If they wanted to create a truly useful tool to help admins, it would simply check a machine, and return a true/false for each exploit, if it was successful - but would carry no payload.
This is just creating a problem, hoping someone will pay them to solve it. Sad.
Sad that the metasploit project is also only about windows exploits. There are exploits for various *nix services, and plenty of 'em. No real reason to patch your linux or BSD boxes, though, since noone's creating script kiddy tools to exploit these, though I don't see why not. Of course, that would go against the "See! Linux is unpernetrable an Winblows is teh suck!" mantra.
Think about it, script kiddies cant use a remote shell. They can only point and click. Thats what metasploit is for, to make it easy for "1337 5kr1p7 k1dd13z".
I mean, what good is "hacking" into a box if you HAVE NO FUCKING IDEA HOW TO ACTUALLY USE IT?
This could just as easily spawn a cygwin shell if it wanted.
Shh, noone here wants to know that. Nor do they want to know that all the device does is store a hash based on your fingerprint, not your fingerprint itself. You can't be identified by one of these devices.
They watch a lot of TV. They watch CSI and see DNS results come back on-site! "Yes, this blood matches the victims" They see those magical computers scan ever fingerprint in the world (I love how it displays each and every mugshot as it "searches".. I mean, how long do you think it would take to download and display 100 million mugshots one by one, for about a second each?)
No, in real life it's nowhere close. I chuckle at this TIA paranoia. I work in the public safety industry, more specifically with police records systems. It's so far from reality its ridiculous.
That said, even if they did match open warrants, what's so wrong with that? Guess what, go to the DMV to renew your tags, pop yer DL on the counter, and if they run it and you got warrants - "you got jail!" Depends on the warrant.
Happened to me, I had a "show cause" warrant because I never turned up for jury duty, they summoned me a full year after I moved out of the county, so nothing came of it.
This, however, is a system to make sure the guy who stashed stuff in the locker is the guy who retrieves it. Simple enough.
Re: your Sig.
on
You've Got PC
·
· Score: 3, Informative
This has been discussed. It's not some conspiracy theory or sneaky DNS redirect.
If you type in a non-valid URL, Firefox automagically does a "I'm feeling lucky" search on what you typed. The first result comes back microsoft.com, for whatever reason.
Verify this yourself by typing the same thing into google and hitting search/lucky.
Really, has anyone publicly stepped up and said, "SCO is right, and we're buying a license.
Publicly? No. How do you know what the millions of small to mid sized businesses may have done?
700 bucks isn't a lot of money to throw at a potential problem to go away. And if you run a business, it's probably not the right venue to make your moral stand on OSS. After all, you have a business to run, bills to pay, employees, etc..
Why would you spend $1,000 for a fast computer and then underclock it to make it slower? Just pay $800 instead for the slower one.
When Doom 4 comes out, I can just reset my machine to its factory settings, and not have to spend another 800 bucks.
And there are times when I need or want the speed (when compiling my companies app suite takes 45 minutes, every mhz counts), but most times I dont. I want to be able to switch on demand from "quiet and practical" to "loud and obnoxious".
Because the slower components run just as hot as the faster ones, and I want them to run cooler (and quieter). The HSF on the older northwood P4s was just as loud as the prescotts. I wanna slow a prescott down.
Because the reduced power usage means that my desktop machine will last longer on a UPS. Batteries aren't just for notebooks. I'd love for it to auto-clock itself down about 50% when it switches to battery power.
Because the 3.06ghz P4 is the slowest proc with hyperthreading, which I've found enormously useful. It doesnt make your computer magically faster, but it's much more responsive when some app runs away with the CPU.
Because I don't want to spend 60 bucks on an aftermarket cooler that weighs a pound and a half and will likely destroy my machine if I try to move it because it's 4 times the weight specced.
Because if my machine wasn't so hot under load, and sucking so much power, maybe I'd run folding@home and cure cancer.
Noise? I have a 3.2 ghz machine that I can barely hear. My 1ghz was louder.
