For instance, Slackware 7 got a '6' rating. Why? It doesn't have a pretty installer. It doesn't come with a book that explains what a shell is and why root is a bad thing to use 24/7. And it doesn't have a toll-free number you can call and say, "Duh, I did 'rm -r *' as root and torched my system. Was that bad?" Yet it is (almost) universally acknowleged as one of the most stable, most carefully designed distributions in existence.
But at the same time, you'd have to point out the upgrade path for slackware, the lack of support and poor update speeds, and their packaging scheme (I'm sorry, when maintaining 12 different linux boxes, rpm or dpkg are awesome).
But right there, you proved why a technical review for advanced users would be a difficult sell, at best! because everyone has their own favorite distro. For instance, I'm biased against Debian because I was stranded on Debian 1.3, with no upgrade method to 2.0. Hence, If I was the one doing the advanced technical review of Linux Distro's, I'd most likely let my feelings influence my final rating. Just as you would obviously rate Slackware because you are used to it.
People tend to enjoy what they are used to. I'm used to redhat and Solaris. so OS's that are unlike those two, I tend to get aggrivated when I can't find out where they hardcoded the gate way. hence, bad review. And anyone who is technical enough to do a fully advanced review of Linux distro's knows that different distributions are suited for different purposes, but they are all just an ends to a means to getting the kernel on, and some tools to support the kernel. and after you learn the complicated interface to dslect, you don't care that it's complicated, you know how to use it.
Anyway, getting the idea? However, getting more people to use more distributions is a 'good thing' because (as an example) then eventually the slackware people will realize that 'compile your own' is not always the best option, technically and economically. Just as the RedHat people might realize that the default config is not always a good thing. ("What do you mean sharing out / on NFS is a bad idea?")
The first step in writing any sort of article is to remember your audience. This is not an article for the linux converted. It's for the people who've heard of linux, and don't want to blow up their win98 box. I most likely will use this article to give to people when they ask me 'what is easiest'. Hell, the charts of what kernel they are using, number of discs, etc, that's useful info! But you don't give a copy of 1.3 debian to a newbie PC user and expect them not to blow up their machine.. heh (from experience)
Remember people, this is a good thing for the movement, don't jump down their throat for reviewing OS's for newbies. The Zealots in our group will give us a bad name if we're not careful. and you know who you are. So settle down Beavis.
The big differences from the Qube I own and this repackage:
Dual eth0. about time! These will make great NAT/firewalls.
Less memory. I think. This is not really a huge issue for such a small machine.
Bigger hard drive. 10 Gig is good for a *small* server. however, ours has only a 4, way too small. Course, our industrial linux box has 56 gig.
Modem. Not sure how many pci slots this thing has. This should definately be an option, dual eth0's or modem. But that would make the config more complicated.
Comes with a 5 port eth0 switch. This should also be an option, as most offices should have a real LAN already. it'd also lower the price. Plus, it's not like it can be added to packaging late in the game.
This is an excellent expansion for small businesses. instant NAT! `8r) Can't wait to see what other types of products they release! Course, I have a bunch of friends who work for Cobalt, so I hope they do great things.. heh
My personal favorite of this argument is that they suggested that they change the domain to 'etoy.co.ch'.
'Might makes right' is something that should be and can be fought on the digital frontier. Now what can we do about this, instead of just blustering and going 'that's wrong!' Suggestions?
Um, I'm a sentient person. No intelligent person would disregard the possibility that there is intelligent life in the vastness space. I mean, the clearest sign of their possible superior intelligence is that they havn't contacted us yet. `8r)
No seriously, it was unlike anything i've ever seen, I was like 'what the hell is that?!?' You ever seen Deep Impact? Remember the large objects ripping through new york buildings? It looked like it was on that scale when i first saw it.
And I'm color blind, but i'm pretty sure it was glowing green. and moving so very very fast. The fact that it split from one big object to 3 is what me a second to classify it.
and remember, UFO == Unidentified Flying Object. It was unidentified, it was flying, i'm sure it was an object. the report identified it as space junk or a random occurance. hence, an IFO. `8r) -- Gonzo Granzeau
If the meteor was rather large and skipping on the surface of the ion sphere, it's quite possible. I saw this phenomenon as well. And it was coming from the southeast, the direction of the Leo constelation. It just continued to head past everyone towards the northwest. And yes, it most likely was an unusual chunk of rock, with a reference here reporting it as part of the shower.
Basically, the way the world was turned, the only debris that the midwest would see would be rocks that only skipped on the surface, due to the steep angle due to the early time. At 1 AM, we might see some short streaks due to meteors coming straight down, burning out quickly. but in this particular case, we got to see a very large one burn out slowly no the upper levels of the atomosphere, and it was quite impressive! -- Gonzo Granzeau
I saw it as well in Illinois. It was part of the meteor shower. the direction alone can verify that (heading out of the leo sector). There's a news story about it as well, not in a local paper. When I saw it, it was one big mass, and I saw it break up into 3 pieces. -- Gonzo Granzeau
Last night at around 6PM CST, there was this huge fireball seen heading East from Chicago, Illinois (where i live) and was seen in Wisconsin all the way out to Ohio. This was most likely part of the meteor shower but I don't know if anything that impressive will be seen tonight. The only reason I know it wasn't a UFO is because they have an offical report
I basically was getting out of work, looked up and saw this huge greenish fireball. it then seemed to split into 3 parts leaving a long trail behind it and was heading towards lake michigan. It took around 30 seconds to pass over me and out of sight. I was like 'whoa' and then heard people on a local radio station getting calls about it. It was really cool.
