Please. This is like any other wrong / criminal act. It should have consequences. If you break into someone's house and steal, you go to jail. Why should it be any different for sensitive information contained on a computer system?
C'mon, this guy is talking about portscanning. Not credit card fraud. If the portscans are caused by virii, the authorities are already onto it. These are intrusion attempts.
If you're an admin, and a script kiddie can get all the credit card info on your site, you should be fired. If some kind of sophisticated attack takes place, sure send a letter to the appropriate ISP.
Furthermore, false reporting just clogs the legal system. I have a friend who got 6 months (reduced to community service on appeal) for trying to log on as root on a couple of.edu servers. Does the punishment really fit the crime?
Don't do anything. If you can see them in your logs, chances are they are just kids experimenting. They obviously have too much free time on their hands. Keep your sisters tight and learn from intrusion attempts but just let them play. No need to report it.
How else are they meant to learn? For a lot of geeky kids, this is their teen angst getting out. It's like the kids who steal your fruit from your fruit tree. It's an inconvienence, but they'll get over it eventually. And they'll develop an appreciation of fruit.
I used to be very security/network focused for a few of my highschool years. I grew out of it. Somehow life seems to get in the way.
I love people like you. Poor cliffy2000 was getting shit on, and he/she had no response (it's especially hard to think when being attacked, especially when it's in a seemingly correct way), and you come up with the goods.
By that I mean a well thought out argument that makes old mate cliffy in the right. Thank you pomakis.
Let's make it simple. Alice and Bob both love cookies; Charlene hates them but loves spinach for desert. They decide to hold an election to see what desert will be offered. Both Alice and Bob have read the parent comment and decided that, since the vote can't be split evenly (three people, after all), their votes must not count. They stay home from the polls. And bam! suddenly they're having spinach for desert -- even though a clear majority favors cookies.
You're obviously a spinach lover! How come out of all three, the spinach girl is the one who votes? If you are insisting that one person always votes, then it is more likely for them to get cookies! because there is a 66.66% chance of the right person voting.
I guess, what i'm really trying to say, is that unless the votes are rigged in some way, the most popular thing should win more times than not. regardless of how many people vote. Because the people not voting should be evenly distributed.
The problem is, there are very few messaging systems out there designed specifically for kernelspace-userspace communication.
How about making a dummy NFS server and serving the database that way? NFS is pretty portable too, which would avoid locking it into a particular OS.
my answer would to be to ground up a protocol (because I feel that a network messaging solution, i.e. TCP/IP, can't be secured well enough in the long run).
Just interested - what makes you say this? What is your reasoning? I just can't think of any reasons personally, so i'm assuming there is something i'm overlooking?
Would it be too much to ask whose code was it that had the vulnerability?
Yes.
I think it is time we started attributing vulnerabilities to the authors (just as we do with companies).
Yes, we do it to companies. Note that this is different from doing it to individuals inside companies. So you're basically wanting to punish open source authors for giving up their free time as opposed to being paid for what they do?
I'm sure that if a bug is found in a piece of code (say libpng) the author certainly knows who they are, and going to be more careful. Why is that not enough?
The open source movement should be about rewarding the efforts of others. It should be about pushing people up. What you're suggesting is akin to a lynching.
Furthermore, open source already has an inherit method of dealing with bugs! As soon as they are found, someone releases a patch! Who would of thought!
This would, IMO, backfire since a potential customer would see Linux as the more influential and therefore desirable IT tool.
Do you think the same thing has happened with wine? People know wine exists, so they think windows is more influential and develop for it? Are we shooting ourselves in the foot by creating wine?
What are the differences in the wine situation that make it okay to support another platform's API? Just curious...
I know this is kinda offtopic, but at one stage i was looking at making a p2p groupware solution using rendevouz for peer discovery all from my browser.
At this time, apple had not released a java version of rendevouz.
Anyone had any success in hooking into the java version of rendevouz from javascript (liveconnect) from within firefox/mozilla?
It would be a pretty good solution if we didn't need a server for anything except email.
It is important we explain why patents/DCMA style laws are an issue. Australia really only has 1) natural resources 2) tourism. Tourism changes really quickly with things like SARS, and is unpredictable. We have a high adoption of IT, it's one of the best areas for growth - why are we trying to stiffle innovation in that area?
