So now that the economy sucks, and we have terrorism to cover our tracks, we're going to make a huge petition to throw a bunch of foreigners out of the country?
What I want to know is what actions ISP's will take when some IP address somewhere starts flooding a bunch of their cable modem customers with WinNuke packets. After they've traced back to find out that it's legal, what will they do? I'm pretty sure it's also legal for them to blacklist anyone who is 'legally crashing' their customers and causing their helpdesk phones to ring off the hook.
I hate to say it, but the best solution to this is good security. Put up the best firewall you can, and let them bring it on.
Just out of curiosity, does subversion have a solution to the CVS's insecure:pserver: problem? That is, a better hack than the nasty scvs scripts for those of us who can't afford to use insecure version control?
I couldn't find any mention of it on the web page, which is why I'm asking here.
Two penis bird guys go round the outside, round the outside, round the outside (2x) Guess who's back [/] Back again [/] Sllort is back [/] Tell a friend Guess who's back, guess who's back, guess who's back, guess who's back guess who's back, guess who's back, guess who's back..
I've created a monster, cause nobody wants to read Michael no more They want Sllort, cause Katz is a whore *duh* [/] Well if you want Sllort, this is what it'll get ya A little bit of Troll mixed up with some professa [/] Don't mod this up they're just trying to test ya It'll get you banned forever by the mastah [/] on the plantation, but I'm not co-operating Been banned since 2000 for writing and creating (hey!) [/] You read it this far, now stop moderating Cause I'm back, I'm on the keys and I'm operating [/] I know that you got a job Ms. Malda but your husband's porn problem's complicating So McCarthy won't let me be [/] he IP bans me, so let me see They try to shut me down but I proxy [/] Cause it feels so empty, without me So, clickety click, type where you sit Fuck that, karma whorin dips, nobody gives a shit Now get ready, cause this shit's about to get heavy Just got a new list of proxies, FUCK YOU JAMIE!
[Chorus:] Now this looks like a job for me [/] DOWN WITH CAPS LIKE JUNIS KANUNI Cause we need a little, controversy [/] Cause it feels so empty to agree I said this looks like a job for me [/] So everybody, try honesty Cause we need a little, controversy [/] Cause it feels so empty to agree
Little Readers, posting defacement. [/] Embarrassed their parents still rent them their basement. They get banned just like prisoners helpless [/] 'til someone posts truth in a journal and yells BULLSHIT!
A visionary, is my vision scary? [/] Could it start revolution, pollutin the stories? A rebel, so just let me revel and gloat [/] in the fact that VA's stock price is looking like GOAT *zero!* And it's a disaster, such a castastrophe [/] First posts are so fuckin expensive; but Katz is free? Well I'm back, na-na-na-na-na-na-na-na-na-na [/] *bzzt* Fix your damn DSL turn it on and then I'm gonna enter in, in the front of your skin like a virus [/] Maybe I'm unkillable, dead like Osirus Ya I'm infecting, best thing since commenting [/] Intriuging the reader's minds and nesting *bzzt* Testing, attention please [/] You feel the rage when Michael mentions me? Here's my journal, you can read it free [/] A nuisance? a prophet? Ya, sounds like me.
[Chorus]
A diskette, a task set, post this cid on that sid, [/] Ask Slashdot: Are You Sofa King We Todd Did? Jonathon Katz, smokin crack mixed with grass [/] If I ever meet you I will KICK YOUR ASS And Taco? You can get blown by Timothy [/] You eleven year old molesting fag, join the clergy You don't know me, you're too dumb, let go [/] It's over, nobody listens to your show Now let's go, suicide for Signal [/] I'll be there cheering like a cheerleader on speed Or crystal, method to the masses [/] ever since Slashbots been babblin like jackasses *bray*
Suddenly without the means [/] To bring up the MetaModeration screen? It's not the servers re-boot-ing [/] It's just you, banned by Slashteam! *hey* No I wasn't aiming for controversy [/] It just happened when they first banned me Now I use it to tell others [/] That Slashteam are a bunch of fuckers! (Hey!) Here's a concept that works [/] Twenty million other people find out you're jerks But no matter how much you alter what they see [/] It just looks empty without me
As another poster has pointed out, the Real Player License allows any contributor to retain exclusive rights to their contributions in section 11. The parent post is a Misinformation Troll; do not feed.
Have you ever considered modifying your bot to be able to post to Slashdot? Do you think that, without the constraint of real-time interaction, you might be able to create a bot which would pass for human more often?
If not, have you considered USENET or any other discussion-style format?
