Some dude had to monitor Obama's website for MONTHS to find a single "flip flop", this silly surge matter. I'd argue that the surge is irrelevant, muddies the issues, and it was fine that Obama removed it from the site.
You can't walk 10 feet, however, without falling over a John McCain flip-flop. The guy CONSTANTLY changes his position, and EVERY TIME it's towards George Bushes old policies or towards the far-right. Do a youtube search for McCain flip flops. Try the same with Obama. See which gets you more results.
The surge worked? Gimme a fucking break. This is just the latest in a series of lies that attempts to justify Bush's war.
Iraq NEVER had WMD, NEVER had any link to terrorists. Hussein thought Iraq would be the US #1 support country in the middle east on the war on terror, because he felt the same way we do about terrorists. He didn't want to die, he was very happy with his wealth and power. It was GWB who initiated this, GWB who lied.
Fuck the surge. Fuck GWB. Fuck John McCain and fuck you. You all suck. Fucking war hawks. End this madness before we permanently fuck up the entire world.
A secret backdoor in an open source project sticks out like a sore thumb.
You've heard "many eyes make bugs shallow" before I'm sure. It applies equally well to backdoors. With enough people looking, such attempts at jiggerypokery are found during source code audits.
So yes, FOSS is actually pretty safe in this regard. Compare that to a secret backdoor e.g. in Windows. You'd never even know it was there...
Yesyes we will get an SSL site up soonish. Using a dirt cheap host for now.
Is there really some reason you need to communicate securely with paranoidlinux.org? Or is this just flamebait? If there really is a legitimate reason, I can bump up the priority of this. Wouldn't you rather have a dist first though? I think I'll concentrate on that:P
Hi guys. This seems like a good opportunity to talk a bit about this new distro we've been working on.
ParanoidLinux is a distribution with a focus on privacy. All network comms will be encrypted and run through TOR by default. IM programs, etc, will be configured for secure communications by default. You'll have to go out of your way *not* to have a secure conversation in ParanoidLinux.
This idea comes from Cory Doctorow's latest book "Little Brother" which describes a Linux distro similar to what we are building, with the same name.
It's a new concept, only a couple weeks old, so don't go looking for downloads... but we are looking for help! Come join us. We're looking for programmers, artists, security experts and unix gurus to help us bring this project together.
If the government takes this basic human right from you, be proactive. Take it back. See you there!
No such "in your face" reason exists. It's not Apache that matters here (or IIS I'm guessing), it's the database and interacting with it via some server side language.
So when someone appends a string to a query directly from a CGI variable (in an URL, after a questionmark - those are CGI vars... blah.cgi?bar=baz) this can be used as an attack vector regardless of the platform. This error is super easy to make in PHP for example:
mysql_query('SELECT * FROM mytable WHERE foo = " . $_REQUEST['foo']);
What's happening here is that the user value for "foo" is being used as the WHERE clause of a SQL query. Looks nice and innocent, right?
Well, guess what if someone hits your site with this:
blah.cgi?foo=(DELETE FROM MYTABLE)
Result: byebye database.
Fixing this is known as "sanitizing inputs" and there's many ways to do it.
What this IIS thing sounds like to me is some specific application that happens to use IIS / MSSQL does not sanitize. Therefore vulnerable.
Seems odd to use languages that weren't really designed to be embedded in a browser. One of the nice things about Javascript in the past couple of years has been the great DOM support. Add a library like JQuery and you have full cross platform goodness and a sane way to write code. Getting Java or Ruby code to interact with the DOM seems like it would be a huge pain compared with JQuery.
Why does everyone hate Javascript so? If you're going of cut-n-paste examples from the web yes it looks like an ugly language. Check out how the OO stuff works, or some JQuery code, and you'll be pleasantly surprised.
Ooh, flamebait, fun! It's Monday after the clock change, so I'll entertain myself while my brain awakes.
First of all, you spelled "know" incorrectly.
Secondly, where did anyone mention religion? I must've missed that.
Thirdly, do you have to use profanity? I mean I just sent Rep. ClueStick an email on his form, and was perfectly polite in telling him where to stick his bill:-P
Every time your idiot ass puts on a seatbelt you trade liberty for security. Every time you lock your fucking door you trade freedom for security.
Riiight because terrorists are such an immanent and deadly thread to us all. Any idea how many people were killed last year from car accidents that could have been prevented by seatbelts? How about the number of US citizens killed by terrorists? I'll give you a fucking clue: The number killed by terrorists is close to zero. The number killed by car accidents in many thousands. Now, when you look at the security/liberty trade off, which makes more sense?
Please do us a favor and crawl back under your scared-shitless-for-your-life rock. The quote you should be complaining about is "in this post-911 era...".