Hopefully with enough emails, he'll at least have to address the issue publicly.
This would deliver the invistigative powers of the CIA into the hands of anyone who wants it... still a good idea?
I don't know about you, but i'd prefer for everyone to have this information availiable than just for the CIA. If noone could hide anything, then everyone would have less to fear.
The only reason for privacy is to let powerful people remain powerful. If noone had secrets, we'd be like a small town, and there would be a greater sense of trust and community.
What is the advantage to privacy?
Incidently, I am a privacy nut, but only because of fear of abuse. If everyone could spy on everyone, I wouldn't have anything to fear!
Remember back when we all thought that XML was going to achieve the semantic web by making good search engines unnecessary?
I don't know who we all are, but I for one never thought that. XML is and always has been, a data format. You always were going to need a set of tools to manipulate the dataformat and make it useful. What you are saying is akin to saying that books were going to eliminate library indexes! Yeah right.
Imagine two possible future worlds. In one, all servers require PK, appearing to have zero ports open, but really running potentially 100s of services behind that shield. In another world, all servers have exactly one port open: 22/ssh, which can gateway authenticated clients to any one of 100s of services that might be running.
There's no real difference between those worlds.
I'm sorry, but to me there is. SSH has been known to have bugs. You're giving attackers a known target. With port knocking, the only way to even have a target is to know a knock sequence. Subtle difference, but I think it's important to make the distinction.
You want both password/challenge AND port knocking so no active scanner detects your open ports.
I must admit that I haven't looked at the various port knocking implementations going around, as i've been too busy on other projects. However, I can't understand how an active scan could even detect ports open - the ports shouldn't even be opened! Why doesn't the port knocking daemon just open a raw socket in promiscuous mode? that way, noone on the outside would even know you have the scheme in place.
This is one part of extreme programming I like very much. The idea is to write the test cases before you write the software. That way, you're testing to specification, not implementation.
Even in the best case, automation scripts go out of date very quickly. And, running old scripts over and over again seldom finds any bugs.
To this I must respectfully disagree. In small(er) projects, it might be closer to the truth, but from my experience regression testing is vital. Regression testing is mainly useful when requirement specifications change, and features creep in. Someone will be hacking at code somewhere to add a feature, without thinking about the implications. From my experience, people are always touching old functions! I always mandate automated regression testing on every project i've worked on with more than 4 people on it.
On a side note, I think regression testing in open source projects is even more important! Open source projects are by their very nature, hackish. People are constantly rewriting functions to do what they never were intended to. I've love to see a good automated regression testing framework for new open source projects.
Yeah but one thing remains. Unless the remote site can get the user to install privledged chrome, a 'spoofed' firefox window won't be able to show your bookmarks toolbar/bookmarks menu.
Remote XUL simply can't access the bookmarks RDF source.
So I guess, what i'm saying is that if you can see your personal bookmarks toolbar, you're safe!
game on!
Powering a projector + dvd player?
on
Guerrilla Drive-Ins
·
· Score: 2, Interesting
Just curious, how would one go about powering a projector and dvd player outside? A car battery? how long would a projector work on a new car battery? You also need to power the sound system for 2hrs.
I'm a bit undecided on this concept. I love it as a principle of.+nix - I understand that each program generally does one task and this makes.+nix powerful.
But the problem seems to be with defining "one thing". What is one thing? Make calls? Recieve calls? Be my personal communications device?
So far, it seems to me that someone came up with this phrase "Do one thing and do it well." and it stuck, but noone really thought it through. It's kinda like the KISS - "Keep it simple stupid" principal, but less thought out.
if you mean 0.9.2, it's always worked fine for me. Maybe you need to delete your profile and start again - i've had profile problems with firefox a couple of times.
Apple should do the next step 100% with their iPod. No half PDA or half cellphone combos. Full working PDA/"Son of Newton" and a full blown iPod with a cellphone.
Apple isn't a stupid company. The PDA/cell phone market is already saturated. They would just be adding another competitor to an already saturated market. Creating a new cell phone isn't cheap. Apple doesn't like doing things in halves and the R&D cost for a new mobile phone would be huge.