No need to be so bitter. I think, if you ask around Slashdot, you'll find that I am never bitter - in fact, I am never short of positive and upbeat, ever!
That said, CWRU had an incident in 1996 where a large group of graduate Computer Science students would approach the tour groups of high school kids looking to attend the school. They would say "who here is a computer science student?" As kids raised their hands, the grad students would take them aside and inform them that the Computer Science program at Case was failing, that the best professors were resigning, and that if they had any sense, they would flee Case, like the grad students were. After that year, many undergrads followed the majority of the Comp Sci programs' professors in a mass exodus to wherever they could transfer to.
Assume for a moment that I was one of the "refugees" who dumped a $24k/yr scholarship to go to state school because my college's Comp Sci program imploded due to mismanagement. Under that assumption, I might have an excuse to be bitter.
But I'm not, so have a happy day.
And as far as my "important notes" go, those were current eight years ago. The fact that they have remained unpatched for eight years speaks to... something. The fact that we built a server to intercept card reader requests and accept our cards in any door in 1995 and they still haven't fixed it... oh, but I digress.
Right, the Case Engineering school merged with the Western Reserve Women's University to form a single school, and the Western Reserve was a concession from Britain in the War of 1812...
News Flash: nobody cares. As an alumni, I can assure you that in the real world, the name of our mutual alma mater is just too damn big. So chill.
The point is that CWRU has been tossing students huge bandwidth for years now; it's a priority for them. They had 10Mbit fiber to the dorms in 1994, and then upped it to ATM to the dorms four years later, and now they're stepping up to 10 Gig. It's their ongoing social experiment of living on the bleeding edge.
Important note: Their mail server still runs with unencrypted passwords, and their universal cardreader system works by sending your SSN in the clear over CWRUnet. So despite their love for bandwidth, their ability to utilize it lags behind, you know, CMU, and... the other smart schools.
Did you read the articles at all? It is plainly said that Palladium will not eliminate application layer virii.
Large businesses (read : domains) can choose to move from a "blacklist" model to a "whitelist" model, where only approved binaries can be run. This does protect the end user from application level virii. It's not my fault open-source-whoever got it wrong.
Palladium can stop unsigned binaries from being run and provide a measure of content control, but not prevention of vulnerability or risk.
Actually, you're wrong. Palladium gives a corporation the ability to whitelist executables within their organization, blocking all but the ones they have personally inspected. You refer only to the default configuration.
Until of course the remote server is comprimised and suddenly explorer.exe is an untrusted binary and every windows machine in the world shits a brick.
Of course, how many times has Microsoft been hacked? Not their misconfigured software set up by users in the field, but their truly important computers, the ones they pay attention to.
Never.
Their source control servers have never been hacked. Microsoft.com has never been defaced. This is because when it matters, Microsoft's security is tough as nails.
The way every talks about TCPA/Palladium, you'd think it was the biblical mark of the beast. "A single, remote authority with the ability to delete random files off my hard drive? Call the Free Speech Police!"
The problem with everyone's understanding of TCPA/Palladium is that there won't be a single authority (flying Black Helicopters over your PC at night). Big companies like IBM (and especially the government) may use it for document control, but that's about it. What Palladium will do for the world is:
End the untrusted binary problem. Viruses will be blacklisted by a remote server - no more email viruses, ever
End the trojan horse/worm problem
These are important features that Joe sixpack the home user really wants. Nobody likes getting a virus and losing all the information on their Hard Drive.
By jaundicing themselves against the IEEE's implementation of this important standard, the Linux movement is just putting itself behind the curve in computer security. If Palladium succeeds, and Linux doesn't follow, then Linux machines will be the only computers that can get viruses. How ironic would that be?
"Introducing the world's first ultrapersonal computer"
Computer: How are you today? You: Fine. Computer: I noticed that your morning bowel movement deviated from your mean by 170 grams. What happened last night? You: Um, you know, I was out with this girl, and... hey, get out of my face! Computer: Your face has 7,230 pores today. You: Ahhhhhhhh!
I can't figure out from the ruling whether the Bells are allowed to do this to their wireless customers (like Verizon wireless). If so, will they be able to sell their customer's location histories?
That would make for some truly interesting rules of evidence in court.
Because there's a big fat pot of gold at the end: freedom from the tyranny of the DSL/Cable monopolies.
Questions to ponder: 1) Will the punnily named Current Techonologies succeed in bringing IP over AC to households everywhere, bringing yet another monopoly to bear in the war for household broadband... and 2) How will the 802.11 spectrum deal with multiple, competing wireless carriers when/if the spectrum becomes clogged with them?
