The radius protocol allows the logging of the CSID (calling station ID - your phone number) along with the IP address you are given and your username. This information is sent to the radius servers after you have been authenticated and are connected to a dialup session, and then logged. Collecting and logging this information is the default configuration for most radius servers and NAS's (network access servers - modem pools.)
It is important that most ISP's collect this information because it is the only way to track you down if you are doing something illegal or against their usage policy (such as spam.) We whine about spam enough on slashdot, but the only way for ISP's to cut off the users is to prove from these logs that they were the ones that did it. Yes, this information could be used for more sinister purposes, but so could your phone records, credit card purchases, etc.
Free ISP's have an even tougher time though because if they cut off a spammer, the spammer will just create another free account and continue with their game. The only way to stop this is to require some identifying information from the user so that it is more difficult to create multiple accounts when one is shut down. A credit card is a natural choice because it can be verified.
Once again, the potential for abuse exists, but most ISP's these days also have your credit card information (from when you paid) which they can easily match up with the other information I mentioned previously. So, in the end, is it that different than what is already going on? And what do you expect from a FREE ISP? You need to pay for it somehow, and often that is through your demographic information. If you don't like it, go to another ISP and pay cash, you have a choice.
How are we going to loose our laptops between the pages of books? When my laptop gets that small, I won't have any need for books anymore. It is the best way of making digital books acceptable to more than just the geek few. Right now it is just too hard to curl up in bed with your laptop. My palm is close, but is too small.
Idiot reads news article that Linux is the next up and coming thing, doesn't really know what linux is...
VA Linux offers for IPO,
Idiot makes association between Linux and VA Linux, dreams of getting in early and retiring early begin,
Life savings are withdrawn from bank and invested saying "How could it fail with LNUX as the stock symbol?"
VA Linux initially does well, dreams of retiring early are replaced with dreams of owning small nations,
VA Linux suffers the same fate of many dot coms last year and takes a downturn,
Idiot's dreams explode and idiots wife starts bitching about loosing their life savings,
Idiot does the typical thing by not blaming himself for gambling everything on something he knew nothing about, begins looking for scapegoats...
Idiot meets other idiots and forms a class action lawsuit,
Lawyers dive in like vultures since they are the only ones who will make any serious money
This story is repeated every day with different companies. This may be flamebait, but I think it is about time that people started accepting the consequences of the risks they take.
There was a blurb about Microsoft being able to access Win95 registry when a user is connected to the Internet and thus gathering information about non-licensed MS software installed.
This is probably just an urban myth. With the amount of personal firewall software people are running these days someone would have logged the unauthorized data being transmitted and their would be sufficient evidence to get M$ in a whole load of shit.
If you feel so strongly that every open source program should go through a security audit, then when is the last time you volunteered to do one? Opensource is about people volunteering their time which is often in competition with their real jobs, lives, families etc. In a perfect world, all software would go through a security audit, but it is not going to happen.
At least with opensource, things like this get found. Obviously Borland's security audit didn't find it when they originally released this as a commercial product! If it wasn't for opensource, this would probably still be being silently exploited by the original programmers and the few people they told.
Many people seem surprised that it took so long to find the backdoor. Their logic is that since it is opensource and has countless eyes looking at it, then it should have been noticed much sooner. What they don't realize is that a project like this is usually in the range of hundreds of thousands to millions of lines of code and when a developer goes into a project of that scale, he/she does not read everything, but only enough to learn the overall structure of the program, then zeroes in on sections that have been identified to need work or may contain known bugs.
If anyone truly believes that things like this should be found faster, they should try reading through this amount of code. When their heads stop spinning they will probably have a change of heart.
I agree that many software houses do this, but I doubt it is for control or power. How many stupid users are out there who mess up their systems or forget their passwords. They end up calling tech support and expect to be able to get stuff fixed. These users just don't realize that if the tech support guys can get in then it is a security risk. But then again, not much of reality makes sense to the suits...