Great example of the sneakernet in action. Quick RIAA, ban shoes!:-)
This is really smart. Maybe the college kids here in the US could learn a thing or two from this. Why provoke the beast when nobody has to know about your trading?
(I'm not advocating copyright infringement, just pointing out how silly attacks on internet users are)
I've made a similar post once before, but it seems appropriate now.
D&D was my entire reason for becoming interested in programming computers. In the early 80's what I realized is that D&D is the "software" of games. Modules expand the original game in new ways that nobody thought of before. They expand the core system in new and interesting ways.
Sure, software was already doing this on computers at the time, but it really helped my brain make that leap at a young age - software is extraordinarily powerful.
It also seemed to foster a healthy (or unhealthy of you believe Jack Thompson;) love of video games and computer graphics.
What does the retirement or previous political affiliation have to do with anything?
In case you didn't notice, what the government and AT&T are doing together is plain wrong. This should be obvious to any Democrat, Republican or NeoCon. Democrats seem to care, but only if they think their constituents do. Republicans are too busy being in denial about a significant chunk of their party becoming completely backwards to actually notice what is happening. The NeoCons actively ignore constitutional protections in the name of "security".
One guy has the balls to stand up and say "what I've seen is wrong". Maybe he came to the conclusion a bit late. Maybe he was CYA'ing. Any way you look at it, the public has a right to know this information and make informed decisions on whether it is right. He is a good man for bringing us this information.
Slashdot Mirror
Equally guilty?
Some dude had to monitor Obama's website for MONTHS to find a single "flip flop", this silly surge matter. I'd argue that the surge is irrelevant, muddies the issues, and it was fine that Obama removed it from the site.
You can't walk 10 feet, however, without falling over a John McCain flip-flop. The guy CONSTANTLY changes his position, and EVERY TIME it's towards George Bushes old policies or towards the far-right. Do a youtube search for McCain flip flops. Try the same with Obama. See which gets you more results.
BTW, I'm not the only one who thinks like this. This is not some lunatic fringe, the man prosecuted Charles Manson.
Stupid Bush apologist, get bent.
So, you can't refute it, just call me a hippie?
Loser!
You make me sick.
The surge worked? Gimme a fucking break. This is just the latest in a series of lies that attempts to justify Bush's war.
Iraq NEVER had WMD, NEVER had any link to terrorists. Hussein thought Iraq would be the US #1 support country in the middle east on the war on terror, because he felt the same way we do about terrorists. He didn't want to die, he was very happy with his wealth and power. It was GWB who initiated this, GWB who lied.
Fuck the surge. Fuck GWB. Fuck John McCain and fuck you. You all suck. Fucking war hawks. End this madness before we permanently fuck up the entire world.
Wars are bad. Wars of choice are UNCONSCIONABLE.
Haha! No.
The plan is actually to use Debian / Apt as a way to bootstrap.
As we write software and customize package configurations, we'll migrate stuff from pointing to Debian repo to our own.
Also, we plan on being much nicer about offering our changes upstream than Ubuntu has been.
A secret backdoor in an open source project sticks out like a sore thumb.
You've heard "many eyes make bugs shallow" before I'm sure. It applies equally well to backdoors. With enough people looking, such attempts at jiggerypokery are found during source code audits.
So yes, FOSS is actually pretty safe in this regard. Compare that to a secret backdoor e.g. in Windows. You'd never even know it was there...
Yesyes we will get an SSL site up soonish. Using a dirt cheap host for now.
:P
Is there really some reason you need to communicate securely with paranoidlinux.org? Or is this just flamebait? If there really is a legitimate reason, I can bump up the priority of this. Wouldn't you rather have a dist first though? I think I'll concentrate on that
Ok google-able nickname. First name Taylor. Buahahahahaha you've fallen right into our trap!!
XD
Great point and I've stopped by the TOR irc channel to get some details.
It appears that:
a) udp is not supported
b) filesharing hurts their network
c) web browsing can be painfully slow over it
So I suppose we will need to be a bit careful about what we send through there. Text messages seem fine and perhaps we can send email through it.
Haha! Good point. Opening up comments to anon visitors.
Fwa?
:/
Since when does OpenBSD route through TOR by default? Since when does it ship with IM configured for secure comms?
Securing your network from hacking seems to be the goal of other "security" focused OSes like OpenBSD.
We won't even trademark our name. This is a very open project with PRIVACY as the goal.
But you didn't bother to find out anything about us before trolling. Congratulations, troll successful, I bit
Not a cryptographic solution no. But I think it's really neat way to hide the destination of your packets.
If the exit node problem could be solved, it would be a fantastic solution.
BTW, nothing stopping you from using an SSL connection over TOR, so even at an exit node your comm is secure.
