I'm teaching my nephew (aged 8) to program in Python. I selected it because it's got a fairly shallow learning curve (you can get impressive results almost as soon as you start), it's a 'real' programming language (lists, maps, objects etc) and it's got elements from most of the major language families (structured, OO, functional - but not really declarative).
He is picking it up amazingly fast, and loving every minute. I am having a lot of fun, too.
I am sure other languages would be appropriate too, but from personal experience I can say that Python seems to be an ideal 'first' language.
Incidentally, his PC runs Win95, so I've given him the Gnu tools. He think's they're funny, but he is already having a load of fun doing simple text processing with the 'usual suspects' (cat, sort, uniq, grep etc) I think this gives him the best of both worlds.
Pah! My desktop 1GHz box is fast. {be rude about RISC systems on the grounds that MHz is all}
But does it run Quack?{Be rude because you have no understanding of systems that don't even *care* about video cards}
Imagine a Beowulf of these... {Umm - This is a *real* cluster. And I am Grendel's mother. Be afraid.}
Who needs more computing power anyway? {Physicists, Engineers,... REAL scientists. But don't ask the Biologists. They need milions of computers like this *each* before computers are of any interest to them. But that wouldn't bother you, would it? [note - protein folding is the hardest computational task ever found]}
I disagree. When I was at University (left 9 years ago) I wasn't aware of *any* free operating systems. Certainly none that were 'industrial strength'. Please let me know which OSs you are thinking about. (I did Maths, so YMMV)
We used SunOS on workstations, BBC Micros (I kid you not) and a chuffing great Control Data monster running something nasty (but it compiled and ran FORTRAN77, which was all we needed).
My point is (and this comes from experience of hiring people) that recent graduates in CS *all* run free operating systems out of choice. These operating systems are now totally capable of earning their food in the datacentre. I am *seeing* this pressure to adopt Linux/*BSD where I work.
Over the next five years, a large number of recent graduates who are in sysadmin positions will start to rise to positions of greater purchasing power in IS departments. Many of these people have grown up with Free operating systems.
Additionally, new recruits into corporate IS departments will also have had significant experience of Free operating systems at University.
Together, this means that a lot of the traditional barriers to Linux/*BSD in the server room will disappear.
Coupled with the increasing quality of desktop tools for X (Gnome, KDE, StarOffice, KOffice etc) this *may* cause a gradual acceptance of Linux etc. on the corporate desktop.
Happy days ahead.... - Mind you, I have been wrong before, and the Gartner Group are not exactly perfect.
I'm pretty sure it was Stewart Brand. There's a reference to it here
The full quote is "Information wants to be free. Information also wants to be expensive. Information wants to be free because it has become so cheap to distribute, copy, and recombine -- too cheap to meter. It wants to be expensive because it can be immeasurably valuable to the recipient. The result is a tension that will not go away."
It is still a "Trade Secret" even if it is stolen, posted on the web, displayed on billboards, whatever. This is OK until you *use it*. Then, you're screwed.
If MS can prove to a court (in the US) that you used their trade secrets, and that you knew that you had acquired their trade secrets illegally (which *well* includes downloading the source from an FTP site), well, then you are so shafted it's unreal. Can you say "Punitive damages"? 'cos that's what you'll be paying.
All MS have to do to protect their trade secrets is to exercise "reasonable care". Now, try and prove they didn't.
FACT: Stolen secrets are still secrets in law. Half-witted sophistry doesn't change that.
The other half of the quote is "Information wants to be expensive" - Don't quote the popular half until you understand the context
I have followed this whole story in a desultory way. Now, I think it's time for some journalism. Only I'm too lazy to do it. But, if I were a journalist these would be my questions:
Where did the initial allegation (MS hacked) come from?
Is there more than one verifiable source?
What made MS admit to the crack? (They didn't have to - they could have denied it)
The QAZ/Russia stuff? Who is the source? I haven't seen the MS logfiles. How do we know it waz a trojan posting "some data" to Russia?
Which journalist/journal is prepared to stand up and say "This happened - I believe it - here is my evidence."?
Question: Why would *anyone* want to steal MS source code. They are happy to *sell* access for a small fee (100k+ last time I asked - which is chump change)
Who could benefit from a source release? (Answer - any *professional* cracker who wants to crack MS run boxes). I'll leave you to work out the consequences of that. But *my* NT/2000 net-facing boxes are running home to Solaris/HP-UX/AIX/OS-400
And, finally: MS admitted it. So, there must be evidence that it happened. Where the fuck is this evidence?
