What we are doing wrong....
on
Perens on Patents
·
· Score: 4, Interesting
OK.... Now I understand how bad patents can fubar software development for open source (and for closed source too) but there is something that nobody on Slashdot ever considers: Why not go out and get the patents done in a way that is open???
Despite what many people here think, patenting software does not make it closed source, in fact since a patent requires the disclosure of the best known means of implementation it can actually facilitate open code. Just because something is patented does not mean that it cannot be used in open source... it depends on who holds the patent and what licensing terms are.
If the Open Source community truly is innovating why not just patent the concepts and then place the patents in a licensing escrow: if you use the patent with a GPL license (or maybe LGPL/BSD/whatever open license you like) then the patent is royalty free.... if you want to use it in a closed source program you could then charge royalties. After all, if closed source is about enforcing IP then they should put their money where their mouths are and pay, and this could even go to fund open source development!
I'm tired of seeing whining and helplessness on Slashdot when all you need to do is get up and proactively use the system in your favor. To all of you who will respond 'Only big evil companies can get patents' that is a bunch of nonsense, everyday people get them all the time and if enough interest was generated the FSF or another body could act as a clearinghouse to make it even easier to get patents put into the open domain by software developers. It's about time we did something constructive about patents instead of just wailing about them.
LSM is in 2.6 but the official LSM does not have all the goodies that the LSM development tree has, depending on how interested you are you might want to see all the newer features not released in the official kernel.
My thesis project involves a module similar to SELinux and I have found that the best 2.6 kernel for messing around with it is actually the BK tree mantained by the Linux Security Modules (LSM) project. Technically SELinux is one module that is part of the LSM project but the two are often referred to synonymously. LSM is at: immunix and you can check out their kernel branch for extra features that are not yet in mainline 2.6 (and may not get in at all if the kernel maintainers aren't confortable with the changes)
My personal project is actually a big modification of the Domain & Type enforcement that is present in LSM now. but the code is nowhere near ready for inclusion just yet;)
Since the official UTC timestamp is at 03:04 on the 18th its my birthday!!
OK, slightly more on-topic I am already running test11 on a couple boxes with no overriding need to upgrade. However I am curious as to how 2.6 will be managed as opposed to 2.4. Since Linus has already handed off the kernel to Andrew Morton, are we going to see the 2.7 development branch open a whole lot faster than happened with 2.5???
Actually I think Michael Moore would be completely in favor of what is going on. After, the 'evil' ICANN who are not the members of any government are being shoved aside by third world dictators under the flag of the UN.
From everything I've seen of his work he would heartily approve (as long as the US is explicitly excluded from any influence in this council of course) After all, once the Internet is under the control of the UN we can finally get rid of all those nasty racist white-man websites that were previously protected under the racist imperialistic document put together by evil white men.
Said ballots can then be counted with OCR software -- or by hand if it comes down to a manual recount. Even easier.... tag a barcode on the ballot and scan them just like the supermarket
Hey does anybody from Purdue know if this is in the Math building or MSEE? (or somewhere else)
Purdue has been using clusters for some time, there was a cluster being used in Civil Engineering of all places a few years ago to model bridges and other structures. Been too long since I graduated, I should go back for a tour.
P.S.--> A bit OT but Debian has Purdue roots since Ian Murdock went there.
I don't know who modded parent up, but there is no way in hell an ion drive would ever work for orbiting around Mercury (here's a hint: you'd fall into the Sun instead of entering orbit).
The only way to really orbit Mercury effectively would be to use a nuclear engine that can produce specific moments much higher than a chemical rocket can do. You need this to get the braking delta-v needed to orbit Mercury without first slamming into Mr. Sun.
Ahh... none of the US probes ever sent to the moon used plutonium either. In fact, only the USSR has ever placed radioactive material into an earth orbit (they placed small nuclear reactors on some LEO radar sattelites since at the low orbits they occupied the normal solar panels would have exerted too much drag on the very thin atmosphere and decayed the orbits too fast).
The US has only ever used plutonium for deep space missions that go beyond Martian orbit, Voyagers I&II, Galileo, and Cassini are some examples. The reason for this is that available solar energy drops off as a square of the distance from the sun, beyond Martian orbit the solar panels could not deliver nearly enough power to run the onboard instruments. If the Europeans wanted to send a probe into deep space, they would do the exact same thing the Americans have done and use Plutonium.