Good news is that I think I could live with that image as my memory of the meteor shower, so that means I can actually get some sleep tonight! -- Gonzo Granzeau
I still have to standby my statement in that he misused the phrase *when out of context*.
It's obvious the German's attending understood what he was saying, in context. Assuming I was a foreigner and giving a speech in Chicago, and I said 'Everyone is a citizen of Chicago, I am a Chicago', this would be understood. However, a nice sound bite in Wired might be clipped down to 'Gonzo is Chicago: Just how big is that Sears Tower?'
I'll point out that the reference was used as an example of 'out of context' phrases. Just as it was taken by everyone here. `8r) quite ironic.
As soon as they start taking our quotes out of context, their meaning goes down the tubes.
A good example is when JFK was giving his speech in Berlin and said at the end 'I am a jelly donut' in german (trying to say 'I am from Berlin'). It was all in context... just think if suddenly Wired had JFK on the cover with the title 'I am a donut: Your future life in a donut-based e-commerce.'
Anyway, as long as they give the URL's to where they got the quotes, I think it's a good thing for the community.
Now about that singles forum on slashdot.... `8r) -- Gonzo Granzeau
Before the revolution takes place on the nano-technological scale, they need sufficently advanced tools to automate the processes inherient to nano-technology. If the building of machines is going to rely on a team of scientists using scanning-tunneling microscopes to put the individual atoms in their place, we'll never get anywhere. and machines on that scale will cost a buttload. the first nano assembler though.. whew. who ever creates the first decent one has got a fortune for themselves. -- Gonzo Granzeau
At work, we had a lot of workstations and servers. Difficulty is, how do you come up with a naming convention that is large enough to accomodate 200 machines?! yeah, the 'sun34' might have been okay, but the company had been used to naming their machines 'deckard' and 'centaur' and 'orion'.
Animal names. That's what we ended up using. It works well if you want to match a certain person with a certain animal as well (we accidently paired one of our friends up with weasel!) We made an alphabetical list of a to z of animal names, and then again. (x was hard) this worked out quite well because it's easy to remember which server you were on by picturing the animal.
At home, I took the ideas thrown out during the meeting and applied it. So we now have machines at home named lsd (the linux box, everyone uses it!) alcohol (mine) hardcider (my secondary) morphine (my roommates) prozac (my other roommates) crystalmeth (the gateway)... etc.
anyway, it was fun. and still confuses our vistors. 'Yeah, I think I have it loaded on crystal meth... if not, it should be on lsd.' `8r) -- Gonzo Granzeau
(What I find ironic is that I'm dating one of the most confident women I've ever met, and I'm one of the biggest geeks I know. Damn those successful types, sure glad smart girls who will read this book will avoid us.)
WHY SOME GALS ATTRACT GEEKS LIKE A MAGNET
SACRAMENTO, Calif. -- Single gals: If you're trying to attract Mr. Right but find yourself constantly surrounded by geeky oddballs, you can improve your life just by making some simple changes in the way you walk, talk and behave!
That's the word from Dr. Rachel Carmotta, a psychologist specializing in romantic relationships.
In her new book How To Find Your Handsome Prince Without Involving Yourself With Frogs, Dr. Carmotta writes: "Far too many women think it's just bad luck that the only men who ask them out are nerdy nobodies with pocket protectors and pants cuffs that stop just below the knees.
"You know the kind I mean -- the ones whose idea of a magic evening is one in which they show you their bug collection and beat you at Nintendo all night.
"But the truth is that there's no coincidence involved. women must learn to accept that who we attract depends about 95 percent upon the image we project to the world.
"So if you have your heart set on Leonardo DiCaprio but find yourself buried in valentines from Steve Urkel, maybe it's time you started behaving differently."
Here, from her fascinating book, are just a few of Dr. Carmotta's tips on how you can attract the kind of men you want:
WALK WITH YOUR SHOULDERS BACK AND YOUR HEAD UP -- Believe it or not, if you habitually walk slumped over with your eyes to the ground, this tiny change can dramatically alter the kinds of men who approach you. The nerdy dude with the cowlick and bow tie doesn't have the self-esteem to try to date a woman who projects cool self- confidence.
AVOID NERVOUS GIGGLING -- Women who laugh when they're uncomfortable look vulnerable and can easily give these desperate wimps the idea that they have a chance. It's okay to laugh, of course. But only laugh when something genuinely amuses you.
BANISH WISHY-WASHY PHRASES FROM YOUR CONVERSATION -- Losers are drawn to insecure women like nails to a magnet. When they hear you say, "Aw, I don't know," or "Whatever you think," or "Gee, I'm not sure," their big floppy ears perk up like Pop Tarts from a toaster.
