The distro that doesn't get in your way doesn't try to do things for you. It just does what you tell it.
... and has a horribly obsolete system of init scripts, and lets you leave the remains of packages installed from source tarballs all over your system;)
Actually, I got hooked on linux with slackware but shy away from it now. Recently installed 7.0 to take a peek and see what's new, and found... new packages! Nothing really new in the base install, etc. And pkgtool is, hrm, rather broken imho. I like RPM, but what I like even more is BSD's ports collections. As easy as 'cd/usr/ports/category/appname;make;make install'. Just 'make deinstall' to wipe it out. Always compiled from source, too unlike most RPMs (SRPM's excluded).
The government has never really been too "security-conscious" as far as I'm concerned.. just look at all the breakins that government agency websites have experienced in the past, and still experience - or the breakins that were publicized at least.. who knows how many more systems were just cracked into.
Seems they're thinking with their wallet and not their heads. They don't see a need to hire professionals to secure and monitor their network because they assume it's already secure. Wouldn't also surprise me if they thought the threat of prosecution were enough to keep crackers out. That's just plain stupid.
How much does it cost to install IDS systems on networks that should be secure (or any network, for that matter?). And a few paid professionals? You're trusting these people with your data. Social security numbers, tax records, etc. and they have little security at best. --
I've seen it happen on more than one occasion. MAPS never checks to see if the complaint is valid, they just take the complaint at face-value, and add the "offending party" to the list.
You wouldn't believe how many stories I've heard from people saying "Vixie is a fascist pig" and other wonderful comments. Interestingly, they have the same view that you do, that anyone can fake spam and be added. All additions to the RBL are confirmed, attempted contact with the offending parties is made, and only after there is (1) no contact with the originators of the junkmail or (2) the originators of the mail refuse to change their policies will they be added.
ORBS is *much* less stringent about who gets on the list. In fact, I no longer use ORBS because of the number of legitimate emails that were blocked by supposedly "open" relays. But I do trust MAPS' RBL due to the difficulty of getting in the list. It isn't extremely easy to get in the RBL, and that's the point. --
If RedHat had numbered it's releases the same way Slakware used to, they'd still be on version 3.x or 4.x.
That's exactly the problem, IMHO.. Look at some other distributions and operating systems, and you'll see that they don't need artifically inflated version numbers - Debian is still 2.x, FreeBSD is still 3.x, as is OpenBSD.. and none of these seem to have problems with users wanting a higher version number, from what I see.:) --
The bsd-style init is also considered one of the main disadvantages of slackware - sysvinit is usually considered much more versatile and easy to use (once you get the hang of it). Also, does anyone know if slack v7 ever fixed the glibc/libc5 compatibility issues? AFAIK the last version had minimal glibc support and most system binaries were still libc5.. not necessarily streamlined for a modern Linux distro. --
the new release will become version 10? I mean, after all, this is a significant change, and slack needs the upper hand on the other distributions;) (if you don't understand, go here.) --
I'm not really surpirsed at all by this... remember, we're talking about a country that's been fairly shut-off from the world for years, and the Internet is wide-open for people to share stories, ideas, secrets, opinions, etc. which might be anti-Communism and anti-government - and last I checked, this wasn't really looked upon very well in Communist contries;)
While government regulation/limitation/control may be protested in the U.S., it's almost the norm for many other countries such as China and Cuba. At least in the U.S. we give slanderous and hateful idiots the first amendment to try to hide behind. =P
1 - Napster owns the servers that the client uses. Period. They provide the servers for use by the client. Any unauthorized client using the servers is just that - unauthorized. This is exactly the same as someone relaying mail through your server that you do not authorize, and they should be equally free to do whatever they wish to make sure that only authorized clients use their servers.
