS 9 days) -- leaves the system far more vulnerable than compromising a UNIX (or OSX) system with the same type of exploit. (And yes, I realize that the hard part, getting the program on the machine, is accomplished through social engineering in the above example. But it's the same on both systems. And if you run a vulnerable webserver on either system, the same kind of exploit works on both systems (regardless of there being no examples "in the wild") -- the architecture difference between an exploit on apache for unix and the same exploit for apache on mac is probably not a huge programming hurdle for the hacker, and whatever hurdle it is says nothing about the inherent security of not having a shell in the OS.

    But my point is obvious, in the end, and it's a silly debate. I'm only pointing out for the sake of argument a reason why OS9 might be considered less secure -- in the end, the OS9 model (the user has access to everything) has benefits that justifies that approach, whereas the OSX/UNIX model has other benefits.

  9. yes they are on McDonald's Germany Moves to SuSE Linux · · Score: 5, Funny

    McDonald's is trying to make new inroads with the wildlife-loving set. After penguin burgers they will be introducing the wildly successful Baby Seal breakfast sausage. But the tastiest addition to their menu will be the Bald Eagle McNuggets. Yum!

  10. Re:Not much behind this really... on McDonald's Germany Moves to SuSE Linux · · Score: 5, Funny
    "FTP" hardly strikes me as a core service for a fast-food company.

    Actually, the Fries Transfer Protocol is definitely a core service.

  11. I'm in shock too on Saudi Webmaster Acquitted of Terrorism Charges · · Score: 4, Funny
    Here's someone serving on a jury who JUST DISCOVERED what the first amendment to the Constitution is all about!

    Yeah, I don't know how the lawyers let someone intelligent enough to understand the first amendment survive the jury selection process. Usually they weed out such troublemakers....

  12. Re:Islamic websites. on Saudi Webmaster Acquitted of Terrorism Charges · · Score: 1

    Don't bury your head in the sand. There are plenty of websites like he speaks of and the people who run them openly distribute such opinions in other forms. They say such things in Arabic (and English) in (some) mosques across the middle east, in England, in Germany, in France, and even in the US. They print newspapers, hold meetings, have colloquia pondering such questions as how many virgins will suicide bombers enjoy in heaven and whether the Koran permits any form of democratic government. Yes there are intel agencies who would like to embarrass Islamists, but there are plenty of Islamists who will do the job themselves.

  13. Re:Correct verdict, but... on Saudi Webmaster Acquitted of Terrorism Charges · · Score: 1
    it would be like trying to sell Pax Americana to a mullah and his followers, right?

    Wait a second... isn't that what Bush is trying to do?

  14. Re:Not surprising, and not bad. on RIP G4 PowerMac · · Score: 4, Interesting
    I guess you just don't understand my point. Saying there was no example of a compromised system that we know about is irrelevant. You can just as easily make the same claim about BeOS. The point is the OS itself is in no way more secure than UNIX as an OS. You seem to be confusing the OS and the webserver (in the case of old Mac OS you're talking about WebStar, which was not made by Apple, and says nothing about MacOS security, just like apache says nothing about UNIX security). And, as I said, some people did run apache on the Mac, there were at least two versions I remember, probably more, so comparing WebStar vs. apache doesn't say anything about MacOS security at all.

    You keep repeating the claim there has been no successful exploit "in the wild" (that you know of) -- which may be true if you ignore the crack-a-mac contest, but it is irrelevant. A mac running insecure services is no more secure than a UNIX box running insecure services, and a Mac that is not connected to a network at all is as secure as a UNIX box not connected to a network. And, again, it is probably less secure, since once the service has been compromised, the attacker now has root access to the Mac. At the OS-level the Mac is probably less secure.

    I realize that you think your claim that there has been no successful compromise of os9 is some kind of self-evidently significant argument, but it is basically just interesting data until you suggest some actual hypothesis (other than obscurity) as to what might make OS9 more secure.

    My hypothesis is that OS9 was more secure simply because out of the box it didn't do anything (as far as the network is concerned). And the majority of users left it that way. It's a simple hypothesis, and all you can say is "Bogus."

  15. Yes - tax the churches on Saudi Webmaster Acquitted of Terrorism Charges · · Score: 1, Funny

    Appraise the Lord!!

  16. Re:First Amendment Message? on Saudi Webmaster Acquitted of Terrorism Charges · · Score: 1
    there are a few who seem to have the idea of EWI: Existing While Islamic

    And don't forget DWC, discovered in the wake of the Wen Ho Lee fiasco: "Downloading While Chinese."

  17. Re:Not surprising, and not bad. on RIP G4 PowerMac · · Score: 3, Interesting
    All the webmasters at the DoD will be shocked to learn that their web servers don't do anything.

    Their web servers weren't "in the box" when they bought OS9. The very first sentence of the article you linked points out that the Army was running WebStar, which certainly wasn't part of OS9, and isn't running "out of the box."

    No, NOT the same. Because nothing runs on a Mac under OS 9 unless you explicity enable it. Unlike UNIX, where services run by default out of the box.

    Right - including webservers. That was exactly my point. An OS9 (or 8 or 7) out-of-the-box install didn't "do anything," as far as the internet is concerned, so it didn't introduce any vulnerabilities, whereas most UNIX out-of-the-box installations do have network services running. When the Mac is running the same or similar services it is much more vulnerable. It is this -- and not some mysterious design feature of the OS itself -- that makes the Mac more secure -- and less useful -- "out of the box."