So what? I have a 1ghz fileserver with no active cooling whatsoever, and I have a 3.06ghz desktop that sounds like an electric razor.
Hell every laptop nowadays does CPU frequency scaling, they all underclock by default to save power. Next generation intel desktop procs will probably do it to, from what I've heard freq scaling that's another feature that they're taking from the Pentium M core. Less power, less heat, less noise.
To do what? Getting local times from moviefone I can see, but remembering who played the black guy in that movie you saw on late night TV while you're stuck on a bus with no internet access?
He's just copying the directions off the can, which is for coating tools. I did exactly what was described (mixing sand into the stuff) for the toolset I keep on my boat.
Try to take off a prop in the water, or cut loose all the crab lines that idiots around here throw down yet don't mark (because they're poaching).
It's not illegal, just not allowed in some Halo tournaments.
Most gaming tournaments wont let you use modded or 3rd party controllers. At least the good ones. Nothing would be lamer than a Street Figher champion who just pushed the "macro" button on his controller which stored a 99-hit combo.
This "product" isn't new, you can get it at Home Depot or any other hardware store, and have been able to do so for at least 20 years, because I remember dipping some wrenches in it years ago.
It's called plasti-dip or something. It's a can of liquid (its just rubber cement with some additives for all I can tell), you dip your tools into it, it hardens and there you go, rubbery grips.
They also sell industrial strength paper towels and high powered wet-vacs, in which you might be interested.
This is the lamest "modding" article ever posted on slashdot. It's about as clever and new as spray painting your case.
Why can't I underclock? Why wont mobo mfg's allow this?
I can set the FSB on my gigabyte board to moronic levels, like 300.. Theres no safeguards for how high I can go. There's always a limit, and that limit is usually low enough that it makes overclocking a fruitless endeavor. But there's no limit on how slow it could go.
Why cant I drop it to 100 from 133? I don't always need my 3.06 ghz P4, and the temp-controlled "varies" from 4000 rpm to 4800 rpm, that is from annoyinly loud to slightly-more-annoyingly loud.
I'll have a 400mhz effective FSB instead of 533. And so what? I have a 2.0ghz celeron with a 400mhz fsb and it performs all my day-to-day functions as well as the 3.06 p4.
A modest underclock and it would run cooler, quieter, and in turn, last longer. Same for the video card. If jacking the GPU clock by 5% (a negligable performance boost in real life) increases the heat by like 50% or more, then lowering it by 5% (a negligable performance loss) should decrease the heat dramatically. Which it does, the 9800 non-pro is much cooler than the pro, and both are the same card with the non-pro clocked just slightly lower.
I'd like to run that 3.06 at about 2ghz. Plenty of speed for gaming and watching porn. I'll jack it up only when I have something big to compile.
I'm not the only one, there's a huge quiet-computer movement about, could be the next big "niche" market.. Perhaps bigger than the "enthusiasts who know nothing about what they're doing" market who desire an FSB setting that goes from 133-300+change.
It was a great way to "wake up the government". Hey, if we start enforcing patents, we won't be able to steal other people hard work for free!
The municipal govt of Munich doesn't mean shit to the EU, frankly, and doesn't have the power to stop this legislation. And if it does go through, and it seems likely, it'll be the law of the land, and I dont see municipal governments as an appropriate place for "civil disobedience". I mean, what if the local PD decided to ignore all those "due process" and "civil rights" because they dont agree philosophically?
So, whats a little odd to me is that the city knows about possible patent troubles, and doesn't care.
So if they don't care about possible IP issues with Linux, what's stopping them from just downloading free versions of what they already have off of Kazaa? Then there's nothing but savings. Just stop paying the software vendors. "Sorry, but morally I feel your product has no tangible value, so therefore I wont pay for it" Hell, why pay for the equipment either? Why pay salaries?
Euro governments are fuckin wacky. Not to be mistaken as an affirmation of American government, of course.
Well, as the lead-in says, this was written by the "guru at theregister.com", or translated, by an out-of-touch linux zealot.
