An emulator would probably only be useful for iPod developers. I think right now, the iPodlinux guys are the only non-Apple iPod developers, since there's no published way to run extra code on the Retail OS (native iPod OS.)
Unlike a GBA emulator, for example, there's no content for an iPod emulator to play that you can't already just play in your native desktop OS.
Based on previous experience with Linux on the earlier iPods, he knew how to click the piezo. I don't know off the top of my head if it's the same hardware addresses on the PP5002 and PP5020, but one you have the address, you know how to do it. There is no memory manager on these processors, so it's just a flat memory model with no protection. From there, you just have to write portable arm code that can read addresses 0 through 65535, and write the piezo address appropriately.
Well, I really meant the whole thing, not just using sound as an output. Taking a set of hardware that he doesn't have the specs for, and being able to get enough running to get that far. The older iPods use a somewhat different processor, so it's not as simple as just running the old stuff.
So are you proposing that a number that happens to be the hash of something copyrighted should be illegal to use?
I've noticed that you're using the number "5" in both your email address and Slashdot userid. A book I wrote hashes to the value "5". Please cease and desist distributing the number "5".
Nah, they can just continue going after the individual traders. A list of all IPs trading a given file is built into the protocol, and it crytographically verifies that a particular IP is giving out valid pieces. If an MPAA rep bothers to download enough to verify that it is something copyrighted by someone they represent, they've got all the info they need to proceed. A handful of BT users have posted to the bittorrent_help mailing list indicating that they have received violation notices via their ISP.
Zonealarm was tested, it had no intrusions. In fact, ZA can also help protect outbound access and has a few other things that help with client-side exploits. So, it goes SP2 one better. SP2 has other fixes though, so you should still try to get it installed succesfully at some point.
Yes, that would have been the obvious next choice. I think it would be interesting as well. It would also be somewhat one-sided in the results.:)
Unforunately, that kind of test is a lot more work. I don't see us doing it any time soon. I'd be happy to see someone take that on if they are interested.
As someone else replied, that means they were non-functional. Pretty useless in a home setup.
Yup. Or, the other ways to think of it is that some services are needed even locally over the loopback (think fontserver) and it was closed by default, which means the user has to take action to open it, rather than the other way around.
Why did you not state in your article that while the mac *was* getting attacked almost as much as windows, it was much more secure in that nothing broke through?
It's not *my* article, I didn't write it. However, I think the implication of having it attacked just as much with no compromises is pretty clear.
You stated that "if they had been written to exploit OS X, they would have been successful". Find me something that will exploit samba successfully that can grant root (install) access on a mac, and I will agree with you.
Sure. There was an account on the box with a truly stupid password (intentionally.) No one figured that out. Had they, they would have had sufficient access.
However, even with SMBd getting attacked, and even if there were an exploit that could take it over, it still would be unable to get admin access to make the mac a zombie, because of the secure nature of OS X.
Don't count on the file/process permissions to save you from a shell user. MacOS X has a little ways to go to catch up there.
This is not a reason that OS X should be ranked "less secure". The real winner in your survey is OSX here, not SP2.
Who is ranking it less secure? Who is declaring winners? If you find bias in the Slashdot headline, talk to the submitter and Slashdot editors.
I'm not familiar with AutopatcherXP, and the test systems/network is no longer available. However, if it does what the name suggests, then its a pretty safe assumption that there would have been no intrusions on that box for our test setup. Except for the weak password test we did. Even a fully-patched, but unfirewalled box, will get nailed if you have a stupid password.
Yes, it would appear to be a silly test, but it did verify that there are active worms/botnets looking for weak passwords, and those will get you, too.
I don't think that's 100% accurate. If you go buy a copy of XP at retail right now (at least the OEM copies that I buy) then you get XP w/SP1. If it hasn't already happened, it won't be long before that's XP w/SP2. Also Win2K3 base is newer than XP w/SP1. Back in the NT4 days, many of us bitched to MS that we couldn't slipstream an installer, and they finally got around to addressing that starting with Win2K.
Slashdot Mirror
An emulator would probably only be useful for iPod developers. I think right now, the iPodlinux guys are the only non-Apple iPod developers, since there's no published way to run extra code on the Retail OS (native iPod OS.)
Unlike a GBA emulator, for example, there's no content for an iPod emulator to play that you can't already just play in your native desktop OS.
Based on previous experience with Linux on the earlier iPods, he knew how to click the piezo. I don't know off the top of my head if it's the same hardware addresses on the PP5002 and PP5020, but one you have the address, you know how to do it. There is no memory manager on these processors, so it's just a flat memory model with no protection. From there, you just have to write portable arm code that can read addresses 0 through 65535, and write the piezo address appropriately.
Well, I really meant the whole thing, not just using sound as an output. Taking a set of hardware that he doesn't have the specs for, and being able to get enough running to get that far. The older iPods use a somewhat different processor, so it's not as simple as just running the old stuff.
