I agree. I wondered all the time when anybody will openly say that konqueror is a competition to the upcoming mozilla. I used it most the time and actually have posted something on slashdot with it (and 1.1.2 does the cookies reliable). One has to remember that a full slashdot commentary site (esp. with moderator functionality) is a real good hardcore-test for a html renderer.
I think you're mistaken. First, this report is quite good IMO, there are many signs which show this test is more fair than the former one. OTOH, the apologies would have been in order just for the aggressive tone of some people independ of this test. All in all I would say perhaps some people in the "linux community" (I hate this wording) have learned something, but mindcraft learned as much or more. This fairer and more exact test shows this, in the FAQ they even admit they had done configuration mistakes with linux in the first test.
I was one of the people who thought it would be better to ask serious questions. I asked one myself about JP's serious contributions to the security scene, unfortunately it wasn't choosen (I would have liked to see him circling around the concrete answer "NOTHING".)
Now I have to say this got a bit sad. It is clear that mister vranesevich has abused/. as a big advertising board for his versions of some bad incidents. This isn't worth a detailed answer, anyone not too dumb sees clearly what kind of person this guy is. Perhaps slashdot should have choosen to not print the interview at all, just a description of why they had dropped it. Good thing is the link at the end to the forbes article. I would really like to see slashot interview the people from attrition and/or k. williams. /. shouldn't get the battlefield of some private feud, but the first step is done and a second should follow IMO. In addition the people I mentioned above would have more to say in an interview than to badmouth JP. This in contrary to him, who in essence just tried to sweep away things which let him look bad.
Interview Ken Williams instead, at least he's honest. Just to add some dB to your voice. Yes, Ken Williams would be great! I would be very interested in how he came to make packetstorm and what he does now...
I understand your feelings, I even have thought about doing a posting where I propose that nobody will pose question (I still think that would have been cool;-)). OTOH this is a chance for many - at least you and me - to see how mature slashdot really is. Slashdot is able to give this guy and the world a massive impression of how we see him. And we even wrote for Jane's about cyber warfare, so we are a authority in this area;-).
What were your most important works in the security related area, ie. posting to relevant(!) mailing lists (let's say bugtraq, ntbugtraq, RISK), articles in magazines, papers or lectures?
This is just a sign how far nvidia is in front of it's competition (Disclaimer: I neither own nvidia shares nor even a nvidia graphics card). Come on, buy this thing a watch newer game titles crawl next year. And what about CPU-scalability, can I use this with a 266Mhz Pentium II and see a difference to a single Ati-Card? What I have read about the geforce, I will see some difference although this wouldn't be the perfect combination too. And let's talk about drivers, I assume the next generation geforce will be similar to the geforce256 (like g200->g400), so there is a (slight) chance of getting mature drivers on other OS's like linux. This product OTOH seems to be a dead end if it needs other drivers than the single chip cards. Oh, and can someone explain to me the difference of the benchmark results between the sharky review and the one on Tom's hardware? Methinks on Tom's site the geforce wins most of the bench's.
Well he certainly had 25 crashes and 17 cracks since he installed linux;-)).
No, read on and you'll see The choice of GNU/Linux seems to have caused all sorts of interest (witness this interview itself) when a *BSD may not have been so "controversial". Frankly I'm a little surprised at the reaction the choice seems to have generated. After all, we are just talking about web servers here. Many ISPs choose GNU/Linux on Intel for exactly the same reasons I have done - best value for money for the task in hand. He also stated he wanted to dispell some myths and made it very clear what he thinks about every cheesy computer newssite/paper riding on fact they choose linux. That's the argument.
Postgres has a very mature windows-odbc driver, while I use it only for relativly small dbs (2-5 MB) it works over a modem (33.6k) connection without a hitch (it's naturally slow though) Don't know about mysql, but your question sounds like postgres would be a very good solution, afterall you seem not to need the fastest database available, more a very reliable one. This is not to say that mysql isn't reliable, but it doesn't do transaction logging.
