You may hold the belief that the average Net user is a drooling idiot, but I can't share that view. Might such a user be ill-informed on issues related privacy online? Sure. Might s/he be ill-informed on kernel hackery? Sure. Does this make you a better person? No.
I somehow doubt the idea that Joe User can't spell the word "museum." I'm fairly sure your post was meant to be funny, and I apologize if I seem a bit harsh here. It's just that so many people here have a nasty tendency to look down upon anyone who (a) doesn't use Linux/BSD/OS X/whatever-cool-OS, (b) doesn't code, or (c) isn't a card-carrying GPL advocate. All three points actually apply to me, but I don't go around screaming it from the belfries.
More than anything, I've gotta wonder what kind of crack a moderator would have to be smoking to give that an "insightful +1" moderation...
Re:Do I want to be there?
on
Dreamhack 2001
·
· Score: 2
Speaking of LAN parties, drinks, etc... the last true LAN party I attended was at a friend's house back in Atlanta. 'Twas a merry eve, as we were all sitting around (around 20 people), playing Quake and Unreal, eating pizza, and occassionally taking a dip in yon pool.
Late in the evening, as we were all sitting around talking, hacking, and whatnot, I made the biggest party foul to date. I'm a smoker, and I couldn't seem to, ummm... locate my ashtray. So, I casually ashed in a glass of expensive scotch, which happened to be attached to my friend's hand. My friend (name withheld, of course) is a LARGE guy, and thankfully took mercy on me. Due to this incredible foul, I had to take a "time out" on the balcony for 30 minutes.
Note to moderators: no, it's not offtopic, the story's about a massive LAN party for god's sake:).
Well said, indeed! I've had a LOT of music store folks help me out big-time when I couldn't find something, or wanted a recommendation on new stuff. People are either good at their jobs or not, and a lot of these people are very good.
Hmm... my first real job was serving soda and popcorn at a movie theater. I'd actually been programming for several years (started *young*), but couldn't find an employer who would take a 16 year old guy for a coding gig. I'd done some freelance stuff, but nothing big.
I don't like to hear people get down on people just because of their line of work. Honest work is, well, honest work.:)
That, sir, is a key point in all this mess. People are, more and more, wanting the ability to play their media in such devices as DVD players, the XBox, their PCs, etc. The RIAA must be completely blind.
How long before the majority of their customer base (music lovers at large) are primarily using "all in one" equipment (with PC-like capabilities) to play most of their CDs? I'd wager it won't be too long. People, seemingly by nature, love buying gadgets that do everything but clean the kitchen sink, and audio equipment is no exception. The technology is here to stay, regardless of whether or not the RIAA wants to cry about it.
My question is this: how long before the major manufacturers of such hardware get together and sue organizations like the RIAA for everything they're worth, el class action style, because their consumers can't play CDs on the equipment? Think about it: I'm a consumer, and the hardware I just bought says it can play CDs. Except it *can't* play these "protected" CDs without some sort of wierd hackery. If I'm not a geek (okay, I am, but just play along here), I won't (a) know *how* to get around it, and (b) won't *want* to get around it. I'd just want my hardware to work, damnit.
So, I complain to the hardware manufacturer, at which point they tell me it's not their fault, it's the fault of music distributors using stupid protection schemes. Uh, oh. I might get a wild hair to find out how many other people had been hurt by this, and toss my own personal class-action suit on top of the heap. Looks like the RIAA is headed for a major dent in the bank accounts.
that this continuous bullshit actually ends up hurting the already-ailing economy (here in the States). Sure, they're trying out their lovely "technology" on less-than-outrageously-popular CDs, but that doesn't help retail outlets any...
A lot of folks here are talking about sticking it to them where it hurts, namely by buying the CSs and then returning the after they're opened. This *will* hurt retail outlets who stock the discs. Unfortunately, we don't really have any other true recourse in the matter, so I have to support this course of action.
Yes, it's true that after a few thousand returned CDs, the retail guys and gals will probably get fed up and refuse to stock such "protected" CDs. The RIAA will eventually have to stop playing these stupid, asshole games with their customer base if they want to see their precious money continue to flow. How long it will take to get this through their thick heads is anybody's guess.
In the end, IT DOES NOT MATTER WHAT "PROTECTION" THEY ATTEMPT TO USE. If I can play the damned thing, I can use hi-fi equipment to dupe it. From there, I can do anything I want with the information. I can keep it for my personal, private fair-use play, or I can post it to every file-swapping network in existence. Will I personally post music ripped in this manner? Probably not (although the temptation is growing, yes indeedy). I'm CERTAIN that many, many other people will post the ripped tracks, however.
The folks behind this insanity are just plain stupid. They've been slow to embrace the concept of selling their music properly over the net, and choose instead to spend their money on dead-end paths such as paying attorneys to harass people. I laugh my ass off at them every time one of these stories breaks.
