The system relies on the reaction time of the programmers.. can they supply a patch before the crackers supply an exploit?
Not just that! If you are a security professional and you keep up with the exploits, you soon learn the patterns and common errors that lead to security vulnerabilities. For example, buffer overflows, you know when you write a program, you have to check buffer lengths. Another example, the various weaknesses with global variables in PHP.. once you see a few exploits that use it, you soon learn to "think like an attacker" and remove those possible vulnerabilities.
The kiddies will ALWAYS be faster than you, if you just respond to what's on bugtraq. When you start extrapolating from exploits, theoretical and practical, you can work towards higher security your system.
If I had to count on Microsoft to teach me these things, my systems would be extremely insecure. Fully patched, but I'd have no idea what kind of exploits are possible because I'll never see them. It'll just be another patch for who-knows-what. Since I don't have the source code for Windows, the exploits are especially vital for that OS.
Not that I use Windows for anything, certainly nothing that's connected to the internet.
Also note, if the other person has taken the money out of their account, it's too late, you can't get the money from paypal. I was ripped off by someone and that's what they told me after several weeks.
wouldn't this cover any program that has a "save as HTML" option?? That lets you create HTML without typing any HTML codes, and somewhere in the guts of the program are some HTML templates, right?
RIAA officials will be sending groups of up to 2000 teenagers to any house party, block event, or apartment get-together where so-called "DJs" (i.e., pirates) are illegally performing protected works. By filling the space with RIAA agents, the hackers and pirates can't get in, thus protecting the vital intellectual property from misuse.
Also, the RIAA and MPAA are continuing their plans to merge and become the fourth branch of US government, overseeing the executive, legislative, and judicial branches. Especially the judicial branch. Look for the RIAA seal in a courtroom near you! You PIRATE!
What does Anthrax (the band) have to say about all this? And even more importantly, when is somebody going to sue them for mental distress after seeing their name?
(Just saw on their web site they are actually still touring! Yeesh!)
Not that I can try, I bought a new Mac *2 days*
before they announced OSX would come with new Macs (and
would send it cheap to anybody who bought a Mac after
that day) so if I want it I have to buy it full price. Bleh!
Well I use it (PGP on the mac, and GPG on the ol' Linux) to encrypt all my private files, which include bank accounts, credit cards, love letters, files of passwords, sensitive data from clients that would rather not have the info public.. then I use rsync and copy them to remote computers (with the owner's permissions of course). That's how I've been doing all my backups for a while now.
I used to worry about it more, but the more I think about it, the more I'm confident that every so-called "rights-management" scheme will be cracked or compromised. If not that, someone will reproduce the material in a non-protected form (imagine a group of 1000 people on the internet each re-typing pages out of e-books, for instance).
I was just reading again about some of the cracked e-book readers, like the one that XOR'd each byte with each letter of the string "encrypted". In other words, XOR each letter with the same single byte. A 7-bit key. That literally made me laugh out loud. To think that shit like that is covered by the DMCA! Why did they even waste the money writing it?
If it makes them feel good, fine, go ahead and put in the DRM stuff. I just won't buy it. If I really want it, I'll get a cracked copy of whatever it is, or hope that an un-crippled variation is sold from some other company. Though I MIGHT buy the occasional DRM stuff just to try and crack it (and then get rid of it on eBay if they'll still allow that).
It'll be just like the copy interference they used to do on computer software. I remember when I was in lower school, trying to crack Apple II copy limitations on the games that I bought (didn't need to crack them on the games I copied from friends, somebody else already did it). I just tried programs that worked with one of the many techniques they used, throw in a little knowledge of ProDOS and DOS (remember those?) directory structure, plus a disk editor, and no problem. It never occured to me then that this was actually something that was supposed to keep me out! I thought it was just the way things were, like the insides of the toaster happen to be held in with screws and I had to use the right screwdriver to take them out.
I can just imagine the young people of tomorrow playing with a copy-crippled CD, coming up with ways to get around it. Maybe it will even encourage more people to learn about hardware and software (Hey Mom! I made a couple LFSR's out of 74HC-series logic, connected it to the digital output and I decoded the CD! Listen!... Oh that's nice dear. Have you finished your pre-algebra homework?)
That's impossible, the other person will just write it down on a piece of paper and give it to someone else, or let someone else read over their shoulder.
