Zounds. The irony. Yes, the circumvention of the copy protection mechanism which allowed you to play pirated games was sufficient for the case to be awarded to Sony. However, the judge also ruled that playing imported games was illegal unless you have permission from the copyright holder. You should conceivably read the article again yourself.
Why can't I legally play an imported PS2 game (which I probably paid a goodly premium for) on a modded PS2? I've voided my warranty if I mod the PS2, Sony still gets their money from the original software sale, the reseller gets their money from the sale to me, and I get to try to decipher the hirigana and kanjii in a vain attempt to understand just what the heck it is I've bought. Seems like everyone gets what they want in this circumstance.
This quite possibly applies to imported DVDs, too.
Re:how is it GNU-based if it has a _BSD_ kernel?
on
Debian NetBSD
·
· Score: 2
No more so than taking the work of the Linux team, shoving some debian/gnu stuff on top of it and calling it a GNU-based operating system. Linux is GPLed, but it's not part of the GNU project. If the GNU C library was being used, I don't think there'd be any real argument. As it is, I'm not so sure.
No, we're porting Debian to NetBSD. A distribution isn't just its installer and package management. There's the way the filesystem is laid out, the way the tools are configured by default and the philosophy behind the development.
Re:how different (from standard netbsd) is it?
on
Debian NetBSD
·
· Score: 3, Informative
Apt and dpkg have been ported. We're working on porting the administrative and configuration utilities. The idea is not to just package NetBSD binaries - the idea is to build the Debian source packages on NetBSD except in cases where that's impossible, and in those cases to produce packages that provide as much of the same functionality as possible.
Less work, and more immediately useful results, would be modifying apt to work with the current binary package system
I'd argue with the "less work", but anyway. Connectiva have ported apt to work with RPMs - that doesn't make it Debian. We're not trying to produce a NetBSD varient using Debian packaging tools. We're trying to produce Debian running on top of the NetBSD kernel.
Arguably, its not really BSD anymore
By some values, this is probably true.
Debian-NetBSD doesn't seem to have package for these platforms anyway
Yet. Once we're running on one architecture, this ought to happen.
Re:They're not cooperating...
on
Debian NetBSD
·
· Score: 2
In fact, the BSD world seems largely annoyed at these folks.
Really? We've got some BSD developers happily working with us. Nobody has yet actually made their displeasure at the situation known, other than some bitching on Slashdot-alikes. If they are annoyed, they're not annoyed enough to actually do anything about it.
I personally don't see the reasons for this project, other than political
That's why I went to the bother of writing this page.
No, the APs in question appear to be based on the Intersil Prism-II chipset. This supports a "host-AP" mode, which allows it to work as an access point without requiring special firmware. At that point you can just use the standard Linux kernel bridging code.
It's not unambiguously identifiable as such. It looks significantly more like a Windows replacement than anything aimed at being Linux on the desktop. We've already got the ability to run the vast majority of Linux applications on the desktop if we so desire, so I'm at something of a loss to see why this is interesting in any way other than the fact that it moves power out of the hands of Microsoft into another closed source company?
The website claims that Lindows will allow the running of both Linux and Windows apps. Why do the screenshots only show Windows ones? There's no demonstration of any sort of interoperability whatsoever.
New drivers and the like will continue to appear, and some things will get backported from 2.5. But further 2.4 development is likely to be concentrated on bugfixes and not fiddling too much with the core code.
Apple's licensing agreement gives you rights, because accepting it is an implicit part of the contract of buying the software
Really? Since when? Most software sales do not involve you being presented with a copy of the EULA. If I buy an object without license conditions being presented to me at the time of sale, I should be able to expect to use that object in the same way as using any other object - that is, any way that is not explicitly illegal (although the DMCA may limit that somewhat). It looks like some US courts may agree - see the Slashdot story earlier today about EULAs.
