More info at http://tenebrae2.com/ and pretties at http://tenebrae2.com/tb2_screenshots.html
For OSX, there's a game called tenebrae quake http://www.versiontracker.com/dyn/moreinfo/macosx/ 17584 that uses a new renderer with quake data files (not included).
Really? You can sidestep congress and just pass those things on your own?
Yeah, by resorting to tactics that passed the PATRIOT Act like the Bush administration did. By using national tragedy to push though legislation that infringes upon rights with no guarantees and vague security goals.
Simply print a 300-some page document late at night and ask people to vote on it first thing in the morning, and see how many people are willing to vote against something with that name. Kudos to the 79 who did.
By the way, It probably took you till the fifteenth question because he didn't actually use the terms you supposedly found and quoted. Try these direct quotations:
Question 6: "John Edwards and I support a strategically balanced..."
Question 7: "John Edwards and I are committed to increasing funding..."
Question 8: "John Edwards and I would increase Federal funding..."
Question 9: "John Edwards and I believe that we can protect..."
I'm actually happy that Kerry realizes the universe doesn't revolve around him, and chooses to name his running mate.
No, they're not portable hard drives. My camera can be connected to my computer to transfer not just photos but arbitrary files back and forth. That does not make my camera a flash memory card reader. Primarily, that camera is still a camera. Primarily, the ipod is a music player.
If you really wanted to get a portable hard drive, there are faster and larger capacity drives for doing this. If you really wanted to use the drive as portable storage, the physical size of the device would not be an issue, but Wiebetech makes some very fast drives based on notebook hard drive tech.
What you did was turn the ipod into a dual use tool. Just because a hammer can be used to do harm doesn't mean hammers should be illegal. Just because ipods can be used for the sake of education doesn't mean they are educational tools.
# Focus development efforts on the new standalone applications: the browser currently code-named Firefox, the Mozilla Thunderbird mail/news application, and standalone composer and other apps based on the the new XUL toolkit used by Firefox and Thunderbird. We aim to make Firefox and Thunderbird our premier products.
# Updated: Maintain the SeaMonkey application suite, currently built by default, for enterprises and other organizations with large existing Mozilla deployments. SeaMonkey remains an important product for many customers.
I've now got two of these in my wallet. They are about the only USB drives thin enough to allow this.
USB1 version has a write-protect switch and an activity light. USB2 version doesn't have a switch but fewer moving parts on something so tiny is probably a good thing. (I'm not affiliated with PQI. I just like their stuff.)
I am looking for a tool that supports both Windows 2000/XP and Mac OS X that does on the fly encryption for removable USB memory sticks.
I know of platform-independent tools like PGP, but after decrypting, unencrypted data would sit on the thumb drive. If I was interrupted after decrypting or (more likely) forgot to encrypt the file again, unencrypted data would sit on the drive.
I know of Mac OS X's encrypted dmg files, but Windows has no way of accessing them. I would use one of the countless number of Windows-, Mac-, or Linux-proprietary third party "put your passwords here" tools for doing encrypted files, but all that I know of are platform-specific.
So what am I looking for? Something that has Windows and OS X clients that I could put on the thumb drive, along with a file of arbitrary size containing the encrypted data. After authenticating with the software, one of the following would happen:
(1) either the software mounts the encrypted file as a disk drive just like daemon-tools mounts a CD image in Windows, or OS X mounts a dmg file (2) or the software includes a 'secure' text editor that can edit the encrypted file.
Either way, the software (1) sits on the thumb drive and (2) provides on-the-fly encryption so the data on the thumb drive is never unencrypted.
I'm willing for this to be horrifically slow as I would be storing mostly text on such a system, but supporting at least recent Windows and Mac OS X is important to me. I run Linux on servers/gateways but prefer Windows or OS X for my primary desktop/laptop machines.
I would be willing to pay for such a product, but I don't trust closed-source encryption products. Please let me know if you have heard of such a product!
Incidentally, PQI makes very very small thumb drives. Froogle for 'PQI intelligent stick.' Their USB1 model has a write-protect switch, but their USB2 model does not. (I am not affiliated but have bought, used, and liked their product.)
Boot time isn't an issue if you get the right laptop. One of the primary selling points about Apple laptops is the sleep mode. You close the lid and it falls asleep in under ten seconds. You open the lid and the login prompt is displayed in two seconds. In sleep mode, the battery loses under 10% over three days, so forgetting your laptop in sleep mode for weeks at a time won't make you lose state. This is all true for the 500MHz and 800MHz Apple laptops that I have used (i.e. you don't need top of the line hardware to get a speedy sleep mode).
