I wonder if theyll ever create a kind of disc that the media breaks down as the laser passes over it. Aka, one time read or maybe two or three times read.
I wonder why they didnt just create some new slim connector format like the ones on the bottoms of cell phones or dongles for pcmcia cards. At least if you needed serial, a special cable (but still raw serial format) would allow you to do your business.
And for those of us not wanting to run winblows or some usb aware os, ie asm code or some other embedded application, this would eliminate the need for the usb to serial adapters.
i agree though, rs232 now and for quite a while will never be legacy.
I think it's sad that the industry completely overlooked ways of making the artists more money because they were too concerned about making money for themselves. RIAA purports to be doing all these things in the name of the artists who are being cheated out of hard earned dollars, but the reality is, and everyone knows it, that RIAA is in it solely for their own benefit. It has been shown by several artists and by a number of scholars back in the beginning of napster that artists really make very little from CD sales. The bulk of their money comes from going on tour. CDs are simply a promotion tool to get themselves heard and to get people to go to the concerts. Yes they do make money on CD's, I'm not disputing that. But the labels take such a huge percentage they make more on concerts. A pay per download system could generate artists far more money than they make now. Even some free downloading is beneficial. Its like radio air play. I know a lot of people who download an album or a few key songs and decide they like it and go buy it.
P2p could have been a boon for artists, but now has been painted into other means of operation because the people with the bucks didn't care. </rant>
As far as I know, 3.7.1p2 was available when all these vulnerabilities were first mentioned a while back. The first thing i downloaded was 3.7.1p2.. So I dont think this is new news.
Also, been having problems with 3.7.1p2 on Solaris 9. Doesnt seem to matter which libwrap i compile against (using configure --with-tcp-wrappers), it seems to have trouble parsing hosts.allow.
ALL: ALL: DENY gets parsed as ALL: ALL and accepts connections from anywhere Removing that line then denies all connections. making sshd: ALL opens it up to everything again.. sshd: 123.231.213.1 by itself doesnt work, sshd: IP IP IP (list of ips as above) doesnt work... sshd: hostname or sshd: hostname hostname hostname etc doesnt work....
been dealing with this since the release... anybody have this problem?
wrt snail spam. Those businesses use -their- resources and money to send those mails. They are not getting those advertisements free. They pay printing, marketing, and the postal service among other things. Spam on the other hand is distributed at nearly no cost, and the illigitimate spammers often use your equipment to do so (ala SoBig, etc) and fill up internet service providers and the home/office users' hard drive space without any sort of service payment for using that space for their advertisement.
Random thought, what would the world think of an organization that companies would pay a fee to send email advertisements to, and they would in turn send properly paid accounts' mail out to the intended user list along with some compensation. ala paypal or something... this is what id envision.. Company A sends a message to 'US Spam Service', with a list of intended recipients and a payment per user on the list. 'US Spam Service' makes sure the email meets standards etc, and sends it out to the recipient list with a link at the bottom that entitles the recipient to collect X cents attributed with that email address on an account on a server. User clicks the link, enters authentication information, and the money for the email is added to your account.
now theres some things to be worked out with proving who's who and all that, and trying to figure out how to compensate the ISPs. But this is just a theoretical concept. It would reduce/eliminate completely bogus spams. Any thoughts on this concept?
I wanted to say thank you for your extremely well thought out and researched response. You are a major asset to Slashdot. Keep up the wonderful postings. Id mod this 10000000000 if i could.
on #2, you're thinking short short term, like in the moment. Yeah the dumb criminals (who probably cant pick the lock anyway) will want the quick cash grab. But the smart ones, will wait for a bigger pay off. Why not install key loggers or card reader loggers, come back later get your stash, or remote in if you can figure out how once you get it open. Most atms ive seen have phone jacks behind em, plug in a handset and dial ANI, get the number. I don't know whats involved, but I'm not talking about your dumb thieves comming with a truck and ripping the atm out of the wall, im talking real white collar guys with time and resources and money, or just a group of anarchists with a bone to pick.
There has to be some way to get access. Cover the camera, unplug the phoneline (in a lot of places its easy to access or sitting in plain sight), and then have fun with the thing. Or like some brazen folks have done, socially engineer the atm out of the building. They havent gotten away with it because they didnt bring it back.. but Walk up uniformed, drive it off in a truck, take your couple hours hacking it, bring it back, put it back all nice and no one will be the wiser.