There is choice, at least in the ABE area... if you can get RCN cable they sell some great cable modem service, with MUCH hihger bitrates than what you'll get from DSL (I've seen > 3mbit/sec on some sites). If you actually look around, there are alternatives to DSL.
I want a stable operating system, and if I were to run an OS under another one, I'd run the _unstable_ one under the stable one, not the other way around.
I sincerely hope you got that backwards, you are saying you want to run Linux in a VM on Windows, but NOT Windows in a VM on Linux??
Or are you just saying Windows is more stable???? (does not compute!!)
We could scrum, but that just wouldn't have the same effect as:
Software (yes it is!)
Creation of some bugs
Realization of the fact we have bugs
Objectification of the bugs into modular and reusable parts
Timing of when to unleash bugs
User requirements: They had better require bugs!
Many Iterations to turn bugs into Features!! (MS only needs one iteration to do this)
Or we can just call it SCROTUM. For example, insted of saying: let's SCRUM, you could say: let's scratch out that SCROTUM problem.
This poorly worded acronym brought to you by the letters X and P.:p
Since this article was already highlighted on OSnews and Newsforge, I am once again forced to repeat myself:
Cringely has no idea wtf he is talking about. Windows XP is NOT a simple windows manager sitting atop MS-DOS.
But it has a DOS prompt!! Yeah, so does Linux if you install an emulator, does that mean Linux runs on MS-DOS?? The DOS prompt in XP is just another program that happens to look like what you used in the 80's before there was Linux:) I could go on and on about how XP is based off the NT core which came from VMS and how different the X server is from how MS does its graphical shell, but I'm sure many other posters will put up the same info.
OK: Even ignoring why Cringely was completely wrong from a technical standpoint, here's why he's still wrong even if he were right (does that make sense?)
MS: Has spent a boatload of money copying and building there own versions of what everyone else already had. They are finally starting to get it right, and are making money hand over fist doing it (at least in the OS sphere which is what we are talking about). Moving to a Linux base would be a HUGE investment, and MS software would go back to the stability of Win98 for 3 generations as they worked out all the bugs. As much as the Linux gurus on Slashdot would love to see MS sabotage themselves like that, they aren't that stupid.
Linux: Linux would NOT be helped by having MS grab the Linux kernel and use it as a base for their OS. I also don't give a fsck what you'll say about "but the GPL!!" If MS were to do this they would withouth question weasal around the GPL or hire an army of lawyers to get it thrown out or watered down to the point it wouldn't matter. Meanwhile, they would either not give any code back to the kernel, or more likely would inject code specifically designed to slowly build up an IP claim over the entire kernel.
MS doesn't like Linux but believe me, they are doing it a major favor by not trying to subvert it, and despite how much everyone here loves to bash MS, a whole bunch of the software running on Linux owes some credit to MS for providing a model to follow, like it or not.
Once again, Cringely is proved to be a whole bag of hot air.
Sorry, I must invoke Godwin's law and you lose the debate... and on first post too.
P.S.-> I don't like Valenti much either but comparing him to a Nazi book burner is disrespectful to the REAL oppression that took place in Nazi Germany. I'm sorry but Valenti's attempts to prevent you from downloading movies because you don't feel like paying for them is not in the same universe as Nazi bookburning... besides Valenti never said you can't make your own movie and give it away, he just doesn't want you to swap other people's movies online (for good or ill)
If it's not free it must be.... EVIL MUHAHAHAHAHA
on
War Car Offers Wi-Fi
·
· Score: 4, Insightful
Why doesn't he start putting up 'free' phone booths in protest against the 'evil' spread of commercial payphones?
I know you guys all love Free software and everything, but it's simple economics... if people really want something (WiFi) and are willing to pay for it, a commercial entity will provide it. It's really interesting that Slashdot loves to carp about how other countries have such wonderful wireless networks and America is supposedly in the stoneage, and then they bitch and moan about how wireless networks are everywhere, its just you have to actually pay to use them!
