It's also very useful for policing if all you have to do when you want to track someone down is traceroute to them, use the government backdoor to ask the AP where it is, and send a squad over.
Or it's standard practice on Cisco devices and the password or algorithm used to get into this particular one leaked.
If it isn't standard practice, it'd be easy for Cisco to put out a press release saying that they don't have backdoor passwords on any of their other products.
Default password: Changeable password that comes set on a vanilla machine. Owner knows of the existence of this password, and can easily close it as a hole by changing the password.
Backdoor password: Non-owner-changeable password that comes hidden on a machine. Owner does not know that this password exists, and cannot prevent people who know about it from exploiting it.
The logic was that having no wireless network at all is less secure than deploying a Cisco wireless network with the Wireless LAN Solution Engine, with the enhanced logging features and ability to monitor RF and detect rogue APs and the like.
That is the *stupidest* fucking idea I've ever heard of (granted, it's from a sales guy with little incentive to be honest, but still). If someone's *that* worried about rogue APs, why not have alarms start shrieking when a wireless MAC appears on your network? Why not use one of those dumb devices that just detects the presence of WAPs?
Wireless (at least in its current form) is a simply awful idea from a security standpoint. I've never been able to figure out how vendors manage to sell it to companies.
A default password, one that simply needs to be set, is very different from a backdoor password, which is hidden, unknown to the device owner, and works even after the device owner sets his password. The article was about a backdoor password.
Many adults watch movies and don't play video games.
They realize that the movies clearly are not significant factors in causing someone to kill someone, but they don't have a similar experience with video games.
So I guess that makes you a democrat (more sex less violence) as opposed to a republican (more violence less sex)... big fucking deal (no pun intedned).
Dunno. Ordinarily, I'd agree...but this is an election year, and black voters are currently a hot commodity. The Republicans are claiming that they have the black vote because they've been pushing family values, and the Demms because they've been pushing for job creation.
I predict that nobody will cut Bill Gates' head off with a plastic butter knife in the Strip in Vegas while riding a yak and wearing a space suit helmet, flippers, and a miniskirt. That would be highly taboo.
Why? Humans didn't evolve with videocameras around.
We don't deal with videotape particularly well.
It's a reasonable bet that whoever posted this wouldn't have immediately said this if he was standing right there when the guy blew his brains out.
It's not bizarre or unexpected for people to act differently to videotape than they do to real life. A lot of people on Slashdot would never say the things they do on Slashdot to people in real life.
She really doesn't understand the Internet. If she manages to get this off the Internet, it will be the first time anything controversial *ever* gets moved off the Internet.
I'll bet this movie has already been published to a Freesite, as a matter of fact, as soon as someone heard that someone was trying to censor the movie.
Ultimately, I can understand the mother being upset, but OTOH, if I want to run naked down Main Street carrying a squirrel and someone gets me on tape, I'm going to have to put up with video of it being out there.
This guy chose to shoot himself in public. I don't think shooting onesself is a good idea; I think that shooting onesself in a public place is an even worse idea if one wants to have a private suicide. If someone had been standing there with a camcorder, and the police hadn't been involved, there wouldn't even be an issue -- plenty of hand-camcorderized deaths have been taped, and even sold to TV stations (though not, to the best of my knowledge, suicides -- just accidental deaths).
I can understand complaints about the misuse of military/police surveillance, but I don't think that someone doing something in public really has a right to expect that images of that action not be reproduced. We have laws to protect against paparazzi and similar in private, but in public everything is fair game.
It was the guns! When are you fucking Yanks going to figure this out? If it wasn't for all the guns in your fucked up society, you wouldn't need the cameras.
It's been around for what, a decade? I guess we'll have to wait some more for this particular exploit to happen.
Remember when Larry Ellison, CEO of Oracle, decided to call some release of his database "hacker-proof", and about a week later, an exploit was publically going around?
Claiming that your system can't be exploited on Slashdot is, really, an exceptionally bad idea. I felt the twinges of wanting to poke at QuickTime a bit just hearing you say that, and if I had had an OS X box handy, I probably would have started poking about. A description of a crashing bug in QuickTime that barfs all over the stack would have made a nice reply to your post.
I would be very dubious, given how performance-critical QuickTime is and how frequently extended it's been, that there are no holes in it. If there are none, it would be an exceptional record, far better than other media-playing code historically has done. Remember that even the reference zlib (which had been hammered on by everyone for *ages*, and was *open source*) had a subtle exploit in it for a long time.