They know the format the decrypted file should have, the patterns of a sensefull video stream should be recongnizable, so I assume this is easier to break than a text in an unknown (but existing) language.
Btw. the second possibility is actually used for cracking (analog) pay-tv on the fly.
Trust me, they're not going to rest until they can get back to the original model - people paying every time they watch a movie (and, if they can pull that off, every time they listen to a song).
Yeah, they'll try, but I hope for them they'll see the light somewhere in the future. I see this as a kind of market. Corporations trying to make as much money of the customer as they can, resulting in a black market of warez/mp3z/moviez. Most people buy their favourite linux-distro (even the original one, not cheapbytes) instead of downloading it. Why? They feel buying it is rectified by the value. In my opinion most people _are_ willing to pay for what they get, but they are not willing to pay bucks which are the tenfold of the value they get. The battle of hollywood and the big music labels is lost, they have nothing left to fight. Everything the could do is damned to fail, they can't use copyprotection cause they don't control the hardware, they can't check the whole internet for warez cause even geocities or tripod can't get their own servers clean, this is impossible. (ie. just rename bla.mpd in bla.doc and their cute scanners will fail miserably). Increasing bandwith will end the possibility of making a lot of money because you own the distribution and marketing channels, and that's what it all reduces to, IMO.
The problem is there are probably two (not mutual exclusive) reasons for non-existant "source code" for the microcode. 1) There simply is no source code (like c-code), very likely because this stuff is as low-level as it can be. 2) There is some kind of source code, but the tools for creating the binary code out of the source are heaviliy proprietary, i.e. either you have to pay $$$ for them or you can't get them at all.
Once again we see the importance of the existence of free compilers at al for the idea of open source per se.
Yes, in this case the idea of Linus sueing is absurd, but that was something that interested me in general. Warning, I'm getting offtopic:
Lnux' success began with it quality, but now there is this bandwaggon, and if some company is going to sell a distribution, it better has the word linux in it to help sales. And they can pollute this distribution with so much proprietary crap without violating the GPL that it would be (nearly) impossible to compile one piece of the common source code on it. Ie. users would be locked down in something like...uuummh... "service packs" to update it. And, for such a system, they could easily offer the source for the gpl'ed parts and lock down the rest. You could buy binary software which links to proprietary libraries only, made with a certain compiler whose version 8.0 can crosscompile for two os's. In this case, would Linus be able to withdraw their right to use the name linux?
This scenario is pure paranoia, but I'm interested in the legal aspect..
Well, I think you were just unlucky. (clueless (scandal seeking) journalist) + 2*(clueless analyst) + (sco in game) = trouble for turbo linux. Perhaps you could publically state that you're not "six to eight months ahead" of your competitors, hehe, but that wouldn't help anyone and just hurt your company, I think.
I have seen more instant root problems for SCO in the last two weeks on bugtraq than for all linux-dists in the last three months together (really, look in the archives). This shows that this statement from the SCO CEO is complete crap - and no thanks, I don't need to try their product anymore.
The one thing that Linus legally owns is the Linux trademark, but that really is a minor issue. This is the first thing that came to my mind. I wonder whether Linus could take out the big legal hammer (not that I think he would do) and they had to call it Tinux or Linturb. Haha, unfortunately there is no Tinux or Linturb bandwaggon.
In addition, in connection solely with the delivery of ads via DoubleClick technology to one particular Web publisher's Web site, DoubleClick combines the non-personally-identifiable data collected by DoubleClick from a user's computer with the log-in name and demographic data about users collected by the Web publisher and furnished to DoubleClick for the purpose of ad targeting.
There are some cases when a user voluntarily provides personal information in response to an ad (a survey or purchase form, for example). In these situations, DoubleClick (or a third party engaged by DoubleClick) collects the information on behalf of the advertiser and/or Web site. This information is used by the advertiser and/or Web site so that you can receive the goods, services or information that you requested. Where indicated in some requests, DoubleClick may use this information in aggregate form to get a more precise profile of the type of individuals viewing ads or visiting the Web sites.