(P.S.--> If you use a 'free' college wireless network like I do everyday, just remember: it's not 'free' unless you don't pay any tuition to go to school.... think about it)
Actually that is (somewhat) wrong, since the areal density on these drives is absolutely huge, they will probably perform extremely well. If you have the ability to read off 2x as much data in a single rotation on a dense disk at 5400 RPM your linear data transfer speed will be much faster than that of a 7200 RPM disk with only 1/2 the data per unit aread.
The 7200 RPM drive will generally have faster seek times (1/2 the rotatinal period is the usual rule of thumb) but for massive disk like these the ability to do massive linear Read/Writes is more important, so this disk will perform EXTREMELY well.
Having just done a big bunch of font changes (on my Gentoo machine, Helvetica won't anti-alias, so I had to reconfigure KDE) I noticed the Luxi fonts that aren't from MS, but they do look pretty nice, and they scale and anti-alias well, could they be used as a base for more fonts.
I personally would like a replacement for the Comic-sans MS font (personal preference I know). Since I've already got the fonts, looks like they're getting burned to CD for future use!
The FBI agent in question issued the warning for Pittsburgh, home of Carnegie Mellon University (so what?) Well CMU has one of the most elaborate wireless networks in the country, and a whole bunch of guys who are experts at using it (and probably are responsible for many of the chalkings).
Also, I have an access point I was using at my old school in Indiana where very few other people had wireless setups (Purdue only had it in 2 buildings, but that has expanded since I left). Anyway, my point is that from my room in a Pittsburgh townhouse, Kismet found 2 other access points, and I'm sure that would only grow if I went war-walking with my laptop. I'm no longer using the access point, because even though it might sound cool to share your connection, if you can't control who is using it, you run all kinds of risk for legal liability. If someone were to use an access point I owned to trigger DDOS attacks, I would be the one to get screwed, and wireless just makes doing that a little too easy.
Here is an nmap dump of the IP in question that the backdoor tries to connect to:
nmap options (where options is filtered by Slashdot)
ALRIGHT FSCK THIS!! You'll just have to take my word for it the nmap showed the port closed (do it yourself) I've just tried 10 different ways to submit the nmap output and the lameness filters won't let it through.
Note that port 6667 does not appear to be open, although a backdoor is still a pretty big thing to worry about. Also note that much of the output is cut out due to LAME Slashdot filters.
Yeah, at Purdue at least we do everything the CS majors do and then some. I have done everything from transistor theory to distributed OS theory, and I've even implemented a VM from both the VLSI side in VHDL and the realspace VM in an OS kernel, you'd be suprised what they teach us.
OK, as a recent Purdue Grad (Spafford heads CERIAS at Purdue) and as someone who is going into security research for a Masters degree.... I'm going to shoot my mouth off!!
Spafford's article is somewhat of a hit & miss. I'm going to paraphrase a few sections that IMHO are good, and some that are not so good.
The Good:
-- UCITA: ~"This legislation will ban research into security issues with software products and even outlaw criticism of software design"~ I could'nt agree more, what kind of an idiotic company could possibly object to FREE DEBUGGING being done by University researchers, that could lead to drastically better software, instead of skipping beta, if I were a commercial developer I'd GIVE IT TO THE UNIVERSITY FIRST!! (As a rabid old-school capitalist I actually think the road to more $$$ is to put out a good product, unfortunately a bunch of short sighted schmucks thought they could cheat the system.... and look at their stocks...)
-- The lack of research in security: yeah, Purdue churned out over 125 Seniors in Computer Engineering, and I'm the only one that I know who is doing grad work (or has a job) in security proper, and I'm only getting a Master's, so I won't help his PhD count, (not that a Master's isn't helpful, he wants to have people to take over for him when he retires).
-- The lack of qualified people in Law Enforcement: Another *excellent* point, if we just had a competent core of cyber-crime investigators, a whole bunch of this BS about Carnivore wouldn't even be neccessary since they could do the proper investigatory work to get probable cause for warrants and nail the criminals while not violating the Constitution... (sometimes I think I'm the only one who wants to punish the criminals while simultaneously not punish the normal people...) The laws do need updates in some ways (NOT the DMCA), but warrants to look through e-mails and electronic corespondance should have clearly defined levels of evidence neccessary (just like today there are pretty well defined levels for searching your house).
