I had a theory on this that was very poorly recepted when I first began telling people.
People are violently against things like child molestation and child pornography while the same people often don't really have strong feelings about child abuse. Child abuse can leave just as intense emotional scars (and is usually more physically violent) so logic seems to dictate that is by far a worse crime (not to mention far more common).
It seems reasonable to me that people take such a violent position on child pornography because deep down, they fear their own attraction to children. It is natural for an adult to have sexual desire to a pubescent child (hell, this is what we're designed to do) and not too far back in our history, women at least were raising families at a very young age.
Now, I'm not condoning any kind of sexual activities between an adult and a minor. Violence is something that people tend to feel they have a certain degree of control over, sexuality typically isn't. Perhaps this is why people feel such a strong need to assert the immorality of child pornography.
You'll just be creating multiple instances of Vector for each type. You save nothing. The STL classes are not that large at all. Most of the vector functions are really small and by the time you wrap them all you'll have the same size wrapper class.
Disclaimer: I assume that you a) have permission to remove someone from your network b) would get some sort of approval to do this c) know the proper ipconfig command to disable a network interface. I don't. I don't use Windows.
Also, it would be smart to bring up notepad or something with instructions on how to manually remove the worm. I would strongly recommend against trying to automatically fix things. That's probably not legal.
Keep in mind, IANAL so don't do this without ensuring it's kosher first.
The recent DCE/RPC vunerability exploited MS's DCOM implementation residing on the end point mapper port using raw DCE/RPC over TCP.
This has nothing to do with Unix and certainly isn't a standard (hell, Samba doesn't even support this). This was totally a MS-original.
A lot of the http virii are based on MS-extensions or broken non-standard behavior of the MS clients.
If MS has followed what you refer to as "obscure unix standards", this wouldn't be an issue. Despite what you may thing, Unix systems were designed with security in mind whereas Windows was designed as a user-operating system.
This was actually an Extreme Blue project this summer. In fact, it was out of the Almaden lab.
Extreme Blue is a program where IBM hires three CS college students and one MBA student to work on exciting new technologies. The official party line is that Extreme Blue is IBM's incubator for talent, technology, and business innovation.
Lots of cool things come out of Extreme Blue. They ran an IBM-wide test of this Quake2 grid thing. It was pretty cool...
Ok, this is my real nick, before I was responding from my girlfriend's account.
So here's the deal. AD domain controller support is really a nebulus phrase because it involves a lot of different things. Before the end of last week, an OpenLDAP server could not fool most AD clients into thinking it was a Windows LDAP server. This is no longer true though since we know have proper GSS-SPNEGO support.
I got Windows client authenticating without modification to a Heimdal KDC quite a while ago (with fully signed PAC etc.).
What's really missing at this point is actually a number of RPCs in Samba. Problem is these RPCs are coming directly over TCP (normally they're part of a named pipe over SMB) and they are encrypted. We should be able to figure these out soon enough though.
What's most interesting though is that of all CIFS vendors, Samba is by far furtherest along in AD compatibility (well... sort of).
It's funny how slashdotters always want linux to replace windows, but shun targeting the same user level which MS has successfully exploited.
No. No. No.
I, like most other Open Source developers, only care about making a product that I enjoy using and am proud of. I simply do not care about Microsoft or it's user-base.
I do not write Free Software so that some middle-aged yuppie can browse porn for $80 less.
I'm simply don't care about lazy-users who don't care to ever read documentation and only sit and complain instead of making well-thought out suggestions.
Sure, let someone override this behaviour if they give the special flag after RTFM, I propose --literal. I am tempted to implement this using a bunch of perl wrappers.
I hate to say it, but you're problem is that you RTFM but not all the way.
rpm doesn't require a -p option. If you're installing, just use:
rpm -i packname.rpm
If you're uninstalling use:
rpm -e packname.rpm
Hell, in Nautilus (the program meant for folks that won't RTFM), you can just double-click on the darn things.
Try burn:/// in Nautilus and that should take care of your cd-burner whining.
file-roller will take care of your tar problems too plus give you a nice little GUI.
