Perhaps I'm just silly but...
Why couldn't they have just teamed up with lwn.net? They've been around a long time and already have a very nice web site and a large reader base. Seems like a better idea to me.
Why don't you talk to the openssh team? I'm sure that for some nominal fee you can get extra priority support. OpenSSH is (IMHO) the best ssh implementation out there, and its from a dedicated team where security supercedes even functionality. The newest version of OpenSSH promises to be very hard to exploit.
That this is a two part virus and you already need to be infected with one part of it that embeds special instructions in the registry, for the virus to actually work. Note, that this part of the virus isn't a picture but must infect another file, possibly accompanying the picture, or hiding in another place.
From McAfee AV labs:
This appending virus is the first reported JPEG infector. It is multi-component
+in nature, requiring an extractor file to extract (and execute) the virus body
+from infected JPEG files.
Infected JPEGs are unable to replicate on non-infected machines - ie. machines
+without the extractor component installed (hooked in the Registry).
McAfee products running the 4185 DATs (or greater) with program heuristics
+enabled, detect both the virus body (11,780 byte PE) and its extractor
+component as virus or variant W32/Alcop@MM.
This virus is a proof of concept and it has not been seen in the wild.
(http://vil.nai.com/vil/content/v_99522.htm)
This virus sounds pretty stupid to me, why go to all of the trouble distributing the payload in pictures if anti virus software already can tell if an executable is infected by the "extractor" part.
However, the extractors relatively small size may make it easy to hide in other applications without antivirus software being able to detect it... Still smells like hype though.
I used to work at UC Irvine and my group was in charge of a public access lab where we used linux machines as X-terminals so that way people could log into any machine serving X11 sessions on the campus network.
One issue that the admistration had was the users breaking into the machines. We auto-spawned X sessions and used the restrict flag in LILO (which allows no special options to be passed to the kernel at boot time e.g linux init=/bin/sh) and we never had any problems. Of course, we also patched the machines whenever there were local or remote security holes via an automated patching system.
Another good idea might be to have the machines reboot, mount a miniroot at night and copy their os partitions over from a central server, similar to what I've seen norton ghost do on windows boxen.
and of course, you can use them for the obligatory parallel computing tasks during the night:)
Since it seems that they have the tools to effectively track piracy online, we can really see the _real_ intentions behind the CBDTPA and the DMCA. Its not about controlling piracy, its about controlling how, when and what we watch. Its about taking control and replacing open standards with closed ones so that way Tinseltown can sit and pervert the benefits of an internet that was built to promote freedom of information, not squash it. I applaud MIT's technology, for making it possible to detect copyright infringements without watermarking or digital rights management, without changing open standards, and for showing what a power move the CBDTPA and the DMCA really is.
Sorry... beating a dead horse here but I think that you don't understand... Let me see if I can clarify better:
Transgaming _bought_ the ability to decode safedisc and securerom protection. This they cannot open source (even if they really _really_ wanted to) because some of their code, just like MPlayer, was released to transgaming under a non-GPL/BSD compatible license. This has been explained many times over in the transgaming forums, and I hate to see them take a bad rap for it due to people not understanding the issue. All open-sourceable code is released to the public cvs servers, the unGPL'able code is not.
Re:Use copyright to maintain name recognition
on
Debian And WineX
·
· Score: 1
I think that most people here are misunderstanding the issue, and as a long WineX subscriber, I feel that I need to clarify.
WineX has _always_ been available in source form for free (meaning you can get it even if you aren't a subscriber) if you are willing and able to pull it from their CVS servers. What has never been free is their compiled code, in which they add such goodies such as safedisc and securerom support (which of course, can't be open sourced, because WineX licensed it from the companies that created the copy protection)
What Transgaming is asking is that distributions don't package the free version of their source as a package, so people don't get the impression that when they try to run new game x with copy protection that it doesn't work with the WineX period, and not actually go and check transgamings site and realize that they need to buy the commercial version. I would hope more from the average linux user, but I can see their point.
Besides, people have been tolerating this behaviour from the MPlayer project for a long time, so I don't see what the big deal is. If you don't agree with their reasons, then exercise your right to choose and don't use the product:).
Code isn't malicious, people are.
Most virus code that is made public is expressly for the purpose of defending against viruses, not spreading them, at least where I frequent.
Forgive the gun control reference, but laws only affect the people who obey them. Its just as ludicrous as anti-circumvention laws, which just harm the people who aren't breaking the law in the first place. Why don't we spend all of this effort going after the real criminals/crackers instead of expending endless resources litigating useless laws that do much more harm than good.
Knowledge of the enemy and the enemies tactics are the best weapon.
When I purchase my new linux box, I'm planning on using scsi to ide converters for all my ide peripherals that I either can't get or am not satisfied with the solutions available in scsi. The main benfit to scsi is that it doesn't have the cpu overhead that IDE still has, even with its newest standards. Friends and co-workers of mine have used scsi-ide converters and haven't reported any problems with them, and in fact are very pleased.
I believe that the main difference between the 2K+ SCSI and the 1K IDE DVD burners is that the IDE ones cannot copy DVDs, where as the older SCSI version can.
Anyways, scsi to ide converters are a pretty good steal at about $100 a pop (especially for peripherals like the DVD burner where you'd save a lot of money) and you can get them from:
http://www.iodata.com
http://www.ide2scsi.com
Slashdot Mirror
Perhaps I'm just silly but...