This idea that you're buying a license to the software rather than the software itself is an invention of the software companies. If you started selling books the first page of which said "You may read this book only on the condition that you do not attempt to explain any of the concepts contained within to anyone else", would you really expect people to take you seriously?
The license on the Linux source code gives you rights above what you would have under normal copyright law. When you buy a book, copyright law prevents you from using the text within it for your own purposes. Copyright law would do the same for the Linux source code were it not for the GPL giving you extra rights providing you adhere to it. The license agreement provided by Apple restricts your rights - if everything within it was illegal anyway, there'd be no reason for it to exist.
Look at it this way. Buying a book doesn't let you use bits of the text yourself, but I'm allowed to say to you that if you buy a copy of Schildt's annotated C++ standard and remove half of the text from it you're left with the ANSI C++ standard for rather less money than you'd normally pay. Buying a copy of the MacOS X 10.1 upgrade doesn't let you use bits of the code in your own software, but nor am I allowed to tell you that if you remove one file from it you're left with MacOS X for rather less money than you'd normally pay, and nor are you allowed to do it even if you do find out that it's possible.
Apple's licensing agreement prevents you from doing things that would otherwise be legal to do, in comparison to Linux's licensing agreement permitting you to do things that would otherwise be illegal to do. Whether or not this sort of license is actually legal is an interesting question which, as yet, does not appear to have been resolved. Claiming that adherance to the GPL is morally equivilent to adherance to Apple's EULA when they're both very different things is somewhat misleading.
There is absolutely NO REASON for you to have passwd suid-root.
You have your/etc/passwd rw-rw-rw-? How do you propose passwd is able
to change the contents of/etc/passwd and/etc/shadow without running as
root?
Ping??? Ummmm.... NO. It can send and recieve packets fine and dandy
as an unpriveleged user. How do you propose a user without root privileges gets the kernel to
generate ICMP messages and send them to arbitrary hosts? Hint: you
don't. Root privileges are required.
XTERM???? Goodnight, that's most insecure thing I've ever heard! XTerm used to be SUID to be able to add entries to wtmp and utmp
(perhaps you'd like those to be world writeable as well?) and change the
ownership of the device node associated with them. Nowadays it's more
traditional to make it SGID instead.
When an xterm starts, it opens up a shell for whatever user it's running as. When a SUID xterm starts, it makes entries in utmp and wtmp and alters
the device node permissions. It then executes the shell as the user.
Feel free to test this.
The above is not informative. newgrp does not add new groups - it allows a user to switch their current group, asking for a password if necessary. It is explicitly designed for users to run, but also requires root privileges. In other words, of course it's SUID and executable by all, you idiots. That's the entire point. People will be calling for passwd to be non-SUID at this rate...
(Of course, this becomes less of a problem once capabilities are present at the filesystem level and we can explicitly launch applications with certain capabilities rather than launch them as root and then drop any they don't need)
This is plainly not true. Programs like newgrp (and passwd, chsh, chfn, login, ping, su and others) require root privileges but are there to be run by users. The alternative is to either remove huge swathes of functionality or let arbitrary users switch their UID without any sort of authentication, have/etc/passwd world writeable, let normal users construct their own IP packets and so on. Removing functionality in the name of security is not an acceptable option, especially when the functionality is this basic.
Re:Difference between this and the IIS holes
on
Linux Kernel Bugs
·
· Score: 3, Informative
Does this mean if you have a shell account on the server that this exploit can be used?
Yes.
If this exploit is run, can it be traced back to the user who ran it?
If process accounting is being used, yes. On the other hand, the user could just "fix" the logs after gaining root.
Does the ptrace command come installed as default on all distro's? It's a system call, not a command, so yes - it's part of the kernel.
Because you need root privileges to change the real group ID of a running process to an arbitrary group (therefore suid) and arbitrary users may wish to run it (therefore world executable)? You're not confusing it with addgroup, are you?
Airsnort currently requires a Prism-II based card, IIRC (they have the ability to listen on all channels simultaneously). The Linux-wlan site has a list of cards with this chipset.
