Too bad...
on
239 MPG Car
·
· Score: -1, Redundant
...that with the current fashion in cars (SUVs so big they can probably be spotted from the ISS without telescopes), the current trend goes more towards 239 GPM than towards 239 MPG. Maybe a new oil crisis would help to put things a little into perspective.
fireball.de, a German web search engine, has a live query (aptly named "voyeur-queries"). Most queries are in German, of course, but it doesn't take too much mastery of the language to grok what "+livecam +s*x +studentin", "bl**jobs" or "illuminati" is supposed to return. Hours of fun guaranteed, especially on a Friday night.
> The fact that A is buggy means we can only justify not using A if B is not buggy.
Unfortunately, "buggy" is not a useful evaluation criterium IMO. Thinking in terms of web server security, we might compare
number of security holes / related exploits, ranked by severity, over the last several months/years (to see if we can make out a trend)
average time between first public discussion of exploit and availability of a working fix
general attitude of vendor with regard to security (proactive, reactive)
product architecture from a security viewpoint
If I had to choose between IIS and Apache, I would go for the latter with no hesitation. This may change in the future, but Microsoft will have a hard time making up for the serious blunders they made with IIS. As for their disclosure policy, it has been already discussed enough here on Slashdot and on the Web, and I will spare myself further comment.
> Apart from the known issues with IE, outlook, and IIS, what is insecure in Windows?
The "known issues" are numerous and quite serious, and just thinking about what might be lurking in the depths of Windows & Co. makes me feel queasy. The Microsoft empire was built on stacking new features on existing code, with little or no regard to security issues, and it shows. Judging from their mid- to long-term solution (Palladium), they have all but given up on ever delivering an acceptably secure implementation based on their current designs (not that I think for a second that Palladium will be significantly more secure, mind you).
> And as far as IIS goes, Apache hasn't had a spotless security record.
This is true, but unfortunately doesn't make your argument valid. It's a well known logical fallacy ("Ad Hominem / Tu Quoque"). Basically it's like saying "OK, I stole the cookies from the kitchen jar, but so did my brother last week!" - true, but irrelevant, and it won't deter your mother from giving you a good whack.
I guess the moon must be made from the kind of cheese they have in our cafeteria (some kind of substance closely related to high-tech plastics, and about as edible).
>Does anyone else think that someone has found a security hole in a popular unix daemon and is having some fun with it before notifying the authors. Or maybe there is a *VERY NASTY* exploit circulating privately?
Even people who should know better are bound to screw up from time to time. In the words of Dug Song (whose dsniff/fragroute/fragrouter were trojaned):
monkey.org was compromised on May 14th, via an epic4-pre2.511 client-side hole which produced a shell to one of the local admin's accounts. this was later used to reattach to one of his screen sessions, which apparently had a root window open (su very bad!).
Yep, su very bad indeed:-( Now if you excuse me, I have to do a quick check on my console windows.
Google for md5sum and weep at the results (I don't mean the manpage 8-). For example, here is a supposedly secure Linux distribution, and here is their SRPMs directory with the MD5SUM file in it. [I don't mean to diss Trustix, they're just one out of thousands of examples for this practice.]
Em, AFAIK that's not DRM (Digital Rights Management), but code signing and verification. DRM uses code signing and certificates to determine if you're allowed to use a particular piece of code/information. Correct me if I'm wrong.
This message says Recently there have been a spat of well publicized attacks against what I would consider to be the backbone of the open source movement - it's source code distribution system. Hackers have been penetrating people who download, say, OpenSSH and then compile it to use on their systems by trojaning OpenSSH itself. This strikes at the very HEART of Open Source by making the act of installing the software a weakness. Because Open Source has no one distribution point, there are many places for someone to verify if they want to install software securely. Because there are no vendors, the sites people download software from are usually not provided with a dedicated security staff.
This is serious, guys and gals. Use the source, Luke - but what if I can't trust the source any more? Open Source has to find a method to get around this problem; see this post.
