No, you're quite wrong. But to explain why, I need a spoiler from the end of the books:
SPOILER
Remember that the King Eagle flew Gandalf from Saruman's tower stronghold to Rivendell? And remember that he got from the Black Gate to Mount Doom in about five minute to pick up Frodo?
Get out a ruler and the map on the last page and do the math. The eagles can cross the world in one hour without resting. And once they landed at the maw of Mount Doom, it was undefended. Remember? Frodo just walked right in.
Piece of cake.
No, it's obvious that Gandalf was either suicidal or plain evil.
The rest of them didn't really give much of a damn (unless commanded to give a damn by the eagle chief)
You've read the books. You don't think Gandalf and chief eagle could've talked the eagles into helping? Shit, he talked all the men of the world into fighting a hopeless battle where they were going to die and they knew it. His tounge was more silver than Sarumans'. Anyway, it's not like they had to fight or die or anything. Just one little flight to Mount Doom. Piece of cake.
No, I think the obvious answer was that Gandalf was playing to lose. Maybe just suicidal, if not totally evil.
Hey one thing I've never understood about LoTR is why the forces of light didn't attack Mount Doom from the air. See, they had over 10,000 giant eagles, and you could have mounted an elven archer on each one. Mount Doom was undefended from the air, and only the Black Riders could fly. So it would have been 10,000 against nine.
Instead, Gandalf sent two of his weakest soldiers on foot. I can only assume he was suicidal or an agent of darkness... does Tolkien cover this in a sequel?
Anyway, I'm going to play "Tom Bombadil" and sing a song of protest on my way into the theater, so I don't have to pay the evil MPAA.
A gold NWC cartridge recently sold for $6,500! Will their value increase in the future? It seems a safe bet.
Holy Crap!!! My brother won this in 1990 and has one of these, I just called him! He's freaking out, he always thought it was garbage (though he apparently still plays it). Does anyone have any suggestions on how to sell this thing?
Re:Why are we wasting precious bandwidth?
on
HotBot Returns
·
· Score: 2
Google is the number one hitter of K5, for a grand total of 30% of all hits or 1173228 hits total. Please don't post links to incomplete information in an attempt to distort the truth. Google is a huge drain on K5; another search engine as aggressive as Google will cost K5 and every other site like it hundreds of dollars every month.
I believe you've missed the crux of the article. I believe that Declan was saying that the owner of a database can protect against future misuse of the database by scrambling the database itself against misuse by future owners. For instance, Slashdot scrambles the IP address of all visitors using an MD5 hash to protect against abuse of IP information. This approach is of course insecure and flawed (MD5 of an IP can be brute forced in a day), but the principle is sound. The federal government could easily implement a competent version of this principle to protect our privacy while still mining the database for terrorist threats.
By far the most potent vault of gun facts on the Internet is GunCite
It is a wonderful source of gun information, and a far better source than even Snopes for combatting gun misinformation. Additionally, I would recomend Michael Moore's new movie Bowling for Columbine - if you are an American interested in learning about guns in America, you can learn more about gun advocates in the two minute Terry Nichols interview than you can in a year of attempting to decipher NRA mailings. 'There are real nuts out there!' exclaims Terry. And he is quite right.
Despite the recent California Supreme Court decision, I think every reasonable American knows that the founding fathers designed the second amendment to allow all Americans access to personal firearms. Muzzle loaded, smoothbore, single shot flintlocks. Of course, the idea of giving a person today's concealable automatic ceramic-barreled teflon-round armed killing machines would have been complete anathema even to Patrick Henry, and it is likely that the Supreme Court will get around to upholding a ban on everything but black powder smoothbore, but until then we'll have to tolerate the nutjobs.
If, at any point, every Mozilla user in the world updates to a patched version, you will have a point. Until then, you do not. The problems which the author cites with Internet Explorer are all patched; the problem is people who do not apply patches. The same is true of Mozilla. I do not know why Slashdot's moderators are so allergic to this fact, but their bias will prove very damaging to unsuspecting Mozilla users.