Speak with confidence and cultivate phrases like "Without a doubt," "Yes, absolutely," and "Let's go for it." You'll soon find yourself among men with strong character who respect strength in others.
DON'T ADJUST YOUR CLOTHING TOO MUCH -- This simple habit sends the message: "I'm not sure I'll be accepted" -- just the news the weirdos want to hear. They'll flock to you in droves.
Of course, you should be careful about your appearance, but don't overdo it.
Dr. Carmotta's book will hit the stores in mid-December. -- Gonzo Granzeau
Well, you have to examine two different aspects here.
1. What does it get the company?
2. Could this hurt the company?
The premise is that after a month of the game being public, certain individuals would be invited to come and look and possibly hack on the source of the game. Now, if this is an already existing game, ie non-demo, is there that much economic advantage to having such drastic improvements made? If the game hasn't sold well in the first month, and possibly the next month while these changes are being incorporated, is it going to sell even better afterwards? I think the best you could hope for is an excellent patch, improving the final quality of the game for the fans, making in more popular, and improving the image of the company. On the flip side, if a company had a demo they released and invited peopled to hack the source on that, this might be very advantageous so they can make radical changes to be incorporated into the final box set. This improves the image of the company for not releasing a crap game, the final product would be greatly improved over the demo, everyone wins.
But what sort of damage could be done to the company? I think the 'purpose' of the game would be the most important thing point here. If you have a totally customized real-time-strategy game, where there are few programming similarites, all custom engines, and ideas that have been around for years, but only now getting incorporated (I can tell a villager to immediately start to mine stone in AOE2!)... This is obviously not that risky for the company to be giving away secrets of 'how', if the source was to be seen by the wrong eyes. However, you take a customized version of the Quake 2 engine. or unreal. or any other major engine out there now and think about what could be lifted from the code. the wrong person at the right time could 'take' a function, instead of having to build it themselves into the game engine. When they finally get to market, they would have incorporated their own modifications and another company's modifications as well, increasing their selling points. As the original game engine gets closer and closer together, this becomes much more risky for articles of code theft.
And this is all without assuming that there isn't a bad person in the bunch who's smart enough to know how to get a complete copy of the source for later perusal or private sell to another less reputible game company. (eg, Microsoft's FPS 2000)
Now, some source has been leaked onto the net. This allowed some of us to play quake 1.08 on AIX. And while this is all fine and dandy, if this practice becomes the norm rather than the exception, this can lead to better games, more competition, quicker to market time, and more corporate espionage. And given those options, do you think corporate america is ready to bet the farm that it will pay out? or will they take the safe bet and go with the status quo.
Don't get me wrong, I like the idea of Open Source, etc. And maybe a private code editing session like this is possible, and good for the industry. just that i know the zealots are going to come in and eventually demand that everyone open source everything. and I somehow don't think some companies would like it if their millon dollar game licensing options suddenly became worthless. -- Gonzo Granzeau
When computers can manage themselves, and sysadmins are no longer needed, hence, reducing the IT crunch, I will only be too happy to become a fireman or something similar. I love sysadmining, but i'd much rather have a smarter computer who could deal with it's own problems. -- Gonzo Granzeau
Okay, because I don't feel anyone has addressed these issues seperately, or treated this as something that will get published (even if they don't differentiate between CBRN and IS machines), I feel it neccessary to write up a short bit on each of these points. Feel free to flame me if you disagree, but I don't feel they are getting what they asked for.
Using CT, how easy or otherwise is it to bring down or attack vital systems?
It really depends on how the system was devised. There are a couple factors here, a who is attacking, a why, and a how.
There has been a recent profiliation of machines that are 'automagic', where the user plugs the machine in, and it works. As this becomes more common-place, there will be more attacks of the 'script-kiddie' mentality. These are the more common-place, and usually more destructive attacks. A good example would be the Cold-Fusion exploit released not too long ago. It was written up into a nice package that someone could give to a 13 year old kid. That 13 year old could go burn down a machine in some place he's never heard of, and he wouldn't care. Someone who researched this exploit might actually have some ethics about destroying someone else's virtual property.
Then there is the why question. In the beginning, cracking was mostly used as a 'I was interested in how it worked' explination. In the future, I think we will see more infiltration attacks, where people just want to get onto the system to listen, gather, and desiminate information. This could be to gather personal information, financial information, share a virus, or to expose your political views. The system will continue to work, but an incorrect manner. As these become more sophisicated, I think they will become harder to detect. It's only when we relax our guard do we get hurt by an attack
Then there is a how. The discussion of potentially harmful weapon systems is a matter of exposure. Networking is a useful thing, but think of it in another light. You have a gun cabinet in your office, forget why, but would you really want this expose? So you put it behind a secret door, only certain people know how to go up and press on the door in the right way to open it. But someone visiting might press all your walls in several ways, and still find it. Security via oscurity does not work. So you put a master lock on it. However, a nice pair of bolt cutters work quickly. So you put it in a true safe, making it difficult to get to. People complain, so you are forced to make the combination something simple like '1 2 3'. This again, breaks the system. You run into the common brick wall of security versus ease of use. As our society seemed centered on easing our lives, we tend to focus more on the ease of use. Good example are the web forms out on the web, to make our lives easier, but could also break our security policy.