There's really two meanings to the word "client" - one could be a user, connecting to the server or service; the other could be the software of the user, which connects the user to the server/service. AFAIK, the Napster servers are open to anyone who has the required software, whether it's made by Napster or by a third party. Restricting users to one specific client would be a BadThing, IMHO.. let's take IRC for example: all necessary security measures are built into the server so any client's software can connect to the server. I've yet to see an IRC server that says "You must use the XYZ IRC client here or you will be banned!" - that would be ridiculous. Likewise, ICQ seems to have no problems with third-party clients (licq, micq, etc.) connecting to their service - in fact, makers of these clients prove that ICQ's "security features" are lacking. Requiring a user's authorization to be added to their ICQ list, etc. is all client-side security.
Yes, Napster owns the servers, but I disagree with the comparison to mail relaying. In this case, the issue isn't the clients (as in users), its the client's software. (hope that makes sense, it's getting late here:) If the software makers are willing to port their software to different platforms, more power to them.. they must remember, though, that if unencrypted communication is made over any network interface, the protocols won't be "secret" for long;) ----------------- 2 - The service is provided without charge to the user. The client is provided without charge to the user. This does not == free, and it does not == public domain. The 'rights' of the users are just that of any other service - use it, enjoy it, if you don't like it, well... in so many words, shove it. I have yet to see someone build a free public domain server architecture and client to do the same, and when they do I hope that all of you will support it with gusto. Until then, you frankly have nothing to complain about. I don't see what is so wrong with using the client provided to you, and if you want to build your own and your own backend and open source it, more power to you.
I definitely appreciate the free services that people provide online, but sharing protocols used by services was a precedent set long, long ago - I personally believe it's a good precedent, as it allows developers to create clients for all platforms. If there was a Napster protocol published, there more than likely would have been a *NIX client quite some time ago. Unfortunately, publishing the protocol would reveal weaknesses only known by the developers of the software(and curious hackers - "hackers" as in those who reverse-engineered the software or sniffed the traffic from the software, NOT crackers). Not to put down Napster, but he more than likely knew there was little server-side security, and quite frankly, didn't want to let the cat out of the bag. This is a bad precedent to set, as any malicious kiddie with half of a brain could probably construct a client that would reveal all sorts of interesting information (hostnames/IPs, passwords, etc). This is why the open source movement has so much momentum - it (usually) creates better, more secure products; and believe me, I want my software to be secure with the number of script kiddies running around these days. ----------------- These are just my opinions on this matter, and they really don't matter one bit:) --
Yes, it does "protect" the user somewhat, but if someone was to get the file from the user, I'm assuming that there's a direct connection to their machine (assuming, because: 1. downloading through a central server would be illogical and 2. the napster setup under 'doze requires direct access to the machine on at least one port for data transmission, as documented in firewall setup). When this direct connection is requested/established, there is all sorts of diagnostic software ('netstat' included) that can tell you the remote peer's IP. --
never, apparently. Didn't ICQ teach us that putting 'security' in the client was pointless? Come on, whining because someone released information detailing the protocol(s) used is pathetic. Security through obscurity, client side security, whatever you want to call it.. developers need to understand the plus side of the open source movement, as they will have problems pointed out (and usually solutions presented) by people who care, rather than having the problems unknowingly exploited by some script kiddies.
People seem so quick to hop on the lawsuit bandwagon when the words "reverse engineering" emerge, but think.. Using tcpdump (or similar utilities), I can see what's being transmitted, and work from there. Thinking that your protocols will be kept secret by not releasing source doesn't make sense.
(a bit offtopic) I'm reminded of one software reviewer's criticism against a windows "firewall" product called "Lockdown 2000". The creators of the product encrypted the executable, but they forgot that it was decrypted and loaded into memory.. just examine the memory with a utility and.. you get the idea. The company later threatened to sue the software reviewer for "cracking" their software (more than likely, fueled by the fact that the software blatantly lied about what it was "protecting" against, which was basically nil).
Let's just remember, something like napster obviously uses networking to communicate.. and as far as I know, sniffing your own system is perfectly legal.
