How long after Sadam Husain launches a major investment in OSS will it be before the US Govt. bans all its citizens form partisipating.
How long after Saddam Hussein launches a major investments in weapons will it be before the US government bans all weapons?
Re:Use of honeypots
on
Tracking Hackers
·
· Score: 2, Insightful
potentially dangerous if some idiot comes along and misconfigures the honeypot
This is all about where you place the honeypot. Place the honeypot where it has no more access to your important network than a random computer on the internet would have had. In that case your network is no more vulnurable with the honeypot than without.
Placing the honeypot in an important network behind your firewall is plain stupid. Placing the honeypot outside the firewall is acceptable. Placing the honeypot in a DMZ zone with nothing else is also acceptable, if the firewall is configured correctly. If the extra leg on the firewall causes more bugs in the setup, two independend firewalls would have been better.
Why not take this one step further and use Wine for the development process? I have never developed Windows software, so I obviously don't know what I'm talking about, but I would guess there could be some advantages:
If you develop with Wine you don't have to reboot your computer every time Windows crashes.
If you develop with Wine you don't accidentially use some undocumented Windows feature, that doesn't work in Wine or other Windows versions.
And you also get all the other good stuff Linux has to offer.
Wine is an implementation of the Windows API, pressumably according to some specification more or less public available. Windows XXX is also an implementation of that API. And "Windows" programs are programs written for that API.
The main reason it doesn't all interoperate is software not conforming 100% to the specification and other software bugs. Thus you will in all those pieces software find workarounds for bugs in other pieces of software.
In Windows you find workarounds to get other Micro$oft software runing on top of Windows.
In "Windows" programs you find workarounds for bugs in Windows.
In Wine you find workarounds for bugs in "Windows" programs. Some of those bugs in "Windows" programs might actually be caused by the workarounds mentioned above.
Expect more trojans that look like this, but in a better disguise.:-/
And don't expect the next one to be active only during build. It would have been trivial to make it more dangerous even for those people not using their root acount for compiling.
What would be considered a proper firewall to protect against this outgoing-connection trojan?
I use iptables, it is configured to REJECT all outgoing TCP connections except from destination ports of protocols that I regurarilly use. Had I run this trojan it would just have gotten connection refused, and the packet would have been logged to/var/log/messages.
I verified the gpg signature very carefully. After verifying I
asked in a newsgroup just in case I would have missed something important. The public key I downloaded from a lot of different mirrors, just in case one of them had been compromised.
Re:Let's not worry about who copied who.
on
GUIs for Everyone
·
· Score: 1
How the fuck is that useful?
I often need to look at the contents of one window while typing in another window. I don't need to see the contents of the window in which I'm typing, I know what is there namely exactly what I just typed. But the other nonactive window could contain important information.
It is also nice that I can execute a command in my terminal without having to bring the terminal window to front. If I can see just see a corner of my terminal window, I place my mouse cursor there and type my command.
Also when I use xv3 to browse through a lot of pictures I want the picture wiev window to be on top not the control window in which I'm clicking. I just need to be able to see enough of the control window to be able to click on the next button.
My ass doesn't have to be on the toilet when I take a shit, but it's much better if it is.
I don't know about your lusts, and I'm not sure I want to know. But if you like standing on top of your toilet when taking a shit, and you actually is able to hit the hole (in the toilet), I see no reason why the toilet produce should try to prevent it.
Could you post a link to the source of that information?
Here is a link to Chapter 2 in the Danish law on copyright. Paragraph 36 and 37 are interesting. Obviously this is written in Danish, it would be interesting with links to similar laws in other European countries.
I'll try to explain to the best of my abilities what this law says:
Paragraph 36 says that if you have the right to use a program, you may also fix bugs, make backupcopies, and run the program to see how it works. Stk 4 says you cannot give up these rights by agreement.
