I mean, after all, waiting for movies has got to be increasing piracy ratings. It should only be fair that %93 of Netflix's profits go back into the MPAA to make up for lost sales caused by people waiting on movies.
Since when are we putting hackers behind bars just for hacking? We put people in jail for breaking the law, and usually first time convicted hackers just get probation. The only hackers we put in jail are repeat offenders or those whose crimes escalated into other higher crimes. If you root a banks server and send $100 million to your swiss bank account you're a bank robber, not a hacker. If you steal code, you're commiting an act of industrial espionage, not hacking. I think alot of people take the stance that if you commit a crime through a computer, it's just harmless hacking, and not worthy of jail time. Basically my point is there is a huge difference b/w DoSing some jerk on IRC and releasing the next big superworm that causes billion in damages and could possibly cost lives.are NOT the same thing. One thing is "hacking" (Cracking! Damnit.) the other is just being a criminal.
2.4 may by default only support up to 4GB of RAM but with the PAE extensions that limit goes up to 64GB, so you may indeed put 60GB in your Linux box, whereas with Windows, you're stuck.
At any rate, the point he was trying to make isn't that Windows sucks because of the RAM limit, but rather sucks because of the poor swap handling.
Anonymous moron... If I were to use hope123 as an example of a password that doesn't mean my fucking password is 4 letteres and then 3 numbers. Read my previous post in this thread and get a clue.
Your inability to use any sort of critical thinking skills shows when you check Post Anonymously.My inability to not be able to ignore people who troll as AC shows when I hit the reply Button.
I'd like to see you brute force an 8+ letter alphanumeric/special character password in "no time". He siad he used bad math, and gave one example. I doubt that example was his password. His could be (x+2)^2=4x=3. This is mostly special character with a few digits and letters thrown in. Take into consideration also all the unique possibilities of expressing math. 5*3, 5x3, 5X3 are all unique. Maybe you'd lke to use RPN or express certain values or operators as string literals, ie 5div3=4.12. There is no reason this method of choosing a password is any less valid than another. Also, you fail to take into account that regardless of the fact that a password is mostly or even only digits, it becomes exponentionally more difficult the longer the password becomes. 4x2=9 may be easy to crack, but 1329084237x892345980=234587674 would take awhile.
I agree that in most games both the male and female characters are often physically appealing, but one game that comes ot mind that really broke that mold is also my favorite game, and arguably the best game of all time, Half Life. Instead of being some super human soldier disgruntled sniper marine commando, you were a nerdy scientist. Ordinary guy in extraordinary cicumstances. I think that contributed a great deal to game. Maybe one of the reasons it did so well was because people could actually identify with the protaganist.
There's no support for ext3? I'm sharing out several partitions with ext3 file systems via samba right now. Maybe they meant some other type of "support".
You're argument seems to be based on the idea that no one but Microsoft can fix bugs, but this is only rarely true.. many vulnerabilities and random bugs can be fixed without Microsoft and there are tons of third party patches for bugs Microsoft refuses to resolve, ranging all the way back to early MS-DOS days to Win2k3. If it is a case where a patch can't be applied, a simple filter could drop the packet before it has a chance to do any harm.
Before there was a patch for the Apache Slapper worm the fix was to make/tmp ro. My point is, if we know what it is we can render it obsolete by any number of defensive techniques. I think Microsoft is the irresponsible party here for not patching a known bug, Perhaps when they are exploited they'll understand that they are paying for a half assed peice of software with horrendous support.
Personally, for me, Uninstalling MS isn't an option, otherwise it wouldn't ever have been installed to begin with. I'm probably not vulnerable to this exploit, but that's not comforting considering all but 2 of my machines were vulnerable to the samba exploit. My customers are a different matter, however. They insit on using Microsoft and I insist on doing all I can to protect them.
"A worm can only exploit a vulnerability when it becomes known to an unethical and motivated person."
It has been found by one ethical motivated person. I'm willing to bet there are 10x as many unethical and just as/more skillful people motivated looking for the same thing. Probably ten fold now that he's let it be known that there is an unpatched vulnerability.
"Releasing the details of a problem would make that happen immediately."