Windows XP laptops that I have used take minutes to sleep and wake. The more memory you have, the more it dumps to the hard drive and hence the longer it takes. I haven't gotten any sort of Linux sleep functionality to work with my x86 laptop. I don't feel I should have to jump through hoops to get battery/power management to work on my portable device, but that's another rant.
What you say about the unit reviewed in the article is true if the system must do a full boot every time you cycle power. In general, boot time should not be an issue for any device. Portables should sleep to get through idle time. Apple has shown that boot time is irrelevant if you have an efficient sleep mode and a reasonably stable OS.
I agree, it is brilliant. About as brilliant as growing these vegetables in unclean, unsafe dirt that you wouldn't eat either. Perhaps I missed the part where the vegetables are grown in sterilized hydroponics labs. This is pure speculation, but I would guess that people in Nigeria wash their ingredients before cooking with them.
would be better if you could prove that you're innocent. For drivers under 25, you're just screwed
This is not the only time New Mexico has burdened the many with the crimes of a few. If you are under 25, you must pay for a "none for the road" program that attempts to educate young drivers about drunk driving as part of the requirements for a license. Not only that, people who already have a license from another state (like me) have to pay for the "education" even if they have been driving for eight years without an accident or ticket (like me).
Ok so it's only $15 and you can complete the program at home, but it requires a VCR that I don't have (the only magnetic media I use are hard disks), implies that all drivers under 25 need this (including LICENSED out of state drivers), and is more likely a way for a politician to say "We're trying! Just look!" than an effective means to solve the problem.
Cool, but it needs a net connection
on
Javascrypt
·
· Score: 2, Interesting
Stealing and modifying some RC4 code, I made a self-contained Javascript/PHP CipherSaber encoder/decoder.
Boring I know, but at least it can create self-decrypting HTML files where the ciphertext and decryption code is all self-contained. With such output, any* JS-enabled browser can decrypt the file without a net connection. Here's a sample (use password "test" and 1 loop). This idea can be modified to fit almost any encryption scheme; RC4 just seemed like a good mix of security and extreme ease of implementation at the time.
* This is almost guaranteed NOT to work on Safari in Mac OSX. It works on recent Firebird builds under Windows XP and RedHat 9 (and probably other things as well).
I'm not familiar with the sdem/fyodor scandal, and after reading what little I have, I'm now a great deal more familiar with it than I want to be. I honestly don't care about such petty squabbles.
I am willing to accept that what fyodor did might have been bad, but even if so, that by itself does not mean that his insights into network security are flawed, or that his software projects are themselves evil in any way.
If you're thinking of hiring him to analyze the security of your network, that is one thing. If you're just using his open-source software, who cares?
Regardless of what happened, nmap is a useful tool. Regardless of what happened, this was an interesting interview. Thanks, fyodor!
If they only screwed around in the game world itself and left the real world alone (eg. credit cards, account data, etc) then the company should do the same.
First of all, I'm not sure that you make the distinction clearly. If I kill off characters or steal items using hacked illegal powers, that is modifying account data. If I use my powers to draw a huge smiley face in the sky, then I have still hacked a server, but then I wouldn't be modifying the user's data.
Now assume that there is in fact no change made to the users' account data itself. That is like logging into a machine, escalating privelege, and installing trojans and key-logging mechanisms without actually changing what the other users (and superuser) perceive as they use and monitor the system. Still illegal? Yes!
Pay the (cr|h)ackers a nominal sum for the job of compromising your machine as security testers, then instantly fire and sue them for damages. or something...
Some of us are. Realistically speaking, usage dictates meaning. If everyone else in the world is going to think of hackers as malicious intruders, then so be it. Languages change over time, and computer jargon should be no different.
I'm sure some people will fight for using the "correct terms." They are probably also zealots for their favorite text editor or Linux distro. I don't mind that they do it, but I won't do it myself.
Fight the battles worth fighting for. Leave the H/Cr battle for someone else.
Everytime something like this comes up, I happily ignore it. As other people have mentioned, Google is the beset tool for finding lyrics. Not only is its ranking system good enough that "I Feel Lucky" works, it's also faster. I'd rather load a google page (fast) followed by the lyrics page (slow) than go to that person's home page (slow), enter the same search query, and then load the same lyrisc page (slow).
That's the solution for users like us: just use Google. Always.
The solution for the MPA and related organizations is to use Google. Just five times.