If you have a reproducable problem that causes the entire network to fall over, the only thing you can do is pull the machine. On the other hand, you should really get in touch with the developer of the driver you were using. It's possible that this bug is known and a fixed version of the driver exists, or it's possible that nobody's ever seen it before. Either way, doing what you can to help the developer get this fixed will help prevent other people from having the same problems in the future. You should be able to find out who's responsible for the driver by looking at either/usr/src/linux/MAINTAINERS or the source for the driver itself (it'll probably be under/usr/src/linux/drivers/net/tokenring).
WEP buys you very little. It's the equivilent of putting a tiny padlock on a bike - it may deter somebody who's just looking for an easy target, but it's not going to stop anyone who wants access. Depending on the traffic levels on your network, WEP can be broken within a few hours. Even worse, the time taken to crack the encryption scales linearly with the number of bits - 128 will only take 3 times as long to break, not 2^88.
What difference does it make? If you've gained the ability to load kernel modules you've probably already got the ability to write into aribtrary chunks of address space and rewrite the kernel to do whatever you want it to.
The insects make subtle alterations to the rate of their flashing in order to synchronise with those around them. The wave of synchronisation spreads thoughout the cluster, and you end up with an entire swarm of insects flashing in time.
Re:and how is the program going to get my DNA?
on
Protein Music
·
· Score: 2
wondering how a JAva program is going to get my DNA sequence, especially since I don't have a DNA sequence finder setting around in my room?
You DNA sequence is almost identical to that of every other human being. Over the size of the genome, the differences amount to almost nothing - in terms of the amount of difference it would make to a piece of music, you're unlikely to notice any difference between different individuals.
Slashdot Mirror
Zounds. The irony. Yes, the circumvention of the copy protection mechanism which allowed you to play pirated games was sufficient for the case to be awarded to Sony. However, the judge also ruled that playing imported games was illegal unless you have permission from the copyright holder. You should conceivably read the article again yourself.
Why can't I legally play an imported PS2 game (which I probably paid a goodly premium for) on a modded PS2? I've voided my warranty if I mod the PS2, Sony still gets their money from the original software sale, the reseller gets their money from the sale to me, and I get to try to decipher the hirigana and kanjii in a vain attempt to understand just what the heck it is I've bought. Seems like everyone gets what they want in this circumstance.
Because under Section 17 of the Copyright, Designs and Patents act 1988 you specifically have no intrinsic right to make a transient copy even if that transient copy is necessary for the use of the product - that is, reading the contents of a CD into memory is unauthorised copying. It is assumed that you are implicitly granted permission from the copyright holder when you purchase the product, but as of yesterday's ruling this is assumed to only apply to the country where you bought it. As a result, you are legally permitted to import a game for personal use, but copying that game into your system's memory in order to play it is illegal unless the copyright holder specifically grants you permission to do so.
This quite possibly applies to imported DVDs, too.
No more so than taking the work of the Linux team, shoving some debian/gnu stuff on top of it and calling it a GNU-based operating system. Linux is GPLed, but it's not part of the GNU project. If the GNU C library was being used, I don't think there'd be any real argument. As it is, I'm not so sure.
They're porting apt to NetBSD?
No, we're porting Debian to NetBSD. A distribution isn't just its installer and package management. There's the way the filesystem is laid out, the way the tools are configured by default and the philosophy behind the development.
Apt and dpkg have been ported. We're working on porting the administrative and configuration utilities. The idea is not to just package NetBSD binaries - the idea is to build the Debian source packages on NetBSD except in cases where that's impossible, and in those cases to produce packages that provide as much of the same functionality as possible.
Less work, and more immediately useful results, would be modifying apt to work with the current binary package system
I'd argue with the "less work", but anyway. Connectiva have ported apt to work with RPMs - that doesn't make it Debian. We're not trying to produce a NetBSD varient using Debian packaging tools. We're trying to produce Debian running on top of the NetBSD kernel.