We can start the procedures of protection and patching immediately as well. Microsoft would be forced to resolve the issue. Even if it's not used to proliferate the next superworm, it is a relevant security issue. Just because we dont' know that there's an exploit in the wild by no means that one doesn't exist. This samba exploit was previously unknown, granted, but it was found by pure luck in the wild. Had it been known by someone and reported to the samba team and they had done nothing about it, I would imagine there would be some VERY upset people, and if it had been one of your boxes rooted, I wager your attitude towards the subject would change drastically and quickly. If it had been made public you would at least have had a chance to defend yourself, even they decided not to patch it. It's somewhat (ok not at all) like sitting by knowing that there's a serial killer out there, but not releasing his identity for fear that he'll strike out in retaliation and kill more people. Give the authorities the ID and let them take care of the problem. Give the admins the necessary criteria and let them take care of their networks.
"We can't be sure, but it seems fairly clear that not many people know of this problem, or otherwise we would see it being exploited."
The samba exploit was captured in the wild. It has existed for 8 years, in each version. They didn't really see it being exploited, at least not by any incident reports, they just happened to pick it up. I'm willing to bet that it was not the first attack with this exploit. Like I said, just because we don't see it, doesn't mean it doesn't exist.
"I suppose it's possible that a few elite crackers know of this bug and just aren't saying, but they probably know of lots of others too."
Probably, but that doesn't detract from the urgency of this one. If they have others that aren't known to exist, we can do nothing about that. If we know one exists, we can mend it.
"Not releasing the details defers the emergence of that worm until somebody independently discovers the problem."
Someone has already independently discovered the problem. Microsoft isn't doing anything about it. We CAN'T do anything about it. I could care less if it is a worm or not if it is my system that gets attacked.
"At the very least, we have gained some time."
I would say at the very least, people could needlessly become victims, with huge losses.
"A possible, future problem is clearly better than a certain, immediate problem of the same magnitude."
An ounce of prevention is worth a pound of cure. I don't see how some people being saved is any greater than some people being exploited. It is clearly much better to rememdy a known issue than it is to wait for it to become a known problem of much greater magnitude.
"Nobody on slashdot has a bonafide need to see the example code; everybody is asking either out of idle curiousity or a desire to randomly damage other people's machines."
I didn't ask for him to write me an exploit, I asked for him to attack my box so I could capture the packet and formulate a defense for myself and others. I agree most of the people probably are just looking for a l33+ new exploit to h4x0r grannie88@aol.com's machine, but bear in mind that there are also professionals among the slashdot crowd, who don't like knowing that they are open and vulnerable in any capacity and are impotent to do anything about it. I agree that details shouldn't be released immediately, but Microsoft has apparently chosen to ignore
How would it not be responsible to disclose a known vulnerability that MS will not fix? It could very well be in the wild right now, sneaking past all defenses as benign traffic. The next superworm could exploit this vulnerability causing millions of dollars in damages world wide. I'd say it's much more irresponsible not to release the vulnerability, but letting everyone know that it is there, and you are vulnerable, but you can't do anything about it.
So if I stuck an box on the net for you and opened up the necessary ports you'll crash it? I'm all for this, I'd like to make a snort rule for this attack.
All you had to do was type linux text at the boot to boot up into the just as easy to use text mode gui. It is placed there for those rare instances where X can't be loaded with reasonable defaults.
Check out National Instrument's LabView.. certainly not for kids, but kind of a cool environment. It's basically like a flow chart or circuit diagram that you plug code into... it's mostly for data aquisition.. but a neat concept:)
This guy is an idiot. One would think he had just recently installed Redhat 5.2.
"On Linux, there's no decent movie player and no working sound recorder (like the one in Windows 95) shipped as the default by GNOME, but hey, there are more than 385 text editors!"
Why the hell should there be a "default" video and player that come with Gnome? Seems to me like he has the idea that those are part of a the desktop. He however, goes on to say that there are 385 text editors. There are not 385 text editors included with Gnome. He needs to learn the simple distinction between packages like gnome, gmplayer, enlightenment, and X. What comes as "default" on distro A will not be the same as Distro B. If he was saying there was just no decent media player, then he really is mentally deficient. Mplayer beats out everything I have ever come across, regardless of platform.
