The take on this story SHOULD be that it's possible to have a small company choose embedded Linux to deploy innovative and interesting applications on. We could have chosen Windows Mobile, of course, but Linux was technically the better choice. That's the important part here. Open Source tools get you to market faster and cheaper.
Because there's a lot of boring work that has to go into something like this, which means Immunity has to pay someone to do it, hence, we have to charge money to get it out the door.
Imagine buying a thousand cheese sandwhiches, adding a garnish, and shipping them to people all around the world. Not cheap! And you didn't have to do any advertising or hire people to answer phone calls from customers who don't know which hole a sandwhich goes into, document all the parts of your sandwhich for people who like that sort of thing, or update your sandwhich every month with new exploits.
There's also a lot of really fun work to do here, which is why it's not costing you 100K and why it's getting done at all from a company without VC funding.
Let's face it though, typing RHOST=192.168.0.1 into a Zaurus isn't exactly user-friendly even if you got more than 30 minutes of wireless time out of the Zaurus battery.:>
Last I checked we have 5 DoS's. But it's not quantity with something like this, it's quality. You need one really good Linksys exploit, no?:> Last time I checked CANVAS is the only product that has a Linksys overflow, but I'm happy to be proved wrong.
Functionality errors and UI issues mostly. In terms of security it's just a Linux on ARM with SSHD turned off. CANVAS itself is pure Python, so although there may be overflows in there somewhere, it's not going to be an every-day occurance.
The Nokia 770, the Sony Mylo, and the Trolltech Greenphone are just the start of how Linux + Wifi + mobile devices are going to change the world, imho. If you've done your development correctly you can do a LOT on these devices in very little time. It's the perfect thing for a small company or startup.
Mercury News is reporting that the Bush administration is asking search engines for portions on their databases. Google is apparantly going to trial to avoid handing their database over. Did MSN Search comply with the Federal order?
OpenOffice works fine for my company - no one seems to notice we're not using Word except that we seem to get things done much faster than people using Word. There are some great features in OpenOffice. For example, the way OpenOffice does mini-spreadsheets complete with auto-updating graphs right inside Writer is great.
Small companies just can't afford Office - and really have no need to. That extra 500 bucks a computer is used on....more computers, or god forbid, profitability.
We're not suffering from "naggling technical issues" whatever those are.:>
Exactly...if a simplistic approach worked, you'd be able to walk into any organization and install a Win2k SP0 box and use that as your desktop. Instead, if you install anything less than SP4+updates you'll be owned in minutes by some random malware roaming the corporate network. Try asking the network admins why there's still worms on the internal networks and they shrug their shoulders.
If you understand why they shrug their shoulders, you'll understand the serendipity we're trying to harness by building our own worms. I.E. This is something you just can't do in a simplistic way.
And obviously, telling everyone to install grsecurity is not plausible for large organizations, much as we'd all like it to be.
Mercury is a great game. You move a little blob around and solve puzzles. It sounds lame, but it's quite fun and engaging.
Rockstar's DUB driving game is great as well, even for people who don't like driving games. It's full of fun things like cops that try to chase you down, fun jumps, etc.
And in october, PSP will have GTA, so what's the problem now? Battery life is 5+ hours, which is enough to get you across the States. The PSP is perfect for the business traveler type, even if you sit in economy, like I do.
One great thing about it is the insta-boot. No matter where you are in a game, you just turn the thing off, and when you turn it back on, you're back where you were. It's useful for being able to play games on the go that have a longer cycle than 5 minutes.
Then again, aside from an enclave of crypies, academic information security research is a dry, lifeless world, without even a nice methane sea to liven things up.
How many truly hilarious papers have you seen where they "solve" the problem of stack overflows by making the compiler put every buffer on the heap?:>
Honestly, go get a better IDE. WingIDE makes Python programming a lot better. Those of us using Python are very happy for everyone else to be using C#. It makes us seem like demigods of productivity.
Dynamic typing is awesome. Introspection is awesome. Being able to read your friends' programs without having to run them through "indent" is awesome.
