'It's a bad idea to have people with clear political ties reviewing a system under political scrutiny,'
No, it isn't. It's a bad idea to have people with the *wrong* political ties reviewing it. Let the people with the privacy and hacker political ties at it, if you want a real answer.
Heck, Congress, if you want a real review, then *make* the FBI give one over for a real, public review. Let the opencarnivore team have at it. Give me one to rip open. We'll tell you what it does.
Isn't there a bunch of space junk stuck in orbit? Why doesn't that drop through, too? Are those items further out?
I'm not trying to be a troll... I just never did "get it" w/orbital physics. A first semester physics teacher said the downward pull, plus the forward motion, translated to it staying up there forever. Was that an ideal model, not including drag, etc? Or is MIR in a fixed orbit, while those things are actually spinning about the Earth?
So why will not having cash in the bank tomorrow suddenly make it plunge into the atmosphere? Is someone going to unglug the extension cord to Earth? Are the space landlords going to evict them? Is galactic collections going to show up and reposses their oxy generation unit?
DES is also very fast in hardware, and absolutely sucks in software. It's one of the big reasons a replacement is being sought, rather than just continuing on with DESX.
Nobody cares how fast the crypto is in hardware, really.
Nope. When an exploit is being actively used, you publish details immediately. Especially in this case, where the code can be patched by the end users themselves. (this all assume it's a hole in the slash code of course, and not some other problem.)
Re:Copyright violations?
on
3D Printers
·
· Score: 2
The "printing up your own gun" thing is something that I've discussed with various information security people.
The conversation usually goes something like "what if people could download guns as easily as they could script-kiddie tools."
There was a Clint Eastwood movie where the uberbadguy made a compact plastic gun for the purpose of getting through a metal detector to shoot the president. I'm sure this is the wrong kind of plastic and all for gun-making (and heck, true plastic guns are complete science fiction for all I know) but the idea is intriging.
I don't think home-gun-printing would cause the level of trouble that we have with script kiddies, due mainly to the need to still shoot people in person. However, the FUD factor for people being able to print their own unlicensed, non-trackable guns would beat organized crime, child porgography, and terrorists hands-down.
They got me too... they didn't install a root kit either. I checked my packages with MD5 sums and all my binaries checked out.
You're aware that there are rootkits that will get around the checksums, right? They will hand over the original binaries when you request a read, but will serve up the modified binary when the OS requests an execute.
You can't be sure they don't have anything else on your box until you reinstall clean from known-good media. (And maybe re-flash the BIOS, though we haven't seen that trick used yet.)
They were also worried about a DDoS attack about 3 months before the first ones actually happened. There were some BoF sessions in November, December, and January. The big DDoS attack hit in February.
We chose early on to make it possible to fast-forward through ads but not to completely skip them. Replay, on the other hand, decided to do a 30-second skip. That created a line in the sand, and we were on the side that has allowed us to have a much better relationship with the networks.
OK, they are playing nice with the studios... rather smart, actually...
We're able to do ad substitution, and some of our advertisers, especially car manufacturers, are interested in this.
Holy !@#! They're going to eat you alive and make you walk funny.... Tivo is going down...
So we are somewhat concerned about the ability of people to hack in and get access to the copyrighted material because obviously our partners in the media industry are very concerned about this.
So they're worried about Tivster. And well they should be. 3 things I need: >10Mb Internet connection, 100Mb Ethernet in my house LAN to the Tivo box, and the warez to play the philes (which you've dropped in my Tivo Linux box, how 'bout that.) Then, we will 0wn you. Write a napster/gnutella gateway through my home *nix box to the files on the Tivo to share with the world? No prob.
The print formatting problem in general isn't glibc specific; the article is about print formatting problems in glibc itself (locale handling.) That's why the article says FreddBSD and OpenBSD aren't affected, because they didn't have the glibc locale problems.
They're not vulnerable to the specific glibc formatting bug problem. I don't know why the article didn't just come out and say glibc. Doesn't mean anything to the general public, I suppose. Even OpenBSD has had one or two formatting bug errors, They're just not reachable in the default configuration.
I'm not sure why you would point that out in this context. Crispin (leader of the Stackguard project) makes no claim to being BO-proof, and Stackguard doesn't even address format string problems.