1. it's rather nice not to have to wait [weeks,months,years] for m$ to release buggy patches, considering patches for *NIX are usually out within minutes or hours of a discovered vulnerability. 2. these exploits depend on the distribution/variant of your *NIX OS.. (some kiddie's 'redhat exploit-o-matic' probably won't work on a debian box, now will it.. same goes for *BSD variants) 3. the exploited software for most windows problems is integrated into the system ("what happens when we delete this IE dll.." *crash*).. with *NIX, say if crontab irks you, just disable it. no problem there.
of course, every user should stay up-to-date with their os's and third-party-software's latest bugs, fix them immediately, and rest easy knowing if you used a m$ product you would still be waiting for the official patches:D
From what I understood, there were two "essential" parts to this exploit: getting regular user access to execute a cron job, and the easily available crond exploit. Honestly, had it not been for PCWeek's unaudited CGI script, he would have never been able to execute the crond attack. And what's this BS about not installing the updates from RedHat? It would have taken them 10-15 minutes, compared to ~45 minutes installing NT service packs. Administrator stupidity does not make one O/S inherently less secure than another. It's that simple.
Apple would love for you to believe that floppy disks are dead; the only reason they removed the drive in the iMac was to "go out on a limb", so to speak.. they wanted to make a statement that their computer was new, state of the art, and didn't need a piece of equipment that's been around for so long.
Personally, if I owned an iMac (I'd rather not waste my money), I would spring for an Imation SuperDisk drive.. I absolutely love the things, considering they're also backwards-compatible with old 1.44MB floppies.
Back to the isue at hand, without a floppy drive (and without a cd burner or any other writable device), an iMac user is kinda screwed if they want to take data from one machine to another (if both aren't networked in some way). Sure, there are ZIP and JAZ drives, but how many people actually own these? Would you rather give someone a $20 high-capacity disk, or a few $.15 floppies? Burning a CD or giving away a large-capacity disk for 1-2 small files is simply wasteful, and most people can't afford to do it. --
You probably don't realize that this is important to many people, due to the fact that many actually read the comments... Unless, of course, you want Slashdot to go into the shitter like USENET pretty much has.
Not to be an asshole, but you seem unappreciative.. Rob's been working like a madman to keep a certain degree of sanity in the comments section, and he really deserves more appreciation and praise for this. I think it's great someone gives their time (and gave their resources, at least before the andover deal;) to something as wonderful as Slashdot.. all for the community.
I believe that there is no way these will sell for $50 - go look at the price of an 18GB hard drive.. don't you think this company wants to make money too? It's illogical to sell at this price when they could easily sell for $375-$400 (or more) and still make a killing. Believe it or not, most people would throw in the extra cash for all that space. Why sell for a lower price when you can increase prices to make more money? Common business sense.
Another thing that concerns me: The data-access time for the new storage technology is predicted to be around 100 Mbps.
100megabits? 100megabytes? The latter I might spring for, but as far as I know, that would be correctly abbreviated 100MBps.
I'm still skeptical considering all the "new technology" that never made it past the prototype stage...
But when people take domain names like disney.com or intel.com or something that obvious, I think they shouldn't get shit.
I agree, as long as the person registered it only with the intent of selling it later, slandering the company, etc. In the case of a "common name", big companies with their million-dollar lawyers shouldn't be allowed to force an individual into giving up the domain name. I am reminded of the ty.com struggle between Ty (maker of stuffed toys, esp. beanie babies) and a computer programmer who bought the domain name resembling the name of his son, Ty. The individual owned the domain for years before Ty (toy company) discovered the Internet, and when they decided to use that domain name, the individual was ordered to give it up or show up in court. Unfortunately, the individual could not afford court costs, and had to relinquish control of the domain name.
Someone earlier mentioned the "bully in the schoolyard" metaphor, and I agree with them 100%. To sum it up: domain squatters are stupid and annoying, but large companies abuse their power to the extent of wanting to own specific rights to a common word. Go, capitalism!