When saying I had to deal with this, I didn't mean I saw when it was done, sorry if this wasn't clear - well the word exactly is a bit misleading. Point is, they did some kind of web lottery and collected prizes from companies. In the range of somewhat more expensive marketing giveaways. And every fucking company they asked asked for the adresses. The general consensus was that the people who participate get something for doing that, so using their adresses was ok. And everyone wanted to have the click-statistics, since there were several websites involved, so it was a kind of a banner business. These adresses are what one calls "qualified contacts" (my translation, but it seems to match), i.e. much more worth than then pure adresse lists, more profiled. I was told they are worth around $10-$20 each - which I personally think is a bit expensive, but so much about the "free" giveaways we see everyday in the web. The people involved weren't technicians, so nobody could imagine this cookie-magic. But I swear you, if I had mentioned it they would have done it.
I'm pretty sure that someone like doubleclick could (not would!) do something like that. Just encrypt the data in the cookies so that noone ever will be able to check that. Hell, I'm pretty sure there are many profiles for me out there, my only hope is that they are not able to find out the real person behind. But all I wanted to illustrate is that it's not that hard.
Funny, when posting this I thought a about which title should I choose (not natural english speaking, which should be obvious, so I have to think before I type). Well, I thought of "Real word example" and discarded this for exactly the point you said. This exact example isn't "real world" and it may be paranoia-feeding, but it's nevertheless possible. And many people, even people who know what cookies are, don't add one and one and come to the conclusion this example illustrates.
Perhaps this is a more realistic scenario: A banner company which does an online prize competition (sp?) where everyone understands they need your adress to contact you when you win. They too require cookies and bang, they can track everyone who visits webpages with their banners on. And in this case theres much value and no risk, they can offer their ad-clients a very good database with very exact profiles. And don't tell me this is unrealistic, I had to deal with exactly this scenario for a job.
This is known for a while. I rip off some lengthy snippet from photo.net, which illustrate the potential of cookies quiet well. Read the really interesting full text here (somewhat down the page).
Magic cookies mean the end of privacy on the Internet. Suppose that three publishers cooperate and agree to serve all of their banner ads from http://noprivacy.com. When Joe User visits search-engine.com and types in "acne cream", the page comes back with an IMG referencing noprivacy.com. Joe's browser will automatically visit noprivacy.com and ask for "the GIF for SE9734". If this is Joe's first time using any of these three cooperating services, noprivacy.com will issue a Set-Cookie header to Joe's browser. Meanwhile, search-engine.com sends a message to noprivacy.com saying "SE9734 was a request for acne cream pages." The "acne cream" string gets stored in noprivacy.com's database along with "browser_id 7586." When Joe visits bigmagazine.com, he is forced to register and give his name, e-mail address, Snail mail address, and credit card number. There are no ads in bigmagazine.com. They have too much integrity for that. So they include in their pages an IMG referencing a blank GIF at noprivacy.com. Joe's browser requests "the blank GIF for BM17377" and, because it is talking to noprivacy.com, the site that issued the Set-Cookie header, the browser includes a cookie header saying "I'm browser_id 7586." When all is said and done, the noprivacy.com folks know Joe User's name, his interests, and the fact that he has downloaded 6 spanking JPEGs from kiddieporn.com.
Nobody (at least I) would say this programs output is useless. It should be weighed against other available evidence and used carefully. NO, the use of this program should be weighted against possible backdraws for people. Not anything which is useful is justifiable. Creating the mere possibility of violating individual rights is something which should be handled very careful
Slashdot Mirror
Could you enlighten me, please:
How should he know that?
How should he tell the difference between an that joke and a plain silly post in this case?
USA + GB + (other english speaking countries where you can watch southpark) != world
sorry, had to say that.
I agree.
