I thought this story was gonna be about a website where you could test the "validity" of your credit card by typing in the number and waiting for the results...
Obligatory Simpsons reference:
Snake: "OOhhhh.. wallet inspector." Nerds: "I think everything's in order." (hand over wallets) Snake: "I can't believe that worked."
Sorry, I have the same reaction to people talking about "honeypots" as most people do "beowulf clusters". To use a honeypot for study, fine, UML should stand to be at least as useful as running a real system for the purpose, and at worst, no less useful than VMWare.
My objection comes when people (my impression of the first-poster's intent) use honeypots as a "shiny" box to distract them from other targets on the network. I do not believe that honeypots can be used effectively for this purpose, and while one might feel that he is playing a great trick on a hacker*, that hacker might be perfectly content with the proffered low-hanging fruit, depending whether their purpose is malicious or exploratory, or whether they're just looking for a certain number of machines to house files or cover their tracks against other targets.
One advantage is that one can easily restore a compromised honeypot from a single file with UML, which means that the hacker will just have to do the same thing again tomorrow to get back in.
My beef is with people and honeypots, not UML. Security through security, not insecurity, and all that.
New topic: *to respond to the Anonymous Coward, using bold-face type and speaking in a terse second-person does not lend credence to your argument that one should confuse people who hack into other computer systems with people who professionally open locked safes, or remove the copy-protections from files. When I say "hack" to the/. crowd, approximately 0% of the effective population, they know enough to determine by context whether I mean a friendly hack or a malicoius hack; and when I say "hack" to the remaining (approx) 100% of the population, be they military, government, civilian, law-enforcement, student, flight-attendant, librarian, rap superstar, or miscellaneous, they know that I mean to subvert a computer system. If that is sloppy communication through language, sir, I do not want to be propa'.
I imagine there are honeypot applications for something like this. You could make a cracker totally believe they had broken in when in reality they are just in a UML.
Except for the 0.02% of people out there, and maybe 98% of businesses, that have anything on their computers that's more useful than the computer itself, I don't know why this would make a good honeypot. The cracker won't just think he's broken in... he will have really broken in.
Not so much a honey-pot as a pot-o-honey...
The UML website mentions applications as a sandbox, which makes sense, but if you're going to run vulnerable apps to lure hackers (i refuse to mistake hackers and crackers:) and give them unrestricted network access, you might be able to efficiently spy on what they're doing, maybe, but they've *still* taken over your network connection. They can now use it for a DDoS zombie, an IP bounce, or maybe just put some of their own filez on that wu-ftpd server you set up to get knocked over...
Our government may be dumb, but they're not that dumb. So odds are very good that this is merely what it claims to be - a quick-and-dirty tool to help secure a system.
Much as it can be fun to imagine otherwise, sometimes a cigar is just a cigar.
Depends whether you're the type that still looks both ways before crossing a one-way street...
Hmm, okay, so with a couple of exceptions, everyone replying so far has either hated the car because they (a) test-drove one once or (b) read the bad review. If the chief complaint is the unfriendly UI, wouldn't any of you rich nerds adopt one to hack on?
You know someone's going to reverse-engineer / license / steal the API. Probably almost trivial to rearrange a few menus the way you want them, just by knowing which factory programmed functions you need to call. I have no idea what media the system's burned into, but it's probably standard off-the-shelf stuff, or someone will put themselves into a business of selling chips to a new breed of car hackers.
The real obstacle is that the entry fee is high enough that your average I-put-bsd-on-my-toaster hacker isn't going to be able to participate. But I bet one guy buys one with the intent to tear it apart, posts all his progress to his website, which promptly gets slashdotted, and within two weeks there will be a small core of wealthy geeks that just started a sourceforge site. And once they put out some source and a HOW-TO, geeks won't have to be turned off the car by the UI.
And a couple months after that, BMW rips off the geeks' ideas for their next revision. Progress!
Nothing much happens for a while, and then someone reveals they have completely mapped the protocols, and announces an embedded Linux version.
Which necessitates an obligatory,
"Whoah. Imagine a Beowulf cluster of these things!"
I can't quite figure out why he couldn't play video games. Was the judge worried that watching the bubbly jubblies of Dead or Alive 3 was going to inspire him to unlawful flight, rather than be cut off from T&A for a few months? Sounds like a Judge Judy order.