Paragraph 37 says you may make copies and translations of a program if this is necesarry to get the information needed to achieve interoprability between software you develop and other software. Point 1 says it may be done by the licensee or people working for the licensee. Point 2 says it may only be done if the necesary information is not easily available in other ways. Point 3 says you may only translate parts necesarry to achieve the needed information. Stk 2 says the information may not be used for other pusposes than achieving interoprability. Stk 3 says the rights cannot be given up by agreement.
Of course we can't figure that out. It is supposed to be difficult! If it was supposed to be easy, why would M$ have chosen to place the bootlog in a hidden file?
Simply saying "dumb buses are bad" is dumb. Without considering the CPU speed, availability, and loading from the "dumb bus" at its rated speed, such a statement is meaningless.
It is not that simple. You cannot say a piece of equipment is simply dumb or intelligent. There are variations from the very dumb through the little dumb and little intelligent up to the very intelligent equipment.
In some cases a little dumb equipment is no problem to a fast CPU. But equipment can be so dumb that speeding up the CPU is no help at all.
If communicating with the equipment requires the CPU to do busywaiting a fast CPU doesn't help. Maybe a fast CPU can poll the device 100 million times in a second where a slow CPU can only poll the device 10 million times in a second. But that doesn't make the device respond faster. So no matter how fast you poll, you are still wasting all your precious CPU time, a faster CPU will just increase the waste.
Maybe hyperthreading can be a little help here, but you would still be wasting resources. And requiring so much from the CPU just to support very dumb equipment is not a good idea.
So in fact a device can be so dumb that it is without doubt bad. I don't know if USB is this dumb, but I do know that a parallel port with an interlink cable is.
the EULA explicity prohibits you to run the player on a non-MS OS. So you've broken their EULA.
It is doubtable whether this EULA has any legal validity. At least in my part of the world the law gives us certain rights that cannot be given up by an agreement.
Re:That technology has been around for a while
on
Voices in Your Head
·
· Score: 1
I've been hearing voices in my head for years now
That also happens to me once in a while. What really bothers me is that there tend to be three of them arguing loudly with each other in a language I do not understand. Do you have any idea how annoying that can be?
my web log shows an average of forty-two requests per day
That is indeed interesting, a short time ago when discussing
Windows security in a danish newsgroup, I counted the entries in my log. I also had an average of forty-two requests per day.
Switching to PNG does at first sound like an obvious solution, but it isn't. PNG and JPG are made for different purposes. PNG is a lossless compression while JPG is a lossy compression.
Sometimes you need a lossless compression, and for that purpose PNG usually gives you the smallest file among lossless compressions.
But sometimes you want a lossy compression to be able to get smaller resulting files. I just picked a random JPG file off my harddisk and converted it to PNG. The file grow by a factor nine.
PNG is a good alternative to GIF, bug PNG is not a good alternative to JPG.
Since the technical
information is missing I cannot explain how this particular
product works, but I can explain how it could be possible to do
this.
For security reasons we absolutely want to encrypt and sign everything
stored on the other computers. There is nothing tricky about this
part, the usual cryptography can be used without modifications. This
is not going to waste any significant amount of storage space or
network bandwidth. But it will require some CPU cycles.
The other not so trivial part of such a system is the redundancy.
Reed-Soloman would be one type of redundant coding suitable for the
purpose. Parchive also
uses this coding.
I know some implementations are limited to at most 255 shares, but for
performance reasons, it is probably not feasible to use a lot more
than that anyway. I expect the Reed-Soloman code to be the most CPU
hungry part of such a system.
We need to choose a threshold for the system, I see no reason why the
individual users cannot choose their own threshold. If one user want
to be able to reconstruct data from 85 shares, there need to be three
times as much backing storage as the data being backed up.
The first approach to storage space would obviously be, that each user
can consume as much as he himself makes available to the
system. I'd happily spend the 10GB harddisk space needed for two
backups of my 1.5GB of important data with a factor three of
redundancy. This would if done correctly give a lot better security
than most other backup solutions.