Ah, Coherent - "My first Unix", thanks for the links. I still have the 1056-page reference manual in my bookshelf, complete with the four 5 1/4" disks. The bill was $ 129.95, including international shipping. I ran it on my 2 MB IBM PC XT 286 - no X of course, it wasn't even included - with no problems.
Nnnnnnice cabling! You are truly a master of the art, props to you.
BTW, good thing your dog seems to rather largish: small pets and 10" AC case fans don't mix well. Actually they do mix, but in a rather unexpected and unpleasant (for the pet) way.:-(
Give se guy a break, vill ya? He's from Germany, and as the old Bavarian saying goes: "Wenn ist das Nunstrück git und Slotermeyer? Ja!.. Beiherhund das Oder die Flipperwaldt gersput!" ("I may be from Germany, but unlike many Americans I know the difference between `your` and `you're`!").
Lotus 1-2-3 had copy protection from the beginning (release 1A, 1983). The program cost around $500 then (in 1983 dollars, mind you) - far too expensive for many potential buyers; copying was rampant despite the copy protection.
Speaking of spreadsheets, Dan Bricklin of VisiCalc fame has this to say about "copy protection":
In the early days of PC software we had copy protection schemes. Users hated this. To "protect our rights" we made it harder for the users. We found out that when we made it easier to use our software (i.e., no copy protection) users were happier and we still got paid. When we made it hard, they just didn't buy or used special programs to get around our schemes. The support costs of helping users deal with our "protection" was very high. The idea of getting them just used to paying was much better.
In general, we tried to listen to our customers and give them the products they wanted in the forms they wanted so they could use them in the ways they wanted.
source. Well balanced and interesting article. This one is also worth reading. Now, if only the music industry would listen...
I am the entertainer, the idol of my age I make all kinds of money when I go on the stage You see me in the papers, I've been in the magazines But if I go cold, I won't get sold I'll get put in the back in the discount rack Like another can of beans [...]
There's a reason it's called the music industry. Most of them are in for the bucks, not for the love of the art. And we, the customers are shouting Here we are now, entertain us.
I remember a story I read in the famous German "c't" magazine many years ago:
Sometime in the 80s (Germany was still a divided country then), a competition was held for university students from all over Germany. The goal was to write a program to control a robot to perform some predefined tasks, with the team who took the shortest time to finish the program being the winner.
The teams from West Germany used their butt-kickin' (for the time) Intel-based systems (DOS, C, Pascal, harddisks and whatnot).
The competition, however, was won by the only team from East Germany. They used an U880 (a GDR Z80-clone running at 1 or 2 MHz) based Robotron computer which had maybe a tenth of the power of the other teams' computers, and Forth as a programming language.
This page says that "I am Curious Yellow is the title of a Swedish film from 1967 (in Swedish it's Jag aer nyfiken - gul). The following plot summary comes from the Internet Movie Database:
Lena, aged twenty, wants to know all she can about life and reality. She collects information on everyone and everything, storing her findings in an enormous archive. She experiments with relationships, political activism, and meditation. Meanwhile, the actors, director and crew are shown in a humorous parallel plot about the making of the film and their reactions to the story and each other. Nudity, explicit sex, and controversial politics kept this film from being shown in the US while its seizure by Customs was appealed."
Here's the script (best read after ingesting copious amounts of mind-altering drugs, otherwise it doesn't make much sense).
Slashdot Mirror
...that with the current fashion in cars (SUVs so big they can probably be spotted from the ISS without telescopes), the current trend goes more towards 239 GPM than towards 239 MPG. Maybe a new oil crisis would help to put things a little into perspective.
> Where can I download the windows version?
Google for the -billg branch.
fireball.de, a German web search engine, has a live query (aptly named "voyeur-queries"). Most queries are in German, of course, but it doesn't take too much mastery of the language to grok what "+livecam +s*x +studentin", "bl**jobs" or "illuminati" is supposed to return. Hours of fun guaranteed, especially on a Friday night.