I still can't get a cable modem OR DSL in my house, so bring it on.
Any chance we could arrange a Slashdot interview with either the Head of the Patent Office (or their main P.R. guy) or with the Senator heading up the Patent Office Committee (whatever that is)?
None whatsoever.
Do the words "small, vocal minority" mean anything to you?
Liquid Audio Sues In Pitiful Attempt to Appear Relevant
Do we have such little trust for Slashdot's readership that they cannot come to the conclusion that Liquid Audio is 'pitiful' and 'irrelevant' on their own? Let's pretend, for a moment, that you work for a struggling company. Who wants to wake up in the morning to read that they are now pitiful and irrelevant. I know that the readers write the headlines, but... didn't someone submit something a little less condescending? I mean, we're all grown-ups here, right?
"As for stability, I think this report is correct, the only IDS I've used that didn't crash consistanty was snort (with ACID)"
I've run NAI's IDS (the one that came bundled with PGP 7.1) for a year on Win2k, and it hasn't crashed yet. It does come up with false positives, especially if you configure it to be "sensitive", but once they occur, you can determine whether or not you want to continue to listen for them. It consistently tagged something the Mac's on our LAN were doing as a "fraggle" attack, so I turned off "fraggle" detection. Not a perfect solution, but soooo much better than nothing.
The server is effed, but you can get most of the content of the Gallery page from Google's cache, as well as get a direct link to the red stapler image.
I've noticed that Slashdot tends to post articles, like this one, that link to "IRC logs". I'm not familiar with this particular application, but personally, I use AOL Instant Messenger, and so does everyone I know. I think the quality of these stories would be greatly improved if they could be posted in AOL-IM format for "the rest of us" to read. I know that Slashdot was recently picked up by Forbes magazine; now that Slashdot is reaching a wider audience, maybe it's time to accomodate other readers?
Other than that, an excellent technical article. Bravo.
Slashdot Mirror
So now that the economy sucks, and we have terrorism to cover our tracks, we're going to make a huge petition to throw a bunch of foreigners out of the country?
Mask it any way you want, but racism sucks.
What I want to know is what actions ISP's will take when some IP address somewhere starts flooding a bunch of their cable modem customers with WinNuke packets. After they've traced back to find out that it's legal, what will they do? I'm pretty sure it's also legal for them to blacklist anyone who is 'legally crashing' their customers and causing their helpdesk phones to ring off the hook.
I hate to say it, but the best solution to this is good security. Put up the best firewall you can, and let them bring it on.
Just out of curiosity, does subversion have a solution to the CVS's insecure :pserver: problem? That is, a better hack than the nasty scvs scripts for those of us who can't afford to use insecure version control?
I couldn't find any mention of it on the web page, which is why I'm asking here.
Stop hitting them with a hammer.
That would probably help.
Two penis bird guys go round the outside, round the outside, round the outside (2x)
Guess who's back [/] Back again [/] Sllort is back [/] Tell a friend
Guess who's back, guess who's back, guess who's back, guess who's back
guess who's back, guess who's back, guess who's back..
I've created a monster, cause nobody wants to read Michael no more
They want Sllort, cause Katz is a whore *duh* [/] Well if you want Sllort, this is what it'll get ya
A little bit of Troll mixed up with some professa [/] Don't mod this up they're just trying to test ya
It'll get you banned forever by the mastah [/] on the plantation, but I'm not co-operating
Been banned since 2000 for writing and creating (hey!) [/] You read it this far, now stop moderating
Cause I'm back, I'm on the keys and I'm operating [/] I know that you got a job Ms. Malda
but your husband's porn problem's complicating
So McCarthy won't let me be [/] he IP bans me, so let me see
They try to shut me down but I proxy [/] Cause it feels so empty, without me
So, clickety click, type where you sit
Fuck that, karma whorin dips, nobody gives a shit
Now get ready, cause this shit's about to get heavy
Just got a new list of proxies, FUCK YOU JAMIE!
[Chorus:]
Now this looks like a job for me [/] DOWN WITH CAPS LIKE JUNIS KANUNI
Cause we need a little, controversy [/] Cause it feels so empty to agree
I said this looks like a job for me [/] So everybody, try honesty
Cause we need a little, controversy [/] Cause it feels so empty to agree
Little Readers, posting defacement. [/] Embarrassed their parents still rent them their basement.
They get banned just like prisoners helpless [/] 'til someone posts truth in a journal and yells BULLSHIT!
A visionary, is my vision scary? [/] Could it start revolution, pollutin the stories?