By out-of-touch, I mean he has no idea what an average user is, or what they're willing to do. Ethereal is next to useless as a security tool, it's a great tool for troubleshooting complex networking setups, but a box with XP Home that dials into AOL is hardly a complex network.
They might as well suggest the "average user" set up an elaborate honeynet.
A security book for the average user probably could fit on both sides on an index card, hell one side: Know what a firewall is and how to configure it. Know not to run executable code unless you trust the source. Keep your machine up to date, and scan for viruses reguarly.
That's about it, at least, thats about all I'd expect out of an average user, and that's about all I'm willing to do myself. I've never cracked out ehtereal to "secure my box". Thats ridiculous.
The "dont run executables" is a tricky one under Windows, because it's no longer clear to the average user what's executable or not. It used to be simple: files that end in.bat,.com or.exe. Now it could be.vbs or a macro in a.doc or.xls. How many average users know what.msi means?
Not that it's easier for the average user to know in the unix world, where they have to "ls -l" to see if the executable bit is set.
I think this may be the next big thing in Reality TV... Virtual Reality TV!
How much would you pay to watch that guy running in place, panting and heaving, with a split screen showing the "virtual" Pepsi machine he's trying to reach?
Thanks for proving that slashdotters have never even seen a gym.
I pay 20 bucks a month for access to probably over 200,000 in equipment. The treadmill is only used as a warmup, or elliptical machine or stationary bike if you prefer. Once your heartrate is up, you hit the circuit training.
In the summer, I have full access to the outdoor olympic sized pool, which I've never seen more than 10 people in at a time. And they're usually women, and usually in really nice shape. It's a really cool pool area, too. Plenty of grass for lounging on, an outdoor snackbar (with a liquor licsense!) I've spent many a saturday lounging around there.
Haha to all those suckers packed into the community pool soaking in various 5 year olds urine. At 3 bucks a pop for the one hour "community swim"? Ha
And, FYI, walking/running on a treadmill is a whole lot better for you than walking/running outside. Less impact on your knees from irregular terrain, no shin splints, etc..
The article doesn't imply these are dumb panels on rollers, the article says these use ultrasound to determine their position, and magnetically track the position of the users feet (I assume you wear some special sort of shoe).
Nah, they're in space, so if you turn off the "gravity generators" in the holodeck, they can just float.
Now you can apply force fields to the floating bodies to mimic the environment, like the resistance of the floor to your feet or the wind on your face, etc..
What I never got was: 1) Why did they dress up to go to the holodeck? Data would put on his whole lil Sherlock outfit.. Why bother? Cant the holodeck generate the funny hat and pipe? Is there really enough personal storage space on the Enterprise for such things? I doubt the crew of your average aircraft carrier have room for sherlock holmes outfits to play dress-up in their downtime.
and 2) they could take stuff out of the holodeck. I forget the episode, but I think it was Picard walking around when suddenly he gets hit by a snowball, and you see Crusher and his boyfiend apologizing, they just came from the holodeck after skiing on the moons of endor or some shit. Why would the holodeck allow this to happen?
Of course, the whole holo-doctor thing on Voyager just got silly.
This is the truth.
If they wanted to create a truly useful tool to help admins, it would simply check a machine, and return a true/false for each exploit, if it was successful - but would carry no payload.
This is just creating a problem, hoping someone will pay them to solve it. Sad.
Sad that the metasploit project is also only about windows exploits. There are exploits for various *nix services, and plenty of 'em. No real reason to patch your linux or BSD boxes, though, since noone's creating script kiddy tools to exploit these, though I don't see why not. Of course, that would go against the "See! Linux is unpernetrable an Winblows is teh suck!" mantra.
What does the VNC server payload have to do with using the tool to test your machines?
A simple true/false (exploited/no exploited) is all an admin needs to know. Break it down to which specific exploit worked.
This is just backorifice/subseven revisited.
Think about it, script kiddies cant use a remote shell. They can only point and click. Thats what metasploit is for, to make it easy for "1337 5kr1p7 k1dd13z".