Unfortunately, "buggy" is not a useful evaluation criterium IMO. Thinking in terms of web server security, we might compare
If I had to choose between IIS and Apache, I would go for the latter with no hesitation. This may change in the future, but Microsoft will have a hard time making up for the serious blunders they made with IIS. As for their disclosure policy, it has been already discussed enough here on Slashdot and on the Web, and I will spare myself further comment.
ok, I'll bite.
> Apart from the known issues with IE, outlook, and IIS, what is insecure in Windows?
The "known issues" are numerous and quite serious, and just thinking about what might be lurking in the depths of Windows & Co. makes me feel queasy. The Microsoft empire was built on stacking new features on existing code, with little or no regard to security issues, and it shows. Judging from their mid- to long-term solution (Palladium), they have all but given up on ever delivering an acceptably secure implementation based on their current designs (not that I think for a second that Palladium will be significantly more secure, mind you).
> And as far as IIS goes, Apache hasn't had a spotless security record.
This is true, but unfortunately doesn't make your argument valid. It's a well known logical fallacy ("Ad Hominem / Tu Quoque"). Basically it's like saying "OK, I stole the cookies from the kitchen jar, but so did my brother last week!" - true, but irrelevant, and it won't deter your mother from giving you a good whack.
I guess the moon must be made from the kind of cheese they have in our cafeteria (some kind of substance closely related to high-tech plastics, and about as edible).
Ants the size of a Mack truck. ICFTD can be downloaded for free from Cinemaware, btw (Amiga, PC, Genesis).
>Does anyone else think that someone has found a security hole in a popular unix daemon and is having some fun with it before notifying the authors. Or maybe there is a *VERY NASTY* exploit circulating privately?
:-( Now if you excuse me, I have to do a quick check on my console windows.
Even people who should know better are bound to screw up from time to time. In the words of Dug Song (whose dsniff/fragroute/fragrouter were trojaned):
monkey.org was compromised on May 14th, via an epic4-pre2.511
client-side hole which produced a shell to one of the local admin's
accounts. this was later used to reattach to one of his screen
sessions, which apparently had a root window open (su very bad!).
Yep, su very bad indeed
I guess he may be one of those poor sods who got their Unix sysadmin training through this.
Google for md5sum and weep at the results (I don't mean the manpage 8-). For example, here is a supposedly secure Linux distribution, and here is their SRPMs directory with the MD5SUM file in it. [I don't mean to diss Trustix, they're just one out of thousands of examples for this practice.]
Em, AFAIK that's not DRM (Digital Rights Management), but code signing and verification. DRM uses code signing and certificates to determine if you're allowed to use a particular piece of code/information. Correct me if I'm wrong.
irssi
fragroute, dsniff, fragrouter
BitchX
This message says Recently there have been a spat of well publicized attacks against what I would consider to be the backbone of the open source movement - it's source code distribution system. Hackers have been penetrating people who download, say, OpenSSH and then compile it to use on their systems by trojaning OpenSSH itself. This strikes at the very HEART of Open Source by making the act of installing the software a weakness. Because Open Source has no one distribution point, there are many places for someone to verify if they want to install software securely. Because there are no vendors, the sites people download software from are usually not provided with a dedicated security staff.
This is serious, guys and gals. Use the source, Luke - but what if I can't trust the source any more? Open Source has to find a method to get around this problem; see this post.
> Can someone find that cartoon?
Here.
Ah, Coherent - "My first Unix", thanks for the links. I still have the 1056-page reference manual in my bookshelf, complete with the four 5 1/4" disks. The bill was $ 129.95, including international shipping. I ran it on my 2 MB IBM PC XT 286 - no X of course, it wasn't even included - with no problems.
Nnnnnnice cabling! You are truly a master of the art, props to you.
:-(
BTW, good thing your dog seems to rather largish: small pets and 10" AC case fans don't mix well. Actually they do mix, but in a rather unexpected and unpleasant (for the pet) way.