That's what "information wants to be free" means..you can't prevent that sort of thing by doing something to the information itself.
You have to trust the person you give it to.
Of course, if what you're trying to keep private is being sold on CDs down at the record store, there's no way to control every single person who gets it. That's why DRM for that purpose is and always will be a laughable failure.
Under the definition proposed by the Administration, even acts of simple civil disobedience could lead organizations such as People for the Ethical Treatment of Animals (PETA) to become targets of "terrorist" investigations.
Say, maybe these laws aren't so bad after all...
*ducks and runs*... errm... *crouches down and runs* (don't want to offend the ducks)
Did anyone read that whole thing? It seems that the FBI had a keystroke logger that only came on when the modem was off, with the belief, I assume, that the computer isn't a communication device unless the modem is on.
So then the wiretap laws wouldn't apply when the modem is off? Is my interpretation correct?
Just use the windows character generator. When you need to enter a password, click it into the windows character generator and copy the resulting string and paste it later. No keyboard interface is ever required.
Well if the FBI figured out that's what he was doing, they could then just log his mouse movements and button clicks, since the layout of keys on the screen in that program would always be the same.
Heh, well you have to remember, war is necessary every now and then to establish a nation's borders and ensure its sovereignty...so we can all sit around and beat off to midget scat porn.
I dunno what news channel Katz watches, but what I see, over and over, is the government telling us how this war will be different. In Afghanistan, they tell us how few targets there are and how little the bombing can do besides take out some anti-aircraft weapons, some terrorist camps, some runways.
In polls and on-the-street interviews, people say they expect ground troops and special forces to be used. I think the American public definitely knows that this is not a video game war like Desert Storm.
On the news, over and over, we are told that the USA needs to get dirty and use spies and human intelligence to fight this "new cold war" (after a while this is what it will become, a cold war with occasional attacks). I think the government and the people fully understand that most of this war will not be fought with cutting-edge technology that we'll see on TV, but good old-fashioned dirty business and black ops. Sometimes tech will be used, sometimes not. Maybe we'll get a few pointers from the old KGB generals on how to play dirty and undetected?
The music industry and its hired muscle, the Recording Industry Ass. of America, plans to step up its war against MP3 file sharing and CD ripping with campaigns targeting legal, technological and Internet access fronts, The Register has learned.
Awesome! Slashdot editors, please be sure to borrow this idea, and refer to the RIAA this way from now on in all your articles!
I hated Perl4 because it was inconsistent and didn't make sense. Perl5 was MUCH better because there was a certain consistency and a lot of clever things were put in (example, using {} to create anonymous hashes is clever because {} reminds you of hashes, the => is a stringifying comma substitute which makes hash defs look good, but can also be used for other things, etc).
Now Perl6 almost goes too far! Some of that stuff is handy but excessive. Let's see..
//.. okay that's cool. I've wished for something like that many times. I hope it finds its way into Perl5. I also hope it comes in a unary version as a shortcut for defined() so I can write fun stuff like:
while(//<>) {.. }
or
print "$_ is defined" if//
^.. uhh.. handy, but ugly and makes me think of pascal. There must be a better syntax. What's wrong with some kind of multi-argument "map" operator? And is this:
@a ^=~ s/foo/bar/;
somehow better than this:
s/foo/bar/ foreach @a
??
_ underscore.. okay now this is too much. Just because dot is "industry standard" for dereferencing doesn't mean perl has to have it, the "->" syntax is clear to me. And now I'd have to put spaces around _? Yuck. Of course with the cool new scalar interpolator $(..) for strings I probably wouldn't use it as much, but still, that's too major a change I think.
The unary underscore to convert to strings is silly. The article even says that _@thingy is the same as "@thingy". Well, duh, then let's use the second one, anybody off the street could tell it had something to do with strings, but what does the first one do? In my mind, underscore means "placeholder", not "string". Get rid of this syntax please, put it back the way it was!
To add insult to injury, the article says that dot is optional/uneeded in many places except function calls. So they'd take it away and then make it mostly optional?? Why??
: for marking adverbs and parameter lists is useful, though it means we have to put up with the new $x ?? $y:: $z operator. And that means we need a space around the "::" which runs all my obfuscated whitespace-free scripts.:-)
:= to bind things is cool. The sooner Perl can get rid of typeglobs and that crap the better. I bet someone understands typeglobs completely, but I sure don't.