Search for the lyrics of artists you claim to represent. See how you get many relevant links? In fact, for each such search, you might end up with thousands of relevant results. And that's per song. Are you going to attempt to sue them all? I think not. Threatening e-mails are cheap to send, but following up on them all is like trying to charge all users licensing fees for GIFs (or Linux).
So now that you, the MPA, has learned that Google exists and that you cannot get rid of all the lyrics on the web, what's the next step? Offer your own lyrics database! Free of errors and typos, supported by you and your artists, and possibly the start of a groundbreaking revenue stream. Get people to your site instead of others' sites. Use the web instead of fighting it.
If you want to thank me, just agree to stop throwing lawyers at technological issues. To quote George Carlin: "Who knows, it might work. It certainly hasn't been tried."
After someone has proven that they are willing to abuse their 'skills' to settle a personal vendetta, why should anyone in their right mind trust them? To put it more generically, after some one in the 'security community' crosses over the line, how do they come back from that. Or do they?
Are you sure it's trust you're thinking of?
Trust the software?
You can download nmap source and check for any back doors or other tricks. One person might miss something, but I'm sure many people examined the source, and someone along the lines would have said something.
Trust the developer?
If just downloading and using nmap makes him mad enough at you to attack you, he must not get much work done... many people use nmap. You aren't asking him to evaluate your network. You're just using his software.
Or are you thinking about ethics?
Maybe you don't want to use tools created by those whose worldview you don't agree with. I can understand that, but I would disagree with it. Tools made by those you consider unethical or immoral can still be useful tools.
...will use computerized images of crop rows to identify weeds and zap them. The system can identify weeds from the regular crop by assessing shape, color, size and other variables from the captured images of the crop row.
Am I the only one who after taking one look at this thought it was talking about an airport? Weeds are a better target for face(leaf) recognition technology rather than people, at least until it gets much much better. And I figure all those post 9/11 pseudotechnology companies need to license their image recognition software to someone...
Sometimes recovering the original image is not as important as hiding the steganography in a harder to detect fashion. Here is a steg tool that tries to do just that, by keeping statistical properties of the steg-carrying data.
I am a computer science major and have more than 15 GBs of SDKs, source code, compilers, and Homework that would take weeks to restore to a point where i can use it again. I do want to upgrade to windows XP, but i can not sacrifice the time necessary to do so. And regarding the request for an exception, i did request it, and was denied, desipite my knowledge.
They even went as far as giving all of the students antivirus software... but the students decided not to use it.
How is this related to Windows 2000 being fundamentally broken? Are you saying that only Windows 2000 users neglected to install their anti-virus software? Is this because they were using Windows 2000 instead of another OS? Otherwise, that statement is not relevant.
I think XP is allowed because it would be hard for them to block XP Profesional without blocking the Home edition.
XP is allowed because there are certain problems in Windows 2000 which do not exist in Windows XP. Nothing more, nothing less. See the above links. Banning one and recommending another hurts the network in general at least as much as it improves certain aspects of security.
I'm kinda pissed that slashdot completely neglected my submission of the same story (I submitted it 3 weeks ago), but I'll reprint what I said here here. Please give your comments, but I still stand by what I said.
8/30/2002 2:49:15 AM
I'm writing this to the people in charge of Resnet policy, but also to people using Resnet. An outright ban on Windows 2000 will prove to be a costly and ineffective policy for increasing the security of Resnet.
1. Software and Bugs
Windows 2000, like any operating system, is a complex bundle of computer code. Like Windows XP, GNU/Linux, or MacOS, people find bugs in the software from time to time. Certain malicious people try to exploit the bugs to damage networks, reputations, etc. Other people develop software patches to fix the bugs.
Oftentimes, bugs are found with application software, like web browsers, web servers, e-mail clients, and the like. The operating system is generally not at fault. In this case, it just so happened that problems with some Microsoft application software were found in 2001 and combined creatively to create a series of rather devastating worldwide attacks.
2. Who is to Blame
It is important to realize that Windows 2000 was not the vulnerable software in these cases. Rather, bugs in Internet Information Server and Internet Explorer were exploited; they were the cause of the widespread effectiveness of the worms called "Code Red" and "Nimda." In other words, there are computers running Windows 2000 that are not and never were susceptible to Code Red, and there are devices not running Windows 2000 that were susceptible. Similarly, there are plenty of computers not running Windows 2000 that helped spread the problem through the Nimda worm.
Thus, these problems cannot be blamed on Windows 2000. Where does the blame lie? Programmers are bound to make mistakes, especially in an environment where a for-profit company is trying to produce and sell a modern operating system. Since few pieces of software are ever bug-free, it is ultimately up to system administrators and everyday users to make sure that their systems are as secure as possible (or practical). One of the ways to help increase the security of a computer is to apply security patches once they are released.
