Actually, since dsniff works under Linux that is going to take out a chunk of kiddies straight away. Then there is the fact that (horrors!) it doesn't have a GUI which is going to claim another chunk. Of course, those that are still in the game are more likely to be those who know how to do something with the tools they have been given... Fortunately the documentation for dsniff is not exactly the "1...2...3...exploit!" guide that most kiddies seem to require to get anywhere.
As always, if you know about it, then you can do something about it, and using it is still better than not using it. Just don't believe that it must be a secure connection. Anyway, dsniff has its moments; watching your boss surfing a pr0n site from the HR Director's office for example...:->
No, he didn't. Both Microsoft and Apple stole the idea for the GUI from Xerox Parc, although maybe you could make a case for Bill receiving stolen goods. The only difference was that Apple actually tried to bend the truth about the fact and pretend it was all their work. They did it in court too, and lost, so maybe they think we have forgotten.
I don't personally care for Aqua at all, but I do care for some of the other look and feel alikes that might get canned if this opens some flood gates. How long has this been going on for? If VA just caved in then this has done Open Source absolutely no favours at all; there are very few Linux applications which are not blatently influenced by their commercial closed source equivalents in look and feel. If Apple gets away with this; what's it, or Microsoft, or A.N. Other vendor, going to try for next?
This would include a GTK theme for KDE2 as well would it not? So what you are saying is that VA Linux was correct to cave in and remove a theme because it happened to use the same colours and window frame icons etc. as one of the more popular Mac feels?
It's not like themes (on any plaform) significantly change the way a GUI works; they just change the way it looks. Now if Apple was in the unique position of offering, say, their top of screen menu system, and a theme implemented that then they might be able argue the case.
Oh. Hang on a minute.
They did argue their case.
In court.
They lost, didn't they?
I think theirs is the geekiest shipping policy I've ever seen
OK, it's not exactly straight forward for Joe-Sixpack to grasp, but when you think about this it does, in fact, scale up the discounts quite nicely the more you order. For quite large quantities of things, you get a quite realistic scaling of work/packaging involved vs number of items actually in said packaging. I think this is actually a very neat method of working out realistic P&P for a number of identical items.
I'm still somewhat stunned over spotting this Klein bottle as I'm a sucker for things like this and just had to have one;-). Then I spotted the name "Cliff Stoll"; and went on the hunt for the answer to the "Cuckoo's Egg" question - as I've just finished re-reading the above book this was quite a nice find; talk about kismet!
This is going to be a good "Giving the atheist kids presents" I feel.
Who moderated this as a "Troll" for Linus' sake? Surely "Informative" is more appropriate since it provides information on the fact its an SMP kernel issue, and why, with a workaround, and adds the SuSE kernel to the list of Pentium IV supporting kernels?
You just can't get the moderator's these days, when I was a lad...
Does anyone know a reason to assume that they same hack couldn't be inserted into a binary distribution of Linux?
Other than ethics, no reason exists. If you wanted to be really nasty about it you could provide a source package that is clean and a pre-compiled binary package with a backdoor. If you are installing from binary packages you are not going to be decompiling the code are you, especially since the source is clean?
Be honest; how many of you even check the security verification before you kick off that binary install, let alone compile from source you have eyeballed?
The only possible way an ISP should be able to do a blanket erase of.MP3s is if they clearly state in their Acceptable Use Policy or similar "MP3 hosting is not permitted and all such files will be removed", or words to that effect.
There is a very big grey area here though; the whole copyrighted music issue and who is going to get the legal grief, namely the ISP. If the MP3s are copyrighted files to one of the studios, whether or not the site owner has bought them, the ISP could, and probably would, be held liable for distribution and sued.
That said, this specific instance smacks of a knee jerk reaction to the recent MP3 related litigation by the ISP to me. Obviously copywrited files that are freely available for all and sundry probably should be scrubbed for legal reasons, but even so an ISP really needs to send the site owner an email requesting that they either cease and desist or provide the necessary reassurances that the files are legally able to be there.
There is a very slippery slope the ISP is on here with all sorts of potential connotations; free speech, data protection, censorship... If this had happened to me I'd be looking for a new ISP pronto and shouting about it as well.