Arguably, its not really BSD anymore
By some values, this is probably true.
Debian-NetBSD doesn't seem to have package for these platforms anyway
Yet. Once we're running on one architecture, this ought to happen.
In fact, the BSD world seems largely annoyed at these folks.
Really? We've got some BSD developers happily working with us. Nobody has yet actually made their displeasure at the situation known, other than some bitching on Slashdot-alikes. If they are annoyed, they're not annoyed enough to actually do anything about it.
I personally don't see the reasons for this project, other than political
That's why I went to the bother of writing this page.
No, the APs in question appear to be based on the Intersil Prism-II chipset. This supports a "host-AP" mode, which allows it to work as an access point without requiring special firmware. At that point you can just use the standard Linux kernel bridging code.
It's not unambiguously identifiable as such. It looks significantly more like a Windows replacement than anything aimed at being Linux on the desktop. We've already got the ability to run the vast majority of Linux applications on the desktop if we so desire, so I'm at something of a loss to see why this is interesting in any way other than the fact that it moves power out of the hands of Microsoft into another closed source company?
The website claims that Lindows will allow the running of both Linux and Windows apps. Why do the screenshots only show Windows ones? There's no demonstration of any sort of interoperability whatsoever.
New drivers and the like will continue to appear, and some things will get backported from 2.5. But further 2.4 development is likely to be concentrated on bugfixes and not fiddling too much with the core code.
Apple's licensing agreement gives you rights, because accepting it is an implicit part of the contract of buying the software
Really? Since when? Most software sales do not involve you being presented with a copy of the EULA. If I buy an object without license conditions being presented to me at the time of sale, I should be able to expect to use that object in the same way as using any other object - that is, any way that is not explicitly illegal (although the DMCA may limit that somewhat). It looks like some US courts may agree - see the Slashdot story earlier today about EULAs.
This idea that you're buying a license to the software rather than the software itself is an invention of the software companies. If you started selling books the first page of which said "You may read this book only on the condition that you do not attempt to explain any of the concepts contained within to anyone else", would you really expect people to take you seriously?
The license on the Linux source code gives you rights above what you would have under normal copyright law. When you buy a book, copyright law prevents you from using the text within it for your own purposes. Copyright law would do the same for the Linux source code were it not for the GPL giving you extra rights providing you adhere to it. The license agreement provided by Apple restricts your rights - if everything within it was illegal anyway, there'd be no reason for it to exist.
Look at it this way. Buying a book doesn't let you use bits of the text yourself, but I'm allowed to say to you that if you buy a copy of Schildt's annotated C++ standard and remove half of the text from it you're left with the ANSI C++ standard for rather less money than you'd normally pay. Buying a copy of the MacOS X 10.1 upgrade doesn't let you use bits of the code in your own software, but nor am I allowed to tell you that if you remove one file from it you're left with MacOS X for rather less money than you'd normally pay, and nor are you allowed to do it even if you do find out that it's possible.
Apple's licensing agreement prevents you from doing things that would otherwise be legal to do, in comparison to Linux's licensing agreement permitting you to do things that would otherwise be illegal to do. Whether or not this sort of license is actually legal is an interesting question which, as yet, does not appear to have been resolved. Claiming that adherance to the GPL is morally equivilent to adherance to Apple's EULA when they're both very different things is somewhat misleading.
But until recently, you couldn't have a file larger than 2 gigabytes (1024x smaller) in Linux.
You could providing you were using a 64 bit architecture. Linux isn't just x86/other 32 bit architectures.
There is absolutely NO REASON for you to have passwd suid-root.
/etc/passwd rw-rw-rw-? How do you propose passwd is able
/etc/passwd and /etc/shadow without running as
You have your
to change the contents of
root?
Ping??? Ummmm.... NO. It can send and recieve packets fine and dandy
as an unpriveleged user.
