Ah yes...the pain...the agony...the hurt of trying to get Wing Commander 4 to work on my 486DX box. Those were the days when men were men and gamers had constitutions of steel:-P
I've been using Knoppix-STDin the course of my side gig doing forensic work, and have found it to be indespensible. Especially since it is vitally important that the files on the subject box not be altered in any way, Knoppix is a perfect way to get in and see what little nasties are hiding on a box without even booting up its OS.
I have found the Knoppix STD disc to be of endless utility in conducting forensic examinations. Just haul along Knoppix and a spare HD to stick disc images on and you're set. If you have to conduct an on the spot examination and don't have the luxury of making a drive image, just fire up the hex viewer-I couldn't work with out it. Give a copy a try: The homepage here can fill you in on everything.
Indeed. I've just now begun grepping this file, and the evidence that this is the real deal is beginning to add up.
<disclaimer>
I won't touch the actual source with a 10-foot pole, though.
</disclaimer>
Much as I like to see Wild Billy get the shaft, this leak, if true, has a number of disturbing implications; national, financial, and personal security being 3 that seem to top the list. I don't care how often the object code has been reverse engineered; there are likely to be plenty of dark, rank oubliettes built of code crufty beyond imagination lying about in the source just waiting to come to light.
Does it say something about me that I'm more interested and excited about this than any news story that I've read in the last year? (Janet's tit included.)
...but the jargon is not complex enough to be unteachable.
Sure, but being able to use said jargon competently, backed up by concrete knowledge in a wide range of situations without going off the scale on the bullshit-o-meter is not something that cannot be taught in so short a period of time, even if you are dealing with an exceptionally sophisticated subject that lives and breathes wine lore 24/7 the whole month. The subject is simply too vast, complex, and dependent upon constant practice and education.
Most of time, the folks that you are selling wine to have only the most vague conception of the difference between a Cabernet and a Pinot Noir, and a "beer-drinking Chicago football fan" armed with a few buzzwords could BS his way through a presentation just fine. However, when someone who knows WTF they are talking about turns up, they're going to know that Mssr. BudChugger is full of shit very quickly.
I don't know a thing about the stuff Prada sells (I haven't much use for high fashion), but I can tell you that the sort of people that would shop there can smell someone from the other side of the tracks a mile off.
The upscale waitress would just as out of place and "hopeless" in a McDonalds.
Out of place? Absolutely. Hopeless? Only in context of her state of mind as she tries to cope with the inanity and soul-destroying drudgerey that goes along with working at McD's. Most of the better waitresses that I have worked with could probably run an average Mc'Ds front-of house without assistance and still have time to do her taxes in between taking orders.
If their skills are replaced by a simple chip that tells the associate everything about you, then the stores can get by with hiring minimum wage McDonalds rejects instead, thereby decreasing their total labor costs. It will also cheapen the whole experience.
On the contrary, to even be able to function in a retail environment such as this, you have to have a certain gentility. Even if you had a client's life history in front of you to refer to, the sort of people that shop at places like Prada expect the salespeople to have a degree of breeding, taste, and poise. If you look at the makeup of the staffs of such places, or of very fine resturants, they tend to be the children of privileged families that, for one reason or another, are obliged to work for a living or are simply bored and want something to do. I spent many years as I went through college working in this area as a sommelier, and I can assure you that unless you can speak clear English, are well educated, and capable of speaking the peculiar high-context language of the upper class, the clients that frequent this sort of place and the people that run this sort of establishment would want nothing to do with you. Your average McDonalds worker would be hopeless in this case, regardless of the technological assistance give them.
It would indeed cheapen the whole experience: It would put them out of business.
As was I. All of the scenes from MR that showed advertisments blaring out to passerby, recommending personalized buying suggestions and hurling sales pitches pell mell filled me with horror. After the movie was over, I looked over at my wife and said, "When that happens, we're moving to a fucking log cabin on the Blue Ridge."
