A quick read through that story shows nothing out of the ordinary. Anything that transmits something over air (cell phones, pagers, walkie-talkies, etc) is already banned from military and other government buildings, except in approved circumstances where the equipment was purchased by the gov't, or approved areas of certain buildings. I dont really see the "news" in that story.
damn straght on that. Alan is actually is keeping a kernel file-permissions security hole secret (he says it's been patched) because someone could constru the file-perms as a copyright protection. Yes, this is despite him being a top maintainer of the kernel.
I suspect he wouldve made the hole known, since he's not an American, but the incident with Dimitry probably scared him (much like that frequent US-visiting Swiss researcher who found holes in Intel products, or that Anonymous author of an academic article published by a UK group).
occasionally college profs (even CS profs) require you to turn in a disk along with an assignment.
I see posts pointing to CDRs, but think about the cost associated with putting one meg of data on a 600 mb CD. Doesnt make sense. Also, CDs break/crack much more easily compared to the 3" floppy.
Yeah, that was good to see. He (along with many of his 20/20 colleagues) is a very good journalist. Often he does that "Gimmie a break!" segment at the end of some shows that are just great. My favorite was the Dumb Laws story -- In PA you're not allowed to sing in the shower. I'm guilty of about 1000 counts on that one!
John Stossel...
on
What, Me Worry?
·
· Score: 2, Informative
A few weeks ago, John Stossel of ABC's 20/20 news show did a whole 1-hour special on media hype, exposing truths in things like road rage, car magazine reviews, and terrorism warnings. He also did a "Junk Science" special a few years ago, pointing out large-number scare tactics, hype over medical problems that never existed to begin with, etc.
This story with the asteroid is right up his alley.
Was reviewed on slashdot way back when. Good crypto history book, that includes discussion of the various algorithms from over hte years, including a good one of what quantum may bring.
Comes with Red Hat 7.2 CD's, is perfect for the Windows->Linux convert. Also a good reference on how to do simple things regardless of distro, this way I dont have to spend all day looking online.
Anything with Knuth's name on it Dragon Book (Compilers - Principles, Tools & Techniques, Aho et al) Gang of Four (Design Patterns, Gamma et al) Andy Tannenbaum's OS book That thick ass Intro to Algorithms book from the MIT boys Patterson/Henessey Computer Organization & Design
...if she had difficulties using the system. eg... did any programs crash? did any error messages pop-up? etc.
Also, how about you try using the box? Do exactly what she does, keeping watch on the firewall status for anything of interest. Experiment with the system and see what happens on the firewall.
Lastly, consider removing the firewall block, and instead doing a tcpdump of the suspicious packets. See if anything of interest comes up.
I think there's more to that story. A company hired to test program written for Mac OSX and Linux, not just Windows. Anyone else catch what I'm getting at?
on the page dedicated to the Sysadmin Day, there's a whole list of what qualifies as a Systems Administrator. MSCE is not on the list, though MS Exchange admins are.
i read somewhere last week that Gateway once published a number as 800, but was supposed to be 888. The company that owned that 800 number sued Gateway and won judgement for charges related to callers calling that number incorrectly, and damages resulting from lost productivity.
Let's hope MS (and the press) got that number right, for the sake of whomever would be at the other end...
Most people have email addresses assigned by work/school -- firstname.lastname@company.com, fl##@company.com, flastname@company, etc, and they can't change that without changing their name in the courts.
Also, the same theory could apply to changing my phone number to avoid telemarketers. Let's see the general populous react to that.
Likewise, avoiding junk mail by changing snail mail addresses.
Great inconveniences on both changing snail mail and phone numbers. Gotta notify friends, family, work, the state (get new DL for snail mail), the IRS (or other applicable tax collection agency), my bank, etc.
As one person mentioned, what's the judge's email address? I bet it falls into the category of work-assigned addresses.
i doubt he would strap the toaster to a person's head. but maybe rig it such that the toaster starts toasting the bread when the alarm goes off (kinda like coffee pots), but the drill here is to stop the toast from burning, instead of letting it burn the house down.
to describe "bad coders," i think the phrase you're looking for is "Code Monkey," sense #1 from the Jargon file: A person only capable of grinding out code, but unable to perform the higher-primate tasks of software architecture, analysis, and design. Mildly insulting. Often applied to the most junior people on a programming team.
that's definitely interesting. Makes me wonder -- there was that Code Red Vigilante program written up. It was basically a Java program (speed issues aside, it was for maximum cross-platformness) that listens on port 80 for Code Red exploit attempts, then fires back at that machine, using the same default.ida exploit, causing a window to pop-up on the infected machine with information about what's wrong, what to do about it, where to go for more information, etc.
The author made the program available on his website, so that anyone not running a webserver could run CRV themselves. I know the author also got a lot of thank you emails from infected users who thought they weren't vulnerable because of misinformation that was going around about the worm.
As to your FBI story, I think the problem there was that the worm-patching-another-worm was making changes to the system without permission of the admin. But it makes me wonder how the FBI may have reacted to the CRV program. Given that the FBI has better educated themselves on computer hacking issues (especially since the witchhunts following the AT&T outage in the early 1990s), my guess is that they saw it as no biggie because it made no permanent changes to the infected machine.
Slashdot Mirror
A quick read through that story shows nothing out of the ordinary. Anything that transmits something over air (cell phones, pagers, walkie-talkies, etc) is already banned from military and other government buildings, except in approved circumstances where the equipment was purchased by the gov't, or approved areas of certain buildings. I dont really see the "news" in that story.
damn straght on that. Alan is actually is keeping a kernel file-permissions security hole secret (he says it's been patched) because someone could constru the file-perms as a copyright protection. Yes, this is despite him being a top maintainer of the kernel.