That might be true if you're the target of a new attack. But when the 6.02e23rd victim of the LOVEBUG emails them... they just don't care anymore.
Security groups are looking for new attacks and how to stop them so they can expand their protection arsenal. They have no interest in stopping cracking because... that would put them out of a job!
Doesn't sound like you have any idea what we do, or have ever looked at the incidents list. We don't look for "ways to stop attacks" per se. We have no product. Take a look at the incidents list and see what kinds of posts people make. The archive is on our web site. Often times some ISP that has been ignoring complaints will finally do something when 10 other people chime in that they've seen the same activities from the same network.
The incidents list is a community-based mailing list for concerned net users to discuss incidents that are happening in the wild. The majority of the time, it's other list readers that are able to identify what attack has taken place, or suggest a remedy of some sort. There have been any number of attempts to corolate incidents in the past, and they've all met with pretty limited success. The incidents list seems to be working. None of the other efforts would have ever touched such small scale incidents that the incidents list does.
The only thing that the list (hopefully) buys us is more people who enjoy our site.
When I was working there, Sybase tried to "open-source" the protocol specification for TDS (the protocol for Sybase SQL on-the-wire). This was hoped to benefit groups like freetds.org.
They ended up putting it out... but with a license that would have prevented anyone from producing a free workalike. The freetds guys couldn't even look at spec thing without possibly binding themselves to the license, and no longer being able to work on the project.
I know it says they will have a "open" license.. I hope it actually works out that way. The old Watcom guys are a pretty clever bunch. I think it will be nice for them to have their work available to the general public for free.
Slashdot Mirror
Did you try asking Mike?
I just called him... he should be on in a moment to comment.
'It's a bad idea to have people with clear political ties reviewing a system under political scrutiny,'
No, it isn't. It's a bad idea to have people with the *wrong* political ties reviewing it. Let the people with the privacy and hacker political ties at it, if you want a real answer.
Heck, Congress, if you want a real review, then *make* the FBI give one over for a real, public review. Let the opencarnivore team have at it. Give me one to rip open. We'll tell you what it does.
Isn't there a bunch of space junk stuck in orbit? Why doesn't that drop through, too? Are those items further out?
I'm not trying to be a troll... I just never did "get it" w/orbital physics. A first semester physics teacher said the downward pull, plus the forward motion, translated to it staying up there forever. Was that an ideal model, not including drag, etc? Or is MIR in a fixed orbit, while those things are actually spinning about the Earth?
So why will not having cash in the bank tomorrow suddenly make it plunge into the atmosphere? Is someone going to unglug the extension cord to Earth? Are the space landlords going to evict them? Is galactic collections going to show up and reposses their oxy generation unit?
DES is also very fast in hardware, and absolutely sucks in software. It's one of the big reasons a replacement is being sought, rather than just continuing on with DESX.
Nobody cares how fast the crypto is in hardware, really.
Yup. This is a repeat, quite an old story. And it's spelled "Emmanuel".
I still love the 7-11 time-lapse camera shot of Emmanuel compared to the regular promo shot for the IBM guy.
Practice. Same way you get to Carnegie Hall.
Of course, I understand you're being sarcastic, but lots of people really think that way.
Nope. When an exploit is being actively used, you publish details immediately. Especially in this case, where the code can be patched by the end users themselves. (this all assume it's a hole in the slash code of course, and not some other problem.)
I missed the hacking contest announcement?
The "printing up your own gun" thing is something that I've discussed with various information security people.
The conversation usually goes something like "what if people could download guns as easily as they could script-kiddie tools."
There was a Clint Eastwood movie where the uberbadguy made a compact plastic gun for the purpose of getting through a metal detector to shoot the president. I'm sure this is the wrong kind of plastic and all for gun-making (and heck, true plastic guns are complete science fiction for all I know) but the idea is intriging.
I don't think home-gun-printing would cause the level of trouble that we have with script kiddies, due mainly to the need to still shoot people in person. However, the FUD factor for people being able to print their own unlicensed, non-trackable guns would beat organized crime, child porgography, and terrorists hands-down.
The page scans finally came up... took about 10 minutes.