RIAA and pals, have fun hurting the economy while you can. You're only hurting yourselves in the end.
Re:Jakarta Plug & My AppServer Experiences
on
JBoss Founder Interview
·
· Score: 5, Interesting
"What JBoss needs is a certification (with levels) for developers to obtain.
If I go to a client and say "I have a level 3 WebLogic certification, a level 2 WebSphere certification, and know JBoss", what are they gonna pick?"
Hmm... makes one think, eh? As a developer, I've seen a lot of "certification wars" in the corporate contracting world. Here's my take.
The problem with "level-ified" certifications kinda resembles the "megahertz myth [to quote Apple]" issue. If you're assuming the client is a techno-yokel, you run into this problem with such cert programs.
Imagine, for example, two imaginary Linux certification programs. The first program (call it "EZLinux") sets out their certification map as follows:
Level 1: Ability to use rm, ls, cp, and mv commands.
Level 2: Understanding how to use RPM and DEB packages to update and modify a system.
Level 3: Ability to use fdisk to create and manipulate partitions.
Level 4: Actually got Mandrake running with help from the friendly neighbor kidz.
Okay, so that's an example of a *terribly* useless "certification" program that wouldn't be worth the paper the cert was printed on. Let's look at the other ficticious program, called "UR-Uber-H4x0r Linux":
Level 1: Ability to quote verbatim the man pages for all Mandrake 8 standard linux commands (doesn't necessarily require deep understanding, just inhuman memory).
Level 2: In-depth knowledge of kernel configuration and compilation, demonstrated by ability to correctly by hand [no Xconfig for you, for added flavor] compile a 2.4.x kernel for every known supported platform in existence.
Level 3: Linux Torvalds willingly calls you Daddy, and calls you up for kernel hacking advice. Alan Cox routinely shows up at your pad asking for tree contributions.
Now, if you were Joe Hiring Manager, you might not actually know the difference between the two programs. Joe might look at them both, and say "wow, that first one has an extra level, so it's gotta be better!"...
Companies will always try to use these tactics to make their products/programs/certs seem better than the others out there. Now, here's the real kicker: if Joe Hiring Manager actually understands why a certain cert is better than the others, he also (in all probability) understands why the product the cert is for is better. Hence, the better product wins. The key is education.
Thank you for your time spent testing our review system. We hope you enjoyed the awesome sound this system is capable of producing. We have noted from a review of our server logs that your "Slashdot" reader base has purchased a lot of our units, and therefore we extend our gratitude for your indirect financial support as well.
Since our unit has given you so much joy, you can extend your listening pleasure by visiting us on the web at http://cheesyecommerce.com/musik/payusnowdammit.as p. Your demo unit's hardware capabilities are set to self destruct in 15 days if payment is not received.
Please note that our hardware's self destruct mechanism is protected against tampering by advanced ROT13 encryption. Any attempt (which undoubtedly will fail) to modify the hardware control routines attached to our patented C4 explosive destruct device contained within will result in our special Linux edition "Magic Lantern U.K." software reporting you directly to the FBI, and may result in loss of life or limb as well.
Once again, thank you for trying our unit. To avoid accidental explosions, please remit payment in full ($20,000 USD) within 15 calendar days. We appreciate your business!
I've seen the movie that's most often pointed to as an example of the "birth of the hyperlink" (in multiple segements for easy fun downloading:] ). It's actually very entertaining (well, okay, I am a geek) and extraordinary informative.
I can't find the link at the moment, but I believe you have the general date right (late 60s). This patent is completely invalid, and I hope BT gets their asses countersued straight off for attempting such bullshit. I'm not a huge fan of Prodigy, but they've definitely got better things to do with their time than defend themselves against idiotic suits.
Here's the one thing that has me curious: if BT wanted to establish a precedent in U.S. courts for the validity of this patent, why the hell did they choose to sue an national ISP (which has the cash to fight back with decent [is that possible for lawyers?] attorneys? Why not pick a very small online company without deep pockets? I'm not encouraging such behavior, but it only seems to add to BT's idiocy that they'd muck up the "who to sue" question as well...
Very nice indeed:). This method seems like the definite best solution for NT/IIS platforms! One quick question: are you aware of a way to produce a similar setup for NT/Apache/Perl-PHP users? I know a few people using NT as their server OS, but Apache for the web server in place of IIS.
NT might not be my choice of server platforms, but a lot of folks are "standardized" on it. There's a lot of people beginning to use alternative scripting languages and web servers, though. It would be neat if there were a similar way to access an MS-SQL server using those tools.
Thank you for the great reply! This is very useful information.
Very good questions, actually:). I haven't done ASP in a long, long time, but I recall that there is a mechanism built in that allows you to retrieve login information from a file that isn't publicly available. There's probably other neat hacks to get the info from the registry, too.