Of course, said cabin would be complete with a cutting edge solar/microhydroelectric power system, sattelite Internet Access, etc. My wife is always mystified by the fact that I can peck away at my computers day in and day out, steeping myself in technology, but when it comes to commercial enterprise I run screaming from anything that threatens to invade my mental environment. I don't see any inconsistency there, but hey, YMMV.
I concur that I would NEVER base a purchasing decision solely on a press release/open hack invitation such as this. However, I think that more credit is due to the folks at RH--for the most part, they are probably much finer hackers than the vast majority of thier detractors here on/. (myself included;) any assumption that they are using this as a substitute for a security audit is asinine at best, and to assume that additional steps, such as comprehensive internal security audits, are not being taken in the production of a SE Linux system simply on basis of absence of specific mention in the article is rude and condescending. I say this as a dedicated Debian user that has had little use for RH products over the years. Regardless, I have a great deal of respect for the effort that the people at RH have put into the improvement of Linux and Open Source Software in general.
An open request for system compromise is, of course, a PR broadside as well as system test. As a businessman as well as nerd, I appreciate this--you can't survive in modern business without this sort of PR stunt. On the other hand, leaving a beta of thier system open and inviting every scriptkiddie/blackhat/cracklibwieldingfuckwit etc. ad nauseum to try and break it CAN'T hurt the system's overall security one bit.
Although many of you may not approve, this is both good PR and good policy.
Don't be an ass. I detect a bit of a chip on your shoulder, perhaps some of the knee-jerk "RH is for noobs, all of these kids should be using Slakware compiled totally from source," sort of attitude.
...oh wait, this is/......please excuse me while I take the hook out of my cheek.
Quite the contrary. In a perfect world a box would be capable of withstanding attack regardless of its configuration post-install. However, the moment an admin installs a bit of needed software for the environment in which he works, he is responsible for that software's influence on the box, particularly if the source code is freely available and user-patchable. Many of the PHP apps that are floating around and in common use are an excellent example: PHPNuke is frequently used, and is also as full of holes as a T-shirt that's been attacked with a 12-gauge. PHPMyAdmin in another excellent example of a useful, widely deployed program that can be VERY easily compromised.
Distro developers like RH CANNOT be expected to code thier distros to cover situations like this: the sysadmin has to take responsibility for thier actions. Period.
This is a viable point, but one that I tried to address in my parent post; perhaps I was not clear:
My impression is that some of the skilled white-hat types would see this as an interesting challenge, and would attempt to use/code the same sort of exploits that a nefarious user would employ. It is pure assumption on my part that this would be the case, but I think that it is also a reasonable assumption.
In any case, this sort of testing can't hurt, and stands a good chance of showing the RH developers holes that they would have otherwise overlooked, whether they are canned or specially coded.
This, IMHO, is smart policy. What better way to find the holes in a distro than to co-opt the people most capable of exploiting them? Even at worst this will give the folks at RH a good idea of what exploits are going to be most frequently used against thier systems.
Of course, the security of any system is dependant upon the admin and how he/she configures the software used on the system, but this at least will help to establish a baseline from which to work, and provides full disclosure of any inherent system vulnerabilities to the admins that work with the system.
...as an added bonus, this/. post will see how the system might stand up to a major bandwidth spike....
That's not entirely true: you can use the Database Splitter in Access to dump your backend to a seperate file, which can be stored on a server that multiple front-end clients connect to. This isn't a viable way of doing things for more than 10-20 odd users at once, but for a small office situation where you can (more or less) trust your users, it works just fine.
I concur with laird. I learned BASIC on the Apple II+ and C64 way back when, and then left off programming around 1987. I picked it back up again in 2000, and started learning Perl. It took me forever to get over the idea that a program should have line numbers to function correctly, among other brain-damaged ideas.
Have mercy on the kid, and keep him away from BASIC at all costs.
Why do geeky/nerdy types enjoy that crap? Escapism maybe? Cute, Boo-Boo type pathetic characters they can identify with? Who cares. It makes them happy, much like a balloon makes my 3-year-old happy.