Pissed posting pisses people off. Perhaps people posting pissed should perceive the pseudo-plenipontentiary powers of the powerful people who perform peer-review. Or not.
NEAR has been in orbit around Eros for months. The orbit started at about 120Km out. They have gradually flown it closer and closer. The latest orbit is *very* close to the asteroid. Remember, this isn't a simple spherical object. The orbital dynamics are extremely complicated. Over the last few months, one thing they have been doing is building an accurate gravity map so that they can fly this close. I don't know how many "firsts" this mission has chalked up, but it's a lot.
NEAR is in orbit around EROS. It has been for months. It's an astonishingly brilliant bit of orbital dynamics. What they have just done is to deduce the perigee gradually from ~= 120Km to bugger-all.
It is generally accepted that the Patriot missiles failed to have any significant success against Scuds. Some analysts have suggested that not one Scud was intercepted.
Look here for the official story, or here for another analysis.
But the really interesting report is the Postol/Lewis analysis, including detailed analysis of video evidence, is here
In the interests of balance, This is a response to it.
(I know it's only one reason, but it's such a biggy I thought I'd say it twice*)
AMD have yet to ship engineering samples of Sledgehammer, for the simple reason that the design isn't fully nailed yet.
Intel have largely stopped marketing Merced/Itanium, because their later designs will probably blow it out of the market.
What is wrong with a company failing to support a non-existant product?
</RANT>
If you need 64-bit processors in your server, you buy Sun SPARC, IBM PPC/64 or DEC Alpha. You spend a lot of money, you get a lot of them in one box, and you don't care about the price, because $5,000,000 for a server (OK, maybe $200,000 at the low end) is trivial.
The good thing is that the companies that sell these chips support Linux (and other free OS projects). The bad thing is that no sane company will ever run a free OS on a box that costs this much.
AMD and Intel are both building 64-bit chips. That's nice. Real computers, running real operating systems have had them for years. Until you need >4GB RAM in your cute little desktop peecee, forget about 64-bit processors. One day they will be there for you, and AMD and Intel will be selling them, But the real processors, in the world of the grown-ups, will still be so far ahead that the leet peecee brigade won't be able to comprehend it
Thankyou for applying to sell your living brain to us. After extensive tests on your cognitive ability, we are happy to offer you $1.80 for your brain. Our trained staff will be with you to perform the extraction in the next hour.
Thankyou, once again, for donating your unused brain.
I know bugger-all about patent law. But in UK, producing a prototype is a requirement before the patent is granted. I think. Perhaps. I read it somewhere once. Sort of thing.
It would be nice if a lawyer familiar with UK patent law could give some insight. But I doubt if any UK patent lawyers read/.
<rant>
Perhaps the/. editors would like to contact a lawyer familiar with UK patent law for an opinion?
<cynicism>
Or would that constitute 'journalism' and therefore upset the VA/Andover lawyers?
</cynicism>
</rant>
Heh. I spouted what I believe to be the correct way to handle this. Three people (so far) have disagreed *for the same basic reason*. I find it worrying that corporations have this much perceived power. That's why I support This organisation.
However, If a bank *did* gag someone, and were subsequently raided, the shareholders (usually large corporations themselves) would be round with the highly-trained, half-starved RottLawyers faster than you can say 'Fiduciary Duty'. Or, at least, that's how I hope it works.
I accept your point. Large companies do tend to behave like that. However, this was a German citizen, working for a Scandinavian/European bank in the Isle of Man. The Isle of Man has it's own legal system, separate from English law. I'm pretty sure that (although it is part of Great Britain) it is not part of the EU. I don't think this chap had much to fear from an American corporation.
There has been a lot of discussion over the past couple of years about the rights and wrongs concerning full disclosure of security flaws.
The person who tipped off the newspapers obviously has no understanding of how full disclosure should be used. What he did is functionally identical to spouting off about his 'leet discovery on a dodgy IRC channel.
Most security professionals agree that full disclosure is the correct way to proceed (anything else is security through obscurity). Note: This does NOT mean that you inform the media, post to leet.kiddies.cracking, or issue a press release saying that your company's product whould have prevented it.
If you are a responsible person, you inform the organization that has the vulnerability. You ask them to investigate it, and ask them for a timescale for a fix. 99% of the time, they will be grateful for the tip-off, and will issue a fix promptly.
If they don't, you tell them that you intend to release the information so that the potential victims are informed, and can manage the risk appropriately.