3. Patching Problems
A properly maintained computer is like a properly maintained car. Using a two-year-old unpatched computer on the Internet is like driving a car too fast on a twisting mountain road during an ice storm on bald tires. Using such a system or driving such a car is asking for trouble.
The bug in IIS that made it vulnerable to Code Red was announced two months before Code Red. The bug in Internet Explorer used by the Nimda worm was announced a full 5 months before Nimda. Yet even today, nearly a year after these attacks, thousands of machines worldwide are still unpatched. In other words, they are either infected with Code Red, or vulnerable to it. Unfortunately, many of these machines are likely to remain unpatched forever.
With that in mind, we turn now to the proposed ban of Windows 2000.
4. What problems does it solve?
Windows XP is not vulnerable to Code Red and Nimda. So upgrading to Windows XP does protect against certain problems.
5. What problems doesn't it solve?
It does not change the fact that improperly configured or improperly managed systems are vulnerable. It does not protect against attacks that have yet to be developed. It does not help educate users about ways to make their systems more secure. It does not help users of other operating systems running vulnerable versions of Internet Explorer. It does not protect against the thousands of other vulnerabilities that plague other operating systems. It does not stop denial of service attacks and port scans (that for some reason were blamed on Windows 2000 by the Resnet web page).
6. What problems does it cause?
Bugs that were introduced during the development of Windows XP could conceivably outweigh the bugs that were patched during that time. It would be naive to think that every bug in Windows XP is also present in older Windows operating systems.
The Products Use Rights document for Windows XP now includes a clause saying that Microsoft may access and change the operating system and its components without your agreement, and in fact without your knowledge. Suggesting that users of Resnet upgrade to Windows XP puts them in a position where they agree to relinquish control of their computers. Incidentally, versions of Windows 2000 up to service pack 2 do not contain this clause.
The ban of an operating system creates a dangerous precedent. Nowhere in the Resnet Acceptible Use Policy has there been any mention of the ban of a specific software product. The AUP does state that users cannot interfere with others, or with the proper functioning of the network. However, anyone would be hard put to prove that Windows 2000 was the sole cause of any problems by virtue of any fundamental and uncorrectable security flaws.
7. What are the costs of the upgrades?
As always, these costs are generally borne by the end users. They must acquire and install the software and learn to use it. This costs time and money and doesn't appreciably increase the security of the network.
8. What are the alternatives?
Requiring that users patch Windows 2000 systems would take less time and money. Verifying that a system was patched by probing the computer for the Red Alert vulnerability is no more difficult than fingerprinting the OS and checking that it is not Windows 2000. Certainly, installing a patch is a less intensive operation than upgrading an operating system and dealing with any problems and incompatibilities that may arise, so support problems faced by the RCCs are fewer.
In conclusion, the proposed Windows 2000 ban is both costly and ineffective. It seems as if the Resnet staff has already decided on implementing this "solution," which is lamentable. As there has been no discussion of or opposition to the ban on this forum, I felt it was necessary to provide a different opinion.
A nice Bin/Dec/Oct/Hex/Sci/Graphing/trig/complex/color/GP L'd calculator for the Palm is Easycalc. Not the smallest memory footprint, but the features may justify the size depending on your needs.
For programming there are basic interpreters, c compilers, and a forth compiler (and undoubtedly others).
theregister.co.uk had an article (sorry lost the url):
Stop the antivirus vendor hype
By: John Leyden Posted: 06/03/2001 at 13:57 GMT
A senior figure in the antivirus industry has spoken out against the misinformation and myths which surround computer viruses - many of which he said arise due to hype from vendors themselves.
David Perry, global director of education for Trend Micro, said the public harbour a number of common misconceptions about computer viruses, due in large part to overstated warnings about viruses from vendors and sensationalist reporting in the media.
Perry, who has spent 10 years in technical support, said: "The problem on help desks is only occasionally fixing the damage caused by computer viruses, it's mostly fixing problems caused by lack of understanding."
His argument is that rumour and innuendo, hoaxes and pop culture create a rich breeding ground for myths about viruses - such as the idea viruses are created by antivirus companies or are able to destroy hardware - that takes focus away from the real issues.
Perry's central point, made in a speech at the 10th Annual European Institute for Anti Virus Research (EICAR) conference in Munich this week, is that misinformed users can actually increase the likelihood of virus infestation, and more needs to be done close the gap between perceived and actual damage caused by viruses.