SameTime is by far the best IM I've use (especially in a corporate setting). It supports neat things like conferences, encryption, and various broadcasts. We have a number of clients (internally at least) for SameTime that tie into our LDAP directory.
And yes, I'm a c++ "hacker"... And yes, I prefer VC6 over anything else I've seen. I would love to use VS.NET except that everything I do have to be portable so I use VS6 and CMake for the Linux builds.
Oh so you're a big bad C++ hacker... I can just imagine how cool you are with Visual C++. And of course you use VS6 to make portable code when VS6 barely even supports template specialization. Hell, it's widely known that VS6 and below are the _worst_ C++ development environments because of the extremely poor support for everything that makes C++ a different language than C (this isn't entirely MS's fault, they were tied up in a messy lawsuit for quite a bit of time).
Nah, this is still just a buffer overflow. I doubt he "put" it in there.
I think that any programmer can appreciate why he went to such lengths to hide the code. It's a hell of a cool thing to do.
In this world of script kiddies, it's very important to disguinish between kiddies and people who are true hackers. Mad props to him for showing that hacking is most certainly an art.
The modification of the public key to make is divisible by 3 was just beautiful.
First of all, the discussion so far has been pretty immature.
To answers the most common question (why name C++0x), the name of the language is still C++. For standardized languages, it's common to refer to the different dialects by their 2-digit year extensions. Such as C89, F77, C99, etc. The use of C++98 and C++0x are merely used to disginuish the language at that particular standard.
Most of the library features of the new standard are already in the Boost library. Things like threads, regexs, smart pointers, are all there.
The smart pointer is actually one of the most highly debated topics because a stronger smart pointer is easy to implement but requires a new language feature (and even though this feature is likely to make it in, there's a requirement that all proposed libraries not required additional language features).
The focus on the new standard is really expanding the standard library (the goal is a library for C++ as useful as the ANSI library for C). Since C++ is committee based though (unlike Java), it takes a long time for these things to happen since it involves comprimise between many strongly-opinionated smart folks.
On the one hand, the language evolves slowly, but on the other hand, when it is ready, it will be a beautiful thing.
"It's so important and is probably the major problem facing Linux as viable replacements for Win2000 servers."
Right, because Lotus Notes has the majority share of corporate e-mail solutions or because Bynari offers an Exchange replacement that runs on Unix.
This is such a stupid statement. Active Directory is a much bigger problem in replacing Win2k servers since your Linux servers would more or less be stranded on the network as is.
Ah, well, that assumes that Active Directory Kerberos is interoperable with the kerberos specifications (which it isn't). Not to mention the fact that Windows likes to not use gss-api and prefers to instead use gss-spnego (which allows them to negotiate down to ntlmssp the minute the network even hiccups slightly).
See, the thing most people don't realize about AD, is that while it sort of supports Kerberos, the minute something goes even slightly wrong (some UDP packets get lost, a time skew's detected, misconfigured DNS, etc.) it falls back to NTLMSSP authentication without saying anything to the user.
In fact, the only way to know if you're using Kerberos at all is if you bust out ethereal and take a look. The funnier thing is the client caching. I've seen Windows clients fail on a Kerberos negotiation and just never try to negotiate Kerberos again.
And we won't even start talking about realm name canonicalization...
A useful password hash (at least one that isn't considered to be plain-text equivalent) is a cryptographic hash. A cryptographic hash is one thought to be np-hard.
For instance, take this simple hash:
uint32_t hash;
for (size_t i=0; i < str.length(); i++) {
hash += str[i]; }
Given an input of say, foobar, one would get a hash of 633. Now, if I start with an arbitrary password of say, google, I get a hash of 637.
Since I know that slight adjustments to the word, produce slight differences, I know that I can just start moving letters one space down the alphabet until I find a matching value.
So know I've successfully "exploited" this password protection mechanism.. This is why it's referred to as plain-text equivalent.
A cryptographic hash though has the interesting proper that a small change results in a unpredictable different. For instance, in the same example you might get:
There's no reason biometrics can't be cryptographically strong. It's just that the algorithms currently being aren't. That's no big news for anyone with even half a clue stick.
Just checked out my router's firmware. This particular model (their most popular) is not running Linux.