But many of you are right, this is true for -ANY- os. The people who can get this kind of access will take the time to learn whats involved, and bring it to fruition. Given enough knowledge about any system, you can typically find a way to break in. Usually the mechanisms involved require too much knowledge/time to bother. There are bigger payoffs in other areas.
I agree, you know, there are shooting ranges in most towns. And if we're talking media/entertainment, what about the news. There are beatings and shootings and explosions all the time. So I suppose we should be suing every newsstation in the county as well for the violence on tv... and if that were the case, shouldnt we be then suing everyone who's ever appeared on the news, including suspects, etc?
Anyway, my point is, you take it past a certain point and it becomes rediculous, and that point is the parents.
Yay, maybe if more companies switch to Unix variants after all this MS BS it will save the world! =)
On a more serious note, I do think a RedHat KDE Desktop can be just as user friendly as any windows box ever was and truly step in as a windows replacement with all of the applications available.
I think we're near the year where Linux is going to start seeing some steep desktop share percentage climbs, and hopefully with that number increasing, a decrease in NetNumbing virii/worms and an increase in stability/performance as well as disk space (less bloatware)
Save us from the Evil Dollar-Bill Gates, go Linux!
I love how microsoft said this was too organized to be just anybody, it had to be terrorism and it turns out to be some 18 year old. I figured it was a 12 year old or something, or maybe a monkey. Its wonderful (sarcastic) that thats all it takes to bring the internet to its knees due to sloppy coding from MS.
I don't think it matters how many 20 second clips you get, or that they're 20 second clips. The second you have enough material on your machine to constitute copyright infringement you're breaking the law.
Now, what you want is to be able to download all these pieces anonymously and get all them on to your system while avoiding the gaze of BigBrother/RIAA/et al. and avoid prosecution by avoiding detection. This doesn't make it legal.
So why bother making 20 second legal clips available for download if you have the whole song somewhere on your drive anyway? You're still breaking the law and still equally as liable.
Hell even microsoft's windows media player sends information out about which songs youre listening to. Spyware abounds. If you listen to enough music, you're bound to get caught someday. They just only have enough resources for the 'big fish' and the occasional little fish to scare medium fish from downloading any more.
static and heat are two very different things.. take 3,000volts of extremely low current voltage, perhaps off a small open ended ac flourescent light driver (one for tiny electronics flourescent displays, i had one once, took a 12v input) and hold then end of the connector, touch metal. Sparks come out of your hand, but it is high frequency and doesnt burn but yet arcs nicely. (assuming you didnt use a battery to power it and give it some current.. i did that once.. but anyway) now run that same electricity through a chip and boom it will often blow out the middle.
Static electricity can be anywhere from a couple volts all the way up to 14,000 volts. I've seen displays at tech-museums like The Tech museum in San Jose and the Exploratorium in SF that measure static electricity on your person after rubbing your feet.
Heat and static are very different.
"Try to be more smart and less stupid, please."
on a side note.. has anybody checked to see if its the same types of motherboards or motherboards with the same type of UART chip?
yeah thats the problem, people aren't responsible enough in general to reserve their encrypted chatter or other formatted chatter to a channel where everyone else is using that.
i only used my protocol with friends in private messages or in private channels.
not everybody is that nice
Re:IRC doesn't need security..
on
Secure IRC?
·
· Score: 1
ssh tunneling will only help you encrypt between your client and the nearest server, but still goes over the unencrypted net.. the SILC website touches on that.
it really depends on where the security threat is. but what's more likely, someone's going to be snooping at your office on the connection between the irc client and the ISP/backbone provider, or someone snooping on the big backbone between the irc servers.. not too likely on the latter. ssh wrapping would help by that token, but not totally.
as for security on irc, irc is admittedly overpopulated with script kiddies, but there are a minority of people who use it for legitimate chatter and a small percentage more who would use it if they felt it was secure.