That whole thing with the Sigma summation operator was just ugly voodoo, especially the bit that specifies the precedence. Bleh, what's the point??? He defines the Sigma with a certain precedence, but then doesn't even make use of it in the script example. If you need special precedence, use parantheses!
What is a "higher-order function"? Apparantly it's an anonymous subroutine with placeholder variables...the syntax doesn't really make sense, why "$^"? That makes me think of the hyper-operators. Probably a "&" should be thrown in there someplace. How about beginning those variables with "$&"?
I think relying TOO much on punctuation is a bad idea. For one thing it becomes harder and harder to scan a script quickly looking for things. And if you start overloading symbols with all kinds of context-dependent meanings, it becomes impossible to remember what it means. For instance, using "+" to convert strings to numbers sorta makes sense, because plus has something to do with numbers. But it has nothing to do with converting strings to numbers, so people will probably forget what it means. I'd much prefer a "num" bareword.
Oh well, some cool things, and some things that make me wonder why bother? I think I'll stick with Perl 5 for a while (but I'll take the// operator in Perl 5).
I wish EVERY substantial Free/Open software project had a donation page pop up before download. There are several programs that I use regularly for which I would donate when downloading or upgrading.
In fact, Free/Open software is much more valuable to me than the alternatives.
So in other words, I will only pay for Free software!;-)
(Too bad they use Amazon for their donations, for those of us boycotting them.)
The technology that we sell is a padlock to music. If you have a lock cutter, a bolt cutter, you can cut that padlock off.
There's that bullshit analogy again. Well duh, I'm going to cut the lock off anything I buy and put in my own home. If I bought a 2-slice toaster and it had a lock across one of the holes (upgrade to our Professional Toaster Pro and get the key) there is an incentive for me to cut it off!
Combine that with the fact that "Software encapsulates skill" as Bruce Schneier (sp) says, and everybody who wants to, will cut the lock off. Painting people who do this as hackers is missing the mark.
Of course let's not forget, bolt cutters ARE PERFECTLY LEGAL to own and use in your own home. Of course you can commit a crime with them but you will be punished for your crime, not for owning bolt cutters!
Actually if I got one of these MEDIA-COCK CDs I would probably just return it and then Napster myself a copy. Or smash it to bits and mail it to Peter Jacobs.
Phillip: I say, Bartholomew, have you finished that smashing Practical Extraction Report Language script for your World Wide Web page in Extensible MACro System?
Bartholomew: Why no Phillip, I have chosen to rewrite it with VIsual editor, and I have used the wonderful Active Server Pages environment on my International Business Machines computer system. Perhaps later I will re-write it in PHP Hypertext Preprocessor.
Phillip: At least it's not FORmula TRANslation or COmmon Business Orientated Language!
Where disrupting business is a crime equivalent to murdering thousands.
And the recording industry was happy because they convinced people that unauthorized duplication was somehow equivalent to theft of property or stealing from ships on the high seas. Well, I think this tops that!
I think the USA should just take a tip from the Taliban and make all crimes punishable by death or corporeal punishment.
And the message is clear. If you're a high school student thinking of hacking a bank web site and stealing credit card numbers, forget it, KILL THOUSANDS OF PEOPLE INSTEAD! You'll get the same punishment anyway, so do something more stylish!!
More and more of these IIS "syadmins" (using the term loosely) will install Unix/Linux boxes, and forget about them, just like they installed the IIS boxes and forgot about them.
Then someone somewhere will find some little bug in some pre-installed convenience, some PHP shopping cart, some admin tool, some default password, something that comes on each machine. Then we'll have the same problem with some crazy Linux worm. And this time I bet the clueless M$-0wn3d media won't call it an "Internet worm", they'll be sure to call it a "Linux worm"!
Of course I could be wrong. Maybe Microsoft really can't code a proper webserver. But I think having sysadmins awake and at the wheel will help too.
Hmm, how about a web server that emails the admin saying "This web server will shut down in 15 days unless you run the up2date tool" or something similar? To force people to check for upgrades.
Slashdot Mirror
The system relies on the reaction time of the programmers.. can they supply a patch before the crackers supply an exploit?