If they still refuse to do anything, then you think long and hard about going public. You probably should.
Once it's public they *have* to fix it.
However, the way it usually works is that they respond to the tip-off, provide interim/permanent fixes and credit the discoverer.
The aim is to use full disclosure to minimize the exploitability of a security problem. It is not meant to be used by pathetic attention-seekers to grab media focus, or for companies touting security snake-oil to chalk up another few sales.
This disclosure (as far as I can see) was intended to create media exposure (or why was a newspaper contacted?).
I can't see any evidence here that the person who discovered this acted to minimize the effects of the alleged security problem. That puts the discoverer in the "leet kiddie" category until evidence is presented that the bank refused to act on the information.
There is no security. Any organisation (even one without a single computer) is vulnerable to security breaches. This will never change. Unless people act responsibly when a breach occurs, the only winners are criminals.
X configuration in Solaris/i86 isn't even a no-brainer. Early in the install it tells you what your video card and monitor are (with spooky accuracy). Then, the rest of the install is done in X.
More than once, I've got bored with trying to guess monitor capabilities when installing Linux/xBSD (I really mean the excellent XFree86). So, I tank the Free *nix install, stuff my trusty Solaris disk in, and wait until it tells me *exactly* what graphics config I'm dealing with. Then, the XFree86 install goes in clean
(The Solaris drivers usually kick shit out of the XFree ones anyway - I blame Scott McNeally's World Domination Complex)
I just spent a nasty week porting a piece of software that should produce a report describing the outcome of an attempt to load 50-120 files of various formats into an Oracle database with over 120 'important' tables (there are another couple of hundred lookup tables). That's hard. The code is PL/SQL. That generates HTML, which includes a *lot* of Javascript, which generates a whole bunch more HTML that calls more PL/SQL.
The overall output from this is a report that must be right. The contract depends on it. So, there is a major self-test system built in. Overall, it's a small (25,000 lines of code) but tricky lump of code. (making code-generating code test itself can do your brain over *badly*)
Most of this task would have been easy. Except, I was working with 300 files for debugging reasons. I could only change 2 of them. We build a respected, succesful product. You can't have people changing things without documenting the change.
I did it. Because I know how to. Because I have made a *lot* of mistakes, worked on many big projects, and because I'm a smug bastard.
Many times this week, there was a quick and dirty hack I could have done that would have saved hours. But, the changes would have been in code I didn't own. I *couldn't* change it. If I had done I would have screwed maybe 100 other engineers.
Unix is, traditionally, designed to have lots of small tools that do one job well. This works well. Until you have to work on a big project. Then, the whole game changes. If you have a single project with 500 engineers, a few million lines of code, several different programming languages and 20 (or 20 million) demanding customers, then programming becomes irrelevant.
I suspect that Debian, Redhat etc. have realised that a distribution is more complex than any single component (including the million-line+ kernel). Managing a lump of software that big should (from historical observation) take hundreds of people. Most of those people won't be engineers. They'll be managers, documenters, configuration management people.
I am impressed that organizations like Debian have managed to keep to the release schedule they have. Given the number of people involved, and the spread of skills in the Debian team, I would have predicted one release a decade.
'Nuff Respect. Complexity *is* hard. And you can't engineer it away.
OK, sometimes I drag the bait along the bottom to see what bites, but I wasn't doing that here.
If you are prepared to telnet to port 80 on a known compromised box, then you are also likely to be the sort of person who runs Netscape as root. Or [insert IRC client here] as root.
Doing unneccessary stuff as root is, um, bloody daft? If you are lucky, the worst that will happen is that you accidentally hose your entire filesystem. But connecting a client to the internet with root privileges? I can't stop you, but I don't think it's needed.
Ask yourself: Does this make the ankle-biters job harder or easier?
Here's what you did: You connected over the internet, while logged in as root, to a machine that is known to be compromised.
Trust me, if you knew enough about Unix to have a root password, you would't have done this. There is now a finite possibility that a nasty cracker type is looking through the web logs from the compromised box. When they find your connection attempt, you become a target. And now we know you connect to the internet with apps running as root.
You, madam, are now about to become just another roadkill on the information highway.
Slashdot Mirror
I'm teaching my nephew (aged 8) to program in Python. I selected it because it's got a fairly shallow learning curve (you can get impressive results almost as soon as you start), it's a 'real' programming language (lists, maps, objects etc) and it's got elements from most of the major language families (structured, OO, functional - but not really declarative).