So you are looking at more information is being distributed, it is becoming easier to find this information to infiltrate a host, and we are moving towards a looser definition of neccessary security. Is it easy to attack systems? Yes, and it's becomign easier all the time.
What sort of skills would be needed to do so, and are they common/teachable?
Many of the skills can be learned from reading on the web. Most are commonly found out. But the most useful are taught in a student/mentor relationship. While root exploits can now be thought of as easier to figure out on your own, it usually takes an experienced person to point the newbie in the right direction, to wade through the bullshit. As we migrate to a more networked envirionment, these requirements will become less, and become a more 'click here!' security risk.
Commercial-off-the-shelf software: can it really do CT?
Two issues, the offense versus the defense. As far as products go, COTS will never be as good as what can be obtained by an experienced professional. and all experienced professionals have a cost. Also, would you include COTS to have web-based and free software? Because it's all out there for the taking. Remember that COTS lag behind the speed of the rest of the world, especially security related products. For instance, ISS security product still checks for certain accounts when trying to check a unix system. However, ISS knows nothing about nmap and it's use as a port scanner. (well, last I checked)
On the defensive side, with proper design COTS can protect your data.. Many companies think of security last, it's an afterthought of a 3rd level VP who says 'BTW Bob, is this system secure?' 'No it isn't Ted, You said you didn't want to put in your password on every new screen' 'Well make it secure, mmmkay?' However there are some products that are designed off the shelf with security in mind, these would be more of the unix systems as they have a better chance to mature. Just the fact that there is a root account where a user can do anythign they want has to remind the designer not to let people get there. For an example, the BSD security audit that took 10 people a year and a half is what I would considered to be an ideal.
Which systems are actually attackable?
All networked systems are attackable. You must assume that. Just as no fortress can be completely safe, no data can truely be secure. There is a sliding scale of usabilty versus security, so set your thresholds high.
Can a recovery be made from such attacks?
This is why backups and data integrity plans are a must. Everyone should have a buisness continutity plan. This can also be associated with an extended cracker attack. If a weapon system is compromised, we will simply have to face the consequences of that weapon being used on ourselves. Some philosopher once stated that man will not be happy until he has devised a weapon that is able to scare even himself.
Is it likely to improve/get worse?
It is most likely going to get only worse, until a light turns on in the mind of software developers that it is bad to have a product that a 13 year old can walk in and take over at any time. Those types of attacks are the true threat in the growing sea of information.
What sort of preventitive work would you recommend them to carry out?
Get the best people you can to manage your systems and your software. The risk of having a new administrator to manage your credit-card-number-heavy network is much higher than the price to find a good administrator. While you can never bank on the security of your software, your security is only as good as your administrator. An aware adminstrator will be able to fix the major flaws in your security.
Anyway, that's my rant on the article. You'll notice most of this information is just systems best practices, and more general information systems, not weapon systems specific. Mainly because I have not dealt with weapon systems, but you'll find software is the same everywhere. Also, 13 year old kid could reference any person of human intelligence and inclination, regardless of nationality, religion, and moral vocation.
Feel free to publish any of this, I do work for Collective Technologies, but these are my own opinions. -- Gonzo Granzeau
You are correct, Arthur C. Clarke hypothoized that the center of Jupiter is a giant diamond in the book 2063. In the story, when Jupiter changed into a Sun, the diamond shot out of the middle of the core (!) and embedded itself in the new life planet of Europa. It's an excellent book, IMHO. If you think about it, it makes sense. What happens to that much carbon when compressed so much? And the hydrogen lake on top of the diamond field has to be impressive. `8r)
What I find scary is how long ago did they have the article on how there could be life on Europa. True, it was thought to be true awhile ago, but they just found out about possible tides, meaning a liquid ocean. A liquid ocean could most definately mean life of some sort.
'A sufficently advanced technology is indistinguishable from magic' -Clarke -- Gonzo Granzeau
2. Linux only supported 256 FD's, and later 1024 FD's.
The insecurity of linux in the begining was well known, it was a hackers OS. Plus, you'd have a lot of unknowns. No REAL packaging system besides tar files, it was a hit or miss proposition based on your admin.
However, File Descriptors (FD) is one of the major reasons. For all of the 1.x kernels, you only had 256 file descriptors. and it was a pain to hack in more. when 2.0 came out, I believe you were still limited to 256, but it was a bit easier to put more in. Some of the later 2.1.x kernels allowed 1024 by default, which 2.2.x does as well. Anyway, other OS's, like Solaris, default to unlimited soft FD's. (hard FD's are still at 256 though). For every IRC connection, you need a FD. So... by using linux, you're automatically limited to 256 or 1024 people. Even if you hack in more, you still have a hardcoded limit. Once again, it's the admin that makes the difference. and as the major irc nets take off, they want something more substantial than 'I heard this admin is good.'