Not just that! If you are a security professional and you keep up with the exploits, you soon learn the patterns and common errors that lead to security vulnerabilities. For example, buffer overflows, you know when you write a program, you have to check buffer lengths. Another example, the various weaknesses with global variables in PHP.. once you see a few exploits that use it, you soon learn to "think like an attacker" and remove those possible vulnerabilities.
The kiddies will ALWAYS be faster than you, if you just respond to what's on bugtraq. When you start extrapolating from exploits, theoretical and practical, you can work towards higher security your system.
If I had to count on Microsoft to teach me these things, my systems would be extremely insecure. Fully patched, but I'd have no idea what kind of exploits are possible because I'll never see them. It'll just be another patch for who-knows-what. Since I don't have the source code for Windows, the exploits are especially vital for that OS.
Not that I use Windows for anything, certainly nothing that's connected to the internet.
Also note, if the other person has taken the money out of their account, it's too late, you can't get the money from paypal. I was ripped off by someone and that's what they told me after several weeks.
wouldn't this cover any program that has a "save as HTML" option?? That lets you create HTML without typing any HTML codes, and somewhere in the guts of the program are some HTML templates, right?
RIAA officials will be sending groups of up to 2000 teenagers to any house party, block event, or apartment get-together where so-called "DJs" (i.e., pirates) are illegally performing protected works. By filling the space with RIAA agents, the hackers and pirates can't get in, thus protecting the vital intellectual property from misuse.
Also, the RIAA and MPAA are continuing their plans to merge and become the fourth branch of US government, overseeing the executive, legislative, and judicial branches. Especially the judicial branch. Look for the RIAA seal in a courtroom near you! You PIRATE!
Okay this is totally off topic but what the hell: comics
TeleZapper
Aww, shucks, I saw this and I thought it would be some clever system that involved high voltage.
What does Anthrax (the band) have to say about all this? And even more importantly, when is somebody going to sue them for mental distress after seeing their name?
(Just saw on their web site they are actually still touring! Yeesh!)
Can I round that last number off? :-)
Not that I can try, I bought a new Mac *2 days* before they announced OSX would come with new Macs (and would send it cheap to anybody who bought a Mac after that day) so if I want it I have to buy it full price. Bleh!
That must be the triple-improved version of some language called BrainF, you know like C++ is to C.
Or maybe those stars are there to mask some letters? I wonder what they could be?
Well I use it (PGP on the mac, and GPG on the ol' Linux) to encrypt all my private files, which include bank accounts, credit cards, love letters, files of passwords, sensitive data from clients that would rather not have the info public.. then I use rsync and copy them to remote computers (with the owner's permissions of course). That's how I've been doing all my backups for a while now.
I used to worry about it more, but the more I think about it, the more I'm confident that every so-called "rights-management" scheme will be cracked or compromised. If not that, someone will reproduce the material in a non-protected form (imagine a group of 1000 people on the internet each re-typing pages out of e-books, for instance).
I was just reading again about some of the cracked e-book readers, like the one that XOR'd each byte with each letter of the string "encrypted". In other words, XOR each letter with the same single byte. A 7-bit key. That literally made me laugh out loud. To think that shit like that is covered by the DMCA! Why did they even waste the money writing it?
If it makes them feel good, fine, go ahead and put in the DRM stuff. I just won't buy it. If I really want it, I'll get a cracked copy of whatever it is, or hope that an un-crippled variation is sold from some other company. Though I MIGHT buy the occasional DRM stuff just to try and crack it (and then get rid of it on eBay if they'll still allow that).
It'll be just like the copy interference they used to do on computer software. I remember when I was in lower school, trying to crack Apple II copy limitations on the games that I bought (didn't need to crack them on the games I copied from friends, somebody else already did it). I just tried programs that worked with one of the many techniques they used, throw in a little knowledge of ProDOS and DOS (remember those?) directory structure, plus a disk editor, and no problem. It never occured to me then that this was actually something that was supposed to keep me out! I thought it was just the way things were, like the insides of the toaster happen to be held in with screws and I had to use the right screwdriver to take them out.