One important aspect you may never forget in such a system is the
ability to verify the integrity of backups, I guess this is the most
tricky part of the design. Verifying with 100% security that my backup
is still intact would require downloading enough data to reconstruct
my backup. However verifying with 99.9999999% security could require
significantly less samples to be made. Unfortunately here the 255
shares can be a major limitation, the larger the number of shares gets
the smaller the percentage of data we need to sample gets. I don't
wanna do the exact computations right now, but if 18 randomly picked
from the 255 shares are all intact, we have approximately the 9 nines
of security that there are indeed 85 intact shares of the 255. So we
have indeed limited the network usage by almost a factor of
five.
If we want:
Higher security
Less network usage for verifications
Good network performance even in case of a few percent of lost
shares
we need more than 255 shares of data. There is no theoretical limit to
the number of shares, but the CPU usage increases.
What the system also needs is migration of data as users join and
leave the system, and a reliable way to detect users responsible for
large amounts of lost shares. Creating public key pairs for each user
is probably necessary for this. I think this can be done without the
need of a PKI, a user can just create his key pair and then start
building a reputation.
"Microsoft Office 20xx for GNU/Linux," would we install it?
Five years ago I used WordWorth on my Amiga for wordprocessing, I
occasionally used Office on somebody elses computer. At that time I
liked Office, but I very much disliked DOS/Windows on which it ran. At
that time I still had some respect left for the company, and had
Office been available for AmigaOS I'd have used it.
Since then Microsoft has lost all my respect, it is unlikely that I
would be the first user of Microsoft Office for Linux, but I believe
many others would use it. If the combination of some opensource OS and
Microsoft Office become very popular I might reconsider my position.
Now let's assume Microsoft some day is no longer any threat on the OS
market, but still is the major player on the Office application
market, and that I find I might actually benefit from using Microsoft
Office. What would I do?
During the last five years with UNIX/Linux systems, I have learned
something about security, so I know I shouldn't trust this closed
source product too much. I wouldn't want to run any of their closed
source code as root, but installing the product and running it as an
unprivileged user does not introduce the same risks. I know the risks
still there, and I can handle them.
keep an unreasonable amount of records regarding the number of listeners
I wouldn't claim to know the law in question, so I don't know if it applies to radio on the net as well as radio on the air. But obviously generating such records for radio on the air is practically impossible, while it would be fairly easy to get reasonable estimates for radio casted over the net.
Microsoft fears Linux because they realize there is no easy way to
make money from the Linux users other than porting (and maintaining
various flavors for each version of Linux) Microsoft
Office.
This is an interesting idea, Microsoft could do it if they really
wanted to. I'm sure this is a dilemma to Microsoft:
If Microsoft release Office for Linux, they might be able to keep
that market even in case of a Linux takeover. OTOH by doing so they
will make Linux stronger with the risk of loosing the OS market.
If Microsoft does not release Office for Linux, Windows will still
be the platform on which Microsoft Office runs most reliable. This
means that Office users have to use Windows, OTOH Linux users cannot
use Office.
Basically Microsoft has two choices, try to keep one market or try to
keep both with higher risk of loosing both. Right now Microsoft tries
to keep both markets. But projects like
Wine
are trying to prevent Microsoft from using that strategy.
Next question is, could Microsoft at some point change strategy? They
would have to be very afraid of Linux to do so. In theory Microsoft
could already be developing Office for Linux, but they would want to
keep that very secret. If people knew they were developing the
product, they would also know that Microsoft find it likely for Linux
to take over the OS market.
Microsoft knows that to make money from Linux, they would probably
have to release Office for Linux. But selling Office for Linux is not
the only money they would make from Linux. If Microsoft ever were to
support Linux, they would probably also create their own distribution.
This would of course come with a proprietary installer and
applications. This means that copying the entire Microsoft GNU/Linux
distribution would be illegal, but copying parts of it would be legal.