And me, I don't have to worry about some exploit using i.e. to take her [the wife's] computer down [because i gave her Mozilla].
Your blind assumptions about the security of Mozilla are putting your wife in danger. Just a few weeks ago, Mozilla has disclosed six serious security flaws ranging from nondisclosure of SSL failure to a buffer overflow DoS that has yet to be prozen unexploitable on Windows platforms. That means that anyone running Mozilla is exposing themselves to remote takeover by a hostile site.
The worst part of all this is that there are currently no fixes for any of these problems available from Mozilla. Running IE is far from a "solution", but keep in mind that 99% of attacks against IE are against people who fail to apply the security patches and turn their "Internet Zone" security to "High". Browsing through a transparent proxy such as JunkBuster improve security even more.
The point of all this is that both browsers are huge codebases being developed at breakneck speed, and no implicit assumption of security should be made. Security is a process, and those failing to undergo the process will become victims.
I say we just offload all the extremists and morons onto Mars. We'll call it the "Get Off Of Our Planet" (GOOOP) project.
But there's no atmosphere on Mars! That's an awfully expensive way to kill millions of people! Wait a minute... that makes you an EXTREMIST! Good plan... we'll send you and the Ayatollah and Bin Laden straight to Mars. A little less direct than Zyklon-B, but no less effective.
I believe you've misunderstood the article. This isn't about Microsoft publishing specs to their.DOC format (which Kotar-Kotelly's Final Decree requires them to do) but rather their unwillingness to participate in the creation in a new format that will be the doom of Microsoft Word.
As you say, hardly surprising, but it's important to note the details.
Your case seems awfully hypothetical. Let's go with something more concrete. Your web site, Marotti.com, is vulnerable to this exploit and has been for weeks. All someone who doesn't like you would have to do is just download the exploit and request the appropriate URL, and all your passwords would be overwritten. I mean ANYBODY who reads packetstorm could have done this to you for weeks.
Don't be silly. Full disclosure is part of the process.
Securing OpenSSL
on
Due Diligence?
·
· Score: 5, Interesting
Some points to consider:
Fear. Most Linux users are probably reeling in shock from the recent trojan inserted by elite hacking group ADM into the libpcap distribution. The old standby argument that 'checking the MD5 signatures' will save you has become null & void; ADM replaced the MD5 signatures too. The only reason the trojan was detected was because of the Google cache! This kind of thing probably has most users afraid to move to anything recently released that hasn't been extensively peer reviewed.
Ignorance. Since the Slapper worm only contains offsets for a handful of platforms, many flavors of Linux are 'immune' to automated infection. While blackhat groups have offsets for nearly every implementation of Apache/SSL in existence (yes, even you x86 Solaris people), this threat isn't considered 'immediate' enough to justify the third point:
Sloth. Upgrading your OpenSSL isn't as easy as it could be. You actually have to recompile Apache with./configure flags to link it to the new version of OpenSSL which you just recently downloaded (it's not trojaned... right?). Sounds easy, but for a production server that hasn't been touched in a year, this tends to make people really nervous
All of this points to the fact that there is a fundamental flaw in the way that the Open Source community is securing their software. Putting MD5 signatures on the same server that the software is available from isn't even close to secure - Dave Aitel of Immunity Security keeps hammering on this point in BugTraq. And we're going to see even more of this 'Upgrade Fear' as more and more distributions get trojaned - Slash is probably next on the list.
We need to look at existing, successful solutions to this problem (like Windows Update) and catch up. Now.
Personally, I'm sick of the fact that I have two choices for getting broadband into my house: the Cable Monopoly and the Telephone Monopoly. What incentive do I have to follow their "User Agreements" when both of them are in violation of numerous antitrust laws? None. Look at Verizon: they beat every last CLEC to death, and now they've introduced legislation to "deregulate" the broadband market, which means "exercise monopoly power over".
So, now we have a tool. A way for one person to subscribe for DSL or Cable Modem service and share their connection with the entire neighborhood, who can provide kickbacks in the form of cash. With a properly configured distribution of this package, it's entirely possible to make your routing/NAT'ing of your neighbors traffic completely undetectable.