I can just imagine the young people of tomorrow playing with a copy-crippled CD, coming up with ways to get around it. Maybe it will even encourage more people to learn about hardware and software (Hey Mom! I made a couple LFSR's out of 74HC-series logic, connected it to the digital output and I decoded the CD! Listen! ... Oh that's nice dear. Have you finished your pre-algebra homework?)
So, bring on the DRM!
That's impossible, the other person will just write it down on a piece of paper and give it to someone else, or let someone else read over their shoulder.
That's what "information wants to be free" means..you can't prevent that sort of thing by doing something to the information itself.
You have to trust the person you give it to.
Of course, if what you're trying to keep private is being sold on CDs down at the record store, there's no way to control every single person who gets it. That's why DRM for that purpose is and always will be a laughable failure.
Under the definition proposed by the Administration, even acts of simple civil disobedience could lead organizations such as People for the Ethical Treatment of Animals (PETA) to become targets of "terrorist" investigations.
Say, maybe these laws aren't so bad after all...
*ducks and runs* ... errm... *crouches down and runs* (don't want to offend the ducks)
Did anyone read that whole thing? It seems that the FBI had a keystroke logger that only came on when the modem was off, with the belief, I assume, that the computer isn't a communication device unless the modem is on.
So then the wiretap laws wouldn't apply when the modem is off? Is my interpretation correct?
Strange loophole..
Just use the windows character generator. When you need to enter a password, click it into the windows character generator and copy the resulting string and paste it later. No keyboard interface is ever required.
Well if the FBI figured out that's what he was doing, they could then just log his mouse movements and button clicks, since the layout of keys on the screen in that program would always be the same.
Heh, well you have to remember, war is necessary every now and then to establish a nation's borders and ensure its sovereignty...so we can all sit around and beat off to midget scat porn.
God bless the USA!
I dunno what news channel Katz watches, but what I see, over and over, is the government telling us how this war will be different. In Afghanistan, they tell us how few targets there are and how little the bombing can do besides take out some anti-aircraft weapons, some terrorist camps, some runways.
In polls and on-the-street interviews, people say they expect ground troops and special forces to be used. I think the American public definitely knows that this is not a video game war like Desert Storm.
On the news, over and over, we are told that the USA needs to get dirty and use spies and human intelligence to fight this "new cold war" (after a while this is what it will become, a cold war with occasional attacks). I think the government and the people fully understand that most of this war will not be fought with cutting-edge technology that we'll see on TV, but good old-fashioned dirty business and black ops. Sometimes tech will be used, sometimes not. Maybe we'll get a few pointers from the old KGB generals on how to play dirty and undetected?
High tech is definitely a sideline in this war.
The music industry and its hired muscle, the Recording Industry Ass. of America, plans to step up its war against MP3 file sharing and CD ripping with campaigns targeting legal, technological and Internet access fronts, The Register has learned.
Awesome! Slashdot editors, please be sure to borrow this idea, and refer to the RIAA this way from now on in all your articles!
I'd like to see something like this:
That makes sense to me at first glance..or maybe better something like this: which would be like taking one element from each list and passing them to the "subroutine" in the block. Anything would make more sense than ^- !I hated Perl4 because it was inconsistent and didn't make sense. Perl5 was MUCH better because there was a certain consistency and a lot of clever things were put in (example, using {} to create anonymous hashes is clever because {} reminds you of hashes, the => is a stringifying comma substitute which makes hash defs look good, but can also be used for other things, etc).
Now Perl6 almost goes too far! Some of that stuff is handy but excessive. Let's see..
// .. okay that's cool. I've wished for something like that many times. I hope it finds its way into Perl5. I also hope it comes in a unary version as a shortcut for defined() so I can write fun stuff like:
or^ .. uhh.. handy, but ugly and makes me think of pascal. There must be a better syntax. What's wrong with some kind of multi-argument "map" operator? And is this:
somehow better than this: ??_ underscore .. okay now this is too much. Just because dot is "industry standard" for dereferencing doesn't mean perl has to have it, the "->" syntax is clear to me. And now I'd have to put spaces around _? Yuck. Of course with the cool new scalar interpolator $(..) for strings I probably wouldn't use it as much, but still, that's too major a change I think.
The unary underscore to convert to strings is silly. The article even says that _@thingy is the same as "@thingy". Well, duh, then let's use the second one, anybody off the street could tell it had something to do with strings, but what does the first one do? In my mind, underscore means "placeholder", not "string". Get rid of this syntax please, put it back the way it was!