An example of this knowledge deficit, according to Perry, is that of the 30,000 to 50,000 computer viruses routinely quoted in figures from the antivirus industry, only 800 have ever infected anybody's computer and "only 200 are in circulation".
"The rest are 'zoo' viruses - which are emailed to antivirus companies by virus authors themselves and never make it into the wild," said Perry.
Perry, who himself admits to having over-hyped viruses in the past, said he re-examined his approach after warnings he made about the NewLove virus, a post Love Bug flop, failed to materialise. He argues virus firms need to be more cautious in issuing alerts - despite the temptation to cry wolf.
"The antivirus industry is fiercely competitive. There's millions of dollars to be made and lost and firms gets enormous communication value and mind share when they're quoted in reports of virus outbreaks in the press," said Perry. "The firms who tend to cry wolf are those who need coverage at a particular time, and after an alert is issued things tend to take on a life of their own."
Slashdot Mirror
More info at http://tenebrae2.com/ and pretties at http://tenebrae2.com/tb2_screenshots.html
/ 17584 that uses a new renderer with quake data files (not included).
For OSX, there's a game called tenebrae quake http://www.versiontracker.com/dyn/moreinfo/macosx
Really? You can sidestep congress and just pass those things on your own?
Yeah, by resorting to tactics that passed the PATRIOT Act like the Bush administration did. By using national tragedy to push though legislation that infringes upon rights with no guarantees and vague security goals.
Simply print a 300-some page document late at night and ask people to vote on it first thing in the morning, and see how many people are willing to vote against something with that name. Kudos to the 79 who did.
By the way, It probably took you till the fifteenth question because he didn't actually use the terms you supposedly found and quoted. Try these direct quotations:
Question 6: "John Edwards and I support a strategically balanced..."
Question 7: "John Edwards and I are committed to increasing funding..."
Question 8: "John Edwards and I would increase Federal funding..."
Question 9: "John Edwards and I believe that we can protect..."
I'm actually happy that Kerry realizes the universe doesn't revolve around him, and chooses to name his running mate.
No, they're not portable hard drives. My camera can be connected to my computer to transfer not just photos but arbitrary files back and forth. That does not make my camera a flash memory card reader. Primarily, that camera is still a camera. Primarily, the ipod is a music player.
If you really wanted to get a portable hard drive, there are faster and larger capacity drives for doing this. If you really wanted to use the drive as portable storage, the physical size of the device would not be an issue, but Wiebetech makes some very fast drives based on notebook hard drive tech.
What you did was turn the ipod into a dual use tool. Just because a hammer can be used to do harm doesn't mean hammers should be illegal. Just because ipods can be used for the sake of education doesn't mean they are educational tools.
from http://www.mozilla.org/roadmap.html
I've now got two of these in my wallet. They are about the only USB drives thin enough to allow this.
t ick+usb&btnG=Search+Froogle
USB1 version has a write-protect switch and an activity light. USB2 version doesn't have a switch but fewer moving parts on something so tiny is probably a good thing. (I'm not affiliated with PQI. I just like their stuff.)
http://froogle.google.com/froogle?q=intelligent+s
http://www.pqi1st.com/products/istick.asp
Does anyone know of cross platform security software for removable drives? PGP/GPG doesn't count!
NOT PGP/GPG!
NOT PGP/GPG!
NOT PGP/GPG!
I am looking for a tool that supports both Windows 2000/XP and Mac OS X that does on the fly encryption for removable USB memory sticks.
I know of platform-independent tools like PGP, but after decrypting, unencrypted data would sit on the thumb drive. If I was interrupted after decrypting or (more likely) forgot to encrypt the file again, unencrypted data would sit on the drive.
I know of Mac OS X's encrypted dmg files, but Windows has no way of accessing them. I would use one of the countless number of Windows-, Mac-, or Linux-proprietary third party "put your passwords here" tools for doing encrypted files, but all that I know of are platform-specific.
So what am I looking for? Something that has Windows and OS X clients that I could put on the thumb drive, along with a file of arbitrary size containing the encrypted data. After authenticating with the software, one of the following would happen:
(1) either the software mounts the encrypted file as a disk drive just like daemon-tools mounts a CD image in Windows, or OS X mounts a dmg file
(2) or the software includes a 'secure' text editor that can edit the encrypted file.
Either way, the software (1) sits on the thumb drive and (2) provides on-the-fly encryption so the data on the thumb drive is never unencrypted.
I'm willing for this to be horrifically slow as I would be storing mostly text on such a system, but supporting at least recent Windows and Mac OS X is important to me. I run Linux on servers/gateways but prefer Windows or OS X for my primary desktop/laptop machines.