This decision is effectively getting more clients for their music store for very little R&D cost. They are just leveraging their platform as THE solution for online/mobile music.
The GPL only kicks in when you DISTRIBUTE your modifications.
This interests me heaps. When are you actually distributing software? If I hack some GPL code into a settop box, and distribute the boxes, am i distributing the software?
You can keep them in-house all you want.
Or even more interestingly, what if I have an organisation. And to get my software, you have to join my organisation. do I have to give the source out to members of my organisation? Or is it still in-house? can i just make them make a new login and then give them the binary only?
Slashdot Mirror
C'mon, this guy is talking about portscanning. Not credit card fraud. If the portscans are caused by virii, the authorities are already onto it. These are intrusion attempts.
If you're an admin, and a script kiddie can get all the credit card info on your site, you should be fired. If some kind of sophisticated attack takes place, sure send a letter to the appropriate ISP.
Furthermore, false reporting just clogs the legal system. I have a friend who got 6 months (reduced to community service on appeal) for trying to log on as root on a couple of .edu servers. Does the punishment really fit the crime?
Don't do anything. If you can see them in your logs, chances are they are just kids experimenting. They obviously have too much free time on their hands. Keep your sisters tight and learn from intrusion attempts but just let them play. No need to report it.
How else are they meant to learn? For a lot of geeky kids, this is their teen angst getting out. It's like the kids who steal your fruit from your fruit tree. It's an inconvienence, but they'll get over it eventually. And they'll develop an appreciation of fruit.
I used to be very security/network focused for a few of my highschool years. I grew out of it. Somehow life seems to get in the way.
I love people like you. Poor cliffy2000 was getting shit on, and he/she had no response (it's especially hard to think when being attacked, especially when it's in a seemingly correct way), and you come up with the goods.
By that I mean a well thought out argument that makes old mate cliffy in the right. Thank you pomakis.
You're obviously a spinach lover! How come out of all three, the spinach girl is the one who votes? If you are insisting that one person always votes, then it is more likely for them to get cookies! because there is a 66.66% chance of the right person voting.
I guess, what i'm really trying to say, is that unless the votes are rigged in some way, the most popular thing should win more times than not. regardless of how many people vote. Because the people not voting should be evenly distributed.
Or maybe i'm just being bias towards cookies.
How about making a dummy NFS server and serving the database that way? NFS is pretty portable too, which would avoid locking it into a particular OS.
Just interested - what makes you say this? What is your reasoning? I just can't think of any reasons personally, so i'm assuming there is something i'm overlooking?
Yes.
I think it is time we started attributing vulnerabilities to the authors (just as we do with companies).Yes, we do it to companies. Note that this is different from doing it to individuals inside companies. So you're basically wanting to punish open source authors for giving up their free time as opposed to being paid for what they do?
I'm sure that if a bug is found in a piece of code (say libpng) the author certainly knows who they are, and going to be more careful. Why is that not enough?
The open source movement should be about rewarding the efforts of others. It should be about pushing people up. What you're suggesting is akin to a lynching.
Furthermore, open source already has an inherit method of dealing with bugs! As soon as they are found, someone releases a patch! Who would of thought!
that's value added for ya.
Do you think the same thing has happened with wine? People know wine exists, so they think windows is more influential and develop for it? Are we shooting ourselves in the foot by creating wine?
What are the differences in the wine situation that make it okay to support another platform's API? Just curious...
I know this is kinda offtopic, but at one stage i was looking at making a p2p groupware solution using rendevouz for peer discovery all from my browser.
At this time, apple had not released a java version of rendevouz.
Anyone had any success in hooking into the java version of rendevouz from javascript (liveconnect) from within firefox/mozilla?
It would be a pretty good solution if we didn't need a server for anything except email.
We really need to make this issue stand out to the pm.
email John Howard - http://www.pm.gov.au/email.cfm
It is important we explain why patents/DCMA style laws are an issue. Australia really only has 1) natural resources 2) tourism. Tourism changes really quickly with things like SARS, and is unpredictable. We have a high adoption of IT, it's one of the best areas for growth - why are we trying to stiffle innovation in that area?