Now we can guess about the prices Microsoft would choose for such a
distribution. They might want to make Windows cheaper than their Linux
distribution, because people would then think we are lying when we say
Linux is cheaper than Windows. OTOH Microsoft would not want Windows
to look like a discount system.
Slashdot Mirror
I just don't get it, why does that comment still have a score of 1? IMHO it deserved Score:5, Funny.
Anyway personally I always skip those parts in all upercase letters when reading an EULA.
firstborn children
You really don't want that many children! (Do you?)
How long after Sadam Husain launches a major investment in OSS will it be before the US Govt. bans all its citizens form partisipating.
How long after Saddam Hussein launches a major investments in weapons will it be before the US government bans all weapons?
potentially dangerous if some idiot comes along and misconfigures the honeypot
This is all about where you place the honeypot. Place the honeypot where it has no more access to your important network than a random computer on the internet would have had. In that case your network is no more vulnurable with the honeypot than without.
Placing the honeypot in an important network behind your firewall is plain stupid. Placing the honeypot outside the firewall is acceptable. Placing the honeypot in a DMZ zone with nothing else is also acceptable, if the firewall is configured correctly. If the extra leg on the firewall causes more bugs in the setup, two independend firewalls would have been better.
Why not take this one step further and use Wine for the development process? I have never developed Windows software, so I obviously don't know what I'm talking about, but I would guess there could be some advantages:
No Wine is NOT an emulator.
Wine is an implementation of the Windows API, pressumably according to some specification more or less public available. Windows XXX is also an implementation of that API. And "Windows" programs are programs written for that API.
The main reason it doesn't all interoperate is software not conforming 100% to the specification and other software bugs. Thus you will in all those pieces software find workarounds for bugs in other pieces of software.
Expect more trojans that look like this, but in a better disguise. :-/
And don't expect the next one to be active only during build. It would have been trivial to make it more dangerous even for those people not using their root acount for compiling.
What would be considered a proper firewall to protect against this outgoing-connection trojan?
/var/log/messages.
I use iptables, it is configured to REJECT all outgoing TCP connections except from destination ports of protocols that I regurarilly use. Had I run this trojan it would just have gotten connection refused, and the packet would have been logged to
I verified the gpg signature very carefully. After verifying I asked in a newsgroup just in case I would have missed something important. The public key I downloaded from a lot of different mirrors, just in case one of them had been compromised.
How the fuck is that useful?
I often need to look at the contents of one window while typing in another window. I don't need to see the contents of the window in which I'm typing, I know what is there namely exactly what I just typed. But the other nonactive window could contain important information.
It is also nice that I can execute a command in my terminal without having to bring the terminal window to front. If I can see just see a corner of my terminal window, I place my mouse cursor there and type my command.
Also when I use xv3 to browse through a lot of pictures I want the picture wiev window to be on top not the control window in which I'm clicking. I just need to be able to see enough of the control window to be able to click on the next button.
My ass doesn't have to be on the toilet when I take a shit, but it's much better if it is.
I don't know about your lusts, and I'm not sure I want to know. But if you like standing on top of your toilet when taking a shit, and you actually is able to hit the hole (in the toilet), I see no reason why the toilet produce should try to prevent it.
Scares me to think how fast it'll fall...
Not as fast as other servers mentioned on slashdot has sometimes failed, and actually that scares me even more.
Wasn't this BTW the same C64 server that used to run a realaudio streaming server? (Mentioned in an earlier slashdot article.)
I agree with you on those two features. But I have more reasons than that to like the Unix/Linux interfaces better than Windows:
Could you post a link to the source of that information?
Here is a link to Chapter 2 in the Danish law on copyright. Paragraph 36 and 37 are interesting. Obviously this is written in Danish, it would be interesting with links to similar laws in other European countries.
I'll try to explain to the best of my abilities what this law says:
Paragraph 36 says that if you have the right to use a program, you may also fix bugs, make backupcopies, and run the program to see how it works. Stk 4 says you cannot give up these rights by agreement.