I would be willing to pay for such a product, but I don't trust closed-source encryption products. Please let me know if you have heard of such a product!
Incidentally, PQI makes very very small thumb drives. Froogle for 'PQI intelligent stick.' Their USB1 model has a write-protect switch, but their USB2 model does not. (I am not affiliated but have bought, used, and liked their product.)
Boot time isn't an issue if you get the right laptop. One of the primary selling points about Apple laptops is the sleep mode. You close the lid and it falls asleep in under ten seconds. You open the lid and the login prompt is displayed in two seconds. In sleep mode, the battery loses under 10% over three days, so forgetting your laptop in sleep mode for weeks at a time won't make you lose state. This is all true for the 500MHz and 800MHz Apple laptops that I have used (i.e. you don't need top of the line hardware to get a speedy sleep mode).
Windows XP laptops that I have used take minutes to sleep and wake. The more memory you have, the more it dumps to the hard drive and hence the longer it takes. I haven't gotten any sort of Linux sleep functionality to work with my x86 laptop. I don't feel I should have to jump through hoops to get battery/power management to work on my portable device, but that's another rant.
What you say about the unit reviewed in the article is true if the system must do a full boot every time you cycle power. In general, boot time should not be an issue for any device. Portables should sleep to get through idle time. Apple has shown that boot time is irrelevant if you have an efficient sleep mode and a reasonably stable OS.
I agree, it is brilliant. About as brilliant as growing these vegetables in unclean, unsafe dirt that you wouldn't eat either. Perhaps I missed the part where the vegetables are grown in sterilized hydroponics labs. This is pure speculation, but I would guess that people in Nigeria wash their ingredients before cooking with them.
would be better if you could prove that you're innocent. For drivers under 25, you're just screwed
This is not the only time New Mexico has burdened the many with the crimes of a few. If you are under 25, you must pay for a "none for the road" program that attempts to educate young drivers about drunk driving as part of the requirements for a license. Not only that, people who already have a license from another state (like me) have to pay for the "education" even if they have been driving for eight years without an accident or ticket (like me).
Ok so it's only $15 and you can complete the program at home, but it requires a VCR that I don't have (the only magnetic media I use are hard disks), implies that all drivers under 25 need this (including LICENSED out of state drivers), and is more likely a way for a politician to say "We're trying! Just look!" than an effective means to solve the problem.
Stealing and modifying some RC4 code, I made a self-contained Javascript/PHP CipherSaber encoder/decoder.
Boring I know, but at least it can create self-decrypting HTML files where the ciphertext and decryption code is all self-contained. With such output, any* JS-enabled browser can decrypt the file without a net connection. Here's a sample (use password "test" and 1 loop). This idea can be modified to fit almost any encryption scheme; RC4 just seemed like a good mix of security and extreme ease of implementation at the time.
* This is almost guaranteed NOT to work on Safari in Mac OSX. It works on recent Firebird builds under Windows XP and RedHat 9 (and probably other things as well).
I'm not familiar with the sdem/fyodor scandal, and after reading what little I have, I'm now a great deal more familiar with it than I want to be. I honestly don't care about such petty squabbles.
I am willing to accept that what fyodor did might have been bad, but even if so, that by itself does not mean that his insights into network security are flawed, or that his software projects are themselves evil in any way.
If you're thinking of hiring him to analyze the security of your network, that is one thing. If you're just using his open-source software, who cares?
Regardless of what happened, nmap is a useful tool. Regardless of what happened, this was an interesting interview. Thanks, fyodor!
First of all, I'm not sure that you make the distinction clearly. If I kill off characters or steal items using hacked illegal powers, that is modifying account data. If I use my powers to draw a huge smiley face in the sky, then I have still hacked a server, but then I wouldn't be modifying the user's data.
Now assume that there is in fact no change made to the users' account data itself. That is like logging into a machine, escalating privelege, and installing trojans and key-logging mechanisms without actually changing what the other users (and superuser) perceive as they use and monitor the system. Still illegal? Yes!
Pay the (cr|h)ackers a nominal sum for the job of compromising your machine as security testers, then instantly fire and sue them for damages. or something...
Some of us are. Realistically speaking, usage dictates meaning. If everyone else in the world is going to think of hackers as malicious intruders, then so be it. Languages change over time, and computer jargon should be no different.
I'm sure some people will fight for using the "correct terms." They are probably also zealots for their favorite text editor or Linux distro. I don't mind that they do it, but I won't do it myself.