Under Perl or PHP, you can do it by storing the login info in a file that's chmod'ed to disallow access to all but your userid. Now, in this scenario, your script has to run as your userid (instead of the web server uid [Apache or Nobody]), which can be accomplished via suEXEC or a cgi wrapper. Either way, same effect. In this event, there are only a few ways someone could snag the password (running a proggy to directly interface to the memory space of your program [unlikely], get root access to the server [you'd have more to worry about in that case], or monitoring the network wire [if you were accessing the password on a remote machine via cleartext]).
I guess my point is this: there are ways to avoid the "passwords in the script" problem in most languages/systems. Of course, if the target environment is Winows 9x, you're going to have oodles of problems with access permissions, but nobody runs productions servers on 9x, right?:)
"Although this can be a fairly malicious worm, it is very unlikely to infect many servers due to the fact that majority of Microsoft SQL servers have administrator passwords."
Not in my experience, sadly. In most of the corporate environments I've seen MS-SQL Server installed, the sa account has had no password. You may wonder what their logic was... "nobody would know how to hack it, and it's just a development server anyhow."
Yeah, right... a development server exposed to the net. That's not the worst of it, though. I've seen shops where the sa account was kept blank so ASP "programmers" wouldn't have to bother with remembering a password. This shitty practice is amazingly common.
It's usually very difficult to reason with the management types on this sort of thing. Most of these people view the database server as a magic box where their information is kept, not as a system that needs to be properly secured. By and large, most corporate types I've talked to actually believed you'd have to have physical access to the machine. I can't say how many times I've heard them say things like "oh, that's what the Administrator logon password in NT is for, right?". Uh, no try again...
It would probably be impossible to accurately say how many people are running with open sa accounts, because to stand up and admit it would be career suicide for any "database admin". Then again, given the lack of knowlege concerning this among the management types, maybe they wouldn't take so much flack after all. In the end, they could always blame Microsoft for letting them set up the account with a blank password to begin with (dumb, but I can see them saying that).
Actually, B is more interesting than some people may realize. Allow me to illustrate:
If we take the stance that such software (Magic Lantern) *would* have to be frequently modified to remain stealthy, we end up with a whole new problem on our hands. In order to keep up with the newest "ignore versions", McAfeee would have to release new descriptor files/lists containing this info.
So, now that we have the concept of an "ingore list" rather than just "detect lists", let's say that a virus author decides to exploit some weakness in the McAfee product itself to add his/her nasty code to the ignore list. It's not that I think the McAfee coders are *completely* incompetent... I just think any company willing to take "ignore" action on finding an unauthorized program (worm) can't be very intelligent in the first place.
Oh, dear lord, I just spewed beverage... that's the funniest post I've seen in weeks.
Rock on:). Moderators, this is a fine example of the gems that can be found if you browse a few levels deep... please mod up! I want others to enjoy this as well:).
As long as we're gonna go around modding out rugby balls to give us "most excellent" visual shots, why not continue with this new tradition of improving on the game...
You could place internally stabilizing gyroscopes inside the thing to ensure the "always perfect" pass. Heck, if you're gonna do that, why not mod it out with anti-intercept electronic countermeasures too? Opposing player tryin' to snag the ball? No worries, mate... it's packing more punch than a hand-held taser.
MODERATORS: Please mod parent up! That has got to be the most effective, concise insight into my (sadly) nation's disgusting actions I've seen to date. All I can say is "wow". Nathaniel, thank you.
Oh, and before anyone starts flaming me for being a "bleeding heart liberal", you should probably know I'm a staunch Libertarian. I know insanity when I see it, and this the current "war" the U.S. is waging is fucking insane.
Hmm... doesn't fly. I understand what you're *trying* to say, but I think you fall short on the overall consequences of this action.
Here in the U.S. (and most other Western nations), everybody seems to be making a huge deal out of how "if you can't compete in the electrontic marketplace, you're out of business". Now, whether this is truly a fact or not remains to be seen, but it's almost certainly becoming more true every day.
Think about it. From that standpoint, a single company lacking the resources to compete in the digital marketplace, or even to leverage technology to compete in pure "meatspace", risks losing big-time. Now, extend that concept to the economy of an entire nation. Pretty ugly, eh? Yep, it sure is... I for one feel bad for the doubtless *many* legitimate businesses in Somalia that will suffer from this.
What's the end consequence? You can't really say "oh, they'll just get their access elsewhere", because any nation that reconnects them is begging for U.S. backlash. As a nation (and yes, I am an American citizen), we have a disturbing habit of not only "taking our ball and going home", but dropping bombs on anyone else who wants to let others use *their* ball to play. This tendency is only becoming more pronounced. I don't know how much longer the rest of the world will tolerate the cry-baby tactics of this nation, but hopefully it won't be too much longer.
I don't think it'll be illegal to use a secure system due to this, but I *do* think they're really asking for trouble if this thing "flies".