I'd probably talk about my personal issues with my friends if i knew I had a secure channel. stuff I don't want just floating around to any ircop on a hackedup server.
security is a legitimate concern. don't discount it so quickly.
at one point I wrote a special irc client that used existing irc protocols but encrypted text using your key into a viewable ascii range so that it could be successfully passed over irc. no special mods, and of course the message was encrypted all the way through the network. so even though the underlying protocol wasnt secure. secure messages could be sent with a minor loss in performance due to extra characters as a result of the encryption scheme. clients who didn't know your key would see garbage. unencrypted messages would show up as normal. It was pretty cool, it worked for several years before I left irc.
getting people to switch to a new protocol/network is difficult. people a) don't like change and b) are afraid to lose the connections they have on irc. So unless you convinced EFNet to shutdown its irc services and switch to SILC or something, nobody would want to take the risk and sit around on empty channels until everybody filtered over.
I think a much better solution is like the one I had. Just use some extra functionality on clients without changing the RFC for IRC.
I dont think I saw this part of your question addressed, but forgive me if I missed it.
T1's, T3's, OC/12's 48's, etc all have something in common, they pass frames. They can be of anything, voice, data, whatever.
As for your question about people on 100% fiber connections, they might not necessarily be able to hook directly into the net. If those fiber lines are only running telephone lines, or they don't have any more available channels on it then without adding more cables or changing their encoding and totally redoing the hardware, there's no way you'll get fiber internet.
But here's the other problem, even if they got a fiber line carrying internet out to your closest litle green box, it's not fiber all the way to your house, it gets demuxed into copper anywhere up to a mile or so from your house. They would have to stick in a router and fiber distribution gear and then run fiber to your house. They could run the fiber to your house, yes, but they wont and they also probably won't want to figure out how to stick all that gear in one of those boxes.
The boxes get broken into all the time, and they would be more often if kiddies knew there was a Cisco 2501 or something sitting in there. The boxes aren't secure and mostly, not big.
I hope this helps some, but don't count on straight fiber runs. Good luck, do check into the G.lite like one other guy mentioned.
Good call on that one, I had looked into this at one point, and I think it was on sony's website that arrived at that very same 150mb number. When I looked at this post I immediately wanted to add the results of my searches, but it seems that you all have done very well at answering the questions.
But I do have to ask, did you arrive at these numbers by your own calculation or did you find them somewhere (perhaps the same place as I did?)
Slashdot Mirror
I wonder if theyll ever create a kind of disc that the media breaks down as the laser passes over it. Aka, one time read or maybe two or three times read.
everything is a stepping stone to a true 'micro' computer
the point about this board is its the -only- one of its size factor. if we were talking about ATX, you might have a point.
I wonder why they didnt just create some new slim connector format like the ones on the bottoms of cell phones or dongles for pcmcia cards. At least if you needed serial, a special cable (but still raw serial format) would allow you to do your business.
And for those of us not wanting to run winblows or some usb aware os, ie asm code or some other embedded application, this would eliminate the need for the usb to serial adapters.
i agree though, rs232 now and for quite a while will never be legacy.
I think it's sad that the industry completely overlooked ways of making the artists more money because they were too concerned about making money for themselves. RIAA purports to be doing all these things in the name of the artists who are being cheated out of hard earned dollars, but the reality is, and everyone knows it, that RIAA is in it solely for their own benefit. It has been shown by several artists and by a number of scholars back in the beginning of napster that artists really make very little from CD sales. The bulk of their money comes from going on tour. CDs are simply a promotion tool to get themselves heard and to get people to go to the concerts. Yes they do make money on CD's, I'm not disputing that. But the labels take such a huge percentage they make more on concerts. A pay per download system could generate artists far more money than they make now. Even some free downloading is beneficial. Its like radio air play. I know a lot of people who download an album or a few key songs and decide they like it and go buy it.
P2p could have been a boon for artists, but now has been painted into other means of operation because the people with the bucks didn't care.
</rant>
As far as I know, 3.7.1p2 was available when all these vulnerabilities were first mentioned a while back. The first thing i downloaded was 3.7.1p2.. So I dont think this is new news.
Also, been having problems with 3.7.1p2 on Solaris 9. Doesnt seem to matter which libwrap i compile against (using configure --with-tcp-wrappers), it seems to have trouble parsing hosts.allow.
example file:
ALL: 127.0.0.1
sshd: 123.231.213.1 123.231.213.2 123.231.213.3
ALL: PARANOID: DENY
ALL: ALL: DENY
ALL: ALL: DENY gets parsed as ALL: ALL and accepts connections from anywhere
Removing that line then denies all connections. making sshd: ALL opens it up to everything again.. sshd: 123.231.213.1 by itself doesnt work, sshd: IP IP IP (list of ips as above) doesnt work... sshd: hostname or sshd: hostname hostname hostname etc doesnt work....
been dealing with this since the release... anybody have this problem?
wrt snail spam.