He is picking it up amazingly fast, and loving every minute. I am having a lot of fun, too.
I am sure other languages would be appropriate too, but from personal experience I can say that Python seems to be an ideal 'first' language.
Incidentally, his PC runs Win95, so I've given him the Gnu tools. He think's they're funny, but he is already having a load of fun doing simple text processing with the 'usual suspects' (cat, sort, uniq, grep etc) I think this gives him the best of both worlds.
I'll get him using Emacs before he's 9...
I disagree. When I was at University (left 9 years ago) I wasn't aware of *any* free operating systems. Certainly none that were 'industrial strength'. Please let me know which OSs you are thinking about. (I did Maths, so YMMV)
We used SunOS on workstations, BBC Micros (I kid you not) and a chuffing great Control Data monster running something nasty (but it compiled and ran FORTRAN77, which was all we needed).
My point is (and this comes from experience of hiring people) that recent graduates in CS *all* run free operating systems out of choice. These operating systems are now totally capable of earning their food in the datacentre. I am *seeing* this pressure to adopt Linux/*BSD where I work.
Share and Enjoy.
Over the next five years, a large number of recent graduates who are in sysadmin positions will start to rise to positions of greater purchasing power in IS departments. Many of these people have grown up with Free operating systems.
Additionally, new recruits into corporate IS departments will also have had significant experience of Free operating systems at University.
Together, this means that a lot of the traditional barriers to Linux/*BSD in the server room will disappear.
Coupled with the increasing quality of desktop tools for X (Gnome, KDE, StarOffice, KOffice etc) this *may* cause a gradual acceptance of Linux etc. on the corporate desktop.
Happy days ahead.... - Mind you, I have been wrong before, and the Gartner Group are not exactly perfect.
I'm pretty sure it was Stewart Brand. There's a reference to it here
/.
The full quote is "Information wants to be free. Information also wants to be expensive. Information wants to be free because it has become so cheap to distribute, copy, and recombine -- too cheap to meter. It wants to be expensive because it can be immeasurably valuable to the recipient. The result is a tension that will not go away."
It must be true - I saw it on
Are you the next Signal 11?
;)
*Blushes*
No - I was responding to a post that indicated a complete and utter lack of knowledge of the law. But, I'm flattered
MS code is a "Trade Secret".
It is still a "Trade Secret" even if it is stolen, posted on the web, displayed on billboards, whatever. This is OK until you *use it*. Then, you're screwed.
If MS can prove to a court (in the US) that you used their trade secrets, and that you knew that you had acquired their trade secrets illegally (which *well* includes downloading the source from an FTP site), well, then you are so shafted it's unreal. Can you say "Punitive damages"? 'cos that's what you'll be paying.
All MS have to do to protect their trade secrets is to exercise "reasonable care". Now, try and prove they didn't.
FACT: Stolen secrets are still secrets in law. Half-witted sophistry doesn't change that.
The other half of the quote is "Information wants to be expensive" - Don't quote the popular half until you understand the context
Where did the initial allegation (MS hacked) come from?
Is there more than one verifiable source?
What made MS admit to the crack? (They didn't have to - they could have denied it)
The QAZ/Russia stuff? Who is the source? I haven't seen the MS logfiles. How do we know it waz a trojan posting "some data" to Russia?
Which journalist/journal is prepared to stand up and say "This happened - I believe it - here is my evidence."?
Question: Why would *anyone* want to steal MS source code. They are happy to *sell* access for a small fee (100k+ last time I asked - which is chump change)
Who could benefit from a source release? (Answer - any *professional* cracker who wants to crack MS run boxes). I'll leave you to work out the consequences of that. But *my* NT/2000 net-facing boxes are running home to Solaris/HP-UX/AIX/OS-400
And, finally: MS admitted it. So, there must be evidence that it happened. Where the fuck is this evidence?
Pissed posting pisses people off. Perhaps people posting pissed should perceive the pseudo-plenipontentiary powers of the powerful people who perform peer-review. Or not.
NEAR has been in orbit around Eros for months. The orbit started at about 120Km out. They have gradually flown it closer and closer. The latest orbit is *very* close to the asteroid. Remember, this isn't a simple spherical object. The orbital dynamics are extremely complicated. Over the last few months, one thing they have been doing is building an accurate gravity map so that they can fly this close. I don't know how many "firsts" this mission has chalked up, but it's a lot.
Nice one NASA.