-- ~"That common system that runs commerce, defense, and much of the scientific establishment. It is under a constant barrage of viruses, worms, and hacker (he said hacker, not cracker BTW) attacks, this system which you use to browse the internet is also going to run an Aircraft carrier next year. What would we say if the US Airforce bought crop dusters since they are cheaper than F-16's?"~
Another excellent point, but I don't see what he has against Linux since I use it every day!!:) OK, we all know he's attacking Windows, and he has an excellent point.... The aircraft carrier (My guess is it's the Truman or more likely the Reagan) has all kinds of reinforced bulkheads and compartments so that even if one part of the ship gets hit, the rest can keep on fighting! (here comes the analogy) So why the hell would you have one, integrated, incredibly vulnerable system running everything from a powerpoint presentation in the briefing rooms, to controlling the airplane elevators and ordance tracking system?? It's dangerous and completely uneccessary, I wouldn't even put Linux in charge of most of the sensitive systems, they have enough money to build custom systems (note that custom systems can still be modular and communicate with each other, they are just built to better tolerances in a restricted environment of a ship) You can run some isolated Windows boxes to do some word processing or Powerpoint slides, just don't give the ship a bluescreen!
OK, now time for a few gripes (don't worry this list is shorter)
-- ~"The traffic on the internet doubles every 90 to 120 days" It looks like Spaff fell for the old WorldCom line too...:) He does use some hyperbole in this piece (if the worst case of everything he talks about actually happened the internet would already be fried, but he is trying to present his position trenchantly).
-- ~"Only 12% of people in security research are women and minorities"~ OK, I could care less really, I DO discriminate... I only think the best & brightest should be doing this sort of thing, I don't care if you are a Purple-with-green-Polka dotted Female, just as long as you are the best, and I also don't care if you fill every quato imaginable, if you can't hack it, leave. He does raise a good point that too many of the security researchers aren't even from this country, but I think this means we should get more of America's best interested in security, and let the foreign exchange students learn too.
OK, that's it, this is a topic near & dear to my heart so I just had to spout off, go ahead & flame away!:)
OK, you can reimplement a modern processor core in an FPGA if you really want to (I can guarentee you that the FPGA will NEVER run anywhere near as fast as the regular chip) or you can do what I did for our senior design project
We used a Xilinx Spartan II to run the main board on a model helicopter control. The idea was that several sensors, including a 2 axis tilt, accelerometers, RF controller and an ultrasonic sonar could be easily integrated into the VHDL core, and then the chip would calculate 4 PWM outputs that drove the 4 motors. While the thing unfortunately didn't fly (weight problems, but hey, we're CompE's not aeros!) the board itself worked great and the software UART outputted all sorts of fun data about what was going on.
Here's the interesting kicker: The entire system was clocked at a grand total of 1MHz (that's right folks, 1Mhz) and even that was too fast for most of the onboard operations that we internally clock divided. This thing operated all of the components completely in parallel, so there were no interrupts needed at all. The reconfigurability of the FPGA means you can quickly adapt it to solve a whole bunch of specialized problems very efficiently and quickly. This thing definitely met the criterion for a hard realtime system (motor updates within 1ms of a sensor or RF input) and it did it all via VHDL code, no OS or any high level software needed.
Now obviously this is a very embedded solution and is not extremely flexible, but sometimes you need to step back and look at the true advantages that the hardware provides for you, and use it for something other than reimplementing someone else's CPU core, (of course, that can be a hell of alot of fun too.... mmm... 21st Century overclocked Trash 80)
PS--> use my spam address: foxcm2000@hotmail.com and I'll be more than happy to send you all the VHDL we used to implement the project since I just graduated yesterday!:)
Taken directly from the Eeye vulnerability page: Greetings: Mom, Dad, and all of the little people that helped me and believed in me - oh - and a big YO HO to the homeboyz in the h00d.
Hrm....
Re:And the obligatory....
on
Sony PCG-U1
·
· Score: 0, Offtopic
How about:
I had a Beowulf cluster of these things, but they must have slipped out of my pocket!