The AntiTrust movie's website has an interview with everybody's favourite linux guy Joh "Maddog" Hall with questions like "What is Linux and what does it do?
" and "What is open source?" Check it out, it is interesting watching and can only be good for getting the word out there.
One of the major reasons I switched to IE on my windows boxes is because Netscape was so bloody slow in loading and was a hog. I have no love of M$ products, but in this case I prefer to get work done than wait for a bloated product to load.
On my linux boxes, I've been using Netscape 4 for some time and have been very happy with it (compared to the alternatives.) It was still slow, but bearable. I upgraded to 6 recently and it is just painful. The linux box I usually use is a fast box with lots of memory, but Netscape 6 still takes forever to load!
So, I think that if Netscape/Mozilla is going to succeed, the developers need to start concentrating on efficiency rather than feature bloat. Don't get me wrong, the skins are way cool, but what is it costing us?
Now that Opera has a linux beta out, I may have to go back to it even though I don't like the user interface. At least it loads when I want it to instead of when it feels like getting around to it.
Linux Journal recently took a poll and KDE is currently the most popular desktop, even though people predicted the death of KDE with the announcement of the GNOME Foundation in August. KDE is still under strong development and the recently released KDE2 looks promising.
GNOME was started with the express purpose of replacing (killing) KDE, not very admirable goals to begin with. This has been backed up time and time again with the Stallman's attacks against KDE. How can we expect them to work with the entire Linux community's interests at heart when they have been motivated by these petty feuds in the past?
The fact remains that the cpu's that most overclockers use are very cheap in comparison with the latest high end chips. For a few extra dollars spent on a good motherboard and a Golden Orb cooler overclockers are safely pushing 600 MHz Celerons to 850 Mhz and beyond. With this sort of price for performance, one might ask, "Why wouldn't you overclock?"
That said, this article was obviously done just for the sheer geek of it and power to them. The advances in cooling could easily be used in future production machines.
If you have to ask "Why overclock?" then you are obviously not the type who takes every new toy in your home apart as soon as it comes in the door just to see how it works and how you can screw with it.
I agree that Intel has some huge technical hurdles to overcome, but except for a few screw ups from rushing to market, they have always produced good CPU's and chipsets. Yes it will be expensive for awhile, all new cpu's are. Yes there will be some technical problems, but they will work those out. If they do not do this, then some other cpu manufacturer will be happy to step in and become the new standard.
So rather than speculate and criticize, I would rather give them the benifit of the doubt and judge what they release.
This is a major rewrite and may contain a host of new security problems, but it is a step in the right direction and I will definately be looking at it to manage my larger domains.
If you are in the know then how about some information and evidence to back up your statements which currently stand just as unfounded as any of the others here. The article states that the person is still unnamed, so how are you in the know.
I am not saying you fabricated this, but if we are to take you seriously then you must tell us the source of your information. Are you a friend, one of his users or him?
"We're doing some forensic review of the hard drive and determining what is there," Eaton said. "After we finish that review, we will evaluate the amount of substance he was distributing."
Makes it sound like he was making and distributing crack or something. Nothing like associating this guy with drug dealers and pimps to make him look bad to joe average.
You have a point as far as the RIAA is concerned, but he was still using the University's bandwidth which is unfair to other students using it for legitimate reasons. It used to always piss me off when the networked slowed to a crawl and I couldn't get my work done, so I have no sympathy.
I agree with the article so far as to say that the tools to exploit hacks should not be distributed. The tools may demonstrate the vulnerability effectively and prompt for a quicker fix to the hole, but;
They are too tempting for script kiddies who want to show off for their friends,
It is too hard to get the word and patches out to all users quickly enough even if a fix is produced quickly.
This puts everyone using the software at a disadvantage and causes alot of wasted time and energy defending yourself from script kiddies' latest toys.