Choice is good, but it's frustrating when none of the alternatives works properly.
"A good example is Mozilla. There are lots of browsers available for Linux today, but most of them are based on Mozilla. Therefore, they work."
Since when are most browsers based on Mozilla? I think he's thinking of the GECKO engine, which is not Mozilla.
"Please stop developing and using some obscure application when there are better alternatives. Not happy with them? Fix what's wrong, or if everything looks wrong, work at separating the functionality into a UI-independent library, then develop your own graphical interface.
Why the hell should I stop using ANY program I enjoy just because someone else deems something to be "better". I guess I should drop vi for emacs... or is it the other way around? Depends on who you're talking to. At any rate, one of the MAJOR advantages of free software is the amount of choices we have.
"Reusing and improving existing code, not making your own, is the way.""
Thank you, oh benevolent deity, for showing us all "the way". I will cease to write any of my own code, or innovate and develop any new ideas, I'll just reuse the same old obfuscated cruft, and spend just as much time or probably more hacking it do be what I want.
"Another problem is that major functionality is quite often rewritten from scratch. It's not unusual to see freshmeat announcements like "What's new: completely rewritten". Don't throw away all tested and working code and documentation to start all over again, introducing new bugs which annoy users and waste time. So what if there's a lot of refactoring?"
Thanks for proving you're not at all a developer in any way. Nobody just decides "Hey I should rewrite all this past year of work just for fun!" When code is rewritten it is usually because bad practices have led the project to be unmanagable, or another language would get the done job better. So what if there's alot of refactoring? What kind of dumb statement is that? Who cares that PhpNuke is a garbled peice of insecure software that takes half the time to rewrite properly than it does to fix? Drop all other CMS' and work on PhpNuke, because someone said it ws the best, and others are more "obscure".
This guy wants to use Windows. He wants to not have an option, have everything laid out for him as what he "should" be using. The only benefit he sees in free software is not having to pay for it. That's exactly the kind of people we could do without in the *nix world. The kind of people that think Linux should just be a free MS clone. Linux is a different OS, a different environemnt, a different user base. The point is not to beat out those MS guys. Linux can easily be turned into expensive crap that any idioit can use, which is why we have Lindows.
Ok I'm ranting, but this attitude really irkes me. One of the first lessons I learned when making the Windows->Linux switch was how powerful simply having an option is. Whne people can't get over their own personal dislike of Microsoft and make Linux out to be some sort of crusade against the evil giant. It gives all open source a bad name.
We need a new slashdot poll on what your favorite post this year has been, the options could go something like this.
1. IPv4 "Evil" bit feild. 2. RFC 3514 to tighten network security 3. New security measures adpted to TCP/IP 4. Remote Exploit found in Microsoft's implementation of RFC 3514 5. CowboyNeal sets each packets evil bit by hand.
I can't seem to see anything that says this is just a prank, so if it is, it's a very poor one. Why wouldn't they do something like this? It's a good idea and apparently alot of people want to see it happen. It's also completely feasible, as the engine already exists, so it's just a matter of setting/plot/graphics. Also, this is about the lamest holiday ever to celebrate, and Slashdot is taking it way too far. I played a prank on my co workers, today. I didn't play 15 throughout the day, 4 of which were the same one.
FreeBSD will not be part of this merger, instead opting to merged with Open BeOS. Part of this merger will include changing ports to an RPM based system, to maintain compliance with RFC 3124's "Evil Bit". Several duplicate projects have sprung up in a rush to develop drivers for the iGrill.
Also RMS has decided that GNU shouldn't go in front of everything open source related.
..it was ok the first time, old the seond.. now it's beyond irking me. Is this really the ONLY prank Taco could think of? What is he trying to accomplish by posting it several times over? Maybe some troll will beleive it the fourth time? It's not even a good prank, the gentoo portage to RPM one was the best so far.
Slashdot Mirror
I mean, after all, waiting for movies has got to be increasing piracy ratings. It should only be fair that %93 of Netflix's profits go back into the MPAA to make up for lost sales caused by people waiting on movies.
No, the article talks about User Mode Linux. The submitters link points to Unified Markup Language. Another case of not RTFA.