Anyway, I base this on the fact that I used to run irc.ilstu.edu (EFnet) on an AIX machine. We could have ran it on a linux box, but it was just easier with the constant kernel thrash happening on linux to keep it on the AIX box. I now run chat.gamespy.com (and used to run 3dnet.net before it died) and that is on a linux box. and it was a pain to hack in the 4096 FD's we currently have. hence, I would have prefered Solaris at some points. However, Apache was much easier to setup on there, even though that required a lot more FD's as well. You have IRC nets all over the place that use Linux, it's just the history that stop it on the huge networks.
As far as the total article, I see things opposite, of less linux desktops and more linux servers. If you've seen the things that Cobalt is doing, you'd see what a server can do with a microkernel. But the business side of linux just isn't up to speed yet, so it will stay in the hands of geeks and out of the hands of biz guys. which is fine by me.
his might be the same project that I read several years ago in Discovery magazine. It basically was going to use neutrinos to map the center of the earth. The detector looks for the light discharge when a neutrino actually interacts with an atom, creating a muon. And based on that, it was supposed to image the center of the earth, because they would know the velocity and the direction. Since neutrinos are nearly weightless, they are noncharged, and they are very small, they would just pass right through the earth. The current models of the Sun indicate great quanities of neutrinos should be produced, but observation has said otherwise. This project might be able to figure out where the lost neutrinos have gone.
anyway, the ramblings from an ex-particle physics geek. -- Gonzo Granzeau
Slashdot Mirror
But at the same time, you'd have to point out the upgrade path for slackware, the lack of support and poor update speeds, and their packaging scheme (I'm sorry, when maintaining 12 different linux boxes, rpm or dpkg are awesome).
But right there, you proved why a technical review for advanced users would be a difficult sell, at best! because everyone has their own favorite distro. For instance, I'm biased against Debian because I was stranded on Debian 1.3, with no upgrade method to 2.0. Hence, If I was the one doing the advanced technical review of Linux Distro's, I'd most likely let my feelings influence my final rating. Just as you would obviously rate Slackware because you are used to it.
People tend to enjoy what they are used to. I'm used to redhat and Solaris. so OS's that are unlike those two, I tend to get aggrivated when I can't find out where they hardcoded the gate way. hence, bad review. And anyone who is technical enough to do a fully advanced review of Linux distro's knows that different distributions are suited for different purposes, but they are all just an ends to a means to getting the kernel on, and some tools to support the kernel. and after you learn the complicated interface to dslect, you don't care that it's complicated, you know how to use it.
Anyway, getting the idea? However, getting more people to use more distributions is a 'good thing' because (as an example) then eventually the slackware people will realize that 'compile your own' is not always the best option, technically and economically. Just as the RedHat people might realize that the default config is not always a good thing. ("What do you mean sharing out / on NFS is a bad idea?")
Remember people, this is a good thing for the movement, don't jump down their throat for reviewing OS's for newbies. The Zealots in our group will give us a bad name if we're not careful. and you know who you are. So settle down Beavis.
And people wonder why i read with a -1 threshold.. heh *shakes head*
- Dual eth0. about time! These will make great NAT/firewalls.
- Less memory. I think. This is not really a huge issue for such a small machine.
- Bigger hard drive. 10 Gig is good for a *small* server. however, ours has only a 4, way too small. Course, our industrial linux box has 56 gig.
- Modem. Not sure how many pci slots this thing has. This should definately be an option, dual eth0's or modem. But that would make the config more complicated.
- Comes with a 5 port eth0 switch. This should also be an option, as most offices should have a real LAN already. it'd also lower the price. Plus, it's not like it can be added to packaging late in the game.
This is an excellent expansion for small businesses. instant NAT! `8r) Can't wait to see what other types of products they release! Course, I have a bunch of friends who work for Cobalt, so I hope they do great things.. heh'Might makes right' is something that should be and can be fought on the digital frontier. Now what can we do about this, instead of just blustering and going 'that's wrong!' Suggestions?
perfect for small/home office use.
--
Gonzo Granzeau
No seriously, it was unlike anything i've ever seen, I was like 'what the hell is that?!?' You ever seen Deep Impact? Remember the large objects ripping through new york buildings? It looked like it was on that scale when i first saw it.
And I'm color blind, but i'm pretty sure it was glowing green. and moving so very very fast. The fact that it split from one big object to 3 is what me a second to classify it.
and remember, UFO == Unidentified Flying Object. It was unidentified, it was flying, i'm sure it was an object. the report identified it as space junk or a random occurance. hence, an IFO. `8r)
--
Gonzo Granzeau
Basically, the way the world was turned, the only debris that the midwest would see would be rocks that only skipped on the surface, due to the steep angle due to the early time. At 1 AM, we might see some short streaks due to meteors coming straight down, burning out quickly. but in this particular case, we got to see a very large one burn out slowly no the upper levels of the atomosphere, and it was quite impressive!
--
Gonzo Granzeau
I saw it as well in Illinois. It was part of the meteor shower. the direction alone can verify that (heading out of the leo sector). There's a news story about it as well, not in a local paper. When I saw it, it was one big mass, and I saw it break up into 3 pieces.
--
Gonzo Granzeau
I basically was getting out of work, looked up and saw this huge greenish fireball. it then seemed to split into 3 parts leaving a long trail behind it and was heading towards lake michigan. It took around 30 seconds to pass over me and out of sight. I was like 'whoa' and then heard people on a local radio station getting calls about it. It was really cool.