Paragraph 37 says you may make copies and translations of a program if this is necesarry to get the information needed to achieve interoprability between software you develop and other software. Point 1 says it may be done by the licensee or people working for the licensee. Point 2 says it may only be done if the necesary information is not easily available in other ways. Point 3 says you may only translate parts necesarry to achieve the needed information. Stk 2 says the information may not be used for other pusposes than achieving interoprability. Stk 3 says the rights cannot be given up by agreement.
but they can't figure out how to make a bootlog
Of course we can't figure that out. It is supposed to be difficult! If it was supposed to be easy, why would M$ have chosen to place the bootlog in a hidden file?
Simply saying "dumb buses are bad" is dumb. Without considering the CPU speed, availability, and loading from the "dumb bus" at its rated speed, such a statement is meaningless.
It is not that simple. You cannot say a piece of equipment is simply dumb or intelligent. There are variations from the very dumb through the little dumb and little intelligent up to the very intelligent equipment.
In some cases a little dumb equipment is no problem to a fast CPU. But equipment can be so dumb that speeding up the CPU is no help at all.
If communicating with the equipment requires the CPU to do busywaiting a fast CPU doesn't help. Maybe a fast CPU can poll the device 100 million times in a second where a slow CPU can only poll the device 10 million times in a second. But that doesn't make the device respond faster. So no matter how fast you poll, you are still wasting all your precious CPU time, a faster CPU will just increase the waste.
Maybe hyperthreading can be a little help here, but you would still be wasting resources. And requiring so much from the CPU just to support very dumb equipment is not a good idea.
So in fact a device can be so dumb that it is without doubt bad. I don't know if USB is this dumb, but I do know that a parallel port with an interlink cable is.
the EULA explicity prohibits you to run the player on a non-MS OS. So you've broken their EULA.
It is doubtable whether this EULA has any legal validity. At least in my part of the world the law gives us certain rights that cannot be given up by an agreement.
I've been hearing voices in my head for years now
That also happens to me once in a while. What really bothers me is that there tend to be three of them arguing loudly with each other in a language I do not understand. Do you have any idea how annoying that can be?
The PNG specs include instructions for lossy compression.
Hate to say it, but W3C disagree with you.
my web log shows an average of forty-two requests per day
That is indeed interesting, a short time ago when discussing Windows security in a danish newsgroup, I counted the entries in my log. I also had an average of forty-two requests per day.
This couldn't be a coincidence, could it?
Switching to PNG does at first sound like an obvious solution, but it isn't. PNG and JPG are made for different purposes. PNG is a lossless compression while JPG is a lossy compression.
Sometimes you need a lossless compression, and for that purpose PNG usually gives you the smallest file among lossless compressions.
But sometimes you want a lossy compression to be able to get smaller resulting files. I just picked a random JPG file off my harddisk and converted it to PNG. The file grow by a factor nine.
PNG is a good alternative to GIF, bug PNG is not a good alternative to JPG.
You have spare gigs on your hard drive? (Score:-1, Redundant)
Why did that get a -1 score? In this discussion redundant is supposed to be a positive word.
For security reasons we absolutely want to encrypt and sign everything stored on the other computers. There is nothing tricky about this part, the usual cryptography can be used without modifications. This is not going to waste any significant amount of storage space or network bandwidth. But it will require some CPU cycles.
The other not so trivial part of such a system is the redundancy. Reed-Soloman would be one type of redundant coding suitable for the purpose. Parchive also uses this coding.
I know some implementations are limited to at most 255 shares, but for performance reasons, it is probably not feasible to use a lot more than that anyway. I expect the Reed-Soloman code to be the most CPU hungry part of such a system.
We need to choose a threshold for the system, I see no reason why the individual users cannot choose their own threshold. If one user want to be able to reconstruct data from 85 shares, there need to be three times as much backing storage as the data being backed up.
The first approach to storage space would obviously be, that each user can consume as much as he himself makes available to the system. I'd happily spend the 10GB harddisk space needed for two backups of my 1.5GB of important data with a factor three of redundancy. This would if done correctly give a lot better security than most other backup solutions.