Yes exit nodes are a problem. I think this is one area where we need to concentrate. This is why we need security and unix gurus!
Hi guys. This seems like a good opportunity to talk a bit about this new distro we've been working on.
ParanoidLinux is a distribution with a focus on privacy. All network comms will be encrypted and run through TOR by default. IM programs, etc, will be configured for secure communications by default. You'll have to go out of your way *not* to have a secure conversation in ParanoidLinux.
This idea comes from Cory Doctorow's latest book "Little Brother" which describes a Linux distro similar to what we are building, with the same name.
It's a new concept, only a couple weeks old, so don't go looking for downloads... but we are looking for help! Come join us. We're looking for programmers, artists, security experts and unix gurus to help us bring this project together.
If the government takes this basic human right from you, be proactive. Take it back. See you there!
http://www.paranoidlinux.org
irc.freenode.net, #paranoidlinux
I'm sure he's not the only one.
Baaazing! Thankyou thankyou I'll be here all night.
No such "in your face" reason exists. It's not Apache that matters here (or IIS I'm guessing), it's the database and interacting with it via some server side language.
... blah.cgi?bar=baz) this can be used as an attack vector regardless of the platform. This error is super easy to make in PHP for example:
So when someone appends a string to a query directly from a CGI variable (in an URL, after a questionmark - those are CGI vars
mysql_query('SELECT * FROM mytable WHERE foo = " . $_REQUEST['foo']);
What's happening here is that the user value for "foo" is being used as the WHERE clause of a SQL query. Looks nice and innocent, right?
Well, guess what if someone hits your site with this:
blah.cgi?foo=(DELETE FROM MYTABLE)
Result: byebye database.
Fixing this is known as "sanitizing inputs" and there's many ways to do it.
What this IIS thing sounds like to me is some specific application that happens to use IIS / MSSQL does not sanitize. Therefore vulnerable.
Seems odd to use languages that weren't really designed to be embedded in a browser. One of the nice things about Javascript in the past couple of years has been the great DOM support. Add a library like JQuery and you have full cross platform goodness and a sane way to write code. Getting Java or Ruby code to interact with the DOM seems like it would be a huge pain compared with JQuery.
Why does everyone hate Javascript so? If you're going of cut-n-paste examples from the web yes it looks like an ugly language. Check out how the OO stuff works, or some JQuery code, and you'll be pleasantly surprised.
Ooh, flamebait, fun! It's Monday after the clock change, so I'll entertain myself while my brain awakes.
:-P
First of all, you spelled "know" incorrectly.
Secondly, where did anyone mention religion? I must've missed that.
Thirdly, do you have to use profanity? I mean I just sent Rep. ClueStick an email on his form, and was perfectly polite in telling him where to stick his bill
This is just lies. I do security updates all the time on point releases and only the shadiest of the shady third party add-on modules will break.
Please keep your FUD to yourself.
Please do us a favor and crawl back under your scared-shitless-for-your-life rock. The quote you should be complaining about is "in this post-911 era...".
Great example of the sneakernet in action. Quick RIAA, ban shoes! :-)
This is really smart. Maybe the college kids here in the US could learn a thing or two from this. Why provoke the beast when nobody has to know about your trading?
(I'm not advocating copyright infringement, just pointing out how silly attacks on internet users are)
I've made a similar post once before, but it seems appropriate now.
;) love of video games and computer graphics.
D&D was my entire reason for becoming interested in programming computers. In the early 80's what I realized is that D&D is the "software" of games. Modules expand the original game in new ways that nobody thought of before. They expand the core system in new and interesting ways.
Sure, software was already doing this on computers at the time, but it really helped my brain make that leap at a young age - software is extraordinarily powerful.
It also seemed to foster a healthy (or unhealthy of you believe Jack Thompson
Thank you Mr. Gygax. You will be missed.
It's Edward's goggles! How cool is that, I totally want a pair :)
Neat, where can I get one of these Sensors of Often Important Information? I checked mouser.com but they don't seem to have any in stock! Help!!
What does the retirement or previous political affiliation have to do with anything?
In case you didn't notice, what the government and AT&T are doing together is plain wrong. This should be obvious to any Democrat, Republican or NeoCon. Democrats seem to care, but only if they think their constituents do. Republicans are too busy being in denial about a significant chunk of their party becoming completely backwards to actually notice what is happening. The NeoCons actively ignore constitutional protections in the name of "security".
One guy has the balls to stand up and say "what I've seen is wrong". Maybe he came to the conclusion a bit late. Maybe he was CYA'ing. Any way you look at it, the public has a right to know this information and make informed decisions on whether it is right. He is a good man for bringing us this information.