Slashdot Mirror
OK.... Now I understand how bad patents can fubar software development for open source (and for closed source too) but there is something that nobody on Slashdot ever considers: Why not go out and get the patents done in a way that is open???
Despite what many people here think, patenting software does not make it closed source, in fact since a patent requires the disclosure of the best known means of implementation it can actually facilitate open code. Just because something is patented does not mean that it cannot be used in open source... it depends on who holds the patent and what licensing terms are.
If the Open Source community truly is innovating why not just patent the concepts and then place the patents in a licensing escrow: if you use the patent with a GPL license (or maybe LGPL/BSD/whatever open license you like) then the
patent is royalty free.... if you want to use it in a closed source program you could then charge royalties. After all, if closed source is about enforcing IP then they should put their money where their mouths are and pay, and this could even go to fund open source development!
I'm tired of seeing whining and helplessness on Slashdot when all you need to do is get up and proactively use the system in your favor. To all of you who will respond 'Only big evil companies can get patents' that is a bunch of nonsense, everyday people get them all the time and if enough interest was generated the FSF or another body could act as a clearinghouse to make it even easier to get patents put into the open domain by
software developers. It's about time we did something constructive about patents instead of just wailing about them.
LSM is in 2.6 but the official LSM does not have all the goodies that the LSM development tree has, depending on how interested you are you might want to see all the newer features not released in the official kernel.
My thesis project involves a module similar to SELinux and I have found that the best 2.6 kernel for messing around with it is actually the BK tree mantained by the Linux Security Modules (LSM) project. Technically SELinux is one module that is part of the LSM project but the two are often referred to synonymously. LSM is at: immunix and you can check out their kernel branch for extra features that are not yet in mainline 2.6 (and may not get in at all if the kernel maintainers aren't confortable with the changes)
;)
My personal project is actually a big modification of the Domain & Type enforcement that is present in LSM now. but the code is nowhere near ready for inclusion just yet
Since the official UTC timestamp is at 03:04 on the 18th its my birthday!!
OK, slightly more on-topic I am already running test11 on a couple boxes with no overriding need to upgrade. However I am curious as to how 2.6 will be managed as opposed to 2.4. Since Linus has already handed off the kernel to Andrew Morton, are we going to see the 2.7 development branch open a whole lot faster than happened with 2.5???
Actually I think Michael Moore would be completely in favor of what is going on. After, the 'evil' ICANN who are not the members of any government are being shoved aside by third world dictators under the flag of the UN.
From everything I've seen of his work he would heartily approve (as long as the US is explicitly excluded from any influence in this council of course) After all, once the Internet is under the control of the UN we can finally get rid of all those nasty racist white-man websites that were previously protected under the racist imperialistic document
put together by evil white men.
Said ballots can then be counted with OCR software -- or by hand if it comes down to a manual recount.
Even easier.... tag a barcode on the ballot and scan them just like the supermarket
Hey does anybody from Purdue know if this is in the Math building or MSEE? (or somewhere else)
Purdue has been using clusters for some time, there was a cluster being used in Civil Engineering of all places a few years ago to model bridges and other structures. Been too long since I graduated, I should go back for a tour.
P.S.--> A bit OT but Debian has Purdue roots since Ian Murdock went there.
I don't know who modded parent up, but there is no way in hell an ion drive would ever work for orbiting around Mercury (here's a hint: you'd fall into the Sun instead of entering orbit).
The only way to really orbit Mercury effectively would be to use a nuclear engine that can produce
specific moments much higher than a chemical rocket can do. You need this to get the braking delta-v needed to orbit Mercury without first slamming into Mr. Sun.
Ahh... none of the US probes ever sent to the moon used plutonium either. In fact, only the USSR has ever placed radioactive material into an earth orbit (they placed small nuclear reactors on some LEO radar sattelites since at the low orbits they occupied the normal solar panels would have exerted too much drag on the very thin atmosphere and decayed the orbits too fast).
The US has only ever used plutonium for deep space missions that go beyond Martian orbit, Voyagers I&II, Galileo, and Cassini are some examples. The reason for this is that available solar energy drops off as a square of the distance from the sun, beyond Martian orbit the solar panels could not deliver nearly enough power to run the onboard instruments. If the Europeans wanted to send a probe into deep space, they would do the exact same thing the Americans have done and use Plutonium.