I guess as you get older you realize that 16 year olds have very little to offer. Most models are 16-20, and we still find them hot - on paper. In real life, you tend to want someone who's a bit more traveled. A 16 year old coming onto you in real life seems a bit like watching an 80's movie and still finding the effects really cool. Young chicks do some pretty funny things with make-up, and they tend to over-act. Innocence is great for a while, but us jaded older guys crave real deviance, and that takes a while to develop.
I'd hate to get graphic on you here, but a 25 year old chick is going to know a lot more about how to turn you on than a 16 year old, and you're going to be bored of cheerleader outfits and backseats by then. Realistically, what a 16 year old is usually missing is how to turn HERSELF on, but we'll leave that for aminaked.com, won't we?
Abstracted security roles are one of the biggest hilarities of academic "trusted" systems. The original Unix security model is actually genius. There is an OS that has the security model your looking for, and it's called Windows NT. But it has horrible security, because it is so impossibly complex, that everything runs as SYSTEM anyways.
What makes you think that an auditor that can READ everything can't somehow adjust their priviledges to real root in some way you haven't thought of?
Simplicity is key with security, and Unix has it. -dave
Python, pyGTK and Glade (and libglade) are exactly the answer to this. And they come installed and working great on the latest Linux distributions (i.e. since RH9 or so).
It's a lot easier to use (and learn) pyGTK than any of the expensive Windows tools. And for real development, your programs can look just as good with pyGTK as they can with any of the other toolkits.
My money is where my mouth is: www.immunitysec.com Dave Aitel Immunity, Inc.
Well, considering I've writen an entire Open Source DCE-RPC library (google "SPIKE aitel"), I can say I've had SOME experience with DCOM. DCOM sucks, but what sucks worse is no component model at all, which is what Unix has. To be fair, because Unix has no good component model, we have three bad ones - Mozilla's, KDE's, and Gnome's. None of which can talk to the other. None of which is really used except in their own environment. None of which has significant network capabilities, integrated authentication, or integrated encryption.
Completely correct. Unix's biggest weakness is a lack of DCOM and reusable software components. This is the problem Gnome was supposed to solve. There's a reason there's no visual basic for Unix - what's the point in having a scripting language that can't instantiate a web browser within it's window? You can write a complete game in DirectX using Visual Basic. You can't do that with Python/Shell/whatever because there's no COM.
There's no good remote management utilities in Unix because there's no DCOM. Sun had TOOLTALK back in the day, which was kinda along the right track, but Linux threw all that work out. People don't realize that we're way behind where it matters. And instead of standardizing on Python and making that our platform of choice so that we could built it the way it should be built, Novell wants us to do it in.Net!!! It's sad.
Does the new version automatically resize text so that your bullet points fit within a single page, the way PowerPoint does? This is missing in OpenOffice 1.1, and it's really annoying. I don't see a mention of it on their new features page.
Maybe it's the crappy OS you were trying to play the game on? Remember, the X-Box is running a version of Windows that's basically just a kernel without all that mucking around in userspace. This makes things a bit faster.:>
I especially loved moving around like someone in a wheelchair. Controlling a FPS game with that tiny joystick is great. It reminds me of the days when I played doom I with friends and we all used the keyboards (without the mouse), so we all basically sucked.
Ooh, it was great having that super-low resolution too. I mean, nothing is better than having a wheelchair-laden myopic space marine, battling what appear to be giant squirrels with plasma grenade after plasma grenade. I think the level designers had just finished playing Duke Nukem, and wanted to create a version of that, but without the cool sound effects and funny jokes.
For a real game, try UT2004 (on Linux, say). You can play against 16 people while speaking to them via your headset, and there's no yearly fee! Oh, also, you get to move like a non-disabled person.
Slashdot Mirror
The take on this story SHOULD be that it's possible to have a small company choose embedded Linux to deploy innovative and interesting applications on. We could have chosen Windows Mobile, of course, but Linux was technically the better choice. That's the important part here. Open Source tools get you to market faster and cheaper.
Because there's a lot of boring work that has to go into something like this, which means Immunity has to pay someone to do it, hence, we have to charge money to get it out the door.