They are talking about User Mode Linux, not Unified Markup Language. How ridiculous.
They are talking about User Mode Linux, not the markup language. With a nick like that, I can see how you could make that mistake.
Since when are we putting hackers behind bars just for hacking? We put people in jail for breaking the law, and usually first time convicted hackers just get probation. The only hackers we put in jail are repeat offenders or those whose crimes escalated into other higher crimes. If you root a banks server and send $100 million to your swiss bank account you're a bank robber, not a hacker. If you steal code, you're commiting an act of industrial espionage, not hacking. I think alot of people take the stance that if you commit a crime through a computer, it's just harmless hacking, and not worthy of jail time. Basically my point is there is a huge difference b/w DoSing some jerk on IRC and releasing the next big superworm that causes billion in damages and could possibly cost lives.are NOT the same thing. One thing is "hacking" (Cracking! Damnit.) the other is just being a criminal.
2.4 may by default only support up to 4GB of RAM but with the PAE extensions that limit goes up to 64GB, so you may indeed put 60GB in your Linux box, whereas with Windows, you're stuck.
At any rate, the point he was trying to make isn't that Windows sucks because of the RAM limit, but rather sucks because of the poor swap handling.
Anonymous moron... If I were to use hope123 as an example of a password that doesn't mean my fucking password is 4 letteres and then 3 numbers. Read my previous post in this thread and get a clue.
Your inability to use any sort of critical thinking skills shows when you check Post Anonymously.My inability to not be able to ignore people who troll as AC shows when I hit the reply Button.
I'd like to see you brute force an 8+ letter alphanumeric/special character password in "no time". He siad he used bad math, and gave one example. I doubt that example was his password. His could be (x+2)^2=4x=3. This is mostly special character with a few digits and letters thrown in. Take into consideration also all the unique possibilities of expressing math. 5*3, 5x3, 5X3 are all unique. Maybe you'd lke to use RPN or express certain values or operators as string literals, ie 5div3=4.12. There is no reason this method of choosing a password is any less valid than another. Also, you fail to take into account that regardless of the fact that a password is mostly or even only digits, it becomes exponentionally more difficult the longer the password becomes. 4x2=9 may be easy to crack, but 1329084237x892345980=234587674 would take awhile.
I agree that in most games both the male and female characters are often physically appealing, but one game that comes ot mind that really broke that mold is also my favorite game, and arguably the best game of all time, Half Life. Instead of being some super human soldier disgruntled sniper marine commando, you were a nerdy scientist. Ordinary guy in extraordinary cicumstances. I think that contributed a great deal to game. Maybe one of the reasons it did so well was because people could actually identify with the protaganist.
There's no support for ext3? I'm sharing out several partitions with ext3 file systems via samba right now. Maybe they meant some other type of "support".
You're argument seems to be based on the idea that no one but Microsoft can fix bugs, but this is only rarely true.. many vulnerabilities and random bugs can be fixed without Microsoft and there are tons of third party patches for bugs Microsoft refuses to resolve, ranging all the way back to early MS-DOS days to Win2k3. If it is a case where a patch can't be applied, a simple filter could drop the packet before it has a chance to do any harm.
/tmp ro. My point is, if we know what it is we can render it obsolete by any number of defensive techniques. I think Microsoft is the irresponsible party here for not patching a known bug, Perhaps when they are exploited they'll understand that they are paying for a half assed peice of software with horrendous support.
Before there was a patch for the Apache Slapper worm the fix was to make
Personally, for me, Uninstalling MS isn't an option, otherwise it wouldn't ever have been installed to begin with. I'm probably not vulnerable to this exploit, but that's not comforting considering all but 2 of my machines were vulnerable to the samba exploit. My customers are a different matter, however. They insit on using Microsoft and I insist on doing all I can to protect them.
"A worm can only exploit a vulnerability when it becomes known to an unethical and motivated person."
It has been found by one ethical motivated person. I'm willing to bet there are 10x as many unethical and just as/more skillful people motivated looking for the same thing. Probably ten fold now that he's let it be known that there is an unpatched vulnerability.
"Releasing the details of a problem would make that happen immediately."