How's that for sticking it to the man? Illegal monopolies: This Is Your Wakeup Call!
My wife and I are actually quite young, and I'm trying to persuade her to wait until Science advances to the point that we can select the gender and fitness level of our child. I've always wanted an athletic young son, and considering the irreplacable amount of money and time it takes to raise a child, this only makes sense.
I'm forwarding her this article now; perhaps this will convince her I'm not such a dreamer after all.
f you took the field in Football and the other team's coach shoots you with a sniper rifle, that would be winning by any means necessary.
Exactly. This already happens. Look at Ohio State Buckeyes coach John Cooper, who was fired because the NCAA was investigating him for ordering his defensive players to damage/maim the opposing quarterback in a bowl game. Sure, he got busted by the NCAA, but for years he did the same thing with a great deal of success; in fact, training to damage and maim oppsing players was a key to his success. He is an example of a man who knew how to break through and think outside the box.
Try it, you may have something that you've been missing -- real fun.
Trust me, every time I get to play a deathmatch against you "level playing field" people I have LOTS of fun splattering you up against the wall.
To do my best to prove to the Movie Industry that their attempts at scaring everyone is futile, I am proceeding on a path of complete and total Civil Disobedience:
I have obtained a DVD copier (at great expense) and I frequently rent movies and copy them so I can view them later, like so:
I use DeCSS-derived software to copy DVDs to my Hard Drive and later to DVD, only this time encoding free!
I hand out free copies of DVD movies everywhere I can to as many people as I can, along with a 2600 flier about how bad the DMCA is
.
Join me in protesting for our freedoms! Remember, information (and especially movies like Good Will Hunting) want to be free!
I disagree. A lot of people complain about cheaters online; I think this is because they don't understand that they're thinking inside the box. A computer game is a construct; a player is someone attempting to defeat that construct. You are supposed to win by any means necessary. I mean, this is what "The Matrix" was all about! It was about breaking through the Construct, The Maxtrix, THE GAME, whatever you want to call it, and grasping true power. Not the power to move your player out of the way of bullets, but the power to delete the other players. To be invincible. To command the Universe.
I've been hacking games for years now, and the lesser computer game players never fail to see. My Q3 bot is nearly undetectable, and I can walk into nearly any deathmatch in the world and win with nearly no effort at all. Like Neo. Like God!
I never get sick of people stuck in the Matrix, unable to see the light. I try to help them, but like Neo knew, sometimes the best solution is just to kill them as many times as you can.
Ask Patrick Wyatt; he knows that hacking games is the ultimate form of combat.
PPC/Linux seems like an ambitious and technically interesting project, no doubt. Personally, though, I don't seem to understand the purpose. MacOs X is based on BSD, so you get all the nice Unix-like server features... and a decent GUI, something that Linux has never had. Are there some other advantages of Linux/PPC that I'm missing?
Link to the Slashdot booth? Wanting to see pictures of Glorious leader Rob "CmdrTaco" Malda and Jeff "Hemos" Bates I am! Where is the important Slashdot booth pictures! My enquiring mind knows to want!
Hey Taco Why dont you can Katz and give Cringley a job?
SubtleNuance person you are not understanding an important SubtleNuance! This is CmdrTaco's site! SubtleNuance's site? NO! CmdrTaco what he wants, does. Many of you complaining, I read "complain this", "complain that". No. This CmdrTaco's site, not complain site. Stop complain; somewhere else read and complain if complain. Read Slashdot, complain not, post good comments. Like me, I have 50 karma I post good comments, not complain complain complain complain.
The latest Debian CD provides all the software anyone could ever conceive of needing.
At first glance, you're right. But think about it for a minute. Rob Malda is quite possibly the most Open Source concious person I know of, and he is (by his own admission in several posted stories) almost addicted to the closed source computer game FFX. He discussed his obsession earlier in this story. If Rob can't get by with Tux racer, how can we expect people with only average willpower to resist the lure of proprietary software?