Although I looked online and it seems you can pick up a WRT54G for ~$115. That's less than I paid for the AP less than a year ago (of course, I bought that retail).
Isn't that simple. Cramfs's are by their nature, write-only. This because of it is compressed as one single image.
You'd really need to extract the cramfs (you can actually just specify an offset when mount and mount the rom image directly), copy all the files off to a directory, modify, then use mkcramfs to generate and image, and stick that image back into the rom image.
I highly doubt though that the rom doesn't at least have a checksum somewhere in it. ROM's are a dangerous thing not to checksum.
What's more, it wouldn't be too hard to have some simple signing mechanism which would allow only Linksys to issue ROM updates (and the routers would only need to have Linksys' public key).
The later seems like an awful lot of work for no real benefit but the first thing seems much more reasonable. Unfortunately, I don't have the -G model to test any of these theories out on.
Ok, I don't know if they have to release source for anything (they can point to other spots saying it's all unmodified).
If they have properitary drivers for their cards, good for them but they don't need to release the source.
On the other hand, it would be nice if they gave you the ability to insert your own ramdisk into the firmware upgrade (run your own code on the router).
Can you imagine the number of cool things you could do with such functionality.
Slashdot Mirror
The net command does not behave like the windows version and it does support GNU style options.
The idea behind net was to have a single point of administrator for all things Samba instead of having multiple different utilities.
The CLI has remained unspoiled.
Samba doesn't use threads and shouldn't link to any thread libraries.
I have no idea how there could possibly be such a problem. If you can recreate this, it'd be a good idea to submit such a bug to BugZilla.
Dude, there's a perl and shell backend in OpenLDAP. No database, no storage, you just get your shell or perl script invoked on every request.
What more could you possibly want?
Check out the latest Samba Howto Collection from one of the 3.0 release candidates. It has a fully chapter devoted to Winbind.
:-)
If you follow the instructions to the letter, everything should just work
I had a theory on this that was very poorly recepted when I first began telling people.
People are violently against things like child molestation and child pornography while the same people often don't really have strong feelings about child abuse. Child abuse can leave just as intense emotional scars (and is usually more physically violent) so logic seems to dictate that is by far a worse crime (not to mention far more common).
It seems reasonable to me that people take such a violent position on child pornography because deep down, they fear their own attraction to children. It is natural for an adult to have sexual desire to a pubescent child (hell, this is what we're designed to do) and not too far back in our history, women at least were raising families at a very young age.
Now, I'm not condoning any kind of sexual activities between an adult and a minor. Violence is something that people tend to feel they have a certain degree of control over, sexuality typically isn't. Perhaps this is why people feel such a strong need to assert the immorality of child pornography.
Are you retarded?
You'll just be creating multiple instances of Vector for each type. You save nothing. The STL classes are not that large at all. Most of the vector functions are really small and by the time you wrap them all you'll have the same size wrapper class.
[root@university root]# while true; do
> echo "ipconfig stop" | nc $(nc -vlp 135 2>&1 | grep "^connect to" | cut -f 2 -d[ | cut -f1 -d]) 4444
> done
Disclaimer: I assume that you a) have permission to remove someone from your network b) would get some sort of approval to do this c) know the proper ipconfig command to disable a network interface. I don't. I don't use Windows.
Also, it would be smart to bring up notepad or something with instructions on how to manually remove the worm. I would strongly recommend against trying to automatically fix things. That's probably not legal.
Keep in mind, IANAL so don't do this without ensuring it's kosher first.
The recent DCE/RPC vunerability exploited MS's DCOM implementation residing on the end point mapper port using raw DCE/RPC over TCP.
This has nothing to do with Unix and certainly isn't a standard (hell, Samba doesn't even support this). This was totally a MS-original.
A lot of the http virii are based on MS-extensions or broken non-standard behavior of the MS clients.
If MS has followed what you refer to as "obscure unix standards", this wouldn't be an issue. Despite what you may thing, Unix systems were designed with security in mind whereas Windows was designed as a user-operating system.
This was actually an Extreme Blue project this summer. In fact, it was out of the Almaden lab.