We can start the procedures of protection and patching immediately as well. Microsoft would be forced to resolve the issue. Even if it's not used to proliferate the next superworm, it is a relevant security issue. Just because we dont' know that there's an exploit in the wild by no means that one doesn't exist. This samba exploit was previously unknown, granted, but it was found by pure luck in the wild. Had it been known by someone and reported to the samba team and they had done nothing about it, I would imagine there would be some VERY upset people, and if it had been one of your boxes rooted, I wager your attitude towards the subject would change drastically and quickly. If it had been made public you would at least have had a chance to defend yourself, even they decided not to patch it. It's somewhat (ok not at all) like sitting by knowing that there's a serial killer out there, but not releasing his identity for fear that he'll strike out in retaliation and kill more people. Give the authorities the ID and let them take care of the problem. Give the admins the necessary criteria and let them take care of their networks.
"We can't be sure, but it seems fairly clear that not many people know of this problem, or otherwise we would see it being exploited."
The samba exploit was captured in the wild. It has existed for 8 years, in each version. They didn't really see it being exploited, at least not by any incident reports, they just happened to pick it up. I'm willing to bet that it was not the first attack with this exploit. Like I said, just because we don't see it, doesn't mean it doesn't exist.
"I suppose it's possible that a few elite crackers know of this bug and just aren't saying, but they probably know of lots of others too."
Probably, but that doesn't detract from the urgency of this one. If they have others that aren't known to exist, we can do nothing about that. If we know one exists, we can mend it.
"Not releasing the details defers the emergence of that worm until somebody independently discovers the problem."
Someone has already independently discovered the problem. Microsoft isn't doing anything about it. We CAN'T do anything about it. I could care less if it is a worm or not if it is my system that gets attacked.
"At the very least, we have gained some time."
I would say at the very least, people could needlessly become victims, with huge losses.
"A possible, future problem is clearly better than a certain, immediate problem of the same magnitude."
An ounce of prevention is worth a pound of cure. I don't see how some people being saved is any greater than some people being exploited. It is clearly much better to rememdy a known issue than it is to wait for it to become a known problem of much greater magnitude.
"Nobody on slashdot has a bonafide need to see the example code; everybody is asking either out of idle curiousity or a desire to randomly damage other people's machines."
I didn't ask for him to write me an exploit, I asked for him to attack my box so I could capture the packet and formulate a defense for myself and others. I agree most of the people probably are just looking for a l33+ new exploit to h4x0r grannie88@aol.com's machine, but bear in mind that there are also professionals among the slashdot crowd, who don't like knowing that they are open and vulnerable in any capacity and are impotent to do anything about it. I agree that details shouldn't be released immediately, but Microsoft has apparently chosen to ignore
How would it not be responsible to disclose a known vulnerability that MS will not fix? It could very well be in the wild right now, sneaking past all defenses as benign traffic. The next superworm could exploit this vulnerability causing millions of dollars in damages world wide. I'd say it's much more irresponsible not to release the vulnerability, but letting everyone know that it is there, and you are vulnerable, but you can't do anything about it.
What the hell are you talking about? RFID's don't run any software, they are simply small tranceivers with a hardcoded identification number.
So if I stuck an box on the net for you and opened up the necessary ports you'll crash it? I'm all for this, I'd like to make a snort rule for this attack.
All you had to do was type linux text at the boot to boot up into the just as easy to use text mode gui. It is placed there for those rare instances where X can't be loaded with reasonable defaults.
Check out National Instrument's LabView.. certainly not for kids, but kind of a cool environment. It's basically like a flow chart or circuit diagram that you plug code into... it's mostly for data aquisition.. but a neat concept :)
This guy is an idiot. One would think he had just recently installed Redhat 5.2.
"On Linux, there's no decent movie player and no working sound recorder (like the one in Windows 95) shipped as the default by GNOME, but hey, there are more than 385 text editors!"
Why the hell should there be a "default" video and player that come with Gnome? Seems to me like he has the idea that those are part of a the desktop. He however, goes on to say that there are 385 text editors. There are not 385 text editors included with Gnome. He needs to learn the simple distinction between packages like gnome, gmplayer, enlightenment, and X. What comes as "default" on distro A will not be the same as Distro B. If he was saying there was just no decent media player, then he really is mentally deficient. Mplayer beats out everything I have ever come across, regardless of platform.