This astute critcism brought to you by a guy who has a hardcore midget porn site as his URL....obviously he's a paragon of taste and class.
Although I concur that population is the single most important environmental issue that we currently face, I think that you need to reasses a few of your views:
The activists will go on whining about SUV's and western per capita energy consumption because it's a lot more fun to point the finger at wealthy people than it is to accuse the third world of overpopulation.
On the contrary, environmental activists (a group in which I include myself), many of whom are quite well-to-do, find profligate consumption of energy, water, and other consumables to be a Bad Thing because our current levels of consumption and exploitation (at least here in the United States) are unsustainable over the long term. Even if global warming is a scam, or even if the oil companies are really a bunch of swell guys that have the public's best interests at heart, we Americans can't keep consuming everything in sight like a swarm of locusts, because before long we are going to be obliged to pay an ecological bill that we won't be able to afford. The easiest way to keep the tab down is to stop eating, burning, buying, drinking, driving, and generally consuming the living hell out of everything. A little moderation is the difference between a mess that is ugly but manageable, and one that is catastrophic.
Your prior scree about oil companies can be forgiven since you point this out.
If you honestly think that big oil
isn't giving the shaft to the lot of us as well as our lovely little planet, you're not paying attention.
It is most certainly worthy of rational concern. At current population levels, it would not be possible to provide a European Standard of living (~$12,500 US per capita per year) to the entire population into the indefinite future. In order to provide this standard of living in an indefinitely sustainable fashion, world population would need to stabilize at ~2.2 billion, a number much lower than our current population.
Of course, equal distribution of resources to everyone on the planet is probably never going to happen. However, if the population continues to increase, even marginally, the is no chance of most of this world's people living in anything but the most abject sort of poverty.
Slashdot Mirror
Ah yes...the pain...the agony...the hurt of trying to get Wing Commander 4 to work on my 486DX box. Those were the days when men were men and gamers had constitutions of steel :-P
I've been using Knoppix-STDin the course of my side gig doing forensic work, and have found it to be indespensible. Especially since it is vitally important that the files on the subject box not be altered in any way, Knoppix is a perfect way to get in and see what little nasties are hiding on a box without even booting up its OS.
I have found the Knoppix STD disc to be of endless utility in conducting forensic examinations. Just haul along Knoppix and a spare HD to stick disc images on and you're set. If you have to conduct an on the spot examination and don't have the luxury of making a drive image, just fire up the hex viewer-I couldn't work with out it. Give a copy a try: The homepage here can fill you in on everything.
Indeed. I've just now begun grepping this file, and the evidence that this is the real deal is beginning to add up.
I won't touch the actual source with a 10-foot pole, though.Much as I like to see Wild Billy get the shaft, this leak, if true, has a number of disturbing implications; national, financial, and personal security being 3 that seem to top the list. I don't care how often the object code has been reverse engineered; there are likely to be plenty of dark, rank oubliettes built of code crufty beyond imagination lying about in the source just waiting to come to light.
Good luck Billy....you're gonna need it.
Does it say something about me that I'm more interested and excited about this than any news story that I've read in the last year? (Janet's tit included.)
$geek++;
True enough....I live in the South (Nashville, TN), and "Old Money" represents most of folks of this sort that I have been obliged to deal with.
Sure, but being able to use said jargon competently, backed up by concrete knowledge in a wide range of situations without going off the scale on the bullshit-o-meter is not something that cannot be taught in so short a period of time, even if you are dealing with an exceptionally sophisticated subject that lives and breathes wine lore 24/7 the whole month. The subject is simply too vast, complex, and dependent upon constant practice and education.
Most of time, the folks that you are selling wine to have only the most vague conception of the difference between a Cabernet and a Pinot Noir, and a "beer-drinking Chicago football fan" armed with a few buzzwords could BS his way through a presentation just fine. However, when someone who knows WTF they are talking about turns up, they're going to know that Mssr. BudChugger is full of shit very quickly.