These questions are legit, and I'd just -love- to see them answered. Some of my comments follow. ----------------------------
What is your definition of "hacking"? Are you a "hacker" according to your definition?
Do you write code or just download the pre-made scripts of others to do your "evil deeds"? If you do code, what kind of code do you write? (Languages, experience, etc.)
How do you feel about the stigma the media and "script kiddie" websites (such as AntiOnline, 2600, etc.) have put on the true definition of a "hacker"? Is a real hacker no longer a skilled coder and geek, but only someone with evil and malicious intentions?
---------------------------- ...and a few comments
From what I've seen on websites, television, and interviews, this kid is not a hacker, but an immature 18-year-old who is starved for attention. So what if he has his own Linux box? I know several people who do, and they couldn't code a "Hello world" program if their lives depended on it. I haven't seen any proof that this kid can code, let alone understand code.
Also, what is this doing on Slashdot? This is something that belongs on 2600 or rootshell. Something like this could make Slashdot look like an "Evil crackers hangout", not something I'd want to be associated with.
ICQ has almost -no- server-side security. The only real security is the user authentication for receiving events, and possibly for invisible users.
ICQ has not released any "official" protocol, which was probably originally out of fear that security flaws might be discovered and third party clients would be made. All network communication could be seen without reverse-engineering, and third party clients did come out (along with security "flaws", i.e. lack of security).
Obviously, ICQ was not designed with the user's security in mind. Remember the password buffer overflow on the server? At least they fixed that within a day.. Quite simply, a secure client and insecure server is outrageously stupid if you don't restrict access to your official clients only.
Saying something like this PROVES that BO is abused by people... sure, it could be a legitimate "remote administration utility", but when I hear this, I'm reminded of the millions of script kiddies rejoicing at Defcon when it was released.
The only "obvious" weakness in Windows (95/98) is the lack of powers per user (i.e., everyone has administrative power). In my opinion, the only thing BO ever exploited was user stupidity.
On another note, adding "open source all the way" makes me sick. This is NOT what open source was made for.. script kiddies copying/compiling/running lame little backdoors and explioits. Yes, I support full disclosure with security issues, but you're looking at open source from the wrong perspective.
I'm sure your school's lab admin would really appreciate this. If you were caught, you'd probably get expelled.
This reminds me of how NT and UNIX admins differ in their views on security.. So many times I see NT admins always using administrative logins to do stupid, simple things - including downloading/installing third-party software, even when much of the software did NOT need the installer to have administrative privileges.
When dealing with a UNIX admin, however, I notice that they almost always use their non-root account for installing, and only 'su' to do one task.
While most O/S's deal with how to differentiate between a uid0/administrative account and a lowerlevel/user account, the user has the reponsibility for using this. Unfortunately, most home users' operating systems do not support a true multiuser envorinment. (e.g. windoze 95/98 - everyone has administrative power)
This one's quite simple, BO was _not_ the first trojan for Windoze - they just got so much fame because CDC released it at Defcon, to get the "ooh"'s and "aah"'s from the script kiddies and the wanna-be hacker community.
I'm sure if you look hard enough, you'll find older trojans that were released long before BO was a twinkle in CDC's eyes. PC-Anywhere has been around for quite some time, and it's a remote-administration tool - if someone's tricked into setting it up, their computer can be controlled remotely. That's all there is to it.
BO is not a security flaw in m$ windoze, as they claim it is. A trojan can be written for BSD, or Linux, or any other OS for that matter. User stupidity (running a trojan) isn't the operating system's fault.
Slashdot Mirror
FYI the slashdot post was here and the article it pointed to is here.
--
<offtopic anti-slackware rant mode>
The distro that doesn't get in your way doesn't try to do things for you. It just does what you tell it.