Seriously, if they're trying to prevent him from interacting with any digital device, it's a fool's court top to bottom. What about his travel alarm clock? Or his coffee-maker? Innocent enough to the untrained, but deadly weapons in the hands of an experienced hacker!
Don't get me started about the can of worms he'd be opening by using his PS2 to watch a movie...
Think about it. Why should only those who are willing to suffer the effects of shrooms for days, or LSD for years, be the ones who get to see bleeding walls or leaking phones?! With a helmet around your head that filters your video and audio input (err, vision and hearing), you could have all the trippy hallucinations you wanted, when you wanted! Is that girl really wearing a purple elephant on her necklace, or would she be offended if you tried to feed it a peanut? Are there really bugs crawling into your skin? Better ask the piano!
I think it's a smart observation. As my high school history teach was fond of saying, "It's all about whose ox is getting gored."
So, yes, funny how a previously unthinkable financial condition can change someone's mind on an issue like unemployment. The question will be whether they change their minds back when they eventually return to their well-paying positions...
But one thing is for sure- with the DMCA, and these new video formats, PVRs could become a thing of the past.
If it's viewable, it's recordable. If there's money to be made modding TVs and PVRs to be recordable, someone will be selling mod-chips.
"But that's illegal!"
That's for the courts to decide. Perhaps the primary purpose of mod-chips will be allowing viewers to exercise so-called 'fair use' rights of a personal copy for private viewing, and piracy is only an unintentional side-effect.
Yeah, I was just thinking about that. It was actually more like 330 people. We moved about $40k thru them overnight, and they found something suspicious in that. Unbelievable. Like drug cartels would even think of using such a shoddy service to launder their money. =)
I had to bitch to them on the phone about every day for three weeks, sending increasingly agitated faxes, copies of utility bills, driver's license, bank account statements, etc. Eventually we figured out that they were trying to confirm my checking account number with my credit union, which keys on my employee account number. D'oh. My beef is that it took me three weeks to find someone at the company who would tell me that.
The funniest thing was when they called me up a couple of weeks ago to ask if I wanted in on the IPO. Seemed like a can't miss to me!;)
What a brief run the company had! Sure, they look gay as tangerines, but to declare bankruptcy before even trying to market the product? Sounds like another Enron.
Ah well, let's form another co-op to buy up their scrap. =)
BTW: I really wish that I could talk about the SPARC presentation. I liked it a whole lot better than the NDA I attended with HP talking about their Itanic future.
Itanic. That's really funny.
Itanic rituals and sacrifices
Itan worshippers
then I ran out of ideas and had to search for 'satanic' on google
Itanic Sysadmins
The First Itanic Church
The Itanic Verses
Itanic Hampster Dance
...
(this post is obviously the set-up. now I just need someone to supply the punchline)
I was just thinking that if the W Administration was trying to come up with a less feasible technical solution than a missile defense system... they found it.
Deep pockets and shallow brains. -or-
A fool and my money are soon parted.
Puh-leeeze! Everyone knows the best thing to come out of the Daikatana fiasco (excepting Old Man Murray's coverage of said fiasco; who can forget "Daikatana Development to be aided by Helpful Monkey", and "John Romero Reserves the Right to Suck It Down"?) was the Laziest Men on Mars' Superfly's Johnson. From mp3.com's description:
A parody of one of the worst games ever made, "John Romero's Daikatana." A game that was notoriously late, terribly designed and without any redeeming qualities... except... when the characters' dialogue is taken out of context and laid over a trashy 70's waka-chika porn groove, the game suddenly becomes _much_ more interesting. A must-have for Romero bashers and FPS players.
If you haven't ever listened to this, I strongly recommend you download it. You'll never feel like Daikatana was worthwhile until you do...
Slashdot Mirror
Haha. *Exactly* like the banner on your webpage =)
I thought this story was gonna be about a website where you could test the "validity" of your credit card by typing in the number and waiting for the results...
Obligatory Simpsons reference:
Snake: "OOhhhh.. wallet inspector."
Nerds: "I think everything's in order." (hand over wallets)
Snake: "I can't believe that worked."
Sorry, I have the same reaction to people talking about "honeypots" as most people do "beowulf clusters". To use a honeypot for study, fine, UML should stand to be at least as useful as running a real system for the purpose, and at worst, no less useful than VMWare.