WARNING: The remainder of this post may in fact be advocating "terrorism" under the new definitions put forth by the U.S. gov with respect to "computer crimes". Why am I logged in? Because, quite simply, they can kiss my A$$.
Do you really think tens thousands of server admins would let this go without retribution? I for one sure as hell wouldn't. Invasion of my servers is, in my book, precisely the same as invading my home (maybe even worse). Okay, so how do we fix their little red wagon?
Go HoneyPot on their asses. Set up a bunch up of machines all over the place to get compromised, and have firewall software monitoring the destination of the nasty outgoing packets. From there, use a P2P model to distribute the destinations of such data, and D-E-N-Y the living hell out of their servers. For added flair, you could always include repetitious, highly profane strings in your denial actions (use your imagination).
I would especially advocate this concept for all technies living in various foreign nations whose citizens might get "bugged" by the our wonderful boys in blue. Yes, I am openly advocating retaliatory strikes against this sort of disgusting behavior.
It isn't so much the actual current lockups (1 to be precise) that matter the most. It's the fact that countless researchers are probably wondering if they should ever publish their research again given the specter of arrest and lengthy imprisonment. I find it hard to believe you consider Dmitry to be nothing more than a "salesman pitching his product". In truth, his presentation in the States was more to do with findings of fact concerning his research into the system than anything else. The documents are all online, please check your sources.
No, I'm not screaming "Corporate polic state!". I'm actually screaming "Screwed up crap in the legal code!" which is quite different. The fact that you find it acceptable for innocent people to get their lives ruined in the "short term" (explain that to their families) over this is somewhat galling.
As for government employees doing their jobs, do we really have to go into the nasty details of other government employees "just doing their jobs"? Harsh example here, but I'm fairly sure a number terrorists groups (meaning their individuals actually doing the dirty work) are confident that they are (1) just doing their jobs, and (2) morally correct for doing so. It doesn't make it RIGHT.
As for supporting the EFF, according my bank statement I do that on a routine basis. Have you contributed recently?
Wow, you're a complete idiot. Allow me to introduce you to some intelligent views, troll boy.
The idea here is to allow ANYONE (can you spell that?) to exercise fair use rights with regard to ANY form of media they purchase. That includes the right to make personal copies, manipulate such copies, and translate the data into a format they CAN use.
As to your idle threats, please, I'm falling out of my damned chair laughing. You see, you're probably assuming I'm a little prick with no muscle tone. Sadly, you are mistaken. It would be my pleasure to stomp your ass into the ground. Wanna take me up on that offer? Of course not, that's why you're posting as AC...
Note to moderators: yep, I bit this troll hook, line, and sinker. My karma's capped at 50, please feel free to mod this post into oblivion. Sorry for the inconvenience; I'd edgy at this hour.
the folks over at Secure Computing aren't really offering anything truly novel. Maybe I just skimmed their site too quickly, but what exactly do they do that couldn't be implemented via open source software?
*NIX operating systems have always been designed from the ground up to have fine grained access control features. This has been extended to all sorts of network environments spawned from that model. Perhaps they're playing up the "one box total solution" angle, but if that's the case they're on shaky ground.
Of course, I don't support government use of any sort of access controls to limit citizens' access to information, with the exception of info that is *truly* sensitive with respect to national security (sorry, info on water treatment plants found in libraries doesn't count IMO).
Then again, it's not my country. I don't agree with the extremist policies with respect to global data access enforced by many nations, but I also don't believe those policies can last forever. Sooner or later, the people will get fed up. This might mean rapid revolution, or gradual internal change, who knows?
Besides, recently (here in the U.S.) the apple hasn't fallen too far from the proverbial world tree in this respect. We're creeping toward a similar government view on what we can and can't access on the net. To all U.S. citizens: don't waste too many mental cycles worrying about the problems of other nations right now. The most pressing concerns and threats to our freedoms are right here at home.
Slashdot Mirror
Public board. Public comments. My protest to the sig char limit. Deal. HAND.
Minor clarification: meant to say that the *converse* of all three points applies to me (as in, I use Linux, code frantically, and use the GPL).
Thanks
Web hosting for geeks, by geeks. Starting at $4 USD per month.
If you're gonna email, use the public key!
Uh, no. Are these hard to spell?
You may hold the belief that the average Net user is a drooling idiot, but I can't share that view. Might such a user be ill-informed on issues related privacy online? Sure. Might s/he be ill-informed on kernel hackery? Sure. Does this make you a better person? No.
I somehow doubt the idea that Joe User can't spell the word "museum." I'm fairly sure your post was meant to be funny, and I apologize if I seem a bit harsh here. It's just that so many people here have a nasty tendency to look down upon anyone who (a) doesn't use Linux/BSD/OS X/whatever-cool-OS, (b) doesn't code, or (c) isn't a card-carrying GPL advocate. All three points actually apply to me, but I don't go around screaming it from the belfries.