Why couldn't they have just teamed up with lwn.net? They've been around a long time and already have a very nice web site and a large reader base. Seems like a better idea to me.
Why don't you talk to the openssh team? I'm sure that for some nominal fee you can get extra priority support. OpenSSH is (IMHO) the best ssh implementation out there, and its from a dedicated team where security supercedes even functionality. The newest version of OpenSSH promises to be very hard to exploit.
That this is a two part virus and you already need to be infected with one part of it that embeds special instructions in the registry, for the virus to actually work. Note, that this part of the virus isn't a picture but must infect another file, possibly accompanying the picture, or hiding in another place.
From McAfee AV labs:
This appending virus is the first reported JPEG infector. It is multi-component +in nature, requiring an extractor file to extract (and execute) the virus body +from infected JPEG files.
Infected JPEGs are unable to replicate on non-infected machines - ie. machines +without the extractor component installed (hooked in the Registry).
McAfee products running the 4185 DATs (or greater) with program heuristics +enabled, detect both the virus body (11,780 byte PE) and its extractor +component as virus or variant W32/Alcop@MM. This virus is a proof of concept and it has not been seen in the wild.
(http://vil.nai.com/vil/content/v_99522.htm)
This virus sounds pretty stupid to me, why go to all of the trouble distributing the payload in pictures if anti virus software already can tell if an executable is infected by the "extractor" part. However, the extractors relatively small size may make it easy to hide in other applications without antivirus software being able to detect it... Still smells like hype though.
I used to work at UC Irvine and my group was in charge of a public access lab where we used linux machines as X-terminals so that way people could log into any machine serving X11 sessions on the campus network.
:)
One issue that the admistration had was the users breaking into the machines. We auto-spawned X sessions and used the restrict flag in LILO (which allows no special options to be passed to the kernel at boot time e.g linux init=/bin/sh) and we never had any problems. Of course, we also patched the machines whenever there were local or remote security holes via an automated patching system.
Another good idea might be to have the machines reboot, mount a miniroot at night and copy their os partitions over from a central server, similar to what I've seen norton ghost do on windows boxen.
and of course, you can use them for the obligatory parallel computing tasks during the night
they said the same thing about the piano roll
Since it seems that they have the tools to effectively track piracy online, we can really see the _real_ intentions behind the CBDTPA and the DMCA. Its not about controlling piracy, its about controlling how, when and what we watch. Its about taking control and replacing open standards with closed ones so that way Tinseltown can sit and pervert the benefits of an internet that was built to promote freedom of information, not squash it. I applaud MIT's technology, for making it possible to detect copyright infringements without watermarking or digital rights management, without changing open standards, and for showing what a power move the CBDTPA and the DMCA really is.
Sorry... beating a dead horse here but I think that you don't understand... Let me see if I can clarify better:
Transgaming _bought_ the ability to decode safedisc and securerom protection. This they cannot open source (even if they really _really_ wanted to) because some of their code, just like MPlayer, was released to transgaming under a non-GPL/BSD compatible license. This has been explained many times over in the transgaming forums, and I hate to see them take a bad rap for it due to people not understanding the issue. All open-sourceable code is released to the public cvs servers, the unGPL'able code is not.
or maybe WineCoolerX :)
I think that most people here are misunderstanding the issue, and as a long WineX subscriber, I feel that I need to clarify.
:).
WineX has _always_ been available in source form for free (meaning you can get it even if you aren't a subscriber) if you are willing and able to pull it from their CVS servers. What has never been free is their compiled code, in which they add such goodies such as safedisc and securerom support (which of course, can't be open sourced, because WineX licensed it from the companies that created the copy protection)
What Transgaming is asking is that distributions don't package the free version of their source as a package, so people don't get the impression that when they try to run new game x with copy protection that it doesn't work with the WineX period, and not actually go and check transgamings site and realize that they need to buy the commercial version. I would hope more from the average linux user, but I can see their point.
Besides, people have been tolerating this behaviour from the MPlayer project for a long time, so I don't see what the big deal is. If you don't agree with their reasons, then exercise your right to choose and don't use the product
Code isn't malicious, people are. Most virus code that is made public is expressly for the purpose of defending against viruses, not spreading them, at least where I frequent. Forgive the gun control reference, but laws only affect the people who obey them. Its just as ludicrous as anti-circumvention laws, which just harm the people who aren't breaking the law in the first place. Why don't we spend all of this effort going after the real criminals/crackers instead of expending endless resources litigating useless laws that do much more harm than good. Knowledge of the enemy and the enemies tactics are the best weapon.
When I purchase my new linux box, I'm planning on using scsi to ide converters for all my ide peripherals that I either can't get or am not satisfied with the solutions available in scsi. The main benfit to scsi is that it doesn't have the cpu overhead that IDE still has, even with its newest standards. Friends and co-workers of mine have used scsi-ide converters and haven't reported any problems with them, and in fact are very pleased. I believe that the main difference between the 2K+ SCSI and the 1K IDE DVD burners is that the IDE ones cannot copy DVDs, where as the older SCSI version can. Anyways, scsi to ide converters are a pretty good steal at about $100 a pop (especially for peripherals like the DVD burner where you'd save a lot of money) and you can get them from: http://www.iodata.com http://www.ide2scsi.com
Seem's like it should be awarded "best in show" to me...