I mean, what good is "hacking" into a box if you HAVE NO FUCKING IDEA HOW TO ACTUALLY USE IT?
This could just as easily spawn a cygwin shell if it wanted.
Shh, noone here wants to know that. Nor do they want to know that all the device does is store a hash based on your fingerprint, not your fingerprint itself. You can't be identified by one of these devices.
They watch a lot of TV. They watch CSI and see DNS results come back on-site! "Yes, this blood matches the victims" They see those magical computers scan ever fingerprint in the world (I love how it displays each and every mugshot as it "searches".. I mean, how long do you think it would take to download and display 100 million mugshots one by one, for about a second each?)
No, in real life it's nowhere close. I chuckle at this TIA paranoia. I work in the public safety industry, more specifically with police records systems. It's so far from reality its ridiculous.
That said, even if they did match open warrants, what's so wrong with that? Guess what, go to the DMV to renew your tags, pop yer DL on the counter, and if they run it and you got warrants - "you got jail!" Depends on the warrant.
Happened to me, I had a "show cause" warrant because I never turned up for jury duty, they summoned me a full year after I moved out of the county, so nothing came of it.
This, however, is a system to make sure the guy who stashed stuff in the locker is the guy who retrieves it. Simple enough.
This has been discussed. It's not some conspiracy theory or sneaky DNS redirect.
If you type in a non-valid URL, Firefox automagically does a "I'm feeling lucky" search on what you typed. The first result comes back microsoft.com, for whatever reason.
Verify this yourself by typing the same thing into google and hitting search/lucky.
Really, has anyone publicly stepped up and said, "SCO is right, and we're buying a license.
Publicly? No. How do you know what the millions of small to mid sized businesses may have done?
700 bucks isn't a lot of money to throw at a potential problem to go away. And if you run a business, it's probably not the right venue to make your moral stand on OSS. After all, you have a business to run, bills to pay, employees, etc..
its the smallest unit which is addressable
That's a word.
A byte is 8 bits, it's a standard of measure we use today (megabytes, kilobytes). A 32-bit processor uses 32 bit words, or 4 bytes to a word, etc..
Why would you spend $1,000 for a fast computer and then underclock it to make it slower? Just pay $800 instead for the slower one.
When Doom 4 comes out, I can just reset my machine to its factory settings, and not have to spend another 800 bucks.
And there are times when I need or want the speed (when compiling my companies app suite takes 45 minutes, every mhz counts), but most times I dont. I want to be able to switch on demand from "quiet and practical" to "loud and obnoxious".
Because the slower components run just as hot as the faster ones, and I want them to run cooler (and quieter). The HSF on the older northwood P4s was just as loud as the prescotts. I wanna slow a prescott down.
Because the reduced power usage means that my desktop machine will last longer on a UPS. Batteries aren't just for notebooks. I'd love for it to auto-clock itself down about 50% when it switches to battery power.
Because the 3.06ghz P4 is the slowest proc with hyperthreading, which I've found enormously useful. It doesnt make your computer magically faster, but it's much more responsive when some app runs away with the CPU.
Because I don't want to spend 60 bucks on an aftermarket cooler that weighs a pound and a half and will likely destroy my machine if I try to move it because it's 4 times the weight specced.
Because if my machine wasn't so hot under load, and sucking so much power, maybe I'd run folding@home and cure cancer.
Noise? I have a 3.2 ghz machine that I can barely hear. My 1ghz was louder.
So what? I have a 1ghz fileserver with no active cooling whatsoever, and I have a 3.06ghz desktop that sounds like an electric razor.
Hell every laptop nowadays does CPU frequency scaling, they all underclock by default to save power. Next generation intel desktop procs will probably do it to, from what I've heard freq scaling that's another feature that they're taking from the Pentium M core. Less power, less heat, less noise.
To do what? Getting local times from moviefone I can see, but remembering who played the black guy in that movie you saw on late night TV while you're stuck on a bus with no internet access?