Security holes should be published though because it is the only way to prompt vendors and software authors to fix the holes. It also alerts users to potential security risks so that they can choose another product, defend themselves some other way, or look for the patch.
So the tools to exploit holes should probably only be distributed to a select few who are capable of fixing the problem and the problem should be published to prompt them to do something about it and to inform the public. Unfortunately, many people producing these tools are often doing it for their own egos.
Sorry, I just read the first bit of the slides and assumed that they were all in German (based on a previous post). I guess that makes an ass of me. The slides are actually in English and very clear and well laid out.
The author, Thomas Graichen, immediately states that tests like this are very difficult to do fairly. It sounds like he is more concerned with how to get the most out of each operating system, and that is worthwhile on it's own. He states that he wants to try several different ide drivers to see if it improves performance.
Of course all the slides are in German, so I'll have to get them translated to read more into the tests.
Even though Stephen King explains that users will have to right click on the link and download it, most users will just click on the link because that is what they are used to doing. Many will then realize their mistake and then save it the second time around. If an average number of users do this, even if all of them pay, that group will only have at most 50% compliance rate.
Screw the prisoners' dilemma, this is bound to fail for that reason alone. You may say that they can check for multiple downloads from the same IP, but,
Stephen King does not say that he will do this (in the FAQ), in fact, for the people who want to pay extra, he specifically states not to download it again, so he must not be taking multiple downloads into account.
Most users are on dialup access and will have a different IP each time they connect.
What Stephen King needs to do is set a target of an amount of money he would like to earn for each installment and if that is reached, then release further installments only when the target is reached.
Stephen King should also look at the download numbers for the second installment when determining the success of the first because many people will download the first installment and discover;
They don't like it,
They don't have Acrobat and don't want to get it,
Reading books on a computer is a pain in the ass.
Also, by only releasing it in PDF format, he limits his users to Acrobat and therefore locks them to the screen of a computer. Most people prefer to read elsewhere. Printing out the book would be very expensive and time consuming on most home printers. A format that could at least be viewed on handhelds, like palms, would help to get the book off the computer and out to the places where people prefer to read. More options equals better acceptance.
By the way, has anyone here pointed out our concerns to Stephen King?
Just think, if they can track where you are looking, then advertisers can start charging customers for how often an ad was looked at instead of just impressions. Then they could take it one step further and move the ad to where you are looking. Hmmm, maybe I should patent this and then if anyone tried to do this, then I could stop them.
Slashdot Mirror
The radius protocol allows the logging of the CSID (calling station ID - your phone number) along with the IP address you are given and your username. This information is sent to the radius servers after you have been authenticated and are connected to a dialup session, and then logged. Collecting and logging this information is the default configuration for most radius servers and NAS's (network access servers - modem pools.)
It is important that most ISP's collect this information because it is the only way to track you down if you are doing something illegal or against their usage policy (such as spam.) We whine about spam enough on slashdot, but the only way for ISP's to cut off the users is to prove from these logs that they were the ones that did it. Yes, this information could be used for more sinister purposes, but so could your phone records, credit card purchases, etc.
Free ISP's have an even tougher time though because if they cut off a spammer, the spammer will just create another free account and continue with their game. The only way to stop this is to require some identifying information from the user so that it is more difficult to create multiple accounts when one is shut down. A credit card is a natural choice because it can be verified.
Once again, the potential for abuse exists, but most ISP's these days also have your credit card information (from when you paid) which they can easily match up with the other information I mentioned previously. So, in the end, is it that different than what is already going on? And what do you expect from a FREE ISP? You need to pay for it somehow, and often that is through your demographic information. If you don't like it, go to another ISP and pay cash, you have a choice.
How are we going to loose our laptops between the pages of books? When my laptop gets that small, I won't have any need for books anymore. It is the best way of making digital books acceptable to more than just the geek few. Right now it is just too hard to curl up in bed with your laptop. My palm is close, but is too small.