I can see it now: the newly released Pentium IV processor raises the temperature of motherboards to a point where the glue binding the layers melts. "It's like mozerella" moan overclockers, "I clocked my P4 upto 2GHz so it could compete with my AMD T-Bird, and the damn motherboard came apart!.
It's a ploy by Intel to sell more chips and mobos I tell you!
How am I supposed to run Linux on the box if the systemboard has been seperated into it's componant parts? Surely a better method of recycling old (or even new!) Windows boxes is to install Linux and actually make them productive for a change...
I can shed some light on this; having bounced my sleep schedules all over the place for various reasons. There are two approaches to shift work; try and fit it into a normal routine and adapt routine to the shift work. So if you are working the 4pm to midnight shift you can get up slightly later in the morning, loaf around until its time to work, work, go home to bed. This does not work; you are tired at work because its the end of the day, your body chemistry starts to go all over the place and you can't sleep when you should be.
On the otherhand; you can flip your schedule completely; get up at 2pm, have breakfast, go to work, come home, have a proper dinner in the early hours of the morning then go to bed just before most people are getting up. This approach works; you can flip back and forth between weekly shift timings over the weekends without noticing the slightest upset in your body clock. It might be a bit lonely, but hey; there is that shift bonus right?
I was toying with the idea of posting the exact same post about this being utter crap at several points during the next day or so. But of course to do that I'd have to stay awake, so I'd forget to do it. But if it's utter crap, then it wouldn't make any difference that I was suffering from lack of sleep. On the otherhand...
My brain hurts; I'm going to have a big cup of strong black coffee, that always helps...
But that's the point. If this option is switched on, you can't run the crack to switch it off. Unless of course the "hack" is a registry patch and that area of the registry is open to general user updates, which it should not be. Only admin should be able to change to that setting, and admin will be able to do it though a tick box in some control/policy editor.
I use Windows, I use Solaris and I use Linux; they all have their places and uses and I think if done well this could address a good chunk of the issues that I have with Windows' security on networks. If Microsoft gets this right they can effectively add control over the "attrib +x" command to system admins, where it belongs. I can't think of any way of doing that on UNIX short of removing the "chmod" capable commands from users; they can compile their own code on many systems and you can even get precompiled binaries on the web for UNIX now.
Done wrong however, even more people might starting to look towards alternatives; it's a Win-Win situation whichever way you cut it.
There is one thing missing from this that would make this idea an absolutely killer thing for any OS. The ability for a user to generate their own, unique, personal certificate and apply it to non-certified code that isn't already approved.
So we could have a long list of "approved" vendors that get automatic approval such as the commercial and larger shareware vendors, the rest you apply your own personal key to when you trust them. To extend this idea further you could assign a temporary "sandbox" certificate to software that you are testing and the OS could take extra precautions in running it, and restricting which users are able to apply their own certificates. If this could be made to cover macros too it could make a big impact on the amount of macro virii that plague Windows.
Anyway, I seem to recall something like this in Windows 3.x that was used to mark older 16 bit code as stable enough to run without an irksome warning message, so the idea has been bouncing around Redmond for a while I think.
>> Why is this bad?
>
> All righty then, Mr. Smarty Pants, why is it good?
And the answer to both questions is:
How can anyone say until Microsoft releases its pricing structure?
Sorry to answer a question with another question, but it could actually turn out to be a cheaper method of buying MS Office you know. In fact it almost certainly will be... until everyone is tied in and there is no alternative at least.
Firstly, I want to see the prices; the press release does say "Customers will also have the option to acquire an Office upgrade product at their local retailer." You could read this as you will be able to buy MS Office cheaper, but at the end of each year you have to renew your subscription, which is effectively an upgrade to the latest service release - with media. So alternate years you only get a service pack, not a full release, but for those out there who are tied to MS Office this could be a good thing, if MS gets its pricing right.
Alternatively you could also buy MS Office cheaply and get a patch from your friendly WaReZ site; if MS thinks it can circumvent the cracker's they are kidding themselves. This is the company whose idea of a serial number is seven digits whose total is divisible by seven remember?
I work at an ISP/Telco, so as you might expect almost all our Internet stuff runs on UNIX boxen (Sun/Solaris). Our internal network however, where all the staff sit is run by the services arm of the parent company and is almost entirely NT based.