One important aspect you may never forget in such a system is the ability to verify the integrity of backups, I guess this is the most tricky part of the design. Verifying with 100% security that my backup is still intact would require downloading enough data to reconstruct my backup. However verifying with 99.9999999% security could require significantly less samples to be made. Unfortunately here the 255 shares can be a major limitation, the larger the number of shares gets the smaller the percentage of data we need to sample gets. I don't wanna do the exact computations right now, but if 18 randomly picked from the 255 shares are all intact, we have approximately the 9 nines of security that there are indeed 85 intact shares of the 255. So we have indeed limited the network usage by almost a factor of five.
If we want:
- Higher security
- Less network usage for verifications
- Good network performance even in case of a few percent of lost
shares
we need more than 255 shares of data. There is no theoretical limit to the number of shares, but the CPU usage increases.What the system also needs is migration of data as users join and leave the system, and a reliable way to detect users responsible for large amounts of lost shares. Creating public key pairs for each user is probably necessary for this. I think this can be done without the need of a PKI, a user can just create his key pair and then start building a reputation.
"Microsoft Office 20xx for GNU/Linux," would we install it?
Five years ago I used WordWorth on my Amiga for wordprocessing, I occasionally used Office on somebody elses computer. At that time I liked Office, but I very much disliked DOS/Windows on which it ran. At that time I still had some respect left for the company, and had Office been available for AmigaOS I'd have used it.
Since then Microsoft has lost all my respect, it is unlikely that I would be the first user of Microsoft Office for Linux, but I believe many others would use it. If the combination of some opensource OS and Microsoft Office become very popular I might reconsider my position.
Now let's assume Microsoft some day is no longer any threat on the OS market, but still is the major player on the Office application market, and that I find I might actually benefit from using Microsoft Office. What would I do?
During the last five years with UNIX/Linux systems, I have learned something about security, so I know I shouldn't trust this closed source product too much. I wouldn't want to run any of their closed source code as root, but installing the product and running it as an unprivileged user does not introduce the same risks. I know the risks still there, and I can handle them.
keep an unreasonable amount of records regarding the number of listeners
I wouldn't claim to know the law in question, so I don't know if it applies to radio on the net as well as radio on the air. But obviously generating such records for radio on the air is practically impossible, while it would be fairly easy to get reasonable estimates for radio casted over the net.
This is an interesting idea, Microsoft could do it if they really wanted to. I'm sure this is a dilemma to Microsoft:
- If Microsoft release Office for Linux, they might be able to keep
that market even in case of a Linux takeover. OTOH by doing so they
will make Linux stronger with the risk of loosing the OS market.
- If Microsoft does not release Office for Linux, Windows will still
be the platform on which Microsoft Office runs most reliable. This
means that Office users have to use Windows, OTOH Linux users cannot
use Office.
Basically Microsoft has two choices, try to keep one market or try to keep both with higher risk of loosing both. Right now Microsoft tries to keep both markets. But projects like Wine are trying to prevent Microsoft from using that strategy.Next question is, could Microsoft at some point change strategy? They would have to be very afraid of Linux to do so. In theory Microsoft could already be developing Office for Linux, but they would want to keep that very secret. If people knew they were developing the product, they would also know that Microsoft find it likely for Linux to take over the OS market.
Microsoft knows that to make money from Linux, they would probably have to release Office for Linux. But selling Office for Linux is not the only money they would make from Linux. If Microsoft ever were to support Linux, they would probably also create their own distribution. This would of course come with a proprietary installer and applications. This means that copying the entire Microsoft GNU/Linux distribution would be illegal, but copying parts of it would be legal. Now we can guess about the prices Microsoft would choose for such a distribution. They might want to make Windows cheaper than their Linux distribution, because people would then think we are lying when we say Linux is cheaper than Windows. OTOH Microsoft would not want Windows to look like a discount system.