More than anything, I've gotta wonder what kind of crack a moderator would have to be smoking to give that an "insightful +1" moderation...
Web hosting for geeks, by geeks. Starting at $4 USD per month.
If you're gonna email, use the public key!
Speaking of LAN parties, drinks, etc... the last true LAN party I attended was at a friend's house back in Atlanta. 'Twas a merry eve, as we were all sitting around (around 20 people), playing Quake and Unreal, eating pizza, and occassionally taking a dip in yon pool.
Late in the evening, as we were all sitting around talking, hacking, and whatnot, I made the biggest party foul to date. I'm a smoker, and I couldn't seem to, ummm... locate my ashtray. So, I casually ashed in a glass of expensive scotch, which happened to be attached to my friend's hand. My friend (name withheld, of course) is a LARGE guy, and thankfully took mercy on me. Due to this incredible foul, I had to take a "time out" on the balcony for 30 minutes.
Note to moderators: no, it's not offtopic, the story's about a massive LAN party for god's sake
Web hosting for geeks, by geeks. Starting at $4 USD per month.
If you're gonna email, use the public key!
Well said, indeed! I've had a LOT of music store folks help me out big-time when I couldn't find something, or wanted a recommendation on new stuff. People are either good at their jobs or not, and a lot of these people are very good.
Hmm... my first real job was serving soda and popcorn at a movie theater. I'd actually been programming for several years (started *young*), but couldn't find an employer who would take a 16 year old guy for a coding gig. I'd done some freelance stuff, but nothing big.
I don't like to hear people get down on people just because of their line of work. Honest work is, well, honest work.
Web hosting for geeks, by geeks. Starting at $4 USD per month.
If you're gonna email, use the public key!
That, sir, is a key point in all this mess. People are, more and more, wanting the ability to play their media in such devices as DVD players, the XBox, their PCs, etc. The RIAA must be completely blind.
How long before the majority of their customer base (music lovers at large) are primarily using "all in one" equipment (with PC-like capabilities) to play most of their CDs? I'd wager it won't be too long. People, seemingly by nature, love buying gadgets that do everything but clean the kitchen sink, and audio equipment is no exception. The technology is here to stay, regardless of whether or not the RIAA wants to cry about it.
My question is this: how long before the major manufacturers of such hardware get together and sue organizations like the RIAA for everything they're worth, el class action style, because their consumers can't play CDs on the equipment? Think about it: I'm a consumer, and the hardware I just bought says it can play CDs. Except it *can't* play these "protected" CDs without some sort of wierd hackery. If I'm not a geek (okay, I am, but just play along here), I won't (a) know *how* to get around it, and (b) won't *want* to get around it. I'd just want my hardware to work, damnit.
So, I complain to the hardware manufacturer, at which point they tell me it's not their fault, it's the fault of music distributors using stupid protection schemes. Uh, oh. I might get a wild hair to find out how many other people had been hurt by this, and toss my own personal class-action suit on top of the heap. Looks like the RIAA is headed for a major dent in the bank accounts.
Web hosting for geeks, by geeks. Starting at $4 USD per month.
If you're gonna email, use the public key!
that this continuous bullshit actually ends up hurting the already-ailing economy (here in the States). Sure, they're trying out their lovely "technology" on less-than-outrageously-popular CDs, but that doesn't help retail outlets any...
A lot of folks here are talking about sticking it to them where it hurts, namely by buying the CSs and then returning the after they're opened. This *will* hurt retail outlets who stock the discs. Unfortunately, we don't really have any other true recourse in the matter, so I have to support this course of action.
Yes, it's true that after a few thousand returned CDs, the retail guys and gals will probably get fed up and refuse to stock such "protected" CDs. The RIAA will eventually have to stop playing these stupid, asshole games with their customer base if they want to see their precious money continue to flow. How long it will take to get this through their thick heads is anybody's guess.
In the end, IT DOES NOT MATTER WHAT "PROTECTION" THEY ATTEMPT TO USE. If I can play the damned thing, I can use hi-fi equipment to dupe it. From there, I can do anything I want with the information. I can keep it for my personal, private fair-use play, or I can post it to every file-swapping network in existence. Will I personally post music ripped in this manner? Probably not (although the temptation is growing, yes indeedy). I'm CERTAIN that many, many other people will post the ripped tracks, however.
The folks behind this insanity are just plain stupid. They've been slow to embrace the concept of selling their music properly over the net, and choose instead to spend their money on dead-end paths such as paying attorneys to harass people. I laugh my ass off at them every time one of these stories breaks.
RIAA and pals, have fun hurting the economy while you can. You're only hurting yourselves in the end.
Web hosting by geeks, for geeks. Starting at $4 USD per month.
If you're gonna email, use the public key!
Geezus, I just called Linus Torvalds "Linux Torvalds". Damn this beer...
Web hosting by geeks, for geeks. Starting at $4 USD per month.
If you're gonna email, use the public key!