Choice is good, but it's frustrating when none of the alternatives works properly.
"A good example is Mozilla. There are lots of browsers available for Linux today, but most of them are based on Mozilla. Therefore, they work."
Since when are most browsers based on Mozilla? I think he's thinking of the GECKO engine, which is not Mozilla.
"Please stop developing and using some obscure application when there are better alternatives. Not happy with them? Fix what's wrong, or if everything looks wrong, work at separating the functionality into a UI-independent library, then develop your own graphical interface.
Why the hell should I stop using ANY program I enjoy just because someone else deems something to be "better". I guess I should drop vi for emacs... or is it the other way around? Depends on who you're talking to. At any rate, one of the MAJOR advantages of free software is the amount of choices we have.
"Reusing and improving existing code, not making your own, is the way.""
Thank you, oh benevolent deity, for showing us all "the way". I will cease to write any of my own code, or innovate and develop any new ideas, I'll just reuse the same old obfuscated cruft, and spend just as much time or probably more hacking it do be what I want.
"Another problem is that major functionality is quite often rewritten from scratch. It's not unusual to see freshmeat announcements like "What's new: completely rewritten". Don't throw away all tested and working code and documentation to start all over again, introducing new bugs which annoy users and waste time. So what if there's a lot of refactoring?"
Thanks for proving you're not at all a developer in any way. Nobody just decides "Hey I should rewrite all this past year of work just for fun!" When code is rewritten it is usually because bad practices have led the project to be unmanagable, or another language would get the done job better. So what if there's alot of refactoring? What kind of dumb statement is that? Who cares that PhpNuke is a garbled peice of insecure software that takes half the time to rewrite properly than it does to fix? Drop all other CMS' and work on PhpNuke, because someone said it ws the best, and others are more "obscure".
This guy wants to use Windows. He wants to not have an option, have everything laid out for him as what he "should" be using. The only benefit he sees in free software is not having to pay for it. That's exactly the kind of people we could do without in the *nix world. The kind of people that think Linux should just be a free MS clone. Linux is a different OS, a different environemnt, a different user base. The point is not to beat out those MS guys. Linux can easily be turned into expensive crap that any idioit can use, which is why we have Lindows.
Ok I'm ranting, but this attitude really irkes me. One of the first lessons I learned when making the Windows->Linux switch was how powerful simply having an option is. Whne people can't get over their own personal dislike of Microsoft and make Linux out to be some sort of crusade against the evil giant. It gives all open source a bad name.
IS slashdot new for phreakers now? /hides
We need a new slashdot poll on what your favorite post this year has been, the options could go something like this.
1. IPv4 "Evil" bit feild.
2. RFC 3514 to tighten network security
3. New security measures adpted to TCP/IP
4. Remote Exploit found in Microsoft's implementation of RFC 3514
5. CowboyNeal sets each packets evil bit by hand.
I can't seem to see anything that says this is just a prank, so if it is, it's a very poor one. Why wouldn't they do something like this? It's a good idea and apparently alot of people want to see it happen. It's also completely feasible, as the engine already exists, so it's just a matter of setting/plot/graphics. Also, this is about the lamest holiday ever to celebrate, and Slashdot is taking it way too far. I played a prank on my co workers, today. I didn't play 15 throughout the day, 4 of which were the same one.
FreeBSD will not be part of this merger, instead opting to merged with Open BeOS. Part of this merger will include changing ports to an RPM based system, to maintain compliance with RFC 3124's "Evil Bit". Several duplicate projects have sprung up in a rush to develop drivers for the iGrill.
Also RMS has decided that GNU shouldn't go in front of everything open source related.
..it was ok the first time, old the seond.. now it's beyond irking me. Is this really the ONLY prank Taco could think of? What is he trying to accomplish by posting it several times over? Maybe some troll will beleive it the fourth time? It's not even a good prank, the gentoo portage to RPM one was the best so far.
..of this April Fool's prank is that it's a damn good idea, and I'm pissed that it doesn't exist.
I wouldn't go and say this is a good thing just yet. They could easily change "It is a violation of all that is good and just" into "It is all good."