There is choice, at least in the ABE area... if you can get RCN cable they sell some great cable modem service, with MUCH hihger bitrates than what you'll get from DSL (I've seen > 3mbit/sec on some sites).
If you actually look around, there are alternatives to DSL.
Huh??
I want a stable operating system, and if I were to run an OS under another one, I'd run the _unstable_ one under the stable one, not the other way around.
I sincerely hope you got that backwards, you are saying you want to run Linux in a VM on Windows, but NOT Windows in a VM on Linux??
Or are you just saying Windows is more stable???? (does not compute!!)
We could scrum, but that just wouldn't have the same effect as:
:p
Software (yes it is!)
Creation of some bugs
Realization of the fact we have bugs
Objectification of the bugs into modular and reusable parts
Timing of when to unleash bugs
User requirements: They had better require bugs!
Many Iterations to turn bugs into Features!! (MS only needs one iteration to do this)
Or we can just call it SCROTUM. For example, insted of saying: let's SCRUM, you could say: let's scratch out that SCROTUM problem.
This poorly worded acronym brought to you by the letters X and P.
Since this article was already highlighted on OSnews and Newsforge, I am once again forced to repeat myself: :)
Cringely has no idea wtf he is talking about.
Windows XP is NOT a simple windows manager sitting atop MS-DOS.
But it has a DOS prompt!! Yeah, so does Linux if you install an emulator, does that mean Linux runs on MS-DOS?? The DOS prompt in XP is just another program that happens to look like what you used in the 80's before there was Linux
I could go on and on about how XP is based off the NT core which came from VMS and how different the X server is from how MS does its graphical shell, but I'm sure many other posters will put up the same info.
OK: Even ignoring why Cringely was completely wrong from a technical standpoint, here's why he's still wrong even if he were right (does that make sense?)
MS: Has spent a boatload of money copying and building there own versions of what everyone else already had. They are finally starting to get it right, and are making money hand over fist doing it (at least in the OS sphere which is what we are talking about). Moving to a Linux base would be a HUGE investment, and MS software would go back to the stability of Win98 for 3 generations as they worked out all the bugs. As much as the Linux gurus on Slashdot would love to see MS sabotage themselves like that, they aren't that stupid.
Linux: Linux would NOT be helped by having MS grab the Linux kernel and use it as a base for their OS. I also don't give a fsck what you'll say about "but the GPL!!" If MS were to do this they would withouth question weasal around the GPL or hire an army of lawyers to get it thrown out or watered down to the point it wouldn't matter. Meanwhile, they would either not give any code back to the kernel, or more likely would inject code specifically designed to slowly build up an IP claim over the entire kernel.
MS doesn't like Linux but believe me, they are doing it a major favor by not trying to subvert it, and despite how much everyone here loves to bash MS, a whole bunch of the software running on
Linux owes some credit to MS for providing a model to follow, like it or not.
Once again, Cringely is proved to be a whole bag of hot air.
Sorry, I must invoke Godwin's law and you lose the debate... and on first post too.
P.S.-> I don't like Valenti much either but comparing him to a Nazi book burner is disrespectful to the REAL oppression that took place in Nazi Germany. I'm sorry but Valenti's attempts to prevent you from downloading movies because you don't feel like paying for them is not in the same universe as Nazi bookburning... besides Valenti never said you can't make your own movie and give it away, he just doesn't want you to swap other people's movies online (for good or ill)
Why doesn't he start putting up 'free' phone booths in protest against the 'evil' spread of
commercial payphones?
I know you guys all love Free software and everything, but it's simple economics... if people really want something (WiFi) and are willing to pay for it, a commercial entity will provide it. It's really interesting that Slashdot loves to carp about how other countries have such wonderful wireless networks and America
is supposedly in the stoneage, and then they bitch and moan about how wireless networks are everywhere, its just you have to actually pay to use them!