Fight the battles worth fighting for. Leave the H/Cr battle for someone else.
Everytime something like this comes up, I happily ignore it. As other people have mentioned, Google is the beset tool for finding lyrics. Not only is its ranking system good enough that "I Feel Lucky" works, it's also faster. I'd rather load a google page (fast) followed by the lyrics page (slow) than go to that person's home page (slow), enter the same search query, and then load the same lyrisc page (slow).
That's the solution for users like us: just use Google. Always.
The solution for the MPA and related organizations is to use Google. Just five times.
Search for the lyrics of artists you claim to represent. See how you get many relevant links? In fact, for each such search, you might end up with thousands of relevant results. And that's per song. Are you going to attempt to sue them all? I think not. Threatening e-mails are cheap to send, but following up on them all is like trying to charge all users licensing fees for GIFs (or Linux).
So now that you, the MPA, has learned that Google exists and that you cannot get rid of all the lyrics on the web, what's the next step? Offer your own lyrics database! Free of errors and typos, supported by you and your artists, and possibly the start of a groundbreaking revenue stream. Get people to your site instead of others' sites. Use the web instead of fighting it.
If you want to thank me, just agree to stop throwing lawyers at technological issues. To quote George Carlin: "Who knows, it might work. It certainly hasn't been tried."
Trust the software?
You can download nmap source and check for any back doors or other tricks. One person might miss something, but I'm sure many people examined the source, and someone along the lines would have said something.
Trust the developer?
If just downloading and using nmap makes him mad enough at you to attack you, he must not get much work done... many people use nmap. You aren't asking him to evaluate your network. You're just using his software.
Or are you thinking about ethics?
Maybe you don't want to use tools created by those whose worldview you don't agree with. I can understand that, but I would disagree with it. Tools made by those you consider unethical or immoral can still be useful tools.
Am I the only one who after taking one look at this thought it was talking about an airport? Weeds are a better target for face(leaf) recognition technology rather than people, at least until it gets much much better. And I figure all those post 9/11 pseudotechnology companies need to license their image recognition software to someone...
In 2001 sales of cds dropped by 5% (Larry Lessig's OSCON 2002 keynote). In 2002 sales dropped more than 10% (I forgot the number and source).
Sometimes recovering the original image is not as important as hiding the steganography in a harder to detect fashion. Here is a steg tool that tries to do just that, by keeping statistical properties of the steg-carrying data.
Actually, no. See the resnet page, which says See also the Resnet forum thread where a user says They even went as far as giving all of the students antivirus software
How is this related to Windows 2000 being fundamentally broken? Are you saying that only Windows 2000 users neglected to install their anti-virus software? Is this because they were using Windows 2000 instead of another OS? Otherwise, that statement is not relevant.
I think XP is allowed because it would be hard for them to block XP Profesional without blocking the Home edition.
XP is allowed because there are certain problems in Windows 2000 which do not exist in Windows XP. Nothing more, nothing less. See the above links. Banning one and recommending another hurts the network in general at least as much as it improves certain aspects of security.
I'm kinda pissed that slashdot completely neglected my submission of the same story (I submitted it 3 weeks ago), but I'll reprint what I said here here. Please give your comments, but I still stand by what I said.
. htm#policy
/ 020211opfoster.xml
8/30/2002 2:49:15 AM
I'm writing this to the people in charge of Resnet policy, but also to people using Resnet. An outright ban on Windows 2000 will prove to be a costly and ineffective policy for increasing the security of Resnet.
1. Software and Bugs
Windows 2000, like any operating system, is a complex bundle of computer code. Like Windows XP, GNU/Linux, or MacOS, people find bugs in the software from time to time. Certain malicious people try to exploit the bugs to damage networks, reputations, etc. Other people develop software patches to fix the bugs.
Oftentimes, bugs are found with application software, like web browsers, web servers, e-mail clients, and the like. The operating system is generally not at fault. In this case, it just so happened that problems with some Microsoft application software were found in 2001 and combined creatively to create a series of rather devastating worldwide attacks.
2. Who is to Blame
It is important to realize that Windows 2000 was not the vulnerable software in these cases. Rather, bugs in Internet Information Server and Internet Explorer were exploited; they were the cause of the widespread effectiveness of the worms called "Code Red" and "Nimda." In other words, there are computers running Windows 2000 that are not and never were susceptible to Code Red, and there are devices not running Windows 2000 that were susceptible. Similarly, there are plenty of computers not running Windows 2000 that helped spread the problem through the Nimda worm.