"What JBoss needs is a certification (with levels) for developers to obtain. If I go to a client and say "I have a level 3 WebLogic certification, a level 2 WebSphere certification, and know JBoss", what are they gonna pick?"
Hmm... makes one think, eh? As a developer, I've seen a lot of "certification wars" in the corporate contracting world. Here's my take.
The problem with "level-ified" certifications kinda resembles the "megahertz myth [to quote Apple]" issue. If you're assuming the client is a techno-yokel, you run into this problem with such cert programs.
Imagine, for example, two imaginary Linux certification programs. The first program (call it "EZLinux") sets out their certification map as follows:
- Level 1: Ability to use rm, ls, cp, and mv commands.
- Level 2: Understanding how to use RPM and DEB packages to update and modify a system.
- Level 3: Ability to use fdisk to create and manipulate partitions.
- Level 4: Actually got Mandrake running with help from the friendly neighbor kidz.
Okay, so that's an example of a *terribly* useless "certification" program that wouldn't be worth the paper the cert was printed on. Let's look at the other ficticious program, called "UR-Uber-H4x0r Linux":- Level 1: Ability to quote verbatim the man pages for all Mandrake 8 standard linux commands (doesn't necessarily require deep understanding, just inhuman memory).
- Level 2: In-depth knowledge of kernel configuration and compilation, demonstrated by ability to correctly by hand [no Xconfig for you, for added flavor] compile a 2.4.x kernel for every known supported platform in existence.
- Level 3: Linux Torvalds willingly calls you Daddy, and calls you up for kernel hacking advice. Alan Cox routinely shows up at your pad asking for tree contributions.
Now, if you were Joe Hiring Manager, you might not actually know the difference between the two programs. Joe might look at them both, and say "wow, that first one has an extra level, so it's gotta be better!"Companies will always try to use these tactics to make their products/programs/certs seem better than the others out there. Now, here's the real kicker: if Joe Hiring Manager actually understands why a certain cert is better than the others, he also (in all probability) understands why the product the cert is for is better. Hence, the better product wins. The key is education.
Just my take, that's all
Web hosting by geeks, for geeks. Starting at $4 USD per month.
If you're gonna email, use the public key!
Dear CmdrTaco (Rob),
Thank you for your time spent testing our review system. We hope you enjoyed the awesome sound this system is capable of producing. We have noted from a review of our server logs that your "Slashdot" reader base has purchased a lot of our units, and therefore we extend our gratitude for your indirect financial support as well.
Since our unit has given you so much joy, you can extend your listening pleasure by visiting us on the web at http://cheesyecommerce.com/musik/payusnowdammit.a
Please note that our hardware's self destruct mechanism is protected against tampering by advanced ROT13 encryption. Any attempt (which undoubtedly will fail) to modify the hardware control routines attached to our patented C4 explosive destruct device contained within will result in our special Linux edition "Magic Lantern U.K." software reporting you directly to the FBI, and may result in loss of life or limb as well.
Once again, thank you for trying our unit. To avoid accidental explosions, please remit payment in full ($20,000 USD) within 15 calendar days. We appreciate your business!
Sincerely,
Linn.Co.Uk Sales Team
--------
Web hosting by geeks, for geeks. Now starting at $4/month (USD)!
If you're gonna email, use the public key!
I've seen the movie that's most often pointed to as an example of the "birth of the hyperlink" (in multiple segements for easy fun downloading
I can't find the link at the moment, but I believe you have the general date right (late 60s). This patent is completely invalid, and I hope BT gets their asses countersued straight off for attempting such bullshit. I'm not a huge fan of Prodigy, but they've definitely got better things to do with their time than defend themselves against idiotic suits.
Here's the one thing that has me curious: if BT wanted to establish a precedent in U.S. courts for the validity of this patent, why the hell did they choose to sue an national ISP (which has the cash to fight back with decent [is that possible for lawyers?] attorneys? Why not pick a very small online company without deep pockets? I'm not encouraging such behavior, but it only seems to add to BT's idiocy that they'd muck up the "who to sue" question as well...
Web hosting by geeks, for geeks. Now starting at $4/month (USD)!
If you're gonna email, use the public key!
Very nice indeed
NT might not be my choice of server platforms, but a lot of folks are "standardized" on it. There's a lot of people beginning to use alternative scripting languages and web servers, though. It would be neat if there were a similar way to access an MS-SQL server using those tools.
Thank you for the great reply! This is very useful information.
Web hosting by geeks, for geeks. Now starting at $4/month (USD)!
If you're gonna email, use the public key!
Very good questions, actually
Under Perl or PHP, you can do it by storing the login info in a file that's chmod'ed to disallow access to all but your userid. Now, in this scenario, your script has to run as your userid (instead of the web server uid [Apache or Nobody]), which can be accomplished via suEXEC or a cgi wrapper. Either way, same effect. In this event, there are only a few ways someone could snag the password (running a proggy to directly interface to the memory space of your program [unlikely], get root access to the server [you'd have more to worry about in that case], or monitoring the network wire [if you were accessing the password on a remote machine via cleartext]).