... and has a horribly obsolete system of init scripts, and lets you leave the remains of packages installed from source tarballs all over your system ;)
Actually, I got hooked on linux with slackware but shy away from it now. Recently installed 7.0 to take a peek and see what's new, and found... new packages! Nothing really new in the base install, etc. And pkgtool is, hrm, rather broken imho. I like RPM, but what I like even more is BSD's ports collections. As easy as 'cd /usr/ports/category/appname;make;make install'. Just 'make deinstall' to wipe it out. Always compiled from source, too unlike most RPMs (SRPM's excluded).
Anyway, just my $0.02 on the distro wars...
--
The government has never really been too "security-conscious" as far as I'm concerned.. just look at all the breakins that government agency websites have experienced in the past, and still experience - or the breakins that were publicized at least.. who knows how many more systems were just cracked into.
Seems they're thinking with their wallet and not their heads. They don't see a need to hire professionals to secure and monitor their network because they assume it's already secure. Wouldn't also surprise me if they thought the threat of prosecution were enough to keep crackers out. That's just plain stupid.
How much does it cost to install IDS systems on networks that should be secure (or any network, for that matter?). And a few paid professionals? You're trusting these people with your data. Social security numbers, tax records, etc. and they have little security at best.
--
http://blort.org/cuecat/
Happily accepting corrections and additions. :)
--
... or you could be like redhat/mandrake/slackware/others and artifically inflate your version numbers.
--
I've seen it happen on more than one occasion. MAPS never checks to see if the complaint is valid, they just take the complaint at face-value, and add the "offending party" to the list.
You wouldn't believe how many stories I've heard from people saying "Vixie is a fascist pig" and other wonderful comments. Interestingly, they have the same view that you do, that anyone can fake spam and be added. All additions to the RBL are confirmed, attempted contact with the offending parties is made, and only after there is (1) no contact with the originators of the junkmail or (2) the originators of the mail refuse to change their policies will they be added.
ORBS is *much* less stringent about who gets on the list. In fact, I no longer use ORBS because of the number of legitimate emails that were blocked by supposedly "open" relays. But I do trust MAPS' RBL due to the difficulty of getting in the list. It isn't extremely easy to get in the RBL, and that's the point.
--
That's exactly the problem, IMHO.. Look at some other distributions and operating systems, and you'll see that they don't need artifically inflated version numbers - Debian is still 2.x, FreeBSD is still 3.x, as is OpenBSD.. and none of these seem to have problems with users wanting a higher version number, from what I see. :)
--
The bsd-style init is also considered one of the main disadvantages of slackware - sysvinit is usually considered much more versatile and easy to use (once you get the hang of it). Also, does anyone know if slack v7 ever fixed the glibc/libc5 compatibility issues? AFAIK the last version had minimal glibc support and most system binaries were still libc5.. not necessarily streamlined for a modern Linux distro.
--
the new release will become version 10? I mean, after all, this is a significant change, and slack needs the upper hand on the other distributions ;) (if you don't understand, go here.)
--
I'm not really surpirsed at all by this... remember, we're talking about a country that's been fairly shut-off from the world for years, and the Internet is wide-open for people to share stories, ideas, secrets, opinions, etc. which might be anti-Communism and anti-government - and last I checked, this wasn't really looked upon very well in Communist contries ;)
While government regulation/limitation/control may be protested in the U.S., it's almost the norm for many other countries such as China and Cuba. At least in the U.S. we give slanderous and hateful idiots the first amendment to try to hide behind. =P
-k
--
1 - Napster owns the servers that the client uses. Period. They provide the servers for use by the client. Any unauthorized client using the servers is just that - unauthorized. This is exactly the same as someone relaying mail through your server that you do not authorize, and they should be equally free to do whatever they wish to make sure that only authorized clients use their servers.