Face it, no matter how much we like Open Source software, there's always going to be something Closed Source that you like, even if you're Rob Malda. And what better what to stick it to the man and teach them to go Open Source than to just copy the software?
I think the mistake these DrinkOrDie guys made was that they copied too much. I only copy one or two games a month and nobody has ever busted me.
You don't come off as irate; you come off as a fucking retard.
As much as I hate to dignify this garbage with a response, I feel it is my duty to point out that you have obviously spent too much time playing Solitaire at work.
What is this? You're sitting behind your keyboard anonymously mocking me by comparing me to some large mythical creature? Do you think moderation is governed by mysticism? The moderators of this site are here to promote intelligent discussion, not offtopic anonymous mystical rambling.
I am trying to make people understand that you can't compare decent hard-working Americans to slacking.com disaster workers pissing away investment money playing Solitaire. What that has to do with Trolls, Orcs or Demons is your own business, but please don't bother me with it.
Slashdot Mirror
No, you're quite wrong. But to explain why, I need a spoiler from the end of the books:
SPOILER
Remember that the King Eagle flew Gandalf from Saruman's tower stronghold to Rivendell? And remember that he got from the Black Gate to Mount Doom in about five minute to pick up Frodo?
Get out a ruler and the map on the last page and do the math. The eagles can cross the world in one hour without resting. And once they landed at the maw of Mount Doom, it was undefended. Remember? Frodo just walked right in.
Piece of cake.
No, it's obvious that Gandalf was either suicidal or plain evil.
The rest of them didn't really give much of a damn (unless commanded to give a damn by the eagle chief)
You've read the books. You don't think Gandalf and chief eagle could've talked the eagles into helping? Shit, he talked all the men of the world into fighting a hopeless battle where they were going to die and they knew it. His tounge was more silver than Sarumans'. Anyway, it's not like they had to fight or die or anything. Just one little flight to Mount Doom. Piece of cake.
No, I think the obvious answer was that Gandalf was playing to lose. Maybe just suicidal, if not totally evil.
Hey one thing I've never understood about LoTR is why the forces of light didn't attack Mount Doom from the air. See, they had over 10,000 giant eagles, and you could have mounted an elven archer on each one. Mount Doom was undefended from the air, and only the Black Riders could fly. So it would have been 10,000 against nine.
Instead, Gandalf sent two of his weakest soldiers on foot. I can only assume he was suicidal or an agent of darkness... does Tolkien cover this in a sequel?
Anyway, I'm going to play "Tom Bombadil" and sing a song of protest on my way into the theater, so I don't have to pay the evil MPAA.
I don't need to call you a liar, Kuro5hin will do it for me.
1
1173228
29.85%
Googlebot/2.1 (+http://www.googlebot.com/bot.html)
Google is the number one hitter of K5, for a grand total of 30% of all hits or 1173228 hits total. Please don't post links to incomplete information in an attempt to distort the truth. Google is a huge drain on K5; another search engine as aggressive as Google will cost K5 and every other site like it hundreds of dollars every month.
I believe you've missed the crux of the article. I believe that Declan was saying that the owner of a database can protect against future misuse of the database by scrambling the database itself against misuse by future owners. For instance, Slashdot scrambles the IP address of all visitors using an MD5 hash to protect against abuse of IP information. This approach is of course insecure and flawed (MD5 of an IP can be brute forced in a day), but the principle is sound. The federal government could easily implement a competent version of this principle to protect our privacy while still mining the database for terrorist threats.
By far the most potent vault of gun facts on the Internet is GunCite
It is a wonderful source of gun information, and a far better source than even Snopes for combatting gun misinformation. Additionally, I would recomend Michael Moore's new movie Bowling for Columbine - if you are an American interested in learning about guns in America, you can learn more about gun advocates in the two minute Terry Nichols interview than you can in a year of attempting to decipher NRA mailings. 'There are real nuts out there!' exclaims Terry. And he is quite right.