Those businesses use -their- resources and money to send those mails. They are not getting those advertisements free. They pay printing, marketing, and the postal service among other things. Spam on the other hand is distributed at nearly no cost, and the illigitimate spammers often use your equipment to do so (ala SoBig, etc) and fill up internet service providers and the home/office users' hard drive space without any sort of service payment for using that space for their advertisement.
Random thought, what would the world think of an organization that companies would pay a fee to send email advertisements to, and they would in turn send properly paid accounts' mail out to the intended user list along with some compensation. ala paypal or something... this is what id envision..
Company A sends a message to 'US Spam Service', with a list of intended recipients and a payment per user on the list. 'US Spam Service' makes sure the email meets standards etc, and sends it out to the recipient list with a link at the bottom that entitles the recipient to collect X cents attributed with that email address on an account on a server. User clicks the link, enters authentication information, and the money for the email is added to your account.
now theres some things to be worked out with proving who's who and all that, and trying to figure out how to compensate the ISPs. But this is just a theoretical concept. It would reduce/eliminate completely bogus spams. Any thoughts on this concept?
I wanted to say thank you for your extremely well thought out and researched response. You are a major asset to Slashdot. Keep up the wonderful postings. Id mod this 10000000000 if i could.
The old fashioned way, use one of the registries/registrars or whois.
I think sun is talking about having -no- trace lines, the chips have transmitters and receivers rather than traces between chips.
on #2, you're thinking short short term, like in the moment. Yeah the dumb criminals (who probably cant pick the lock anyway) will want the quick cash grab. But the smart ones, will wait for a bigger pay off. Why not install key loggers or card reader loggers, come back later get your stash, or remote in if you can figure out how once you get it open. Most atms ive seen have phone jacks behind em, plug in a handset and dial ANI, get the number. I don't know whats involved, but I'm not talking about your dumb thieves comming with a truck and ripping the atm out of the wall, im talking real white collar guys with time and resources and money, or just a group of anarchists with a bone to pick.
There has to be some way to get access. Cover the camera, unplug the phoneline (in a lot of places its easy to access or sitting in plain sight), and then have fun with the thing. Or like some brazen folks have done, socially engineer the atm out of the building. They havent gotten away with it because they didnt bring it back.. but Walk up uniformed, drive it off in a truck, take your couple hours hacking it, bring it back, put it back all nice and no one will be the wiser.
But many of you are right, this is true for -ANY- os. The people who can get this kind of access will take the time to learn whats involved, and bring it to fruition. Given enough knowledge about any system, you can typically find a way to break in. Usually the mechanisms involved require too much knowledge/time to bother. There are bigger payoffs in other areas.
I agree, you know, there are shooting ranges in most towns. And if we're talking media/entertainment, what about the news. There are beatings and shootings and explosions all the time. So I suppose we should be suing every newsstation in the county as well for the violence on tv... and if that were the case, shouldnt we be then suing everyone who's ever appeared on the news, including suspects, etc?
Anyway, my point is, you take it past a certain point and it becomes rediculous, and that point is the parents.
Yay, maybe if more companies switch to Unix variants after all this MS BS it will save the world! =)
On a more serious note, I do think a RedHat KDE Desktop can be just as user friendly as any windows box ever was and truly step in as a windows replacement with all of the applications available.
I think we're near the year where Linux is going to start seeing some steep desktop share percentage climbs, and hopefully with that number increasing, a decrease in NetNumbing virii/worms and an increase in stability/performance as well as disk space (less bloatware)
Save us from the Evil Dollar-Bill Gates, go Linux!
I love how microsoft said this was too organized to be just anybody, it had to be terrorism and it turns out to be some 18 year old. I figured it was a 12 year old or something, or maybe a monkey. Its wonderful (sarcastic) that thats all it takes to bring the internet to its knees due to sloppy coding from MS.
I don't think it matters how many 20 second clips you get, or that they're 20 second clips. The second you have enough material on your machine to constitute copyright infringement you're breaking the law.
Now, what you want is to be able to download all these pieces anonymously and get all them on to your system while avoiding the gaze of BigBrother/RIAA/et al. and avoid prosecution by avoiding detection. This doesn't make it legal.