I guess my point is this: there are ways to avoid the "passwords in the script" problem in most languages/systems. Of course, if the target environment is Winows 9x, you're going to have oodles of problems with access permissions, but nobody runs productions servers on 9x, right?
Web hosting by geeks, for geeks. Now starting at $4/month (USD)!
If you're gonna email, use the public key!
"Although this can be a fairly malicious worm, it is very unlikely to infect many servers due to the fact that majority of Microsoft SQL servers have administrator passwords."
Not in my experience, sadly. In most of the corporate environments I've seen MS-SQL Server installed, the sa account has had no password. You may wonder what their logic was... "nobody would know how to hack it, and it's just a development server anyhow."
Yeah, right... a development server exposed to the net. That's not the worst of it, though. I've seen shops where the sa account was kept blank so ASP "programmers" wouldn't have to bother with remembering a password. This shitty practice is amazingly common.
It's usually very difficult to reason with the management types on this sort of thing. Most of these people view the database server as a magic box where their information is kept, not as a system that needs to be properly secured. By and large, most corporate types I've talked to actually believed you'd have to have physical access to the machine. I can't say how many times I've heard them say things like "oh, that's what the Administrator logon password in NT is for, right?". Uh, no try again...
It would probably be impossible to accurately say how many people are running with open sa accounts, because to stand up and admit it would be career suicide for any "database admin". Then again, given the lack of knowlege concerning this among the management types, maybe they wouldn't take so much flack after all. In the end, they could always blame Microsoft for letting them set up the account with a blank password to begin with (dumb, but I can see them saying that).
Web hosting by geeks, for geeks. Now starting at $4/month (USD)!
If you're gonna email, use the public key!
Actually, B is more interesting than some people may realize. Allow me to illustrate:
If we take the stance that such software (Magic Lantern) *would* have to be frequently modified to remain stealthy, we end up with a whole new problem on our hands. In order to keep up with the newest "ignore versions", McAfeee would have to release new descriptor files/lists containing this info.
So, now that we have the concept of an "ingore list" rather than just "detect lists", let's say that a virus author decides to exploit some weakness in the McAfee product itself to add his/her nasty code to the ignore list. It's not that I think the McAfee coders are *completely* incompetent... I just think any company willing to take "ignore" action on finding an unauthorized program (worm) can't be very intelligent in the first place.
Web hosting by geeks, for geeks. Now starting at $4/month (USD)!
If you're gonna email, use the public key!
Oh, dear lord, I just spewed beverage... that's the funniest post I've seen in weeks.
Rock on
As long as we're gonna go around modding out rugby balls to give us "most excellent" visual shots, why not continue with this new tradition of improving on the game...
You could place internally stabilizing gyroscopes inside the thing to ensure the "always perfect" pass. Heck, if you're gonna do that, why not mod it out with anti-intercept electronic countermeasures too? Opposing player tryin' to snag the ball? No worries, mate... it's packing more punch than a hand-held taser.
Geez, this game could be really fun.
Web hosting by geeks, for geeks. Now starting at $4/month (USD)!
If you're gonna email, use the public key!
MODERATORS: Please mod parent up! That has got to be the most effective, concise insight into my (sadly) nation's disgusting actions I've seen to date. All I can say is "wow". Nathaniel, thank you.
Oh, and before anyone starts flaming me for being a "bleeding heart liberal", you should probably know I'm a staunch Libertarian. I know insanity when I see it, and this the current "war" the U.S. is waging is fucking insane.
Web hosting by geeks, for geeks. Now starting at $4/month (USD)!
If you're gonna email, use the public key!
Hmm... doesn't fly. I understand what you're *trying* to say, but I think you fall short on the overall consequences of this action.
Here in the U.S. (and most other Western nations), everybody seems to be making a huge deal out of how "if you can't compete in the electrontic marketplace, you're out of business". Now, whether this is truly a fact or not remains to be seen, but it's almost certainly becoming more true every day.
Think about it. From that standpoint, a single company lacking the resources to compete in the digital marketplace, or even to leverage technology to compete in pure "meatspace", risks losing big-time. Now, extend that concept to the economy of an entire nation. Pretty ugly, eh? Yep, it sure is... I for one feel bad for the doubtless *many* legitimate businesses in Somalia that will suffer from this.
What's the end consequence? You can't really say "oh, they'll just get their access elsewhere", because any nation that reconnects them is begging for U.S. backlash. As a nation (and yes, I am an American citizen), we have a disturbing habit of not only "taking our ball and going home", but dropping bombs on anyone else who wants to let others use *their* ball to play. This tendency is only becoming more pronounced. I don't know how much longer the rest of the world will tolerate the cry-baby tactics of this nation, but hopefully it won't be too much longer.