Imagine buying a thousand cheese sandwhiches, adding a garnish, and shipping them to people all around the world. Not cheap! And you didn't have to do any advertising or hire people to answer phone calls from customers who don't know which hole a sandwhich goes into, document all the parts of your sandwhich for people who like that sort of thing, or update your sandwhich every month with new exploits.
There's also a lot of really fun work to do here, which is why it's not costing you 100K and why it's getting done at all from a company without VC funding.
Let's face it though, typing RHOST=192.168.0.1 into a Zaurus isn't exactly user-friendly even if you got more than 30 minutes of wireless time out of the Zaurus battery. :>
:> Last time I checked CANVAS is the only product that has a Linksys overflow, but I'm happy to be proved wrong.
Last I checked we have 5 DoS's. But it's not quantity with something like this, it's quality. You need one really good Linksys exploit, no?
-dave
Functionality errors and UI issues mostly. In terms of security it's just a Linux on ARM with SSHD turned off. CANVAS itself is pure Python, so although there may be overflows in there somewhere, it's not going to be an every-day occurance.
The Nokia 770, the Sony Mylo, and the Trolltech Greenphone are just the start of how Linux + Wifi + mobile devices are going to change the world, imho. If you've done your development correctly you can do a LOT on these devices in very little time. It's the perfect thing for a small company or startup.
-dave
Mercury News is reporting that the Bush administration is asking search engines for portions on their databases. Google is apparantly going to trial to avoid handing their database over. Did MSN Search comply with the Federal order?
OpenOffice works fine for my company - no one seems to notice we're not using Word except that we seem to get things done much faster than people using Word. There are some great features in OpenOffice. For example, the way OpenOffice does mini-spreadsheets complete with auto-updating graphs right inside Writer is great.
:>
Small companies just can't afford Office - and really have no need to. That extra 500 bucks a computer is used on....more computers, or god forbid, profitability.
We're not suffering from "naggling technical issues" whatever those are.
Exactly...if a simplistic approach worked, you'd be able to walk into any organization and install a Win2k SP0 box and use that as your desktop. Instead, if you install anything less than SP4+updates you'll be owned in minutes by some random malware roaming the corporate network. Try asking the network admins why there's still worms on the internal networks and they shrug their shoulders.
If you understand why they shrug their shoulders, you'll understand the serendipity we're trying to harness by building our own worms. I.E. This is something you just can't do in a simplistic way.
And obviously, telling everyone to install grsecurity is not plausible for large organizations, much as we'd all like it to be.
Yeah. Great book! And they also mentioned some rather weird theories on how VD's in humans made people more promiscuous, I believe... Neat, huh!
Not every funny joke is shameless pandering.
Hmm.
Dynasty Warriors is a good game.
Mercury is a great game. You move a little blob around and solve puzzles. It sounds lame, but it's quite fun and engaging.
Rockstar's DUB driving game is great as well, even for people who don't like driving games. It's full of fun things like cops that try to chase you down, fun jumps, etc.
And in october, PSP will have GTA, so what's the problem now? Battery life is 5+ hours, which is enough to get you across the States. The PSP is perfect for the business traveler type, even if you sit in economy, like I do.
One great thing about it is the insta-boot. No matter where you are in a game, you just turn the thing off, and when you turn it back on, you're back where you were. It's useful for being able to play games on the go that have a longer cycle than 5 minutes.
Then again, aside from an enclave of crypies, academic information security research is a dry, lifeless world, without even a nice methane sea to liven things up.
:>
How many truly hilarious papers have you seen where they "solve" the problem of stack overflows by making the compiler put every buffer on the heap?
-dave
Honestly, go get a better IDE. WingIDE makes Python programming a lot better. Those of us using Python are very happy for everyone else to be using C#. It makes us seem like demigods of productivity.
Dynamic typing is awesome. Introspection is awesome. Being able to read your friends' programs without having to run them through "indent" is awesome.