Thus, these problems cannot be blamed on Windows 2000. Where does the blame lie? Programmers are bound to make mistakes, especially in an environment where a for-profit company is trying to produce and sell a modern operating system. Since few pieces of software are ever bug-free, it is ultimately up to system administrators and everyday users to make sure that their systems are as secure as possible (or practical). One of the ways to help increase the security of a computer is to apply security patches once they are released.
3. Patching Problems
A properly maintained computer is like a properly maintained car. Using a two-year-old unpatched computer on the Internet is like driving a car too fast on a twisting mountain road during an ice storm on bald tires. Using such a system or driving such a car is asking for trouble.
The bug in IIS that made it vulnerable to Code Red was announced two months before Code Red. The bug in Internet Explorer used by the Nimda worm was announced a full 5 months before Nimda. Yet even today, nearly a year after these attacks, thousands of machines worldwide are still unpatched. In other words, they are either infected with Code Red, or vulnerable to it. Unfortunately, many of these machines are likely to remain unpatched forever.
With that in mind, we turn now to the proposed ban of Windows 2000.
4. What problems does it solve?
Windows XP is not vulnerable to Code Red and Nimda. So upgrading to Windows XP does protect against certain problems.
5. What problems doesn't it solve?
It does not change the fact that improperly configured or improperly managed systems are vulnerable. It does not protect against attacks that have yet to be developed. It does not help educate users about ways to make their systems more secure. It does not help users of other operating systems running vulnerable versions of Internet Explorer. It does not protect against the thousands of other vulnerabilities that plague other operating systems. It does not stop denial of service attacks and port scans (that for some reason were blamed on Windows 2000 by the Resnet web page).
6. What problems does it cause?
Bugs that were introduced during the development of Windows XP could conceivably outweigh the bugs that were patched during that time. It would be naive to think that every bug in Windows XP is also present in older Windows operating systems.
The Products Use Rights document for Windows XP now includes a clause saying that Microsoft may access and change the operating system and its components without your agreement, and in fact without your knowledge. Suggesting that users of Resnet upgrade to Windows XP puts them in a position where they agree to relinquish control of their computers. Incidentally, versions of Windows 2000 up to service pack 2 do not contain this clause.
The ban of an operating system creates a dangerous precedent. Nowhere in the Resnet Acceptible Use Policy has there been any mention of the ban of a specific software product. The AUP does state that users cannot interfere with others, or with the proper functioning of the network. However, anyone would be hard put to prove that Windows 2000 was the sole cause of any problems by virtue of any fundamental and uncorrectable security flaws.
7. What are the costs of the upgrades?
As always, these costs are generally borne by the end users. They must acquire and install the software and learn to use it. This costs time and money and doesn't appreciably increase the security of the network.
8. What are the alternatives?
Requiring that users patch Windows 2000 systems would take less time and money. Verifying that a system was patched by probing the computer for the Red Alert vulnerability is no more difficult than fingerprinting the OS and checking that it is not Windows 2000. Certainly, installing a patch is a less intensive operation than upgrading an operating system and dealing with any problems and incompatibilities that may arise, so support problems faced by the RCCs are fewer.
In conclusion, the proposed Windows 2000 ban is both costly and ineffective. It seems as if the Resnet staff has already decided on implementing this "solution," which is lamentable. As there has been no discussion of or opposition to the ban on this forum, I felt it was necessary to provide a different opinion.
9. Resources:
Resnet Policy:
http://www.resnet.ucsb.edu/information/win2k.html
http://www.resnet.ucsb.edu/information/use_policy
Code Red:
http://www.cert.org/advisories/CA-2001-19.html (exploit)
http://www.cert.org/advisories/CA-2001-12.html (bug)
Nimda:
http://www.cert.org/advisories/CA-2001-26.html (exploit)
http://www.cert.org/advisories/CA-2001-06.html (bug)
Windows XP PUR:
http://www.microsoft.com/licensing/resources
http://www.infoworld.com/articles/op/xml/02/02/11
A nice Bin/Dec/Oct/Hex/Sci/Graphing/trig/complex/color/GP L'd calculator for the Palm is Easycalc. Not the smallest memory footprint, but the features may justify the size depending on your needs.
For programming there are basic interpreters, c compilers, and a forth compiler (and undoubtedly others).
--Curby
It could get very ugly
"Sorry I'm late, I had to take my car to therapy."
--Curby
So it took scientists weeks of planning to get Mir to land somewhere in the Pacific after dropping from low-Earth orbit.
And now they claim they're gonna hit a town? The center of town? By "nudging" it with large explosives while it's in deep space?
Curby