:) If the software makers are willing to port their software to different platforms, more power to them.. they must remember, though, that if unencrypted communication is made over any network interface, the protocols won't be "secret" for long ;)
:)
There's really two meanings to the word "client" - one could be a user, connecting to the server or service; the other could be the software of the user, which connects the user to the server/service. AFAIK, the Napster servers are open to anyone who has the required software, whether it's made by Napster or by a third party. Restricting users to one specific client would be a BadThing, IMHO.. let's take IRC for example: all necessary security measures are built into the server so any client's software can connect to the server. I've yet to see an IRC server that says "You must use the XYZ IRC client here or you will be banned!" - that would be ridiculous. Likewise, ICQ seems to have no problems with third-party clients (licq, micq, etc.) connecting to their service - in fact, makers of these clients prove that ICQ's "security features" are lacking. Requiring a user's authorization to be added to their ICQ list, etc. is all client-side security.
Yes, Napster owns the servers, but I disagree with the comparison to mail relaying. In this case, the issue isn't the clients (as in users), its the client's software. (hope that makes sense, it's getting late here
-----------------
2 - The service is provided without charge to the user. The client is provided without charge to the user. This does not == free, and it does not == public domain. The 'rights' of the users are just that of any other service - use it, enjoy it, if you don't like it, well... in so many words, shove it. I have yet to see someone build a free public domain server architecture and client to do the same, and when they do I hope that all of you will support it with gusto. Until then, you frankly have nothing to complain about. I don't see what is so wrong with using the client provided to you, and if you want to build your own and your own backend and open source it, more power to you.
I definitely appreciate the free services that people provide online, but sharing protocols used by services was a precedent set long, long ago - I personally believe it's a good precedent, as it allows developers to create clients for all platforms. If there was a Napster protocol published, there more than likely would have been a *NIX client quite some time ago. Unfortunately, publishing the protocol would reveal weaknesses only known by the developers of the software(and curious hackers - "hackers" as in those who reverse-engineered the software or sniffed the traffic from the software, NOT crackers). Not to put down Napster, but he more than likely knew there was little server-side security, and quite frankly, didn't want to let the cat out of the bag. This is a bad precedent to set, as any malicious kiddie with half of a brain could probably construct a client that would reveal all sorts of interesting information (hostnames/IPs, passwords, etc). This is why the open source movement has so much momentum - it (usually) creates better, more secure products; and believe me, I want my software to be secure with the number of script kiddies running around these days.
-----------------
These are just my opinions on this matter, and they really don't matter one bit
--
Yes, it does "protect" the user somewhat, but if someone was to get the file from the user, I'm assuming that there's a direct connection to their machine (assuming, because: 1. downloading through a central server would be illogical and 2. the napster setup under 'doze requires direct access to the machine on at least one port for data transmission, as documented in firewall setup). When this direct connection is requested/established, there is all sorts of diagnostic software ('netstat' included) that can tell you the remote peer's IP.
--
never, apparently. Didn't ICQ teach us that putting 'security' in the client was pointless? Come on, whining because someone released information detailing the protocol(s) used is pathetic. Security through obscurity, client side security, whatever you want to call it.. developers need to understand the plus side of the open source movement, as they will have problems pointed out (and usually solutions presented) by people who care, rather than having the problems unknowingly exploited by some script kiddies.
People seem so quick to hop on the lawsuit bandwagon when the words "reverse engineering" emerge, but think.. Using tcpdump (or similar utilities), I can see what's being transmitted, and work from there. Thinking that your protocols will be kept secret by not releasing source doesn't make sense.
(a bit offtopic)
I'm reminded of one software reviewer's criticism against a windows "firewall" product called "Lockdown 2000". The creators of the product encrypted the executable, but they forgot that it was decrypted and loaded into memory.. just examine the memory with a utility and.. you get the idea. The company later threatened to sue the software reviewer for "cracking" their software (more than likely, fueled by the fact that the software blatantly lied about what it was "protecting" against, which was basically nil).
Let's just remember, something like napster obviously uses networking to communicate.. and as far as I know, sniffing your own system is perfectly legal.