I suspect he wouldve made the hole known, since he's not an American, but the incident with Dimitry probably scared him (much like that frequent US-visiting Swiss researcher who found holes in Intel products, or that Anonymous author of an academic article published by a UK group).
occasionally college profs (even CS profs) require you to turn in a disk along with an assignment.
I see posts pointing to CDRs, but think about the cost associated with putting one meg of data on a 600 mb CD. Doesnt make sense. Also, CDs break/crack much more easily compared to the 3" floppy.
Yeah, that was good to see. He (along with many of his 20/20 colleagues) is a very good journalist. Often he does that "Gimmie a break!" segment at the end of some shows that are just great. My favorite was the Dumb Laws story -- In PA you're not allowed to sing in the shower. I'm guilty of about 1000 counts on that one!
A few weeks ago, John Stossel of ABC's 20/20 news show did a whole 1-hour special on media hype, exposing truths in things like road rage, car magazine reviews, and terrorism warnings. He also did a "Junk Science" special a few years ago, pointing out large-number scare tactics, hype over medical problems that never existed to begin with, etc.
This story with the asteroid is right up his alley.
actually, RIAA has the .com & .org already, mpaa.com is in use by some company with similar initials.
most likely yes. Even Roblimo mentioned that several weeks ago in an article on Newsforge about the topic of the .org TLD.
more crypto ...
The Code Book, by Simon Singh
Was reviewed on slashdot way back when. Good crypto history book, that includes discussion of the various algorithms from over hte years, including a good one of what quantum may bring.
Learning Red Hat Linux by Bill McCarty
Comes with Red Hat 7.2 CD's, is perfect for the Windows->Linux convert. Also a good reference on how to do simple things regardless of distro, this way I dont have to spend all day looking online.
Anything with Knuth's name on it
Dragon Book (Compilers - Principles, Tools & Techniques, Aho et al)
Gang of Four (Design Patterns, Gamma et al)
Andy Tannenbaum's OS book
That thick ass Intro to Algorithms book from the MIT boys
Patterson/Henessey Computer Organization & Design
just think of all the curious newbies you just sent to that page!
...if she had difficulties using the system. eg... did any programs crash? did any error messages pop-up? etc.
Also, how about you try using the box? Do exactly what she does, keeping watch on the firewall status for anything of interest. Experiment with the system and see what happens on the firewall.
Lastly, consider removing the firewall block, and instead doing a tcpdump of the suspicious packets. See if anything of interest comes up.
I think there's more to that story. A company hired to test program written for Mac OSX and Linux, not just Windows. Anyone else catch what I'm getting at?
i beleive jimbo said "I'm goin to law school"
Followed by Homer: "NOOOOOOOO!!!!"
CmdrTaco would be proud!
dammit.... s/MSCE/MCSE/
on the page dedicated to the Sysadmin Day, there's a whole list of what qualifies as a Systems Administrator. MSCE is not on the list, though MS Exchange admins are.
i read somewhere last week that Gateway once published a number as 800, but was supposed to be 888. The company that owned that 800 number sued Gateway and won judgement for charges related to callers calling that number incorrectly, and damages resulting from lost productivity.
Let's hope MS (and the press) got that number right, for the sake of whomever would be at the other end...
Most people have email addresses assigned by work/school -- firstname.lastname@company.com, fl##@company.com, flastname@company, etc, and they can't change that without changing their name in the courts.
Also, the same theory could apply to changing my phone number to avoid telemarketers. Let's see the general populous react to that.
Likewise, avoiding junk mail by changing snail mail addresses.
Great inconveniences on both changing snail mail and phone numbers. Gotta notify friends, family, work, the state (get new DL for snail mail), the IRS (or other applicable tax collection agency), my bank, etc.
As one person mentioned, what's the judge's email address? I bet it falls into the category of work-assigned addresses.
I thought the Queen of England had Red Hat, why the policy requiring it? Shouldn't her majesty's endorsement be enough?
hmmm. if only Linus knew what was to come when he wrote the following in his first posting to the minix newsgroup:
.... probably never will support anything other than AT-harddisks
It is NOT protable
i knew he was. i was trying to add to it with the house burning down remark.
i doubt he would strap the toaster to a person's head. but maybe rig it such that the toaster starts toasting the bread when the alarm goes off (kinda like coffee pots), but the drill here is to stop the toast from burning, instead of letting it burn the house down.
to describe "bad coders," i think the phrase you're looking for is "Code Monkey," sense #1 from the Jargon file: A person only capable of grinding out code, but unable to perform the higher-primate tasks of software architecture, analysis, and design. Mildly insulting. Often applied to the most junior people on a programming team.
that's definitely interesting. Makes me wonder -- there was that Code Red Vigilante program written up. It was basically a Java program (speed issues aside, it was for maximum cross-platformness) that listens on port 80 for Code Red exploit attempts, then fires back at that machine, using the same default.ida exploit, causing a window to pop-up on the infected machine with information about what's wrong, what to do about it, where to go for more information, etc.
The author made the program available on his website, so that anyone not running a webserver could run CRV themselves. I know the author also got a lot of thank you emails from infected users who thought they weren't vulnerable because of misinformation that was going around about the worm.
As to your FBI story, I think the problem there was that the worm-patching-another-worm was making changes to the system without permission of the admin. But it makes me wonder how the FBI may have reacted to the CRV program. Given that the FBI has better educated themselves on computer hacking issues (especially since the witchhunts following the AT&T outage in the early 1990s), my guess is that they saw it as no biggie because it made no permanent changes to the infected machine.