And the wikipedia link on the word WAP contains this:
WAP has seen huge success in Japan
Who cares about some device-specific protocol anyways? Does it really affect my life if people are using it or not?
He's just copying the directions off the can, which is for coating tools. I did exactly what was described (mixing sand into the stuff) for the toolset I keep on my boat.
Try to take off a prop in the water, or cut loose all the crab lines that idiots around here throw down yet don't mark (because they're poaching).
My time was about 10 minutes.
I guess I'm not as "into it" as you guys are.
It's not illegal, just not allowed in some Halo tournaments.
Most gaming tournaments wont let you use modded or 3rd party controllers. At least the good ones. Nothing would be lamer than a Street Figher champion who just pushed the "macro" button on his controller which stored a 99-hit combo.
You do realize that rubber really does grow on trees, don't you? (Well, in them)
This stuff is rubberized cement with a bunch of chemical additives, happy? Chemically altered rubber. That better?
And you have to sit at a desk, and look at a presumably smaller monitor, in a generally more uncomfortable chair.
It's the same retarded PC vs Console argument. Noone cares if you prefer to use a mouse or like Doom better than Dead or Alive. Really.
I'll prove it: I prefer to sit back in the couch with a beer and play with a controller on my much larger TV. Do you care?
This "product" isn't new, you can get it at Home Depot or any other hardware store, and have been able to do so for at least 20 years, because I remember dipping some wrenches in it years ago.
It's called plasti-dip or something. It's a can of liquid (its just rubber cement with some additives for all I can tell), you dip your tools into it, it hardens and there you go, rubbery grips.
They also sell industrial strength paper towels and high powered wet-vacs, in which you might be interested.
This is the lamest "modding" article ever posted on slashdot. It's about as clever and new as spray painting your case.
Why can't I underclock? Why wont mobo mfg's allow this?
I can set the FSB on my gigabyte board to moronic levels, like 300.. Theres no safeguards for how high I can go. There's always a limit, and that limit is usually low enough that it makes overclocking a fruitless endeavor. But there's no limit on how slow it could go.
Why cant I drop it to 100 from 133? I don't always need my 3.06 ghz P4, and the temp-controlled "varies" from 4000 rpm to 4800 rpm, that is from annoyinly loud to slightly-more-annoyingly loud.
I'll have a 400mhz effective FSB instead of 533. And so what? I have a 2.0ghz celeron with a 400mhz fsb and it performs all my day-to-day functions as well as the 3.06 p4.
A modest underclock and it would run cooler, quieter, and in turn, last longer. Same for the video card. If jacking the GPU clock by 5% (a negligable performance boost in real life) increases the heat by like 50% or more, then lowering it by 5% (a negligable performance loss) should decrease the heat dramatically. Which it does, the 9800 non-pro is much cooler than the pro, and both are the same card with the non-pro clocked just slightly lower.
I'd like to run that 3.06 at about 2ghz. Plenty of speed for gaming and watching porn. I'll jack it up only when I have something big to compile.
I'm not the only one, there's a huge quiet-computer movement about, could be the next big "niche" market.. Perhaps bigger than the "enthusiasts who know nothing about what they're doing" market who desire an FSB setting that goes from 133-300+change.
You can buy a can of that rubber stuff at home depot. You dip your (all metal or grips worn off) tools into it and it coats it.
You hardly need to be a hardcore modder to do this. If you had sense, you'd get a roll of the grip tape skaters use and it'd be cheaper and faster.
Has anyone ever had a problem with the controller flying out of their hands?
It was a great way to "wake up the government". Hey, if we start enforcing patents, we won't be able to steal other people hard work for free!
The municipal govt of Munich doesn't mean shit to the EU, frankly, and doesn't have the power to stop this legislation. And if it does go through, and it seems likely, it'll be the law of the land, and I dont see municipal governments as an appropriate place for "civil disobedience". I mean, what if the local PD decided to ignore all those "due process" and "civil rights" because they dont agree philosophically?