I don't know a thing about the stuff Prada sells (I haven't much use for high fashion), but I can tell you that the sort of people that would shop there can smell someone from the other side of the tracks a mile off.
The upscale waitress would just as out of place and "hopeless" in a McDonalds.
Out of place? Absolutely. Hopeless? Only in context of her state of mind as she tries to cope with the inanity and soul-destroying drudgerey that goes along with working at McD's. Most of the better waitresses that I have worked with could probably run an average Mc'Ds front-of house without assistance and still have time to do her taxes in between taking orders.
If their skills are replaced by a simple chip that tells the associate everything about you, then the stores can get by with hiring minimum wage McDonalds rejects instead, thereby decreasing their total labor costs. It will also cheapen the whole experience.
On the contrary, to even be able to function in a retail environment such as this, you have to have a certain gentility. Even if you had a client's life history in front of you to refer to, the sort of people that shop at places like Prada expect the salespeople to have a degree of breeding, taste, and poise. If you look at the makeup of the staffs of such places, or of very fine resturants, they tend to be the children of privileged families that, for one reason or another, are obliged to work for a living or are simply bored and want something to do. I spent many years as I went through college working in this area as a sommelier, and I can assure you that unless you can speak clear English, are well educated, and capable of speaking the peculiar high-context language of the upper class, the clients that frequent this sort of place and the people that run this sort of establishment would want nothing to do with you. Your average McDonalds worker would be hopeless in this case, regardless of the technological assistance give them.
It would indeed cheapen the whole experience: It would put them out of business.
As was I. All of the scenes from MR that showed advertisments blaring out to passerby, recommending personalized buying suggestions and hurling sales pitches pell mell filled me with horror. After the movie was over, I looked over at my wife and said, "When that happens, we're moving to a fucking log cabin on the Blue Ridge."
Of course, said cabin would be complete with a cutting edge solar/microhydroelectric power system, sattelite Internet Access, etc. My wife is always mystified by the fact that I can peck away at my computers day in and day out, steeping myself in technology, but when it comes to commercial enterprise I run screaming from anything that threatens to invade my mental environment. I don't see any inconsistency there, but hey, YMMV.
Touche'..............
bwahahahahahahahahahahahahahaha
Dammit, I wish I hadn't posted on this subject. Mod parent up, please.
I concur that I would NEVER base a purchasing decision solely on a press release/open hack invitation such as this. However, I think that more credit is due to the folks at RH--for the most part, they are probably much finer hackers than the vast majority of thier detractors here on /. (myself included;) any assumption that they are using this as a substitute for a security audit is asinine at best, and to assume that additional steps, such as comprehensive internal security audits, are not being taken in the production of a SE Linux system simply on basis of absence of specific mention in the article is rude and condescending. I say this as a dedicated Debian user that has had little use for RH products over the years. Regardless, I have a great deal of respect for the effort that the people at RH have put into the improvement of Linux and Open Source Software in general.
An open request for system compromise is, of course, a PR broadside as well as system test. As a businessman as well as nerd, I appreciate this--you can't survive in modern business without this sort of PR stunt. On the other hand, leaving a beta of thier system open and inviting every scriptkiddie/blackhat/cracklibwieldingfuckwit etc. ad nauseum to try and break it CAN'T hurt the system's overall security one bit.
Although many of you may not approve, this is both good PR and good policy.
Don't be an ass. I detect a bit of a chip on your shoulder, perhaps some of the knee-jerk "RH is for noobs, all of these kids should be using Slakware compiled totally from source," sort of attitude.
...oh wait, this is /. .....please excuse me while I take the hook out of my cheek.
Quite the contrary. In a perfect world a box would be capable of withstanding attack regardless of its configuration post-install. However, the moment an admin installs a bit of needed software for the environment in which he works, he is responsible for that software's influence on the box, particularly if the source code is freely available and user-patchable. Many of the PHP apps that are floating around and in common use are an excellent example: PHPNuke is frequently used, and is also as full of holes as a T-shirt that's been attacked with a 12-gauge. PHPMyAdmin in another excellent example of a useful, widely deployed program that can be VERY easily compromised.