(P.S.--> If you use a 'free' college wireless network like I do everyday, just remember: it's not 'free' unless you don't pay any tuition to go to school.... think about it)
Actually that is (somewhat) wrong, since the
areal density on these drives is absolutely huge, they will probably perform extremely well. If you have the ability to read off 2x as much data in a single rotation on a dense disk at 5400 RPM your linear data transfer speed will be much faster than that of a 7200 RPM disk with only 1/2 the data per unit aread.
The 7200 RPM drive will generally have faster seek times (1/2 the rotatinal period is the usual rule of thumb) but for massive disk like these the ability to do massive linear Read/Writes is more important, so this disk will perform EXTREMELY well.
Having just done a big bunch of font changes
(on my Gentoo machine, Helvetica won't anti-alias, so I had to reconfigure KDE) I noticed the Luxi fonts that aren't from MS, but
they do look pretty nice, and they scale and anti-alias well, could they be used as a base for
more fonts.
I personally would like a replacement for the
Comic-sans MS font (personal preference I know).
Since I've already got the fonts, looks like they're getting burned to CD for future use!
The FBI agent in question issued the warning for
Pittsburgh, home of Carnegie Mellon University (so what?) Well CMU has one of the most elaborate wireless networks in the country, and a whole bunch of guys who are experts at using it (and probably are responsible for many of the chalkings).
Also, I have an access point I was using at my old school in Indiana where very few other people
had wireless setups (Purdue only had it in 2 buildings, but that has expanded since I left). Anyway, my point is that from my room in a Pittsburgh townhouse, Kismet found 2 other access points, and I'm sure that would only grow if I went war-walking with my laptop. I'm no longer using the access point, because even though it might sound cool to share your connection, if you can't control who is using it, you run all kinds of risk for legal liability. If someone were to use an access point I owned to trigger DDOS attacks, I would be the one to get screwed, and wireless just makes doing that a little too easy.
Here is an nmap dump of the IP in question that
the backdoor tries to connect to:
nmap options (where options is filtered by Slashdot)
ALRIGHT FSCK THIS!! You'll just have to take my
word for it the nmap showed the port closed (do it yourself) I've just tried 10 different ways to submit the nmap output and the lameness filters won't let it through.
Note that port 6667 does not appear to be open, although a backdoor is still a pretty big thing
to worry about. Also note that much of the output
is cut out due to LAME Slashdot filters.
Yeah, at Purdue at least we do everything the
CS majors do and then some. I have done everything from transistor theory to distributed OS theory, and I've even implemented a VM from both the VLSI side in VHDL and the realspace VM
in an OS kernel, you'd be suprised what they teach us.
OK, as a recent Purdue Grad (Spafford heads CERIAS at Purdue) and as someone who is going into security research for a Masters degree.... I'm going to shoot my mouth off!!
:) OK, we all know he's attacking Windows, and he has an excellent point.... The aircraft carrier (My guess is it's the Truman or more likely the Reagan) has all kinds of reinforced bulkheads and compartments so that even if one part of the ship gets hit, the rest can keep on fighting! (here comes the analogy) So why the hell would you have one, integrated, incredibly vulnerable system running everything from a powerpoint presentation in the briefing rooms, to
:) He does use some hyperbole in this piece (if the worst case of everything he talks about actually happened the internet would already be fried, but he is trying to present his position trenchantly).
:)
Spafford's article is somewhat of a hit & miss. I'm going to paraphrase a few sections that IMHO are good, and some that are not so good.
The Good:
-- UCITA: ~"This legislation will ban research into security issues with software products and even outlaw criticism of software design"~ I could'nt agree more, what kind of an idiotic company could possibly object to FREE DEBUGGING being done by University researchers, that could lead to drastically better software, instead of skipping beta, if I were a commercial developer I'd GIVE IT TO THE UNIVERSITY FIRST!! (As a rabid old-school capitalist I actually think the road to more $$$ is to put out a good product, unfortunately a bunch of short sighted schmucks thought they could cheat the system.... and look at their stocks...)
-- The lack of research in security: yeah, Purdue churned out over 125 Seniors in Computer Engineering, and I'm the only one that I know who is doing grad work (or has a job) in security proper, and I'm only getting a Master's, so I won't help his PhD count, (not that a Master's isn't helpful, he wants to have people to take over for him when he retires).