So why bother making 20 second legal clips available for download if you have the whole song somewhere on your drive anyway? You're still breaking the law and still equally as liable.
Hell even microsoft's windows media player sends information out about which songs youre listening to. Spyware abounds. If you listen to enough music, you're bound to get caught someday. They just only have enough resources for the 'big fish' and the occasional little fish to scare medium fish from downloading any more.
static and heat are two very different things.. take 3,000volts of extremely low current voltage, perhaps off a small open ended ac flourescent light driver (one for tiny electronics flourescent displays, i had one once, took a 12v input) and hold then end of the connector, touch metal. Sparks come out of your hand, but it is high frequency and doesnt burn but yet arcs nicely. (assuming you didnt use a battery to power it and give it some current.. i did that once.. but anyway) now run that same electricity through a chip and boom it will often blow out the middle. Static electricity can be anywhere from a couple volts all the way up to 14,000 volts. I've seen displays at tech-museums like The Tech museum in San Jose and the Exploratorium in SF that measure static electricity on your person after rubbing your feet.
Heat and static are very different.
"Try to be more smart and less stupid, please."
on a side note.. has anybody checked to see if its the same types of motherboards or motherboards with the same type of UART chip?
yeah thats the problem, people aren't responsible enough in general to reserve their encrypted chatter or other formatted chatter to a channel where everyone else is using that. i only used my protocol with friends in private messages or in private channels. not everybody is that nice
ssh tunneling will only help you encrypt between your client and the nearest server, but still goes over the unencrypted net.. the SILC website touches on that. it really depends on where the security threat is. but what's more likely, someone's going to be snooping at your office on the connection between the irc client and the ISP/backbone provider, or someone snooping on the big backbone between the irc servers.. not too likely on the latter. ssh wrapping would help by that token, but not totally. as for security on irc, irc is admittedly overpopulated with script kiddies, but there are a minority of people who use it for legitimate chatter and a small percentage more who would use it if they felt it was secure. I'd probably talk about my personal issues with my friends if i knew I had a secure channel. stuff I don't want just floating around to any ircop on a hackedup server. security is a legitimate concern. don't discount it so quickly.
at one point I wrote a special irc client that used existing irc protocols but encrypted text using your key into a viewable ascii range so that it could be successfully passed over irc. no special mods, and of course the message was encrypted all the way through the network. so even though the underlying protocol wasnt secure. secure messages could be sent with a minor loss in performance due to extra characters as a result of the encryption scheme. clients who didn't know your key would see garbage. unencrypted messages would show up as normal. It was pretty cool, it worked for several years before I left irc. getting people to switch to a new protocol/network is difficult. people a) don't like change and b) are afraid to lose the connections they have on irc. So unless you convinced EFNet to shutdown its irc services and switch to SILC or something, nobody would want to take the risk and sit around on empty channels until everybody filtered over. I think a much better solution is like the one I had. Just use some extra functionality on clients without changing the RFC for IRC.
Those responsible for sacking the website have been sacked.
I dont think I saw this part of your question addressed, but forgive me if I missed it. T1's, T3's, OC/12's 48's, etc all have something in common, they pass frames. They can be of anything, voice, data, whatever. As for your question about people on 100% fiber connections, they might not necessarily be able to hook directly into the net. If those fiber lines are only running telephone lines, or they don't have any more available channels on it then without adding more cables or changing their encoding and totally redoing the hardware, there's no way you'll get fiber internet. But here's the other problem, even if they got a fiber line carrying internet out to your closest litle green box, it's not fiber all the way to your house, it gets demuxed into copper anywhere up to a mile or so from your house. They would have to stick in a router and fiber distribution gear and then run fiber to your house. They could run the fiber to your house, yes, but they wont and they also probably won't want to figure out how to stick all that gear in one of those boxes. The boxes get broken into all the time, and they would be more often if kiddies knew there was a Cisco 2501 or something sitting in there. The boxes aren't secure and mostly, not big. I hope this helps some, but don't count on straight fiber runs. Good luck, do check into the G.lite like one other guy mentioned.
Good call on that one, I had looked into this at one point, and I think it was on sony's website that arrived at that very same 150mb number. When I looked at this post I immediately wanted to add the results of my searches, but it seems that you all have done very well at answering the questions. But I do have to ask, did you arrive at these numbers by your own calculation or did you find them somewhere (perhaps the same place as I did?)