We very recently (last few weeks) had our old mail servers upgraded, very smoothly I must admit, to MS Exchange and Outlook, exactly as you are planning. The guys that implemented the conversion knew their stuff, have all the qualifications you might expect them to have and so on, they are internal after all... We have our MX records set so that inbound mail from the Internet goes firstly to the Exchange server and then, if unavailable to two of the boxen on the ISP network. There are about 500 staff on the internal LAN, all using MS Outlook to send email through Exchange, and with the MX records as they are we should have no internal emails on the ISP boxen unless the Exchange box is down.
Since then, the Exchange box has never been down for more than a few minutes, with "down" meaning "off the Internet", so that includes all network outages, planned reboots and so on. It hasn't failed once, and indeed is romping along with its load monitor graphs at comfortably low levels.
Why then, have I been asked to monitor the number and total sizes of all the emails that are mounting up on the ISP platform because servers on the Internet, including our own, cannot deliver mail to Exchange? As an experiment I have kicked the queue in the early ours of a weekend morning and it still only managed to deliver a couple of the few hundred pending emails.
Exchange / Outlook is an excellent platform to run a corporate email system on; the collaboration and MS Office integration is superb and I wouldn't hesitate to recommend it for that. But don't dump the Unix box facing the big bad world, because as an Internet facing mail relay it sucks big time.
Happily we should shortly be implementing just that; and I am confident that when that mail queue gets kicked with the new Sun in place I'll be watching that mail queue counter drop like those guns in Aliens... Of course, that still leaves our services arm with the problem of getting those emails into Exchange, but at least we'll know that our users, including the Directors and Sales departments are respectively getting their pr0n and orders eventually.
And if that last sentence doesn't stop you from being completely assimilated, I don't know what will...
Well, I've seen companies make dumb decisions, but did Intel really point that ICBM at its own for, or do they celebrate April Fool's day in November over there?
Boy, am I glad we run all our high end stuff on SPARC; now I'm just nipping off to dump Intel and buy stock in Sun before it skyrockets...
Precisely my view - I couldn't have put it better, and since I am in the same situation, I would have probably have made an almost identical post if you hadn't got there first! The only people who use WHOIS properly are probably in it, and if you use it properly I really can't see you wanting it removed.
I always check WHOIS for a domain before sending out those "abuse@" and "...master@" type emails, just in case. We recently had a major series of alerts on our firewall from a host in another ISP's address pool, and it looked very much like we had been compromised. Ran WHOIS against the offending domain and it turns out to be the personal domain of a consultant we were using who had locked himself out of our system and was trying to get back in to fix the problem. The matter was "discussed". Without WHOIS though, the guy would have got a napalm enema from his ISP because he tried to avoid getting us out of bed in the early hours or the morning.
Let's face it; the only people who really stand to gain from removal of the WHOIS database are the companies that have something to hide and generate most of the negative press the Internet receives. Or can someone provide an example of a genuine, non-privacy, reason to withhold details from WHOIS that cannot be worked around? We are talking about a technical contact here; an employee who's views may not reflect that of the employer, and may even work for a different company remember.
And as for spam, I use a dedicated email address for this type of thing anyway, which means you can really tighten up the email filters... Or alternatively, has anyone tried submitting a fred@NOSPAM.domain.com type email to WHOIS to break the spammer's scripts?
Perhaps the true GM-free organic frenzy hasn't hit the US yet, but in the UK it's a well-formed bandwagon these days.
Yeah, right! The only thing you can eat or drink in the UK that you can guarantee is free of GM material is water that you have distilled yourself. I used to provide IT support for a company in the dairy industry and here are some facts to give you an idea:
We genetically select the genes in bull semen from over 100 traits such as udder size, shape, yield, digestive properties of the cow.
Because the digestive traits of the resultant calf were pre-selected, we provide a genetically tuned grass seed, that breaks down in the cow's gut better, producing a higher milk yield.
Because the properties of the grass are also known, we can provide fertilizer that provides the grass with the optimal chemicals that it needs to concentrate just the right balance to chemicals to encourage digestion.
Because we are using the fertilizer we are...