Give se guy a break, vill ya? He's from Germany, and as the old Bavarian saying goes: "Wenn ist das Nunstrück git und Slotermeyer? Ja! .. Beiherhund das Oder die Flipperwaldt gersput!" ("I may be from Germany, but unlike many Americans I know the difference between `your` and `you're`!").
Lotus 1-2-3 had copy protection from the beginning (release 1A, 1983). The program cost around $500 then (in 1983 dollars, mind you) - far too expensive for many potential buyers; copying was rampant despite the copy protection.
Speaking of spreadsheets, Dan Bricklin of VisiCalc fame has this to say about "copy protection":
In the early days of PC software we had copy protection schemes. Users hated this. To "protect our rights" we made it harder for the users. We found out that when we made it easier to use our software (i.e., no copy protection) users were happier and we still got paid. When we made it hard, they just didn't buy or used special programs to get around our schemes. The support costs of helping users deal with our "protection" was very high. The idea of getting them just used to paying was much better.
In general, we tried to listen to our customers and give them the products they wanted in the forms they wanted so they could use them in the ways they wanted.
source. Well balanced and interesting article. This one is also worth reading. Now, if only the music industry would listen...
> Was this less so in the past generations?
Apparently not much has changed since 1974:
I am the entertainer, the idol of my age
I make all kinds of money when I go on the stage
You see me in the papers, I've been in the magazines
But if I go cold, I won't get sold
I'll get put in the back in the discount rack
Like another can of beans [...]
(Billy Joel, The Entertainer, from Streetlife Serenade)
There's a reason it's called the music industry. Most of them are in for the bucks, not for the love of the art. And we, the customers are shouting Here we are now, entertain us.
1. BMG: All our "CDs" will be "copy protected" in the future.
Result: I'll never buy a BMG "CD" again until they stop screwing their customers. I'll tell all my friends to boycott BMG.
2. Peter Gabriel, on the cover of the "Up" album: "This is an enhanced CD. Please put it in your computer."
Result: I bought the album.
http://heavens-above.com/ has location-based information about the flight path of the ISS, among other things. Worth a visit.
I remember a story I read in the famous German "c't" magazine many years ago:
;-)
Sometime in the 80s (Germany was still a divided country then), a competition was held for university students from all over Germany. The goal was to write a program to control a robot to perform some predefined tasks, with the team who took the shortest time to finish the program being the winner.
The teams from West Germany used their butt-kickin' (for the time) Intel-based systems (DOS, C, Pascal, harddisks and whatnot).
The competition, however, was won by the only team from East Germany. They used an U880 (a GDR Z80-clone running at 1 or 2 MHz) based Robotron computer which had maybe a tenth of the power of the other teams' computers, and Forth as a programming language.
Yep, it's not the size, it's how you use it
AYE. Having a "red pill" and "blue pill" version of Slashdot would be cool. Fooling around on brak during its test phase was fun.
> It can also be a reference to the "Vurt" novel by Jeff Noon.
Yep, thanks.
> But I suppose that Noon himself had seen the "I am Curious Yellow" movie
Possible.
This page says that "I am Curious Yellow is the title of a Swedish film from 1967 (in Swedish it's Jag aer nyfiken - gul). The following plot summary comes from the Internet Movie Database:
Lena, aged twenty, wants to know all she can about life and reality. She collects information on everyone and everything, storing her findings in an enormous archive. She experiments with relationships, political activism, and meditation. Meanwhile, the actors, director and crew are shown in a humorous parallel plot about the making of the film and their reactions to the story and each other. Nudity, explicit sex, and controversial politics kept this film from being shown in the US while its seizure by Customs was appealed."
Here's the script (best read after ingesting copious amounts of mind-altering drugs, otherwise it doesn't make much sense).
> What sort of imbeciles is the patent office hiring these days?
Look at this and laugh, or weep, or both.
The link is from this article by James Gleick (of "Genius" fame) which has been discussed on Slashdot two years ago.