(just my $.02)
--
quick comments:
:D
1. it's rather nice not to have to wait [weeks,months,years] for m$ to release buggy patches, considering patches for *NIX are usually out within minutes or hours of a discovered vulnerability.
2. these exploits depend on the distribution/variant of your *NIX OS.. (some kiddie's 'redhat exploit-o-matic' probably won't work on a debian box, now will it.. same goes for *BSD variants)
3. the exploited software for most windows problems is integrated into the system ("what happens when we delete this IE dll.." *crash*).. with *NIX, say if crontab irks you, just disable it. no problem there.
of course, every user should stay up-to-date with their os's and third-party-software's latest bugs, fix them immediately, and rest easy knowing if you used a m$ product you would still be waiting for the official patches
-k
--
From what I understood, there were two "essential" parts to this exploit: getting regular user access to execute a cron job, and the easily available crond exploit. Honestly, had it not been for PCWeek's unaudited CGI script, he would have never been able to execute the crond attack.
And what's this BS about not installing the updates from RedHat? It would have taken them 10-15 minutes, compared to ~45 minutes installing NT service packs. Administrator stupidity does not make one O/S inherently less secure than another. It's that simple.
-- Kameron Gasso (kgasso@blort.org)
--
Apple would love for you to believe that floppy disks are dead; the only reason they removed the drive in the iMac was to "go out on a limb", so to speak.. they wanted to make a statement that their computer was new, state of the art, and didn't need a piece of equipment that's been around for so long.
Personally, if I owned an iMac (I'd rather not waste my money), I would spring for an Imation SuperDisk drive.. I absolutely love the things, considering they're also backwards-compatible with old 1.44MB floppies.
Back to the isue at hand, without a floppy drive (and without a cd burner or any other writable device), an iMac user is kinda screwed if they want to take data from one machine to another (if both aren't networked in some way). Sure, there are ZIP and JAZ drives, but how many people actually own these? Would you rather give someone a $20 high-capacity disk, or a few $.15 floppies? Burning a CD or giving away a large-capacity disk for 1-2 small files is simply wasteful, and most people can't afford to do it.
--
You probably don't realize that this is important to many people, due to the fact that many actually read the comments... Unless, of course, you want Slashdot to go into the shitter like USENET pretty much has.
;) to something as wonderful as Slashdot.. all for the community.
Not to be an asshole, but you seem unappreciative.. Rob's been working like a madman to keep a certain degree of sanity in the comments section, and he really deserves more appreciation and praise for this. I think it's great someone gives their time (and gave their resources, at least before the andover deal
-K
--
I believe that there is no way these will sell for $50 - go look at the price of an 18GB hard drive.. don't you think this company wants to make money too? It's illogical to sell at this price when they could easily sell for $375-$400 (or more) and still make a killing. Believe it or not, most people would throw in the extra cash for all that space. Why sell for a lower price when you can increase prices to make more money? Common business sense.
Another thing that concerns me:
The data-access time for the new storage technology is predicted to be around 100 Mbps.
100megabits? 100megabytes? The latter I might spring for, but as far as I know, that would be correctly abbreviated 100MBps.
I'm still skeptical considering all the "new technology" that never made it past the prototype stage...
-K
--
But when people take domain names like disney.com or intel.com or something that obvious, I think they shouldn't get shit.
I agree, as long as the person registered it only with the intent of selling it later, slandering the company, etc. In the case of a "common name", big companies with their million-dollar lawyers shouldn't be allowed to force an individual into giving up the domain name. I am reminded of the ty.com struggle between Ty (maker of stuffed toys, esp. beanie babies) and a computer programmer who bought the domain name resembling the name of his son, Ty. The individual owned the domain for years before Ty (toy company) discovered the Internet, and when they decided to use that domain name, the individual was ordered to give it up or show up in court. Unfortunately, the individual could not afford court costs, and had to relinquish control of the domain name.