He used particular tones to represet a set of bits, recorded them, and converted the sound back to bits. Rather like a modem.
Or is that not the part you didnt understand?
Yeah, they were real bastards for coming over to your house and forcing you to install it on your iPod, weren't they?
I thought the sound output trick was highly clever, bravo. I'm looking forward to having Linux on my mini.
And those that do have kids should get divorced when the kids grow up and move out?
Of course. Because children who have moved out couldn't care less if their parents stay together.
Your troll-fu is weak.
So are you proposing that a number that happens to be the hash of something copyrighted should be illegal to use?
I've noticed that you're using the number "5" in both your email address and Slashdot userid. A book I wrote hashes to the value "5". Please cease and desist distributing the number "5".
You said:
So now you're paying to keep an illegal site online?
And then you said:
I didn't say the site was doing anything illegal.
So which bit is illegal?
Does anyone know if Nano boards are actually shipping anywhere? I've got a case project I'm workingon that is too small for mini-ITX.
Because each student was assigned to find 10 original ones? Presumably, he was expecting it to be closer to 250.
Nah, they can just continue going after the individual traders. A list of all IPs trading a given file is built into the protocol, and it crytographically verifies that a particular IP is giving out valid pieces. If an MPAA rep bothers to download enough to verify that it is something copyrighted by someone they represent, they've got all the info they need to proceed. A handful of BT users have posted to the bittorrent_help mailing list indicating that they have received violation notices via their ISP.
Hmmm... I see. And that would be, not the same thing at all. That is in fact a motherboard.
Seriously, if you know where I can purcase one of these system in this article, or the less locked-down one you describe, I'd be interested to know.
Yup, yup..... WHERE?
Zonealarm was tested, it had no intrusions. In fact, ZA can also help protect outbound access and has a few other things that help with client-side exploits. So, it goes SP2 one better. SP2 has other fixes though, so you should still try to get it installed succesfully at some point.
Great, thanks for confirming.
Yes, that would have been the obvious next choice. I think it would be interesting as well. It would also be somewhat one-sided in the results. :)
Unforunately, that kind of test is a lot more work. I don't see us doing it any time soon. I'd be happy to see someone take that on if they are interested.
As someone else replied, that means they were non-functional. Pretty useless in a home setup.
Yup. Or, the other ways to think of it is that some services are needed even locally over the loopback (think fontserver) and it was closed by default, which means the user has to take action to open it, rather than the other way around.
Why did you not state in your article that while the mac *was* getting attacked almost as much as windows, it was much more secure in that nothing broke through?
It's not *my* article, I didn't write it. However, I think the implication of having it attacked just as much with no compromises is pretty clear.
You stated that "if they had been written to exploit OS X, they would have been successful". Find me something that will exploit samba successfully that can grant root (install) access on a mac, and I will agree with you.
Sure. There was an account on the box with a truly stupid password (intentionally.) No one figured that out. Had they, they would have had sufficient access.
However, even with SMBd getting attacked, and even if there were an exploit that could take it over, it still would be unable to get admin access to make the mac a zombie, because of the secure nature of OS X.
Don't count on the file/process permissions to save you from a shell user. MacOS X has a little ways to go to catch up there.
This is not a reason that OS X should be ranked "less secure". The real winner in your survey is OSX here, not SP2.
Who is ranking it less secure? Who is declaring winners? If you find bias in the Slashdot headline, talk to the submitter and Slashdot editors.
I'm not familiar with AutopatcherXP, and the test systems/network is no longer available. However, if it does what the name suggests, then its a pretty safe assumption that there would have been no intrusions on that box for our test setup. Except for the weak password test we did. Even a fully-patched, but unfirewalled box, will get nailed if you have a stupid password.
Yes, it would appear to be a silly test, but it did verify that there are active worms/botnets looking for weak passwords, and those will get you, too.
As Matt below has speculated, it was because it comes on those inexpensive Walmart PCs. The Linspire case was a true out-of-the-box, plug-it-in test.
I use Red Hat myself, most of the time.
I can ask. I suppose technically Avantgarde owns that info, I'll check.
I don't think that's 100% accurate. If you go buy a copy of XP at retail right now (at least the OEM copies that I buy) then you get XP w/SP1. If it hasn't already happened, it won't be long before that's XP w/SP2. Also Win2K3 base is newer than XP w/SP1. Back in the NT4 days, many of us bitched to MS that we couldn't slipstream an installer, and they finally got around to addressing that starting with Win2K.
I'll have to take your word for it. Thanks for clarifying.
Nothing to do with me, but this guy seems to have made a mirror:
= 10955975
.pdfa 2e6928cabfb/ttlnabstract113004.pdf
http://it.slashdot.org/comments.pl?sid=131247&cid
Direct link to
http://mirrordot.org/stories/311ae311b53941463d0b
I've had good personal luck with SP2. There is plenty of evidence out there that it causes real problems with some setups/hardware/etc..
:)
Heh, in fact I used OpenBSD for my monitoring machines and the chokepoint in this test network.