A rebel, so just let me revel and gloat [/] in the fact that VA's stock price is looking like GOAT *zero!*
And it's a disaster, such a castastrophe [/] First posts are so fuckin expensive; but Katz is free?
Well I'm back, na-na-na-na-na-na-na-na-na-na [/] *bzzt* Fix your damn DSL turn it on and then I'm gonna
enter in, in the front of your skin like a virus [/] Maybe I'm unkillable, dead like Osirus
Ya I'm infecting, best thing since commenting [/] Intriuging the reader's minds and nesting
*bzzt* Testing, attention please [/] You feel the rage when Michael mentions me?
Here's my journal, you can read it free [/] A nuisance? a prophet? Ya, sounds like me.
[Chorus]
A diskette, a task set, post this cid on that sid, [/] Ask Slashdot: Are You Sofa King We Todd Did?
Jonathon Katz, smokin crack mixed with grass [/] If I ever meet you I will KICK YOUR ASS
And Taco? You can get blown by Timothy [/] You eleven year old molesting fag, join the clergy
You don't know me, you're too dumb, let go [/] It's over, nobody listens to your show
Now let's go, suicide for Signal [/] I'll be there cheering like a cheerleader on speed
Or crystal, method to the masses [/] ever since Slashbots been babblin like jackasses *bray*
Suddenly without the means [/] To bring up the MetaModeration screen?
It's not the servers re-boot-ing [/] It's just you, banned by Slashteam! *hey*
No I wasn't aiming for controversy [/] It just happened when they first banned me
Now I use it to tell others [/] That Slashteam are a bunch of fuckers!
(Hey!) Here's a concept that works [/] Twenty million other people find out you're jerks
But no matter how much you alter what they see [/] It just looks empty without me
[Chorus]
La-la-la-la, la-la-la-la-la / La-la-la-la-la, la-la-la-la
As another poster has pointed out, the Real Player License allows any contributor to retain exclusive rights to their contributions in section 11. The parent post is a Misinformation Troll; do not feed.
Have you ever considered modifying your bot to be able to post to Slashdot? Do you think that, without the constraint of real-time interaction, you might be able to create a bot which would pass for human more often?
If not, have you considered USENET or any other discussion-style format?
Anyone who says otherwise has either tapped the actual fiber that runs the cardreaders,
Or an interconnected intelligent switch running insecure SNMP, correct.
No need to be so bitter.
I think, if you ask around Slashdot, you'll find that I am never bitter - in fact, I am never short of positive and upbeat, ever!
That said, CWRU had an incident in 1996 where a large group of graduate Computer Science students would approach the tour groups of high school kids looking to attend the school. They would say "who here is a computer science student?" As kids raised their hands, the grad students would take them aside and inform them that the Computer Science program at Case was failing, that the best professors were resigning, and that if they had any sense, they would flee Case, like the grad students were. After that year, many undergrads followed the majority of the Comp Sci programs' professors in a mass exodus to wherever they could transfer to.
Assume for a moment that I was one of the "refugees" who dumped a $24k/yr scholarship to go to state school because my college's Comp Sci program imploded due to mismanagement. Under that assumption, I might have an excuse to be bitter.
But I'm not, so have a happy day.
And as far as my "important notes" go, those were current eight years ago. The fact that they have remained unpatched for eight years speaks to... something. The fact that we built a server to intercept card reader requests and accept our cards in any door in 1995 and they still haven't fixed it... oh, but I digress.
-s.
Right, the Case Engineering school merged with the Western Reserve Women's University to form a single school, and the Western Reserve was a concession from Britain in the War of 1812...
News Flash: nobody cares. As an alumni, I can assure you that in the real world, the name of our mutual alma mater is just too damn big. So chill.
The point is that CWRU has been tossing students huge bandwidth for years now; it's a priority for them. They had 10Mbit fiber to the dorms in 1994, and then upped it to ATM to the dorms four years later, and now they're stepping up to 10 Gig. It's their ongoing social experiment of living on the bleeding edge.
Important note: Their mail server still runs with unencrypted passwords, and their universal cardreader system works by sending your SSN in the clear over CWRUnet. So despite their love for bandwidth, their ability to utilize it lags behind, you know, CMU, and... the other smart schools.
Just a hint.
Did you read the articles at all? It is plainly said that Palladium will not eliminate application layer virii.
Large businesses (read : domains) can choose to move from a "blacklist" model to a "whitelist" model, where only approved binaries can be run. This does protect the end user from application level virii. It's not my fault open-source-whoever got it wrong.
Palladium can stop unsigned binaries from being run and provide a measure of content control, but not prevention of vulnerability or risk.