Well, you get the (over simplified) idea. GM is right across the food chain from the start; even if you buy non-GM fruit and veg; chances are that some GM tinkering is involved in the production of something you are eating, and most probably a huge chunk.
Oh, and this goes on in the US too, because the bought out its US counterpart, and their product range covered pretty much the same stuff.
Yeah, I'd kind of figured that, hence the reference to the fictional "UnicodeMap". I occasionally use character map programs for accents, and even know a few keyboard shortcuts for common ones. I can't imagine doing that for a whole line, let alone a language I don't know enough (any) to have a clue where to start looking for the character that probably can't be displayed anyway because the neccesary fonts are not installed, Chinese might as well be Martian in that respect.
I don't really think it's going to be an issue though; NonLatinAlphabet.com is almost certainly going to register their URL in the DNS supported languages of all the countries they wish to do business in and point them to that language version of the site. Ultimately it should make it easier for users who don't have Latin keyboards to get by on the web, and this is definately a very good thing.
English may well be the lingua-franca of the web, but why should a Chinese speaker get to a Chinese web site, hosted in China, that is displayed in Chinese by entering a URL in English. All web users require some support for Latin characters, and probably always will, but as a failsafe the reverse should apply too, and we can't fall back on IP numbers because the web is supposed to be using HTTP 1.1 isn't it?
Ok, it's easy if you have the right keyboard, but how would us with Latin alphabet keyboards, or any of the newly supported characters for that matter, access a URL that contains characters not available on our keyboard?
Where's the RFC? IS there an RFC?
I can see it now; "UnicodeMap - your essential tool for surfing far-east pr0n sites with dodgy URLs and even dodgier content..."
Slashdot Mirror
As always, if you know about it, then you can do something about it, and using it is still better than not using it. Just don't believe that it must be a secure connection. Anyway, dsniff has its moments; watching your boss surfing a pr0n site from the HR Director's office for example... :->
No, he didn't. Both Microsoft and Apple stole the idea for the GUI from Xerox Parc, although maybe you could make a case for Bill receiving stolen goods. The only difference was that Apple actually tried to bend the truth about the fact and pretend it was all their work. They did it in court too, and lost, so maybe they think we have forgotten.
I don't personally care for Aqua at all, but I do care for some of the other look and feel alikes that might get canned if this opens some flood gates. How long has this been going on for? If VA just caved in then this has done Open Source absolutely no favours at all; there are very few Linux applications which are not blatently influenced by their commercial closed source equivalents in look and feel. If Apple gets away with this; what's it, or Microsoft, or A.N. Other vendor, going to try for next?
It's not like themes (on any plaform) significantly change the way a GUI works; they just change the way it looks. Now if Apple was in the unique position of offering, say, their top of screen menu system, and a theme implemented that then they might be able argue the case.
Oh. Hang on a minute.
They did argue their case.
In court.
They lost, didn't they?
OK, it's not exactly straight forward for Joe-Sixpack to grasp, but when you think about this it does, in fact, scale up the discounts quite nicely the more you order. For quite large quantities of things, you get a quite realistic scaling of work/packaging involved vs number of items actually in said packaging. I think this is actually a very neat method of working out realistic P&P for a number of identical items.
I'm still somewhat stunned over spotting this Klein bottle as I'm a sucker for things like this and just had to have one ;-). Then I spotted the name "Cliff Stoll"; and went on the hunt for the answer to the "Cuckoo's Egg" question - as I've just finished re-reading the above book this was quite a nice find; talk about kismet!
This is going to be a good "Giving the atheist kids presents" I feel.
You just can't get the moderator's these days, when I was a lad...
Surfing over to /. and taking the piss out of Cowboy Neal of course!
Other than ethics, no reason exists. If you wanted to be really nasty about it you could provide a source package that is clean and a pre-compiled binary package with a backdoor. If you are installing from binary packages you are not going to be decompiling the code are you, especially since the source is clean?
Be honest; how many of you even check the security verification before you kick off that binary install, let alone compile from source you have eyeballed?
There is a very big grey area here though; the whole copyrighted music issue and who is going to get the legal grief, namely the ISP. If the MP3s are copyrighted files to one of the studios, whether or not the site owner has bought them, the ISP could, and probably would, be held liable for distribution and sued.