I wondered all the time when anybody will openly say that konqueror is a competition to the upcoming mozilla.
I used it most the time and actually have posted something on slashdot with it (and 1.1.2 does the cookies reliable).
One has to remember that a full slashdot commentary site (esp. with moderator functionality) is a real good hardcore-test for a html renderer.
Well, you could implement a fully ram-caching apache in this thingy and blow nt in the next mindcraft test ;-).
I think you're mistaken.
First, this report is quite good IMO, there are many signs which show this test is more fair than the former one.
OTOH, the apologies would have been in order just for the aggressive tone of some people independ of this test.
All in all I would say perhaps some people in the "linux community" (I hate this wording) have learned something, but mindcraft learned as much or more. This fairer and more exact test shows this, in the FAQ they even admit they had done configuration mistakes with linux in the first test.
I was one of the people who thought it would be better to ask serious questions. I asked one myself about JP's serious contributions to the security scene, unfortunately it wasn't choosen (I would have liked to see him circling around the concrete answer "NOTHING".)
/. as a big advertising board for his versions of some bad incidents. This isn't worth a detailed answer, anyone not too dumb sees clearly what kind of person this guy is.
Now I have to say this got a bit sad. It is clear that mister vranesevich has abused
Perhaps slashdot should have choosen to not print the interview at all, just a description of why they had dropped it. Good thing is the link at the end to the forbes article.
I would really like to see slashot interview the people from attrition and/or k. williams.
/. shouldn't get the battlefield of some private feud, but the first step is done and a second should follow IMO. In addition the people I mentioned above would have more to say in an interview than to badmouth JP. This in contrary to him, who in essence just tried to sweep away things which let him look bad.
Interview Ken Williams instead, at least he's honest.
Just to add some dB to your voice.
Yes, Ken Williams would be great! I would be very interested in how he came to make packetstorm and what he does now...
I understand your feelings, I even have thought about doing a posting where I propose that nobody will pose question (I still think that would have been cool ;-)). ;-).
OTOH this is a chance for many - at least you and me - to see how mature slashdot really is. Slashdot is able to give this guy and the world a massive impression of how we see him.
And we even wrote for Jane's about cyber warfare, so we are a authority in this area
What were your most important works in the security related area, ie. posting to relevant(!) mailing lists (let's say bugtraq, ntbugtraq, RISK), articles in magazines, papers or lectures?
This is just a sign how far nvidia is in front of it's competition (Disclaimer: I neither own nvidia shares nor even a nvidia graphics card).
Come on, buy this thing a watch newer game titles crawl next year.
And what about CPU-scalability, can I use this with a 266Mhz Pentium II and see a difference to a single Ati-Card? What I have read about the geforce, I will see some difference although this wouldn't be the perfect combination too.
And let's talk about drivers, I assume the next generation geforce will be similar to the geforce256 (like g200->g400), so there is a (slight) chance of getting mature drivers on other OS's like linux.
This product OTOH seems to be a dead end if it needs other drivers than the single chip cards.
Oh, and can someone explain to me the difference of the benchmark results between the sharky review and the one on Tom's hardware?
Methinks on Tom's site the geforce wins most of the bench's.
Well he certainly had 25 crashes and 17 cracks since he installed linux ;-)).
No, read on and you'll see
The choice of GNU/Linux seems to have caused all sorts of interest (witness this interview itself) when a *BSD may not have been so "controversial". Frankly I'm a little surprised at the reaction the choice seems to have generated. After all, we are just talking about web servers here. Many ISPs choose GNU/Linux on Intel for exactly the same reasons I have done - best value for money for the task in hand.
He also stated he wanted to dispell some myths and made it very clear what he thinks about every cheesy computer newssite/paper riding on fact they choose linux. That's the argument.
Postgres has a very mature windows-odbc driver,
while I use it only for relativly small dbs (2-5 MB) it works over a modem (33.6k) connection without a hitch (it's naturally slow though)
Don't know about mysql, but your question sounds like postgres would be a very good solution, afterall you seem not to need the fastest database available, more a very reliable one.