To add insult to injury, the article says that dot is optional/uneeded in many places except function calls. So they'd take it away and then make it mostly optional?? Why??
That whole thing with the Sigma summation operator was just ugly voodoo, especially the bit that specifies the precedence. Bleh, what's the point??? He defines the Sigma with a certain precedence, but then doesn't even make use of it in the script example. If you need special precedence, use parantheses!
What is a "higher-order function"? Apparantly it's an anonymous subroutine with placeholder variables...the syntax doesn't really make sense, why "$^"? That makes me think of the hyper-operators. Probably a "&" should be thrown in there someplace. How about beginning those variables with "$&"?
I think relying TOO much on punctuation is a bad idea. For one thing it becomes harder and harder to scan a script quickly looking for things. And if you start overloading symbols with all kinds of context-dependent meanings, it becomes impossible to remember what it means. For instance, using "+" to convert strings to numbers sorta makes sense, because plus has something to do with numbers. But it has nothing to do with converting strings to numbers, so people will probably forget what it means. I'd much prefer a "num" bareword.
Oh well, some cool things, and some things that make me wonder why bother? I think I'll stick with Perl 5 for a while (but I'll take the // operator in Perl 5).
I wish EVERY substantial Free/Open software project had a donation page pop up before download. There are several programs that I use regularly for which I would donate when downloading or upgrading.
;-)
In fact, Free/Open software is much more valuable to me than the alternatives.
So in other words, I will only pay for Free software!
(Too bad they use Amazon for their donations, for those of us boycotting them.)
The technology that we sell is a padlock to music. If you have a lock cutter, a bolt cutter, you can cut that padlock off.
There's that bullshit analogy again. Well duh, I'm going to cut the lock off anything I buy and put in my own home. If I bought a 2-slice toaster and it had a lock across one of the holes (upgrade to our Professional Toaster Pro and get the key) there is an incentive for me to cut it off!
Combine that with the fact that "Software encapsulates skill" as Bruce Schneier (sp) says, and everybody who wants to, will cut the lock off. Painting people who do this as hackers is missing the mark.
Of course let's not forget, bolt cutters ARE PERFECTLY LEGAL to own and use in your own home. Of course you can commit a crime with them but you will be punished for your crime, not for owning bolt cutters!
Actually if I got one of these MEDIA-COCK CDs I would probably just return it and then Napster myself a copy. Or smash it to bits and mail it to Peter Jacobs.
Phillip: I say, Bartholomew, have you finished that smashing Practical Extraction Report Language script for your World Wide Web page in Extensible MACro System?
Bartholomew: Why no Phillip, I have chosen to rewrite it with VIsual editor, and I have used the wonderful Active Server Pages environment on my International Business Machines computer system. Perhaps later I will re-write it in PHP Hypertext Preprocessor.
Phillip: At least it's not FORmula TRANslation or COmmon Business Orientated Language!
Both: Ha ha ha ha ha !
Where disrupting business is a crime equivalent to murdering thousands.
And the recording industry was happy because they convinced people that unauthorized duplication was somehow equivalent to theft of property or stealing from ships on the high seas. Well, I think this tops that!
I think the USA should just take a tip from the Taliban and make all crimes punishable by death or corporeal punishment.
And the message is clear. If you're a high school student thinking of hacking a bank web site and stealing credit card numbers, forget it, KILL THOUSANDS OF PEOPLE INSTEAD! You'll get the same punishment anyway, so do something more stylish!!
More and more of these IIS "syadmins" (using the term loosely) will install Unix/Linux boxes, and forget about them, just like they installed the IIS boxes and forgot about them.
Then someone somewhere will find some little bug in some pre-installed convenience, some PHP shopping cart, some admin tool, some default password, something that comes on each machine. Then we'll have the same problem with some crazy Linux worm. And this time I bet the clueless M$-0wn3d media won't call it an "Internet worm", they'll be sure to call it a "Linux worm"!
Of course I could be wrong. Maybe Microsoft really can't code a proper webserver. But I think having sysadmins awake and at the wheel will help too.
Hmm, how about a web server that emails the admin saying "This web server will shut down in 15 days unless you run the up2date tool" or something similar? To force people to check for upgrades.