That said, this specific instance smacks of a knee jerk reaction to the recent MP3 related litigation by the ISP to me. Obviously copywrited files that are freely available for all and sundry probably should be scrubbed for legal reasons, but even so an ISP really needs to send the site owner an email requesting that they either cease and desist or provide the necessary reassurances that the files are legally able to be there.
There is a very slippery slope the ISP is on here with all sorts of potential connotations; free speech, data protection, censorship... If this had happened to me I'd be looking for a new ISP pronto and shouting about it as well.
It's a ploy by Intel to sell more chips and mobos I tell you!
How am I supposed to run Linux on the box if the systemboard has been seperated into it's componant parts? Surely a better method of recycling old (or even new!) Windows boxes is to install Linux and actually make them productive for a change...
On the otherhand; you can flip your schedule completely; get up at 2pm, have breakfast, go to work, come home, have a proper dinner in the early hours of the morning then go to bed just before most people are getting up. This approach works; you can flip back and forth between weekly shift timings over the weekends without noticing the slightest upset in your body clock. It might be a bit lonely, but hey; there is that shift bonus right?
My brain hurts; I'm going to have a big cup of strong black coffee, that always helps...
But that's the point. If this option is switched on, you can't run the crack to switch it off. Unless of course the "hack" is a registry patch and that area of the registry is open to general user updates, which it should not be. Only admin should be able to change to that setting, and admin will be able to do it though a tick box in some control/policy editor.
I use Windows, I use Solaris and I use Linux; they all have their places and uses and I think if done well this could address a good chunk of the issues that I have with Windows' security on networks. If Microsoft gets this right they can effectively add control over the "attrib +x" command to system admins, where it belongs. I can't think of any way of doing that on UNIX short of removing the "chmod" capable commands from users; they can compile their own code on many systems and you can even get precompiled binaries on the web for UNIX now.
Done wrong however, even more people might starting to look towards alternatives; it's a Win-Win situation whichever way you cut it.
So we could have a long list of "approved" vendors that get automatic approval such as the commercial and larger shareware vendors, the rest you apply your own personal key to when you trust them. To extend this idea further you could assign a temporary "sandbox" certificate to software that you are testing and the OS could take extra precautions in running it, and restricting which users are able to apply their own certificates. If this could be made to cover macros too it could make a big impact on the amount of macro virii that plague Windows.
Anyway, I seem to recall something like this in Windows 3.x that was used to mark older 16 bit code as stable enough to run without an irksome warning message, so the idea has been bouncing around Redmond for a while I think.
>
> All righty then, Mr. Smarty Pants, why is it good?
And the answer to both questions is:
How can anyone say until Microsoft releases its pricing structure?
Sorry to answer a question with another question, but it could actually turn out to be a cheaper method of buying MS Office you know. In fact it almost certainly will be... until everyone is tied in and there is no alternative at least.
Or is that just me being cynical?
Alternatively you could also buy MS Office cheaply and get a patch from your friendly WaReZ site; if MS thinks it can circumvent the cracker's they are kidding themselves. This is the company whose idea of a serial number is seven digits whose total is divisible by seven remember?
We very recently (last few weeks) had our old mail servers upgraded, very smoothly I must admit, to MS Exchange and Outlook, exactly as you are planning. The guys that implemented the conversion knew their stuff, have all the qualifications you might expect them to have and so on, they are internal after all... We have our MX records set so that inbound mail from the Internet goes firstly to the Exchange server and then, if unavailable to two of the boxen on the ISP network. There are about 500 staff on the internal LAN, all using MS Outlook to send email through Exchange, and with the MX records as they are we should have no internal emails on the ISP boxen unless the Exchange box is down.
Since then, the Exchange box has never been down for more than a few minutes, with "down" meaning "off the Internet", so that includes all network outages, planned reboots and so on. It hasn't failed once, and indeed is romping along with its load monitor graphs at comfortably low levels.
Why then, have I been asked to monitor the number and total sizes of all the emails that are mounting up on the ISP platform because servers on the Internet, including our own, cannot deliver mail to Exchange? As an experiment I have kicked the queue in the early ours of a weekend morning and it still only managed to deliver a couple of the few hundred pending emails.