Someone earlier mentioned the "bully in the schoolyard" metaphor, and I agree with them 100%. To sum it up: domain squatters are stupid and annoying, but large companies abuse their power to the extent of wanting to own specific rights to a common word. Go, capitalism!
-K
--
These questions are legit, and I'd just -love- to see them answered. Some of my comments follow.
----------------------------
What is your definition of "hacking"? Are you a "hacker" according to your definition?
Do you write code or just download the pre-made scripts of others to do your "evil deeds"? If you do code, what kind of code do you write? (Languages, experience, etc.)
How do you feel about the stigma the media and "script kiddie" websites (such as AntiOnline, 2600, etc.) have put on the true definition of a "hacker"? Is a real hacker no longer a skilled coder and geek, but only someone with evil and malicious intentions?
----------------------------
...and a few comments
From what I've seen on websites, television, and interviews, this kid is not a hacker, but an immature 18-year-old who is starved for attention. So what if he has his own Linux box? I know several people who do, and they couldn't code a "Hello world" program if their lives depended on it. I haven't seen any proof that this kid can code, let alone understand code.
Also, what is this doing on Slashdot? This is something that belongs on 2600 or rootshell. Something like this could make Slashdot look like an "Evil crackers hangout", not something I'd want to be associated with.
That's my $.02, take it or leave it.
-K
ICQ has almost -no- server-side security. The only real security is the user authentication for receiving events, and possibly for invisible users.
ICQ has not released any "official" protocol, which was probably originally out of fear that security flaws might be discovered and third party clients would be made. All network communication could be seen without reverse-engineering, and third party clients did come out (along with security "flaws", i.e. lack of security).
Obviously, ICQ was not designed with the user's security in mind. Remember the password buffer overflow on the server? At least they fixed that within a day.. Quite simply, a secure client and insecure server is outrageously stupid if you don't restrict access to your official clients only.
...and that's my $.02
-K
Saying something like this PROVES that BO is abused by people... sure, it could be a legitimate "remote administration utility", but when I hear this, I'm reminded of the millions of script kiddies rejoicing at Defcon when it was released.
The only "obvious" weakness in Windows (95/98) is the lack of powers per user (i.e., everyone has administrative power). In my opinion, the only thing BO ever exploited was user stupidity.
On another note, adding "open source all the way" makes me sick. This is NOT what open source was made for.. script kiddies copying/compiling/running lame little backdoors and explioits. Yes, I support full disclosure with security issues, but you're looking at open source from the wrong perspective.
I'm sure your school's lab admin would really appreciate this. If you were caught, you'd probably get expelled.
Have a nice day.
This reminds me of how NT and UNIX admins differ in their views on security.. So many times I see NT admins always using administrative logins to do stupid, simple things - including downloading/installing third-party software, even when much of the software did NOT need the installer to have administrative privileges.
When dealing with a UNIX admin, however, I notice that they almost always use their non-root account for installing, and only 'su' to do one task.
While most O/S's deal with how to differentiate between a uid0/administrative account and a lowerlevel/user account, the user has the reponsibility for using this. Unfortunately, most home users' operating systems do not support a true multiuser envorinment. (e.g. windoze 95/98 - everyone has administrative power)
-k
This one's quite simple, BO was _not_ the first trojan for Windoze - they just got so much fame because CDC released it at Defcon, to get the "ooh"'s and "aah"'s from the script kiddies and the wanna-be hacker community.
I'm sure if you look hard enough, you'll find older trojans that were released long before BO was a twinkle in CDC's eyes. PC-Anywhere has been around for quite some time, and it's a remote-administration tool - if someone's tricked into setting it up, their computer can be controlled remotely. That's all there is to it.
BO is not a security flaw in m$ windoze, as they claim it is. A trojan can be written for BSD, or Linux, or any other OS for that matter. User stupidity (running a trojan) isn't the operating system's fault.
That's my $.02
at least they tried.. maybe if they got some people dancing in colorful static suits :)