This is not to say that mysql isn't reliable, but it doesn't do transaction logging.
They know the format the decrypted file should have, the patterns of a sensefull video stream should be recongnizable, so I assume this is easier to break than a text in an unknown (but existing) language.
Btw. the second possibility is actually used for cracking (analog) pay-tv on the fly.
Yeah, they'll try, but I hope for them they'll see the light somewhere in the future.
I see this as a kind of market. Corporations trying to make as much money of the customer as they can, resulting in a black market of warez/mp3z/moviez.
Most people buy their favourite linux-distro (even the original one, not cheapbytes) instead of downloading it. Why? They feel buying it is rectified by the value.
In my opinion most people _are_ willing to pay for what they get, but they are not willing to pay bucks which are the tenfold of the value they get.
The battle of hollywood and the big music labels is lost, they have nothing left to fight.
Everything the could do is damned to fail, they can't use copyprotection cause they don't control the hardware, they can't check the whole internet for warez cause even geocities or tripod can't get their own servers clean, this is impossible.
(ie. just rename bla.mpd in bla.doc and their cute scanners will fail miserably).
Increasing bandwith will end the possibility of making a lot of money because you own the distribution and marketing channels, and that's what it all reduces to, IMO.
The problem is there are probably two (not mutual exclusive) reasons for non-existant "source code" for the microcode.
1) There simply is no source code (like c-code), very likely because this stuff is as low-level as it can be.
2) There is some kind of source code, but the tools for creating the binary code out of the source are heaviliy proprietary, i.e. either you have to pay $$$ for them or you can't get them at all.
Once again we see the importance of the existence of free compilers at al for the idea of open source per se.
(sandal seeking)journalist
ROTFLMAO
Yes, in this case the idea of Linus sueing is absurd, but that was something that interested me in general. Warning, I'm getting offtopic:
...uuummh... "service packs" to update it. And, for such a system, they could easily offer the source for the gpl'ed parts and lock down the rest.
Lnux' success began with it quality, but now there is this bandwaggon, and if some company is going to sell a distribution, it better has the word linux in it to help sales.
And they can pollute this distribution with so much proprietary crap without violating the GPL that it would be (nearly) impossible to compile one piece of the common source code on it. Ie. users would be locked down in something like
You could buy binary software which links to proprietary libraries only, made with a certain compiler whose version 8.0 can crosscompile for two os's.
In this case, would Linus be able to withdraw their right to use the name linux?
This scenario is pure paranoia, but I'm interested in the legal aspect..
Well, I think you were just unlucky.
(clueless (scandal seeking) journalist) + 2*(clueless analyst) + (sco in game) = trouble for turbo linux.
Perhaps you could publically state that you're not "six to eight months ahead" of your competitors, hehe, but that wouldn't help anyone and just hurt your company, I think.
I have seen more instant root problems for SCO in the last two weeks on bugtraq than for all linux-dists in the last three months together (really, look in the archives). This shows that this statement from the SCO CEO is complete crap - and no thanks, I don't need to try their product anymore.
The one thing that Linus legally owns is the Linux trademark, but that really is a minor issue.
This is the first thing that came to my mind.
I wonder whether Linus could take out the big legal hammer (not that I think he would do) and they had to call it Tinux or Linturb. Haha, unfortunately there is no Tinux or Linturb bandwaggon.
Uhm, just checked, maybe it's time to deliberatly alter the content of my cookies...
From http://www.doubleclick.com/privacy_policy/ :
In addition, in connection solely with the delivery of ads via DoubleClick technology to one particular Web publisher's Web site, DoubleClick combines the non-personally-identifiable data collected by DoubleClick from a user's computer with the log-in name and demographic data about users collected by the Web publisher and furnished to DoubleClick for the purpose of ad targeting.