Just my thoughts, eh?
Web hosting by geeks, for geeks. Now starting at $4/month (USD)!
Yes, this is my protest to the sig char limit
I don't think it'll be illegal to use a secure system due to this, but I *do* think they're really asking for trouble if this thing "flies".
WARNING: The remainder of this post may in fact be advocating "terrorism" under the new definitions put forth by the U.S. gov with respect to "computer crimes". Why am I logged in? Because, quite simply, they can kiss my A$$.
Do you really think tens thousands of server admins would let this go without retribution? I for one sure as hell wouldn't. Invasion of my servers is, in my book, precisely the same as invading my home (maybe even worse). Okay, so how do we fix their little red wagon?
Go HoneyPot on their asses. Set up a bunch up of machines all over the place to get compromised, and have firewall software monitoring the destination of the nasty outgoing packets. From there, use a P2P model to distribute the destinations of such data, and D-E-N-Y the living hell out of their servers. For added flair, you could always include repetitious, highly profane strings in your denial actions (use your imagination).
I would especially advocate this concept for all technies living in various foreign nations whose citizens might get "bugged" by the our wonderful boys in blue. Yes, I am openly advocating retaliatory strikes against this sort of disgusting behavior.
And I think it's damned well warranted.
Web hosting by geeks, for geeks. Now starting at $4/month (USD)!
Yes, this is my protest to the sig char limit
PNG is in heavy use across the net. You, sir, are blind.
It isn't so much the actual current lockups (1 to be precise) that matter the most. It's the fact that countless researchers are probably wondering if they should ever publish their research again given the specter of arrest and lengthy imprisonment. I find it hard to believe you consider Dmitry to be nothing more than a "salesman pitching his product". In truth, his presentation in the States was more to do with findings of fact concerning his research into the system than anything else. The documents are all online, please check your sources.
No, I'm not screaming "Corporate polic state!". I'm actually screaming "Screwed up crap in the legal code!" which is quite different. The fact that you find it acceptable for innocent people to get their lives ruined in the "short term" (explain that to their families) over this is somewhat galling.
As for government employees doing their jobs, do we really have to go into the nasty details of other government employees "just doing their jobs"? Harsh example here, but I'm fairly sure a number terrorists groups (meaning their individuals actually doing the dirty work) are confident that they are (1) just doing their jobs, and (2) morally correct for doing so. It doesn't make it RIGHT.
As for supporting the EFF, according my bank statement I do that on a routine basis. Have you contributed recently?
Web hosting by geeks, for geeks. Now starting at $4/month (USD)!
Yes, this is my protest to the sig char limit
Wow, you're a complete idiot. Allow me to introduce you to some intelligent views, troll boy.
The idea here is to allow ANYONE (can you spell that?) to exercise fair use rights with regard to ANY form of media they purchase. That includes the right to make personal copies, manipulate such copies, and translate the data into a format they CAN use.
As to your idle threats, please, I'm falling out of my damned chair laughing. You see, you're probably assuming I'm a little prick with no muscle tone. Sadly, you are mistaken. It would be my pleasure to stomp your ass into the ground. Wanna take me up on that offer? Of course not, that's why you're posting as AC...
Note to moderators: yep, I bit this troll hook, line, and sinker. My karma's capped at 50, please feel free to mod this post into oblivion. Sorry for the inconvenience; I'd edgy at this hour.
the folks over at Secure Computing aren't really offering anything truly novel. Maybe I just skimmed their site too quickly, but what exactly do they do that couldn't be implemented via open source software?
*NIX operating systems have always been designed from the ground up to have fine grained access control features. This has been extended to all sorts of network environments spawned from that model. Perhaps they're playing up the "one box total solution" angle, but if that's the case they're on shaky ground.
Of course, I don't support government use of any sort of access controls to limit citizens' access to information, with the exception of info that is *truly* sensitive with respect to national security (sorry, info on water treatment plants found in libraries doesn't count IMO).
Then again, it's not my country. I don't agree with the extremist policies with respect to global data access enforced by many nations, but I also don't believe those policies can last forever. Sooner or later, the people will get fed up. This might mean rapid revolution, or gradual internal change, who knows?
Besides, recently (here in the U.S.) the apple hasn't fallen too far from the proverbial world tree in this respect. We're creeping toward a similar government view on what we can and can't access on the net. To all U.S. citizens: don't waste too many mental cycles worrying about the problems of other nations right now. The most pressing concerns and threats to our freedoms are right here at home.
Web hosting by geeks, for geeks. Now starting at $4/month (USD)!
Yes, this is my protest to the sig char limit
Given the fact that our thread is getting a wee bit off topic, please email me to continue the discussion. I'm glad we didn't get into a flame war
Seriously, I'd like to continue this discourse. I'd email you first, but you don't give an address in your user info. Thanks!