Exchange / Outlook is an excellent platform to run a corporate email system on; the collaboration and MS Office integration is superb and I wouldn't hesitate to recommend it for that. But don't dump the Unix box facing the big bad world, because as an Internet facing mail relay it sucks big time.
Happily we should shortly be implementing just that; and I am confident that when that mail queue gets kicked with the new Sun in place I'll be watching that mail queue counter drop like those guns in Aliens... Of course, that still leaves our services arm with the problem of getting those emails into Exchange, but at least we'll know that our users, including the Directors and Sales departments are respectively getting their pr0n and orders eventually.
And if that last sentence doesn't stop you from being completely assimilated, I don't know what will...
Boy, am I glad we run all our high end stuff on SPARC; now I'm just nipping off to dump Intel and buy stock in Sun before it skyrockets...
I always check WHOIS for a domain before sending out those "abuse@" and "...master@" type emails, just in case. We recently had a major series of alerts on our firewall from a host in another ISP's address pool, and it looked very much like we had been compromised. Ran WHOIS against the offending domain and it turns out to be the personal domain of a consultant we were using who had locked himself out of our system and was trying to get back in to fix the problem. The matter was "discussed". Without WHOIS though, the guy would have got a napalm enema from his ISP because he tried to avoid getting us out of bed in the early hours or the morning.
Let's face it; the only people who really stand to gain from removal of the WHOIS database are the companies that have something to hide and generate most of the negative press the Internet receives. Or can someone provide an example of a genuine, non-privacy, reason to withhold details from WHOIS that cannot be worked around? We are talking about a technical contact here; an employee who's views may not reflect that of the employer, and may even work for a different company remember.
And as for spam, I use a dedicated email address for this type of thing anyway, which means you can really tighten up the email filters... Or alternatively, has anyone tried submitting a fred@NOSPAM.domain.com type email to WHOIS to break the spammer's scripts?
Yeah, right! The only thing you can eat or drink in the UK that you can guarantee is free of GM material is water that you have distilled yourself. I used to provide IT support for a company in the dairy industry and here are some facts to give you an idea:
- We genetically select the genes in bull semen from over 100 traits such as udder size, shape, yield, digestive properties of the cow.
- Because the digestive traits of the resultant calf were pre-selected, we provide a genetically tuned grass seed, that breaks down in the cow's gut better, producing a higher milk yield.
- Because the properties of the grass are also known, we can provide fertilizer that provides the grass with the optimal chemicals that it needs to concentrate just the right balance to chemicals to encourage digestion.
- Because we are using the fertilizer we are...
Well, you get the (over simplified) idea. GM is right across the food chain from the start; even if you buy non-GM fruit and veg; chances are that some GM tinkering is involved in the production of something you are eating, and most probably a huge chunk.Oh, and this goes on in the US too, because the bought out its US counterpart, and their product range covered pretty much the same stuff.
Bon appetit!
Yeah, I'd kind of figured that, hence the reference to the fictional "UnicodeMap". I occasionally use character map programs for accents, and even know a few keyboard shortcuts for common ones. I can't imagine doing that for a whole line, let alone a language I don't know enough (any) to have a clue where to start looking for the character that probably can't be displayed anyway because the neccesary fonts are not installed, Chinese might as well be Martian in that respect.
I don't really think it's going to be an issue though; NonLatinAlphabet.com is almost certainly going to register their URL in the DNS supported languages of all the countries they wish to do business in and point them to that language version of the site. Ultimately it should make it easier for users who don't have Latin keyboards to get by on the web, and this is definately a very good thing.
English may well be the lingua-franca of the web, but why should a Chinese speaker get to a Chinese web site, hosted in China, that is displayed in Chinese by entering a URL in English. All web users require some support for Latin characters, and probably always will, but as a failsafe the reverse should apply too, and we can't fall back on IP numbers because the web is supposed to be using HTTP 1.1 isn't it?
Ok, it's easy if you have the right keyboard, but how would us with Latin alphabet keyboards, or any of the newly supported characters for that matter, access a URL that contains characters not available on our keyboard?
Where's the RFC?
IS there an RFC?
I can see it now; "UnicodeMap - your essential tool for surfing far-east pr0n sites with dodgy URLs and even dodgier content..."