    Look, I'm a huge MacOS fan, even OS 9,8,7 (actually 8.5.1 was my favorite; it was downhill from there in my opinion until X), but there is no sense in pretending things that aren't true. Mac OS9 was not inherently any more secure than any other OS; it was more secure in practice because all network services were disabled and not too many people used them (and not too many used Macs anyway), so the hunt for Mac security holes was never as vigorous and popular as the hunt for UNIX and Windows exploits. There was a Mac hacking community, and it came up with some pretty clever things (including that remote control program that I wish I could remember the name of), but the few Macs running WebStar were never an attractive enough target for hackers with acres of apache & IIS servers in front of them to play with.

    I guess my point is that the OS is only as secure as the services it is running, and that's true of UNIX as well. There is nothing inherently more secure about OS9; UNIX can certainly be installed without turning on vulnerable services but nobody bothers because these machines are meant to be used on the internet.

    There were versions of apache for Mac, for example, vulnerable to whatever exploits were around for the version of apache they were based on. And WebStar was a damn fine server, but its big selling point was that it was a freakin' workhorse, not that it was any more secure than apache, except perhaps through obscurity. And either way it says nothing about the inherent security of OS 9. Arguably OS9 is less secure as an OS than UNIX because it treats every user as root.

    Don't compare Mac and UNIX "out of the box" because they're in very different boxes. Compare Mac + network services to UNIX "out of the box" or Mac "out of the box" to UNIX with all network services turned off if you actually want to compare them for this purpose.

  18. Re:examples? on Realistic Human Graphics Look Creepy · · Score: 1

    I guess you've never heard of Shakespeare. Or Lewis Carroll. Sex with and between children has always been part of literary tradition. And in fact it was much more common for children to marry and otherwise be seen as adults sexually in the past than it is today. That isn't to say that what we today consider "child porn" would have been legal then; only that the broader category of "depictions of sex with children" (imaginative depictions, not photographs) -- from Plato's Phaedrus to American Beauty -- is only today being targeted by legislation.

  19. Re:Not surprising, and not bad. on RIP G4 PowerMac · · Score: 3, Interesting
    You do know that there's never been a recorded instance in the wild of a remote compromise of a Classic Mac OS machine, right?

    This is not entirely true. Somebody broke into the Mac running WebStar that was hosting the "Crack-a-Mac" contest. But they did it by exploiting a vulnerability in a filemaker script that was running alongside the webserver. But a remote compromise is a remote compromise.

    As someone else pointed out, an app like Timbuktu gives you remote back-office-style control over a Mac if you can install the program; I used to have an installer program that installed an invisible version of the Timbuktu on any Mac, making it easy to gain access if you could get physical access to the machine once (or get someone to run the file). More troubling was the application distributed at the time by securemac.com (I forget the name of the app) that opened an obscure port on the mac for a user to telnet into and the user could issue commands via a simple command language. The commands allowed a user to open programs, files, delete files, etc; most things that you could do sitting in front of the machine.

    Of course the latter two aren't really exploits as they require a user to actually install them (once). But the lack of a firewall means that if they are installed once they do damage; whereas a firewall would head off the damage they might do (assuming the apps are installed by trickery rather than by a malicious user sitting at the machine, who could also turn off the firewall of course.

    But all this is academic -- os9 was more secure "out of the box" because it didn't do anything. Like someone else wrote, you can't telnet into a rock either. Once you make the os do things, like run webservers, or cgi scripts (like the filemaker one that got exploited), or remote access apps, or ftpd (I believe there was a vulnerable ftpd program under os9, actually more like os7.1 or 7.5), etc., you open up the potential for exploits. The same with any services you open up under UNIX. If you run OSX without any network services turned on and with all ports closed, it is just as secure as OS 9 "out of the box" -- and just as useful.

  20. I'm suspicious on New PowerMac G5s: Up to 2.5Ghz, Liquid Cooled · · Score: 1
    it turned out to be fake though. The guy _didn't_ kill a Mac, he just bought an empty G5 housing and faked the article to scare the crap out of people. He later confessed to his alleged sins, and it turned out everything was a hoax. Apparently he got a lot of hatemail :)

    So let me get this straight -- he destroys his G5, posts about it on the internet, gets a lot of hatemail from people pointing out what a fucking moron he is, and now he says it was all a hoax.

    Hmmm...

  21. RTFA on Rowing the Pond Again · · Score: 1

    She plans to cover the entire boat with dried sheep's blood.

  22. Re:Note to Apple on Apple Rolls Out AirPort Express, AirTunes · · Score: 1
    Can *any* device do this without a TV?

    You'd like a device that projects video directly into your retinas?

  23. Screenshots are very important on GoboLinux Compile -- A Scalable Portage? · · Score: 1

    they allow me to procrastinate by looking at someone else working.

  24. The real question on Will There Be A Winning Autonomous Robot in 2005? · · Score: 2, Funny

    is whether the winning robot will have a "CAPS LOCK" key.

  25. Caps Lock has another very important purpose on Is Caps Lock Dead? · · Score: 4, Funny

    YELLING!!!