Actually, you're wrong. Palladium gives a corporation the ability to whitelist executables within their organization, blocking all but the ones they have personally inspected. You refer only to the default configuration.
Until of course the remote server is comprimised and suddenly explorer.exe is an untrusted binary and every windows machine in the world shits a brick.
Of course, how many times has Microsoft been hacked? Not their misconfigured software set up by users in the field, but their truly important computers, the ones they pay attention to.
Never.
Their source control servers have never been hacked. Microsoft.com has never been defaced. This is because when it matters, Microsoft's security is tough as nails.
Anyway if you're worried, don't buy Windows.
The problem with everyone's understanding of TCPA/Palladium is that there won't be a single authority (flying Black Helicopters over your PC at night). Big companies like IBM (and especially the government) may use it for document control, but that's about it. What Palladium will do for the world is:
- End the untrusted binary problem. Viruses will be blacklisted by a remote server - no more email viruses, ever
- End the trojan horse/worm problem
These are important features that Joe sixpack the home user really wants. Nobody likes getting a virus and losing all the information on their Hard Drive.By jaundicing themselves against the IEEE's implementation of this important standard, the Linux movement is just putting itself behind the curve in computer security.
If Palladium succeeds, and Linux doesn't follow, then Linux machines will be the only computers that can get viruses. How ironic would that be?
Someone needs to put a leash on their PR people.
"Introducing the world's first ultrapersonal computer"
Computer: How are you today?
You: Fine.
Computer: I noticed that your morning bowel movement deviated from your mean by 170 grams. What happened last night?
You: Um, you know, I was out with this girl, and... hey, get out of my face!
Computer: Your face has 7,230 pores today.
You: Ahhhhhhhh!
Creepy.
I can't figure out from the ruling whether the Bells are allowed to do this to their wireless customers (like Verizon wireless). If so, will they be able to sell their customer's location histories?
That would make for some truly interesting rules of evidence in court.
Peru: We've decided to use Free Software.
Microsoft: Ok, here's some free Software.
If they do this, is there any point in building G3/G4 mobile phone networks?
Absolutely! How else can we fuel the media's need for financing scandals and collapsing telecommunications firms?
Because there's a big fat pot of gold at the end: freedom from the tyranny of the DSL/Cable monopolies.
Questions to ponder:
1) Will the punnily named Current Techonologies succeed in bringing IP over AC to households everywhere, bringing yet another monopoly to bear in the war for household broadband... and
2) How will the 802.11 spectrum deal with multiple, competing wireless carriers when/if the spectrum becomes clogged with them?
I still can't get a cable modem OR DSL in my house, so bring it on.
Any chance we could arrange a Slashdot interview with either the Head of the Patent Office (or their main P.R. guy) or with the Senator heading up the Patent Office Committee (whatever that is)?
None whatsoever.
Do the words "small, vocal minority" mean anything to you?
Liquid Audio Sues In Pitiful Attempt to Appear Relevant
Do we have such little trust for Slashdot's readership that they cannot come to the conclusion that Liquid Audio is 'pitiful' and 'irrelevant' on their own? Let's pretend, for a moment, that you work for a struggling company. Who wants to wake up in the morning to read that they are now pitiful and irrelevant. I know that the readers write the headlines, but... didn't someone submit something a little less condescending?
I mean, we're all grown-ups here, right?
I keep sending CmdrTaco email that says 'I LOVE YOU' in the subject, and I think he's filtering it somehow.
No replies yet.
"As for stability, I think this report is correct, the only IDS I've used that didn't crash consistanty was snort (with ACID)"
I've run NAI's IDS (the one that came bundled with PGP 7.1) for a year on Win2k, and it hasn't crashed yet. It does come up with false positives, especially if you configure it to be "sensitive", but once they occur, you can determine whether or not you want to continue to listen for them. It consistently tagged something the Mac's on our LAN were doing as a "fraggle" attack, so I turned off "fraggle" detection.
Not a perfect solution, but soooo much better than nothing.
The server is effed, but you can get most of the content of the Gallery page from Google's cache, as well as get a direct link to the red stapler image.
I've noticed that Slashdot tends to post articles, like this one, that link to "IRC logs". I'm not familiar with this particular application, but personally, I use AOL Instant Messenger, and so does everyone I know. I think the quality of these stories would be greatly improved if they could be posted in AOL-IM format for "the rest of us" to read. I know that Slashdot was recently picked up by Forbes magazine; now that Slashdot is reaching a wider audience, maybe it's time to accomodate other readers?
Other than that, an excellent technical article. Bravo.