But Jobs is a hero of an entirely different type -- people admire him because he was able to assemble an incredible team, motivate and push them, and get fantastic, wonderful products out the door.
Maybe. I think it's because he promotes himself so heavily. What, there aren't any exceptional managers at all of Apple other than Jobs?
But really, my problem isn't that Jobs gets credit for managing (and I really, honestly, think that he gets way more credit than he deserves even there) -- it's that he's done a number of things that stand out as exceptionally poor technical decisions, and that people still drool all over him, simply because he ensures that his name is so heavily associated with the Mac.
Finally about the one-button mouse... why does it get under your skin so much?? You can attach any multi-button mouse you like, and it'll run forthwith.
(A) Because for laptops, Apple has made two decisions that are extremely annoying: (1), to disallow their engineers from putting multiple buttons on their trackpads, and (2), not to make their trackpad a user-swappable module, so that users could at least buy replacement trackpads from third-party vendors. This makes using X11 software (and really, contextual menus in general) a pain in the ass on the Mac, as well as irritating people that would like to have another button for additional functionality. It means that any users that would like to avoid the problem have to lug around a mouse, find a flat surface, and plug the thing in.
(B) Because in their infinite wisdom, Apple has decided that (1) they shall be the sole vendor of Macs, (2) that no Mac they offer shall be available with a multi-button mouse, and (3) that it shall not be possible to buy a Mac from them without *also* purchasing a single button mouse, so even if you have no problem with going to another vendor for a multi-button mouse, you still have to pay for one of Apple's single button mice and then throw it in the dustbin. Which cost $50 a pop. For every computer you buy.
(C) Because it ensures that most computers that you might want to sit down at and use lack a multi-button mouse, so even if you buy a mouse for your computer with a sufficient number of buttons, every computer lab in the world forces you to switch away. It's like using a Dvorak keyboard -- sure, you can do it, but the rest of the world is going to push you awfully hard to move away from it.
(D) Why it really "gets under my skin" so much is that this is a point where Apple is clearly ignoring the desires of their customers because they want to promote use of the single button as standard. People complain about this. It would be easy for Apple to design a multiple button mouse. Even if they found providing a multiple button mouse as standard unacceptable, it would cost Apple essentially nothing to allow users to select a multiple button mouse -- or even choose *not* to get a single button mouse with their computers. It would cost Apple very little and provide significant functionality to provide user-swapable trackpad modules. Apple has firmly refused to do so.
Some like the elegance of the single button.
Elegance, my ass. Apple has excellent designers, and I am more than comfortable claiming that they could make an excellent, attractive multi-button mouse. Maybe it would be a swirl of three colors of heavy plastic (clear, white, translucent blue) that spread out into the buttons at the end of the mouse, or something. Whatever; I'm not a designer, but I have faith that they have the ability to do The Right Thing.
The real reason that the autostart worm technique didn't do any damage on the Mac was that no Mac user in his right mind had autostart enabled (it might even default to off on a clean install, I forget)
Err...no.
The other person who responded to you is also wrong.
Autostart caused a lot of damage. You might not have gotten hit because the people that were most seriously screwed were graphic shops that had fileservers and large storage media moving around.
QuickTime, the component that provided autostart functionality, did ship with autostart enabled. Furthermore, for years it did not provide any way to disable autostart.
Believe me, Apple has its own sizeable collection of security sins. It's just that everyone hates what Microsoft's done to customers and competitors for years that they're willing (even eager) to overlook flaws in Apple.
Mac installers never made use of that feature, unlike on Windows, so there's no reason to have it on.
That might be true -- I don't think I ever used the feature, and I had it disabled.
However, almost every other computer I've seen *did* have it enabled.
Slashdot Mirror
I don't suppose BitTorrent supports the use of DNS rather than IPs?
Some people have names with dynamic IP providers.
It's also very useful for policing if all you have to do when you want to track someone down is traceroute to them, use the government backdoor to ask the AP where it is, and send a squad over.
I work at a place that does 50% military work - closed source by definition I suppose.
I'll bet you that the military uses SELinux.
And the code that they don't own that is in their codebase. Going open source requires a serious belief that your code is legitimate.
See if 3com or Lucent want to put up some money. :-)
Or it's standard practice on Cisco devices and the password or algorithm used to get into this particular one leaked.