Hopefully with enough emails, he'll at least have to address the issue publicly.
You're a nutcase, Nutcase! ;-)
Just look under the advanced menu in iTunes. "Convert ID3 Tags".
Well he only needs one for his airport express
ahh good point. Every time i've worked with RDF it's been in XML format. Totally forgot it could be represented in other ways.
Despite this, XML is the form it is most likely to take when used on the web.
Are there any other forms of RDF that are prevelant?
(sorry junkies)
I don't know about you, but i'd prefer for everyone to have this information availiable than just for the CIA. If noone could hide anything, then everyone would have less to fear.
The only reason for privacy is to let powerful people remain powerful. If noone had secrets, we'd be like a small town, and there would be a greater sense of trust and community.
What is the advantage to privacy?
Incidently, I am a privacy nut, but only because of fear of abuse. If everyone could spy on everyone, I wouldn't have anything to fear!
I smell a troll.
For those that don't know, RDF is XML.
I don't know who we all are, but I for one never thought that. XML is and always has been, a data format. You always were going to need a set of tools to manipulate the dataformat and make it useful. What you are saying is akin to saying that books were going to eliminate library indexes! Yeah right.
I'm sorry, but to me there is. SSH has been known to have bugs. You're giving attackers a known target. With port knocking, the only way to even have a target is to know a knock sequence. Subtle difference, but I think it's important to make the distinction.
I must admit that I haven't looked at the various port knocking implementations going around, as i've been too busy on other projects. However, I can't understand how an active scan could even detect ports open - the ports shouldn't even be opened! Why doesn't the port knocking daemon just open a raw socket in promiscuous mode? that way, noone on the outside would even know you have the scheme in place.
This is one part of extreme programming I like very much. The idea is to write the test cases before you write the software. That way, you're testing to specification, not implementation.
To this I must respectfully disagree. In small(er) projects, it might be closer to the truth, but from my experience regression testing is vital. Regression testing is mainly useful when requirement specifications change, and features creep in. Someone will be hacking at code somewhere to add a feature, without thinking about the implications. From my experience, people are always touching old functions! I always mandate automated regression testing on every project i've worked on with more than 4 people on it.
On a side note, I think regression testing in open source projects is even more important! Open source projects are by their very nature, hackish. People are constantly rewriting functions to do what they never were intended to. I've love to see a good automated regression testing framework for new open source projects.
Yeah but one thing remains. Unless the remote site can get the user to install privledged chrome, a 'spoofed' firefox window won't be able to show your bookmarks toolbar/bookmarks menu.
Remote XUL simply can't access the bookmarks RDF source.
So I guess, what i'm saying is that if you can see your personal bookmarks toolbar, you're safe!
game on!
Just curious, how would one go about powering a projector and dvd player outside? A car battery? how long would a projector work on a new car battery? You also need to power the sound system for 2hrs.
Can you get really quiet generators nowdays?
I'm a bit undecided on this concept. I love it as a principle of .+nix - I understand that each program generally does one task and this makes .+nix powerful.
But the problem seems to be with defining "one thing". What is one thing? Make calls? Recieve calls? Be my personal communications device?
So far, it seems to me that someone came up with this phrase "Do one thing and do it well." and it stuck, but noone really thought it through. It's kinda like the KISS - "Keep it simple stupid" principal, but less thought out.
if you mean 0.9.2, it's always worked fine for me. Maybe you need to delete your profile and start again - i've had profile problems with firefox a couple of times.
Apple isn't a stupid company. The PDA/cell phone market is already saturated. They would just be adding another competitor to an already saturated market. Creating a new cell phone isn't cheap. Apple doesn't like doing things in halves and the R&D cost for a new mobile phone would be huge.
This decision is effectively getting more clients for their music store for very little R&D cost. They are just leveraging their platform as THE solution for online/mobile music.
This interests me heaps. When are you actually distributing software? If I hack some GPL code into a settop box, and distribute the boxes, am i distributing the software?
Or even more interestingly, what if I have an organisation. And to get my software, you have to join my organisation. do I have to give the source out to members of my organisation? Or is it still in-house? can i just make them make a new login and then give them the binary only?