/. crowd, approximately 0% of the effective population, they know enough to determine by context whether I mean a friendly hack or a malicoius hack; and when I say "hack" to the remaining (approx) 100% of the population, be they military, government, civilian, law-enforcement, student, flight-attendant, librarian, rap superstar, or miscellaneous, they know that I mean to subvert a computer system. If that is sloppy communication through language, sir, I do not want to be propa'.
My objection comes when people (my impression of the first-poster's intent) use honeypots as a "shiny" box to distract them from other targets on the network. I do not believe that honeypots can be used effectively for this purpose, and while one might feel that he is playing a great trick on a hacker*, that hacker might be perfectly content with the proffered low-hanging fruit, depending whether their purpose is malicious or exploratory, or whether they're just looking for a certain number of machines to house files or cover their tracks against other targets.
One advantage is that one can easily restore a compromised honeypot from a single file with UML, which means that the hacker will just have to do the same thing again tomorrow to get back in.
My beef is with people and honeypots, not UML. Security through security, not insecurity, and all that.
New topic:
*to respond to the Anonymous Coward, using bold-face type and speaking in a terse second-person does not lend credence to your argument that one should confuse people who hack into other computer systems with people who professionally open locked safes, or remove the copy-protections from files. When I say "hack" to the
I imagine there are honeypot applications for something like this. You could make a cracker totally believe they had broken in when in reality they are just in a UML.
:) and give them unrestricted network access, you might be able to efficiently spy on what they're doing, maybe, but they've *still* taken over your network connection. They can now use it for a DDoS zombie, an IP bounce, or maybe just put some of their own filez on that wu-ftpd server you set up to get knocked over...
Except for the 0.02% of people out there, and maybe 98% of businesses, that have anything on their computers that's more useful than the computer itself, I don't know why this would make a good honeypot. The cracker won't just think he's broken in... he will have really broken in.
Not so much a honey-pot as a pot-o-honey...
The UML website mentions applications as a sandbox, which makes sense, but if you're going to run vulnerable apps to lure hackers (i refuse to mistake hackers and crackers
My $0.02
See this comment [slashdot.org].
Even your comments that merely tell people to read your other comments are modded up...
I did a search at uspto.gov, turned up nothing.
;)
Searching 1996-2002...
Results of Search in 1996-2002 db for:
(magic AND delorean): 0 patents.
Guess I'm gonna have to be skeptical, too
Our government may be dumb, but they're not that dumb. So odds are very good that this is merely what it claims to be - a quick-and-dirty tool to help secure a system.
Much as it can be fun to imagine otherwise, sometimes a cigar is just a cigar.
Depends whether you're the type that still looks both ways before crossing a one-way street...
Hmm, okay, so with a couple of exceptions, everyone replying so far has either hated the car because they (a) test-drove one once or (b) read the bad review. If the chief complaint is the unfriendly UI, wouldn't any of you rich nerds adopt one to hack on?
You know someone's going to reverse-engineer / license / steal the API. Probably almost trivial to rearrange a few menus the way you want them, just by knowing which factory programmed functions you need to call. I have no idea what media the system's burned into, but it's probably standard off-the-shelf stuff, or someone will put themselves into a business of selling chips to a new breed of car hackers.
The real obstacle is that the entry fee is high enough that your average I-put-bsd-on-my-toaster hacker isn't going to be able to participate. But I bet one guy buys one with the intent to tear it apart, posts all his progress to his website, which promptly gets slashdotted, and within two weeks there will be a small core of wealthy geeks that just started a sourceforge site. And once they put out some source and a HOW-TO, geeks won't have to be turned off the car by the UI.
And a couple months after that, BMW rips off the geeks' ideas for their next revision. Progress!
Nothing much happens for a while, and then someone reveals they have completely mapped the protocols, and announces an embedded Linux version.
Which necessitates an obligatory,
"Whoah. Imagine a Beowulf cluster of these things!"
I can't quite figure out why he couldn't play video games. Was the judge worried that watching the bubbly jubblies of Dead or Alive 3 was going to inspire him to unlawful flight, rather than be cut off from T&A for a few months? Sounds like a Judge Judy order.
Seriously, if they're trying to prevent him from interacting with any digital device, it's a fool's court top to bottom. What about his travel alarm clock? Or his coffee-maker? Innocent enough to the untrained, but deadly weapons in the hands of an experienced hacker!
Don't get me started about the can of worms he'd be opening by using his PS2 to watch a movie...
I want Filtered Reality!