Despite the recent California Supreme Court decision, I think every reasonable American knows that the founding fathers designed the second amendment to allow all Americans access to personal firearms. Muzzle loaded, smoothbore, single shot flintlocks. Of course, the idea of giving a person today's concealable automatic ceramic-barreled teflon-round armed killing machines would have been complete anathema even to Patrick Henry, and it is likely that the Supreme Court will get around to upholding a ban on everything but black powder smoothbore, but until then we'll have to tolerate the nutjobs.
If, at any point, every Mozilla user in the world updates to a patched version, you will have a point. Until then, you do not. The problems which the author cites with Internet Explorer are all patched; the problem is people who do not apply patches. The same is true of Mozilla. I do not know why Slashdot's moderators are so allergic to this fact, but their bias will prove very damaging to unsuspecting Mozilla users.
Your blind assumptions about the security of Mozilla are putting your wife in danger. Just a few weeks ago, Mozilla has disclosed six serious security flaws ranging from nondisclosure of SSL failure to a buffer overflow DoS that has yet to be prozen unexploitable on Windows platforms. That means that anyone running Mozilla is exposing themselves to remote takeover by a hostile site.
The worst part of all this is that there are currently no fixes for any of these problems available from Mozilla. Running IE is far from a "solution", but keep in mind that 99% of attacks against IE are against people who fail to apply the security patches and turn their "Internet Zone" security to "High". Browsing through a transparent proxy such as JunkBuster improve security even more.
The point of all this is that both browsers are huge codebases being developed at breakneck speed, and no implicit assumption of security should be made. Security is a process, and those failing to undergo the process will become victims.
Even Mozilla users.
But there's no atmosphere on Mars! That's an awfully expensive way to kill millions of people! Wait a minute... that makes you an EXTREMIST! Good plan... we'll send you and the Ayatollah and Bin Laden straight to Mars. A little less direct than Zyklon-B, but no less effective.
I'm sure Ashcroft would approve.
I believe you've misunderstood the article. This isn't about Microsoft publishing specs to their .DOC format (which Kotar-Kotelly's Final Decree requires them to do) but rather their unwillingness to participate in the creation in a new format that will be the doom of Microsoft Word.
As you say, hardly surprising, but it's important to note the details.
Your case seems awfully hypothetical. Let's go with something more concrete. Your web site, Marotti.com, is vulnerable to this exploit and has been for weeks. All someone who doesn't like you would have to do is just download the exploit and request the appropriate URL, and all your passwords would be overwritten. I mean ANYBODY who reads packetstorm could have done this to you for weeks.
Don't be silly. Full disclosure is part of the process.
All of this points to the fact that there is a fundamental flaw in the way that the Open Source community is securing their software. Putting MD5 signatures on the same server that the software is available from isn't even close to secure - Dave Aitel of Immunity Security keeps hammering on this point in BugTraq. And we're going to see even more of this 'Upgrade Fear' as more and more distributions get trojaned - Slash is probably next on the list.
We need to look at existing, successful solutions to this problem (like Windows Update) and catch up. Now.
The PC port was confirmed by the developers of the project quite a ways back. Do not feed this subtle misinformation troll.
Tricky, tricky...
Personally, I'm sick of the fact that I have two choices for getting broadband into my house: the Cable Monopoly and the Telephone Monopoly. What incentive do I have to follow their "User Agreements" when both of them are in violation of numerous antitrust laws? None. Look at Verizon: they beat every last CLEC to death, and now they've introduced legislation to "deregulate" the broadband market, which means "exercise monopoly power over".
So, now we have a tool. A way for one person to subscribe for DSL or Cable Modem service and share their connection with the entire neighborhood, who can provide kickbacks in the form of cash. With a properly configured distribution of this package, it's entirely possible to make your routing/NAT'ing of your neighbors traffic completely undetectable.
How's that for sticking it to the man? Illegal monopolies: This Is Your Wakeup Call!
My wife and I are actually quite young, and I'm trying to persuade her to wait until Science advances to the point that we can select the gender and fitness level of our child. I've always wanted an athletic young son, and considering the irreplacable amount of money and time it takes to raise a child, this only makes sense.