How do you propose a user without root privileges gets the kernel to
generate ICMP messages and send them to arbitrary hosts? Hint: you
don't. Root privileges are required.
XTERM???? Goodnight, that's most insecure thing I've ever heard!
XTerm used to be SUID to be able to add entries to wtmp and utmp
(perhaps you'd like those to be world writeable as well?) and change the
ownership of the device node associated with them. Nowadays it's more
traditional to make it SGID instead.
When an xterm starts, it opens up a shell for whatever user it's running as.
When a SUID xterm starts, it makes entries in utmp and wtmp and alters
the device node permissions. It then executes the shell as the user.
Feel free to test this.
The above is not informative. newgrp does not add new groups - it allows a user to switch their current group, asking for a password if necessary. It is explicitly designed for users to run, but also requires root privileges. In other words, of course it's SUID and executable by all, you idiots. That's the entire point. People will be calling for passwd to be non-SUID at this rate...
(Of course, this becomes less of a problem once capabilities are present at the filesystem level and we can explicitly launch applications with certain capabilities rather than launch them as root and then drop any they don't need)
You should not have world exec programs set suid
/etc/passwd world writeable, let normal users construct their own IP packets and so on. Removing functionality in the name of security is not an acceptable option, especially when the functionality is this basic.
This is plainly not true. Programs like newgrp (and passwd, chsh, chfn, login, ping, su and others) require root privileges but are there to be run by users. The alternative is to either remove huge swathes of functionality or let arbitrary users switch their UID without any sort of authentication, have
Does this mean if you have a shell account on the server that this exploit can be used?
Yes.
If this exploit is run, can it be traced back to the user who ran it?
If process accounting is being used, yes. On the other hand, the user could just "fix" the logs after gaining root.
Does the ptrace command come installed as default on all distro's?
It's a system call, not a command, so yes - it's part of the kernel.
Because you need root privileges to change the real group ID of a running process to an arbitrary group (therefore suid) and arbitrary users may wish to run it (therefore world executable)? You're not confusing it with addgroup, are you?
Read the thing. The ptrace hole is very similar to one in *BSD last year. Pretty much everyone screws up when it comes to this sort of volume of code.
Airsnort currently requires a Prism-II based card, IIRC (they have the ability to listen on all channels simultaneously). The Linux-wlan site has a list of cards with this chipset.
If you have a reproducable problem that causes the entire network to fall over, the only thing you can do is pull the machine. On the other hand, you should really get in touch with the developer of the driver you were using. It's possible that this bug is known and a fixed version of the driver exists, or it's possible that nobody's ever seen it before. Either way, doing what you can to help the developer get this fixed will help prevent other people from having the same problems in the future. You should be able to find out who's responsible for the driver by looking at either /usr/src/linux/MAINTAINERS or the source for the driver itself (it'll probably be under /usr/src/linux/drivers/net/tokenring).
WEP buys you very little. It's the equivilent of putting a tiny padlock on a bike - it may deter somebody who's just looking for an easy target, but it's not going to stop anyone who wants access. Depending on the traffic levels on your network, WEP can be broken within a few hours. Even worse, the time taken to crack the encryption scales linearly with the number of bits - 128 will only take 3 times as long to break, not 2^88.
What difference does it make? If you've gained the ability to load kernel modules you've probably already got the ability to write into aribtrary chunks of address space and rewrite the kernel to do whatever you want it to.
The insects make subtle alterations to the rate of their flashing in order to synchronise with those around them. The wave of synchronisation spreads thoughout the cluster, and you end up with an entire swarm of insects flashing in time.
wondering how a JAva program is going to get my DNA sequence, especially since I don't have a DNA sequence finder setting around in my room?
You DNA sequence is almost identical to that of every other human being. Over the size of the genome, the differences amount to almost nothing - in terms of the amount of difference it would make to a piece of music, you're unlikely to notice any difference between different individuals.