Think about it. Why should only those who are willing to suffer the effects of shrooms for days, or LSD for years, be the ones who get to see bleeding walls or leaking phones?! With a helmet around your head that filters your video and audio input (err, vision and hearing), you could have all the trippy hallucinations you wanted, when you wanted! Is that girl really wearing a purple elephant on her necklace, or would she be offended if you tried to feed it a peanut? Are there really bugs crawling into your skin? Better ask the piano!
What a time to be alive!
You should read Marvin's History of the Human Experiment . It's a breath of fresh air next to the popularized bunk taught in our public schools nowadays.
Notable milestones:
- AD 1354: Gravity is introduced to the West, pioneering the gravity/mead trade routes
- AD 1803: Industrialization allows the mechanization of textile, farming, and prostitution industries
- AD 1952: Colorization of the world; Invention of Violence
- AD 1958: First video game written by Higinbotham. Cites the recent invention of "Violence" as inspiration
- AD 1969: Lunar landing televised
- AD 1982: Man actually walks on moon
- AD 2004: Revealed that same company owns both Coke and Pepsi, Republicans and Democrats
As you can see, Violence was actually a prerequisite for Video Games, not the other way around.Just checked the amazon link, and realized that the book actually won't be published for another forty years. Still, definitely worth a read.
for simple encrypted forwarding
LocalForward 8080 theproxy:8080
LocalForward 25 thesmtp:25
LocalForward 143 theimap:143
Don't forget your '-g' =)
I think it's a smart observation. As my high school history teach was fond of saying, "It's all about whose ox is getting gored."
So, yes, funny how a previously unthinkable financial condition can change someone's mind on an issue like unemployment. The question will be whether they change their minds back when they eventually return to their well-paying positions...
It doesn't even have to be viewable to be recordable.
Yeah, but why the hell would you want to record it if it's not viewable? =)
...and c) less today's 8-minute-attention-span teenagers will want to see it.
Whoah, eight minutes? I think you gest.
The last teenager I saw that sat still for eight minutes turned out to be dead. And twenty-four.
But one thing is for sure- with the DMCA, and these new video formats, PVRs could become a thing of the past.
;)
If it's viewable, it's recordable. If there's money to be made modding TVs and PVRs to be recordable, someone will be selling mod-chips.
"But that's illegal!"
That's for the courts to decide. Perhaps the primary purpose of mod-chips will be allowing viewers to exercise so-called 'fair use' rights of a personal copy for private viewing, and piracy is only an unintentional side-effect.
You know, like Napster.
Hey, nate, how you doing? =)
;)
Yeah, I was just thinking about that. It was actually more like 330 people. We moved about $40k thru them overnight, and they found something suspicious in that. Unbelievable. Like drug cartels would even think of using such a shoddy service to launder their money. =)
I had to bitch to them on the phone about every day for three weeks, sending increasingly agitated faxes, copies of utility bills, driver's license, bank account statements, etc. Eventually we figured out that they were trying to confirm my checking account number with my credit union, which keys on my employee account number. D'oh. My beef is that it took me three weeks to find someone at the company who would tell me that.
The funniest thing was when they called me up a couple of weeks ago to ask if I wanted in on the IPO. Seemed like a can't miss to me!
--schlach
What a brief run the company had! Sure, they look gay as tangerines, but to declare bankruptcy before even trying to market the product? Sounds like another Enron.
Ah well, let's form another co-op to buy up their scrap. =)
<\joke>
Itanic. That's really funny.
- Itanic rituals and sacrifices
- Itan worshippers
then I ran out of ideas and had to search for 'satanic' on google(this post is obviously the set-up. now I just need someone to supply the punchline)
But rather than associating insomnia with increased risk of death, it appears that sleeping more than 8 hours carries a much higher risk.
... with those subjects "sleeping" more than 2700 hours consecutively being in the highest category of mortality rates. =)
Toles: what's the mortality rate of a corpse?
Ha ha. I was 17 when I became older than my 22-year-old sister. =)
;)
Shit... I won't catch my parents til I'm 58... but I'll be 93 when I do it.
I was just thinking that if the W Administration was trying to come up with a less feasible technical solution than a missile defense system... they found it.
Deep pockets and shallow brains. -or-
A fool and my money are soon parted.
Inciting terrorcan be done in even the most strict of police states - so is it worth the cost to become one?
No!
I guess that was all I had to say. =)
If you haven't ever listened to this, I strongly recommend you download it. You'll never feel like Daikatana was worthwhile until you do...