Good news is that I think I could live with that image as my memory of the meteor shower, so that means I can actually get some sleep tonight!
--
Gonzo Granzeau
"Dude, I have an idea, who goes after more copywrite issues than anyone else?"
"I don't know, Microsoft or Fox and Lucas?"
"Hey, let's spoof them both!"
--
Gonzo Granzeau
It's obvious the German's attending understood what he was saying, in context. Assuming I was a foreigner and giving a speech in Chicago, and I said 'Everyone is a citizen of Chicago, I am a Chicago', this would be understood. However, a nice sound bite in Wired might be clipped down to 'Gonzo is Chicago: Just how big is that Sears Tower?'
I'll point out that the reference was used as an example of 'out of context' phrases. Just as it was taken by everyone here. `8r) quite ironic.
--
Gonzo Granzeau
A good example is when JFK was giving his speech in Berlin and said at the end 'I am a jelly donut' in german (trying to say 'I am from Berlin'). It was all in context... just think if suddenly Wired had JFK on the cover with the title 'I am a donut: Your future life in a donut-based e-commerce.'
Anyway, as long as they give the URL's to where they got the quotes, I think it's a good thing for the community.
Now about that singles forum on slashdot.... `8r)
--
Gonzo Granzeau
Before the revolution takes place on the nano-technological scale, they need sufficently advanced tools to automate the processes inherient to nano-technology. If the building of machines is going to rely on a team of scientists using scanning-tunneling microscopes to put the individual atoms in their place, we'll never get anywhere. and machines on that scale will cost a buttload. the first nano assembler though.. whew. who ever creates the first decent one has got a fortune for themselves.
--
Gonzo Granzeau
It's good to see so many people being impartial about the target.
--
Gonzo Granzeau
Animal names. That's what we ended up using. It works well if you want to match a certain person with a certain animal as well (we accidently paired one of our friends up with weasel!) We made an alphabetical list of a to z of animal names, and then again. (x was hard) this worked out quite well because it's easy to remember which server you were on by picturing the animal.
At home, I took the ideas thrown out during the meeting and applied it. So we now have machines at home named lsd (the linux box, everyone uses it!) alcohol (mine) hardcider (my secondary) morphine (my roommates) prozac (my other roommates) crystalmeth (the gateway)... etc.
anyway, it was fun. and still confuses our vistors. 'Yeah, I think I have it loaded on crystal meth... if not, it should be on lsd.' `8r)
--
Gonzo Granzeau
WHY SOME GALS ATTRACT GEEKS LIKE A MAGNET
SACRAMENTO, Calif. -- Single gals: If you're trying to attract Mr. Right but find yourself constantly surrounded by geeky oddballs, you can improve your life just by making some simple changes in the way you walk, talk and behave!
That's the word from Dr. Rachel Carmotta, a psychologist specializing in romantic relationships.
In her new book How To Find Your Handsome Prince Without Involving Yourself With Frogs, Dr. Carmotta writes: "Far too many women think it's just bad luck that the only men who ask them out are nerdy nobodies with pocket protectors and pants cuffs that stop just below the knees.
"You know the kind I mean -- the ones whose idea of a magic evening is one in which they show you their bug collection and beat you at Nintendo all night.
"But the truth is that there's no coincidence involved. women must learn to accept that who we attract depends about 95 percent upon the image we project to the world.
"So if you have your heart set on Leonardo DiCaprio but find yourself buried in valentines from Steve Urkel, maybe it's time you started behaving differently."
Here, from her fascinating book, are just a few of Dr. Carmotta's tips on how you can attract the kind of men you want:
WALK WITH YOUR SHOULDERS BACK AND YOUR HEAD UP -- Believe it or not, if you habitually walk slumped over with your eyes to the ground, this tiny change can dramatically alter the kinds of men who approach you. The nerdy dude with the cowlick and bow tie doesn't have the self-esteem to try to date a woman who projects cool self- confidence.
AVOID NERVOUS GIGGLING -- Women who laugh when they're uncomfortable look vulnerable and can easily give these desperate wimps the idea that they have a chance. It's okay to laugh, of course. But only laugh when something genuinely amuses you.
BANISH WISHY-WASHY PHRASES FROM YOUR CONVERSATION -- Losers are drawn to insecure women like nails to a magnet. When they hear you say, "Aw, I don't know," or "Whatever you think," or "Gee, I'm not sure," their big floppy ears perk up like Pop Tarts from a toaster.
Speak with confidence and cultivate phrases like "Without a doubt," "Yes, absolutely," and "Let's go for it." You'll soon find yourself among men with strong character who respect strength in others.
DON'T ADJUST YOUR CLOTHING TOO MUCH -- This simple habit sends the message: "I'm not sure I'll be accepted" -- just the news the weirdos want to hear. They'll flock to you in droves.
Of course, you should be careful about your appearance, but don't overdo it.
Dr. Carmotta's book will hit the stores in mid-December.