-dave
I guess as you get older you realize that 16 year olds have very little to offer. Most models are 16-20, and we still find them hot - on paper. In real life, you tend to want someone who's a bit more traveled. A 16 year old coming onto you in real life seems a bit like watching an 80's movie and still finding the effects really cool. Young chicks do some pretty funny things with make-up, and they tend to over-act. Innocence is great for a while, but us jaded older guys crave real deviance, and that takes a while to develop.
I'd hate to get graphic on you here, but a 25 year old chick is going to know a lot more about how to turn you on than a 16 year old, and you're going to be bored of cheerleader outfits and backseats by then. Realistically, what a 16 year old is usually missing is how to turn HERSELF on, but we'll leave that for aminaked.com, won't we?
-dave
A good drill is about extending your mind. Your mind decides it wants a wall with a hole in it, and the hole magically appears.
-dave
Hahahah. Why isn't this modded up? :>
-dave
Abstracted security roles are one of the biggest hilarities of academic "trusted" systems. The original Unix security model is actually genius. There is an OS that has the security model your looking for, and it's called Windows NT. But it has horrible security, because it is so impossibly complex, that everything runs as SYSTEM anyways.
What makes you think that an auditor that can READ everything can't somehow adjust their priviledges to real root in some way you haven't thought of?
Simplicity is key with security, and Unix has it.
-dave
Python, pyGTK and Glade (and libglade) are exactly the answer to this. And they come installed and working great on the latest Linux distributions (i.e. since RH9 or so).
It's a lot easier to use (and learn) pyGTK than any of the expensive Windows tools. And for real development, your programs can look just as good with pyGTK as they can with any of the other toolkits.
My money is where my mouth is: www.immunitysec.com
Dave Aitel
Immunity, Inc.
Well, considering I've writen an entire Open Source DCE-RPC library (google "SPIKE aitel"), I can say I've had SOME experience with DCOM. DCOM sucks, but what sucks worse is no component model at all, which is what Unix has. To be fair, because Unix has no good component model, we have three bad ones - Mozilla's, KDE's, and Gnome's. None of which can talk to the other. None of which is really used except in their own environment. None of which has significant network capabilities, integrated authentication, or integrated encryption.
-dave
Completely correct. Unix's biggest weakness is a lack of DCOM and reusable software components. This is the problem Gnome was supposed to solve. There's a reason there's no visual basic for Unix - what's the point in having a scripting language that can't instantiate a web browser within it's window? You can write a complete game in DirectX using Visual Basic. You can't do that with Python/Shell/whatever because there's no COM.
.Net!!! It's sad.
There's no good remote management utilities in Unix because there's no DCOM. Sun had TOOLTALK back in the day, which was kinda along the right track, but Linux threw all that work out. People don't realize that we're way behind where it matters. And instead of standardizing on Python and making that our platform of choice so that we could built it the way it should be built, Novell wants us to do it in
-dave
Does the new version automatically resize text so that your bullet points fit within a single page, the way PowerPoint does? This is missing in OpenOffice 1.1, and it's really annoying. I don't see a mention of it on their new features page.
Due to, ya know, quantum tunnelling and stuff, some of the atoms in your shorts are, kinda, in your mouth. So technically you already are.
-dave
Yeah. It was meant to be funny, but apparantly the mods hate me today. :>
Maybe it's the crappy OS you were trying to play the game on? Remember, the X-Box is running a version of Windows that's basically just a kernel without all that mucking around in userspace. This makes things a bit faster. :>
I especially loved moving around like someone in a wheelchair. Controlling a FPS game with that tiny joystick is great. It reminds me of the days when I played doom I with friends and we all used the keyboards (without the mouse), so we all basically sucked.
Ooh, it was great having that super-low resolution too. I mean, nothing is better than having a wheelchair-laden myopic space marine, battling what appear to be giant squirrels with plasma grenade after plasma grenade. I think the level designers had just finished playing Duke Nukem, and wanted to create a version of that, but without the cool sound effects and funny jokes.
For a real game, try UT2004 (on Linux, say). You can play against 16 people while speaking to them via your headset, and there's no yearly fee! Oh, also, you get to move like a non-disabled person.
I think it's dubious you worked there - @stake is around 120 people, and has been for some time, and it's Dan Geer, not Greer.
-dave