Extreme Blue is a program where IBM hires three CS college students and one MBA student to work on exciting new technologies. The official party line is that Extreme Blue is IBM's incubator for talent, technology, and business innovation.
Lots of cool things come out of Extreme Blue. They ran an IBM-wide test of this Quake2 grid thing. It was pretty cool...
Ok, this is my real nick, before I was responding from my girlfriend's account.
So here's the deal. AD domain controller support is really a nebulus phrase because it involves a lot of different things. Before the end of last week, an OpenLDAP server could not fool most AD clients into thinking it was a Windows LDAP server. This is no longer true though since we know have proper GSS-SPNEGO support.
I got Windows client authenticating without modification to a Heimdal KDC quite a while ago (with fully signed PAC etc.).
What's really missing at this point is actually a number of RPCs in Samba. Problem is these RPCs are coming directly over TCP (normally they're part of a named pipe over SMB) and they are encrypted. We should be able to figure these out soon enough though.
What's most interesting though is that of all CIFS vendors, Samba is by far furtherest along in AD compatibility (well... sort of).
It's funny how slashdotters always want linux to replace windows, but shun targeting the same user level which MS has successfully exploited.
No. No. No.
I, like most other Open Source developers, only care about making a product that I enjoy using and am proud of. I simply do not care about Microsoft or it's user-base.
I do not write Free Software so that some middle-aged yuppie can browse porn for $80 less.
I'm simply don't care about lazy-users who don't care to ever read documentation and only sit and complain instead of making well-thought out suggestions.
Try rpm -ql package.rpm and see how far you get.
That's because rpm -ql takes package, not package.rpm. You're querying an installed package name, not the installation file.
For instance, all you say is:
rpm -ql samba
I still fail to see how this
Sure, let someone override this behaviour if they give the special flag after RTFM, I propose --literal. I am tempted to implement this using a bunch of perl wrappers.
I hate to say it, but you're problem is that you RTFM but not all the way.
rpm doesn't require a -p option. If you're installing, just use:
rpm -i packname.rpm
If you're uninstalling use:
rpm -e packname.rpm
Hell, in Nautilus (the program meant for folks that won't RTFM), you can just double-click on the darn things.
Try burn:/// in Nautilus and that should take care of your cd-burner whining.
file-roller will take care of your tar problems too plus give you a nice little GUI.
These all come by default with RH9.
SameTime is by far the best IM I've use (especially in a corporate setting). It supports neat things like conferences, encryption, and various broadcasts. We have a number of clients (internally at least) for SameTime that tie into our LDAP directory.
SameTime is awesome.
And yes, I'm a c++ "hacker"... And yes, I prefer VC6 over anything else I've seen. I would love to use VS.NET except that everything I do have to be portable so I use VS6 and CMake for the Linux builds.
Oh so you're a big bad C++ hacker... I can just imagine how cool you are with Visual C++. And of course you use VS6 to make portable code when VS6 barely even supports template specialization. Hell, it's widely known that VS6 and below are the _worst_ C++ development environments because of the extremely poor support for everything that makes C++ a different language than C (this isn't entirely MS's fault, they were tied up in a messy lawsuit for quite a bit of time).
Did anyone think that the vmware may be used to access the Windows that was previously installed on these machines?
And I thought the bulk of these machines were embedded devices like cop cars, etc.
This seems a bit fuzzy...
Nah, this is still just a buffer overflow. I doubt he "put" it in there.
I think that any programmer can appreciate why he went to such lengths to hide the code. It's a hell of a cool thing to do.
In this world of script kiddies, it's very important to disguinish between kiddies and people who are true hackers. Mad props to him for showing that hacking is most certainly an art.
The modification of the public key to make is divisible by 3 was just beautiful.
First of all, the discussion so far has been pretty immature.
To answers the most common question (why name C++0x), the name of the language is still C++. For standardized languages, it's common to refer to the different dialects by their 2-digit year extensions. Such as C89, F77, C99, etc. The use of C++98 and C++0x are merely used to disginuish the language at that particular standard.
Most of the library features of the new standard are already in the Boost library. Things like threads, regexs, smart pointers, are all there.