Distro developers like RH CANNOT be expected to code thier distros to cover situations like this: the sysadmin has to take responsibility for thier actions. Period.
This is a viable point, but one that I tried to address in my parent post; perhaps I was not clear:
My impression is that some of the skilled white-hat types would see this as an interesting challenge, and would attempt to use/code the same sort of exploits that a nefarious user would employ. It is pure assumption on my part that this would be the case, but I think that it is also a reasonable assumption.
In any case, this sort of testing can't hurt, and stands a good chance of showing the RH developers holes that they would have otherwise overlooked, whether they are canned or specially coded.
This, IMHO, is smart policy. What better way to find the holes in a distro than to co-opt the people most capable of exploiting them? Even at worst this will give the folks at RH a good idea of what exploits are going to be most frequently used against thier systems.
Of course, the security of any system is dependant upon the admin and how he/she configures the software used on the system, but this at least will help to establish a baseline from which to work, and provides full disclosure of any inherent system vulnerabilities to the admins that work with the system.
...as an added bonus, this /. post will see how the system might stand up to a major bandwidth spike....
That's not entirely true: you can use the Database Splitter in Access to dump your backend to a seperate file, which can be stored on a server that multiple front-end clients connect to. This isn't a viable way of doing things for more than 10-20 odd users at once, but for a small office situation where you can (more or less) trust your users, it works just fine.
5.1--nice.....that os must look like a pair of 15 year-old overalls.
I concur with laird. I learned BASIC on the Apple II+ and C64 way back when, and then left off programming around 1987. I picked it back up again in 2000, and started learning Perl. It took me forever to get over the idea that a program should have line numbers to function correctly, among other brain-damaged ideas.
Have mercy on the kid, and keep him away from BASIC at all costs.
Nah...we'll just stick 'em in a room with a bunch of terminals and hope that we get some new Shakespeare out of the deal.
Why do geeky/nerdy types enjoy that crap? Escapism maybe? Cute, Boo-Boo type pathetic characters they can identify with? Who cares. It makes them happy, much like a balloon makes my 3-year-old happy.
This astute critcism brought to you by a guy who has a hardcore midget porn site as his URL....obviously he's a paragon of taste and class.
Good question. The answer is both.
And what material was this? Written by whom? Had it been subjected to proper peer review and vetting? I highly doubt it.
Although I concur that population is the single most important environmental issue that we currently face, I think that you need to reasses a few of your views:
The activists will go on whining about SUV's and western per capita energy consumption because it's a lot more fun to point the finger at wealthy people than it is to accuse the third world of overpopulation.
On the contrary, environmental activists (a group in which I include myself), many of whom are quite well-to-do, find profligate consumption of energy, water, and other consumables to be a Bad Thing because our current levels of consumption and exploitation (at least here in the United States) are unsustainable over the long term. Even if global warming is a scam, or even if the oil companies are really a bunch of swell guys that have the public's best interests at heart, we Americans can't keep consuming everything in sight like a swarm of locusts, because before long we are going to be obliged to pay an ecological bill that we won't be able to afford. The easiest way to keep the tab down is to stop eating, burning, buying, drinking, driving, and generally consuming the living hell out of everything. A little moderation is the difference between a mess that is ugly but manageable, and one that is catastrophic.
Your prior scree about oil companies can be forgiven since you point this out.
If you honestly think that big oil isn't giving the shaft to the lot of us as well as our lovely little planet, you're not paying attention.
It is most certainly worthy of rational concern. At current population levels, it would not be possible to provide a European Standard of living (~$12,500 US per capita per year) to the entire population into the indefinite future. In order to provide this standard of living in an indefinitely sustainable fashion, world population would need to stabilize at ~2.2 billion, a number much lower than our current population.
Of course, equal distribution of resources to everyone on the planet is probably never going to happen. However, if the population continues to increase, even marginally, the is no chance of most of this world's people living in anything but the most abject sort of poverty.