--
Gonzo Granzeau
1. What does it get the company?
2. Could this hurt the company?
The premise is that after a month of the game being public, certain individuals would be invited to come and look and possibly hack on the source of the game. Now, if this is an already existing game, ie non-demo, is there that much economic advantage to having such drastic improvements made? If the game hasn't sold well in the first month, and possibly the next month while these changes are being incorporated, is it going to sell even better afterwards? I think the best you could hope for is an excellent patch, improving the final quality of the game for the fans, making in more popular, and improving the image of the company.
On the flip side, if a company had a demo they released and invited peopled to hack the source on that, this might be very advantageous so they can make radical changes to be incorporated into the final box set. This improves the image of the company for not releasing a crap game, the final product would be greatly improved over the demo, everyone wins.
But what sort of damage could be done to the company? I think the 'purpose' of the game would be the most important thing point here. If you have a totally customized real-time-strategy game, where there are few programming similarites, all custom engines, and ideas that have been around for years, but only now getting incorporated (I can tell a villager to immediately start to mine stone in AOE2!)... This is obviously not that risky for the company to be giving away secrets of 'how', if the source was to be seen by the wrong eyes.
However, you take a customized version of the Quake 2 engine. or unreal. or any other major engine out there now and think about what could be lifted from the code. the wrong person at the right time could 'take' a function, instead of having to build it themselves into the game engine. When they finally get to market, they would have incorporated their own modifications and another company's modifications as well, increasing their selling points. As the original game engine gets closer and closer together, this becomes much more risky for articles of code theft.
And this is all without assuming that there isn't a bad person in the bunch who's smart enough to know how to get a complete copy of the source for later perusal or private sell to another less reputible game company. (eg, Microsoft's FPS 2000)
Now, some source has been leaked onto the net. This allowed some of us to play quake 1.08 on AIX. And while this is all fine and dandy, if this practice becomes the norm rather than the exception, this can lead to better games, more competition, quicker to market time, and more corporate espionage. And given those options, do you think corporate america is ready to bet the farm that it will pay out? or will they take the safe bet and go with the status quo.
Don't get me wrong, I like the idea of Open Source, etc. And maybe a private code editing session like this is possible, and good for the industry. just that i know the zealots are going to come in and eventually demand that everyone open source everything. and I somehow don't think some companies would like it if their millon dollar game licensing options suddenly became worthless.
--
Gonzo Granzeau
id != Apogee.
--
Gonzo Granzeau
When computers can manage themselves, and sysadmins are no longer needed, hence, reducing the IT crunch, I will only be too happy to become a fireman or something similar. I love sysadmining, but i'd much rather have a smarter computer who could deal with it's own problems.
--
Gonzo Granzeau
- Using CT, how easy or otherwise is it to bring down or attack vital systems?
- What sort of skills would be needed to do so, and are they common/teachable?
- Commercial-off-the-shelf software: can it really do CT?
- Which systems are actually attackable?
- Can a recovery be made from such attacks?
- Is it likely to improve/get worse?
- What sort of preventitive work would you recommend them to carry out?
Anyway, that's my rant on the article. You'll notice most of this information is just systems best practices, and more general information systems, not weapon systems specific. Mainly because I have not dealt with weapon systems, but you'll find software is the same everywhere. Also, 13 year old kid could reference any person of human intelligence and inclination, regardless of nationality, religion, and moral vocation.It really depends on how the system was devised. There are a couple factors here, a who is attacking, a why, and a how.
There has been a recent profiliation of machines that are 'automagic', where the user plugs the machine in, and it works. As this becomes more common-place, there will be more attacks of the 'script-kiddie' mentality. These are the more common-place, and usually more destructive attacks. A good example would be the Cold-Fusion exploit released not too long ago. It was written up into a nice package that someone could give to a 13 year old kid. That 13 year old could go burn down a machine in some place he's never heard of, and he wouldn't care. Someone who researched this exploit might actually have some ethics about destroying someone else's virtual property.
Then there is the why question. In the beginning, cracking was mostly used as a 'I was interested in how it worked' explination. In the future, I think we will see more infiltration attacks, where people just want to get onto the system to listen, gather, and desiminate information. This could be to gather personal information, financial information, share a virus, or to expose your political views. The system will continue to work, but an incorrect manner. As these become more sophisicated, I think they will become harder to detect. It's only when we relax our guard do we get hurt by an attack
Then there is a how. The discussion of potentially harmful weapon systems is a matter of exposure. Networking is a useful thing, but think of it in another light. You have a gun cabinet in your office, forget why, but would you really want this expose? So you put it behind a secret door, only certain people know how to go up and press on the door in the right way to open it. But someone visiting might press all your walls in several ways, and still find it. Security via oscurity does not work. So you put a master lock on it. However, a nice pair of bolt cutters work quickly. So you put it in a true safe, making it difficult to get to. People complain, so you are forced to make the combination something simple like '1 2 3'. This again, breaks the system. You run into the common brick wall of security versus ease of use. As our society seemed centered on easing our lives, we tend to focus more on the ease of use. Good example are the web forms out on the web, to make our lives easier, but could also break our security policy.