- Idiot reads news article that Linux is the next up and coming thing, doesn't really know what linux is...
- VA Linux offers for IPO,
- Idiot makes association between Linux and VA Linux, dreams of getting in early and retiring early begin,
- Life savings are withdrawn from bank and invested saying "How could it fail with LNUX as the stock symbol?"
- VA Linux initially does well, dreams of retiring early are replaced with dreams of owning small nations,
- VA Linux suffers the same fate of many dot coms last year and takes a downturn,
- Idiot's dreams explode and idiots wife starts bitching about loosing their life savings,
- Idiot does the typical thing by not blaming himself for gambling everything on something he knew nothing about, begins looking for scapegoats...
- Idiot meets other idiots and forms a class action lawsuit,
- Lawyers dive in like vultures since they are the only ones who will make any serious money
This story is repeated every day with different companies. This may be flamebait, but I think it is about time that people started accepting the consequences of the risks they take.This is probably just an urban myth. With the amount of personal firewall software people are running these days someone would have logged the unauthorized data being transmitted and their would be sufficient evidence to get M$ in a whole load of shit.
If you feel so strongly that every open source program should go through a security audit, then when is the last time you volunteered to do one? Opensource is about people volunteering their time which is often in competition with their real jobs, lives, families etc. In a perfect world, all software would go through a security audit, but it is not going to happen.
At least with opensource, things like this get found. Obviously Borland's security audit didn't find it when they originally released this as a commercial product! If it wasn't for opensource, this would probably still be being silently exploited by the original programmers and the few people they told.
Many people seem surprised that it took so long to find the backdoor. Their logic is that since it is opensource and has countless eyes looking at it, then it should have been noticed much sooner. What they don't realize is that a project like this is usually in the range of hundreds of thousands to millions of lines of code and when a developer goes into a project of that scale, he/she does not read everything, but only enough to learn the overall structure of the program, then zeroes in on sections that have been identified to need work or may contain known bugs.
If anyone truly believes that things like this should be found faster, they should try reading through this amount of code. When their heads stop spinning they will probably have a change of heart.
I agree that many software houses do this, but I doubt it is for control or power. How many stupid users are out there who mess up their systems or forget their passwords. They end up calling tech support and expect to be able to get stuff fixed. These users just don't realize that if the tech support guys can get in then it is a security risk. But then again, not much of reality makes sense to the suits...
The AntiTrust movie's website has an interview with everybody's favourite linux guy Joh "Maddog" Hall with questions like "What is Linux and what does it do? " and "What is open source?" Check it out, it is interesting watching and can only be good for getting the word out there.
So, I think that if Netscape/Mozilla is going to succeed, the developers need to start concentrating on efficiency rather than feature bloat. Don't get me wrong, the skins are way cool, but what is it costing us?
Now that Opera has a linux beta out, I may have to go back to it even though I don't like the user interface. At least it loads when I want it to instead of when it feels like getting around to it.
The /. effect in action,
Just went to the site and got;
"Sorry, had to take the site temporarily down due to high traffic. Please try again tomorrow"
GNOME was started with the express purpose of replacing (killing) KDE, not very admirable goals to begin with. This has been backed up time and time again with the Stallman's attacks against KDE. How can we expect them to work with the entire Linux community's interests at heart when they have been motivated by these petty feuds in the past?
The fact remains that the cpu's that most overclockers use are very cheap in comparison with the latest high end chips. For a few extra dollars spent on a good motherboard and a Golden Orb cooler overclockers are safely pushing 600 MHz Celerons to 850 Mhz and beyond. With this sort of price for performance, one might ask, "Why wouldn't you overclock?"
That said, this article was obviously done just for the sheer geek of it and power to them. The advances in cooling could easily be used in future production machines.
If you have to ask "Why overclock?" then you are obviously not the type who takes every new toy in your home apart as soon as it comes in the door just to see how it works and how you can screw with it.