If it isn't standard practice, it'd be easy for Cisco to put out a press release saying that they don't have backdoor passwords on any of their other products.
I dunno whether it's really much better to have your NOC infrastructure rooted than a switch somewhere.
Default password: Changeable password that comes set on a vanilla machine. Owner knows of the existence of this password, and can easily close it as a hole by changing the password.
Backdoor password: Non-owner-changeable password that comes hidden on a machine. Owner does not know that this password exists, and cannot prevent people who know about it from exploiting it.
This article is about backdoor passwords.
I'd be impressed if you were posting to Slashdot from a Cisco router...
The logic was that having no wireless network at all is less secure than deploying a Cisco wireless network with the Wireless LAN Solution Engine, with the enhanced logging features and ability to monitor RF and detect rogue APs and the like.
That is the *stupidest* fucking idea I've ever heard of (granted, it's from a sales guy with little incentive to be honest, but still). If someone's *that* worried about rogue APs, why not have alarms start shrieking when a wireless MAC appears on your network? Why not use one of those dumb devices that just detects the presence of WAPs?
Wireless (at least in its current form) is a simply awful idea from a security standpoint. I've never been able to figure out how vendors manage to sell it to companies.
All of mine are behind firewalls. I like iptables.
"I firewall my Cisco products behind Linux firewalls."
It's a dark, dark day for Cisco.
A default password, one that simply needs to be set, is very different from a backdoor password, which is hidden, unknown to the device owner, and works even after the device owner sets his password. The article was about a backdoor password.
Many adults watch movies and don't play video games.
They realize that the movies clearly are not significant factors in causing someone to kill someone, but they don't have a similar experience with video games.
So I guess that makes you a democrat (more sex less violence) as opposed to a republican (more violence less sex)... big fucking deal (no pun intedned).
I wish candidates would run on these slogans.
Or Romeo and Juliet.
2) This is low-incoming housing, right? where did he get money for a gun if the taxpayers are helping him pay rent?
"Hey, Bob...can I borrow your gun until Wednesday?"
"Uh...yeah, man. Just get it back to me."
Though if he did that, it's probably going to stay in an evidence locker forever, based on the stories I've heard of confiscated computers.
Dunno. Ordinarily, I'd agree...but this is an election year, and black voters are currently a hot commodity. The Republicans are claiming that they have the black vote because they've been pushing family values, and the Demms because they've been pushing for job creation.
I dunno.
I predict that nobody will cut Bill Gates' head off with a plastic butter knife in the Strip in Vegas while riding a yak and wearing a space suit helmet, flippers, and a miniskirt. That would be highly taboo.
I'll bet you that it doesn't happen.
Why? Humans didn't evolve with videocameras around.
We don't deal with videotape particularly well.
It's a reasonable bet that whoever posted this wouldn't have immediately said this if he was standing right there when the guy blew his brains out.
It's not bizarre or unexpected for people to act differently to videotape than they do to real life. A lot of people on Slashdot would never say the things they do on Slashdot to people in real life.
She really doesn't understand the Internet. If she manages to get this off the Internet, it will be the first time anything controversial *ever* gets moved off the Internet.
I'll bet this movie has already been published to a Freesite, as a matter of fact, as soon as someone heard that someone was trying to censor the movie.
Ultimately, I can understand the mother being upset, but OTOH, if I want to run naked down Main Street carrying a squirrel and someone gets me on tape, I'm going to have to put up with video of it being out there.
This guy chose to shoot himself in public. I don't think shooting onesself is a good idea; I think that shooting onesself in a public place is an even worse idea if one wants to have a private suicide. If someone had been standing there with a camcorder, and the police hadn't been involved, there wouldn't even be an issue -- plenty of hand-camcorderized deaths have been taped, and even sold to TV stations (though not, to the best of my knowledge, suicides -- just accidental deaths).
I can understand complaints about the misuse of military/police surveillance, but I don't think that someone doing something in public really has a right to expect that images of that action not be reproduced. We have laws to protect against paparazzi and similar in private, but in public everything is fair game.
It was the guns! When are you fucking Yanks going to figure this out? If it wasn't for all the guns in your fucked up society, you wouldn't need the cameras.
Please tell me that you're a Brit. Pleeeease.
It's been around for what, a decade? I guess we'll have to wait some more for this particular exploit to happen.
Remember when Larry Ellison, CEO of Oracle, decided to call some release of his database "hacker-proof", and about a week later, an exploit was publically going around?