I'm forwarding her this article now; perhaps this will convince her I'm not such a dreamer after all.
f you took the field in Football and the other team's coach shoots you with a sniper rifle, that would be winning by any means necessary.
Exactly. This already happens. Look at Ohio State Buckeyes coach John Cooper, who was fired because the NCAA was investigating him for ordering his defensive players to damage/maim the opposing quarterback in a bowl game. Sure, he got busted by the NCAA, but for years he did the same thing with a great deal of success; in fact, training to damage and maim oppsing players was a key to his success. He is an example of a man who knew how to break through and think outside the box.
Try it, you may have something that you've been missing -- real fun.
Trust me, every time I get to play a deathmatch against you "level playing field" people I have LOTS of fun splattering you up against the wall.
Join me in protesting for our freedoms! Remember, information (and especially movies like Good Will Hunting) want to be free!
I disagree. A lot of people complain about cheaters online; I think this is because they don't understand that they're thinking inside the box. A computer game is a construct; a player is someone attempting to defeat that construct. You are supposed to win by any means necessary. I mean, this is what "The Matrix" was all about! It was about breaking through the Construct, The Maxtrix, THE GAME, whatever you want to call it, and grasping true power. Not the power to move your player out of the way of bullets, but the power to delete the other players. To be invincible. To command the Universe.
I've been hacking games for years now, and the lesser computer game players never fail to see. My Q3 bot is nearly undetectable, and I can walk into nearly any deathmatch in the world and win with nearly no effort at all. Like Neo. Like God!
I never get sick of people stuck in the Matrix, unable to see the light. I try to help them, but like Neo knew, sometimes the best solution is just to kill them as many times as you can.
Ask Patrick Wyatt; he knows that hacking games is the ultimate form of combat.
PPC/Linux seems like an ambitious and technically interesting project, no doubt. Personally, though, I don't seem to understand the purpose. MacOs X is based on BSD, so you get all the nice Unix-like server features... and a decent GUI, something that Linux has never had. Are there some other advantages of Linux/PPC that I'm missing?
Link to the Slashdot booth? Wanting to see pictures of Glorious leader Rob "CmdrTaco" Malda and Jeff "Hemos" Bates I am! Where is the important Slashdot booth pictures! My enquiring mind knows to want!
SubtleNuance person you are not understanding an important SubtleNuance! This is CmdrTaco's site! SubtleNuance's site? NO! CmdrTaco what he wants, does. Many of you complaining, I read "complain this", "complain that". No. This CmdrTaco's site, not complain site. Stop complain; somewhere else read and complain if complain. Read Slashdot, complain not, post good comments. Like me, I have 50 karma I post good comments, not complain complain complain complain.
Sick going to be if complain read again.
The latest Debian CD provides all the software anyone could ever conceive of needing.
At first glance, you're right. But think about it for a minute. Rob Malda is quite possibly the most Open Source concious person I know of, and he is (by his own admission in several posted stories) almost addicted to the closed source computer game FFX. He discussed his obsession earlier in this story. If Rob can't get by with Tux racer, how can we expect people with only average willpower to resist the lure of proprietary software?
Face it, no matter how much we like Open Source software, there's always going to be something Closed Source that you like, even if you're Rob Malda. And what better what to stick it to the man and teach them to go Open Source than to just copy the software?
I think the mistake these DrinkOrDie guys made was that they copied too much. I only copy one or two games a month and nobody has ever busted me.
You don't come off as irate; you come off as a fucking retard.
As much as I hate to dignify this garbage with a response, I feel it is my duty to point out that you have obviously spent too much time playing Solitaire at work.
"TROLL ALERT!"
.com disaster workers pissing away investment money playing Solitaire. What that has to do with Trolls, Orcs or Demons is your own business, but please don't bother me with it.
What is this? You're sitting behind your keyboard anonymously mocking me by comparing me to some large mythical creature? Do you think moderation is governed by mysticism? The moderators of this site are here to promote intelligent discussion, not offtopic anonymous mystical rambling.
I am trying to make people understand that you can't compare decent hard-working Americans to slacking