NEAR is in orbit around EROS. It has been for months. It's an astonishingly brilliant bit of orbital dynamics. What they have just done is to deduce the perigee gradually from ~= 120Km to bugger-all.
Look here for the official story, or here for another analysis.
But the really interesting report is the Postol/Lewis analysis, including detailed analysis of video evidence, is here
In the interests of balance, This is a response to it.
- Because it doesn't exist yet
- Because it doesn't exist yet
(I know it's only one reason, but it's such a biggy I thought I'd say it twice*)AMD have yet to ship engineering samples of Sledgehammer, for the simple reason that the design isn't fully nailed yet.
Intel have largely stopped marketing Merced/Itanium, because their later designs will probably blow it out of the market.
What is wrong with a company failing to support a non-existant product?
</RANT>
If you need 64-bit processors in your server, you buy Sun SPARC, IBM PPC/64 or DEC Alpha. You spend a lot of money, you get a lot of them in one box, and you don't care about the price, because $5,000,000 for a server (OK, maybe $200,000 at the low end) is trivial.
The good thing is that the companies that sell these chips support Linux (and other free OS projects). The bad thing is that no sane company will ever run a free OS on a box that costs this much.
AMD and Intel are both building 64-bit chips. That's nice. Real computers, running real operating systems have had them for years. Until you need >4GB RAM in your cute little desktop peecee, forget about 64-bit processors. One day they will be there for you, and AMD and Intel will be selling them, But the real processors, in the world of the grown-ups, will still be so far ahead that the leet peecee brigade won't be able to comprehend it
*Apologies to Kryten
Thankyou for applying to sell your living brain to us. After extensive tests on your cognitive ability, we are happy to offer you $1.80 for your brain. Our trained staff will be with you to perform the extraction in the next hour.
Thankyou, once again, for donating your unused brain.
I want an infinite-volume beer mug, and a Punpkin Gun (Current world record is over 4000 feet).
Oh, and for outdoor types, the Bumper Dumper will be appreciated.
For more scholarly people, these books are a must.
Share and enjoy.
I've written my own list (with iterator) and hashtable template classes
What you mean is that you have wasted a significant amount of time and effort reproducing existing functionality.
I am also sure that your code contains bugs, has non-optimal performance and has an interface that no-one else will ever be bothered to learn.
The STL provides bug-free, consistent, guaranteed-performance templates. It is also well-understood by all professional C++ programmers.
Has the entire point of code re-use passed you by? Have you completely misunderstood the standardisation effort?
Strong advice: Use the STL. Do not hand-roll your own. Otherwise, you will never get a job coding C++.
Share and Enjoy.
It was Irix.
The original can be found at The Register
I know bugger-all about patent law. But in UK, producing a prototype is a requirement before the patent is granted. I think. Perhaps. I read it somewhere once. Sort of thing.
/.
/. editors would like to contact a lawyer familiar with UK patent law for an opinion?
It would be nice if a lawyer familiar with UK patent law could give some insight. But I doubt if any UK patent lawyers read
<rant>
Perhaps the
<cynicism>
Or would that constitute 'journalism' and therefore upset the VA/Andover lawyers?
</cynicism>
</rant>
Heh. I spouted what I believe to be the correct way to handle this. Three people (so far) have disagreed *for the same basic reason*. I find it worrying that corporations have this much perceived power. That's why I support This organisation.
However, If a bank *did* gag someone, and were subsequently raided, the shareholders (usually large corporations themselves) would be round with the highly-trained, half-starved RottLawyers faster than you can say 'Fiduciary Duty'. Or, at least, that's how I hope it works.
I accept your point. Large companies do tend to behave like that. However, this was a German citizen, working for a Scandinavian/European bank in the Isle of Man. The Isle of Man has it's own legal system, separate from English law. I'm pretty sure that (although it is part of Great Britain) it is not part of the EU. I don't think this chap had much to fear from an American corporation.
BEGIN RANT BLOCK===============
There has been a lot of discussion over the past couple of years about the rights and wrongs concerning full disclosure of security flaws.
The person who tipped off the newspapers obviously has no understanding of how full disclosure should be used. What he did is functionally identical to spouting off about his 'leet discovery on a dodgy IRC channel.
Most security professionals agree that full disclosure is the correct way to proceed (anything else is security through obscurity). Note: This does NOT mean that you inform the media, post to leet.kiddies.cracking, or issue a press release saying that your company's product whould have prevented it.
If you are a responsible person, you inform the organization that has the vulnerability. You ask them to investigate it, and ask them for a timescale for a fix. 99% of the time, they will be grateful for the tip-off, and will issue a fix promptly.