The smart pointer is actually one of the most highly debated topics because a stronger smart pointer is easy to implement but requires a new language feature (and even though this feature is likely to make it in, there's a requirement that all proposed libraries not required additional language features).
The focus on the new standard is really expanding the standard library (the goal is a library for C++ as useful as the ANSI library for C). Since C++ is committee based though (unlike Java), it takes a long time for these things to happen since it involves comprimise between many strongly-opinionated smart folks.
On the one hand, the language evolves slowly, but on the other hand, when it is ready, it will be a beautiful thing.
Ha, I wish it was 20%....
It's not even close to 20%.
"It's so important and is probably the major problem facing Linux as viable replacements for Win2000 servers."
Right, because Lotus Notes has the majority share of corporate e-mail solutions or because Bynari offers an Exchange replacement that runs on Unix.
This is such a stupid statement. Active Directory is a much bigger problem in replacing Win2k servers since your Linux servers would more or less be stranded on the network as is.
Ah, well, that assumes that Active Directory Kerberos is interoperable with the kerberos specifications (which it isn't). Not to mention the fact that Windows likes to not use gss-api and prefers to instead use gss-spnego (which allows them to negotiate down to ntlmssp the minute the network even hiccups slightly).
See, the thing most people don't realize about AD, is that while it sort of supports Kerberos, the minute something goes even slightly wrong (some UDP packets get lost, a time skew's detected, misconfigured DNS, etc.) it falls back to NTLMSSP authentication without saying anything to the user.
In fact, the only way to know if you're using Kerberos at all is if you bust out ethereal and take a look. The funnier thing is the client caching. I've seen Windows clients fail on a Kerberos negotiation and just never try to negotiate Kerberos again.
And we won't even start talking about realm name canonicalization...
A useful password hash (at least one that isn't considered to be plain-text equivalent) is a cryptographic hash. A cryptographic hash is one thought to be np-hard.
...
For instance, take this simple hash:
uint32_t hash;
for (size_t i=0; i < str.length(); i++) {
hash += str[i];
}
Given an input of say, foobar, one would get a hash of 633. Now, if I start with an arbitrary password of say, google, I get a hash of 637.
Since I know that slight adjustments to the word, produce slight differences, I know that I can just start moving letters one space down the alphabet until I find a matching value.
Lets say I choose:
google -} 637
foogle -} 636
fnogle -} 635
fnngle -} 634
fnnfle -} 633 *bingo*
So know I've successfully "exploited" this password protection mechanism.. This is why it's referred to as plain-text equivalent.
A cryptographic hash though has the interesting proper that a small change results in a unpredictable different. For instance, in the same example you might get:
google -} 3453
foogle -} 234543
fnogle -} 234
fnngle -} 23425434
fnnfle -} 53424
There's no reason biometrics can't be cryptographically strong. It's just that the algorithms currently being aren't. That's no big news for anyone with even half a clue stick.
Just checked out my router's firmware. This particular model (their most popular) is not running Linux.
Although I looked online and it seems you can pick up a WRT54G for ~$115. That's less than I paid for the AP less than a year ago (of course, I bought that retail).
Isn't that simple. Cramfs's are by their nature, write-only. This because of it is compressed as one single image.
You'd really need to extract the cramfs (you can actually just specify an offset when mount and mount the rom image directly), copy all the files off to a directory, modify, then use mkcramfs to generate and image, and stick that image back into the rom image.
I highly doubt though that the rom doesn't at least have a checksum somewhere in it. ROM's are a dangerous thing not to checksum.
What's more, it wouldn't be too hard to have some simple signing mechanism which would allow only Linksys to issue ROM updates (and the routers would only need to have Linksys' public key).
The later seems like an awful lot of work for no real benefit but the first thing seems much more reasonable. Unfortunately, I don't have the -G model to test any of these theories out on.
Ok, I don't know if they have to release source for anything (they can point to other spots saying it's all unmodified).
If they have properitary drivers for their cards, good for them but they don't need to release the source.
On the other hand, it would be nice if they gave you the ability to insert your own ramdisk into the firmware upgrade (run your own code on the router).
Can you imagine the number of cool things you could do with such functionality.