I prefer the formula
(Speed in MHz)/Price
Although the power in watts is a good idea, anyone want to work all three into a usable formula?
I agree that Intel has some huge technical hurdles to overcome, but except for a few screw ups from rushing to market, they have always produced good CPU's and chipsets. Yes it will be expensive for awhile, all new cpu's are. Yes there will be some technical problems, but they will work those out. If they do not do this, then some other cpu manufacturer will be happy to step in and become the new standard.
So rather than speculate and criticize, I would rather give them the benifit of the doubt and judge what they release.
- Thread safe so it can run on multi-processor machines
- Plugs into several back end databases so it will be easier to support large domains
- Support for IPv6. The future is nearly here!
- Several protocol enhancements like IXFR, DDNS, Notify, EDNS(0,1) and improved standards conformance.
- A host of other features, see this for more.
This is a major rewrite and may contain a host of new security problems, but it is a step in the right direction and I will definately be looking at it to manage my larger domains.I am not saying you fabricated this, but if we are to take you seriously then you must tell us the source of your information. Are you a friend, one of his users or him?
"We're doing some forensic review of the hard drive and determining what is there," Eaton said. "After we finish that review, we will evaluate the amount of substance he was distributing."
Makes it sound like he was making and distributing crack or something. Nothing like associating this guy with drug dealers and pimps to make him look bad to joe average.
You have a point as far as the RIAA is concerned, but he was still using the University's bandwidth which is unfair to other students using it for legitimate reasons. It used to always piss me off when the networked slowed to a crawl and I couldn't get my work done, so I have no sympathy.
Canadian World Domination
This is a great day for hackers. Screw root, murderous rampaging robots are so much more fun!
- They are too tempting for script kiddies who want to show off for their friends,
- It is too hard to get the word and patches out to all users quickly enough even if a fix is produced quickly.
This puts everyone using the software at a disadvantage and causes alot of wasted time and energy defending yourself from script kiddies' latest toys.Security holes should be published though because it is the only way to prompt vendors and software authors to fix the holes. It also alerts users to potential security risks so that they can choose another product, defend themselves some other way, or look for the patch.
So the tools to exploit holes should probably only be distributed to a select few who are capable of fixing the problem and the problem should be published to prompt them to do something about it and to inform the public. Unfortunately, many people producing these tools are often doing it for their own egos.
Sorry, I just read the first bit of the slides and assumed that they were all in German (based on a previous post). I guess that makes an ass of me. The slides are actually in English and very clear and well laid out.
Of course all the slides are in German, so I'll have to get them translated to read more into the tests.
Screw the prisoners' dilemma, this is bound to fail for that reason alone. You may say that they can check for multiple downloads from the same IP, but,
- Stephen King does not say that he will do this (in the FAQ), in fact, for the people who want to pay extra, he specifically states not to download it again, so he must not be taking multiple downloads into account.
- Most users are on dialup access and will have a different IP each time they connect.
What Stephen King needs to do is set a target of an amount of money he would like to earn for each installment and if that is reached, then release further installments only when the target is reached.Stephen King should also look at the download numbers for the second installment when determining the success of the first because many people will download the first installment and discover;
- They don't like it,
- They don't have Acrobat and don't want to get it,
- Reading books on a computer is a pain in the ass.
Also, by only releasing it in PDF format, he limits his users to Acrobat and therefore locks them to the screen of a computer. Most people prefer to read elsewhere. Printing out the book would be very expensive and time consuming on most home printers. A format that could at least be viewed on handhelds, like palms, would help to get the book off the computer and out to the places where people prefer to read. More options equals better acceptance.By the way, has anyone here pointed out our concerns to Stephen King?
Just think, if they can track where you are looking, then advertisers can start charging customers for how often an ad was looked at instead of just impressions. Then they could take it one step further and move the ad to where you are looking. Hmmm, maybe I should patent this and then if anyone tried to do this, then I could stop them.