Claiming that your system can't be exploited on Slashdot is, really, an exceptionally bad idea. I felt the twinges of wanting to poke at QuickTime a bit just hearing you say that, and if I had had an OS X box handy, I probably would have started poking about. A description of a crashing bug in QuickTime that barfs all over the stack would have made a nice reply to your post.
I would be very dubious, given how performance-critical QuickTime is and how frequently extended it's been, that there are no holes in it. If there are none, it would be an exceptional record, far better than other media-playing code historically has done. Remember that even the reference zlib (which had been hammered on by everyone for *ages*, and was *open source*) had a subtle exploit in it for a long time.
But Jobs is a hero of an entirely different type -- people admire him because he was able to assemble an incredible team, motivate and push them, and get fantastic, wonderful products out the door.
Maybe. I think it's because he promotes himself so heavily. What, there aren't any exceptional managers at all of Apple other than Jobs?
But really, my problem isn't that Jobs gets credit for managing (and I really, honestly, think that he gets way more credit than he deserves even there) -- it's that he's done a number of things that stand out as exceptionally poor technical decisions, and that people still drool all over him, simply because he ensures that his name is so heavily associated with the Mac.
Finally about the one-button mouse... why does it get under your skin so much?? You can attach any multi-button mouse you like, and it'll run forthwith.
(A) Because for laptops, Apple has made two decisions that are extremely annoying: (1), to disallow their engineers from putting multiple buttons on their trackpads, and (2), not to make their trackpad a user-swappable module, so that users could at least buy replacement trackpads from third-party vendors. This makes using X11 software (and really, contextual menus in general) a pain in the ass on the Mac, as well as irritating people that would like to have another button for additional functionality. It means that any users that would like to avoid the problem have to lug around a mouse, find a flat surface, and plug the thing in.
(B) Because in their infinite wisdom, Apple has decided that (1) they shall be the sole vendor of Macs, (2) that no Mac they offer shall be available with a multi-button mouse, and (3) that it shall not be possible to buy a Mac from them without *also* purchasing a single button mouse, so even if you have no problem with going to another vendor for a multi-button mouse, you still have to pay for one of Apple's single button mice and then throw it in the dustbin. Which cost $50 a pop. For every computer you buy.
(C) Because it ensures that most computers that you might want to sit down at and use lack a multi-button mouse, so even if you buy a mouse for your computer with a sufficient number of buttons, every computer lab in the world forces you to switch away. It's like using a Dvorak keyboard -- sure, you can do it, but the rest of the world is going to push you awfully hard to move away from it.
(D) Why it really "gets under my skin" so much is that this is a point where Apple is clearly ignoring the desires of their customers because they want to promote use of the single button as standard. People complain about this. It would be easy for Apple to design a multiple button mouse. Even if they found providing a multiple button mouse as standard unacceptable, it would cost Apple essentially nothing to allow users to select a multiple button mouse -- or even choose *not* to get a single button mouse with their computers. It would cost Apple very little and provide significant functionality to provide user-swapable trackpad modules. Apple has firmly refused to do so.
Some like the elegance of the single button.
Elegance, my ass. Apple has excellent designers, and I am more than comfortable claiming that they could make an excellent, attractive multi-button mouse. Maybe it would be a swirl of three colors of heavy plastic (clear, white, translucent blue) that spread out into the buttons at the end of the mouse, or something. Whatever; I'm not a designer, but I have faith that they have the ability to do The Right Thing.
The real reason that the autostart worm technique didn't do any damage on the Mac was that no Mac user in his right mind had autostart enabled (it might even default to off on a clean install, I forget)
Err...no.
The other person who responded to you is also wrong.
Autostart caused a lot of damage. You might not have gotten hit because the people that were most seriously screwed were graphic shops that had fileservers and large storage media moving around.
QuickTime, the component that provided autostart functionality, did ship with autostart enabled. Furthermore, for years it did not provide any way to disable autostart.
Believe me, Apple has its own sizeable collection of security sins. It's just that everyone hates what Microsoft's done to customers and competitors for years that they're willing (even eager) to overlook flaws in Apple.
Mac installers never made use of that feature, unlike on Windows, so there's no reason to have it on.
That might be true -- I don't think I ever used the feature, and I had it disabled.
However, almost every other computer I've seen *did* have it enabled.
Unless Classic is running.