So you are looking at more information is being distributed, it is becoming easier to find this information to infiltrate a host, and we are moving towards a looser definition of neccessary security. Is it easy to attack systems? Yes, and it's becomign easier all the time.
Many of the skills can be learned from reading on the web. Most are commonly found out. But the most useful are taught in a student/mentor relationship. While root exploits can now be thought of as easier to figure out on your own, it usually takes an experienced person to point the newbie in the right direction, to wade through the bullshit. As we migrate to a more networked envirionment, these requirements will become less, and become a more 'click here!' security risk.
Two issues, the offense versus the defense. As far as products go, COTS will never be as good as what can be obtained by an experienced professional. and all experienced professionals have a cost. Also, would you include COTS to have web-based and free software? Because it's all out there for the taking. Remember that COTS lag behind the speed of the rest of the world, especially security related products. For instance, ISS security product still checks for certain accounts when trying to check a unix system. However, ISS knows nothing about nmap and it's use as a port scanner. (well, last I checked)
On the defensive side, with proper design COTS can protect your data.. Many companies think of security last, it's an afterthought of a 3rd level VP who says 'BTW Bob, is this system secure?' 'No it isn't Ted, You said you didn't want to put in your password on every new screen' 'Well make it secure, mmmkay?' However there are some products that are designed off the shelf with security in mind, these would be more of the unix systems as they have a better chance to mature. Just the fact that there is a root account where a user can do anythign they want has to remind the designer not to let people get there. For an example, the BSD security audit that took 10 people a year and a half is what I would considered to be an ideal.
All networked systems are attackable. You must assume that. Just as no fortress can be completely safe, no data can truely be secure. There is a sliding scale of usabilty versus security, so set your thresholds high.
This is why backups and data integrity plans are a must. Everyone should have a buisness continutity plan. This can also be associated with an extended cracker attack. If a weapon system is compromised, we will simply have to face the consequences of that weapon being used on ourselves. Some philosopher once stated that man will not be happy until he has devised a weapon that is able to scare even himself.
It is most likely going to get only worse, until a light turns on in the mind of software developers that it is bad to have a product that a 13 year old can walk in and take over at any time. Those types of attacks are the true threat in the growing sea of information.
Get the best people you can to manage your systems and your software. The risk of having a new administrator to manage your credit-card-number-heavy network is much higher than the price to find a good administrator. While you can never bank on the security of your software, your security is only as good as your administrator. An aware adminstrator will be able to fix the major flaws in your security.
Feel free to publish any of this, I do work for Collective Technologies, but these are my own opinions.
--
Gonzo Granzeau
What I find scary is how long ago did they have the article on how there could be life on Europa. True, it was thought to be true awhile ago, but they just found out about possible tides, meaning a liquid ocean. A liquid ocean could most definately mean life of some sort.
'A sufficently advanced technology is indistinguishable from magic' -Clarke
--
Gonzo Granzeau
1. Linux was insecure and unmanaged.
2. Linux only supported 256 FD's, and later 1024 FD's.
The insecurity of linux in the begining was well known, it was a hackers OS. Plus, you'd have a lot of unknowns. No REAL packaging system besides tar files, it was a hit or miss proposition based on your admin.
However, File Descriptors (FD) is one of the major reasons. For all of the 1.x kernels, you only had 256 file descriptors. and it was a pain to hack in more. when 2.0 came out, I believe you were still limited to 256, but it was a bit easier to put more in. Some of the later 2.1.x kernels allowed 1024 by default, which 2.2.x does as well. Anyway, other OS's, like Solaris, default to unlimited soft FD's. (hard FD's are still at 256 though). For every IRC connection, you need a FD. So... by using linux, you're automatically limited to 256 or 1024 people. Even if you hack in more, you still have a hardcoded limit. Once again, it's the admin that makes the difference. and as the major irc nets take off, they want something more substantial than 'I heard this admin is good.'
Anyway, I base this on the fact that I used to run irc.ilstu.edu (EFnet) on an AIX machine. We could have ran it on a linux box, but it was just easier with the constant kernel thrash happening on linux to keep it on the AIX box. I now run chat.gamespy.com (and used to run 3dnet.net before it died) and that is on a linux box. and it was a pain to hack in the 4096 FD's we currently have. hence, I would have prefered Solaris at some points. However, Apache was much easier to setup on there, even though that required a lot more FD's as well. You have IRC nets all over the place that use Linux, it's just the history that stop it on the huge networks.
As far as the total article, I see things opposite, of less linux desktops and more linux servers. If you've seen the things that Cobalt is doing, you'd see what a server can do with a microkernel. But the business side of linux just isn't up to speed yet, so it will stay in the hands of geeks and out of the hands of biz guys. which is fine by me.
Gonzo "GoNINzo" Granzeau
--
Gonzo Granzeau
The current models of the Sun indicate great quanities of neutrinos should be produced, but observation has said otherwise. This project might be able to figure out where the lost neutrinos have gone.
anyway, the ramblings from an ex-particle physics geek.
--
Gonzo Granzeau
...they fail to get the point across that you'd be forced to run AIX.
*shiver*
(Sorry, I'm an ex-AIX guy, current Solaris guy, you would not believe my requirements for going back)
--
Gonzo Granzeau