-- The lack of qualified people in Law Enforcement: Another *excellent* point, if we just had a competent core of cyber-crime investigators, a whole bunch of this BS about Carnivore wouldn't even be neccessary since they could do the proper investigatory work to get probable cause for warrants and nail the criminals while not violating the Constitution...
(sometimes I think I'm the only one who wants to punish the criminals while simultaneously not punish the normal people...) The laws do need updates in some ways (NOT the DMCA), but warrants
to look through e-mails and electronic corespondance should have clearly defined levels of evidence neccessary (just like today there are
pretty well defined levels for searching your house).
-- ~"That common system that runs commerce, defense, and much of the scientific establishment. It is under a constant barrage of viruses, worms, and hacker (he said hacker, not cracker BTW) attacks, this system which you use to browse the internet is also going to run an Aircraft carrier next year. What would we say if the US Airforce bought crop dusters since they are cheaper than F-16's?"~
Another excellent point, but I don't see what he has against Linux since I use it every day!!
controlling the airplane elevators and ordance tracking system?? It's dangerous and completely uneccessary, I wouldn't even put Linux in charge of most of the sensitive systems, they have enough money to build custom systems (note that custom systems can still be modular and communicate with each other, they are just built to better tolerances in a restricted environment of a ship) You can run some isolated Windows boxes to do some word processing or Powerpoint slides, just don't give the ship a bluescreen!
OK, now time for a few gripes (don't worry this list is shorter)
-- ~"The traffic on the internet doubles every
90 to 120 days" It looks like Spaff fell for the
old WorldCom line too...
-- ~"Only 12% of people in security research are women and minorities"~ OK, I could care less really, I DO discriminate... I only think the best & brightest should be doing this sort of thing, I don't care if you are a Purple-with-green-Polka dotted Female, just as long as you are the best, and I also don't care if you fill every quato imaginable, if you can't hack it, leave. He does raise a good point that too many of the security researchers aren't even from this country, but I think this means we should get more of America's best interested in security, and let the foreign exchange students learn too.
OK, that's it, this is a topic near & dear to my heart so I just had to spout off, go ahead & flame away!
Does anyone have any figures on how fast we're burning oxygen compared to how fast the trees are regenerating it?
I don't know all the figures, but I do know that North America sucks in more CO2 than all of the SUV's and power plants put into the atmosphere...
OK, you can reimplement a modern processor core in an
:)
FPGA if you really want to (I can guarentee you that
the FPGA will NEVER run anywhere near as fast as the
regular chip) or you can do what I did for our senior
design project
We used a Xilinx Spartan II to run the main board on a model helicopter control. The idea was that several sensors, including a 2 axis tilt, accelerometers, RF controller and an ultrasonic sonar could be easily integrated into the VHDL core, and then the chip would calculate 4 PWM outputs that drove the 4 motors. While the thing unfortunately didn't fly (weight problems, but hey, we're CompE's not aeros!) the board itself worked
great and the software UART outputted all sorts of fun data about what was going on.
Here's the interesting kicker: The entire system was clocked at a grand total of 1MHz (that's right folks, 1Mhz) and even that was too fast for most of the onboard operations that we internally clock divided. This thing operated all of the components completely in parallel, so there were no interrupts needed at all. The reconfigurability of the FPGA means you can quickly adapt it to solve a whole bunch of specialized problems very efficiently and quickly. This thing definitely met the criterion for a hard realtime system (motor updates within 1ms of a sensor or RF input) and it did it all
via VHDL code, no OS or any high level software needed.
Now obviously this is a very embedded solution and is not extremely flexible, but sometimes you need to step back and look at the true advantages that the hardware provides for you, and use it for something other than reimplementing someone else's CPU core, (of course, that
can be a hell of alot of fun too.... mmm... 21st Century overclocked Trash 80)
PS--> use my spam address: foxcm2000@hotmail.com and
I'll be more than happy to send you all the VHDL we used
to implement the project since I just graduated yesterday!
Taken directly from the Eeye vulnerability page:
Greetings:
Mom, Dad, and all of the little people that helped me and believed in me - oh - and a big YO HO to the homeboyz in the h00d.
Hrm....
How about:
I had a Beowulf cluster of these things, but they must have
slipped out of my pocket!