So, whats a little odd to me is that the city knows about possible patent troubles, and doesn't care.
So if they don't care about possible IP issues with Linux, what's stopping them from just downloading free versions of what they already have off of Kazaa? Then there's nothing but savings. Just stop paying the software vendors. "Sorry, but morally I feel your product has no tangible value, so therefore I wont pay for it" Hell, why pay for the equipment either? Why pay salaries?
Euro governments are fuckin wacky. Not to be mistaken as an affirmation of American government, of course.
Well, as the lead-in says, this was written by the "guru at theregister.com", or translated, by an out-of-touch linux zealot.
.bat, .com or .exe. Now it could be .vbs or a macro in a .doc or .xls. How many average users know what .msi means?
By out-of-touch, I mean he has no idea what an average user is, or what they're willing to do. Ethereal is next to useless as a security tool, it's a great tool for troubleshooting complex networking setups, but a box with XP Home that dials into AOL is hardly a complex network.
They might as well suggest the "average user" set up an elaborate honeynet.
A security book for the average user probably could fit on both sides on an index card, hell one side: Know what a firewall is and how to configure it. Know not to run executable code unless you trust the source. Keep your machine up to date, and scan for viruses reguarly.
That's about it, at least, thats about all I'd expect out of an average user, and that's about all I'm willing to do myself. I've never cracked out ehtereal to "secure my box". Thats ridiculous.
The "dont run executables" is a tricky one under Windows, because it's no longer clear to the average user what's executable or not. It used to be simple: files that end in
Not that it's easier for the average user to know in the unix world, where they have to "ls -l" to see if the executable bit is set.
I think this may be the next big thing in Reality TV... Virtual Reality TV!
How much would you pay to watch that guy running in place, panting and heaving, with a split screen showing the "virtual" Pepsi machine he's trying to reach?
Thanks for proving that slashdotters have never even seen a gym.
I pay 20 bucks a month for access to probably over 200,000 in equipment. The treadmill is only used as a warmup, or elliptical machine or stationary bike if you prefer. Once your heartrate is up, you hit the circuit training.
In the summer, I have full access to the outdoor olympic sized pool, which I've never seen more than 10 people in at a time. And they're usually women, and usually in really nice shape. It's a really cool pool area, too. Plenty of grass for lounging on, an outdoor snackbar (with a liquor licsense!) I've spent many a saturday lounging around there.
Haha to all those suckers packed into the community pool soaking in various 5 year olds urine. At 3 bucks a pop for the one hour "community swim"? Ha
And, FYI, walking/running on a treadmill is a whole lot better for you than walking/running outside. Less impact on your knees from irregular terrain, no shin splints, etc..
The article doesn't imply these are dumb panels on rollers, the article says these use ultrasound to determine their position, and magnetically track the position of the users feet (I assume you wear some special sort of shoe).
Do people get motion sick on treadmills?
Yes, they do. If you go to the gym long enough, you'll see someone get dizzy or nausious and fall right off 'em.
They even have lil warning labels advising people with inner ear problems to stay off.
I wouldn't expect the average slashdotter has seen a treadmill in actual use.
Nah, they're in space, so if you turn off the "gravity generators" in the holodeck, they can just float.
Now you can apply force fields to the floating bodies to mimic the environment, like the resistance of the floor to your feet or the wind on your face, etc..
What I never got was: 1) Why did they dress up to go to the holodeck? Data would put on his whole lil Sherlock outfit.. Why bother? Cant the holodeck generate the funny hat and pipe? Is there really enough personal storage space on the Enterprise for such things? I doubt the crew of your average aircraft carrier have room for sherlock holmes outfits to play dress-up in their downtime.
and 2) they could take stuff out of the holodeck. I forget the episode, but I think it was Picard walking around when suddenly he gets hit by a snowball, and you see Crusher and his boyfiend apologizing, they just came from the holodeck after skiing on the moons of endor or some shit. Why would the holodeck allow this to happen?
Of course, the whole holo-doctor thing on Voyager just got silly.