There are some cases when a user voluntarily provides personal information in response to an ad (a survey or purchase form, for example). In these situations, DoubleClick (or a third party engaged by DoubleClick) collects the information on behalf of the advertiser and/or Web site. This information is used by the advertiser and/or Web site so that you can receive the goods, services or information that you requested. Where indicated in some requests, DoubleClick may use this information in aggregate form to get a more precise profile of the type of individuals viewing ads or visiting the Web sites.
When saying I had to deal with this, I didn't mean I saw when it was done, sorry if this wasn't clear - well the word exactly is a bit misleading.
Point is, they did some kind of web lottery and collected prizes from companies. In the range of somewhat more expensive marketing giveaways.
And every fucking company they asked asked for the adresses. The general consensus was that the people who participate get something for doing that, so using their adresses was ok.
And everyone wanted to have the click-statistics, since there were several websites involved, so it was a kind of a banner business.
These adresses are what one calls "qualified contacts" (my translation, but it seems to match), i.e. much more worth than then pure adresse lists, more profiled. I was told they are worth around $10-$20 each - which I personally think is a bit expensive, but so much about the "free" giveaways we see everyday in the web.
The people involved weren't technicians, so nobody could imagine this cookie-magic.
But I swear you, if I had mentioned it they would have done it.
I'm pretty sure that someone like doubleclick could (not would!) do something like that.
Just encrypt the data in the cookies so that noone ever will be able to check that.
Hell, I'm pretty sure there are many profiles for me out there, my only hope is that they are not able to find out the real person behind. But all I wanted to illustrate is that it's not that hard.
Funny, when posting this I thought a about which title should I choose (not natural english speaking, which should be obvious, so I have to think before I type).
Well, I thought of "Real word example" and discarded this for exactly the point you said.
This exact example isn't "real world" and it may be paranoia-feeding, but it's nevertheless possible. And many people, even people who know what cookies are, don't add one and one and come to the conclusion this example illustrates.
Perhaps this is a more realistic scenario:
A banner company which does an online prize competition (sp?) where everyone understands they need your adress to contact you when you win. They too require cookies and bang, they can track everyone who visits webpages with their banners on.
And in this case theres much value and no risk, they can offer their ad-clients a very good database with very exact profiles.
And don't tell me this is unrealistic, I had to deal with exactly this scenario for a job.
This is known for a while. I rip off some lengthy snippet from photo.net, which illustrate the potential of cookies quiet well. Read the really interesting full text here (somewhat down the page).
Magic cookies mean the end of privacy on the Internet.
Suppose that three publishers cooperate and agree to serve all of their banner ads from http://noprivacy.com. When Joe User visits search-engine.com and types in "acne cream", the page comes back with an IMG referencing noprivacy.com.
Joe's browser will automatically visit noprivacy.com and ask for "the GIF for SE9734".
If this is Joe's first time using any of these three cooperating services, noprivacy.com will issue a Set-Cookie header to Joe's browser.
Meanwhile, search-engine.com sends a message to noprivacy.com saying "SE9734 was a request for acne cream pages." The "acne cream" string gets stored in noprivacy.com's database along with "browser_id 7586."
When Joe visits bigmagazine.com, he is forced to register and give his name, e-mail address, Snail mail address, and credit card number. There are no ads in bigmagazine.com. They have too much integrity for that. So they include in their pages an IMG referencing a blank GIF at noprivacy.com. Joe's browser requests "the blank GIF for BM17377" and, because it is talking to noprivacy.com, the site that issued the Set-Cookie header, the browser includes a cookie header saying "I'm browser_id 7586."
When all is said and done, the noprivacy.com folks know Joe User's name, his interests, and the fact that he has downloaded 6 spanking JPEGs from kiddieporn.com.
Nobody (at least I) would say this programs output is useless.
It should be weighed against other available evidence and used carefully.
NO, the use of this program should be weighted against possible backdraws for people.
Not anything which is useful is justifiable.
Creating the mere possibility of violating individual rights is something which
should be handled very careful