If they don't, you tell them that you intend to release the information so that the potential victims are informed, and can manage the risk appropriately.
If they still refuse to do anything, then you think long and hard about going public. You probably should.
Once it's public they *have* to fix it.
However, the way it usually works is that they respond to the tip-off, provide interim/permanent fixes and credit the discoverer.
The aim is to use full disclosure to minimize the exploitability of a security problem. It is not meant to be used by pathetic attention-seekers to grab media focus, or for companies touting security snake-oil to chalk up another few sales.
This disclosure (as far as I can see) was intended to create media exposure (or why was a newspaper contacted?).
I can't see any evidence here that the person who discovered this acted to minimize the effects of the alleged security problem. That puts the discoverer in the "leet kiddie" category until evidence is presented that the bank refused to act on the information.
There is no security. Any organisation (even one without a single computer) is vulnerable to security breaches. This will never change. Unless people act responsibly when a breach occurs, the only winners are criminals.
END RANT BLOCK===============
X configuration in Solaris/i86 isn't even a no-brainer. Early in the install it tells you what your video card and monitor are (with spooky accuracy). Then, the rest of the install is done in X.
More than once, I've got bored with trying to guess monitor capabilities when installing Linux/xBSD (I really mean the excellent XFree86). So, I tank the Free *nix install, stuff my trusty Solaris disk in, and wait until it tells me *exactly* what graphics config I'm dealing with. Then, the XFree86 install goes in clean
(The Solaris drivers usually kick shit out of the XFree ones anyway - I blame Scott McNeally's World Domination Complex)
Bear with me on this for a few moments.
I just spent a nasty week porting a piece of software that should produce a report describing the outcome of an attempt to load 50-120 files of various formats into an Oracle database with over 120 'important' tables (there are another couple of hundred lookup tables). That's hard. The code is PL/SQL. That generates HTML, which includes a *lot* of Javascript, which generates a whole bunch more HTML that calls more PL/SQL.
The overall output from this is a report that must be right. The contract depends on it. So, there is a major self-test system built in. Overall, it's a small (25,000 lines of code) but tricky lump of code. (making code-generating code test itself can do your brain over *badly*)
Most of this task would have been easy. Except, I was working with 300 files for debugging reasons. I could only change 2 of them. We build a respected, succesful product. You can't have people changing things without documenting the change.
I did it. Because I know how to. Because I have made a *lot* of mistakes, worked on many big projects, and because I'm a smug bastard.
Many times this week, there was a quick and dirty hack I could have done that would have saved hours. But, the changes would have been in code I didn't own. I *couldn't* change it. If I had done I would have screwed maybe 100 other engineers.
Unix is, traditionally, designed to have lots of small tools that do one job well. This works well. Until you have to work on a big project. Then, the whole game changes. If you have a single project with 500 engineers, a few million lines of code, several different programming languages and 20 (or 20 million) demanding customers, then programming becomes irrelevant.
I suspect that Debian, Redhat etc. have realised that a distribution is more complex than any single component (including the million-line+ kernel). Managing a lump of software that big should (from historical observation) take hundreds of people. Most of those people won't be engineers. They'll be managers, documenters, configuration management people.
I am impressed that organizations like Debian have managed to keep to the release schedule they have. Given the number of people involved, and the spread of skills in the Debian team, I would have predicted one release a decade.
'Nuff Respect. Complexity *is* hard. And you can't engineer it away.
OK, sometimes I drag the bait along the bottom to see what bites, but I wasn't doing that here.
If you are prepared to telnet to port 80 on a known compromised box, then you are also likely to be the sort of person who runs Netscape as root. Or [insert IRC client here] as root.
Doing unneccessary stuff as root is, um, bloody daft? If you are lucky, the worst that will happen is that you accidentally hose your entire filesystem. But connecting a client to the internet with root privileges? I can't stop you, but I don't think it's needed.
Ask yourself: Does this make the ankle-biters job harder or easier?
Don't be afraid. Be paranoid.
Here's what you did: You connected over the internet, while logged in as root, to a machine that is known to be compromised.
Trust me, if you knew enough about Unix to have a root password, you would't have done this. There is now a finite possibility that a nasty cracker type is looking through the web logs from the compromised box. When they find your connection attempt, you become a target. And now we know you connect to the internet with apps running as root.
You, madam, are now about to become just another roadkill on the information highway.
Share and Enjoy