They say that they might be infringing..stop it. They don't actually say what to stop. How are they supposed to comply, even if they wanted to?
Rimmer is a hologram (hence the H), not an android.
At least I think computer generated human-shaped holograms don't count as androids. Aw crap, now I don't know... thanks alot.
They got me too... they didn't install a root kit either. I checked my packages with MD5 sums and all my binaries checked out.
You're aware that there are rootkits that will get around the checksums, right? They will hand over the original binaries when you request a read, but will serve up the modified binary when the OS requests an execute.
You can't be sure they don't have anything else on your box until you reinstall clean from known-good media. (And maybe re-flash the BIOS, though we haven't seen that trick used yet.)
http://www.rootkit.com
They were also worried about a DDoS attack about 3 months before the first ones actually happened. There were some BoF sessions in November, December, and January. The big DDoS attack hit in February.
We chose early on to make it possible to fast-forward through ads but not to completely skip them. Replay, on the other hand, decided to do a 30-second skip. That created a line in the sand, and we were on the side that has allowed us to have a much better relationship with the networks.
OK, they are playing nice with the studios... rather smart, actually...
We're able to do ad substitution, and some of our advertisers, especially car manufacturers, are interested in this.
Holy !@#! They're going to eat you alive and make you walk funny.... Tivo is going down...
So we are somewhat concerned about the ability of people to hack in and get access to the copyrighted material because obviously our partners in the media industry are very concerned about this.
So they're worried about Tivster. And well they should be. 3 things I need: >10Mb Internet connection, 100Mb Ethernet in my house LAN to the Tivo box, and the warez to play the philes (which you've dropped in my Tivo Linux box, how 'bout that.) Then, we will 0wn you. Write a napster/gnutella gateway through my home *nix box to the files on the Tivo to share with the world? No prob.
Should be fun to see what happens.
The print formatting problem in general isn't glibc specific; the article is about print formatting problems in glibc itself (locale handling.) That's why the article says FreddBSD and OpenBSD aren't affected, because they didn't have the glibc locale problems.
They're not vulnerable to the specific glibc formatting bug problem. I don't know why the article didn't just come out and say glibc. Doesn't mean anything to the general public, I suppose. Even OpenBSD has had one or two formatting bug errors, They're just not reachable in the default configuration.
I'm not sure why you would point that out in this context. Crispin (leader of the Stackguard project) makes no claim to being BO-proof, and Stackguard doesn't even address format string problems.
Check out the thread on vuln-dev here
That's quite the coincidence... I'm working on a method to install a copy protection device up the MPAA's ass.
Unless they keep it encrypted all the way to their web site, where they've got the mate to the key that signed it.
He just wanted first post.
Security groups are looking for new attacks and how to stop them so they can expand their protection arsenal. They have no interest in stopping cracking because... that would put them out of a job!
Doesn't sound like you have any idea what we do, or have ever looked at the incidents list. We don't look for "ways to stop attacks" per se. We have no product. Take a look at the incidents list and see what kinds of posts people make. The archive is on our web site. Often times some ISP that has been ignoring complaints will finally do something when 10 other people chime in that they've seen the same activities from the same network.
The incidents list is a community-based mailing list for concerned net users to discuss incidents that are happening in the wild. The majority of the time, it's other list readers that are able to identify what attack has taken place, or suggest a remedy of some sort. There have been any number of attempts to corolate incidents in the past, and they've all met with pretty limited success. The incidents list seems to be working. None of the other efforts would have ever touched such small scale incidents that the incidents list does.
The only thing that the list (hopefully) buys us is more people who enjoy our site.
When I was working there, Sybase tried to "open-source" the protocol specification for TDS (the protocol for Sybase SQL on-the-wire). This was hoped to benefit groups like freetds.org.
They ended up putting it out... but with a license that would have prevented anyone from producing a free workalike. The freetds guys couldn't even look at spec thing without possibly binding themselves to the license, and no longer being able to work on the project.
I know it says they will have a "open" license.. I hope it actually works out that way. The old Watcom guys are a pretty clever bunch. I think it will be nice for them to have their work available to the general public for free.
Yes, we've been experiencing degraded performance today due to the Slashdot traffic. I'm working on some upgrades that should help with that.